Chapter 2 Technical Overview
This chapter contains the following topics:
2.1 Software Used in this Environment
The following table lists the software used in this deployment.
Table 2–1 Software Versions and Download Locations|
Product |
Version |
Download Location |
|---|---|---|
|
Sun Java Web Server |
6.1SP5 (JES 2005Q4) | |
|
Sun Java Directory Server |
5.2_Patch_4 (JES 2005Q4) | |
|
Sun Java Access Manager |
7.0 (JES 2005Q4) | |
|
Sun Java Access Manager Patch |
7.0_Patch_5 120954-05 (sparc), 120955-05 (x86) | |
|
BEA Weblogic Application Server |
9.1 |
See the BEA website http://www.bea.com |
|
Web Policy Agent (for Sun Java WebServer v6.1) |
2.2_HotPatch_5 | |
|
J2EE Policy Agent (for BEA Weblogic Application Server v9.1) |
2.2_HotPatch_3 | |
|
Java (for Access Manager, Web Agent, J2EE Agent) |
1.5.0_04 |
Automatically installed with Java Enterprise System, and BEA Application Server. |
|
Big-IP Load Balancer |
See the F5 Networks website http://www.f5.com |
2.2 Host Names and Main Service URLs Used in Examples
The following table summarizes naming conventions used in this guide. For detailed configuration information, see Part III, Reference: Summaries of Server and Component Configurationsin this guide.
Table 2–2 Host Names and Service URLs|
Host or Component |
Main Service URL |
|
|---|---|---|
|
Directory Servers |
||
|
DirectoryServer–1 |
ldap://DirectoryServer-1.example.com:1389 |
|
|
DirectoryServer-1 User Data Store |
ldap://DirectoryServer-1.example.com:1489 |
|
|
DirectoryServer–2 |
ldap://DirectoryServer-2.example.com:1389 |
|
|
DirectoryServer-1 User Data Store |
ldap://DirectoryServer-2.example.com:1489 |
|
|
LoadBalancer–1 |
http://LoadBalancer-1.example.com:389 (Access Manager configuration) |
|
|
LoadBalancer–2 |
http://LoadBalancer-2.example.com:489 (User data store) |
|
|
Access Manager Servers |
||
|
AccessManager–1 |
http://AccessManager-1. example.com:1080/amserver/console |
|
|
AccessManager–2 |
http://AccessManager-2. example.com:1080/amserver/console |
|
|
LoadBalancer–3 |
http://LoadBalancer-3.example.com:90 (for Intranet users) https://LoadBalancer-3.example.com:9443 (for Internet users) |
|
|
Message Queue Broker Cluster |
||
|
MessageQueue–1 |
http://MessageQueue-1.example.com:7777 |
|
|
MessageQueue–2 |
http://MessageQueue-2.example.com:7777 |
|
|
Distributed Authentication UI Modules |
||
|
AuthenticationUI–1 |
http://AuthenticationUI-1. example.com:1080/distAuth/UI/Login |
|
|
AuthenticationUI–2 |
http://AuthenticationUI-2. example.com:1080/distAuth/UI/Login |
|
|
LoadBalancer–4 |
https://LoadBalancer-4.example.com:9443 |
|
|
Protected Resources and Policy Agents |
||
|
ProtectedResource–1 |
http://ProtectedResource-1.example.com:8888 (Sun Java System Web Server) |
|
|
Web Agent 1 |
http://ProtectedResource-1.example.com:1080 |
|
|
ProtectedResource–1 |
http://ProtectedResource-1.example.com:7001/console (WebLogic Application Server) |
|
|
J2EE Policy Agent 1 |
http://ProtectedResource-1.example.com:1081 |
|
|
ProtectedResource–2 |
http://ProtectedResource-2.example.com:8888 (Sun Java System Web Server) |
|
|
Web Agent 2 |
http://ProtectedResource-2.example.com:1080 |
|
|
ProtectedResource–2 |
http://ProtectedResource-2.example.com:7001/console (WebLogic Application Server) |
|
|
J2EE Policy Agent 2 |
http://ProtectedResource-2.example.com:1081 |
|
|
LoadBalancer–5 |
http://LoadBalancer-5.example.com:90 (Web Policy Agents) |
|
|
LoadBalancer–6 |
http://LoadBalancer-6.example.com:91 (J2EE Policy Agents) |
|
2.3 Intercomponent Communication
The following table provides an overview of the types of communication that take place between server, load balancers, and other components in the deployment example.
