8 Creating a Domain for an Enterprise Deployment

This chapter describes how to create a domain using the Configuration Wizard, Oracle WebLogic Server Administration Console and Oracle Enterprise Manager Fusion Middleware Control. The topology you are creating dictates the number of domains you need to create. Once the initial domain has been created, it can be extended with other products as described later on in this book.

Note:

Oracle strongly recommends that you read the release notes for any additional installation and deployment considerations prior to starting the setup process.

This chapter contains the following sections.

• Section 8.1, "Overview of Creating a Domain"

• Section 8.2, "Choosing Single Domain or Split Domain"

• Section 8.3, "About Console URLs and Domains"

• Section 8.4, "Synchronize System Clocks"

• Section 8.5, "Enabling Virtual IP Addresses for Use by the Domain"

• Section 8.6, "Running the Configuration Wizard to Create a Domain with Oracle Access Manager, Oracle SOA Suite, and Oracle Identity Manager"

• Section 8.7, "Post-Configuration and Verification Tasks"

• Section 8.8, "Configuring Oracle HTTP Server for the WebLogic Domain"

• Section 8.9, "Backing Up the WebLogic Domain"

8.1 Overview of Creating a Domain

Table 8-1 lists the steps for creating a WebLogic domain, including post-configuration tasks.

Table 8-1 Steps for Creating a WebLogic Domain

Step	Description	More Information
Enabling a Virtual IP Address for Use by the Domain	Enable ADMINVHN or OIMADMINVHN on IDMHOST1 or OIMHOST1.	Section 8.5.1, "Enabling Virtual IP Addresses for Administration Servers"
Create a WebLogic Domain	Run the Configuration Wizard to create WebLogic domain.	Section 8.6, "Running the Configuration Wizard to Create a Domain with Oracle Access Manager, Oracle SOA Suite, and Oracle Identity Manager"
Post-Configuration and Verification Tasks	Follow the instructions for post-configuration and validation tasks.	Section 8.7, "Post-Configuration and Verification Tasks"
Configure the Oracle HTTP Server with the WebLogic domain	Configure the Oracle HTTP Server with the WebLogic domain and validate the configuration.	Section 8.8, "Configuring Oracle HTTP Server for the WebLogic Domain"
Back Up the Domain	Back up the newly configured WebLogic domain.	Section 8.9, "Backing Up the WebLogic Domain"

Once this domain is created and configured you can extend the domain to include other Identity Management components, as described in the next chapters.

8.2 Choosing Single Domain or Split Domain

Before starting to create your topology, you must determine whether to create a single domain topology, with all components in one domain, or creating a split domain topology, with Oracle Identity Manager in its own dedicated domain.

For a single domain topology, create one domain, IDMDomain.

For a split domain topology, you must create two domains. Specifically:

• A domain for most components, including directories, the HTTP server, Oracle Access Manager, Fusion Middleware Control, and WebLogic console. This is called IDMDomain.

• A domain for Oracle Identity Manager components, including OIM managed servers and separate WebLogic console and Fusion Middleware Control. This is called OIMDomain.

8.3 About Console URLs and Domains

At this point, the following URLs are available:

Table 8-2 URLs Available Prior to Web Tier Integraton

Topology	Component	URL
IDMDomain	WebLogic Console	http://ADMINVHN.mycompany.com:7001/console
OIMDomain	WebLogic Console	http://OIMADMINVHN.mycompany.com:7001/console

After you have completed the tasks in Section 8.6, "Running the Configuration Wizard to Create a Domain with Oracle Access Manager, Oracle SOA Suite, and Oracle Identity Manager," the following URLs will be available.

Table 8-3 URLs Available After Web Tier Integration

Domain	Component	URL	User
IDMDomain	WebLogic Console	http://admin.mycompany.com/console	weblogic
IDMDomain	Fusion Middleware Control	http://admin.mycompany.com/em	weblogic
OIMDomain	WebLogic Console	http://oimadmin.mycompany.com/console	weblogic
OIMDomain	Fusion Middleware Control	http://oimadmin.mycompany.com/em	weblogic

8.4 Synchronize System Clocks

Oracle SOA uses Quartz to maintain its jobs and schedules in the database. Synchronize the system clocks for the SOA WebLogic cluster to enable proper functioning of jobs, adapters, and Oracle B2B.

8.5 Enabling Virtual IP Addresses for Use by the Domain

This section contains the following topics:

• Section 8.5.1, "Enabling Virtual IP Addresses for Administration Servers"

• Section 8.5.2, "Enabling Virtual IP Addresses on OIMHOST1 and OIMHOST2"

8.5.1 Enabling Virtual IP Addresses for Administration Servers

Note that this step is required for failover of the WebLogic Administration Server, regardless of whether other Oracle Fusion Middleware components are installed later or not.

You associate the Administration Server with a virtual IP address. This allows the Administration Server to be started on a different host if the primary host fails.

Check that the virtual host is enabled as follows:

Table 8-4 Virtual Hosts for Single or Split Domain

Domain	VIP	Enabled on Host
Single	ADMINVHN.mycompany.com.	IDMHOST1
Split	ADMINVHN.mycompany.com.	IDMHOST1
	OIMADMINVHN.mycompany.com.	OIMHOST1

Note:

This is the DNS name associated with the floating IP address. It is not the DNS name of the virtual host configured on the load balancer.

Linux

To enable the virtual IP address, run the following commands as root:

/sbin/ifconfig interface:index IPAddress netmask netmask
/sbin/arping -q -U -c 3 -I interface IPAddress

where interface is eth0, eth1, and so forth, and index is 0, 1, 2, and so forth.

For example:

/sbin/ifconfig eth0:1 100.200.140.206 netmask 255.255.255.0

Enable your network to register the new location of the virtual IP address:

/sbin/arping -q -U -c 3 -I eth0 100.200.140.206

Validate that the address is available by pinging it from another node, for example:

/bin/ping 100.200.140.206

Windows

To enable the virtual IP address, run the following command:

netsh interface ip add address interface IP_Address netmask

where IP_Address is the virtual IP address and the netmask is the associated netmask.

In the following example, the IP address is enabled on the interface Local Area Connection.

netsh interface ip add address "Local Area connection" 100.200.140.206 255.255.255.0

8.5.2 Enabling Virtual IP Addresses on OIMHOST1 and OIMHOST2

The Identity Management domain uses virtual host names as the listen addresses for the Oracle Identity Manager and SOA managed servers. You must enable two virtual IP addresses mapping each of these host names on each of the two Oracle Identity Manager machines. Specifically, enable OIMHOST1VHN and SOAHOST1VHN on OIMHOST1 and enable OIMHOST2VHN and SOAHOST2VHN on OIMHOST2. If you are using a split domain topology, also ensure that OIMHOST1VHN.mycompany.com is enabled on OIMHOST1. These virtual addresses must correctly resolve to the virtual host names in the network system used by the topology, either by DNS Server or by hosts resolution.

To enable the virtual IP addresses, follow the steps described in Section 8.5.1, "Enabling Virtual IP Addresses for Administration Servers." These virtual IP addresses and virtual host names are required to enable server migration for the Oracle Identity Manager and SOA servers. Server migration must be configured for the Oracle Identity Manager and SOA managed servers for high availability purposes.

