This chapter provides information on managing Oracle Communications Network Integrity, and Network Integrity components.
To manage the Oracle Database server, see the Oracle Database administrator's guide on the Oracle Technology Network web site:
http://www.oracle.com/technology
Perform all required administration tasks for the database.
This section explains how to perform various Network Integrity management tasks.
To start a Network Integrity instance:
Ensure that the server hosting Network Integrity is running.
Log in to the WebLogic server Administration console using Administrator credentials.
The Home screen appears.
Click Configure applications.
The Summary of Deployments screen appears.
In the Deployments table, select the check box corresponding to the Network Integrity instance.
On the Start drop-down menu, select the appropriate option.
To stop a Network Integrity instance:
Ensure that the server hosting Network Integrity is running.
Log in to the WebLogic server Administration console using Administrator credentials.
The Home screen appears.
Click Configure applications.
The Summary of Deployments screen appears.
In the Deployments table, select the check box corresponding to the Network Integrity instance.
On the Stop drop-down menu, select the appropriate option.
Note:
Before starting or stopping the reporting tool using the WebLogic Administration console, ensure that the server hosting the reporting tool is running.To start or stop a deployed reporting tool:
Log in to the WebLogic server Administration console using Administrator credentials.
The Home screen appears.
Select Deployments under Your Deployed Resources.
The Summary of Deployments screen appears.
In the Deployments table, select the check box corresponding to the Reporting tool.
Do one of the following:
To start the reporting tool, click Start.
To stop the reporting tool, click Stop.
Select the required options.
To start or stop the WebLogic server on which Network Integrity is installed:
Log in to the Linux system on which Network Integrity is installed.
Open the Console window.
Go to the Domain_Home/bin folder
Do one of the following:
To start the WebLogic server
. startWebLogic.sh
To stop the WebLogic server
. stopWebLogic.sh
You can use the WebLogic scripting and command line tool to start or stop a Managed WebLogic server.
To start a Managed WebLogic server:
Run the following script:
MW_Home/user_projects/domains/domain_name/bin/startManagedWebLogic.sh managed_server_name admin_url
where:
MW_Home is the location where Fusion Middleware products (such as WebLogic Server) are installed.
domain_name is the name of the domain.
managed_server_name is the name of the managed server being started.
admin_url is the URL for the managed server being started.
At the prompt, provide your user name and password.
The managed server starts.
To stop a Managed WebLogic server:
Run the following script:
MW_Home/user_projects/domains/domain_name/bin/stopManagedWebLogic.sh managed_server_name admin_url user_name password
where:
MW_Home is the location where Fusion Middleware products (such as WebLogic Server) are installed.
domain_name is the name of the domain.
managed_server_name is the name of the managed server being stopped.
admin_url is the URL for the managed server being stopped.
At the prompt, provide your user name and password.
The managed server starts.
You add additional managed servers to an existing cluster to increase the capacity and performance of your system.
Note:
If you add new member servers to an existing cluster, the new member servers inherit all applications and services targeted to that cluster.To add a managed server to a domain:
Log in to the WebLogic server Administration Console using the Administrator credentials.
The Home screen appears.
In the Change Center, click Lock & Edit.
Under Environment, select Servers.
The Summary of Servers screen appears.
The Configuration tab is displayed by default.
Click New.
The Create a New Server screen appears.
Do the following:
In the Server Name field, enter a name for the new server.
In the Server Listen Address field, enter the IP address of the host system.
In the Server Listen Port field, enter the port number from which to access the server.
Select whether this server is a member of an existing cluster.
Click Next.
The Review Choices page of the Create a New Server screen appears.
Review the information and click Finish.
The new server appears in the Servers table.
A WebLogic server cluster is a group of multiple WebLogic servers, called member servers, working as one large server, thereby increasing the capacity, performance, and reliability of your system. The member servers can either be on the same, or different systems.
Note:
Each member server in a cluster must run the same version of WebLogic Server.To create a cluster:
Log in to the WebLogic server Administration Console using the Administrator credentials.
The Home screen appears.
In the Change Center, click Lock & Edit.
Under Environment, select Clusters.
The Summary of Clusters screen appears.
Click New.
The Create a New Cluster screen appears.
Do the following:
In the Name field, enter a name for the new cluster.
From the Messaging Mode list, choose the messaging mode for the cluster.
Oracle Recommends that you use Multicast messaging.
Configure the messaging mode settings:
For Unicast messaging, in the Unicast Broadcast Channel field, enter the channel that is used to transmit messages within the cluster.
For Multicast messaging:
In the Multicast Address field, provide the multicast address that the cluster members use to communicate with each other.
In the Multicast port field, provide the multicast port (between 1 and 65535) that the cluster members use to communicate with each other.