Table 2–3 Summary of Intercomponent Communication|
Entity A |
Entity B |
Bi-Directional |
Port |
Protocol |
Traffic Type |
|---|---|---|---|---|---|
|
Intranet Users |
LoadBalancer-5 |
90 |
HTTP |
Application Traffic |
|
|
Internet Users |
LoadBalancer-6 |
91 |
HTTP |
Application Traffic |
|
|
Internet Users |
LoadBalancer-4 |
9443 |
HTTPS |
Internet User Authentication |
|
|
Intranet Users |
LoadBalancer-3 |
90 |
HTTP |
Intranet User Authentication |
|
|
LoadBalancer-4 |
AuthenticationUI-1 |
1080 |
HTTP |
Internet User Authentication |
|
|
LoadBalancer-4 |
AuthenticationUI-2 |
1080 |
HTTP |
Internet User Authentication |
|
|
LoadBalancer-5 |
ProtectedResource-1 |
1080 |
HTTP |
Application Traffic |
|
|
LoadBalancer-5 |
ProtectedResource-2 |
1080 |
HTTP |
Application Traffic |
|
|
LoadBalancer-6 |
ProtectedResource-1 |
1081 |
HTTP |
Application Traffic |
|
|
LoadBalancer-6 |
ProtectedResource-2 |
1081 |
HTTP |
Application Traffic |
|
|
AuthUIServer-1 |
LoadBalancer-3 |
9443 |
HTTPS |
Internet User Authentication |
|
|
AuthUIServer-2 |
LoadBalancer-3 |
9443 |
HTTPS |
Internet User Authentication |
|
|
ProtectedResource-1 |
LoadBalancer-3 |
9443 |
HTTPS |
Agent-AM communication |
|
|
ProtectedResource-2 |
LoadBalancer-3 |
9443 |
HTTPS |
Agent-AM communication |
|
|
LoadBalancer-3 |
AccessManager-1 |
1080 |
HTTP |
User Authentication Agent-AM communication |
|
|
LoadBalancer-3 |
AccessManager-2 |
1080 |
HTTP |
User Authentication Agent-AM communication |
|
|
AccessManager-1 |
AccessManager-2 |
Yes |
1080 |
HTTP |
AM Back-channel communication |
|
AccessManager-1 |
MessageQueue-1 |
Yes |
7777 |
HTTP |
Session communication |
|
AccessManager-2 |
MessageQueue-2 |
Yes |
7777 |
HTTP |
Session communication |
|
MessageQueue-1 |
MessageQueue-2 |
Yes |
7777 |
HTTP |
Session communication |
|
MessageQueue-2 |
MessageQueue-1 |
Yes |
7777 |
HTTP |
Session communication |
|
AccessManager-1 |
LoadBalancer-1 |
389 |
LDAP |
AM Configuration communication |
|
|
AccessManager-1 |
LoadBalancer-2 |
489 |
LDAP |
User profile communication User Authentication |
|
|
AccessManager-2 |
LoadBalancer-1 |
389 |
LDAP |
AM Configuration communication |
|
|
AccessManager-2 |
LoadBalancer-2 |
489 |
LDAP |
User profile communication User Authentication |
|
|
LoadBalancer-1 |
DirectoryServer-1 |
1389 |
LDAP |
AM Configuration communication |
|
|
LoadBalancer-1 |
DirectoryServer-2 |
1389 |
LDAP |
AM Configuration communication |
|
|
LoadBalancer-2 |
DirectoryServer-1 |
1489 |
LDAP |
User profile communication User Authentication |
|
|
LoadBalancer-2 |
DirectoryServer-2 |
1489 |
LDAP |
User profile communication User Authentication |
|
|
DirectoryServer-1 |
DirectoryServer-2 |
Yes |
1389 |
LDAP |
Data replication communication |
|
DirectoryServer-1 |
DirectoryServer-2 |
Yes |
1489 |
LDAP |
Data replication communication |
2.4 Firewall Rules
Set up firewalls to allow traffic to flow as described in the following table.
Table 2–4 Summary of Firewall Rules|
From |
To |
Port # |
Protocol |
Traffic Type |
|---|---|---|---|---|
|
Internet users |
LoadBalancer-4 |
9443 |
HTTPS |
User authentication |
|
Internet users |
LoadBalancer-5 |
90 |
HTTP |
Application access by internet user |
|
Internet user |
LoadBalancer-6 |
90 |
HTTP |
Application access by internet user |
|
AuthenticationUI-1 |
LoadBalancer-3 |
9443 |
HTTPS |
User authentication |
|
AuthenticationUI-2 |
LoadBalancer-3 |
9443 |
HTTPS |
User authentication |
|
LoadBalancer-5 |
ProtectedResource-1 |
1080 |
HTTP |
Application access by user |
|
LoadBalancer-6 |
ProtectedResource-2 |
1081 |
HTTP |
Application access by user |
|
Intranet User |
LoadBalancer-3 |
9443 |
HTTPS |
User authentication and various Access Manager services |
- © 2010, Oracle Corporation and/or its affiliates