See Also:

Chapter 17, "Configuring Server Migration for an Enterprise Deployment" for more details about configuring server migration for the Oracle Identity Manager and SOA Managed servers.

8.6 Running the Configuration Wizard to Create a Domain with Oracle Access Manager, Oracle SOA Suite, and Oracle Identity Manager

Run the Configuration Wizard from the Oracle common home directory to create a domain containing the Administration Server and managed servers. This domain supports Oracle Identity Manager and Oracle Access Manager. Later, you will extend the domain to contain other components.

If you are using a single domain topology, you run the Configuration Wizard once, on IDMHOST1, to create the IDMDomain.

If you are using a split domain topology, you must run the Configuration Wizard twice, to create two domains. You run it on IDMHOST1 when creating the IDMDomain and on OIMHOST1 when creating the OIMDomain.

Table 8-5 Domains to be Created

Topology	Name	Host	Listen Address
All	IDMDomain	IDMHOST1	ADMINVHN.mycompany.com
Split Domain	OIMDomain	OIMHOST1	OIMADMINVHN.mycompany.com

As you proceed through the following steps, follow the procedures specified for the topology and domain that you are creating:

• Single domain topology, IDMDomain

• Split domain topology, IDMDomain

• Split domain topology, OIMDomain

To create IDMDomain and, optionally, OIMDomain, proceed as follows:

1. Ensure that the database where you installed the repository is running. For Oracle RAC databases, all instances should be running, so that the validation check later in the procedure is more reliable.

2. Change directory to the location of the Configuration Wizard. This is within the Oracle Common Home directory (created in Chapter 6, "Installing the Software for an Enterprise Deployment").

   cd ORACLE_BASE/product/fmw/oracle_common/common/bin
   

3. Start the Oracle Fusion Middleware Configuration Wizard

   On Linux, type:

   ./config.sh
   

   On Windows, type:

   config.cmd
   

4. On the Welcome screen, select Create a New WebLogic Domain, and click Next.

5. On the Select Domain Source screen, do the following:

   • Select Generate a domain configured automatically to support the following products.

   • Select the following products for a single or split domain topology.

     For single domain creation, select:

     • Oracle Identity Manager 11.1.1.3.0 [iam]

     • Oracle SOA Suite - 11.1.1.0 [soa]

     • Oracle Enterprise Manager [oracle_common]

     • Oracle Access Manager with Database Policy Store - 11.1.1.3.0 [iam]

     • Oracle WSM Policy Manager - 11.1.1.0 [oracle_common]

     • Oracle JRF [oracle_common] (This should be selected automatically.)

     For a split domain topology, when creating IDMDomain, select the following products:

     • Oracle Enterprise Manager [oracle_common]

     • Oracle Access Manager with Database Policy Store - 11.1.1.3.0 [iam] IDMDomain only

     • Oracle JRF [oracle_common] (This should be selected automatically.)

     For a split domain topology, when creating OIMDomain, select the following products:

     • Oracle Identity Manager 11.1.1.3.0 [iam] OIMDomain only

     • Oracle Enterprise Manager - 11.1.1.0 [iam]

     • Oracle SOA Suite - 11.1.1.0 [soa] OIMDomain only. This should be selected automatically.

     • Oracle JRF [oracle_common] (This should be selected automatically.)

     • Oracle WSM Policy Manager - 11.1.1.0 [oracle_common]

   Click Next.

6. On the Specify Domain Name and Location screen, enter the domain name for the domain you are creating, either IDMDomain or OIMDomain.

   Ensure that the domain directory matches the directory and shared storage mount point recommended in Section 4.4.4, "Directory Structure."

   Enter

   ORACLE_BASE/admin/domain_name/aserver/ 
   

   for the domain directory and

   ORACLE_BASE/admin/domain_name/aserver/applications 
   

   for the application directory, where domain_name is either IDMDomain or OIMDomain. The application directory should be in shared storage.

7. Click Next.

8. On the Configure Administrator Username and Password screen, enter the username (default is weblogic) and password to be used for the domain's administrator. For example:

   • Name: weblogic

   • User Password: password for weblogic user

   • Confirm User Password: password for weblogic user

   • Description:This user is the default administrator.

   Click Next.

9. On the Configure Server Start Mode and JDK screen, do the following:

   • For WebLogic Domain Startup Mode, select Production Mode.

   • For JDK Selection, select JRockit SDK

   Click Next.

10. On the Configure JDBC Component Schemas screen, select all the data sources listed on the page. The list will vary depending on whether you're setting up a single or a split domain.

    • SOA Infrastructure

    • User Messaging Service

    • OIM MDS Schema

    • OWSM MDS Schema

    • SOA MDS Schema

    • OAM Infrastructure

    • OIM Schema

    Under RAC configuration for component schemas, select Convert to RAC multi data source.

    Click Next.

11. On the Configure RAC Multi Data Source Component Schema page, select each of the schemas for your components, one by one. (Do not select schemas listed for previously configured components.) After you select a schema, enter its information into the appropriate fields, based on the following table:

    Schema Name	Service Name	Host Names	Instance Names	Port	Schema Owner	Password
    SOA Infrastructure	oimedg.mycompany.com	IDMDBHOST1-vip.mycompany.com	oimedg1	1521	EDG_SOAINFRA	password
    		IDMDBHOST2-vip.mycompany.com	oimedg2	1521
    User Messaging Service	oimedg.mycompany.com	IDMDBHOST1-vip.mycompany.com	oimedg1	1521	EDG_ORASDPM	password
    		IDMDBHOST2-vip.mycompany.com	oimedg2	1521
    OIM MDS Schema	oimedg.mycompany.com	IDMDBHOST1-vip.mycompany.com	oimedg1	1521	EDG_MDS	password
    		IDMDBHOST2-vip.mycompany.com	oimedg2	1521
    OWSM MDS Schema	oidedg.mycompany.com	OIDDBHOST1-vip.mycompany.com	idmedg1	1521	EDG_MDS	password
    		OIDDBHOST2-vip.mycompany.com	idmedg2	1521
    SOA MDS Schema	oimedg.mycompany.com	IDMDBHOST1-vip.mycompany.com	oimedg1	1521	EDG_MDS	password
    		IDMDBHOST2-vip.mycompany.com	oimedg2	1521
    OIM Schema	oimedg.mycompany.com	IDMDBHOST1-vip.mycompany.com	oimedg1	1521	EDG_OIM	password
    		IDMDBHOST2-vip.mycompany.com	oimedg2	1521

    
    

    If you are using Oracle Database 11.2, replace the vip address and port with the 11.2 SCAN address and port.

    Click Next.

12. On the Test JDBC Component Schema screen, the Configuration Wizard attempts to validate the data sources. If the data source validation succeeds, click Next. If it fails, click Previous, correct the problem, and try again.

    Click Next.

13. On the Select Optional Configuration screen, select the following:

    • Administration Server

    • JMS Distributed Destination (required only on the domain that has OIM)

    • Managed Servers, Clusters and Machines

    • JMS File Store (required only on the domain that has OIM)

    Click Next.

14. On the Configure the Administration Server screen, enter the following values:

    • Name: AdminServer

    • Listen Address:

      ADMINVHN.mycompany.com (when creating IDMDomain).

