Oracle® Identity Manager Installation and Configuration Guide for IBM WebSphere Application Server Release 9.1.0 Part Number E10371-05 |
|
|
View PDF |
This chapter describes how to deploy Oracle Identity Manager in a clustered IBM WebSphere Application Server environment.
This chapter discusses the following topics:
Overview of Setting Up a WebSphere Oracle Identity Manager Cluster
Installing and Configuring a Database for Oracle Identity Manager
Installing Oracle Identity Manager on the Network Deployment Manager
Installing Oracle Identity Manager Cluster By Using a Shared Directory
Postinstallation Configuration for Clustered Installations
Caution:
Deploying an application in a clustered environment is a highly complex procedure. This document assumes that you have expertise in installing and using applications in a WebSphere cluster. These instructions provide the Oracle Identity Manager-specific details only. They are not complete instructions for setting up a WebSphere cluster. For more information about clustering, refer to WebSphere documentation.For a clustered environment, several host computers are required. The instructions in this chapter describe using 4+n computers and are primarily focussed on Microsoft Windows. Your configuration might vary. Table 9-1 describes the entities needed for a cluster, the computers that they run on, and the software required for the entities. Host computers and entities are labeled descriptively.
Table 9-1 WebSphere-based Oracle Identity Manager Cluster Host Computers
Host Computer | Entities | Software | Description |
---|---|---|---|
NDM_HOST |
XL_MODEL_NODE XL_MODEL_SERVER |
WebSphere OracleIdentityManager |
Use the model node and server as a template. Configure the model server and copy it to the nodes for each application server in the cluster. Note: The model node is not part of the cluster. |
IIS_HOST |
IIS server |
IIS WebSphere Plug-in |
This is the IIS Web server. The IIS server acts as the front end to the WebSphere cluster and handles the load balancing. Install IIS and the WebSphere plug-in on this computer. |
XL_NODEn_HOST |
XL_NODEn XL_CLUSTER |
WebSphere OracleIdentityManager |
Each application server in the cluster runs Oracle Identity Manager. The application servers run on one or more node host computers. Replace n with the node number, such as XL_NODE1. You can have more than one application server for each node host computer. |
XL_JMS_HOST |
XL_JMS_NODE XL_JMS_CLUSTER |
WebSphere |
Application servers created in this cluster are used for JMS message handling. Oracle recommends that at least two application servers are created in this cluster for failover capabilities for the JMS message processing. |
This section discusses the high-level tasks involved in setting up WebSphere Oracle Identity Manager cluster.
Note:
Before setting up a clustered environment for WebSphere, ensure that all cluster member computers have their clock synchronized so that the Scheduler can operate properly.To set up Oracle Identity Manager for a WebSphere cluster:
Install and upgrade the WebSphere Application Server Network Deployment on NDM_HOST.
Refer to the "Installing WebSphere Application Server for a Cluster" section for information about steps 1 and 2.
Install and upgrade WebSphere Application Server Network Deployment on each node host (XL_NODE1_HOST, XL_NODE2_HOST, and so on.)
Install and upgrade WebSphere Application Server Network Deployment on XL_JMS_HOST.
Add the XL_MODEL_NODE to the Network Deployment Manager on NDM_HOST.
Refer to the "Adding the Model Node to the Network Deployment Manager" section for information about adding the model node to the Network Deployment Manager.
Create the XL_MODEL_SERVER on the XL_MODEL_NODE.
Refer to the "Creating the Model Server" section for information about creating the modal server.
Create the XL_CLUSTER.
Refer to the "Creating the XL_CLUSTER" section for information about creating the XL_CLUSTER.
Create the XL_JMS_CLUSTER.
Refer to the "Creating the JMS CLUSTER" for information about creating the JMS cluster.
Prepare the database.
Refer to the "Using an Oracle Database for Oracle Identity Manager" section or the "Using a Microsoft SQL Server Database for Oracle Identity Manager" section for information about preparing the database.
Install Oracle Identity Manager on NDM_HOST.
Refer to the "Installing Oracle Identity Manager on the Network Deployment Manager" section for information about installing Oracle Identity Manager on NDM_HOST.
Set up the WebSphere custom registry on NDM_HOST.
To add a node, copy the OIM_HOME
directory from NDM_HOST to XL_NODE1_HOST.
Refer to the "Adding Nodes to WebSphere Cell" section for information about steps 11 through 16.
Add Node XL_NODEn, such as XL_NODE1, to the Network Deployment Manager.
Add Node XL_JMS_NODE to the Network Deployment Manager.
Create a server, such as XL_SERVER_ON_NODE1, on XL_NODE1 as a cluster member.
Create JMS servers, such as XL_JMS_SERVER1 and XL_JMS_SERVER2, on XL_JMS_NODE as a cluster member of XL_JMS_CLUSTER.
Set up virtual host information for the server.
Repeat steps 14 through 16 for each server you want to add to the node.
Repeat steps 11 through 16 for each node you want to add to the cluster.
Get the JNDI URL and update the JNDI references in the xlconfig.xml file associated with each server.
Refer to the "Updating the JNDI References" section for information about updating the JNDI references.
Install the WebSphere Plug-in on IIS_HOST.
Refer to the "Installing the WebSphere Plug-in for IIS" section for information about installing the WebSphere plug-in for IIS.
Set up the IIS server.
Refer to the "Configuring the IIS Plug-in" section for information about configuring the IIS plug-in.
Set up the Design Console.
Refer to the "Postinstallation Requirements for the Design Console" section for information about setting up the Design Console.
Perform the postinstallation tasks after deploying Oracle Identity Manager in your cluster.
Refer to the "Postinstallation Configuration for Oracle Identity Manager and IBM WebSphere Application Server" section for information about the postinstallation tasks that you perform after deploying Oracle Identity Manager in the cluster.
The software requirements for WebSphere host are:
WebSphere host (and component) computers require the IBM JVM. Conflicts can arise if any of the following is true:
Other JVM instances exist in PATH.
JAVA_HOME or CLASSPATH point to anything other than an IBM JVM 1.5.x installation.
If you have any other JVMs on the cluster computers, remove (uninstall) them before proceeding.
Unset the JAVA_HOME, ANT_HOME, and CLASSPATH variables.
For a full WebSphere installation, you need the Application Server and Application Client installers.
Oracle recommends that at various points during the cluster setup, you make backups of the various components. This lets you roll back changes rather than restart the entire process. WebSphere provides a script (backupconfig.bat or backupconfig.sh) that makes a compressed (zip) file of the configuration settings. This script takes the backup file name with complete path as an argument.
The configuration backup script stops the Node Manager as well as all the nodes on which it is run. It is possible to get backups without stopping the nodes or Node Manager. However, Oracle recommends that you stop them before making the configuration backups. After completing the configuration backups, ensure that you restart the Node Manager (startmanager.bat or startmenager.sh) as well as the Nodes (startnode.bat or startnode.sh).
Note:
After Oracle Identity Manager is installed and the custom registries are created, you must specify the user name and password to start the Node Manager or the nodes.When setting up the cluster, run the script at various times to save the current settings.
To back up your server configurations:
On the server host computer, create backup directories for the configurations you are backing up.