Click OK.
The newly created cluster in the Clusters table.
You can now add member servers to this cluster.
To add a new managed server to an existing clustered environment:
Log in to the Oracle WebLogic Server Administration Console using the Administrator credentials.
The Home screen appears.
In the Change Center, click Lock & Edit.
Under Environment, click Servers.
The Summary of Servers page appears.
Click New.
The Create a New Server page is displayed.
Do the following:
In the Server Name field, enter the name for the new managed server.
In the Server Listen Address field, enter the IP address of the managed server to add to the cluster.
In the Server Listen Port field, enter the port number of for the new managed server.
Select Yes, make this server member of existing cluster.
Click Next, and then click Finish.
Click Save.
Enable SSL for the newly added managed server:
Click Domain, and then select Environments.
Click Server, and then select the new managed server.
The Settings page for the new managed server is displayed.
Click the Configuration tab, and then click the General tab.
Select SSL Listen Port Enabled and assign a unique port in the SSL Listen Port field.
Click Save, and then click Release Lock.
During Network Integrity installation, the installer creates JMS servers for each member server of the cluster. JMS servers and filestores are among the WebLogic entities that cannot be targeted to a cluster.
Note:
The pattern followed is EntityName-N, where N is greater than 0 but less than the number of member servers in the cluster. For example, for a cluster with two member servers, these entities are named EntityName-0 and EntityName-1. Create JMS servers manually and target them to the newly added managed servers.To manually create filestores for the added managed server:
Log in to the WebLogic server Administration Console using the Administrator credentials.
The Home screen appears.
In the Change Center, click Lock & Edit.
Click Domain, and then click Services.
Select Persistent Stores New, and then click Create File Stores.
Note:
Persistent Stores New is the new persistent store.Target the new file store to the newly created servers migratable target.
Set the directory attribute to ./.
Create JDJMSServer-M-1 using the new filestore as its persistent store.
To manually create JMS server for the added managed server:
Log in to the Oracle WebLogic Server Administration Console using the Administrator credentials.
The Home screen of the Administration Console appears.
Click Lock & Edit.
Click Domain, and then click Services.
Select Messaging, and then click JMSServersNew.
Note:
JMSServersNew is the new JMS server.Change the target of JD sub-deployment to include the newly created JMS server migratable target.
Click Domain, and then select Services.
Click JMS Modules, and then select (JDJMSModule).
Click the SubDeployments tab.
Select the new JMS server as the target.
Click Save, and click Release Lock.
Start the newly created managed server.
To change the listen address to Network Integrity servers:
Log in to the WebLogic server Administration Console using the Administrator credentials.
The Home screen appears.
Select Servers under Environment.
The Summary of Servers screen appears.
Click Lock & Edit in the Change Center in the left pane.
In the Servers table, click the Network Integrity server name. It could be the Administration, or managed server.
The Settings for ServerName screen appears.
The General tab is displayed by default.
In the Listen Address field, enter the IP address of the required administration or managed server.
Click Save.
Click Release Lock.
Restart the server.
This section describes the configuration of SSL with Oracle WebLogic.
To generate a new private key and self-signed certificate in the WL_Home/server/lib directory:
Go to the lib directory of the Oracle WebLogic Server installation, and use the following keytool command with complete path of the keytool:
Java_Home/bin/keytool -genkey -alias alias -keypass keypass -keystore keystore.jks -storepass keystorepass -keyalg RSA -keysize 2048
where
Java_Home is the JDK installation directory
alias is the name
keypass is the password
keystore.jks is the key store name
keystorepass is the key store password
Note:
-keyalg and -keysize are provided to support SSL for higher versions of jdk1_7.75.At the What is your first and last name?, enter the application server host name.
Provide relevant information for the following prompts:
What is the name of your organizational unit?
What is the name of your organization?
What is the name of your City or Locality?
What is the name of your State or Province?
What is the two-letter country code for this unit?
A summary is displayed showing the information you entered, as shown in the example below:
Is CN=HostNameProvided, OU=OrganizationalUnit, O=Organization, L=Locality, ST=State, C=CountryCode correct?
Enter Yes.
The mykeystore.jks is created.
You must configure the new self-signed certificate in the WebLogic Administration Console.
To configure the new self-signed certificate in the Administration Console:
Log in to the WebLogic server Administration Console using the Administrator credentials.
The Home screen appears.
Select Servers under Environment.
The Summary of Servers screen appears.
In the Servers table, click AdminServer.
The Settings for AdminServer screen appears.
The General tab is displayed by default.
Select SSL Listen Port Enabled.
In the SSL Listen Port field, update the value as appropriate.
Click Save.