      OIMADMINVHN.mycompany.com (when creating OIMDomain)

    • Listen Port: 7001

    • SSL listen port: N/A

    • SSL enabled: unchecked

    Click Next.

15. When creating IDMDomain for a single domain topology or OIMDomain for a split domain topology, the next screen is the JMS Distributed Destination screen. This screen does not appear when your are creating IDMDomain for a split domain topology.

    On the JMS Distributed Destination screen, ensure that all the JMS system resources listed on the screen are uniform distributed destinations. If they are not, select UDD from the drop down box. Ensure that the entries look like this:

    JMS System Resource	Uniform/Weighted Distributed Destination
    UMSJMSSystemResource	UDD
    BPMJMSModule	UDD
    SOAJMSModule	UDD
    OIMJMSModule	UDD

    
    

    Click Next.

    An Override Warning box with the following message is displayed:

    CFGFWK-40915: At least one JMS system resource has been selected for conversion to a Uniform Distributed Destination (UDD). This  conversion will take place only if the JMS System resource is assigned to a cluster
    

    Click OK on the Override Warning box.

16. The next screen is the Configure Managed Servers screen.

    If you are creating IDMDomain for a single domain topology, when you first enter the Configure Managed Servers screen, three managed servers called oam_server1, oim_server1 and soa_server1 are created automatically. Rename oam_server to WLS_OAM1, soa_server1 to WLS_SOA1, and oim_server1 to WLS_OIM1 and update their attributes as shown in the following table.

    Then, add three new managed servers called WLS_OAM2, WLS_OIM2 and WLS_SOA2 with the following attributes.

    Name	Listen Address	Listen Port	SSL Listen Port	SSL Enabled
    WLS_OAM1	IDMHOST1	14100	N/A	No
    WLS_OAM2	IDMHOST2	14100	N/A	No
    WLS_SOA1	SOAHOST1VHN	8001	N/A	No
    WLS_SOA2	SOAHOST2VHN	8001	N/A	No
    WLS_OIM1	OIMHOST1VHN	14000	N/A	No
    WLS_OIM2	OIMHOST2VHN	14000	N/A	No

    
    

    Leave all the other fields at the default settings.

    When you are creating a split domain topology, during creation of IDMDomain, one managed server, oam_server1, is created automatically. Change it to WLS_OAM1 and update its attributes as shown in the table. Also create WLS_OAM2 with the attributes shown in the table.

    During creation of OIMDomain, only two managed servers, oim_server1 and soa_server1 are created automatically. Change them to WLS_OIM1 and WLS_SOA1, respectively, and update their attributes as shown in the table. Also add WLS_OIM2 and WLS_SOA2, with the attributes shown in the table.

    Notes:

    • Do not change the configuration of the managed servers that were configured as a part of previous deployments.

    • Do not delete the default managed servers that are created. Rename them as described.

17. The next screen is the Configure Clusters screen.

    If you are creating IDMDomain for a single domain topology, on the Configure Clusters screen, create three clusters, by clicking Add. Supply the following information:

    Table 8-6 Clusters

    Topology	Domain	Name	Cluster Messaging Mode	Multicast Address	Multicast Port	Cluster Address
    Single Domain	IDMDomain	cluster_oam	unicast	n/a	n/a
    Single Domain	IDMDomain	cluster_oim	unicast	n/a	n/a
    Single Domain	IDMDomain	cluster_soa	unicast	n/a	n/a	SOAHOST2VHN:8001,SOAHOST2VHN:8001
    Split Domain	IDMDomain	cluster_oam	unicast	n/a	n/a
    Split Domain	OIMDomain	cluster_oim	unicast	n/a	n/a
    Split Domain	OIMDomain	cluster_soa	unicast	n/a	n/a	SOAHOST2VHN:8001,SOAHOST2VHN:8001

    
    

    OAM Cluster:

    • Name: cluster_oam

    • Cluster Messaging Mode: unicast

    OIM Cluster:

    • Name: cluster_oim

    • Cluster Messaging Mode: unicast

    SOA Cluster:·

    • Name: cluster_soa

    • Cluster Messaging Mode: unicast

    If you are creating IDMDomain for a split domain topology, on the Configure Clusters screen, create one cluster, by clicking Add. Supply the following information:

    OAM Cluster:

    • Name: cluster_oam

    • Cluster Messaging Mode: unicast

    If you are creating OIMDomain for a split domain topology, on the Configure Clusters screen, create two clusters, by clicking Add. Supply the following information:

    OIM Cluster:

    • Name: cluster_oim

    • Cluster Messaging Mode: unicast

    SOA Cluster:·

    • Name: cluster_soa

    • Cluster Messaging Mode: unicast

      Leave all other fields at the default settings and click Next.

    Note:

    Do not change the configuration of the clusters that were configured as a part of previous deployments.

18. On the Assign Servers to Clusters screen, associate the managed servers with the cluster. Click the cluster name in the right pane. Click the managed server under Servers, then click the arrow to assign it to the cluster.

    Assign servers to the cluster_oam as follows:

    • WLS_OAM1

    • WLS_OAM2

    Assign servers to the cluster_oim as follows:

    • WLS_OIM1

    • WLS_OIM2

    Assign servers to the cluster_soa as follows:

    • WLS_SOA1

    • WLS_SOA2

    Click Next.

    Note:

    Do not make any changes to clusters that already have entries defined.

19. On the Configure Machines screen, click the Unix Machine tab (Machines tab on Windows) and then click Add to add the following machine. The machine name does not need to be a valid host name or listen address, it is just a unique identifier of a node manager location.

    Then create a machine for each host in the topology

    1. Name: Name of the host. Best practice is to use the DNS name.

    2. Node Manager Listen Address: DNS name of the machine.

    3. Node Manager Port: Port for Node Manager

    Provide the information shown in the following table.

    If you are creating IDMDomain for a single domain topology, create all the hosts shown in the table.

    If you are creating IDMDomain for a split domain topology, create IDMHOST1, IDMHOST2, and ADMINHOST.

    If you are creating OIMDomain for a split domain topology, create OIMHOST1, OIMHOST2, and OIMADMINHOST.

    Name	Node Manager Listen Address	Node Manager Listen Port
    OIMHOST1	OIMHOST1	5556
    OIMHOST2	OIMHOST2	5556
    IDMHOST1	IDMHOST1	5556
    IDMHOST2	IDMHOST2	5556
    ADMINHOST	LOCALHOST	5556

    
    

    Leave the default values for all other fields.

    Delete the default local machine entry under the Machines tab.

    Click Next.

20. Click Next.

21. On the Assign Servers to Machines screen, assign servers to machines as follows:

    • ADMINHOST: AdminServer

    • OIMADMINHOST: AdminServer

    • OIMHOST1: WLS_OIM1, WLS_SOA1

    • OIMHOST2: WLS_OIM2, WLS_SOA2

    • IDMHOST1: WLS_OAM1

    • IDMHOST2: WLS_OAM2

    If you are creating IDMDomain for a single domain deployment, the following hosts appear.

