7 Procuring Resources for an Enterprise Deployment
It is essential to procure the required hardware, software, and network settings before you configure the Oracle Identity and Access Management reference topology.
This chapter provides information on how to reserve the required IP addresses and identify and obtain software downloads for an enterprise deployment.
- Hardware and Software Requirements for the Enterprise Deployment Topology
It is important to understand the hardware load balancer requirements, host computer hardware requirements, and operating system requirements for the enterprise deployment topology. - Exalogic Requirements for an Enterprise Deployment
- Reserving the Required IP Addresses for an Enterprise Deployment
You have to obtain and reserve a set of IP addresses before you install and configure the enterprise topology. The set of IP addresses that need to be reserved are listed in this section. - Identifying and Obtaining Software Distributions for an Enterprise Deployment
Before you begin to install and configure the enterprise topology, you must obtain the software distributions that you need to implement the topology.
Parent topic: Preparing for an Enterprise Deployment
Hardware and Software Requirements for the Enterprise Deployment Topology
It is important to understand the hardware load balancer requirements, host computer hardware requirements, and operating system requirements for the enterprise deployment topology.
This section includes the following sections.
- Hardware Load Balancer Requirements
The section lists the wanted features of the external load balancer. - Host Computer Hardware Requirements
This section provides information to help you procure host computers that are configured to support the enterprise deployment topologies. - Operating System Requirements for an Enterprise Deployment Topology
This section provides details about the operating system requirements.
Parent topic: Procuring Resources for an Enterprise Deployment
Hardware Load Balancer Requirements
The section lists the wanted features of the external load balancer.
The enterprise topology uses an external load balancer. The features of the external load balancer are:
-
Ability to load-balance traffic to a pool of real servers through a virtual host name: Clients access services by using the virtual host name (instead of using actual host names). The load balancer can then load balance requests to the servers in the pool.
-
Port translation configuration should be possible so that incoming requests on the virtual host name and port are directed to a different port on the backend servers.
-
Monitoring of ports on the servers in the pool to determine availability of a service.
-
Ability to configure names and ports on your external load balancer. The virtual server names and ports must meet the following requirements:
-
The load balancer should allow configuration of multiple virtual servers. For each virtual server, the load balancer should allow configuration of traffic management on more than one port. For example, for Oracle HTTP Server in the web tier, the load balancer needs to be configured with a virtual server and ports for HTTP and HTTPS traffic.
-
The virtual server names must be associated with IP addresses and be part of your DNS. Clients must be able to access the external load balancer through the virtual server names.
-
-
Ability to detect node failures and immediately stop routing traffic to the failed node.
-
It is highly recommended that you configure the load balancer to be in fault-tolerant mode.
-
It is highly recommended that you configure the load balancer virtual server to return immediately to the calling client when the backend services to which it forwards traffic are unavailable. This is preferred over the client disconnecting on its own after a timeout based on the TCP/IP settings on the client machine.
-
Ability to maintain sticky connections to components. Examples of this include cookie-based persistence, IP-based persistence, and so on.
-
The load balancer should be able to terminate SSL requests at the load balancer and forward traffic to the backend real servers by using the equivalent non-SSL protocol (for example, HTTPS to HTTP).
-
SSL acceleration (this feature is recommended, but not required for the enterprise topology).
Host Computer Hardware Requirements
This section provides information to help you procure host computers that are configured to support the enterprise deployment topologies.
It includes the following topics.
- General Considerations for Enterprise Deployment Host Computers
This section specifies the general considerations that are required for the enterprise deployment host computers. - Reviewing the Oracle Fusion Middleware System Requirements
This section provides reference to the system requirements information to help you ensure that the environment meets the necessary minimum requirements. - Typical Memory, File Descriptors, and Processes Required for an Enterprise Deployment
This section specifies the typical memory, number of file descriptors, and operating system processes and tasks details that are required for an enterprise deployment. - Typical Disk Space Requirements for an Enterprise Deployment
This section specifies the disk space that is typically required for this enterprise deployment.
General Considerations for Enterprise Deployment Host Computers
This section specifies the general considerations that are required for the enterprise deployment host computers.
Before you start the process of configuring an Oracle Fusion Middleware enterprise deployment, you must perform the appropriate capacity planning to determine the number of nodes, CPUs, and memory requirements for each node depending on the specific system's load as well as the throughput and response requirements. These requirements vary for each application or custom Oracle Identity and Access Management system being used.
