11 Preparing for Deployment

This chapter describes the software installations required for an Oracle Identity and Access Management enterprise deployment.

This chapter contains the following topics:

Section 11.1, "Assembling Information for Identity and Access Management Deployment"
Section 11.2, "Creating an Oracle Identity and Access Management Software Repository"
Section 11.3, "Oracle Traffic Director"
Section 11.4, "Verifying Java"
Section 11.5, "Installing the IAM Deployment Wizard"
Section 11.6, "Checking Port Availability"

11.1 Assembling Information for Identity and Access Management Deployment

Assemble the following information prior to deployment. You can print out the tables from the PDF version of this guide and record your own values.

This guide repeatedly uses the following host names to make it easier to follow:

WEBHOST1/2
OAMHOST1/2
OIMHOST1/2
LDAPHOST1/2

The actual values you use depend on the type of deployment topology you are using. These values are translations of how these hosts refer to the hosts listed in the topologies.

In addition to the host names, you may see some of the hosts with an EXT suffix (generally used in the OHS topology). The EXT suffix is used to denote that the external EoIB network interface is used.

In addition to the host names, you may see some of the hosts in the document have a VHN suffix. This is used to identity virtual host names.

In certain circumstances you may see hosts with a suffix of EXTVHN. In this scenario this suffix is referring to a virtual hostname configured on the EoIB network.

Notes:

Do not use host names that contain the hyphen (-) character. See Section 20.10.2.1, "Deployment Fails with Error: Incorrect Host or Domain Name Format for Attribute."
Do not use privileged ports (< 1024) for the Identity and Access Management deployment.

Table 11-1 Hosts–Virtual Exalogic

Description	Variable	Documented Value
Access Management Host 1	`OAMHOST1`	`OAMHOST1.mycompany.com`
Access Management Host 2	`OAMHOST2`	`OAMHOST2.mycompany.com`
Identity Governance Host 1	`OIMHOST1`	`OIMHOST1.mycompany.com`
Identity Governance Host 2	`OIMHOST2`	`OIMHOST2.mycompany.com`
Directory Host 1	`LDAPHOST1`	`OAMHOST1.mycompany.com`
Directory Host 2	`LDAPHOST2`	`OAMHOST2.mycompany.com`
First Web Tier host	`WEBHOST1`	`OAMHOST1.mycompany.com`
Second Web Tier host	`WEBOST2`	`OAMHOST2.mycompany.com`

Table 11-2 Hosts–Physical Exalogic

Description	Variable	Documented Value
Access Management Host 1	`OAMHOST1`	`IAMHOST1.mycompany.com`
Access Management Host 2	`OAMHOST2`	`IAMHOST2.mycompany.com`
Identity Governance Host 1	`OIMHOST1`	`IAMHOST1.mycompany.com`
Identity Governance Host 2	`OIMHOST2`	`IAMHOST2.mycompany.com`
Directory Host 1	`LDAPHOST1`	`IAMHOST1.mycompany.com`
Directory Host 2	`LDAPHOST2`	`IAMHOST2.mycompany.com`
First Web Tier host	`WEBHOST1`	`IAMHOST1.mycompany.com`
Second Web Tier host	`WEBHOST2`	`IAMHOST2.mycompany.com`

Table 11-3 Hosts–External OHS

Description	Variable	Documented Value
Access Management Host 1	`OAMHOST1`	`IAMHOST1EXT.mycompany.com`
Access Management Host 2	`OAMHOST2`	`IAMHOST2EXT.mycompany.com`
Identity Governance Host 1	`OIMHOST1`	`IAMHOST1EXT.mycompany.com`
Identity Governance Host 2	`OIMHOST2`	`IAMHOST2EXT.mycompany.com`
Directory Host 1	`LDAPHOST1`	`IAMHOST1EXT.mycompany.com`
Directory Host 2	`LDAPHOST2`	`IAMHOST2EXT.mycompany.com`
First Web Tier host	`WEBHOST1`	`OHSHOST1.mycompany.com`
Second Web Tier host	`WEBHOST2`	`OHSHOST2.mycompany.com`

Table 11-4 Installation Locations

Description	Variable	Documented Value
Software Repository Location	`REPOS_HOME`	`/u01/lcm/repository`
Software Installation Location	`SW_ROOT`	`/u01/oracle/products`
Shared Configuration Location	`SHARED_CONFIG_DIR`	`/u01/oracle/config`
Local Configuration Location	`LOCAL_CONFIG_DIR`	`/u02/private/oracle/config`
Lifecycle Management Store Location	`LCM_HOME`	`/u01/lcm`

