6 Procuring Resources for an Enterprise Deployment

It is essential to procure the required hardware, software, and network settings before you configure the Oracle Identity and Access Management reference topology.

This chapter provides information on how to reserve the required IP addresses and identify and obtain software downloads for an enterprise deployment.

Parent topic: Preparing for an Enterprise Deployment

Hardware and Software Requirements for the Enterprise Deployment Topology

It is important to understand the hardware load balancer requirements, host computer hardware requirements, and operating system requirements for the enterprise deployment topology.

This section includes the following sections.

Parent topic: Procuring Resources for an Enterprise Deployment

External Load Balancer Requirements

The section lists the requirements of the external load balancer.

The enterprise topology uses an external load balancer. The features of the external load balancer are:

  • Ability to load-balance traffic to a pool of real servers through a virtual host name: Clients access services by using the virtual host name (instead of using actual host names). The load balancer can then load balance requests to the servers in the pool.

  • Port translation configuration should be possible so that incoming requests on the virtual host name and port are directed to a different port on the backend servers.

  • Monitoring of ports on the servers in the pool to determine availability of a service.

  • Ability to configure names and ports on your external load balancer. The virtual server names and ports must meet the following requirements:

    • The load balancer should allow configuration of multiple virtual servers. For each virtual server, the load balancer should allow configuration of traffic management on more than one port. For example, for Oracle HTTP Server in the web tier, the load balancer needs to be configured with a virtual server and ports for HTTP and HTTPS traffic.

    • The virtual server names must be associated with IP addresses and be part of your DNS. Clients must be able to access the external load balancer through the virtual server names.

  • Ability to detect node failures and immediately stop routing traffic to the failed node.

  • It is highly recommended that you configure the load balancer to be in fault-tolerant mode.

  • It is highly recommended that you configure the load balancer virtual server to return immediately to the calling client when the backend services to which it forwards traffic are unavailable. This is preferred over the client disconnecting on its own after a timeout based on the TCP/IP settings on the client machine.

  • Ability to maintain sticky connections to components. Examples of this include cookie-based persistence, IP-based persistence, and so on.

  • The load balancer should be able to terminate SSL requests at the load balancer and forward traffic to the backend real servers by using the equivalent non-SSL protocol (for example, HTTPS to HTTP).

  • In this Enterprise Deployment Guide, SSL listeners are used for the Oracle HTTP Servers and the Oracle WebLogic Servers. The load balancer should therefore be able to establish SSL communication with the backend servers in its pools.

  • The ability to route TCP/IP requests. This is a requirement for LDAP

  • SSL acceleration (this feature is recommended, but not required for the enterprise topology).

Parent topic: Hardware and Software Requirements for the Enterprise Deployment Topology

Host Computer Hardware Requirements

This section provides information to help you procure host computers that are configured to support the enterprise deployment topologies.

It includes the following topics.

Parent topic: Hardware and Software Requirements for the Enterprise Deployment Topology

General Considerations for Enterprise Deployment Host Computers

This section specifies the general considerations that are required for the enterprise deployment host computers.

Before you start the process of configuring an Oracle Fusion Middleware enterprise deployment, you must perform the appropriate capacity planning to determine the number of nodes, CPUs, and memory requirements for each node depending on the specific system's load as well as the throughput and response requirements. These requirements vary for each application or custom Oracle Identity and Access Management system being used.

The information in this chapter provides general guidelines and information that helps you determine the host computer requirements. It does not replace the need to perform capacity planning for your specific production environment.

Note:

As you obtain and reserve the host computers in this section, note the host names and system characteristics in the Enterprise Deployment workbook. You will use these addresses later when you enable the IP addresses on each host computer. See Using the Enterprise Deployment Workbook.

Reviewing the Oracle Fusion Middleware System Requirements

This section provides reference to the system requirements information to help you ensure that the environment meets the necessary minimum requirements.

Review the Oracle Fusion Middleware System Requirements and Specifications to ensure that your environment meets the minimum installation requirements for the products that you are installing.