Click the Keystores tab.
From the Keystores list, select Custom Identity and Java Standard Trust.
Do the following:
In the Custom Identity Keystore field, enter the full path to your JKS file as follows:
WL_Home/server/lib/DemoIdentity.jks
In the Custom Identity Keystore Type field, enter jks.
In the Custom Identity Keystore Passphrase field, enter the keystore password.
Leave the Java standard trust key as the default.
Click Save.
Click the SSL tab.
Do the following:
From the Identity and Trust Locations list, select Keystores.
In the Private Key Alias field, enter the alias name.
In the Private Key Passphrase field, enter the private key password.
Click Advanced to expand the Advanced section.
From the Hostname Verification list, select None.
From the Two Way Client Cert Behavior list, select Client Certs Requested But Not Enforced.
Click Save.
Click Activate Changes in the Change Center in the left pane.
For more information on SSL configuration, refer to the Administration Console Help.
Note:
To replace a self-signed certificate with a production-quality certificate, or to import a trusted CA certificate into a keystore, run the following command:Keytool -import -alias alias -file cert.pem -keypass keypass -keystore keystore.jks -storepass keystorepass
Note:
If you import a trusted CA certificate, no existing entry for alias should be in the keystore.While accessing the application, the browser asks to install the certificate. Install the certificate in Trusted Root Certification Authorities.
Network Integrity has the following data sources:
CMWSPersistentDS
JobDispatcherDS
JobDispatcherPersistentDS
mds-commsNIRepository
mds_owsm
NIDatasource
NIPersistentDS
NIPomsPersistentDS
To change connection details for one or more data sources:
Log in to the WebLogic server Administration Console using the Administrator credentials.
The Home screen appears.
Under Services, select JDBC.
The Summary of Services: JDBC screen appears.
In the Section column, click Data Sources.
The Summary of JDBC Data Sources screen appears.
Click Lock & Edit.
In the Data Sources table, select a data source.
The Settings screen appears for the selected data source.
Click the Connection Pool tab.
Do the following:
In the URL field, enter the URL for the database JDBC.
In the Properties field, change database user name.
For example, user=niuser.
In the Password field, enter the database user password.
In the Confirm Password field, enter the database user password again.
Click Save.
Click Release Configuration.
Restart all Network Integrity managed servers.
Note:
In case of Oracle Real Application Cluster (RAC) DB, you must create Multi datasources for each of the NI datasources mentioned above in the beginning of this section.To configure the JTA transaction timeout:
Log in to the WebLogic server Administration Console using the Administrator credentials.
The Home screen of appears.
Under Services, select JTA.
The Settings screen appears for the selected data source.
Click the JTA tab.
Click Lock & Edit.
In the Timeout Seconds field, enter the transaction timeout seconds for active transactions.
Click Save.
Click Release Configuration.
Restart all Network Integrity managed servers.
A job refers to any of the following tasks:
Discovery job
Discrepancy job
Resolution job
Assimilation job
Inventory import job
You specify a timeout value for these jobs and configure the Job Dispatcher parameters to maximize performance.
To configure the Job Dispatcher parameters for timeout:
Log in to the WebLogic server Administration Console using the Administrator credentials.
The Home screen appears.
Under Services, select Messaging.
The Summary of Services: JMS screen appears.
Click Lock & Edit.
In the Section column, select JMS Modules.
The JMS Modules screen appears.
In the JMS Modules table, click JDJMSModule.
The Settings for JDJMSModule screen appears.
In the Summary of Resources table, click JobQueue.
The Settings for JobQueue screen appears.
Click the Overrides tab.
In the Time-to-Live Override field, enter the value in milliseconds.
This value applies to all job tasks.
Click Save.
Click Release Configuration.
Restart all Network Integrity servers.
A work item is any single unit of a Network Integrity job.
For example, a work item for a Discovery job consists of scanning a single IP address.
To configure the timeout parameter for a work item:
Log in to the WebLogic server Administration Console using the Administrator credentials.
The Home screen appears.
Under Services, select Messaging.
The Summary of Services: JMS screen appears.
Click Lock & Edit.
In the Section column, select JMS Modules.
The JMS Modules screen appears.
In the JMS Modules table, click JDJMSModule.
The Settings for JDJMSModule screen appears.
In the Summary of Resources table, select WorkItemQueue.
The Settings for WorkItemQueue screen appears.
Click the Overrides tab.
In the Time-to-Live Override field, enter the value in milliseconds.
This value applies to all work items for all job tasks.
Click Save.
Click Release Configuration.
Restart all Network Integrity servers.
