This chapter describes and illustrates the deployment reference topologies you can deploy using the Life Cycle Management (LCM) tools and the instructions in this guide. It also summarizes the high-level tasks required to install and deploy the Oracle Identity and Access Management software using the LCM tools.
This chapter contains the following sections:
About the Automated Deployment of Oracle Identity and Access Management
Overview of Deploying Oracle Identity and Access Management With the LCM Tools
The following sections describe the Oracle Identity and Access Management automated deployment, patching, and upgrade tools:
Section 23.1.1, "Purpose of the Automation Tools for 11g Release 2 (11.1.2.3)"
Section 23.1.2, "Packaging and Distribution of the Automation Tools"
Section 23.1.4, "Deployment Capabilities of the LCM Tools for Oracle Identity and Access Management"
Section 23.1.5, "Patching Capabilities of the LCM Tools for Oracle Identity and Access Management"
Section 23.1.6, "Upgrade Capabilities of the LCM Tools for Oracle Identity and Access Management"
The Oracle Identity and Access Management Life Cycle Management (LCM) Tools provide automated installation and configuration capabilities for Oracle Identity and Access Management on both single host environments and on highly available, production systems.
For information about using the LCM Tools to deploy Oracle Identity and Access Management on a single host, see the Oracle Fusion Middleware Deployment Guide for Oracle Identity and Access Management.
This chapter, and the following chapters, provide instructions on how to use the LCM Tools in a multi-node, enterprise deployment environment.
You can use the LCM tools as an alternative to the manual installation and configuration steps provided in Part III, "Configuring an Oracle Identity and Access Management Enterprise Deployment Manually".
Oracle packages all the software required to automatically deploy, patch, and upgrade Oracle Identity and Access Management in a single software distribution known as the Oracle Identity and Access Management Deployment Repository.
Note:
If you are deploying Oracle Identity and Access Management on the Exalogic engineered system, then you will need to download additional software packages for Oracle Traffic Director and Oracle Access Manager WebGate for Oracle Traffic Director.For more information, see Section 5.4, "Identifying and Obtaining Software Downloads for an Enterprise Deployment".
When you download and unpack the archives for Deployment Repository distribution, you end up with a directory structure that contains a software repository. Within this repository are all the software installers required to install and configure Oracle Identity Management, as well as the Oracle Identity and Access Management Life Cycle Management Tools.
For more informations, see Section 7.5.5.1, "Life Cycle Management and Deployment Repository".
Before you begin using the LCM Tools to automate your Oracle Identity and Access Management deployment, be sure to download the latest patches to both the Oracle Identity and Access Management software and the LCM Tools.
For more information, see "Mandatory Patches Required for Installing Oracle Identity Manager" in the Oracle Identity and Access Management Release Notes.
The LCM tools for Oracle Identity and Access Management provide the following deployment capabilities and restrictions:
The Oracle Identity and Access Management LCM tools automate all aspects of installing, configuring, deploying, integrating, and patching the software.
Note that this guide describes how to use the LCM Tools to deploy a limited number of specific Oracle Identity and Access Management topologies. For more information, see Section 2.2, "Diagrams of the Primary Oracle Identity and Access Management Topology" and Section 3.3, "Diagrams of the Primary Oracle Identity and Access Management Exalogic Enterprise Topologies".
The Oracle Identity and Access Management software and the required components such as the Java Development Kit (JDK), Oracle WebLogic Server, Oracle HTTP Server, and Oracle SOA Suite are packaged into a single repository that can be downloaded from the Oracle Technology Network (OTN) or the Oracle Software Delivery Cloud.
This single repository makes it easy to be sure you have the correct prerequisite software before you begin the deployment process. This repository includes a set of software installers and is a completely different download from the conventional distributions available for the standard, manual installation process.
For more information, see Section 5.4, "Identifying and Obtaining Software Downloads for an Enterprise Deployment".
