7 Preparing for Deployment

This chapter describes the software installations required for an Oracle Identity and Access Management enterprise deployment.

This chapter contains the following topics:

Section 7.1, "Assembling Information for Identity and Access Management Deployment"
Section 7.2, "Creating an Oracle Identity and Access Management Software Repository"
Section 7.3, "Verifying Java"
Section 7.4, "Installing the IAM Deployment Wizard"
Section 7.5, "Checking Port Availability"

7.1 Assembling Information for Identity and Access Management Deployment

Assemble the following information prior to deployment. You can print out the tables from the PDF version of this guide and record your own values.

This guide repeatedly uses the following host names to make it easier to follow:

WEBHOST1/2
OAMHOST1/2
OIMHOST1/2
LDAPHOST1/2

The actual values you use depend on the type of deployment topology you are using. The values in Table 7-1 are translations of how these hosts refer to the hosts listed in the topologies.

In addition to the host names, you may see some of the hosts in the document have a VHN suffix. This is used to identity virtual host names.

Notes:

Do not use host names that contain the hyphen (-) character. See Section 15.10.1.1, "Deployment Fails with Error: Incorrect Host or Domain Name Format for Attribute."
Do not use privileged ports (< 1024) for the Identity and Access Management deployment.

Table 7-1 Hosts–Distributed Topology

Description	Variable	Documented Value
Access Management Host 1	`OAMHOST1`	`OAMHOST1.mycompany.com`
Access Management Host 2	`OAMHOST2`	`OAMHOST2.mycompany.com`
Identity Governance Host 1	`OIMHOST1`	`OIMHOST1.mycompany.com`
Identity Governance Host 2	`OIMHOST2`	`OIMHOST2.mycompany.com`
Directory Host 1	`LDAPHOST1`	`LDAPHOST1.mycompany.com`
Directory Host 2	`LDAPHOST2`	`LDAPHOST2.mycompany.com`
First Web Tier host	`WEBHOST1`	`WEBHOST1.mycompany.com`
Second Web Tier host	`WEBHOST2`	`WEBHOST2.mycompany.com`

Table 7-2 Hosts–Consolidated Topology

Description	Variable	Documented Value
Access Management Host 1	`OAMHOST1`	`IAMHOST1.mycompany.com`
Access Management Host 2	`OAMHOST2`	`IAMHOST2.mycompany.com`
Identity Governance Host 1	`OIMHOST1`	`IAMHOST1.mycompany.com`
Identity Governance Host 2	`OIMHOST2`	`IAMHOST2.mycompany.com`
Directory Host 1	`LDAPHOST1`	`IAMHOST1.mycompany.com`
Directory Host 2	`LDAPHOST2`	`IAMHOST2.mycompany.com`
First Web Tier host	`WEBHOST1`	`IAMHOST1.mycompany.com`
Second Web Tier host	`WEBHOST2`	`IAMSHOST2.mycompany.com`

Table 7-3 Installation Locations

Description	Variable	Documented Value
Software Repository Location	`REPOS_HOME`	`/u01/lcm/repository`
Software Installation Location	`SW_ROOT`	`/u01/oracle/products`
Shared Configuration Location	`SHARED_CONFIG_DIR`	`/u01/oracle/config`
Local Configuration Location	`LOCAL_CONFIG_DIR`	`/u02/private/oracle/config`
Lifecycle Management Store Location	`LCM_HOME`	`/u01/lcm`

Table 7-4 Ports

Description	Variable	Documented Value
Access Management WLS Server Port	`IAD_WLS_PORT`	`7001`
Identity Governance WLS Port	`IGD_WLS_PORT`	`7101`
Oracle Identity Manager Port, Second Oracle Identity Manager Port	`OIM_PORT`	`14000`
SOA Ports, Hosts 1 and 2	`SOA_PORT`	`8001`
Access Manager Port, Second Access Manager Port	`OAM_PORT`	`14100`
Access Manager Proxy Port	`OAM_PROXY_PORT`	`5575`
Web Server HTTP Port	`WEB_HTTP_PORT`	`7777`
Web Server HTTPS Port	`WEB_HTTPS_PORT`	`4443`
LDAP Port	`LDAP_PORT`	`1389`
LDAP SSL Port	`LDAP_SSL_PORT`	`1636`
LDAP Administration Port	`LDAP_ADMIN_PORT`	`4444`
LDAP Replication Port	`LDAP_REPLIC_PORT`	`8989`
Node Manager Port	`NMGR_PORT`	`5556`
OAAM Port	`OAAM_PORT`	14300
OAAM Administration Port	`OAAM_ADMIN_PORT`	14200