For example, to make a back up of the Node Manager configuration, use the following command to create a directory for the backup:
mkdir C:\WAS_Backups\PreXL\NodeManagerConfig
Or:
mkdir /opt/WAS_Backups/PreXL/NodeManagerConfig
Change directories to the application server bin directory. For example:
cd WEBSPHERE_HOME\profiles\PROFILE_NAME\bin
Run backupconfig.bat or backupconfig.sh and specify a file name that is in the backup directory you created. For example:
backupconfig.bat c:\WAS_Backups\PreXL\NodeManagerConfig\ConfigBkp.zip
Or:
./backupconfig.sh/opt/WAS_Backups/PreXL/NodeManagerConfig/ConfigBkp.zip
To install and upgrade WebSphere application server, you need the WebSphere installer and upgrade scripts. Ensure that the host meets the WebSphere requirements. Refer to the "WebSphere Software Host Requirements" section for information about WebSphere host system requirements.
Install WebSphere on:
NDM_HOST for the model node XL_MODEL_NODE and Deployment Manager Node XL_MANAGER_NODE
All node host computers such as XL_NODE1_HOST and XL_NODE2_HOST
JMS node host computer such as XL_JMS_HOST
For each WebSphere host computer:
Install the server.
Refer to the "Installing WebSphere Application Server" section for information.
Upgrade the server.
Refer to the "Upgrading the WebSphere Server" section for information.
Set the environment variables.
Refer to the "Setting Environment Variables" section for information.
Create profiles.
Refer to the "Creating WebSphere Profiles" section for information.
Set the memory size.
Refer to the "Setting JVM Memory and Arguments" section for information.
Enable SOAP communications.
Refer to the "Enabling SOAP Communication to WebSphere" section for information.
Verify the installation.
Refer to the "Verifying Installation" section for information.
Create Backups.
Refer to the "Creating Backups" section for information.
Install the supported version of the WebSphere Application Server Network Deployment. When installing, after you select the installation directory, choose the None option for WebSphere Application Server environments. You can create your profile later, allowing for flexibility in naming of the servers and nodes.
Important:
During the installation, you must clear the Enable administrative security option on the Enable Administrative Security page of the WebSphere installer. By default, the Enable administrative security option is selected.To upgrade the WebSphere server:
After you install the WebSphere Application Server Network Deployment Manager, update it to the fix packs from IBM that are supported by Oracle Identity Manager.
Upgrade the JDK for WebSphere server.
See Also:
Oracle Identity Manager Release Notes Release 9.1.0 for the minimum certified versions of WebSphere fix packs and JDK fixes required by Oracle Identity Manager. Oracle Identity Manager supports all JDK fixes and WebSphere fix packs on top of the minimum certified versions.The following environment variable settings are necessary for Oracle Identity Manager Installer:
Ensure that the JAVA_HOME
system variable is set to the appropriate JDK. On Microsoft Windows, Solaris, and Linux, set JAVA_HOME
to Sun JDK. On AIX, set JAVA_HOME
to the IBM JDK (bundled with IBM WebSphere).
See Also:
Oracle Identity Manager Release Notes Release 9.1.0 for information about certified JDK versionsRemove the ANT_HOME
system variable if it is defined.
For Microsoft Windows, Solaris, and Linux, ensure that the Sun JDK is being used when a Java command is run. To do this, include the /java/jre/bin/
directory of the Sun JDK installation in the PATH
ahead of all other path entries. For example:
Microsoft Windows:
set PATH=SUN_JDK_HOME\jre\bin;%PATH%
Solaris or Linux
export PATH=SUN_JDK_HOME/jre/bin:$PATH
For AIX, ensure that the IBM JDK (bundled with IBM WebSphere) is being used when a Java command is run. To do this, include the /java/jre/bin/
directory of IBM JDK installation in the PATH ahead of all other path entries. For example:
export PATH=IBM_JDK_HOME/jre/bin:$PATH
Create the following profiles, either by using the WEBSPHERE_HOME
/bin/manageprofiles
command or using WebSphere's Profile Management tool. The following sections provide information for both the methods:
Note:
When you create profiles, substitute appropriate values forWEBSPHERE_HOME
and HOST_NAME
variables. This applies to all instances of profile creation.XL_MANAGER_PROFILE for Deployment Manager on NDM_HOST
Create XL_MANAGER_PROFILE, run the WEBSPHERE_HOME
/bin/manageprofiles command on NDM_HOST, as shown:
For Microsoft Windows:
WEBSPHERE_HOME\bin\manageprofiles.bat -create –templatePath "WEBSPHERE_HOME\profileTemplates\dmgr" -profileName XL_MANAGER_PROFILE -profilePath "WEBSPHERE_HOME\profiles\XL_MANAGER_PROFILE" -nodeName XL_MANAGER_NODE -cellName XL_CELL -hostname HOST_NAME
For UNIX:
WEBSPHERE_HOME\bin\manageprofiles.sh -create –templatePath "WEBSPHERE_HOME\profileTemplates\dmgr" -profileName XL_MANAGER_PROFILE -profilePath "WEBSPHERE_HOME\profiles\XL_MANAGER_PROFILE" -nodeName XL_MANAGER_NODE -cellName XL_CELL -hostname HOST_NAME
To create XL_MANAGER_PROFILE by using the Profile Management tool in the administrative console:
Select Start, Programs, IBM WebSphere, Application Server Network Deployment, and then select Profile Management tool.
Select Deployment Manager, and then click Next.
Select Advanced Profile creation, and then click Next.
Select Deploy the administrative console, and then click Next.
Enter XL_MANAGER_PROFILE
for the Profile Name, change the profile directory to WEBSPHERE_HOME
\profiles\XL_MANAGER_PROFILE
, and then click Next.
Enter XL_MANAGER_NODE
for the Node Name, XL_CELL
for the Cell Name, and then click Next.
Clear the Enable administrative security option, and then click Next.
Click Create to create the profile.
On Port Values Assignment, click on the default Port values, and then click Next.
Note:
Make a note of the port numbers if you have selected the recommend ports.On the Windows Service Definition window, deselect the Run the Deployment process as Windows service.
XL_MODEL_PROFILE for model node (XL_MODEL_NODE) on NDM_HOST
Create XL_MODEL_PROFILE by using the WEBSPHERE_HOME
/bin/manageprofiles
command on NDM_HOST, as shown:
For Microsoft Windows:
WEBSPHERE_HOME\bin\manageprofiles.bat -create –templatePath "WEBSPHERE_HOME\profileTemplates\managed" -profileName XL_MODEL_PROFILE -profilePath "WEBSPHERE_HOME\profiles\XL_MODEL_PROFILE" -nodeName XL_MODEL_NODE -hostname HOST_NAME
For UNIX:
WEBSPHERE_HOME\bin\manageprofiles.sh -create –templatePath "WEBSPHERE_HOME\profileTemplates\managed" -profileName XL_MODEL_PROFILE -profilePath "WEBSPHERE_HOME\profiles\XL_MODEL_PROFILE" -nodeName XL_MODEL_NODE -hostname HOST_NAME
To create XL_MODEL_PROFILE by using the Profile Management tool in the administrative console:
Select Start, Programs, IBM WebSphere, Application Server Network Deployment, and then select Profile Management tool.
Select Custom Profile for Environments and click Next.
Select Advanced Profile creation, and then click Next.
Enter XL_MODEL_PROFILE
for the Profile Name, change the profile directory to WEBSPHERE_HOME
\profiles\XL_MODEL_PROFILE
, and then click Next.
Enter XL_MODEL_NODE
for the Node Name, enter the name of the computer for the Hostname, and then click Next.
