A high availability architecture is one of the key requirements for any Enterprise Deployment. Oracle Fusion Middleware has an extensive set of high availability features, which protect its components and applications from unplanned down time and minimize planned downtime.
The solutions and procedures in this book are designed to eliminate single points of failure for Oracle Fusion Middleware components with no or minimal down time. These solutions help ensure that applications deployed with Oracle Fusion Middleware meet the required availability to achieve your business goals.
This guide describes how to configure Identity and Access Management (IAM) products for high availability in an active-active configuration.
This chapter includes the following sections:
High availability refers to the ability of users to access a system without loss of service. Deploying a high availability system minimizes the time when the system is down, or unavailable and maximizes the time when it is running, or available. This section provides an overview of high availability from a problem-solution perspective. This section includes the following topics:
Mission critical computer systems need to be available 24 hours a day, 7 days a week, and 365 days a year. However, part or all of the system may be down during planned or unplanned downtime. A system's availability is measured by the percentage of time that it is providing service in the total time since it is deployed. Table 1-1 provides an example.
Table 1-1 Availability Percentages and Corresponding Downtime Values
Availability Percentage | Approximate Downtime Per Year |
---|---|
95% |
18 days |
99% |
4 days |
99.9% |
9 hours |
99.99% |
1 hour |
99.999% |
5 minutes |
System downtime may be planned or unplanned. Unplanned downtime is any sort of unexpected failure. Planned downtime refers to scheduled operations that are known in advance and that render the system unavailable. The effect of planned downtime on end users is typically minimized by scheduling operational windows when system traffic is slow. Unplanned downtime may have a larger effect because it can happen at peak hours, causing a greater impact on system users.
These two types of downtimes are usually considered separately when designing a system's availability requirements. A system's needs may be very restrictive regarding its unplanned downtimes, but very flexible for planned downtimes. This is typical for applications with high peak loads during working hours, but that remain practically inactive at night and during weekends. You may choose different high availability features depending on the type of failure being addressed.
High availability solutions can be categorized into local high availability solutions that provide high availability in a single data center deployment, and disaster recovery solutions, which are usually geographically distributed deployments that protect your applications from disasters such as floods or regional network outages.
local high availability solutions can protect failures such as process, node, and media failures as well as human errors. Geographically distributed disaster recovery solutions can protect local physical disasters that affect an entire data center.
To solve the high availability problem, a number of technologies and best practices are needed. The most important mechanism is redundancy. High availability comes from redundant systems and components. You can categorize local high availability solutions by their level of redundancy, into active-active solutions and active-passive solutions (see Figure 1-1):
Active-active solutions deploy two or more active system instances and can be used to improve scalability and provide high availability. In active-active deployments, all instances handle requests concurrently.
Active-passive solutions deploy an active instance that handles requests and a passive instance that is on standby. In addition, a heartbeat mechanism is set up between these two instances. This mechanism is provided and managed through operating system vendor-specific clusterware. Generally, vendor-specific cluster agents are also available to automatically monitor and failover between cluster nodes, so that when the active instance fails, an agent shuts down the active instance completely, brings up the passive instance, and application services can successfully resume processing. As a result, active-passive roles switch. The same procedure can be done manually for planned or unplanned downtime. Active-passive solutions are also generally referred to as cold failover clusters.
You can use Oracle Cluster Ready Services (CRS) to manage the Fusion Middleware Active-Passive (CFC) solutions.
Figure 1-1 Active-Active and Active-Passive High Availability Solutions
In addition to architectural redundancies, a comprehensive high availability system requires the following technologies:
Process death detection and automatic restart
Processes may die unexpectedly due to configuration or software problems. A proper process monitoring and restart system should monitor all system processes constantly and restart them should problems appear.
A system process should also maintain the number of restarts within a specified time interval. This is also important since continually restarting within short time periods may lead to additional faults or failures. Therefore a maximum number of restarts or retries within a specified time interval should also be designed as well.
Clustering
Clustering components of a system together enables the components to be viewed functionally as a single entity from the perspective of a client for runtime processing and manageability. A cluster is a set of processes running on single or multiple computers that share the same workload. There is a close correlation between clustering and redundancy. A cluster provides redundancy for a system.
If failover occurs during a transaction in a clustered environment, the session data is retained as long as there is at least one surviving instance available in the cluster.