Table 7-5 Virtual Hosts

Description	Variable	Documented Value
Access Domain Administration Server Virtual Host	`IADADMINVHN`	`IADADMINVHN.mycompany.com`
Governance Domain Administration Server Virtual Host	`IGDADMINVHN`	`IGDADMINVHN.mycompany.com`
First Oracle Identity Manager Server virtual host	`OIMHOST1VHN`	`OIMHOST1VHN.mycompany.com`
Second Oracle Identity Manager Server virtual host	`OIMHOST2VHN`	`OIMHOST2VHN.mycompany.com`
First SOA Server virtual host	`SOAHOST1VHN`	`SOAHOST1VHN.mycompany.com`
Second SOA Server virtual host	`SOAHOST2VHN`	`SOAHOST2VHN.mycompany.com`

Table 7-6 Database Information

Description	Variable	Documented Value
SCAN Address	`SCAN_ADDRESS`	`IAMDBSCAN.mycompany.com`
SCAN Listener Port	`DB_LSNR_PORT`	`1521`
Oracle Identity Manager DB Service Name	`OIM_DB_SERVICENAME`	`OIMEDG.mycompany.com`
Access Manager DB Service Name	`OAM_DB_SERVICENAME`	`OAMEDG.mycompany.com`
OAAM DB Service Name	`OAAM_DB_SERVICENAME`	`OAAMEDG.mycompany.com`
Oracle Identity Manager DB Schema Password	`OIM_SCHEMA_PASSWD`

Table 7-7 LDAP

Description	Variable	Documented Value	Customer Value
LDAP Realm DN,	`REALM_DN`	`dc=mycompany,dc=com`
Identity Store Bind DN	`LDAP_ADMIN_USER`	`cn=oudadmin`

Table 7-8 Load Balancer

Description	Variable	Documented Value
Load Balancer end point used to access the IAMAccessDomain Administration functions	`IAD_DOMAIN_ADMIN_LBRVHN`	`IADADMIN.mycompany.com`
Load Balancer end point used to access the IAMGovernanceDomain Administration functions	`IGD_DOMAIN_ADMIN_LBRVHN`	`IGDADMIN.mycompany.com`
Load Balancer Administration Port	`HTTP_PORT`	`80`
Load Balancer Administration Port is SSL?		`No`
Load Balancer Internal Callbacks Virtual Host Name	`IAM_INTERNAL_LBRVHN`	`IDMINTERNAL.mycompany.com`
Load Balancer Internal Callbacks Port	`IAM_INTERNAL_PORT`	`80`
Load Balancer SSL Port	`HTTP_SSL_PORT`	`443`
Load Balancer ID Store Virtual Host Name	`LDAP_IDSTORE_NAME`	`IDSTORE.mycompany.com`
Load Balancer ID Store Port	`LDAP_LBR_PORT`	`389`
Load Balancer ID Store SSL Port	`LDAP_LBR_SSL_PORT`	`1636`
SSO main application entry point	`IAM_LOGIN_LBRVHN`	`SSO.mycompany.com`

Table 7-9 Email Server (Optional)

Description	Variable	Documented Value
Outgoing Email Server Name	`EMAIL_SERVER`	`EMAIL.mycompany.com`
Outgoing Email Server Port	`EMAIL_PORT`	`465`
Outgoing Email Security	`EMAIL_PROTOCOL`	`SSL`
Email Username	`EMAIL_USER`
Email Password	`EMAIL_PASSWORD`

Note:

Internal call backs are always unencrypted (HTTP). The main entry point sso.mycompany.com is always encrypted (HTTPS)

