4 Using the Enterprise Deployment Workbook

This chapter introduces the Enterprise Deployment Workbook; it describes how you can use the workbook to plan an enterprise deployment for your organization.

This chapter contains the following sections:

• Introduction to the Enterprise Deployment Workbook

• Typical Use Case for Using the Workbook

• Who Should Use the Enterprise Deployment Workbook?

• Using the Oracle Identity and Access Management Enterprise Deployment Workbook

4.1 Introduction to the Enterprise Deployment Workbook

The Oracle Fusion Middleware Enterprise Deployment Workbook is a companion document to this guide. It is a spreadsheet that can be used by architects, system engineers, database administrators, and others to plan and record all the details for the environment deployment including server names, URLs, port numbers, installation paths, and other resources.

The Enterprise Deployment Workbook serves as a single document you can use to track input variables for the entire process, allowing for:

• Separation of tasks between architects, system engineers, database administrators, and other key organizational roles

• Comprehensive planning before the implementation

• Validation of planned decisions before actual implementation

• Consistency during implementation

• A record of the environment for future use

4.2 Typical Use Case for Using the Workbook

A typical use case for the Enterprise Deployment Workbook involves the following roles and tasks, in preparation for an Oracle Fusion Middleware enterprise deployment:

• Architects read through the first five chapters of this guide, and fill in the corresponding sections of the Workbook.

• The Workbook is validated by other architects and system engineers.

• The architect uses the validated workbook to initiate network and system change requests with system engineering departments;

• The Administrators and System Integrators who are installing and configuring the software refer to the workbook and the subsequent chapters of this guide to perform the installation and configuration tasks.

4.3 Who Should Use the Enterprise Deployment Workbook?

The information in the Enterprise Deployment Workbook is divided into categories. Depending on the structure of your organization and roles defined for your team, you can assign specific individuals in your organization to fill in the details of the workbook. Similarly the information in each category can be assigned to the individual or team responsible for planning, procuring, or setting up each category of resources.

For example, the workbook can be filled in, reviewed, and used by people in your organization that fill the following roles:

• Information Technology (IT) Director

• Architect

• System Administrator

• Network Engineer

• Database Administrator

• Storage Administrator

• Fusion Middleware Administrator

4.4 Using the Oracle Identity and Access Management Enterprise Deployment Workbook

The following sections provide an introduction to the location and contents of the Oracle Identity and Access Management Enterprise Deployment Workbook:

• Section 4.4.1, "Locating the Oracle Identity and Access Management Enterprise Deployment Workbook"

• Section 4.4.2, "Understanding the Contents of the Oracle Identity and Access Management Enterprise Deployment Workbook"

4.4.1 Locating the Oracle Identity and Access Management Enterprise Deployment Workbook

The Oracle Identity and Access Management Enterprise Deployment Workbook is available as a Microsoft Excel Spreadsheet in the Oracle Fusion Middleware documentation library. It is available as a link on the Install, Patch, and Upgrade page of the library.

4.4.2 Understanding the Contents of the Oracle Identity and Access Management Enterprise Deployment Workbook

The following sections describe the contents of the Oracle Identity and Access Management Enterprise Deployment Workbook. The workbook is divided into tabs, each containing a set of related variables and values you will need to install and configure the Oracle Identity and Access Management Enterprise Deployment topologies:

• Section 4.4.2.1, "Using the Start Tab"

• Section 4.4.2.2, "Using the Hardware - Host Computers Tab"

• Section 4.4.2.3, "Using the Network - Virtual Hosts & Ports Tab"

• Section 4.4.2.4, "Using the Load Balancer Tab"

• Section 4.4.2.5, "Using the Storage - Directory Variables Tab"

• Section 4.4.2.6, "Using the Database - Connection Details Tab"

• Section 4.4.2.7, "Using the LDAP - Users and Groups Tab"

• Section 4.4.2.8, " Using the Exalogic Tab"

4.4.2.1 Using the Start Tab

The Start tab of the Enterprise Deployment Workbook serves as a table of contents for the rest of the workbook. You can also use it to identify the people who will be completing the spreadsheet.

The Start tab also provides a key to identify the colors used to identify workbook fields that need values, as well as those that are provided for informational purposes.

Figure 4-1 shows the Start tab of the spreadsheet.

Figure 4-1 Start Tab of the Oracle Identity and Access Management Enterprise Deployment Workbook

Description of ''Figure 4-1 Start Tab of the Oracle Identity and Access Management Enterprise Deployment Workbook''

4.4.2.2 Using the Hardware - Host Computers Tab

The Hardware - Host Computers tab lists the host computers required to install and configure the Oracle Identity and Access Management Enterprise Deployment Topology.

