1 Introduction to the Enterprise Deployment Reference Topology

This chapter describes and illustrates the enterprise deployment reference topology described in this guide. The roadmap for installation and configuration directs you to the appropriate chapters for the tasks you need to perform. Use this chapter to help you plan your Oracle WebCenter Content enterprise deployment.

This chapter includes the following sections:

1.1 Overview of the Enterprise Deployment Reference Topology

The diagram in Figure 1-1 illustrates the enterprise deployment reference topology described in this guide. Use this diagram and the information in the following topics to plan your enterprise deployment topology:

1.1.1 Reference Topology Documented in This Guide

This guide provides configuration instructions for a reference enterprise topology that uses Oracle WebCenter Content and Oracle SOA Suite with Oracle Access Manager, as shown in Figure 1-1.

Note:

Your actual enterprise deployment topology may require variations on the topology described in this guide.

Figure 1-1 Reference Topology for Oracle WebCenter Content

Description of Figure 1-1 follows
Description of "Figure 1-1 Reference Topology for Oracle WebCenter Content"

Note:

Oracle SOA Suite is required only if your enterprise deployment topology includes Oracle WebCenter Content: Imaging.

The WebCenter Content user interface domain requires its own Middleware home because it uses a newer version of the Oracle Application Development Framework (Oracle ADF) technology stack (11.1.2.4.0). The two Middleware homes and domains can reside on the same host or on different hosts. Figure 1-2 shows the reference topology for the Oracle WebCenter Content user interface.

Figure 1-2 Reference Topology for Oracle WebCenter Content User Interface

Description of Figure 1-2 follows
Description of "Figure 1-2 Reference Topology for Oracle WebCenter Content User Interface"

1.1.2 About Oracle Identity Management Integration

Integration with the Oracle Identity Management system is an important aspect of the enterprise deployment architecture. This integration provides features such as single sign-on, centralized identity and credential store, and authentication for the Oracle WebLogic Server domain. The Oracle Identity Management enterprise deployment is separate from the Oracle WebCenter Content enterprise deployment and exists in a separate domain by itself. For more information on Oracle Identity Management in an enterprise deployment context, see the Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management.

The primary interface to the Oracle Identity Management enterprise deployment is the Lightweight Directory Application Protocol (LDAP) traffic to the LDAP servers, the OAP (Oracle Access Protocol) to the Oracle Access Manager Access Servers, and the HTTP redirection of authentication requests.

1.1.3 About Oracle Web Tier Nodes

Nodes in Oracle Web Tier are located in the DMZ public zone. In this tier, two nodes (WEBHOST1 and WEBHOST2) run Oracle HTTP Server configured with WebGate and *_vh.conf files.

Through *_vh.conf files, which allow requests to be proxied from Oracle HTTP Server to WebLogic Server, Oracle HTTP Server forwards the requests to WebLogic Server running in the application tier.

WebGate (an Oracle Access Manager component) in Oracle HTTP Server uses Oracle Access Protocol (OAP) to communicate with Oracle Access Manager running on OAMHOST2, in the Oracle Identity Management DMZ. WebGate and Oracle Access Manager are used to perform operations such as user authentication. The WebGate module in Oracle HTTP Server uses Oracle Access Protocol (OAP) to communicate with Oracle Access Manager to perform operations such as querying user groups.

Oracle Web Tier also includes a load-balancer router to handle external requests. External requests are sent to the virtual host names configured on the load balancer. The load balancer then forwards the requests to Oracle HTTP Server.

On the firewall protecting Oracle Web Tier, only the HTTP ports are open: 443 for HTTPS and 80 for HTTP.

Load Balancer Requirements

This enterprise topology uses an external load balancer. This external load balancer should have the following features:

  • Ability to load-balance traffic to a pool of real servers through a virtual host name: Clients access services using the virtual host name (instead of using actual host names). The load balancer can then load-balance requests to the servers in the pool.

  • Port translation configuration should be possible so that incoming requests on the virtual host name and port are directed to a different port on the back-end servers.

  • Monitoring of ports on the servers in the pool to determine availability of a service.

  • Virtual servers and port configuration: Ability to configure virtual server names and ports on your external load balancer, and the virtual server names and ports must meet the following requirements:

    • The load balancer should allow configuration of multiple virtual servers. For each virtual server, the load balancer should allow configuration of traffic management on more than one port. For example, for Oracle HTTP Server in Oracle Web Tier, the load balancer needs to be configured with a virtual server and ports for HTTP and HTTPS traffic.

    • The virtual server names must be associated with IP addresses and be part of your DNS. Clients must be able to access the external load balancer through the virtual server names.

  • Ability to detect node failures and immediately stop routing traffic to the failed node.

  • Fault-tolerant mode: It is highly recommended that you configure the load balancer to be in fault-tolerant mode.