The Requirements and Specifications document contains information about general Oracle Fusion Middleware hardware and software requirements, minimum disk space and memory requirements, database schema requirements, and the required operating system libraries and packages.

It also provides some general guidelines for estimating the memory requirements for your Oracle Fusion Middleware deployment.

Typical Memory, File Descriptors, and Processes Required for an Enterprise Deployment

This section specifies the typical memory, number of file descriptors, and operating system processes and tasks details that are required for an enterprise deployment.

The following table summarizes the memory, file descriptors, and processes required for the Administration Server and each of the Managed Servers computers in a typical Oracle Identity and Access Management enterprise deployment. These values are provided as an example only, but they can be used to estimate the minimum amount of memory required for an initial enterprise deployment.

The example in this topic reflects the minimum requirements for configuring the Managed Servers and other services required on OAMHOST1, as depicted in the reference topologies.

When you procure systems, use the information in the Approximate Top Memory column as a guide when determining the minimum physical memory that each host computer should have available.

After you procure the host computer hardware and verify the operating system requirements, review the software configuration to be sure that the operating system settings are configured to accommodate the number of open files listed in the File Descriptors column and the number processes listed in the Operating System Processes and Tasks column.

See Setting the Open File Limit and Number of Processes Settings on UNIX Systems.

Table 6-1 Typical Memory, File Descriptors, and Processes Required for an Enterprise Deployment

Managed Server, Utility, or Service Approximate Top Memory Number of File Descriptors Operating System Processes and Tasks

Access Administration Server

3.5 GB

2300

180

Governance Administration Server

4.5 GB

2100

100

soa_server

6.0 GB

3100

240

oim_server

8 GB

1400

190

oam_server

2.7 GB

2000

170

oam_policy_mgr

2.88 GB

1700

160

WLST (connection to the Node Manager)

1.5 GB

910

20

Configuration Wizard

1.5 GB

700

20

Node Manager

1.0 GB

300

20

TOTAL

31.58 GB*

14510

1100

* Approximate total, with consideration for Operating System and other additional memory requirements.

Typical Disk Space Requirements for an Enterprise Deployment

This section specifies the disk space that is typically required for this enterprise deployment.

For the latest disk space requirements for the Oracle Fusion Middleware 14c (14.1.2.1.0) products, including the Oracle Identity and Access Management products, review the Oracle Fusion Middleware System Requirements and Specifications.

In addition, the following table summarizes the disk space that is typically required for an Oracle Identity and Access Management enterprise deployment.

Use the this information and the information in Preparing the File System for an Enterprise Deployment to determine the disk space requirements required for your deployment.

Server Disk

Database

nXm

n = number of disks, at least 4 (striped as one disk)

m = size of the disk (minimum of 30 GB)

WEBHOSTn

10 GB

OAMHOSTn

10 GB*

OIGHOSTn

10 GB*

LDAPHOSTn

10 GB*

* For a shared storage Oracle home configuration, two installations suffice by making a total of 20 GB.

Operating System Requirements for an Enterprise Deployment Topology

This section provides details about the operating system requirements.

The Oracle Fusion Middleware software products and components that are described in this guide are certified on various operating systems and platforms, which are listed in Oracle Fusion Middleware System Requirements and Specifications.

Note:

This guide focuses on the implementation of the enterprise deployment reference topology on Oracle Linux systems.

The topology can be implemented on any certified, supported operating system, but the examples in this guide typically show the commands and configuration steps as they should be performed by using the bash shell on Oracle Linux.

Parent topic: Hardware and Software Requirements for the Enterprise Deployment Topology

About Private Networks

A private network enables you to keep inter-application communications within the private network, providing communication that is both faster and more secure. By keeping inter-application traffic inside the private network, you do not expose traffic to the internet. To use a private network, you have to create a private VLAN.

Parent topic: Hardware and Software Requirements for the Enterprise Deployment Topology

About Virtual Server Templates

You can customize the values of the Virtual Server Templates depending on the results of your capacity planning.

The following are the typical virtual server templates that you can customize.

