This chapter includes the following sections:
An enterprise deployment guide is an Oracle best practices blueprint based on proven Oracle high-availability and security technologies and recommendations for Oracle Fusion Middleware. The best practices described in this blueprint span Oracle products across the entire technology stack: Oracle Database, Oracle Fusion Middleware, Oracle Applications, and Oracle Enterprise Manager Fusion Middleware Control.
An Oracle Fusion Middleware enterprise deployment provides the following benefits:
Considers various business service level agreements (SLAs) to make high-availability best practices as widely applicable as possible
Uses results from extensive performance impact studies for different configurations to ensure that the high-availability architecture is optimally configured to perform and scale to business needs
Enables control over the length of time to recover from an outage and the amount of acceptable data loss from a natural disaster
Uses Oracle best practices and recommended architecture, which are independent of hardware and operating systems
For more information about high availability practices, see the Oracle Maximum Availability Architecture Best Practices page on the Oracle Technology Network at
This document is based on the assumption that you are using the native 11g user interface.
This document focuses on enterprise deployments in Linux environments, but enterprise deployments can also be implemented in UNIX and Windows environments.
The Oracle WebCenter Content suite (formerly known as Oracle Enterprise Content Management Suite, or Oracle ECM) provides unified content management that ensures seamless access to the right information in the appropriate business context by helping organizations implement a strategic content infrastructure for managing documents, images, and rich media files while delivering contextual integration with enterprise applications through the Oracle Application Extension Framework (AXF).
Oracle WebCenter Content provides the following key benefits:
Reduce costs: lower printing, shipping, storage, and maintenance costs
Gain efficiencies: with a single source of truth, streamlined business processes, and more complete and faster access to information
Reduce risk: improve consistency and auditability, comply with business policies and regulations, ensure content security, and better manage your brand
Create value: improve business agility and optimize revenue by improving cross-selling and up-selling; enabling your channels; and improving customer retention
The reference enterprise deployment topology in this guide includes the following Oracle WebCenter Content feature sets:
WebCenter Content (formerly known as Oracle Universal Content Management, or Oracle UCM), which includes Oracle WebCenter Content Server, provides organizations with a unified repository to house unstructured content and deliver it to business users in the proper format and within the context of familiar applications to fit the way they work.
Imaging (formerly known as Oracle Imaging and Process Management, or Oracle I/PM) is the most complete, integrated, and cost-effective imaging platform for end-to-end management of document images within enterprise business processes. It leverages Oracle WebCenter Forms Recognition for intelligent data capture, AXF for orchestration of LOB and process collaboration, and Oracle WebCenter Capture for image capture. It also provides annotation and markup of images, automated routing and approvals, and a scalable repository that supports enterprise-wide applications. With Imaging, organizations can quickly automate business processes in Oracle and third-party enterprise applications.
Inbound Refinery is a conversion server that manages file conversions for electronic assets such as documents, digital images, and motion video. In addition to conversion, Inbound Refinery provides thumbnail functionality for documents and images, storyboarding for video, and the ability to extract and use EXIF data from digital images and XMP data from electronic files generated from programs such as Adobe Photoshop and Adobe Illustrator. Organizations can use Inbound Refinery to convert content items stored in Oracle WebCenter Content Server.
Capture provides scalable document capture for centralized or distributed enterprises. It is fully integrated with Oracle WebCenter Content: Imaging and Oracle WebCenter Content to provide organizations with one system to capture, store, manage, and retrieve their mission critical business content.
Oracle WebCenter Capture provides scanning and optional indexing at remote locations using the Internet or a corporate intranet. When you scan images with Capture, it copies them to your local machine. You can view the images there until you release a batch of them. Then they go to the server. You scan your batches, and then you can organize your documents the way you need to. The documents can be imported into Capture. You can import documents from a scanner, add items from other sources, and then add an index.