For information on Node managers, and information on using a Node manager to control the starting and stopping of application managed servers, refer to Node Manager Administrator's Guide:
https://download.oracle.com/docs/cd/E12840_01/wls/docs103/nodemgr/overview.html
Caution:
For the Node manager properties file theStartScriptEnabled flag is enabled.
Change the nodemanager.properties and ensure that the following property is changed to true (default is false) as shown:
StartScriptEnabled=true
By default, Network Integrity uses JDBC JMS stores. To configure the WebLogic server to use File JMS stores instead of JDBC HMS stores:
From the WebLogic server Administration Console, create the following filestores:
CMWSPersistentFILEStore
JDPersistentFILEStore
NIPOMSPersistentFILEStore
NIPersistentFILEStore
Refer to your WebLogic Server documentation for more information.
Click JMS Servers.
Select each CMWSJMSServer and save the persistent store to CMWSPersistentFILEStore.
Select each JDJMSServer and save the persistent store to JDPersistentFILEStore.
Select each NIPOMSJMSServer and save the persistent store to NIPOMSPersistentFILEStore.
Select each NIJMSServer and save the persistent store to NIPersistentFILEStore.
Note:
In a clustered environment, there are multiple JMS servers of each type, for example: CMWSJMSServer-0, CMWSJMSServer-1, CMWSJMSServer-2, and so on.You can use the System MBean Configuration Services to perform configuration tasks on Network Integrity.
MBeans are viewed and used using the System MBean Viewer. See "Accessing the System MBean Viewer" for more information.
This section describes the MBeans available in Network Integrity. See "About Network Integrity MBeans" for more information.
This section also explains how to use MBeans to run tasks. See "About Using MBeans to Execute Configuration Tasks on Network Integrity" for more information.
The System MBean Viewer is a component of Oracle Enterprise Manager.
To view MBeans in the System MBean Viewer:
Access the Enterprise Manager using the following URL:
http://AdminServer-IP:AdminServer-PORT/em
Log on to the Enterprise Manager using WebLogic user credentials.
In the left pane, select and expand your WebLogic domain.
Right-click the server on which you are working and select System MBean Browser.
The System MBean Viewer screen appears.
MBeans for Network Integrity are found in the following directory of the System MBean Browser:
Application Defined MBeans/oracle.communications.integrity/Server: Managed_Server_Name
where Managed_Server_Name is the name of the managed server.
This section lists all the Network Integrity MBeans that you can use to perform configuration tasks on Network Integrity:
The CMWSConfigurationService MBean is located in the cmws.jmx.AdapterMXBean folder.
Use the CMWSConfigurationService MBean to recover Network Integrity from a failed state.
The CMWSConfigurationService MBean provides the following operation:
startRecoveryProcess: Starts the process to recover the Network Integrity application from a failed state.
The CMWSConfigurationService MBean has the following attributes:
StopRunningScansWaitTime: Configures the waiting time (in milliseconds) for the server to stop. The default is 240000.
RestartAppWaitTime: Configures the waiting time (in milliseconds) for Network Integrity to restart after deployment or undeployment. The default is 1800000.
The NIConfigurationService MBean is located in the ResourceProviderMXBean folder.
Use the NIConfigurationService MBean to start and stop the Age Out process.
The NIConfigurationService MBean provides the following operations:
startAgeOutProcess: Starts the age out process.
stopAgeOutProcess: Stops the age out process.
The NIConfigurationService MBean has the following attributes:
AgeOutScheduleData: Provides the age out process schedule data.
AgeoutMinResults: Configures the minimum number of latest scan results that remain after an ageout purge process. The default is 2.
AgeoutPurge: Enables or disables the age out process. The default is True.
AgeoutWindowTime: Configures the minimum age (in days) of the scan results for deletion by the age out process. The default is 90.
jobDispatcherThrottle: Configures the number of work items that can be in the Job Dispatcher queuethrottle value for JobDispatcher. For example, a value of 10 means that a maximum of 10 work item can be in the JobDispatcher queue.
LdapHost: Configures the host name or IP address of the LDAP server.
LdapPort: Configures the port number for the LDAP server.
LdapUserBase: Configures the domain name of the LDAP search base for Network Integrity users.
MinBlackPeriod: Configures the minimum blackout period (in minutes).
SSLEnable: Enables or disables SSL for the embedded LDAP server.
UIRefreshInterval: Configures the Network Integrity UI scan status pane refresh interval time (in seconds). Valid values range from 1 to 30.
The NIRegionalLinksService MBean is located in the RegionalLinksMXBean folder.
Use the NIRegionalLinksService MBean to add URLs to the Links pane of the Network Integrity interface.
The NIRegionalLinksService MBean has the following attributes:
URLn: Configures a URL on the Links pane (n can be from 1 to 30).