The reference topologies described in Section 2.1, "Understanding the Primary and Build-Your-Own Enterprise Deployment Topologies" require a minimum of six host computers: two for the Web tier, two for the application tier, and two for the Oracle RAC database on the data tire.

A common deployment model typically uses 10 servers however. These being made up of: 2 for the Web Tier, 2 for the Access Components Application Tier, 2 for the Governance Components Application Tier, 2 For the LDAP servers and 2 for the RAC database servers. If you decide to expand the environment to include more systems, add a row for each additional host computer.

The Abstract Host Name is the name used throughout this guide to reference the host. For each row, procure a host computer, and enter the Actual Host Name.

For example, if a procedure in this guide references OAMHOST1, you can then replace the OAMHOST1 variable with the actual name provided on the Hardware - Host Computers tab of the workbook.

About Multi-Networked Host Computers

If you are deploying on a multi-networked host, the real host name may not be attached to the network on which you wish communication to occur. If the network you wish to use for communication is different from that attached to the Real Host Name, then you can override this by providing a different Listen Address Host Name, which is attached to the network you wish to use. Most platform deployments do not require a different Listen Host Name, however the majority of Exalogic Deployments do.

A typical example would be where the real host name is attached to the management network but network communication should happen through a client network or in the case of Exalogic the internal IPoIB network.

Using the Spreadsheet in a Consolidated Deployment

If you are using a consolidated deployment, where you have larger machines, then you can use the same host name for multiple entries in the spreadsheet.

For example, if you wish to deploy Access and Governance onto the same host then both OAMHOST1 and OIMHOST1 can be set to iamserver1, and both OAMHOST1 and OIMHOST2 can be set to iamserver2.

When you see OAMHOST1 or OIMHOST2 referenced in the guide, you'll know to replace them with the value of iamserver1 or iamserver2.

Including Additional Host Details

For easy reference, Oracle also recommends that you include the IP address, Operating System (including the version), number of CPUs, and the amount of RAM for each host. This information can be useful during the installation, configuration, and maintenance of the enterprise deployment.

For more information, see Chapter 9, "Configuring the Host Computers for an Enterprise Deployment."

4.4.2.3 Using the Network - Virtual Hosts & Ports Tab

The Network - Virtual Hosts & Ports tab lists the virtual hosts that must be defined by your network administrator before you can install and configure the Oracle Identity and Access Management enterprise deployment topology.

The port numbers are important for several reasons. You must have quick reference to the port numbers so you can access the management consoles; the firewalls must also be configured to allow network traffic via specific ports.

Each virtual host, virtual IP address, and each network port serves a distinct purpose in the deployment. For more information, see Section 5.3, "Reserving the Required IP Addresses for an Enterprise Deployment"

In the Physical Network - Virtual Hosts table, review the items in the Abstract Virtual Host or Virtual IP Name column. These are the virtual host and virtual IP names used in the procedures in this guide. For each abstract name, enter the actual virtual host name defined by your network administrator. Whenever this guide references one of the abstract virtual host or virtual IP names, replace that value with the actual corresponding value in this table.

Similarly, in many cases, this guide assumes you are using default port numbers for the components or products you install and configure. However, in reality, you will likely have to use different port numbers. Use the Network - Port Numbers table to map the default port values to the actual values used in your specific installation.

4.4.2.4 Using the Load Balancer Tab

The Load Balancer tab lists the virtual hosts your network administrator must create on your hardware load balancer before you can install and configure the Oracle IAM enterprise deployment topology.

The ports you specify in this section are the ports on the load balancer. They need not be the same as the target ports you are directing traffic to.

Each virtual host, virtual IP address, and each network port serves a distinct purpose in the deployment. For more information, see Chapter 6, "Summary of the Virtual Servers Required for an Oracle Identity and Access Management Deployment."

The Virtual Hosts are separated out to provide maximum flexibility. It is however acceptable to combine the multiple virtual hosts of the same type.

In the Load Balancer - Virtual Hosts table, review the items in the Abstract Virtual Host or Virtual IP Name column. These are the virtual host and virtual IP names used in the procedures in this guide. For each abstract name, enter the actual virtual host name defined by your network administrator. Whenever this guide references one of the abstract virtual host or virtual IP names, replace that value with the actual corresponding value in this table.

Similarly, in many cases, this guide assumes you are using default port numbers for the components or products you install and configure. However, in reality, you will likely have to use different port numbers. Use the Load Balancer - Port Numbers table to map the default port values to the actual values used in your specific installation.

The Load Balancer Pool configuration combines information that you enter in this tab with information entered in the Hardware and Network tabs to provide a summary of how the load balancer pools should be configured. For full details on how to configure the load balancer refer to Chapter 6, "Typical Procedure for Configuring the Hardware Load Balancer."

4.4.2.5 Using the Storage - Directory Variables Tab

As part of preparing for an enterprise deployment, it is assumed you will be using a standard directory structure, which is recommended for Oracle enterprise deployments.