    • ADMINHOST: AdminServer

    • OIMHOST1: WLS_OIM1, WLS_SOA1

    • OIMHOST2: WLS_OIM2, WLS_SOA2

    • IDMHOST1: WLS_OAM1

    • IDMHOST2: WLS_OAM2

    If you are creating IDMDomain for a split domain deployment, ADMINHOST, IDMHOST1 and IDMHOST2 appear.

    If you are creating OIMDomain for a split domain deployment, OIMADMINHOST, OIMHOST1, and OIMHOST2 appear.

    Click Next to continue.

22. If you are creating OIMDomain for a split domain deployment, the Configure JMS File Stores screen appears. On the Configure JMS File Stores screen, update the directory locations for the JMS file stores. Provide the following information.

    Name	Directory
    UMSJMSFileStore_auto_1	/u01/app/oracle/admin/domain_name/soa_cluster/jms/UMSJMSFileStore_auto_1
    UMSJMSFileStore_auto_2	/u01/app/oracle/admin/domain_name/soa_cluster/jms/UMSJMSFileStore_auto_2
    BPMJMSServer_auto_1	/u01/app/oracle/admin/domain_name/soa_cluster/jms/BPMJMSServer_auto_1
    BPMJMSServer_auto_2	/u01/app/oracle/admin/domain_name/soa_cluster/jms/BPMJMSServer_auto_2
    SOAJMSFileStore_auto_1	/u01/app/oracle/admin/domain_name/soa_cluster/jms/SOAJMSFileStore_auto_1
    SOAJMSFileStore_auto_2	/u01/app/oracle/admin/domain_name/soa_cluster/jms/SOAJMSFileStore_auto_2
    OIMJMSFileStore_auto_1	/u01/app/oracle/admin/domain_name/oim_cluster/jms/OIMJMSFileStore_auto_1
    OIMJMSFileStore_auto_2	/u01/app/oracle/admin/domain_name/oim_cluster/jms/OIMJMSFileStore_auto_2

    
    

    If you are creating IDMDomain for a split domain deployment, the Configure JMS File Stores screen does not appear.

    Click Next.

    Notes:

    • Use /u01/app/oracle/admin/IDMDomain/soa_cluster/jms/ as the directory location for the UMSJMSFileStore_auto_1, UMSJMSFileStore_auto_2, BPMJMSServer_auto_1, BPMJMSServer_auto_2, SOAJMSFileStore_auto_1, and SOAJMSFileStore_auto_2 JMS file stores

    • Use /u01/app/oracle/admin/IDMDomain/oim_cluster/jms/ as the directory location for the OIMJMSFileStore_auto_1 and OIMJMSFileStore_auto_2 JMS file stores

    • The locations /u01/app/oracle/admin/IDMDomain/soa_cluster/jms/ and /u01/app/oracle/admin/IDMDomain/oim_cluster/jms/ are on shared storage and must be accessible from OIMHOST1 and OIMHOST2

23. On the Configuration Summary screen, validate that your choices are correct, then click Create.

24. On the Create Domain screen, click Done.

8.7 Post-Configuration and Verification Tasks

After configuring the domain with the configuration Wizard, follow these instructions for post-configuration and verification.

This section includes the following topics:

• Section 8.7.1, "Creating boot.properties for the WebLogic Administration Server on IDMHOST1"

• Section 8.7.2, "Creating boot.properties for the WebLogic Administration Server on OIMHOST1"

• Section 8.7.3, "Starting Node Manager"

• Section 8.7.4, "Updating the Node Manager Credentials"

• Section 8.7.5, "Validating the WebLogic Administration Server"

• Section 8.7.6, "Removing IDM Domain Agent on IDMHOST1"

• Section 8.7.7, "Creating a Separate Domain Directory for Managed Servers in the Same Node as the Administration Server"

• Section 8.7.8, "Propogate Changes to Remote Servers"

• Section 8.7.10, "Start Node Manager on Remote Hosts"

• Section 8.7.11, "Disabling Host Name Verification for the Oracle WebLogic Administration Server"

• Section 8.7.12, "Stopping and Starting the WebLogic Administration Server"

8.7.1 Creating boot.properties for the WebLogic Administration Server on IDMHOST1

Create a boot.properties file for the Administration Server on IDMHOST1. If the file already exists, edit it. The boot.properties file enables the Administration Server to start without prompting you for the administrator username and password.

For the Administration Server:

1. Create the following directory structure.

   mkdir -p ORACLE_BASE/admin/IDMDomain/aserver/IDMDomain/servers/AdminServer/security
   

2. In a text editor, create a file called boot.properties in the last directory created in the previous step, and enter the username and password in the file. For example:

   username=weblogic
   password=password for weblogic user
   

3. Save the file and close the editor.

Note:

The username and password entries in the file are not encrypted until you start the Administration Server, as described in Section 8.7.4, "Updating the Node Manager Credentials." For security reasons, minimize the time the entries in the file are left unencrypted. After you edit the file, start the server as soon as possible so that the entries are encrypted.

8.7.2 Creating boot.properties for the WebLogic Administration Server on OIMHOST1

If you are using a split domain topology, create a boot.properties file for the Administration Server on OIMHOST1. If the file already exists, edit it. The boot.properties file enables the Administration Server to start without prompting you for the administrator username and password.

For the Administration Server:

1. Create the following directory structure.

   mkdir -p ORACLE_BASE/admin/OIMDomain/aserver/OIMDomain/servers/AdminServer/security
   

2. In a text editor, create a file called boot.properties in the last directory created in the previous step, and enter the username and password in the file. For example:

   username=weblogic
   password=password for weblogic user
   

3. Save the file and close the editor.

Note:

The username and password entries in the file are not encrypted until you start the Administration Server, as described in Section 8.7.4, "Updating the Node Manager Credentials." For security reasons, minimize the time the entries in the file are left unencrypted. After you edit the file, start the server as soon as possible so that the entries are encrypted.

8.7.3 Starting Node Manager

Perform these steps to start Node Manager on the administration host:

1. Run the startNodeManager.sh script located under the ORACLE_BASE/product/fmw/wlserver_10.3/server/bin/ directory.

2. Run the setNMProps.sh script to set the StartScriptEnabled property to true:

   cd MW_HOME/oracle_common/common/bin
   ./setNMProps.sh
   

   Note:

   You must use the StartScriptEnabled property to avoid class loading failures and other problems.

3. Stop the Node Manager by killing the Node Manager process, or stop the service in Windows.

4. Start Node Manager for the Administration Server as described in Section 20.1, "Starting and Stopping Oracle Identity Management Components."

8.7.4 Updating the Node Manager Credentials

You start the Administration server by using WLST and connecting to Node Manager. The first start of the Administration Server with Node Manager, however, requires that you change the default username and password that the Configuration Wizard sets for Node Manager. Therefore you must use the start script for the Administration Server for the first start. Follow these steps to start the Administration Server using Node Manager. Steps 1-4 are required for the first start operation, but subsequent starts require only Step 4.

1. Start the Administration Server using the start script in the domain directory.

   cd ORACLE_BASE/admin/domain_name/aserver/domain_name/bin
   ./startWebLogic.sh
   

2. Use the Administration Console to update the Node Manager credentials on IDMDomain.

   1. In a browser, go to the listen address for the domain, as listed in Table 8-5. For example:

      http://ADMINVHN.mycompany.com:7001/console.