URLNamen: Provides a name to the configured URL, as it is to appear in the Links pane (n can be from 1 to 30).
The ActionProperties MBean is located in the ActionProperty folder.
Use the ActionProperties MBean to configure property values on a managed property group during run time.
The ActionProperties MBean provides the following operations:
addProperty: Adds a new property to a managed property group.
listProperties: Lists all properties of the specified managed property group.
listPropertyGroups: Lists all managed property groups.
removeProperty: Removes a property from a managed property group.
restorePropertyDefaultValue: Restores the default value to a managed property.
setProperty: Sets a value to a specified managed property.
The managed properties available for a particular action are explained in the Cartridge guide for the action.
The FileTransferJCA MBean is located in the FileTransferConfigMXBean folder.
Use FileTransferJCA MBean to manage the properties of the File Transfer JCA.
For information about file transfer functionality, see Network Integrity File Transfer and Parsing Guide.
The FileTransferJCA MBean has the following attribute:
LocalStorageDirectory: Configures the full path where the File Transfer JCA temporarily stores local copies of remote files. The directory must exist and be readable and writable by WebLogic Server.
For example, Middleware_Home/user_projects/domains/domain_name/servers/server_name/FileTransferAdapter, where server_name is the name of the administration or managed server.
Note:
If the File Transfer JCA is deployed to a cluster, the specified directory must be shared and be readable and writable by all servers in the cluster.This section explains the administration tasks you can perform on Network Integrity using Enterprise Manager to run MBean operations.
The startAgeOutProcess and stopAgeOutProcess operations on the NIConfigurationService MBean are used to start and stop the AgeOut process.
To start the AgeOut process for Network Integrity:
In the System MBean Browser of Enterprise Manager, select the NIConfigurationService MBean.
On the Operations tab, select startAgeOutProcess.
The Operation: startAgeOutProcess screen appears.
In the startDate field, enter the start date for the age out process in the following format:
yyyy-mm-dd hh:mm:ss z
For example, 2010-04-21 16:45:50 GMT
In the recurrenceRule field, enter the frequency as an iCalendar expression, which represents the interval at which the age out process will repeat.
Note:
You cannot specify the frequency to run the ageout start process only once.The valid formats for providing the recurrence rule are as follows:
To specify the frequency as daily, enter the following:
FREQ=DAILY;BYHOUR=09;BYMINUTE=10;BYSECOND=00;
To specify the frequency as weekly, enter the following:
FREQ=WEEKLY;BYHOUR=09;BYMINUTE=10;BYSECOND=00;BYDAY=MO, WE, TH;
In the above expression, a value of MO, WE, TH for BYDAY indicates that the ageout process will repeat on Monday, Wednesday, and Thursday of a week.
You can specify multiple days of the week. For example, BYDAY=MO, TU, WE, TH, FR, SA, SU.
To specify the frequency as monthly, do one the following:
To specify the frequency on a day from the beginning of the month, enter the following:
FREQ=MONTHLY;BYHOUR=09;BYMINUTE=10;BYSECOND=00;BYMONTHDAY=2;
In the above expression, a value of 2 for BYMONTHDAY indicates that the ageout process will repeat on the 2nd day of each month.
You must specify a number between 1 and 28 for BYMONTHDAY.
To specify the frequency on a day from end of month, enter the following:
FREQ=MONTHLY;BYHOUR=09;BYMINUTE=10;BYSECOND=00;BYMONTHDAY=-6;
In the above expression, a value of -6 for BYMONTHDAY indicates that the ageout process will repeat on the day that falls six days before the end of each month.
You must specify a number between -1 and -7 for BYMONTHDAY.
To specify the frequency on the day of the month using an ordinal and the day of the week, enter the following:
FREQ=MONTHLY;BYHOUR=09;BYMINUTE=10;BYSECOND=00;BYDAY=2MO;
In the above expression, a value of 2MO for BYDAY indicates that the ageout process will repeat on the second Monday of the month.
Supported ordinals are first (1), second (2), third (3), fourth (4), fifth (5), and last (-1).
To specify the frequency as yearly, do one of the following:
To specify the frequency for the month and the day of the year, enter the following:
FREQ=YEARLY;BYHOUR=09;BYMINUTE=10;BYSECOND=00;BYMONTH=3;BYMONTHDAY=24;
In the above expression, a value of 3 for BYMONTH and a value of 24 for BYMONTHDAY indicates that the ageout process will repeat on March 24 each year.
You must specify a number between 1 and 12 for BYMONTH and a number between 1 and 28 for BYMONTHDAY.