Table 11-5 Ports

Description	Variable	Documented Value
Access Management WLS Server Port	`IAD_WLS_PORT`	`7001`
Identity Governance WLS Port	`IGD_WLS_PORT`	`7101`
Oracle Identity Manager Port, Second Oracle Identity Manager Port	`OIM_PORT`	`14000`
SOA Ports, Hosts 1 and 2	`SOA_PORT`	`8001`
Access Manager Port, Second Access Manager Port	`OAM_PORT`	`14100`
Access Manager Proxy Port	`OAM_PROXY_PORT`	`5575`
Web Server HTTP Port	`WEB_HTTP_PORT`	`7777`
Web Server HTTPS Port	`WEB_HTTPS_PORT`	`4443`
LDAP Port	`LDAP_PORT`	`1389`
LDAP SSL Port	`LDAP_SSL_PORT`	`1636`
LDAP Administration Port	`LDAP_ADMIN_PORT`	`4444`
LDAP Replication Port	`LDAP_REPLIC_PORT`	`8989`
Node Manager Port	`NMGR_PORT`	`5556`
OAAM Port	`OAAM_PORT`	14300
OAAM Administration Port	`OAAM_ADMIN_PORT`	14200

Table 11-6 Virtual Hosts

Description	Variable	Documented Value
Access Domain Administration Server Virtual Host	`IADADMINVHN`	`IADADMINVHN.mycompany.com`
Governance Domain Administration Server Virtual Host	`IGDADMINVHN`	`IGDADMINVHN.mycompany.com`
First Oracle Identity Manager Server virtual host	`OIMHOST1VHN`	`OIMHOST1VHN.mycompany.com`
Second Oracle Identity Manager Server virtual host	`OIMHOST2VHN`	`OIMHOST2VHN.mycompany.com`
First SOA Server virtual host	`SOAHOST1VHN`	`SOAHOST1VHN.mycompany.com`
Second SOA Server virtual host	`SOAHOST2VHN`	`SOAHOST2VHN.mycompany.com`

Table 11-7 Database Information

Description	Variable	Documented Value
SCAN Address	`SCAN_ADDRESS`	`IAMDBSCAN.mycompany.com`
SCAN Listener Port	`DB_LSNR_PORT`	`1521`
Oracle Identity Manager DB Service Name	`OIM_DB_SERVICENAME`	`OIMEDG.mycompany.com`
Access Manager DB Service Name	`OAM_DB_SERVICENAME`	`OAMEDG.mycompany.com`
OAAM DB Service Name	`OAAM_DB_SERVICENAME`	`OAAMEDG.mycompany.com`
Oracle Identity Manager DB Schema Password	`OIM_SCHEMA_PASSWD`

Table 11-8 LDAP

Description	Variable	Documented Value	Customer Value
LDAP Realm DN,	`REALM_DN`	`dc=mycompany,dc=com`
Identity Store Bind DN	`LDAP_ADMIN_USER`	`cn=oudadmin`

Table 11-9 Load Balancer

Description	Variable	Documented Value
Load Balancer end point used to access the IAMAccessDomain Administration functions	`IAD_DOMAIN_ADMIN_LBRVHN`	`IADADMIN.mycompany.com`
Load Balancer end point used to access the IAMGovernanceDomain Administration functions	`IGD_DOMAIN_ADMIN_LBRVHN`	`IGDADMIN.mycompany.com`
Load Balancer Administration Port	`HTTP_PORT`	`80`
Load Balancer Administration Port is SSL?		`No`
Load Balancer Internal Callbacks Virtual Host Name	`IAM_INTERNAL_LBRVHN`	`IDMINTERNAL.mycompany.com`
Load Balancer Internal Callbacks Port	`IAM_INTERNAL_PORT`	`7777`
Load Balancer SSL Port	`HTTP_SSL_PORT`	`443`
Load Balancer ID Store Virtual Host Name	`LDAP_IDSTORE_NAME`	`IDSTORE.mycompany.com`
Load Balancer ID Store Port	`LDAP_LBR_PORT`	`1489`
Load Balancer ID Store SSL Port	`LDAP_LBR_SSL_PORT`	`1636`
SSO main application entry point	`IAM_LOGIN_LBRVHN`	`SSO.mycompany.com`

Table 11-10 Email Server (Optional)

Description	Variable	Documented Value
Outgoing Email Server Name	`EMAIL_SERVER`	`EMAIL.mycompany.com`
Outgoing Email Server Port	`EMAIL_PORT`	`465`
Outgoing Email Security	`EMAIL_PROTOCOL`	`SSL`
Email Username	`EMAIL_USER`
Email Password	`EMAIL_PASSWORD`

Note:

Internal call backs are always unencrypted (HTTP). The main entry point sso.mycompany.com is always encrypted (HTTPS)