   2. Log in as the administrator.

   3. Click Lock and Edit.

   4. Click domain_name.

   5. Select Security tab then General tab.

   6. Expand Advanced Options.

   7. Enter a new username for Node Manager or make a note of the existing one and update the Node Manager password.

   8. Click Save.

   9. Click Activate Changes.

   Update the Node Manager credentials on the domain. Go to the listen address for the domain, as listed in Table 8-5, and perform the same steps.

3. Stop the WebLogic Administration Server by issuing the command stopWebLogic.sh located under the ORACLE_BASE/admin/domain_name/aserver/domain_name/bin directory.

4. Start WLST and connect to the Node Manager with nmconnect and the credentials you just updated. Then start the WebLogic Administration Server using nmstart.

   cd ORACLE_COMMON_HOME/common/bin
   ./wlst.sh
   

   On Windows, the command is:

   wlst.cmd
   

   Once in the WLST shell, execute the following commands:

   nmConnect('weblogic','password', 'OAMHOST1','5556',
     'IDMDomain','/u01/app/oracle/admin/IDMDomain/aserver/IDMDomain')
   nmStart('AdminServer')
   

   where domain_name is the name of the domain, Admin_user and Admin_Password are the Node Manager username and password you entered in Step 2. For example:

   nmConnect('weblogic','password', 'OAMHOST1','5556',
     'OAMDomain','/u01/app/oracle/admin/OAMDomain/aserver/OAMDomain')
   nmStart('AdminServer')
   

   If you are using a split domain topology, also execute the following commands:

8.7.5 Validating the WebLogic Administration Server

Perform these steps to ensure that the Administration Server is properly configured:

1. In a browser, go to the Oracle WebLogic Server Administration Console at the URL listed in Table 8-2, for example:

   http://ADMINVHN.mycompany.com:7001/console

2. Log in as the WebLogic administrator, for example: weblogic.

3. Check that you can access Oracle Enterprise Manager Fusion Middleware Control at http://ADMINVHN.mycompany.com:7001/em.

4. Log in to Oracle Enterprise Manager Fusion Middleware Control as the WebLogic administrator, for example: weblogic.

If you are using a split domain topology, perform these steps as well:

1. In a browser, go to http://OIMADMINVHN.mycompany.com:7001/console.

2. Log in as the WebLogic administrator, for example: weblogic.

3. Check that you can access Oracle Enterprise Manager Fusion Middleware Control at http://OIMADMINVHN.mycompany.com:7001/em.

4. Log in to Oracle Enterprise Manager Fusion Middleware Control as the WebLogic administrator, for example: weblogic.

8.7.6 Removing IDM Domain Agent on IDMHOST1

By default, the IDMDomain Agent provides single sign-on capability for administration consoles. In enterprise deployments, WebGate handles single sign-on, so you must remove the IDMDomain agent. Remove the IDMDomain Agent as follows:

Log in to the WebLogic console at the URL listed in Table 8-2.

Then:

1. Select Security Realms from the Domain Structure Menu

2. Click myrealm.

3. Click the Providers tab.

4. Click Lock and Edit from the Change Center.

5. In the list of authentication providers, select IAMSuiteAgent.

6. Click Delete.

7. Click Yes to confirm the deletion.

8. Click Activate Changes from the Change Center.

9. Restart WebLogic Administration Server, as described in Section 20.1, "Starting and Stopping Oracle Identity Management Components."

8.7.7 Creating a Separate Domain Directory for Managed Servers in the Same Node as the Administration Server

Use the pack and unpack commands to separate the domain directory used by the Administration Server from the domain directory used by the managed server in IDMHOST1, as recommended in Chapter 4, "Preparing the File System for an Enterprise Deployment." If you are using a split domain topology, also use the pack and unpack commands on OIMHOST.

Before running the unpack script, be sure the following directory exists as explained in Chapter 4, "About Recommended Locations for the Different Directories."

ORACLE_BASE/admin/domain_name/mserver

To create a separate domain directory on IDMHOST1:

1. Run the pack command to create a template pack as follows:

   cd ORACLE_COMMON_HOME/common/bin
    
   ./pack.sh -managed=true -domain=ORACLE_BASE/admin/domain_name/aserver/domain_name -template=domaintemplate.jar -template_name=domain_template
   

2. Run the unpack command to unpack the template in the managed server domain directory as follows:

   cd ORACLE_COMMON_HOME/common/bin
   
   ./unpack.sh -domain=ORACLE_BASE/admin/domain_name/mserver/domain_name 
   -template=domaintemplate.jar -app_dir=ORACLE_BASE/admin/domain_name/mserver/applications
   

If you are using a split domain topology, also perform Steps 1 and 2 on OIMHOST1.

Note:

You must have write permissions on the following directory before running the unpack command:

/ORACLE_BASE/admin/domain_name

For example:

ORACLE_BASE/admin/IDMDomain/

Note:

The configuration steps provided in this enterprise deployment topology are documented with the assumption that a local (per node) domain directory is used for each managed server.

8.7.8 Propogate Changes to Remote Servers

Before you can start managed servers on remote hosts, you must first perform an unpack on those servers. Proceed as follows.

Single Domain

Using the file domaintemplate.jar created in Section 8.7.7, "Creating a Separate Domain Directory for Managed Servers in the Same Node as the Administration Server," perform an unpack on the hosts: IDMHOST2, OIMHOST1 and OIMHOST2 by using the following commands:

cd ORACLE_COMMON_HOME/common/bin
./unpack.sh -domain=ORACLE_BASE/admin/domain_name/mserver/domain_name-template=domaintemplate.jar -app_dir=ORACLE_BASE/admin/domain_name/mserver/applications

Split Domain

Using the file domaintemplate.jar created for the domain IDMDomain in Section 8.7.7, "Creating a Separate Domain Directory for Managed Servers in the Same Node as the Administration Server," perform an unpack on the host IDMHOST2 by using the following commands:

cd ORACLE_COMMON_HOME/common/bin
./unpack.sh -domain=ORACLE_BASE/admin/domain_name/mserver/domain_name-template=domaintemplate.jar -app_dir=ORACLE_BASE/admin/domain_name/mserver/applications

Using the file domaintemplate.jar created for the domain OIMDomain in Section 8.7.7, "Creating a Separate Domain Directory for Managed Servers in the Same Node as the Administration Server," perform an unpack on the host OIMHOST2 by using the following commands:

cd ORACLE_COMMON_HOME/common/bin
./unpack.sh -domain=ORACLE_BASE/admin/domain_name/mserver/domain_name-template=domaintemplate.jar -app_dir=ORACLE_BASE/admin/domain_name/mserver/applications

8.7.9 Copy SOA Composites to Managed Server Directory

When SOA first starts, it automatically deploys a number of applications that are located in the DOMAIN_HOME/soa directory. Performing pack and unpack does not populate this directory, so you must create it manually.

Single Domain

Copy the soa directory from ASERVER_HOME/OAMDomain/soa to MSERVER_HOME/OAMDomain on OIMHOST1.