The information in this chapter provides general guidelines and information that helps you determine the host computer requirements. It does not replace the need to perform capacity planning for your specific production environment.
Note:
As you obtain and reserve the host computers in this section, note the host names and system characteristics in the Enterprise Deployment workbook. You will use these addresses later when you enable the IP addresses on each host computer. See Using the Enterprise Deployment Workbook.
Parent topic: Host Computer Hardware Requirements
Reviewing the Oracle Fusion Middleware System Requirements
This section provides reference to the system requirements information to help you ensure that the environment meets the necessary minimum requirements.
Review the Oracle Fusion Middleware System Requirements and Specifications to ensure that your environment meets the minimum installation requirements for the products that you are installing.
The Requirements and Specifications document contains information about general Oracle Fusion Middleware hardware and software requirements, minimum disk space and memory requirements, database schema requirements, and the required operating system libraries and packages.
It also provides some general guidelines for estimating the memory requirements for your Oracle Fusion Middleware deployment.
Parent topic: Host Computer Hardware Requirements
Typical Memory, File Descriptors, and Processes Required for an Enterprise Deployment
This section specifies the typical memory, number of file descriptors, and operating system processes and tasks details that are required for an enterprise deployment.
The following table summarizes the memory, file descriptors, and processes required for the Administration Server and each of the Managed Servers computers in a typical Oracle Identity and Access Management enterprise deployment. These values are provided as an example only, but they can be used to estimate the minimum amount of memory required for an initial enterprise deployment.
The example in this topic reflects the minimum requirements for configuring the Managed Servers and other services required on OAMHOST1, as depicted in the reference topologies.
When you procure systems, use the information in the Approximate Top Memory column as a guide when determining the minimum physical memory that each host computer should have available.
After you procure the host computer hardware and verify the operating system requirements, review the software configuration to be sure that the operating system settings are configured to accommodate the number of open files listed in the File Descriptors column and the number processes listed in the Operating System Processes and Tasks column.
See Setting the Open File Limit and Number of Processes Settings on UNIX Systems.
| Managed Server, Utility, or Service | Approximate Top Memory | Number of File Descriptors | Operating System Processes and Tasks |
|---|---|---|---|
|
Access Administration Server |
3.5 GB |
1300 |
180 |
|
Governance Administration Server |
3.5 GB |
2100 |
100 |
|
WLS_SOA |
2.0 GB |
1400 |
210 |
|
WLS_OIM |
8 GB |
1400 |
190 |
|
WLS_OAM |
1.0 GB |
900 |
170 |
|
WLS_AMA |
2.0 GB |
1200 |
160 |
|
WLS_WSM |
3.0 GB |
200 |
130 |
|
WLST (connection to the Node Manager) |
1.5 GB |
910 |
20 |
|
Configuration Wizard |
1.5 GB |
700 |
20 |
|
Node Manager |
268 MB |
300 |
20 |
|
Node Manager (per domain) |
1.0 GB |
720 |
15 |
|
TOTAL |
22.0 GB* |
14430 |
805 |
* Approximate total, with consideration for Operating System and other additional memory requirements.
Parent topic: Host Computer Hardware Requirements
Typical Disk Space Requirements for an Enterprise Deployment
This section specifies the disk space that is typically required for this enterprise deployment.
For the latest disk space requirements for the Oracle Fusion Middleware 12c(12.2.1.3.0) products, including the Oracle Identity and Access Management products, review the Oracle Fusion Middleware System Requirements and Specifications.
In addition, the following table summarizes the disk space that is typically required for an Oracle Identity and Access Management enterprise deployment.
Use the this information and the information in Preparing the File System for an Enterprise Deployment to determine the disk space requirements required for your deployment.
| Server | Disk |
|---|---|
|
Database |
nXm n = number of disks, at least 4 (striped as one disk) m = size of the disk (minimum of 30 GB) |
|
WEBHOSTn |
10 GB |
|
OAMHOSTn |
10 GB* |
|
OIMHOSTn |
10 GB* |
|
LDAPHOSTn |
10 GB* |
* For a shared storage Oracle home configuration, two installations suffice by making a total of 20 GB.
Parent topic: Host Computer Hardware Requirements
Operating System Requirements for an Enterprise Deployment Topology
This section provides details about the operating system requirements.
The Oracle Fusion Middleware software products and components that are described in this guide are certified on various operating systems and platforms, which are listed in Oracle Fusion Middleware System Requirements and Specifications.
Note:
This guide focuses on the implementation of the enterprise deployment reference topology on Oracle Linux systems.
