Oracle® Web Services Manager Deployment Guide 10g (10.1.3.3.0) Part Number E10298-01 |
|
|
View PDF |
This chapter includes the following sections:
This section briefly describes a basic deployment of Oracle Web Services Manager (Oracle WSM). Figure 1-1 illustrates the components in an Oracle WSM deployment and the connections between these components:
Policy Enforcement Points (Oracle WSM Agents and Oracle WSM Gateway)
Oracle WSM Policy Manager
Oracle WSM Monitor
Oracle Enterprise Manager 10g Web Services Manager Control (Web Services Manager Control)
Oracle WSM Database
Oracle WSM enforces and manages security of Web services through runtime components called policy enforcement points (PEPs). There are two types of PEPs:
Oracle WSM Gateways – The Oracle WSM Gateway is deployed in a J2EE container. It functions independently of the Web service it protects and acts as a proxy to the Web service clients.
Oracle WSM Agents – There are two types of Oracle WSM Agents:
Client Agents
Server Agents
Both types of agents run in the same space as the applications they protect, hosted by J2EE containers. Client agents intercept Web service requests from Web service clients, and enforce policy steps such as encryption or signature. Server agents intercept Web service requests before they reach the protected Web service and enforce access control security steps such as authentication and authorization.
The Oracle WSM administrative components are installed in a J2EE container and are used to manage an Oracle WSM environment:
Oracle WSM Policy Manager – Oracle WSM Policy Manager manages Web service registration, policy configuration, and policy communication. The Oracle WSM Policy Manager stores policies in the Oracle WSM Database and uploads policies to the PEPs
Oracle WSM Monitor – Oracle WSM Monitor manages the collection, aggregation, and persistence of data for monitoring Web services traffic. The Oracle WSM Monitor consists of two subcomponents: the Collector and the Aggregator. The Collector collects all the information coming from the PEPs during runtime, and the Aggregator applies aggregation rules, defining the information to be displayed in graphical charts.
Web Services Manager Control – Web Services Manager Control is a Web-based application from which the Oracle WSM system is administered. It is the user interface to the Oracle WSM administrative components (Oracle WSM Policy Manager and Oracle WSM Monitor).
Oracle WSM supports clustered environments. For more information on configuring an Oracle WSM cluster, see "Configuring Oracle WSM in a Clustered Environment" and see Oracle Application Server Enterprise Deployment Guide.
Oracle WSM is designed to grow as Web services environments grow in size, diversity, and complexity. The administrative components can all be installed on one computer, or they can be distributed across multiple computers to optimize performance, security, monitoring, and distributed management.
Policy Enforcement Points (PEPs) can be redundant to distribute the load, improving throughput and reducing down time.
Multiple instances of the Oracle WSM Policy Manager can be installed to improve availability and throughput. Load balancers can be deployed to ensure the availability of the Oracle WSM Policy Manager in the case of a single server or host machine failure.
Use the following guidelines to scale the Oracle WSM Policy Manager:
Place the Oracle WSM Policy Manager instances on separate application servers. The Oracle WSM Policy Manager is horizontally scalable.
If a load balancer is placed between Web Services Manager Control and multiple instances of Oracle WSM Policy Manager, then the load balancer must be configured so that session affinity is supported for traffic to Oracle WSM Policy Manager. Session affinity is a method of configuring applications such that the client (in this example, Web Services Manager Control) is always connected to the same server (in this example, the application server on which the Oracle WSM Policy Manager is installed). Session affinity ensures that the configuration changes for a session are sent to the same instance of Oracle WSM Policy Manager.
Multiple instances dedicated to a particular zone in the enterprise can also improve performance. For example, if the Web services environment is scattered across geographic zones, different instances can be used to monitor each zone separately.