Select Federate this node later, and then click Next.
Click Create to create the profile.
XL_JMS_PROFILE for model node (XL_JMS_NODE) on JMS_HOST
Create XL_JMS_PROFILE by using the WEBSPHERE_HOME
/bin/manageprofiles
command on JMS_HOST, as shown:
For Microsoft Windows:
WEBSPHERE_HOME\bin\manageprofiles.bat -create –templatePath "WEBSPHERE_HOME\profileTemplates\managed" -profileName XL_JMS_PROFILE -profilePath "WEBSPHERE_HOME\profiles\XL_JMS_PROFILE" -nodeName XL_JMS_NODE -hostname HOST_NAME
For UNIX:
WEBSPHERE_HOME\bin\manageprofiles.sh -create –templatePath "WEBSPHERE_HOME\profileTemplates\managed" -profileName XL_JMS_PROFILE -profilePath "WEBSPHERE_HOME\profiles\XL_JMS_PROFILE" -nodeName XL_JMS_NODE -hostname HOST_NAME
To create XL_JMS_PROFILE by using the Profile Management tool in the administrative console:
Select Start, Programs, IBM WebSphere, Application Server Network Deployment, and then select Profile Management tool.
Select Custom Profile for Environments and click Next.
Select Advanced Profile creation, and then click Next.
Enter XL_JMS_PROFILE
for the Profile Name, change the profile directory to WEBSPHERE_HOME
\profiles\XL_JMS_PROFILE
, and then click Next.
Enter XL_JMS_NODE
for the Node Name, enter the name of the computer for the Hostname, and then click Next.
Select Federate this node later, and then click Next.
Click Create to create the profile.
XL_NODEn_PROFILE for XL_NODEn on NODEn_HOST
Note:
This profile must be created on each node host in the cluster that is running a WebSphere Application Server.For example, you can create XL_NODE1_PROFILE with node name XL_NODE1 on XL_NODE1_HOST computer and XL_NODE2_PROFILE with node name XL_NODE2 on XL_NODE2_HOST computer.
The steps in this section apply only for XL_NODE1_PROFILE. To create rest of the profiles, replace the values appropriately.
Create XL_NODE1_PROFILE by using the WEBSPHERE_HOME
/bin/manageprofiles
command on XL_NODE1_HOST, as shown:
For Microsoft Windows:
WEBSPHERE_HOME\bin\manageprofiles.bat -create –templatePath "WEBSPHERE_HOME\profileTemplates\managed" -profileName XL_NODE1_PROFILE -profilePath "WEBSPHERE_HOME\profiles\XL_NODE1_PROFILE" -nodeName XL_NODE1 -hostname HOST_NAME
For UNIX:
WEBSPHERE_HOME\bin\manageprofiles.sh -create –templatePath "WEBSPHERE_HOME\profileTemplates\managed" -profileName XL_NODE1_PROFILE -profilePath "WEBSPHERE_HOME\profiles\XL_NODE1_PROFILE" -nodeName XL_NODE1 -hostname HOST_NAME
To create XL_NODE1_PROFILE by using the Profile Management tool in the administrative console:
Start the WebSphere administrative console.
Select Custom Profile for Environments and click Next.
Select Advanced Profile creation, and then click Next.
Enter XL_NODE1
for the Profile Name, change the profile directory to WEBSPHERE_HOME
\profiles\XL_NODE1_PROFILE
, and then click Next.
Enter XL_NODE1
for the Node Name, and then click Next.
Select Federate this node later, and then click Next.
Click Create to create the profile.
For Oracle Identity Manager, JVM memory settings must be changed for production environments and/or when processing large volume in nonproduction.
Perform the following steps to set the JVM memory size. The WebSphere application server must be running to set the memory size.
To set the JVM memory size:
Connect to the WebSphere administrative console by using the following URL:
http://WebSphere Host:WebSphere Admin Port/admin
Note:
The default WebSphere administrative console port is 9060.Select Servers, and then select Application Servers.
Select the server name.
Go to Server Infrastructure, and then click Java and Process Management.
Select Process Definition.
Go to Additional Properties, and then click Java Virtual Machine.
Enter 1280 for Minimum Heap Size.
Enter 1280 for Maximum Heap Size.
Enter -Xjit:disableLocalVP,disableGlobalVP
for Generic JVM arguments.
Click OK.
Click Save to commit the setting.
Note:
For clustered installation of WebSphere, these changes must be done for all the servers participating in the cluster.The Oracle Identity Manager installer communicates with WebSphere as a SOAP client by using JACL commands to create data sources, set up message queues, and other operations. To enable SOAP, edit the following properties in the WEBSPHERE_HOME
\profiles\
PROFILE_NAME
\properties\soap.client.props
file on all application servers in the cluster:
Note:
If you used a user ID or password other than xelsysadm for WebSphere, then enter the same user ID or password here.com.ibm.SOAP.securityEnabled=true com.ibm.SOAP.loginUserid=xelsysadm com.ibm.SOAP.loginPassword=xelsysadm_password
Note:
You must make this change for each newly created profile, for example, XL_MANAGER_PROFILE and XL_MODEL_PROFILE on the NDM_HOST computer, XL_NODEn_PROFILE on the XL_NODEn_HOST computer, and XL_JMS_PROFILE on the XL_JMS_NODE computer.After you have installed and upgraded the WebSphere application server, perform the following steps to verify the installation:
Open the First Steps interface.
From the Start menu, select IBM WebSphere, select a specific profile (XL_MANAGER_PROFILE), and then select First Steps.
Click Verify Installation.
After you have verified the installation, click Stop the Server.
Back up the Nodes. Refer to the "Backing Up the Configurations" section for more information about creating backups.
Back up the configurations of the following components:
XL_MANAGER_NODE on NDM HOST
XL_MODEL_NODE on NDM HOST
Each XL_NODEn on XL_NODEn_HOST
XL_JMS_NODE on XL_JMS_NODE
To create the backups for each node:
Create a backup directory for each node you have installed.
For example, create the following:
C:\WAS_Backups\Basic\NodeConfig
Or:
/opt/WAS_Backups/Basic/NodeConfig
Run the backup script from the WEBSPHERE_HOME
\profiles\
PROFILE_NAME
\bin
directory of the application server.
Zip the installedApps
directory and save it in the same location.
After you have installed WebSphere and created profiles on the NDM_HOST, add the XL_MODEL_NODE to the Network Deployment Manager. To add a node, perform the following steps for each host computer:
Open a command prompt on NDM_HOST.
Change directories to the bin directory of XL_MODEL_PROFILE.
Note:
Before you perform Step 3, ensure that the Network Deployment Manager is running.Run the addNode.bat or addNode.sh script, specifying the Network Deployment Manager host name.
For example:
addNode.bat NDM_HOST NDM_SOAP_PORT
Where NDM_HOST
is the host name of the Network Deployment Manager and NDM_SOAP_PORT
is the SOAP port for the Network Deployment Manager.
Note:
Host name is case-sensitive.To verify that the XL_MODEL_NODE is added:
Using a Web browser, connect to the administrative console by navigating to the following URL:
http://NDM_HOST:NDM_PORT/admin
Log on to the system.
Click System Administration.
Click Nodes.
If the nodes are added, then they are displayed with status as synchronized. You can see the status by rolling the mouse pointer over the icon displayed for the Node name in the Administrative and User Console.
Log out and then log in to the WebSphere administrative console to refresh the list of nodes.