  • It is highly recommended that you configure the load balancer virtual server to return immediately to the calling client when the back-end services to which it forwards traffic are unavailable. This is preferred over the client disconnecting on its own after a timeout based on the TCP/IP settings on the client machine.

  • Sticky routing capability: Ability to maintain sticky connections to components. Examples of this include cookie-based persistence, IP-based persistence, and so on.

  • The load balancer should be able to terminate SSL requests at the load balancer and forward traffic to the back-end real servers using the equivalent non-SSL protocol (for example, HTTPS to HTTP). Typically, this feature is called SSL acceleration, and it is required for this enterprise deployment.

1.1.4 About the Application Tier

Nodes in the application tier are located in the DMZ secure zone. In this tier, two nodes, WCCHOST1 and WCCHOST2, run Oracle WebLogic Server configured with Managed Servers for running WebCenter Content, Oracle WebCenter Content: Imaging with AXF for BPEL and AXF for BPM, Oracle WebCenter Enterprise Capture, Oracle WebCenter Content: Inbound Refinery, and Oracle SOA Suite components, such as Oracle BPEL Process Manager. The Managed Servers are configured in an active-active manner, except for Inbound Refinery.

WCCHOST1 and WCCHOST2 also run the Oracle WebLogic Server Administration Console and Oracle Enterprise Manager Fusion Middleware Control, but in an active-passive configuration. You can fail over the Administration Server manually (see Section 8.6, "Verifying Manual Failover of the Administration Server"). Alternatively, you can configure the WebLogic Server Administration Console with CFC/CRS to fail over automatically on a separate hardware cluster (not shown in this architecture).

Oracle Web Services Manager (Oracle WSM) provides a policy framework to manage and secure Web services in the enterprise deployment topology. WSM Policy Manager also runs in active-active configuration in the same servers as Oracle SOA Suite.

On the firewall protecting the application tier, the HTTP ports, OAP port, and proxy port are open. The OAP port is for the WebGate module running in Oracle HTTP Server in Oracle Web Tier to communicate with Oracle Access Manager. Applications requiring external HTTP access use Oracle HTTP Server as the proxy. (The proxy on the Oracle HTTP Server must be enabled to allow this access.)

1.1.5 About the Data Tier

Nodes in the data tier are located in the most secured network zone (the intranet). In this tier, an Oracle Real Applications Clusters (RAC) database runs on the nodes WCCDBHOST1 and WCCDBHOST2. The database contains the schemas needed by the Oracle SOA Suite and Oracle WebCenter Content components. The Oracle WebCenter Content and Oracle SOA Suite components running in the application tier access this database.

On the firewall protecting the data tier, the database listener port (typically, 1521) is required to be open. The LDAP ports (typically, 389 and 636) are also required to be open for the traffic accessing the LDAP storage in the Oracle Identity Management enterprise deployment.

1.1.6 About the Unicast Requirement for Communication

Oracle recommends that the nodes in the Oracle WebCenter Content enterprise deployment topology communicate using unicast. Unlike multicast communication, unicast does not require cross-network configuration, and it reduces potential network errors that can occur from multicast address conflicts as well.

In unicast messaging mode, the default listening port of the server is used if no channel is configured.

Cluster members communicate to the group leader when they need to send a broadcast message which is usually the heartbeat message. When the cluster members detect the failure of a group leader, the next oldest member becomes the group leader.

The frequency of communication in unicast mode is similar to the frequency of sending messages on multicast port.

The following considerations apply to using unicast to handle cluster communications:

  • All members of a WebLogic Server cluster must use the same message type. Mixing between multicast and unicast messaging is not allowed.

  • Individual cluster members cannot override the cluster messaging type.

  • The entire cluster must be shut down and restarted to change the message modes (from unicast to multicast or from multicast to unicast).

  • JMS topics configured for multicasting can access WebLogic Server clusters configured for unicast because a JMS topic publishes messages on its own multicast address that is independent of the cluster address. However, the following considerations apply:

    • The router hardware configurations that allow unicast clusters may not allow JMS multicast subscribers to work.

    • JMS multicast subscribers need to be in a network hardware configuration that allows multicast accessibility. (That is, JMS subscribers must be in a multicast-enabled network to access multicast topics.)

1.2 Hardware Requirements for an Enterprise Deployment on a Linux System

Before you install and configure your enterprise deployment, review the Oracle Fusion Middleware System Requirements and Specifications on the Oracle Technology Network (OTN) to ensure that your environment meets the minimum installation requirements for the products you are installing.

In addition, Table 1-1 lists the typical hardware requirements for the enterprise deployment described in this guide on a Linux operating system.

You must perform the appropriate capacity planning to determine the number of nodes, CPU, and memory requirements for each node depending on the specific system's load, as well as the throughput and response requirements. These will vary for each application being used.