When you are deploying to multiple hosts, you can run the LCM Tools from a single host. The scripts execute the necessary operations on the local host and on the remote hosts. There is no need to run the LCM Tools manually on each host.
The LCM Tools use the Environment Health Check Utility to verify that your system requirements before you deploy and to verify the environment after you deploy.
For more information, see Verifying Your Oracle Identity and Access Management Environment.
The environment you deploy using the LCM tools can later be upgraded component by component, so as to minimize downtime.
Further, in an integrated environment, where the automated tools are used to deploy multiple Oracle Identity and Access Management products, you can choose to upgrade one product without affecting other products.
For more information, see the Oracle Fusion Middleware Upgrade Guide for Oracle Identity and Access Management.
You can use the LCM Tools to deploy an Oracle Identity and Access Management environment that uses an existing Microsoft Active Directory instance. For more information, see Section 13.6, "Preparing an Existing Microsoft Active Directory Instance for Use with Oracle Identity and Access Management".
When you deploy on a consolidated topology, the LCM tools creates the Access and Governance Administration Servers on the same host. The topology diagrams depict them on different hosts to spread the load. If you wish to have your Administration Servers on different hosts per the topology diagrams, then let the LCM configure both Administration Servers on IAMHOST1. After provisioning is complete, you can then fail one of the Administration Servers over to IAMHOST2 using the procedure described in Section 15.4.11, "Manually Failing over the WebLogic Administration Server".
Note:
You cannot change the IDMLCM response file name if you are updating an existing file.Limitations of Using the LCM Tool
The current LCM implementation has the following limitations:
Installing and creating an Oracle Directory is not supported. You must create the Oracle Unified Directory (OUD) or Oracle Internet Directory (OID) using the manual steps prior to running a deployment.
For more information, see Chapter 12, "Configuring Oracle LDAP for an Identity and Access Manager Enterprise Deployment".
If you plan to perform an incremental deployment, where you first deploy and validate Oracle Access Manager or Oracle Identity Manager, and later deploy the other product, note the following:
Oracle Access Manager Only and Oracle Identify Manager Only topologies cannot use the same IDM_TOP. If you wish to perform such a modular installation using OAM Only and OIM Only, then you must specify a different IDM_TOP for each install.
This means creating two different mount points and additional shared storage. Another approach is to use LCM to create the first deployment; for example, OAM only, and then Install the second, OIM Only, deployment using the manual steps. If this is done, then the same IDM_TOP can be used.
The Cleanup and Restore feature is supported only for single-host deployments. For more information, see Chapter 28, "Cleaning up an Environment Before Rerunning IAM Deployment".
Scale out and scale up of a configured environment is not automated by the LCM Tools. For more information, see Chapter 29, "Scaling Enterprise Deployments".
You can use the LCM tools to apply one or more Interim (one-off) or Bundle Patches to an IDM deployment that was installed using the LCM tools. It is important to note that automated patching is supported only for those components installed and configured using the LCM tools.
All patching occurs within a patch session. Each Oracle Identity and Access Management deployment topology is implemented as multiple tiers, including the Directory tier, Application tier, and Web tier. Each product belongs to a single tier, but common patches, if found, are applied to all three.
A session can be created to apply one or more patches, or to rollback selected patches. A session in progress can be aborted if required. If actions need to be rolled back, in the current tier or for tiers that have already been completed, a new rollback session can be created using patches for the affected products.
When patching an environment that was created with the LCM tools, the LCM patching feature:
Patches all nodes
Applies the patch to both shared and local storage
Stops and starts affected servers
Executes post-patch artifact changes
Provides comprehensive state-sharing and reporting
Note:
Automated patching does not support the following:Patching of the database and Oracle WebLogic Server
Patching of Oracle Access Manager Webgates used for Web servers
Patching of the LCM Tools
For more information about the patching capabilities of the LCM tools, see "Patching Oracle Identity and Access Management Using Lifecycle Tools" in the Oracle Fusion Middleware Patching Guide for Oracle Identity and Access Management
For environments that were created using the LCM tools, the upgrade to a newer Oracle Identity and Access Management release is also automated.