The following terminology is used in this enterprise deployment guide:
cluster agent: The software that runs on a node member of a hardware cluster that coordinates availability and performance operations with other nodes. Clusterware provides resource grouping, monitoring, and the ability to move services. A cluster agent can automate the service failover.
clusterware: Software that manages the operations of the members of a cluster as a system. It allows one to define a set of resources and services to monitor through a heartbeat mechanism between cluster members and to move these resources and services to a different member in the cluster as efficiently and transparently as possible.
failback: After a system undergoes a successful failover operation, the original failed member can be repaired over time and be re-introduced into the system as a standby member. If desired, a failback process can be initiated to activate this member and deactivate the other. This process reverts the system back to its prefailure configuration.
failover: When a member of a high-availability system fails unexpectedly (unplanned downtime), in order to continue offering services to its consumers, the system handles the load by using the other available systems. If the system is an active-passive system, the passive member is activated during the failover operation and consumers are directed to it instead of the failed member. The failover process can be performed manually, or it can be automated by setting up hardware cluster services to detect failures and move cluster resources from the failed node to the standby node. If the system is an active-active system, the failover is performed by the load balancer entity serving requests to the active members. If an active member fails, the load balancer detects the failure and automatically redirects requests for the failed member to the surviving active members. For information about active-active and active-passive system, see the Oracle Fusion Middleware High Availability Guide.
hardware cluster: A hardware cluster is a collection of computers that provides a single view of network services (for example, an IP address) or application services (for example, databases or web servers) to clients of these services. Each node in a hardware cluster is a standalone server that runs its own processes. These processes can communicate with one another to form what looks like a single system that cooperatively provides applications, system resources, and data to users.
A hardware cluster achieves high availability and scalability through the use of specialized hardware (cluster interconnect, shared storage) and software (health monitors, resource monitors). The cluster interconnect is a private link used by the hardware cluster for heartbeat information to detect node death. Due to the need for specialized hardware and software, hardware clusters are commonly provided by hardware vendors, including Oracle, HP, IBM, and Dell. While the number of nodes that can be configured in a hardware cluster is vendor dependent, for the purpose of Oracle Fusion Middleware high availability, only two nodes are required. Hence, this document assumes a two-node hardware cluster for high-availability solutions employing a hardware cluster.
Middleware home: A Middleware home consists of the Oracle WebLogic Server home, and, optionally, one or more Oracle homes. A Middleware home can reside on a local file system or on a remote shared disk that is accessible through NFS.
network host name: A network host name is a name assigned to an IP address either through the
/etc/hosts file or through DNS resolution. This name is visible in the network that the machine to which it refers is connected. Often, the network host name and physical host name are identical. However, each machine has only one physical host name but can have multiple network host names. Thus, a machine's network host name may not always be its physical host name.
Oracle home: An Oracle home contains installed files necessary to host a specific product. For example, the SOA Oracle home contains a directory that contains binary and library files for Oracle SOA Suite. An Oracle home resides within the directory structure of the Middleware home. Each Oracle home can be associated with multiple Oracle instances or Oracle WebLogic Server domains.
Oracle instance: An Oracle instance contains one or more active middleware system components, for example Oracle Web Cache, Oracle HTTP Server, or Oracle Internet Directory. You determine which components are part of an instance, either at install time or by creating and configuring an instance at a later time. An Oracle instance contains files that can be updated, such as configuration files, log files, and temporary files.
physical host name: This guide differentiates between the terms physical host name and network host name. This guide uses physical host name to refer to the internal name of the current machine. On a UNIX system, this is the name returned by the
A physical host name is used by Oracle Fusion Middleware to reference the local host. During installation, the installer automatically retrieves the physical host name from the current machine and stores it in the Oracle Fusion Middleware configuration metadata on disk.
physical IP address: A physical IP address is the IP address of a machine on the network. In most cases, it is associated with the physical host name of the machine (see the definition of the physical host name). In contrast to a virtual IP address, a physical IP address is always associated with the same machine when on a network.
primary node: The node that is actively running an Oracle Fusion Middleware instance at any given time and has been configured to have a backup, or secondary, node. If the primary node fails, Oracle Fusion Middleware instance is failed over to the secondary node. This failover can be manual or automated using the Clusterware for Administration Server. For a scenario based on server migration, WebLogic Whole Server Migration is used for automated failover.
secondary node: The node that is the backup node for an Oracle Fusion Middleware instance. This is where the active instance fails over when the primary node is no longer available. See the definition for primary node in the preceding text.