The model server serves as a template to create other servers for the cluster. The model server is not part of the cluster, and it does not serve any requests.
To create the model server:
Using a Web browser, connect to the Node Manager administrative console by navigating to the following URL:
http://NDM_HOST:NDM_PORT/admin
Log on to the system.
Click Servers in the left panel.
Click Application Servers.
Click New.
Select the model node (XL_MODEL_NODE).
Enter XL_MODEL_SERVER as the server name, and then click Next.
Select the second option for the default application server template, and then click Next.
Ensure that the Generate Unique Ports option is selected.
Click Next.
Click Finish.
XL_MODEL_SERVER is displayed in the list of application servers.
Select Preferences, Synchronize changes with Nodes, and then click Apply.
Click Save to commit your changes.
Note:
Your changes are not saved until you click Save.A cluster is a group of application servers that appear as one to the clients. All application servers that are used to service incoming calls must be part of this cluster. After you create the empty cluster, back up the system.
To create the cluster:
Using a Web browser, connect to the Network Deployment Manager administrative console by navigating to the following URL:
http://NDM_HOST:NDM_PORT/admin
Log on to the system.
Click Servers in the left panel.
Click Clusters.
Click New.
Enter XL_CLUSTER as the cluster name.
Ensure that you select the Prefer local and Configure HttpSession memory-to-memory replication check boxes, and then click Next.
Ensure that the None, Create an empty cluster option is selected, and then click Next.
Click Finish.
Select Preferences, Synchronize changes with Nodes, and then click Apply.
Click Save.
The XL_CLUSTER is created. At this point, it is an empty cluster.
Note:
You must click Save to save the changes you made.JMS cluster is used to manage JMS messages. After you create the empty cluster, ensure that you back up the system.
To create the JMS cluster:
Using a Web browser, connect to the Network Deployment Manager administrative console by navigating to the following URL:
http://NDM_HOST:NDM_PORT/admin
Log on to the system.
Click Servers on the left panel.
Click Clusters.
Click New.
Enter XL_JMS_CLUSTER as the cluster name.
Ensure that you select the Prefer local and Configure HttpSession memory-to-memory replication options.
Ensure that the None, Create an empty cluster option is selected, and then click Next.
Click Finish.
Select Preferences, Synchronize changes with Nodes, and then click Apply.
Click Save.
The XL_JMS_CLUSTER is created. At this point, it is an empty cluster.
Note:
You must click Save to save the changes you made.Back up the Nodes. Refer to the "Backing Up the Configurations" section for more information about creating backups.
Back up the configurations of the following components:
XL_MANGER_NODE on NDM_HOST
XL_MODEL_NODE on NDM_HOST
To create the backups for each node:
Create the backup directories:
C:\WAS_Backups\PreXL\NodeConfig
Or:
/opt/WAS_Backups/PreXL/NodeConfig
Node
represents the name of the component.
Run the backup script from the bin directory on the application server.
Zip the installedApps
directory and save it in the same location.
The configuration backup command stops the Network Deployment Manager and all the nodes that it runs on. While it is possible to get backups without stopping the nodes or Network Deployment Manager, Oracle recommends that you stop them before getting the configuration backups. After completing the configuration backups, ensure that you restart the Network Deployment Manager (use startmanager.bat or startmanager.sh) as well as the Nodes (use startnode.bat or startnode.sh).
Refer to Chapter 4, "Installing and Configuring a Database for Oracle Identity Manager" for information.
In a WebSphere cluster, install Oracle Identity Manager on the Node Manager. From that installation, deploy Oracle Identity Manager to the application servers in the cluster. Because the Oracle Identity Manager installer communicates with the Node Manager server during the installation, ensure that the deployment manager is running.
Note:
Stop all other applications running on the NDM_HOST, except for the Node Manager on XL_MANAGER_NODE and the Model Node XL_MODEL_NODE.To install the Oracle Identity Manager on the Node Manager on Microsoft Windows:
Double-click the setup_server.exe file, and then click Next.
Select a language on the Installer page and click OK. The Welcome page is displayed.
Click Next on the Welcome page. The Admin User Information page is displayed.
Enter a password you want to use for the Oracle Identity Manager Administrator, confirm the password by entering it again, and then click Next. The OIM Application Options page is displayed.
Select Oracle Identity Manager or Oracle Identity Manager with Audit and Compliance Module, and then click Next.
Select the destination directory to install Oracle Identity Manager, and then click OK.
Click Next.
Click Next.
Select the database type, and then click Next.
Enter the database information, and then click Next.
Select the authentication, and then click Next.
Select IBM WebSphere and click Next.
Select Yes for clustering.
Enter the cluster name, and then click Next.
Enter the Network Deployment Manager Information.
Provide the location in which the Deployment Manager is installed. The default path is C:\Program Files\IBM\WebSphere\AppServer
.
Provide the location of the Deployment Manager's JDK. The default path is C:\Program Files\IBM\WebSphere\AppServer\java
.
Click Next.
For the WebSphere information.
Provide the host name of the computer running the Deployment Manager (NDM-HOST).
Note:
Do not use localhost. Specify the host name or IP address.Enter the cell name (XL_CELL).
Enter the model node name (XL_MODEL_NODE).
Enter the model server name (XL_MODEL_SERVER).
Enter the profile name (XL_MANAGER_PROFILE)
Click Next.
Enter the JMS cluster name (XL_JMS_CLUSTER).
Click Next, and then click Install to install Oracle Identity Manager.
This might take some time. Watch the SystemOut.log file in the WEBSPHERE_HOME
\profiles\XL_MANAGER_PROFILE\logs\dmgr\
directory to monitor the progress.
Click Finish to complete the installation.
To install the Oracle Identity Manager on the Node Manager on UNIX or Linux:
From the console, go to the installServer
directory on the installation CD and run the install_server.sh by using the following command:
sh install_server.sh
Note:
If you are not installing Oracle Identity Manager from distributed media (a CD), then you must set the execute bit of all shell scripts in the installServer directory. To set the execute bit for all shell scripts recursively, go to the installServer directory and run thechmod -R u+x *.sh
command.The installer starts in console mode.
Choose a language by entering a number from the list of languages.
Enter 0 to apply the language selection. The Welcome Message panel is displayed.
Enter 1 on the Welcome Message panel to display the next panel.
The Admin User Information panel is displayed.
Enter a password you want to use for the Oracle Identity Manager Administrator, confirm the password by entering it again, and then enter 1 to move to the next panel.
The OIM Application Options panel is displayed.
Enter 1 on the OIM Application Options panel to display the next panel.
The Select the Oracle Identity Manager application to install panel is displayed.
Select the application to install:
Enter 1 for Oracle Identity Manager.
Enter 2 for the Oracle Identity Manager with Audit and Compliance Module.
After selecting the application, enter 0, and then enter 1 to move to the next section. The Target directory panel is displayed.
In the Target directory panel, complete one of the following steps:
Enter the path to the directory in which you want to install Oracle Identity Manager, for example, /opt/oracle/
.
Enter 1 to move to the next panel.
If the directory does not exist, you are asked to create it. Enter y, for yes. The Database Server Selection panel is displayed.
Specify the type of database you are using.
Enter 1 to select Oracle.
Enter 2 to select SQL Server.
Note:
Microsoft SQL Server is not supported in Oracle Identity Manager release 9.1.0. See "Certified Components" in Oracle Identity Manager Release Notes for information about certified components.Enter 0 to finish.