In addition, procedures in this book reference specific directory locations. Within the procedures, each directory is assigned a consistent variable, which you should replace with the actual location of the directory in your installation.

For each of the directory locations listed on this tab, provide the actual directory path in your installation.

In addition, for the application tier, it is recommended that many of these standard directories be created on a shared storage device. For those directories, the table also provides fields so you can enter the name of the shared storage location and the mount point used when you mounted the shared location.

For more information, see Chapter 7, "Preparing Storage for an Enterprise Deployment."

4.4.2.6 Using the Database - Connection Details Tab

When you are installing and configuring the enterprise deployment topology, you will often have to make connections to a highly available Oracle Real Application Clusters (RAC) database. In this guide, the procedures reference a set of variables that identify the information you will need to provide to connect to the database from tools, such as the Configuration Wizard and the Repository Creation Utility.

To be sure you have these values handy, use this tab to enter the actual values for these variables in your database installation.

An Oracle Identity and Access Management installation can use more than one database if desired. This is typically the case where you wish to use a Multi Data Center deployment. It is perfectly acceptable however, to use a single database.

If you are using a single database, you must still use a different RCU prefix for artefacts belonging to each separate domain Access and Governance.

For more information, see Chapter 10, "Preparing the Database for an Enterprise Deployment."

4.4.2.7 Using the LDAP - Users and Groups Tab

Oracle Fusion Middleware products require an LDAP directory service, such as Oracle Unified Directory. The enterprise deployment requires that you define specific users and groups in the directory, so administrators can access the management consoles and other resources required to configure and manage the deployment.

Throughout this guide, variables are used to identify these specific users and groups. Use the LDAP - Users and Groups tab in the enterprise deployment workbook to track these variables and the actual user and groups names used in your specific LDAP directory.

For information about configuring the LDAP directory, see the following topics:

• Chapter 12, "Configuring Oracle LDAP for an Identity and Access Manager Enterprise Deployment"

• Chapter 13, "Preparing The Identity Store"

4.4.2.8  Using the Exalogic Tab

The Exalogic tab is relevant only if you are deploying your Enterprise Deployment on Exalogic.

While this guide covers the setup of Fusion Middleware for Exalogic, it does not cover the actual setup of the Exalogic servers. You use this section of the worksheet to determine how you need your Exalogic Environment Setup (or to record how you have actually set it up).

The page is divided into several sections:

• Compute Node Details: This section is required if you are performing a physical Exalogic deployment. Here you enter the names of the Hosts associated with each of the networks you wish to use.

• Virtual Server Details: This section is required if you are performing a virtual Exalogic deployment. Here you enter the details of the Virtual Servers you require creating on the Exalogic Elastic Cloud environment. You include such things as the size of the virtual server, the host names associated with the various Exalogic networks and the Distribution Groups.

  For a complete explanation of these items refer to the Oracle Fusion Middleware Enterprise Deployment Guide for Exalogic.

• Storage Details: In this section you enter the name used to access the ZFS storage device. This is the name that will be used in the Storage tab referenced as appliance_name.

• Storage Shares: In this section you enter the details of the ZFS Projects and Shares that you have (or need to) create on the ZFS Appliance. Example Project and Share Names have been provided. Complete the worksheet with the actual share names you have created. When you create a share on the ZFS appliance it will be assigned an Export Name usually in the following format:

  /export/project_name/share_name
  

  Enter this value in the Export Name column. The Export Name, in conjunction with the storage Name, can be used to complete the share name in the Storage tab.

  Note the following additional columns in this table:

  • Mount Point: The mount point is the name of the directory as mounted on the host, this is the same as the mount point on the Storage Tab.

  • Mounted On Hosts: This shows the hosts that the share should be mounted on. This information will be populated with values entered in the Hardware tab.

    For complete information on creating Exalogic Shares refer to the Storage Section of the Oracle Fusion Middleware Enterprise Deployment Guide for Exalogic.

• Virtual Host Details: This section lists the virtual hosts required by the typical enterprise deployment. Complete this section as follows:

  • Network - Select the Exalogic Network Type you wish to use for communication with the WebLogic managed servers, this is either IPoIB or EoIB.

  • Actual Virtual Host Name - Specify the host name associated with the network you wish to use for communication.

  • IP Address - Although not necessary for the deployment, it is worth making a note of the IP address associated with the Actual Virtual Host Name. This is particularly useful where IPoIB networks are being used and host name resolution occurs using the local /etc/hosts file rather than the DNS.

• OTD Failover Groups: When you are deploying the software on Exalogic, this table lists the Oracle Traffic Director abstract virtual host names, and provides files where you can enter the actual host names and IP addresses that are defined for the OTD failover groups.