The topology can be implemented on any certified, supported operating system, but the examples in this guide typically show the commands and configuration steps as they should be performed by using the bash shell on Oracle Linux.
Exalogic Requirements for an Enterprise Deployment
This section describes Exalogic requirements for an enterprise deployment.
This section contains the following topics:
- Exalogic Virtual Server Requirements
- About Private Networks
- About Exalogic Elastic Cloud Networks
- About Virtual Server Templates
Parent topic: Procuring Resources for an Enterprise Deployment
Exalogic Virtual Server Requirements
If you are deploying onto an Exalogic Virtual deployment then you will need to create the following virtual servers in order to be able to host a typical Oracle Identity and Access Management Enterprise Deployment.
Note:
As you obtain and reserve the host computers in this section, note the host names and system characteristics in the Enterprise Deployment Workbook. Use these addresses later when you enable the IP addresses on each host computer. For more information, see Using the Enterprise Deployment Workbook.
Parent topic: Exalogic Requirements for an Enterprise Deployment
Virtual Servers Required for IAM on Exalogic
When you deploy the Oracle Identity and Access Management software as part of a virtual configuration on an Exalogic system, then you must be sure to configure the vServers.
Table 7-1 vServer Information
| Name | vServerType | Virtual Networks | Host Name | Distribution Group |
|---|---|---|---|---|
|
OTDHOST1 |
LARGE |
IPoIB-EDGFoot 1 EoIB-clientFoot 2 IPoIB-StorageFoot 3 |
OTDHOST1 OTDHOST1-ext OTDHOST1-stor |
IAM_OTD |
|
OTDHOST2 |
LARGE |
IPoIB-EDG EoIB-client IPoIB-Storage |
OTDHOST2 OTDHOST2-ext OTDHOST2-stor |
IAM_OTD |
|
OAMHOST1 |
EXTRA_LARGE |
IPoIB-EDG EoIB-client IPoIB-Storage |
OAMHOST1 OAMHOST1-ext OAMHOST1-stor |
IAM_IAD |
|
OAMHOST2 |
EXTRA_LARGE |
IPoIB-EDG EoIB-client IPoIB-Storage |
OAMHOST2 OAMHOST2-ext OAMHOST2-stor |
IAM_IAD |
|
OIMHOST1 |
EXTRA_LARGE |
IPoIB-EDG EoIB-client IPoIB-Storage |
OIMHOST1 OIMHOST1-ext OIMHOST1-stor |
IAM_IAG |
|
OIMHOST2 |
EXTRA_LARGE |
IPoIB-EDG EoIB-client IPoIB-Storage |
OIMHOST2 OIMHOST2-ext OIMHOST2-stor |
IAM_IAG |
|
LDAPHOST1 |
EXTRA_LARGE |
IPoIB-EDG IPoIB-Storage |
LDAPHOST1 LDAPHOST1-stor |
IAM_LDAP |
|
LDAPHOST2 |
EXTRA_LARGE |
IPoIB-EDG IPoIB-Storage |
LDAPHOST2 LDAPHOST2-stor |
IAM_LDAP |
Footnote 1
IPoIB-EDG is the internal IPoIB network used for inter vServer communication. This is only required if you plan to use this network. If you plan on putting everything on the EoIB network, this is not required.
Footnote 2
EoIB-client is the Client Access Network which connects to the corporate ethernet
Footnote 3
IPoIB-Storage is the internal network that vServers use to communicate with the ZFS storage appliance.
Parent topic: Exalogic Virtual Server Requirements
About Distribution Groups
Distribution groups are used to ensure that the same application running in multiple virtual servers do not all run on the same physical host. By preventing different vServers of the same type running on the same physical server, you prevent the failure of the underlying physical server from taking out the complete system.
For an Oracle Fusion Middleware Enterprise Deployment you need to the following Distribution Groups:
-
EDG_OTD: Prevents two Oracle Traffic Director Servers from running on the same physical server
-
EDG_OAM: Prevents two IAMAccessDomain Servers from running on the same physical server
-
EDG_OIM: Prevents two IAMGovernanceDomain Servers from running on the same physical server
-
EDG_LDAP: Prevents two LDAP servers running on the same physical server.
Parent topic: Exalogic Virtual Server Requirements
About Private Networks
If you are going to keep interapp communication on the internal network. Then you must create a private VLAN. In virtual Exalogic this is done via EMOC, in physical Exalogic this is done manually. When creating a private network in EMOC for IAM, you must allow space for at least 20 IP addresses. Instructions for doing this are in the Exalogic Hardware Enterprise Deployment Guide.