Enter 1 to move to the next panel.
The Database Information panel is displayed.
Enter your database information:
Enter the database host name or IP address.
Enter (or accept the default) port number.
Enter the SID for the database name.
Enter the database user name for the account that Oracle Identity Manager uses to connect to the database.
Enter the password for the database account that Oracle Identity Manager uses to connect to the database.
Enter 1 to move to the next panel.
The Authentication Information panel is displayed.
Select the authentication mode for the Oracle Identity Manager Web application.
Enter 1 for Oracle Identity Manager Default Authentication.
Enter 2 for SSO Authentication.
Enter 0 when you are finished.
If you select SSO authentication, then you must provide the header variable used in the Single Sign-On system when prompted.
Enter 1 to move to the next panel.
The Application Server Selection panel is displayed.
Specify your application server type.
Enter 2 for IBM WebSphere.
Enter 0 when you are finished.
Enter 1 to move to the next panel.
The Cluster Information panel is displayed.
On the Cluster Information panel:
Enter 1 for Yes.
Enter 0 when you are finished.
Enter the cluster name at the prompt.
Enter 1 to move to the next section.
The Application Server Information panel is displayed.
Enter the Network Deployment Manager Information.
Provide the location in which the Deployment Manager is installed. The default value is /opt/IBM/WebSphere/AppServer
.
Provide the location of the Deployment Manager's JDK. The default value is /opt/IBM/WebSphere/AppServer/java
.
Enter 1 to move to the next section.
For the WebSphere information:
Provide the host name of the computer running the Deployment Manager (NDM_HOST).
Note:
Do not use localhost. Specify the host name or IP address.Enter the cell name (XL_CELL).
Enter the model node name (XL_MODEL_NODE).
Enter the model server name (XL_MODEL_SERVER).
Enter the profile name (XL_MANAGER_PROFILE).
Enter 1 to move to the next section.
Enter the JMS cluster name (XL_JMS_CLUSTER) in JMS page.
When a message is displayed warning you to back up the application server, proceed to back up your installation, then enter 1 to move to the next section.
In the Installation summary information page, verify the information displayed, then do one of the following:
Enter 2 to go back and make changes.
Enter 1 to start the installation.
After Oracle Identity Manager installs, the Completed panel is displayed. Enter 3 to finish and exit.
After successful installation, the Oracle Identity Manager application is visible on the Deployment Manager administrative console.
To verify the installation:
Using a Web browser, connect to the Node Manager administrative console by navigating to the following URL:
http://NDM_HOST:NDM_PORT/admin
Note:
If you are using an administrative console browser window that you had logged on to before the Oracle Identity Manager installation, then log out and log back again to refresh the display.Log on to the system.
Click Applications on the left panel.
Click Enterprise Applications.
Xellerate and Nexaweb are displayed in the list of applications.
Back up the configurations for the following components:
XL_MANAGER_NODE (under XL_MANAGER_PROFILE)
XL_MODEL_NODE (under XL_MODEL_NODE)
To create the backups for each node:
Create the backup directories, for example:
C:\WAS_Backups\PostXL\NodeConfig
Or:
/opt/WAS_Backups/PostXL/NodeConfig
Run the backup script from the bin directory of the application server or Node Manager.
Zip the installedApps
directory, then save it in the same location.
Restart the Node Manager and the Nodes.
The backup command stops the node manager and the node agents on their respective computers. All these nodes and the node manager must be restarted to continue with the installation.
To restart the node manager on NDM_HOST:
Change to the bin directory. For example:
cd C:\Program Files\WebSphere\AppServer\profiles\XL_MANAGER_PROFILE\bin
Run the start command and specify the user and password.
For example:
startmanager.bat -username xelsysadm -password Xelsysadm_Password
Note:
If you use a user ID or password other than xelsysadm, then enter the same user ID or password here.
From this point on, you must specify the proper user name and password to start or stop the Node Manager or the nodes in this cell. This is the result of Oracle Identity Manager setting up the WebSphere custom registry for JAAS authentication.
To restart a node on the node host:
Change to the bin directory. For example:
cd WEBSPHERE_HOME\profiles\XL_MODEL_PROFILE\bin
Run the start command and specify the user and password. For example:
startnode.bat -username xelsysadm -password Xelsysadm_Password
WebSphere cell XL_CELL now contains only XL_MANAGER_NODE and XL_MODEL_NODE. When you installed WebSphere on other computers, such as XL_NODE1_HOST, XL_NODE2_HOST,… XL_NODEnHOST, and XL_JMS_HOST, each node was named appropriately, such as XL_NODE1, XL_NODE2, … XL_NODEn, and XL_JMS_NODE. For adding cluster members, you have to add all these nodes to the cell XL_CELL.
Before you can add a node, you need the SOAP port number that NDM uses to listen for and service administrative commands.
To get the SOAP port:
Ensure that Node Manager is running.
Using a Web browser, connect to the Node Manager administrative console by navigating to the following URL:
http://NDM_HOST:NDM_PORT/admin
Log in using Oracle Identity Manager Administrator name and password you specified during installation.
Click System Administration in the left panel.
Click DeploymentManager.
Click Ports.
Make a note of the port number for SOAP_CONNECTOR_ADDRESS.
This port number is needed to add a node to the cell.
Note:
You also need this port number to update the JNDI references. Refer to the "Updating the JNDI References" section for more information.To finish setting up the cluster, for each node:
Ensure that the name and path of the JAVA_HOME
directory used by Oracle Identity Manager is the same across all the nodes of the cluster.
Copy the OIM_HOME
directory from NDM_HOST to the node host.
Ensure that you copy it to the same location, such as, C:\oracle
.
On the node host, change directories and move to the Oracle Identity Manager setup directory. For example, use the following command:
cd C:\oracle\xellerate\setup
Open the xlAddNode.cmd or xlAddNode.sh script and set the path to the WebSphere installation directory on the node host.
Run the xlAddNode.cmd or xlAddNode.sh script under OIM_HOME
/setup/
directory. This script adds the node to the NDM, sets up the custom registry, sets the system properties, synchronizes the node with the NDM, and starts the node. Run the script with the following parameters:
For Microsoft Windows:
xlAddNode.cmd NODE_PROFILE_NAME NODE_NAME NDM_HOST NDM_SOAP_PORT user password
For UNIX:
xlAddNode.sh NODE_PROFILE_NAME NODE_NAME NDM_HOST NDM_SOAP_PORT user password
For example, to add XL_NODE1, use the following command:
xlAddNode.cmd XL_NODE1_PROFILE XL_NODE1 NDM_HOST 8879 xelsysadm xelsysadm_password
Notes:
You must run the command for each node that you create.
If you used a user ID or password other than xelsysadm, then enter the same used ID or password here.
Node names are case-sensitive.
Create one or more servers on each node, such as XL_NODE1, XL_NODE2, … XL_NODEn.
Refer to the "Creating Servers for XL_CLUSTER" section for more information.
Create two servers for JMS on XL_JMS_NODE.
Refer to the "Creating Servers for XL_JMS_CLUSTER" section for more information.
Set up virtual host information for each server.
Refer to the "Setting up the Server Virtual Host Information" section for more information.
Create one or more servers on each node, such as XL_NODE1, XL_NODE2, … XL_NODEn, which are members of the XL_CLUSTER. Use the Node Manager administrative console to do this.