Table 6-2 Virtual Server Templates

Type Description Memory (GB) Number of Virtual CPUs

VERY_LARGE

Large Memory Intensive Applications

20

6

EXTRA_LARGE

CPU Intensive Applications

16

6

LARGE

Average Intensity Applications

8

2

SMALL

Low intensity applications

4

1

Parent topic: Hardware and Software Requirements for the Enterprise Deployment Topology

Reserving the Required IP Addresses for an Enterprise Deployment

You have to obtain and reserve a set of IP addresses before you install and configure the enterprise topology. The set of IP addresses that need to be reserved are listed in this section.

Before you begin installing and configuring the enterprise topology, you must obtain and reserve a set of IP addresses:

  • Physical IP (IP) addresses for each of the host computers that you have procured for the topology

  • A virtual IP (VIP) address for the Administration Servers and a virtual host name mapped to this VIP

  • VIPs are not required for any of the Managed Servers in the FMW IAM Enterprise Deployment since all components support Automatic Service Migration.

    For Fusion Middleware 14c products that support Automatic Service Migration, VIPs for the Managed Servers are typically not necessary.

You can then work with your network administrator to be sure that these required VIPs are defined in your DNS server. Alternatively, for non-production environments, you can use the /etc/hosts file to define these virtual hosts.

For more information, see the following topics.

Parent topic: Procuring Resources for an Enterprise Deployment

What is a Virtual IP (VIP) Address?

This section defines the virtual IP address and specifies its purpose.

A virtual IP address is an unused IP Address that belongs to the same subnet as the host's primary IP address. It is assigned to a host manually. If a host computer fails, the virtual address can be assigned to a new host in the topology. For the purposes of this guide, virtual IP addresses are referenced, which can be reassigned from one host to another, and physical IP addresses are referenced, which are assigned permanently to hardware host computer.

Parent topic: Reserving the Required IP Addresses for an Enterprise Deployment

Why Use Virtual Host Names and Virtual IP Addresses?

For an enterprise deployment, in particular, it is important that a set of VIPs and the virtual host names to which they are mapped are reserved and enabled on the corporate network.

Alternatively, host names can be resolved through the appropriate /etc/hosts file propagated through the different nodes.

The Oracle Identity Governance product supports Automatic Service Migration. As a result, it is no longer necessary to reserve VIPs for each of the Managed Servers in the domain. Instead, a VIP is required for the Administration Server only.

In the event of the failure of the host computer where the IP address is assigned, the IP address can be assigned to another host in the same subnet so that the new host can take responsibility for running the Admin Server. The reassignment of virtual IP address for the Administration Server must be performed manually.

Note:

Regardless the use of virtual or physical IPs, Oracle also recommends that you use aliases to map to different IPs in different data centers in preparation for disaster recovery. It is recommended to use these aliases to configure the listen address for the components. This approach will be used in this guide.

Parent topic: Reserving the Required IP Addresses for an Enterprise Deployment

Physical and Virtual IP Addresses Required by the Enterprise Topology

This section describes the physical IP (IP) and virtual IP (VIP) addresses that are required for the Administration Server and each of the Managed Servers in a typical Oracle Identity and Access Management enterprise deployment topology.

Before you begin to install and configure the enterprise deployment, reserve a set of host names and IP addresses that correspond to the VIPs in Table 6-3.

You can assign any unique host name to the VIPs, but in this guide, each VIP is referenced by using the suggested host names in the table.

Note:

As you obtain and reserve the IP addresses and their corresponding virtual host names in this section, note the values of the IP addresses and host names in the Enterprise Deployment workbook. You will use these addresses later when you enable the IP addresses on each host computer. See Using the Enterprise Deployment Workbook .

Table 6-3 Summary of the Virtual IP Addresses Required for the Enterprise Deployment

Virtual IP VIP Maps to... Description

VIP1

IADADMINVHN

IADADMINVHN is the virtual host name used as the listen address for the Administration Server used by the IAMAccessDomain and fails over with manual failover of the Administration Server. It is enabled on the node where the Administration Server process is running.