For example:

scp -rp /u01/app/oracle/admin/OAMDomain/aserver/OAMDomain/soa user@OIMHOST1:/u01/app/oracle/admin/OAMDomain/mserver/OAMDomain/soa

Split Domain

Copy the soa directory from ASERVER_HOME/OAMDomain/soa to MSERVER_HOME/OAMDomain

For example:

cp -rp /u01/app/oracle/admin/OAMDomain/aserver/OAMDomain/soa /u01/app/oracle/admin/OAMDomain/mserver/OAMDomain/soa

8.7.10 Start Node Manager on Remote Hosts

Perform this step on the following hosts:

Single Domain: IDMHOST2, OIMHOST1, OIMHOST2

Split Domain: IDMHOST2, OIMHOST2

If the Node Manager is not already started, perform the following steps to start it:

Start the Node Manager to create the nodemanager.properties file by using the startNodemanager.sh script located under the MW_HOME/wlserver_10.3/server/bin directory.

Before you can start the Managed Servers by using the console, node manager requires that you set the property StartScriptEnabled to true. You set it by running the setNMProps.sh script located under the MW_HOME/oracle_common/common/bin directory, as follows.

cd MW_HOME/oracle_common/common/bin
./setNMProps.sh

Stop and Start the Node Manager as described in Section 20.1, "Starting and Stopping Oracle Identity Management Components" so that the properties take effect.

8.7.11 Disabling Host Name Verification for the Oracle WebLogic Administration Server

This step is required if you have not set up the appropriate certificates to authenticate the different nodes with the Administration Server. (See Chapter 16, "Setting Up Node Manager for an Enterprise Deployment.") If you have not configured the server certificates, you will receive errors when managing the different WebLogic Servers. To avoid these errors, disable host name verification while setting up and validating the topology, and enable it again once the EDG topology configuration is complete as described in Chapter 16, "Setting Up Node Manager for an Enterprise Deployment."

Perform these steps to disable host name verification:

1. Go to the Oracle WebLogic Server Administration Console at the URL listed in Table 8-2.

2. Log in as the user weblogic, using the password you specified during the installation.

3. Click Lock and Edit.

4. Expand the Environment node in the Domain Structure window.

5. Click Servers. The Summary of Servers page appears.

6. Select AdminServer(admin) in the Name column of the table. The Settings page for AdminServer(admin) appears.

7. Click the SSL tab.

8. Click Advanced.

9. Set Hostname Verification to None.

10. Click Save.

11. Click Activate Changes.

8.7.12 Stopping and Starting the WebLogic Administration Server

1. Stop the Administration Server as described in Section 20.1, "Starting and Stopping Oracle Identity Management Components"

2. Start WLST and connect to the Node Manager with nmconnect and the credentials set previously described. Then start the Administration Server using nmstart.

   cd ORACLE_COMMON_HOME/common/bin
   ./wlst.sh
   

   Once in the WLST shell, execute the following commands:

   IDMDomain

   nmConnect('Admin_User','Admin_Pasword', 'IDMHOST1','5556',  'IDMDomain','/u01/app/oracle/admin/IDMDomain/aserver/IDMDomain')
   nmStart('AdminServer')
   

   OIMDomain

   nmConnect('Admin_User','Admin_Pasword', 'OIMHOST1','5556',  'OIMDomain','/u01/app/oracle/admin/OIMDomain/aserver/OIMDomain')
   nmStart('AdminServer')
   

   where Admin_user and Admin_Password are the Node Manager username and password you entered in Step 2 of Section 8.7.4, "Updating the Node Manager Credentials."

Note:

Admin_user and Admin_Password are only used to authenticate connections between Node Manager and clients. They are independent from the server administration ID and password and are stored in the ORACLE_BASE/admin/domain_name/aserver/domain_name/config/nodemanager/nm_password.properties file.

8.8 Configuring Oracle HTTP Server for the WebLogic Domain

This section describes tasks for configuring Oracle HTTP Server for the WebLogic Domain, and for verifying the configuration.

This section includes the following topics:

• Section 8.8.1, "Configuring Oracle HTTP Server for the WebLogic Administration Server"

• Section 8.8.2, "Configuring Oracle HTTP Server for the Oracle Identity Manager Domain"

• Section 8.8.3, "Restart Oracle HTTP Server"

• Section 8.8.4, "Registering Oracle HTTP Server with WebLogic Server"

• Section 8.8.5, "Setting the Front End URL for the Administration Console"

• Section 8.8.6, "Enabling WebLogic Plug-in"

• Section 8.8.7, "Validating Access to Domains"

• Section 8.8.8, "Manually Failing Over the WebLogic Administration Server"

8.8.1 Configuring Oracle HTTP Server for the WebLogic Administration Server

To enable Oracle HTTP Server to route to the Administration Server, you must set the the corresponding mount points in your HTTP Server configuration.

On each of the web servers on WEBHOST1 and WEBHOST2 create a file called admin_vh.conf in the directory:

ORACLE_INSTANCE/config/OHS/component/moduleconf 

This file has the following entries:

NameVirtualHost *:7777
 
<VirtualHost *:7777>
 
   ServerName admin.mycompany.com:80
   RewriteEngine On
   RewriteOptions inherit
   RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R]
   ServerAdmin you@your.address
 
   # Admin Server and EM
   <Location /console>
      SetHandler weblogic-handler
      WebLogicHost ADMINVHN.mycompany.com
      WeblogicPort 7001
   </Location>
 
   <Location /consolehelp>
      SetHandler weblogic-handler
      WebLogicHost ADMINVHN.mycompany.com
      WeblogicPort 7001
   </Location>
 
   <Location /em>
      SetHandler weblogic-handler
      WebLogicHost ADMINVHN.mycompany.com
      WeblogicPort 7001
   </Location>
 
</VirtualHost>

Notes:

• Values such as admin.mycompany:80 and you@youraddress that are noted in this document serve as examples only. Enter values based on the actual environment.

• If you are not using a virtual host for your Administration Server host (single instance), replace ADMINVHN.mycompany.com with IDMHOST1.mycompany.com.

8.8.2 Configuring Oracle HTTP Server for the Oracle Identity Manager Domain

If you are placing your Oracle Identity Manager components into a separate domain, you must add a separate virtual host configuration into your Oracle HTTP Server configuration as follows:

On each of the web servers on WEBHOST1 and WEBHOST2 create a file called oimadmin_vh.conf in the directory:

ORACLE_INSTANCE/config/OHS/component/moduleconf 

This file has the following entries:

<VirtualHost *:7777>
 
   ServerName oimadmin.mycompany.com:80
   RewriteEngine On
   RewriteOptions inherit
   RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R] 
   ServerAdmin you@your.address
 
   # Admin Server and EM
   <Location /console>
      SetHandler weblogic-handler
      WebLogicHost OIMADMINVHN.mycompany.com
      WeblogicPort 7001
   </Location>
 
   <Location /consolehelp>
      SetHandler weblogic-handler
      WebLogicHost OIMADMINVHN.mycompany.com
      WeblogicPort 7001
   </Location>
 
   <Location /em>
      SetHandler weblogic-handler
      WebLogicHost OIMADMINVHN.mycompany.com
      WeblogicPort 7001
   </Location>
 
</VirtualHost>

Note:

Values such as oimadmin.mycompany:80 and you@youraddress that are noted in this document serve as examples only. Enter values based on the actual environment.