Parent topic: Exalogic Requirements for an Enterprise Deployment
About Exalogic Elastic Cloud Networks
When you commission Exalogic Elastic cloud a number of networks will be available for attachment to your virtual servers. The names may differ depending on how they were created at commissioning but the networks you will need are:
-
EoIB-Client - This is the network used to connect to the main corporate network. Often known as the external network.
-
IPoIB-EDG - This is the private network used for inter app communication. The outside world cannot connect to it.
-
IPoIB-Storage - This is the private network that virtual servers use to connect to the ZFS storage appliance.
Parent topic: Exalogic Requirements for an Enterprise Deployment
About Virtual Server Templates
When you commission the Oracle Exalogic Elastic Cloud, a number of virtual server templates will be used.
The following are the typical virtual server templates that are created in Oracle Exalogic Elastic Cloud. You can customize these values depending on the results of your capacity planning.
Table 7-2 Virtual Server Templates
| Type | Description | Memory (GB) | Number of Virtual CPUs |
|---|---|---|---|
|
VERY_LARGE |
Large Memory Intensive Applications |
20 |
6 |
|
EXTRA_LARGE |
CPU Intensive Applications |
16 |
6 |
|
LARGE |
Average Intensity Applications |
8 |
2 |
|
SMALL |
Low intensity applications |
4 |
1 |
Parent topic: Exalogic Requirements for an Enterprise Deployment
Reserving the Required IP Addresses for an Enterprise Deployment
You have to obtain and reserve a set of IP addresses before you install and configure the enterprise topology. The set of IP addresses that need to be reserved are listed in this section.
Before you begin installing and configuring the enterprise topology, you must obtain and reserve a set of IP addresses:
-
Physical IP (IP) addresses for each of the host computers that you have procured for the topology
-
A virtual IP (VIP) address for the Administration Server
-
Additional VIP addresses for each Managed Server that is configured for Whole Server Migration
For Fusion Middleware 12c products that support Automatic Service Migration, VIPs for the Managed Servers are typically not necessary.
-
A unique virtual host name to be mapped to each VIP.
You can then work with your network administrator to be sure that these required VIPs are defined in your DNS server. Alternatively, for non-production environments, you can use the /etc/hosts file to define these virtual hosts.
For more information, see the following topics.
- What is a Virtual IP (VIP) Address?
This section defines the virtual IP address and specifies its purpose. - Why Use Virtual Host Names and Virtual IP Addresses?
For an enterprise deployment, in particular, it is important that a set of VIPs--and the virtual host names to which they are mapped--are reserved and enabled on the corporate network. - Physical and Virtual IP Addresses Required by the Enterprise Topology
This section describes the physical IP (IP) and virtual IP (VIP) addresses that are required for the Administration Server and each of the Managed Servers in a typical Oracle Identity and Access Management enterprise deployment topology.
Parent topic: Procuring Resources for an Enterprise Deployment
What is a Virtual IP (VIP) Address?
This section defines the virtual IP address and specifies its purpose.
A virtual IP address is an unused IP Address that belongs to the same subnet as the host's primary IP address. It is assigned to a host manually. If a host computer fails, the virtual address can be assigned to a new host in the topology. For the purposes of this guide, virtual IP addresses are referenced, which can be reassigned from one host to another, and physical IP addresses are referenced, which are assigned permanently to hardware host computer.
Why Use Virtual Host Names and Virtual IP Addresses?
For an enterprise deployment, in particular, it is important that a set of VIPs--and the virtual host names to which they are mapped--are reserved and enabled on the corporate network.
Alternatively, host names can be resolved through appropriate /etc/hosts file propagated through the different nodes.
In the event of the failure of the host computer where the IP address is assigned, the IP address can be assigned to another host in the same subnet, so that the new host can take responsibility for running the Managed Servers that are assigned to it.
The reassignment of virtual IP address for the Administration Server must be performed manually, but the reassignment of virtual IP addresses for Managed Servers can be performed automatically by using the Whole Server Migration feature of Oracle WebLogic Server.
Whether you should use Whole Server Migration or not depends upon the products that you are deploying and whether they support Automatic Service Migration.
Physical and Virtual IP Addresses Required by the Enterprise Topology
This section describes the physical IP (IP) and virtual IP (VIP) addresses that are required for the Administration Server and each of the Managed Servers in a typical Oracle Identity and Access Management enterprise deployment topology.