To specify the frequency on a day of the year using an ordinal, the day of the week, and the month, enter the following:
FREQ=YEARLY;BYHOUR=09;BYMINUTE=10;BYSECOND=00;BYDAY=2MO;BYMONTH=2;
In the above expression, a value of 2MO for BYDAY and a value of 2 for BYMONTH indicates that the ageout process will repeat on the second Monday in the month of February each year.
Supported ordinals are first (1), second (2), third (3), fourth (4), fifth (5), and last (-1).
Click Invoke.
The AgeOut process starts.
To stop the AgeOut process for Network Integrity:
In the System MBean Browser of Enterprise Manager, select the NIConfigurationService MBean.
On the Operations tab, select stopAgeOutProcess.
The Operation: stopAgeOutProcess screen appears.
Click Invoke.
The AgeOut process stops.
The AgeoutPurge attribute on the NIConfigurationService MBean is used to enable and disable the purging of scan results that are older than a specified value.
To configure the AgeoutPurge attribute:
In the System MBean Browser of Enterprise Manager, select the NIConfigurationService MBean.
On the Attributes tab, select AgeoutPurge.
The Attribute: AgeoutPurge screen appears.
In the Value list, select True to enable the Ageout Purge Process, select False to disable the Ageout Purge Process.
Click Apply.
The AgeoutMinResults attribute on the NIConfigurationService MBean is used to configure the minimum number of scan results to remain after the Ageout Purge Process is run.
To configure the AgeoutMinResults attribute:
In the System MBean Browser of Enterprise Manager, select the NIConfigurationService MBean.
On the Attributes tab, select AgeoutMinResults.
The Attribute: AgeoutMinResults screen appears.
In the Value field, enter the minimum number of scan results to remain after the Ageout Purge Process is run.
Click Apply.
The AgeoutWindowTime attribute on the NIConfigurationService MBean is used to configure the minimum number of days after which a scan result gets deleted by the Ageout Purge Process.
To configure the AgeoutWindowTime attribute:
In the System MBean Browser of Enterprise Manager, select the NIConfigurationService MBean.
On the Attributes tab, select AgeoutWindowTime.
The Attribute: AgeoutWindowTime screen appears.
In the Value field, enter the minimum number of days after which a scan result gets deleted by the Ageout Purge Process.
Click Apply.
The jobDispatcherThrottle attribute on the NIConfigurationService MBean is used to configure the number of work items permitted in the queue for the Job Dispatcher.
To configure the jobDispatcherThrottle attribute:
In the System MBean Browser of Enterprise Manager, select the NIConfigurationService MBean.
On the Attributes tab, select jobDispatcherThrottle.
The Attribute: jobDispatcherThrottle screen appears.
In the Value field, enter the number of work items permitted in the queue for the Job Dispatcher.
Click Apply.
The SSLEnable attribute on the NIConfigurationService MBean is used to enable or disable SSL for the embedded LDAP server.
To configure the SSLEnable attribute:
In the System MBean Browser of Enterprise Manager, select the NIConfigurationService MBean.
On the Attributes tab, select SSLEnable.
The Attribute: SSLEnable screen appears.
From the Value list, select True to enable SSL, select False to disable SSL.
Click Apply.
The LdapHost attribute on the NIConfigurationService MBean is used to configure the host name or IP address of the LDAP server.
To configure the LdapHost attribute:
In the System MBean Browser of Enterprise Manager, select the NIConfigurationService MBean.
On the Attributes tab, select LdapHost.
The Attribute: LdapHost screen appears.
In the Value field, enter the host name or the IP address of the LDAP server.
Click Apply.
The LdapPort attribute on the NIConfigurationService MBean is used to configure the port number of the LDAP server.
To configure the LdapPort attribute:
In the System MBean Browser of Enterprise Manager, select the NIConfigurationService MBean.
On the Attributes tab, select LdapPort.
The Attribute: LdapPort screen appears.
In the Value field, enter the port number of the LDAP server.
Click Apply.
The UIRefreshInterval attribute on the NIConfigurationService MBean is used to configure how often the scan status results are refreshed in the Network Integrity interface.
To configure the UIRefreshInterval attribute:
In the System MBean Browser of Enterprise Manager, select the NIConfigurationService MBean.
On the Attributes tab, select UIRefreshInterval.
The Attribute: UIRefreshInterval screen appears.
In the Value field, enter the number of seconds between scan result refreshes.
Click Apply.
The MinBlackPeriod attribute on the NIConfigurationService MBean is used to configure the minimum blackout period.
To configure the MinBlackPeriod attribute:
In the System MBean Browser of Enterprise Manager, select the NIConfigurationService MBean.
On the Attributes tab, select MinBlackPeriod.
The Attribute: MinBlackPeriod screen appears.
In the Value field, enter the number of minutes for the minimum blackout period.