To create a server:
Ensure that NDM is running.
Using a Web browser, connect to the NDM administrative console by navigating to the following URL:
http://NDM_HOST:NDM_PORT/admin
Log in by using Oracle Identity Manager Administrator name and password that you specified during installation.
Click Servers.
Click Clusters.
Click XL_CLUSTER.
Go to Additional Properties, and then click Cluster members.
Click New, and then:
Name the server. Use a descriptive naming convention for the cluster member name, such as XL_SERVER1_ON_NODE1.
Select the node to manage this server (XL_NODE1).
Select the second option of creating using an existing application server as a template.
Select XL_CELL/XL_MODEL_NODE/XL_MODEL_SERVER and click Next.
Add additional members for the other existing nodes by using Add Members and by entering the succeeding set of information, for example, XL_SERVER2_ON_NODE2 as server name and XL_NODE2 as the node name.
Similarly create all servers and add to the cluster.
Click Add Member.
Click Next.
Click Finish.
Select Preferences, Synchronize changes with Nodes, and then click Apply.
Click Save.
The servers are created as members of the XL_CLUSTER.
Create at least two servers that are members of the XL_JMS_CLUSTER for better failover capabilities. Use the Node Manager administrative console to do this.
To create servers for XL_JMS_CLUSTER:
Ensure that NDM is running.
Using a Web browser, connect to the NDM administrative console by navigating to the following URL:
http://NDM_HOST:NDM_PORT/admin
Log in by using Oracle Identity Manager Administrator name and password that you specified during installation.
In the left panel, click Servers.
Click Clusters.
Click XL_JMS_CLUSTER.
Go to Additional Properties, and then click Cluster members.
Click New, and then:
Name the server. Use a descriptive naming convention for the cluster member name, such as XL_JMS_SERVER1.
Select the node to manage this server (XL_JMS_NODE).
Select the second option of creating using an existing application server as a template.
Select XL_CELL/XL_MODEL_NODE/XL_MODEL_SERVER and click Next.
Add additional members for the other existing nodes by using Add Members (add XL_JMS_SERVER2).
Click Add Member.
Click Next.
Click Finish.
Select Preferences, Synchronize changes with Nodes, and then click Apply.
Click Save.
The servers XL_JMS_SERVER1 and XL_JMS_SERVER2 are created as members of XL_JMS_CLUSTER.
To enable SIB services for XL_JMS_CLUSTER servers:
Ensure that NDM is running.
Using a Web browser, connect to the NDM administrative console by navigating to the following URL:
http://NDM_HOST:NDM_PORT/admin
Log in by using Oracle Identity Manager Administrator name and password that you specified during installation.
In the left panel, click Servers.
Click Application Servers.
Click XL_JMS_SERVER1.
Go to Server Messaging, and click SIB service.
In General Properties, check Enable service at startup.
Click OK.
Click Preferences, and then select Synchronize changes with Nodes.
Click Save.
Repeat the procedure for all servers in the XL_JMS_CLUSTER, for example XL_JMS_SERVER1 and XL_JMS_SERVER2.
The application server uses the virtual host information setup on the Node Manager to properly configure the Web server plug-ins to distribute the load and deal with failover. When you add a server to the cluster, update the virtual host information.
To update the virtual host information:
Ensure that Node Manager is running.
Using a Web browser, connect to the Node Manager administrative console by navigating to the following URL:
http://NDM_HOST:NDM_PORT/admin
Log in by using Oracle Identity Manager Administrator name and password that you specified during installation.
In the left panel, click Servers.
Click Application Servers.
Click XL_SERVER1_ON_NODE1.
In the Communications section, click Ports.
Note the port numbers shown on this page for WC_defaulthost and WC_defaulthost_secure, for example, port 9081 for WC_defaulthost and 9444 for WC_defaulthost_secure.
In the left panel, click Environment.
Click Virtual Hosts.
Click default_host.
Click Host Aliases.
Click New, and then:
Enter *
for the Host Name.
In the Port field, enter the previously noted WC_defaulthost port number.
Click Apply.
At the top of this page, click Host Aliases.
Click New, and then:
Enter *
for the Host Name.
In the Port field, enter the previously noted WC_defaulthost_secure port number.
Click Apply.
Select Preferences, Synchronize changes with Nodes, and then click Apply.
Click Save.
Virtual host setup for the XL_SERVER1_ON_NODE1 server is complete.
Repeat the procedure for all available servers in XL_CLUSTER, for example, XL_SERVER1_ON_NODE2.
When cluster members are added or removed, the JNDI references in Oracle Identity Manager must be updated. The JNDI references include the host name and WebSphere bootstrap port numbers for each server in the cluster. The JNDI references are specified in the xlconfig.xml file in Oracle Identity Manager.
Oracle provides a tool that communicates with the Node Manager, gets the list of servers that are part of the cluster with the corresponding bootstrap ports, constructs the JNDI URL, and prints it out. Update the xlconfig.xml file on each of the nodes with this URL.
To update the JNDI reference:
On NDM_HOST, change to the Oracle Identity Manager setup directory.
For example, use the command:
cd C:\oracle\xelleate\setup
Edit the websphereConfigUtility.cmd
or websphereConfigUtility.sh
script to ensure that the values of the WS_HOME
and XL.HomeDir variables
are set correctly.
Run the command file.
For example, use the following command with arguments.
websphereConfigUtility.cmd NDM_HOST SOAP_PORT xelsysadm xelsysadm_password getjndiurl
Note:
If you used a user ID or password other than xelsysadm for WebSphere, then enter the same user ID or password here.See Also:
The "Adding Nodes to WebSphere Cell" section for information about getting the SOAP_PORT numberThe output from the tool includes a JNDI URL. For example:
corbaloc:iiop:XL_NODE1_HOST:9812,XL_NODE2_HOST:9813
Note:
This sample URL includes references to two cluster members (servers).Edit the xlconfig.xml
file in the OIM_HOME
\config
directory.
Replace all four instances of the java.naming.provider.url with the URL from the tool.
Note:
Use the URL for the Design Console also. Refer to the "Installing Oracle Identity Manager Cluster By Using a Shared Directory" section for more information.Save and close the xlconfig.xml file.
Copy the modified xlconfig.xml file to all the nodes in XL_CELL, that is, to the corresponding OIM_HOME
\config
directory to all the hosts such as XL_JMS_HOST, XL_NODE1_HOST, XL_NODE2_HOST, and so on.
After you copy this file to all the nodes, restart the servers in the XL_CLUSTER.
Use the Node Manager administrative console to do this. Ensure that Node Manager is running.
Using a Web browser, connect to the Node Manager administrative console by navigating to the following URL:
http://NDM_HOST:NDM_PORT/admin
Log in by using Oracle Identity Manager Administrator name and password that you specified during installation.
In the left panel, click Servers.
Click Application Servers.
Ensure that the options for all the Oracle Identity Manager servers (<XL_SERVERn_ON_NODEn>) are selected.
These are the servers that run the Oracle Identity Manager application.
Note:
Ensure that the JMS servers are running before you start the XL_SERVER nodes.Click Start.
After the servers start, the green arrow in the status column indicates that the servers are running.
The following steps describe the high-level tasks associated with installing IIS as Web server, installing WebSphere plug-in for IIS, and its related configuration tasks:
The front end for WebSphere cluster is an IIS server running on IIS_HOST
. Clients connect to this IIS Web server that sends requests to the WebSphere servers in the XL_CLUSTER cluster.