Table 7-10 Users

Description	Variable	Documented Value
Common IAM Password for IAM Deployment Wizard	`COMMON_IAM_PASSWORD`
Identity Store Access Manager Administrative User	`OAMADMINUSER`	`oamadmin`
Identity Store Access Manager Software User	`OAMLDAPUSER`	`oamLDAP`
Identity Store Oracle Identity Manager Administrative User	`OIMLDAPUSER`	`oimLDAP`

Table 7-11 OAM

Description	Variable	Documented Value	Customer Value
Access Manager Transfer Mode	`OAM_MODE`	`Simple`. (`Open` on AIX.)
Access Manager Cookie Domain	`OAM_COOKIE_DOMAIN`	`.mycompany.com`

7.2 Creating an Oracle Identity and Access Management Software Repository

The software required by Oracle Identity and Access Management is located in the Oracle Fusion Middleware Deployment Repository. If you have not already done so then you must create an Oracle Fusion Middleware Provisioning Repository as described in Oracle Fusion Middleware Deployment Guide for Oracle Identity and Access Management.

If you have not already done so, unzip the RCU zip file REPOS_HOME/installers/fmw_rcu/linux/rcuHome.zip to:

REPOS_HOME/installers/rcu

7.3 Verifying Java

Make sure that your Deployment Repository contains Java. It should reside in a directory called jdk6.

You can verify that Java is installed and working as follows:

Set JAVA_HOME to: JAVA_HOME

Run these commands:

JAVA_HOME/bin/java -version
JAVA_HOME/bin/javac -version

7.4 Installing the IAM Deployment Wizard

The IAM Deployment Wizard must be visible to each host in the topology during provisioning and subsequent patching.

The installation script for the IAM Lifecycle Tools (IAM Deployment Wizard and IAM Patching Tools) resides in the directory:

REPOS_HOME/installers/idmlcm/Disk1

To begin installing the tools, change to that directory and start the script.

cd REPOS_HOME/installers/idmlcm/idmlcm/Disk1
./runInstaller -jreLoc REPOS_HOME/jdk6

Then proceed as follows:

On the Welcome screen, click Next.
If you are running the Wizard on a UNIX platform, you are prompted for the location of the Inventory Directory, which is used to keep track of all Oracle products installed on this host.

In the Operating System Group ID field, select the group whose members you want to grant access to the inventory directory. All members of this group can install products on this host. Click OK to continue.

The Inventory Location Confirmation dialog prompts you to run the inventory_directory/createCentralInventory.sh script as root to create the /etc/oraInst.loc file. This file is a pointer to the central inventory and must be present for silent installations. It contains two lines:

inventory_loc=path_to_central_inventory

inst_group=install_group

The standard location for this file is /etc/oraInst.loc, but it can be created anywhere. If you create it in a directory other than /etc, you must include the -invPtrLoc argument and enter the location of the inventory when you run the Identity and Access Management Deployment Wizard or the runIAMDeployment script.

If you do not have root access on this host but want to continue with the installation, select Continue installation with local inventory.

Click OK to continue.
On the Prerequisite Checks screen, verify that checks complete successfully, then click Next.
On the Specify Install Location screen, enter the following information:
1. Oracle Middleware Home - This is the parent directory of the directory where the Identity and Access Management Deployment Wizard will be installed. This must be on shared storage for example:
  
  /u01/lcm/tools
2. Oracle Home Directory - This is a subdirectory of the above directory where the wizard will be installed. For example:
  
  idmlcm
Click Next.
On the Installation Summary screen, click Install.
On the Installation Progress screen, click Next.
On the Installation Complete screen, click Finish.

7.5 Checking Port Availability

Before starting to deploy your environment, you must ensure that none of the ports you intend to use is already in use.

To do this, perform the following steps:

Log on to the machine that the component will run on.
Check that no process is running using that port using the command:
```
netstat -an | grep port
```
where port is the port number you are checking for.

For example, for Oracle HTTP server the command is:
```
netstat -an | grep 7777
```

For a full list of the default ports, see Chapter 3, "Ports Used in the Oracle Identity and Access Management Enterprise Deployment Topology."