Middleware home software
AdminServer Domain Home
Tlogs (where applicable)
Except for a WebCenter Content or Inbound Refinery Managed Server, you can locate a Managed Server home on the shared disk as well. The shared storage can be a Network Attached Storage (NAS), a Storage Area Network (SAN), or any other storage system that multiple nodes can access simultaneously and can read and write to.
switchback: When a switchover operation is performed, a member of the system is deactivated for maintenance or upgrading. When the maintenance or upgrading is completed, the system can undergo a switchback operation to activate the upgraded member and bring the system back to the pre-switchover configuration.
switchover: During normal operation, active members of a system may require maintenance or upgrading. A switchover process can be initiated to allow a substitute member to take over the workload performed by the member that requires maintenance or upgrading, which undergoes planned downtime. The switchover operation ensures continued service to consumers of the system.
virtual host name: A virtual host name is a network-addressable host name that maps to one or more physical machines through a load balancer or a hardware cluster. For load balancers, the term virtual server name is used interchangeably with virtual host name in this book. A load balancer can hold a virtual host name on behalf of a set of servers, and clients communicate indirectly with the machines using the virtual host name. A virtual host name in a hardware cluster is a network host name assigned to the cluster's virtual IP address. Because the virtual IP address is not permanently attached to any particular node of a cluster, the virtual host name is not permanently attached to any particular node either.
Whenever the term virtual host name is used in this document, it is assumed to be associated with a virtual IP address. In cases where just the IP address is needed or used, this will be explicitly stated.
virtual IP address: Also, cluster virtual IP address and load-balancer virtual IP address. Generally, a virtual IP address can be assigned to a hardware cluster or a load balancer. To present a single-system view of a cluster to network clients, a virtual IP address serves as an entry point to the group of servers that are members of the cluster.
A hardware cluster uses a cluster virtual IP address to present to the outside world as the entry point into the cluster. (A cluster virtual IP address can also be set up on a standalone machine.) The hardware cluster's software manages the movement of this IP address between the two physical nodes of the cluster while clients connect to this IP address without the need to know which physical node this IP address is currently active on. In a typical two-node hardware cluster configuration, each machine has its own physical IP address and physical host name, while there could be several cluster IP addresses. These cluster IP addresses float or migrate between the two nodes. The node with current ownership of a cluster IP address is active for that address.
A load balancer also uses a virtual IP address as the entry point to a set of servers. These servers tend to be active at the same time. This virtual IP address is not assigned to any individual server but to the load balancer which acts as a proxy between servers and their clients.
WebLogic Server home: A WebLogic Server home contains installed files necessary to host a WebLogic Server. The WebLogic Server home directory is a peer of Oracle home directories and resides within the directory structure of the Middleware home.
The Oracle Fusion Middleware configurations discussed in this guide are designed to ensure security of all invocations, maximize hardware resources, and provide a reliable, standards-compliant system for enterprise computing with a variety of applications.
The security and high-availability benefits of the Oracle Fusion Middleware configurations are realized through isolation in firewall zones and replication of software components, as these topics describe:
The enterprise deployment architectures are secure because every functional group of software components is isolated in its own DMZ, and all traffic is restricted by protocol and port. The following characteristics ensure security at all needed levels, as well as a high level of standards compliance:
Communication from external clients does not go beyond the Load Balancing Router (LBR) level.
No direct communication from the Load Balancing Router to the data tier is allowed.
Components are separated in different protection zones: Oracle Web Tier, the application tier, and the data tier.
Direct communication across two firewalls at any one time is prohibited.
If a communication begins in one firewall zone, it must end in the next firewall zone.
Oracle Internet Directory is isolated in the data tier.
Oracle Identity Management components are in a separate subnet.
All communication between components across protection zones is restricted by port and protocol, according to firewall rules.