To verify that IIS is installed:
On IIS_HOST
, open the Control Panel and select Add/Remove Programs.
Click Add/Remove Windows Components.
Select Application Server, and then click Details.
If IIS is not installed, then select Internet Information Service (IIS).
Click Next. IIS installs.
Click Finish.
The WebSphere plug-in is installed by performing a custom WebSphere installation on IIS_Host
.
To install the plug-in on Microsoft Windows 2000:
Start the installation wizard for the Web Server plug-ins.
Select the Microsoft Internet Information Services option.
Select Webserver machine (remote) option.
Provide the path for the installation.
Specify the port (default value is 80
).
Specify the Web server name (default name is webserver1
).
Accept the location of default plugin-cfg.xml
file and continue.
Specify the IP address of the application server.
To enable the plug-in within IIS, and then verify that it is working, start the Internet Services Manager in Administrative Tools.
Right-click the icon for the IIS server, and then select Restart IIS from the shortcut menu.
Click OK to restart the IIS Service, and enable the WebSphere plug-in for IIS.
After the restart process finishes, right-click the server, and then select Properties from the shortcut menu.
Click Edit beside WWW Services under Master Properties.
In the ISAPI Filters tab, ensure that sePlugins is displayed with high priority indicated by a green upward arrow. If sePlugins is not displayed in the ISAPIFilters tab, then:
Click Add. Use sePlugins as FilterName, and specify PLUGIN_HOME
/bin/
IIS_webserver_name
/iisWASPlugin_http.dll
as the executable file.
Click OK to add the filter.
Restart IIS Service and check the property of the DefaultWebSite again. Priority of the ISAPIFilter might still be Unknown. It would take time (possibly hours or even a day) for it to be updated as high priority with the green upward arrow.
To install the plug-in on Microsoft Windows 2003:
Start the installation wizard for the Web Server plug-ins.
Select the Microsoft Internet Information Services option.
Select Webserver machine (remote) option.
Provide the path for the installation.
Specify the port (default value is 80
).
Specify the Web server name (default name is webserver1
).
Accept the location of default plugin-cfg.xml
file and continue.
Specify the IP address of the application server.
To enable the plug-in within IIS, and then verify that it is working, start the Internet Information Services (IIS) Manager in Administrative Tools.
Expand the computer name.
Expand the Web Sites folder.
Right-click Default Web Site, select New, and then click Virtual Directory.
In the Welcome to Virtual Directory Creation Wizard window, click Next to go to the next window.
In the Virtual Directory Alias window, enter sePlugins
as the alias, and then click Next.
In the Web Site Content Directory window, browse to the location where you install the WebSphere Plug-ins. Ensure that you include the bin
directory, for example, C:\WSPlugin\bin
, and then click Next.
In Virtual Directory Access Permissions, ensure that the Read, the Run Scripts, and the Execute options are selected. Click Next after you finish selecting the permissions.
Click Finish.
Right-click the computer icon, select All Tasks, and then click Restart IIS.
Click OK to restart the IIS Service and enable the WebSphere plug-in for IIS.
After the restart process finishes, expand the Web Site folder, right-click Default Web Site, and then select Properties from the shortcut menu.
In the ISAPI Filters tab, ensure that sePlugins is displayed with high priority and is indicated by a green upward arrow. If sePlugins is not displayed in the ISAPIFilters tab, then:
Click Add. Use sePlugins as FilterName, and specify PLUGIN_HOME
/bin/
IIS_webserver_name
/iisWASPlugin_http.dll
as the executable file.
Click OK to add the filter.
Restart IIS Service and check the property of the DefaultWebSite again. Priority of the ISAPIFilter might still be Unknown. It would take time (possibly hours or even a day) for it to be updated as high priority with the green upward arrow.
This section discusses how to configure the IIS plug-in, export the configuration from the Node Manager, and install it.
To configure the IIS plug-in and install the configuration:
Ensure that Network Deployment Manager (NDM) is running.
Copy configurewebserver1.bat (for Windows) or configurewebserver1.sh (for UNIX) from IIS_HOST
computer to the following directory on NDM_HOST
:
WEBSPHERE_HOME
/profiles/XL_MANAGER_PROFILE/bin/
Note:
configurewebserver1.bat
is located in the following directory on IIS_HOST
:
PLUGIN_HOME
/bin
configurewebserver1.sh
is located in the following directory:
PLUGIN_HOME
/bin/crossPlatformScripts/unix
Run the configurewebserver1 script to generate the IIS plugin file on NDM_HOST
.
For Windows NDM_HOST
: Configurewebserver1.bat -profileName XL_MANAGER_PROFILE -user xelsysadm -password
xelsyadm_password
For UNIX NDM_HOST
: Configurewebserver1.sh -profileName XL_MANAGER_PROFILE -user xelsysadm -password
xelsyadm_password
Note:
For cross-platform configurations (IIS Web server on Windows and WebSphere server on UNIX), changes are required to compensate for file encoding differences to prevent the Configurewebserver1.sh script from failing.For more information, visit: http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/tins_webplugins_remotesa.html
Search for plugin-cfg.xml under the WEBSPHERE_HOME
/profiles/XL_MANAGER_PROFILE/
directory. There are two plugin-cfg.xml files. Choose the one that is not WEBSPHERE_HOME
/profiles/XL_MANAGER_PROFILE/config/cells/plugin-cfg.xml
.
Copy the new plugin-cfg.xml file from the Network Deployment Manager to the install directory of the IIS server WebSphere plug-in.
Open the file on the IIS server. Several paths in the new configuration file must be updated to reflect the files of the IIS server.
Save and close the file.
Restart the IIS server.
Use the following task overview to install Oracle Identity Manager on a WebSphere clustered environment by using a shared directory. You must perform the steps in the task overview in the order shown.
To install Oracle Identity Manager cluster by using a shared directory:
Create a shared directory on the file server designated for Oracle Identity Manager.
This shared directory can be on a Solaris computer with NFS or on a Microsoft Windows share.
On all the computers that will be hosting Oracle Identity Manager, map this drive by using the same drive letter on each computer.
If the installation is on Solaris, then mount the NFS partition on the same mount point.
Install Oracle Identity Manager by using the standard installation instructions.
Provide the installation location on the shared drive.
When adding a new host to the cluster, map the drive as in step 2, thereby making Oracle Identity Manager home directory available for use.
Modify the xlAddNode command to provide the proper Oracle Identity Manager location as well as the WebSphere location.
Run the xlAddNode command.
Note:
If the log.properties file is modified to include a File Appender to log the Oracle Identity Manager messages into a separate file, then ensure that you provide a location on the local drive. Also, ensure that the same location exists on all the nodes.This section describes how to perform a partitioned installation of Oracle Identity Manager in a WebSphere clustered environment.
WebSphere clustered environments for a partitioned installation are the following:
An independent clustered environment in which Scheduled Task and Front Office are processed
Two independent installations of Oracle Identity Manager share the same database.
A multiple clustered environment in which the same Network Deployment Manager (NDM) is used for hosting different components.
Here are some important points to consider before you choose the type of clustered environment you wish to install the partitioned Oracle Identity Manager:
Adapters and scheduled jobs can invoke APIs and submit messages.
These API calls are processed in which APIs are hosted at the Core Server. Also, the submitted messages are processed in which Message Driven Beans (MDBs) are hosted. Therefore, scheduled job execution is truly distributed among three components: the APIs, the MDBs and the Schedule Job itself.