Click Apply.
The URL and URLName attributes on the NIRegionalLinksService MBean are used to configure links on the Links panel. You can use the URL and URL attributes to add, change, and remove links from the Links panel.
To add links to the Links panel of the Network Integrity Interface:
In the System MBean Browser of Enterprise Manager, select the NIRegionalLinksService MBean.
On the Attributes tab, select a URL attribute with a blank value.
The Attribute: URL screen appears, where URL is the URL attribute you selected.
In the Value field, enter the URL you want to add to the Links panel.
Click Apply.
On the Attributes tab, select the URL name attribute that corresponds with the URL attribute.
The Attribute: URL_Name screen appears, where URL_Name is the URL name attribute you selected.
In the Value field, enter a name for the URL as you want it to appear in the Links panel.
Click Apply.
To configure links on the Links panel of the Network Integrity Interface:
In the System MBean Browser of Enterprise Manager, select the NIRegionalLinksService MBean.
On the Attributes tab, select a URL attribute with a configured value.
The Attribute: URL screen appears, where URL is the URL attribute you selected.
Do one of the following:
To modify the URL, enter a new URL in the Value field.
To delete the URL, make the Value field empty.
Click Apply.
A confirmation message appears.
Click Return.
On the Attributes tab, select the URL Name attribute that corresponds with the URL attribute.
The Attribute: URL_Name screen appears, where URL_Name is the URL Name attribute you selected.
Do one of the following:
To modify the URL name, enter a new URL name in the Value field, as you want it to appear in the Links panel of the Network Integrity interface.
To delete the URL name, make the Value field empty.
Click Apply.
A confirmation message appears.
Multiserver deployments consist of clusters, managed servers, and standalone servers in single, or multiple WebLogic Server domains. A server farm like this achieves high availability and scalability through server load balancing by appearing as a single server to client systems.
There are two types of client requests that are managed when you employ load balancing: HTTP and JMS.
This section briefly discusses these server requests and how the respective loads can be balanced.
Server load balancer (SLB) provides a virtual server acting as the single point of entry for a group of real servers and distributes requests across the real servers depending on the load balancing algorithm and the availability of the servers.
Note:
Oracle recommends the hardware-based load balancer for reliability and scalability. Hardware SLB contains application-specific integrated circuits (ASICs) that enable high-speed forwarding of network traffic, without operating system overhead.For information on server load balance requirements while working with the WebLogic server, see the following Fusion Middleware document:
https://download.oracle.com/docs/cd/E12839_01/web.1111/e13709/load_balancing.htm#CLUST175
Note:
The SLB examples provided at this link refer the F5 BIG-IP Application Switches LTM, Cisco ACE, and Brocade ServerIron.Note:
Oracle recommends the SSL acceleration module to process SSL transactions efficiently. Furthermore, it eliminates cost installing SSL certificates on all WebLogic servers.Network Integrity uses TCP-levels load balancing.
Keep the following considerations in mind for virtual server and real server configurations:
Use the following URL to identify the Network Integrity managed servers in a cluster and configure the hardware load balancer to balance the loads on UI and web service Network Integrity requests:
https://IP:Port/NetworkIntegrity/index.html
Where IP is the IP address of the Network Integrity server, and Port is the port number where the Network Integrity server is running.
Note:
Oracle recommends BIG IP LTM 3600 as a hardware load balancer.Working with sticky sessions, which basically means that a user's requests are sent to the same server where the sessions was first initiated. The server must be enabled for HTTP/HTTPS requests until it is not available.
During HTTP request processing, such as dynamic web service discovery, the response may contain a real server listening address which may not be accessible from client systems. In such scenarios, consider the following:
Use an SLB-specific feature to replace the listening address and port of a real server with the listening addresses and port of a virtual server. Because the HTTP response content is modified, you must reconfigure the HTTP content-length header. Verify with your SLB vendor if this feature is supported.
Configure the HTTP front end host and the HTTP/HTTPS front end port for the WebLogic server or cluster. This approach is recommended if SLB does not support HTTP response modification. When configured, any attempt to access real servers directly is directed back to the virtual server.
In a production environment, Network Integrity may be deployed with other Oracle Communications products, such as Unified Inventory Management (UIM). Network Integrity sends web service requests to the UIM application server for inventory import. If UIM is deployed on a cluster, the web service requests must go through the UIM virtual server. Therefore, the Network Integrity application server must be multi-homed.
Provided here are some examples of network deployment.
Management network: This network is used for system administration and software installation. This is the default WebLogic server listening address.
Client network: This network is used for client systems to send requests to the Network Integrity or UIM cluster.