8.8.3 Restart Oracle HTTP Server

Restart OHS on WEBHOST1 as follows:

ORACLE_BASE/admin/instance_name/bin/opmnctl restartproc ias-component=ohs1
 

Restart OHS on WEBHOST2:

ORACLE_BASE/admin/instance_name/bin/opmnctl restartproc ias-component=ohs2

8.8.4 Registering Oracle HTTP Server with WebLogic Server

For Oracle Enterprise Manager Fusion Middleware Control to be able to manage and monitor the Oracle HTTP server, you must register the Oracle HTTP server with IDMDomain. Even when using a split domain topology, register the Oracle HTTP Server with IDMDomain only. To do this, you must register Oracle HTTP Server with WebLogic Server using the following command:

cd ORACLE_BASE/admin/instance_name/bin
./opmnctl registerinstance -adminHost ADMINVHN.mycompany.com \
   -adminPort 7001 -adminUsername weblogic

You must also run this command from WEBHOST2 for ohs2.

8.8.5 Setting the Front End URL for the Administration Console

Oracle WebLogic Server Administration Console tracks changes that are made to ports, channels and security using the console. When changes made through the console are activated, the console validates its current listen address, port and protocol. If the listen address, port and protocol are still valid, the console redirects the HTTP request, replacing the host and port information with the Administration Server's listen address and port. When the Administration Console is accessed using a load balancer, you must change the Administration Server's front end URL so that the user's browser is redirected to the appropriate load balancer address. To make this change, perform the following steps:

1. Log in to Oracle WebLogic Server Administration Console at the URL listed in Table 8-2, for example:

   http://ADMINVHN.mycompany.com:7001/console

2. Click Lock and Edit.

3. Expand the Environment node in the Domain Structure window.

4. Click Servers to open the Summary of Servers page.

5. Select Admin Server in the Names column of the table. The Settings page for AdminServer(admin) appears.

6. Click the Protocols tab.

7. Click the HTTP tab.

8. Set the Front End Host field to your load balancer address, IDMDomain.mycompany.com for single domain or OIMDomain.mycompany.com for OIMDomain in a split domain topology.

9. Set FrontEnd HTTP Port to 80

10. Save and activate the changes.

To eliminate redirections, best practice is to disable the Administration console's Follow changes feature. To do this, log in to the administration console and click Preferences->Shared Preferences. Deselect Follow Configuration Changes and click Save.

If you have Oracle Identity Manager in a separate domain, perform the same steps, but set the Front End Host field to oimadmin.mycompany.com.

8.8.6 Enabling WebLogic Plug-in

In Enterprise deployments, Oracle WebLogic Server is fronted by Oracle HTTP servers. The HTTP servers are, in turn, fronted by a load balancer, which performs SSL translation. In order for internal loopback URLs to be generated with the https prefix, Oracle WebLogic Server must be informed that it receives requests through the Oracle HTTP Server WebLogic plug-in.

The plug-in can be set at either the domain, cluster, or Managed Server level. Because all requests to Oracle WebLogic Server are through the Oracle OHS plug-in, set it at the domain level.

To do this perform the following steps:

1. Log in to the Oracle WebLogic Server Administration Console at the URL listed in Table 8-2.

2. Click Lock and Edit.

3. Click IDMDomain in the Domain Structure Menu.

4. Click the Configuration tab.

5. Click the Web Applications sub tab.

6. Select WebLogic Plugin Enabled.

7. Click Save and Activate the Changes.

8. Restart WebLogic Administration Server, as described in Section 20.1, "Starting and Stopping Oracle Identity Management Components."

If you are using a split domain topology, also log in to the Oracle WebLogic Server Administration Console at http://OIMADMINVHN.mycompany.com:7001/console and perform the same steps. In Step 3, click OIMDOMAIN in the Domain Structure Menu.

8.8.7 Validating Access to Domains

Verify that the server status is reported as Running in the Administration Console. If the server is shown as Starting or Resuming, wait for the server status to change to Started. If another status is reported (such as Admin or Failed), check the server output log files for errors. See Section 20.9, "Troubleshooting" for possible causes.

Validate Administration Console and Oracle Enterprise Manager Fusion Middleware Control through Oracle HTTP Server using each of the console and em URLs in Table 8-3, "URLs Available After Web Tier Integration".

For information on configuring system access through the load balancer, see Section 3.3, "Configuring the Load Balancers."

Note:

After registering the Oracle HTTP Server as described in Section 8.8.4, "Registering Oracle HTTP Server with WebLogic Server," the Oracle HTTP Server should appear as a manageable target in Oracle Enterprise Manager Fusion Middleware Control. To verify this, log in to Fusion Middleware Control. The WebTier item in the navigation tree should show that Oracle HTTP Server has been registered.

8.8.8 Manually Failing Over the WebLogic Administration Server

This section discusses how to fail over the Administration Server to IDMHOST2 and how to fail it back to IDMHOST1.

If you are using a split domain topology, follow the same procedures to fail over the Administration Server to OIMHOST2 and how to fail it back to OIMHOST1.

This section contains the following topics:

• Section 8.8.8.1, "Failing over the Administration Server to IDMHOST2"

• Section 8.8.8.2, "Starting the Administration Server on IDMHOST2"

• Section 8.8.8.3, "Validating Access to IDMHOST2 Through Oracle HTTP Server"

• Section 8.8.8.4, "Failing the Administration Server Back to IDMHOST1"

8.8.8.1 Failing over the Administration Server to IDMHOST2

If a node fails, you can fail over the Administration Server to another node. This section describes how to fail over the Administration Server from IDMHOST1 to IDMHOST2.

If you are using a split domain topology, follow the same procedures to fail over the Administration Server from OIMHOST1 to OIMHOST2.

Assumptions:

• The Administration Server is configured to listen on ADMINVHN.mycompany.com, and not on ANY address. See step 10 in Section 8.6, "Running the Configuration Wizard to Create a Domain with Oracle Access Manager, Oracle SOA Suite, and Oracle Identity Manager."

• The Administration Server is failed over from IDMHOST1 to IDMHOST2, and the two nodes have these IP addresses:

  • IDMHOST1: 100.200.140.165

  • IDMHOST2: 100.200.140.205

  • ADMINVIP: 100.200.140.206

    This is the Virtual IP address where the Administration Server is running, assigned to interface:index (for example, eth1:2), available in IDMHOST1 and IDMHOST2.

• The domain directory where the Administration Server is running in IDMHOST1 is on a shared storage and is mounted also from IDMHOST2.

  Note:

  NM in IDMHOST2 does not control the domain at this point, since unpack/nmEnroll has not been run yet on IDMHOST2. But for the purpose of AdminServer failover and control of the AdminServer itself, Node Manager is fully functional

• Oracle WebLogic Server and Oracle Fusion Middleware Components have been installed inIDMHOST2 as described in previous chapters. That is, the same path for IDM_ORACLE_HOME and MW_HOME that exists in IDMHOST1 is available in IDMHOST2.

The following procedure shows how to fail over the Administration Server to a different node, IDMHOST2.

Linux

1. Stop the Administration Server as described in Section 20.1, "Starting and Stopping Oracle Identity Management Components."