All off-lined tasks will be executed partly by the API layer and partly by the MDB layer.
Currently, request initiation and reconciliation are off-lined, but more tasks are planned to be off-lined in the future.
In theory, it is possible to install a Scheduler a single computer.
However, when a schedule task runs, it calls the APIs. For the reconciliation tasks, they call APIs as well as submit messages. Therefore, true processing of scheduled tasks occurs in the APIs and MDBs.
For an independent clustered environment, two separate Oracle Identity Manager installations share the same database. The first installation of Oracle Identity Manager is designed to handle Front Office, which is the user requests for administration, provisioning, and so on. The second installation is designed to handle Back Office for only the Schedule Task execution.
Figure 9-1 shows two independent clustered environments: Front Office and Back Office.
The following items discuss some important points needed for the independent clustered environment:
The Front Office installation must include MDBs because the Front Office is not aware of the existence of the Back Office.
However, it is possible to overcome this limitation by using WebSphere MQ.
The Back Office installation must include APIs because they are called by the Scheduled Tasks.
Both installations can be either clustered or nonclustered.
For example, Front Office can be a cluster, while Back Office runs on a single but powerful computer.
Caching must be configured as a single cluster by using the same multi-cast IP address between both the clusters.
If the same IP cannot be used, then the cache must be flushed in both the clusters after an import or a change to process definition, resource object definition, and so on.
Independent clustered environment has the following advantages:
The clustered environments use different platform types.
For example, the Front Office can be Windows-based, while the Back Office is Solaris-based.
The entire Schedule Task execution is processed in the Back Office cluster with reasonable predictability.
There is one Java Virtual Machine (JVM) for each computer, or one application server instance running for each computer.
Note:
Ensure that the Cache\MultiCastAddress is same for both the Front Office and Back Office installations to ensure cache flushing on both clusters.Independent clustered environment has the following disadvantages:
The clusters are rigid in their processing duties.
For example, the Front Office processing cannot be delegated to the Back Office cluster, and vice-versa even if the other cluster is under-utilized at that time. Therefore, under no circumstances can the Front Office cluster share the load on the Back Office cluster.
The Design Console must be configured to work with the Back Office cluster and be able to schedule jobs, and so on.
Because the Back Office cluster does not qualify as a true back-office cluster, it causes the limitation of off-lined tasks.
It also restricts processing to the Front Office cluster. For example, off-lining task approvals occur in the Front Office cluster.
After installing Oracle Identity Manager in a multiple-clustered environment, in which clusters share the same Node Domain Manager (NDM), you can add more servers and create more clusters. You can also map modules to different clusters by using the WebSphere administrative console.
Figure 9-2 shows that the multiple-clustered environment is hosting different modules. If you want to configure a computer (host) for multiple functions, then you can map multiple modules to this host.
Note:
When creating the Oracle Identity Manager Cluster by using the WebSphere administrative console, ensure that you select the Prefer Local option so that the local EJBs are preferred over the remote EJBs.The following are the advantages of the multiple-clustered environment:
Multiple-clustered environment has the ability to load balance processing in which the Back Office cluster can take on the work, and vice versa.
For example, there are times when the API cluster on the Front Office can process scheduled tasks.
The Back Office cluster represents a true Back Office in which designated off-lined tasks are processed within the Back Office computers.
The Design Console points to the same cluster for all operations.
There is a central administration of the WebSphere cluster.
The following are the disadvantages of the multiple-clustered environment:
Multiple JVMs run on all the computers within the cluster.
The impact on performance is unknown.
After applying patches, you must perform manual steps to map modules into the proper cluster because the current patch mechanism cannot accommodate the two separate deployments.
The following are the installation considerations in a multiple-clustered environment:
Install WebSphere by following the clustered installation steps in this guide, but name the cluster XL_API_CLUSTER instead of XL_CLUSTER.
Create additional clusters: XL_API_CLUSTER, WebCluster, and BackOfficeCluster.
Add servers into the clusters by using the same model server for all of them.
In the Web cluster, add servers into the nodes participating in the Front Office.
Note:
To indicate that the server is hosting Web components, append the word "Web" to the end of the server name. For example, Node1Server1Web.In the Back Office cluster, add servers into the nodes participating in the Back Office. Use the suffix, BackOffice or BO.
Create servers in XL_API_CLUSTER and add the suffix API to the servers.
Map modules into different clusters:
Click Enterprise Applications, and then click Oracle Identity Manager.
Click Map modules to Application Servers.
Select xlWebApp.war, and then select the WebCluster from the list on the top.
Click Apply. xlWebApp.war runs on Web Cluster.
Select xlBackOfficeBeans, xlScheduler.war, and SchedulerBean, and then map them to the BackOffice cluster.
Save the changes.
Modify xlconfig.xml and change the Discovery section. Include the boot strap ports of the correct servers to find the various components.
Edit the websphere.profile and ensure that the cluster name is XL_API_CLUSTER.
Run websphereConfigUtility.cmd to get the list URL to be used for CoreServer component.
Perform the same steps for BackOfficeCluster to get the JNDI URL to be used for BackOffice, Scheduler, and JMSServer components.
Start all the clusters.
Restart the application.
Follow these guidelines when scaling up your environment:
To add more computers to handle Front Office requests, add a new node, and then add servers in both the WebCluster and the API Cluster.
To add more processing power in the Back Office cluster, add a new node, and then add servers to the API Cluster and the Back Office Cluster on that node.
To deploy an Oracle Identity Manager-supported integration on the WebSphere clustered environment, you must ensure that the integration is accessible for all cluster members. Refer to the Oracle Identity Manager Connector Pack Release Notes located at the Oracle Technology Network site to learn about supported connectors for Oracle Identity Manager.
During the Oracle Identity Manager installation, the Oracle Identity Manager folder, Oracle by default, is generated. This folder contains configuration information, for example, third-party libraries, keystores, scheduled tasks, and adapter classes. In a WebSphere clustered environment, ensure that this folder is installed as a shared folder and is centrally located so that all cluster members can access the latest configuration information referenced by the application server.
Note:
Refer to the "Installing Oracle Identity Manager Cluster By Using a Shared Directory" section for more information.For any Oracle Identity Manager-supported integrations that are deployed by using a Secure Sockets Layer (SSL) connection between the target system, for example Active Directory, and the clustered WebSphere application server, you must import the target system SSL certificate file into the trusted store for each cluster member computer.
For a standard WebSphere deployment, the target system SSL certificate must be imported to WEBSPHERE_HOME
/etc/DummyServerTrustFile.jks
. The default password for this file is WebAS. In a customized WebSphere deployment in which a different trusted store is used, you must import the target system SSL certificate to that store.
Ensure that all cluster members have their system clocks synchronized. Oracle recommends that you do not run clustering on separate computers unless their system clocks are synchronized by using some form of time-sync service (daemon) that runs frequently. The clocks must be within a second of each other. Visit http://www.boulder.nist.gov/timefreq/service/its.htm
for more information by using the time-sync service.
Caution:
Never start a nonclustered instance against the same set of tables that another instance is running against. You will experience serious data corruption and erratic behavior.After completing the steps in this chapter, ensure that you perform the postinstallation configuration tasks for the clustered environment by referring to the "Postinstallation Configuration for Oracle Identity Manager and IBM WebSphere Application Server" section to complete the cluster deployment.