VIP2

IGDADMINVHN

IGDADMINVHN is the virtual host name used as the listen address for the Administration Server used by the IAMGovernacneDomain and fails over with manual failover of the Administration Server. It is enabled on the node where the Administration Server process is running.

Parent topic: Reserving the Required IP Addresses for an Enterprise Deployment

Identifying and Obtaining Software Distributions for an Enterprise Deployment

Before you begin to install and configure the enterprise topology, you must obtain the software distributions that you need to implement the topology.

The following table lists the distributions used in this guide.

For general information about how to obtain Oracle Fusion Middleware software, see Obtaining Product Distributions in Planning an Installation of Oracle Fusion Middleware.

For more specific information about locating and downloading specific Oracle Fusion Middleware products, see the Oracle Fusion Middleware Download, Installation, and Configuration Readme Files on OTN.

Note:

The information in this guide is meant to complement the information contained in the Oracle Fusion Middleware certification matrixes. If there is a conflict of information between this guide and the certification matrixes, then the information in the certification matrixes must be considered the correct version, as they are frequently updated.

Table 6-4 Oracle Fusion Middleware Distributions

Distribution Description Installer File Name Mandatory Patches

Oracle Identity Management quick installer 14c (14.1.2.1.0)

Download this distribution to install the Oracle Fusion Middleware Infrastructure, Oracle SOA Suite, and Oracle Identity and Access Management.

This distribution also installs the Repository Creation Utility (RCU), which in previous Oracle Fusion Middleware releases was packaged in its own distribution.

fmw_14.1.2.1.0_idmquickstart.jar

October 2025 Stack Bundle Patch or later.

For patch details, see Doc ID 2657920.2 on My Oracle Support.

Oracle Fusion Middleware 14c (14.1.2.1.0) Infrastructure

Download this distribution to install the Oracle Fusion Middleware Infrastructure, Oracle Identity and Access Management, Oracle SOA Suite.

Each product can be downloaded separately but this quite will use the quick installer.

This distribution also installs the Repository Creation Utility (RCU), which in previous Oracle Fusion Middleware releases was packaged in its own distribution.

fmw_14.1.2.1.0_infrastructure_generic.jar

October 2025 Stack Bundle Patch or later.

For patch details, see Doc ID 2657920.2 on My Oracle Support.

Oracle HTTP Server 14c (14.1.2.0.0)

Download this distribution to install the Oracle HTTP Server software on the Web Tier.

fmw_14.1.2.0.0_ohs_linux64.bin

October 2025 Bundle Patch or later.

Oracle Unified Directory 14c (14.1.2.1.0)

Download this distribution to install the Oracle Unified Directory software.

fmw_14.1.2.1.0_oud.jar

October 2025 Stack Bundle Patch or later.

For patch details, see Doc ID 2657920.2 on My Oracle Support.

Patch 38047590 - LDAPConfigTool

Oracle Internet Directory 14c (14.1.2.1.0)

Download this distribution to install the Oracle Internet Directory software.

fmw_14.1.2.1.0_oid_linux64.bin

October 2025 Stack Bundle Patch or later.

For patch details, see Doc ID 2657920.2 on My Oracle Support.

Patch 38047590 - LDAPConfigTool

Oracle Identity and Access Management 14c (14.1.2.1.0)

Download this distribution to install the Oracle Identity and Access Management software.

fmw_14.1.2.1.0_idm.jar

October 2025 Stack Bundle Patch or later.

For patch details, see Doc ID 2657920.2 on My Oracle Support.

Oracle SOA Suite 14c (14.1.2.0.0)

Download this distribution to install the Oracle SOA Suite software.

Note:

This is not required if you are using idm quick installer.

fmw_14.1.2.0.0_soa.jar

October 2025 Stack Bundle Patch or later.

For patch details, see Doc ID 2657920.2 on My Oracle Support.

Oracle Internet Directory Connector (12.2.1.3+)

Download this distribution to integrate with Oracle Internet Directory and Oracle Unified Directory.

oid-12.2.1.3.0.zip

  

Parent topic: Procuring Resources for an Enterprise Deployment