2. Migrate the IP address to the second node.

   1. Run the following command as root on IDMHOST1 (where x:y is the current interface used by ADMINVHN.mycompany.com):

      /sbin/ifconfig x:y down
      

      For example:

      /sbin/ifconfig eth0:1 down
      

   2. Run the following command on IDMHOST2:

      /sbin/ifconfig interface:index IP_Address netmask netmask
      

      For example:

      /sbin/ifconfig eth0:1 10.0.0.1 netmask 255.255.255.0
      

   Note:

   Ensure that the netmask and interface to be used match the available network configuration in IDMHOST2.

3. Update routing tables by using arping, for example:

   /sbin/arping -b -A -c 3 -I eth0 10.0.0.1
   

Windows

1. Stop the Administration Server as described in Section 20.1, "Starting and Stopping Oracle Identity Management Components."

2. Migrate the IP address to the second node.

   1. Run the following command as root on IDMHOST1

      netsh interface ip delete address interface netmask
      

      In the following example, the IP address is disabled on the interface Local Area Connection:

      netsh interface ip delete address "Local Area connection" 100.200.140.206
      

   2. Run the following command on IDMHOST2:

      netsh interface ip add address interface IP_Address netmask
      

      In the following example, the IP address is enabled on the interface Local Area Connection:

      netsh interface ip add address "Local Area connection" 100.200.140.206 255.255.255.0
      

8.8.8.2 Starting the Administration Server on IDMHOST2

Perform the following steps to start Node Manager on IDMHOST2.

If you are using a split domain topology, follow the same procedures to start the Node Manager on OIMHOST2.

1. On IDMHOST1, unmount the Administration Server domain directory. For example:

   umount /u01/app/oracle/admin/IDMDomain/aserver/
   

2. On IDMHOST2, mount the Administration Server domain directory. For example:

   mount /u01/app/oracle/admin/IDMDomain/aserver/
   

3. Start Node Manager by using the following commands:

   cd ORACLE_BASE/product/fmw/wlserver_10.3/server/bin
   ./startNodeManager.sh
   

4. Stop the Node Manager by killing the Node Manager process, or stop the service in Windows.

   Note:

   Starting and stopping Node Manager at this point is only necessary the first time you run Node Manager. Starting and stopping it creates a property file from a predefined template. The next step adds properties to that property file.

5. Run the setNMProps.sh script to set the StartScriptEnabled property to true before starting Node Manager:

   cd MW_HOME/oracle_common/common/bin
   ./setNMProps.sh
   

   Note:

   You must use the StartScriptEnabled property to avoid class loading failures and other problems.

6. Start the Node Manager as described in Section 20.1.5.3, "Starting Node Manager for an Administration Server."

7. Start the Administration Server on IDMHOST2.

   cd ORACLE_COMMON_HOME/common/bin
   ./wlst.sh
   

   Once in the WLST shell, execute the following commands:

   nmConnect('Admin_User','Admin_Password', 'IDMHOST2','5556', 'IDMDomain','/u01/app/oracle/admin/IDMDomain/aserver/IDMDomain')
   nmStart('AdminServer')
   

8. Test that you can access the Administration Server on IDMHOST2 as follows:

   1. Ensure that you can access the Oracle WebLogic Server Administration Console at:

      http://ADMINVHN.mycompany.com:7001/console.

   2. Check that you can access and verify the status of components in the Oracle Enterprise Manager at: http://ADMINVHN.mycompany.com:7001/em.

8.8.8.3 Validating Access to IDMHOST2 Through Oracle HTTP Server

Perform the same steps as in Section 8.8.7, "Validating Access to Domains." This is to check that you can access the Administration Server when it is running on IDMHOST2 .

If you are using a split domain topology, perform the same steps to check that you can Access the Administration Server when it is running on OIMHOST2.

8.8.8.4 Failing the Administration Server Back to IDMHOST1

This step checks that you can fail back the Administration Server, that is, stop it on IDMHOST2 and run it on IDMHOST1. To do this, migrate ADMINVHN back to IDMHOST1 node as described in the following steps.

If you are using a split domain topology, follow the same procedures to migrate OIMADMINVHN back to OIMHOST1.

1. Ensure that the Administration Server is not running. If it is, stop it from the WebLogic console, or by running the command stopWeblogic.sh from ASERVER_HOME/bin.

2. On IDMHOST2, unmount the Administration server domain directory. For example:

   umount /u01/app/oracle/admin/IDMDomain/aserver/
   

3. On IDMHOST1, mount the Administration server domain directory. For example:

   mount /u01/app/oracle/admin/IDMDomain/aserver/
   

4. Disable the ADMINVHN.mycompany.com virtual IP address on IDMHOST2 and run the following command as root on IDMHOST2:

   /sbin/ifconfig x:y down
   

   where x:y is the current interface used by ADMINVHN.mycompany.com.

5. Run the following command on IDMHOST1:

   /sbin/ifconfig interface:index 100.200.140.206 netmask 255.255.255.0
   

   Note:

   Ensure that the netmask and interface to be used match the available network configuration in IDMHOST1

6. Update routing tables by using arping. Run the following command from IDMHOST1.

   /sbin/arping -b -A -c 3 -I interface 100.200.140.206
   

7. If Node Manager is not already started on IDMHOST1, start it, as described in Section 20.1, "Starting and Stopping Oracle Identity Management Components."

8. Start the Administration Server again on IDMHOST1.

   cd ORACLE_COMMON_HOME/common/bin
   ./wlst.sh
   

   Once in the WLST shell, execute

   nmConnect(Admin_User,'Admin_Pasword, IDMHOST1,'5556',
        'IDMDomain','/u01/app/oracle/admin/IDMDomain/aserver/IDMDomain'
   nmStart('AdminServer')
   

9. Test that you can access the Oracle WebLogic Server Administration Console at:

   http://ADMINVHN.mycompany.com:7001/console

10. Check that you can access and verify the status of components in the Oracle Enterprise Manager at:

    http://ADMINVHN.mycompany.com:7001/em

8.9 Backing Up the WebLogic Domain

It is an Oracle best practices recommendation to create a backup after successfully completing the installation and configuration of each tier, or at another logical point. Create a backup after verifying that the installation so far is successful. This is a quick backup for the express purpose of immediate restoration in case of problems in later steps. The backup destination is the local disk. You can discard this backup when the enterprise deployment setup is complete. After the enterprise deployment setup is complete, you can initiate the regular deployment-specific Backup and Recovery process. For more details, see the Oracle Fusion Middleware Administrator's Guide.

For information about database backups, refer to the Oracle Database Backup and Recovery User's Guide.

To back up the installation at this point, complete these steps:

1. Back up the web tier as described in Section 7.7, "Backing up the Web Tier Configuration."

2. Back up the database. This is a full database backup, either hot or cold. The recommended tool is Oracle Recovery Manager.

3. Stop Node Manager and all the processes running in the domain, as described in Section 20.1, "Starting and Stopping Oracle Identity Management Components."

4. Back up the Administration Server domain directory. This saves your domain configuration. The configuration files all exist under the ORACLE_BASE/admin/domainName/aserver directory. On Linux, type:

   tar -cvf edgdomainback.tar ORACLE_BASE/admin/domainName/aserver
   

For information about backing up the application tier configuration, see Section 20.6, "Performing Backups and Recoveries."