Chapter 3 Before You Begin
This chapter contains information you need to know before beginning the documented installation and configuration procedures. It contains the following sections:
3.1 Technical Conventions
See Chapter 2, Technical Overview for a quick reference of host machines, port numbers, operating systems, naming conventions, and component names used in this deployment example. See Part III, Reference: Summaries of Server and Component Configurations for more detailed information.
3.2 Setting Up the Load Balancers
The load balancer hardware and software used in this deployment environment is BIG-IP® manufactured by F5 Networks. If you are using different load balancer software, see the documentation that comes with that product for detailed settings information. This document assumes that you have already installed the required load balancers.
The following sections require load-balancing hardware and software.
-
4.3 Configuring a Load Balancer for the Directory Server Configuration Data Instances
-
5.3 Configuring the Load Balancer for the User Data Instances
-
8.4 Configuring the Distributed Authentication User Interface Load Balancer
3.3 Obtaining Secure Socket Layer Certificates
You will need to obtain certificate authority (CA) root certificates and server Secure Socket Layer (SSL) certificates to enable SSL in this deployment environment. The certificate issuer used in this deployment is a test CA certificate from OpenSSL. You can obtain a root CA certificate from a commercial certificate issuer such as Verisign. For more information, see the documentation provided by your certificate authority.
The following tasks are related to requesting, installing, and importing SSL certificates:
-
To Request an Secure Sockets Layer Certificate for the Access Manager Load Balancer
-
To Import a Certificate Authority Root Certificate on the Access Manager Load Balancer
-
To Install an SSL Certificate on the Access Manager Load Balancer
-
To Import a CA Root Certificate on the Distributed Authentication User Interface Load Balancer
-
To Install an SSL Certificate on the Distributed Authentication User Interface Load Balancer
-
To Import the Certificate Authority Root Certificate into the Web Server 1 Keystore
-
To Import the Certificate Authority Root Certificate into the Application Server 1 Keystore
-
To Import the Certificate Authority Root Certificate into the Web Server 2 Keystore
-
To Import the CA Root Certificate into the Application Server 2 Keystore
3.4 Resolving Host Names
There are many ways to resolve the host names used in this deployment example. You may use a DNS naming service, or you can map IP addresses to host names in the local host file on all UNIX® hosts. The same entries must also be added to equivalent files on Windows hosts, and on client machines where browsers are used. For example:
1xx.xx.xx.x1 DirectoryServer-1 DirectoryServer-1.example.com 1xx.xx.xx.x2 DirectoryServer-2 DirectoryServer-2.example.com 1xx.xx.xx.x3 AccessManager-1 AccessManager-1.example.com 1xx.xx.xx.x4 AccessManager-2 AccessManager-2.example.com |
3.5 Known Issues and Limitations
See Appendix G, Known Issues and Limitations for descriptions of problems you may encounter when implementing the deployment example. This list will be updated as new information becomes available.
Caution – Although these instructions incorporate many recommended or best practices, and may be suitable in many different scenarios, this is not the only way to achieve the same results. If you plan to deviate from the task sequence or details described, you should refer to the relevant product documentation for information on differences in platforms, software versions or other requirement constraints.
- © 2010, Oracle Corporation and/or its affiliates