Before you begin to install and configure the enterprise deployment, reserve a set of host names and IP addresses that correspond to the VIPs in Table 7-3.
You can assign any unique host name to the VIPs, but in this guide, each VIP is referenced by using the suggested host names in the table.
Note:
As you obtain and reserve the IP addresses and their corresponding virtual host names in this section, note the values of the IP addresses and host names in the Enterprise Deployment workbook. You will use these addresses later when you enable the IP addresses on each host computer. See Using the Enterprise Deployment Workbook .
Table 7-3 Summary of the Virtual IP Addresses Required for the Enterprise Deployment
| Virtual IP | VIP Maps to... | Description |
|---|---|---|
|
VIP1 |
IADADMINVHN |
IADADMINVHN is the virtual host name used as the listen address for the Administration Server used by the IAMAccessDomain and fails over with manual failover of the Administration Server. It is enabled on the node where the Administration Server process is running. |
|
VIP2 |
IGDADMINVHN |
IGDADMINVHN is the virtual host name used as the listen address for the Administration Server used by the IAMGovernacneDomain and fails over with manual failover of the Administration Server. It is enabled on the node where the Administration Server process is running. |
|
VIP3 |
OTDADMINVHN |
OTDADMINVHN is the virtual host name used as the listen address for the Administration Server used by the OTDDomain and fails over with manual failover of the Administration Server. It is enabled on the node where the Administration Server process is running. This is only required if you are using Oracle Traffic Director. |
If you are planning on using wholeserver migration rather than service migration for Oracle Identity Governance, you need the following additional VIPS:
Table 7-4 Summary of the Virtual IP Addresses Required for Whole Server Migration
| Virtual IP | VIP Maps to... | Description |
|---|---|---|
| VIP1 | OIMHOSTxVHN1 | OIMHOSTxVHN1 is used by the WLS_OIM managed servers. |
| VIP2 | OIMHOSTxVHN2 | OIMHOSTxVHN2 is used by the WLS_SOA managed servers. |
| VIP3 | OIMHOSTxVHN3 | OIMHOSTxVHN3 is used by the WLS_WSM managed servers. |
In the above examples, x denotes the host name. For example, OIMHOST1VHN1.
Identifying and Obtaining Software Distributions for an Enterprise Deployment
Before you begin to install and configure the enterprise topology, you must obtain the software distributions that you need to implement the topology.
The following table lists the distributions used in this guide.
For general information about how to obtain Oracle Fusion Middleware software, see Obtaining Product Distributions in Planning an Installation of Oracle Fusion Middleware.
For more specific information about locating and downloading specific Oracle Fusion Middleware products, see the Oracle Fusion Middleware Download, Installation, and Configuration Readme Files on OTN.
Note:
The information in this guide is meant to complement the information contained in the Oracle Fusion Middleware certification matrixes. If there is a conflict of information between this guide and the certification matrixes, then the information in the certification matrixes must be considered the correct version, as they are frequently updated.| Distribution | Installer File Name | Description |
|---|---|---|
|
Oracle Fusion Middleware 12c (12.2.1.3.0) Infrastructure |
|
Download this distribution to install the Oracle Fusion Middleware Infrastructure, which includes Oracle WebLogic Server and Java Required Files software required for Oracle Fusion Middleware products. This distribution also installs the Repository Creation Utility (RCU), which in previous Oracle Fusion Middleware releases was packaged in its own distribution. |
|
Oracle HTTP Server 12c (12.2.1.3.0) |
|
Download this distribution to install the Oracle HTTP Server software on the Web Tier. |
|
Oracle Traffic Director 12c (12.2.1.3.0) |
|
Download this distribution to install the Oracle Traffic Director software. |
|
Oracle Unified Directory 12c (12.2.1.3.0) |
|
Download this distribution to install the Oracle Unified Directory software. |
|
Oracle Internet Directory 12c (12.2.1.3.0) |
|
Download this distribution to install the Oracle Internet Directory software. |
|
Oracle Identity and Access Management 12c (12.2.1.3.0) |
|
Download this distribution to install the Oracle Identity and Access Management software. |
|
Oracle SOA Suite 12c (12.2.1.3.0) |
|
Download this distribution to install the Oracle SOA Suite software. |
|
Oracle Identity Manager Connector Bundle (x.x.x.x) |
Download this distribution to Install the Oracle Identity Manager Connectors. |
Note:
Some of the functionality in this document requires that you apply Bundle Patch 2 (BP2) or later.Parent topic: Procuring Resources for an Enterprise Deployment