18.1 Before Setting Up a Multi-Data Center

The following prerequisites must be satisfied before beginning the Multi-Data Center (MDC) configuration process documented in Setting Up a Multi-Data Center.

  • Ensure you have a fully functioning Oracle Access Management environment with all applicable WebGates configured.

  • Partners (WebGates or agents) are anchored to a single Data Center thus, partner registration is done at the individual Data Centers.

  • All Data Center clusters must be front ended by a single Load Balancer. The load balancer should send all requests in a user session consistently to the same backend server (persistence, stickiness) and it should be route traffic geographically (geo-affinity).

  • Clocks on the machines in which Access Manager and agents are deployed must be in sync. Non-MDC Access Manager clusters require the clocks of WebGate agents be in sync with Access Manager servers. This requirement applies to the MDC as well. If the clocks are out of sync, token validations will not be consistent resulting in deviations from the expected behaviors regarding the token expiry interval, validity interval, timeouts and the like.

  • The identity stores in a Multi-Data Center topology must have the same Name.

  • WebLogic Server domains do not span Data Centers.

  • Any firewall between Data Centers must allow communication over the Oracle Access Protocol (OAP) channel. This entails opening the necessary ports and taking into account the lifetime of the connection. In regards to the latter, the MaxSessionTime parameter in the WebGate profile should be set to less than the firewall timeout value.