Table 11-11 Users

Description	Variable	Documented Value
Common IAM Password for IAM Deployment Wizard	`COMMON_IAM_PASSWORD`
Identity Store Access Manager Administrative User	`OAMADMINUSER`	`oamadmin`
Identity Store Access Manager Software User	`OAMLDAPUSER`	`oamLDAP`
Identity Store Oracle Identity Manager Administrative User	`OIMLDAPUSER`	`oimLDAP`

Table 11-12 OAM

Description	Variable	Documented Value	Customer Value
Access Manager Transfer Mode	`OAM_MODE`	`Simple`. (`Open` on AIX.)
Access Manager Cookie Domain	`OAM_COOKIE_DOMAIN`	`.mycompany.com`

Table 11-13 Oracle Traffic Director

Description	Variable	Documented Value
OTD Node Port	`OTD_NODE_PORT`	8900
OTD Admin port	`OTD_ADMIN_PORT`	8800
OTD Admin user	`OTDADMIN`	`otdadmin`

11.2 Creating an Oracle Identity and Access Management Software Repository

The software required by Oracle Identity and Access Management is located in the Oracle Fusion Middleware Deployment Repository. If you have not already done so then you must create an Oracle Fusion Middleware Provisioning Repository as described in Oracle Fusion Middleware Deployment Guide for Oracle Identity and Access Management.

If you have not already done so, unzip the RCU zip file REPOS_HOME/installers/fmw_rcu/linux/rcuHome.zip to:

REPOS_HOME/installers/rcu

11.3 Oracle Traffic Director

Oracle Traffic Director and Oracle WebGate for Traffic Director are not supplied as part of the software repository.

You must download these separately. It is recommended that you extract these to the Software Repository for consistency.

Extract OTD to REPOS_HOME/installers/otd

Extract OTD WebGate to REPOS_HOME/installers/webgate_otd

11.4 Verifying Java

Make sure that your Deployment Repository contains Java. It should reside in a directory called jdk6.

You can verify that Java is installed and working as follows:

Set JAVA_HOME to: JAVA_HOME

Run these commands:

JAVA_HOME/bin/java -version
JAVA_HOME/bin/javac -version

11.5 Installing the IAM Deployment Wizard

The IAM Deployment Wizard must be visible to each host in the topology during provisioning and subsequent patching.

The installation script for the IAM Lifecycle Tools (IAM Deployment Wizard and IAM Patching Tools) resides in the directory:

REPOS_HOME/installers/idmlcm/Disk1

To begin installing the tools, change to that directory and start the script.

cd REPOS_HOME/installers/idmlcm/idmlcm/Disk1
./runInstaller -jreLoc REPOS_HOME/jdk6

Then proceed as follows:

On the Welcome screen, click Next.
If you are running the Wizard on a UNIX platform, you are prompted for the location of the Inventory Directory, which is used to keep track of all Oracle products installed on this host.

In the Operating System Group ID field, select the group whose members you want to grant access to the inventory directory. All members of this group can install products on this host. Click OK to continue.

The Inventory Location Confirmation dialog prompts you to run the inventory_directory/createCentralInventory.sh script as root to create the /etc/oraInst.loc file. This file is a pointer to the central inventory and must be present for silent installations. It contains two lines:

inventory_loc=path_to_central_inventory

inst_group=install_group

The standard location for this file is /etc/oraInst.loc, but it can be created anywhere. If you create it in a directory other than /etc, you must include the -invPtrLoc argument and enter the location of the inventory when you run the Identity and Access Management Deployment Wizard or the runIAMDeployment script.

If you do not have root access on this host but want to continue with the installation, select Continue installation with local inventory.

Click OK to continue.
On the Prerequisite Checks screen, verify that checks complete successfully, then click Next.
On the Specify Install Location screen, enter the following information:
1. Oracle Middleware Home - This is the parent directory of the directory where the Identity and Access Management Deployment Wizard will be installed. This must be on shared storage for example:
  
  /u01/lcm/tools
2. Oracle Home Directory - This is a subdirectory of the above directory where the wizard will be installed. For example:
  
  idmlcm
Click Next.
On the Installation Summary screen, click Install.
On the Installation Progress screen, click Next.
On the Installation Complete screen, click Finish.

11.6 Checking Port Availability

Before starting to deploy your environment, you must ensure that none of the ports you intend to use is already in use.

To do this, perform the following steps:

Log on to the machine that the component will run on.
Check that no process is running on that port using the following command:
```
netstat -an | grep port
```
where port is the port number you are checking for. See ports listed in Table 11-5.

For example, for Oracle HTTP server the command is:
```
netstat -an | grep 7777
```

For a full list of the default ports, see Chapter 4, "Ports Used in the Exalogic Reference Topology."