Application server network: This network is used for when the server load balancer is required to distribute client requests to clusters. It is advisable that you create a network channel for each application server.
Database server network: Use this network when the application servers are required to send SQL requests to the database through JDBC.
Storage network: If SAN is deployed, WebLogic server domains, JMS file stores, and database files could be placed on SAN. For performance, JMS file stores should be separated from WebLogic domains.
Note:
You do not necessarily need multiple networks to configure an SLB. If required, you can combine a management network, application server network, and database network.Note:
Use link aggregation to increase bandwidth.For load balancing in a clustered environment, use the Apache proxy server with the Oracle WebLogic server.
See the Apache web site to download and install the Apache server:
http://httpd.apache.org/download.cgi
Download the Apache plug-in for the WebLogic server from the Oracle Technology Network web site:
http://www.oracle.com/technetwork/middleware/ias/downloads/wls-plugins-096117.html
Note:
You must accept the Oracle Technology Network License Agreement to download this software.For more information on how the plug-in works in WebLogic, see the following Oracle web site:
https://download.oracle.com/docs/cd/E13222_01/wls/docs100/plugins/apache.html
To configure the server load balancer:
Extract mod_wl_22.so for the particular operating system where Apache is running from the WebLogic plug-in you downloaded earlier.
Save the extracted files in the Modules folder of the Apache server. For example:
C:\Program Files\Apache Software Foundation\Apache2.2\modules
Open \Apache2.2\modules\httpd.conf.
Modify the file by making the following entries:
IfModule mod_weblogic.c
WebLogicCluster 10.147.240.145:7755,10.147.240.137:7744,10.147.240.145:7055,10.147.240.137:7044
MatchExpression /NetworkIntegrity/*
MatchExpression /NetworkIntegrityApp-NetworkIntegrityControlWebService-context-root/*
Debug ON
DebugConfigInfo ON
WLLogFile /opt/oracle/weblogic.log
</IfModule>
<IfModule mod_weblogic.c>
WebLogicHost 10.147.240.145
WebLogicPort 7777
MatchExpression /xmlpserver/*
</IfModule>
where WebLogicCluster is the IP address or port number of the WebLogic Server cluster, and MatchExpression has the context root of the web application.
Note:
In Network Integrity, reports are deployed on a non-clustered Managed Server. Therefore, it is recommended that you use a WebLogicHost instead of a WebLogicCluster in the<ifmodule> in the above example.Restart the HTTP server.
You can now access the application from the proxy server.
You can connect to the following services at the provided URLs:
Webservices wsdl:
http://localhost:82/NetworkIntegrityApp-NetworkIntegrityControlWebService-context-root/NetworkIntegrityControlServicePortType?wsdl
UI:
http://localhost:82/NetworkIntegrity/faces/IntegrityUIShell
Reports:
http://localhost:82/xmlpserver/
For applications that are not running within a WebLogic server instance, load balancing JMS messages is achieved by specifying the PROVIDER_URL when creating JNDI initialContext object to connect to a server or cluster.
For applications running within a WebLogic server instance, creating initialContext without providing PROVIDER_URL implicitly returns the JNDI context for the local server or cluster.
When you use the JMS Store-and-Forward (SAF) feature to provide highly-available JMS message production, by connecting a local server and reliably forwarded messages to a remote JMS destination, SAF remote context defines the URL of the remote server instance or cluster where the JMS destination is exported from. It also contains the security credentials to be authenticated and authorized in the remote cluster or server(s).
To import remote destinations from a remote cluster or servers, you must supply one of the following for the PROVIDER_URL or SAF remote context:
A comma-delimited list of DNS server names
A comma-delimited list of IP addresses
Remote cluster's cluster address defined in DNS (recommended for production environment)
The following examples are of a URL used when a remote SAF context defines a remote cluster from which it imports distributed destination members:
<URL> t3://192.180.0.10:7012,192.168.0.11:7012,192.168.0.12:7012</URL>
<URL> t3://192.180.0.10:7012,192.168.0.11:7012,192.168.0.12:7012</URL>
where, UIMCluster is the cluster address for the UIM application cluster consisting of servers with IP addresses 192.168.0.10, 192.168.0.11, and 192.168.0.12.
Note:
Server load balancer has no part in load balancing JMS messages and may be used only for initial host name resolution.For more information on configuring the F5 BIG-IP LTM for WebLogic Server, refer to the following F5 document:
http://www.f5.com/pdf/deployment-guides/f5-weblogic10-dg.pdf
For information on Oracle Fusion Middleware Configuring and Managing Store-and-Forward for Oracle WebLogic Server, see the documentation at the following Oracle web site:
https://download.oracle.com/docs/cd/E12839_01/web.1111/e13742/toc.htm