To upgrade such an environment, you download a set of upgrade scripts, which can be customized to recognize the details of your environment. The scripts automate all the steps involved with upgrading an Oracle Identity Management environment that was created using the LCM tools.
As with automated patching, the automated tools do not upgrade the database, JDK, or WebGate software. It does, however, upgrade the Oracle HTTP Server instances that were deployed using the LCM tools.
For more information, see the "Upgrading Oracle Identity and Access Management LCM Provisioned Environments" in the Oracle Fusion Middleware Upgrade Guide for Oracle Identity and Access Management.
Table 23-1 describes each of the steps and provides links to more information about each step.
Table 23-1 Roadmap for Creating the Reference Topologies with the LCM Tools
| Task | Description | More Information |
|---|---|---|
|
Determine the topology you want to deploy |
Review the topologies supported by the LCM Tools and determine which topology is best suited for the requirements of your organization. The following are the topologies supported:
|
Chapter 2, "Understanding the IAM Enterprise Deployment" Chapter 3, "Understanding the IAM Exalogic Enterprise Deployment" |
|
Review the certifications and system requirements. |
Before you install and configure Oracle Identity and Access Management, you should ensure that your existing products are certified for use with Oracle Identity and Access Management. In addition, you should review the system requirements, such as memory and disk space requirements and required Linux install packages. |
Chapter 5, "Procuring Resources for an Enterprise Deployment" |
|
Review the IDM and LCM readmes. |
After you apply the required patches, review the bundle patch readmes to determine for instructions about applying the patches and preparing the software for deployment. |
|
|
Perform the standard planning, procurement, and configuration procedures to prepare for the enterprise deployment. |
A database is required to store the required schemas for the Oracle Identity and Access Management products and components. You can identify an existing database instance, or use the database installation software included in the repository to install a new database. |
|
|
Run the Health Check Utility to ensure your certification and system requirements have been met. |
This step ensures that you can run the Deployment Wizard and the basic and mandatory system requirements have been met. |
"Running the Health Check Utility to Verify Basic System Requirements" in the Oracle Fusion Middleware Deployment Guide for Oracle Identity and Access Management |
|
Determine the LDAP Directory requirements for the topology you selected |
Some of the supported topologies require a supported LDAP directory service. If you plan to use an existing directory service, there are tasks you must perform to prepare the directory for use with Oracle Identity and Access Management. |
Chapter 12, "Configuring Oracle LDAP for an Identity and Access Manager Enterprise Deployment" |
|
Download and unpack the LCM Tools and Repository from the Oracle Technology Network (OTN) or the Software Delivery Cloud |
When you unpack the archives, you end up with a standard directory structure that includes a software repository. The software repository contains all the installers required to install the Oracle Identity and Access Management software, as well as the installer for installing the LCM Tools. Note that the latest version of the LCM tool set is delivered as a patch which is an independent download. |
Section 5.4, "Identifying and Obtaining Software Downloads for an Enterprise Deployment" |
|
Install the LCM Tools |
From the software repository, locate and run the LCM Tools installer, which installs the provisioning tools that enable you to automatically deploy Oracle Identity and Access Management. |
Chapter 24, "Installing Oracle Identity and Access Management Life Cycle Management Tools" |
|
Run the Deployment Wizard to create a new deployment response file. |
The Deployment Wizard (one of the LCM Tools), prompts you for important information about your hardware and software environment, such as the selected topology, database, and LDAP directory information. The wizard uses this information to create a response file that can later be used to automatically deploy Oracle Identity and Access Management. |
|
|
Run the Deployment Wizard or the command line to deploy the Oracle Identity Management software. |
For this step, you use the response file (which now contains all the details about your hardware and software environment) to deploy the Oracle Identity and Access Management software automatically. |