State replication and routing
For stateful applications, client state can be replicated to enable stateful failover of requests in the event that processes servicing these requests fail.
Failover
With a load-balancing mechanism in place, instances are redundant. If any instances fail, requests to the failed instance can be sent to the surviving instances.
Server load balancing
When multiple instances of identical server components are available, client requests to these components can be load balanced to ensure that the instances have roughly the same workload.
Server Migration
Some services can only have one instance running at any given point of time. If the active instance becomes unavailable, the service is automatically started on a different cluster member. Alternatively, the whole server process can be automatically started on a different system in the cluster.
Integrated High Availability
Components depend on other components to provide services. The component should be able to recover from dependent component failures without any service interruption.
Rolling Patching
Patching product binaries often requires down time. Patching a running cluster in a rolling fashion can avoid downtime. Patches can be uninstalled in a rolling fashion as well.
Configuration management
A clustered group of similar components often need to share common configuration. Proper configuration management ensures that components provide the same reply to the same incoming request, enables these components to synchronize their configurations, and provides high availability configuration management for less administration downtime.
Backup and Recovery
User errors may cause a system to malfunction. In certain circumstances, a component or system failure may not be repairable. A backup and recovery facility should be available to back up the system at certain intervals and restore a backup when an unrepairable failure occurs.
This guide covers the architecture, interaction, and dependencies of Oracle Fusion Middleware components in 11g Release 2 (11.1.2.3), and explains how you can deploy them in a high availability architecture.
This section describes changes in this guide and where to find component documentation for 11g Releases 1 and 2.
This version of the High Availability Guide includes a new chapter, Chapter 13, "Configuring High Availability for Oracle Mobile Security Suite."
Previous versions of the High Availability Guide covered components that are not Identity and Access Management (IAM) components, such as Oracle SOA Suite. This version of the guide describes only Oracle Identity and Access Management 11g Release 2 components. See the following tables for more information.
Note:
There is no high availability guide for Oracle Forms and Reports 11g Release 2. Oracle recommends that you refer to the chapter "Configuring High Availability for Oracle Portal, Forms, Reports, and Discoverer" in the 11g Release 1 High Availability Guide.Table 1-2 lists 11g R2 components that this guide includes.
Table 1-3 lists 11g R2 components that are not in this guide.
Table 1-4 lists 11g R1 components that the Release 1 High Availability Guide includes.
Table 1-2 11g R2 Components in the 11g R2 High Availability Guide
Table 1-3 11g R2 Components not in the 11g R2 High Availability Guide
11g Release 2 (11.1.2.3) Component | See this chapter in the Oracle Fusion Middleware High Availability Guide, 11g Release 1 |
---|---|
Oracle Forms and Reports |
"Oracle Portal, Forms, Reports, and Discoverer" |
For all remaining Oracle Fusion Middleware products not released with 11g Release 2 (11.1.2.3), use the latest Oracle Fusion Middleware High Availability Guide, 11g Release 1. Table 1-4 lists components that 11g Release 1 includes:
Table 1-4 Components in the 11g Release 1 High Availability Guide
Components | See this chapter in the Oracle Fusion Middleware High Availability Guide, 11g Release 1 |
---|---|
Oracle SOA Suite, including: Oracle SOA Service Infrastructure, Oracle BPEL Process Manager, Oracle BPM Suite, Oracle Mediator, Oracle JCA Adapters, Oracle B2B, Oracle Web Services Manager (WSM), Oracle User Messaging Service (UMS) |
"Configuring High Availability for Oracle SOA Suite" |
Oracle ADF and Oracle WebCenter Portal |
"Configuring High Availability for Oracle ADF and Oracle WebCenter Portal" |
Oracle Data Integrator (ODI) |
"Configuring High Availability for Oracle Data Integrator (ODI)" |
Oracle Business Intelligence (BI) and EPM |
"Configuring High Availability for Oracle Business Intelligence and EPM" |
Oracle Web Tier |
"Configuring High Availability for Web Tier Components" |
Oracle WebCenter Content |
"Configuring High Availability for WebCenter Content" |
Oracle Portal and Discoverer |
"Configuring High Availability for Oracle Portal, Forms, Reports, and Discoverer" |
This section provides links to the documentation library for the Oracle Fusion Middleware release(s) that you are running.
Table 1-6 lists other Oracle Fusion Middleware guides with high availability information.
Table 1-6 High Availability Information in Oracle Fusion Middleware Documentation