Table 1-1 Typical Hardware Requirements

Server Disk Memory TMP Directory Swap

Database

nXm

n = number of disks, at least 4 (striped as one disk)
m = size of the disk (minimum of 30 GB)

6-8 GB

Default

Default

WEBHOSTn

10 GB

4 GB

Default

Default

WCCHOSTn

20 GB

10 GB

Default

Default

Notes:

  • You must perform the appropriate capacity planning to determine the number of nodes, CPU, and memory requirements for each node depending on the specific system's load as well as the throughput and response requirements. These will vary for each application being used.

  • For WebCenter Content, Imaging, and Inbound Refinery Managed Servers, you need to increase the size of the heap allocated for the Java Virtual Machine (JVM) on which each Managed Server runs to at least 1 GB (1024 MB). For more information, see "Increasing the Java VM Heap Size for Managed Servers" in Installing and Configuring Oracle WebCenter Content.

1.3 Clock Synchronization

The clocks of all servers participating in the clusters must be synchronized to within one second difference to enable proper functioning of jobs and adapters. To accomplish this, use a single network time server and then point each server to that network time server.

The procedure for pointing to the network time server is different on different operating systems. Refer to your operating system documentation for more information.

1.4 Software Components to Install

Table 1-2 lists the Oracle software you will need to obtain before starting the procedures in this guide.

For complete information about downloading Oracle Fusion Middleware software, see Oracle Fusion Middleware Download, Installation, and Configuration Readme Files on the Oracle Technology Network (OTN).

Table 1-2 Components and Installation Sources

Component Details

Oracle Database 11g

Oracle Database 11g (11.1.0.7 or later, Standard Edition or Enterprise Edition), using the AL32UTF8 character set

Note: For Oracle WebCenter Content enterprise deployments, Oracle recommends using GridLink data sources to connect to Oracle RAC databases. To use the Oracle Single Client Access Name (SCAN) feature with GridLink, the Oracle RAC database version must be Oracle Database 11gR2 (11.2 or later, Enterprise Edition).

Repository Creation Utility (RCU)

Oracle Fusion Middleware Repository Creation Utility 11g (11.1.1.9)

Oracle WebLogic Server

Oracle WebLogic Server (10.3.6)

Oracle HTTP Server (OHS)

Oracle Web Tier 11g (11.1.1.7)

Oracle WebCenter Content

Oracle WebCenter Content 11g (11.1.1.9)

Oracle SOA Suite

Oracle SOA Suite 11g (11.1.1.7)

Oracle Access Manager WebGate

WebGate 11g (11.1.1.2 or later) for Oracle Access Manager 11g.

Oracle Internet Directory

Oracle Identity and Access Management 11g (11.1.1.5 or later)

1.5 About an LDAP Authentication Provider As a Policy Store

With Oracle Fusion Middleware, you can use different types of policy and credential stores in an Oracle WebLogic Server domain. Domains can use stores based on XML files, different types of LDAP authentication providers, or Oracle Database. When a domain uses an LDAP store, all policy and credential data is kept and maintained in a centralized policy store. When a domain uses an XML policy store, however, the changes made on Managed Servers are not propagated to the Administration Server unless they use the same domain home.

An Oracle WebCenter Content enterprise deployment topology uses different domain homes for the Administration Server and the Managed Servers, as described in Section 4.4, "Recommended Locations for Different Directories." Derived from this, and for integrity and consistency purposes, Oracle requires the use of an LDAP server as the policy store in the context of an Oracle WebCenter Content enterprise deployment topology. To configure the Oracle WebCenter Content enterprise deployment with an LDAP authentication provider as the policy store, follow the steps in Chapter 8, "Creating a Domain for an Enterprise Deployment."

1.6 Roadmap for the Reference Topology Installation and Configuration

Before beginning your Oracle WebCenter Content enterprise deployment, review the flowchart in Figure 1-3. This flowchart illustrates the high-level process for completing the enterprise deployment documented in this guide. Table 1-3 describes the steps in the flowchart and directs you to the appropriate chapter for each step.

In this document, oracle is the operating system user ID for installing and configuring the enterprise deployment reference topology.

The following topics provide a roadmap for installing and configuring the Oracle WebCenter Content reference topology:

1.6.1 Flowchart of the Oracle WebCenter Content Enterprise Deployment Process

Figure 1-3 provides a flowchart of the Oracle WebCenter Content enterprise deployment process. Review this chart to become familiar with the steps that you must follow, based on the existing environment.

Figure 1-3 Oracle WebCenter Content Enterprise Deployment Process

Description of Figure 1-3 follows
Description of "Figure 1-3 Oracle WebCenter Content Enterprise Deployment Process"

1.6.2 Steps in the Oracle WebCenter Content Enterprise Deployment Process

Table 1-3 describes each of the steps in the enterprise deployment process flowchart for Oracle WebCenter Content, shown in Figure 1-3. The table also provides references to more information on each step in the process.

Table 1-3 Steps in the Oracle WebCenter Content Enterprise Deployment Process

Step Description More Information

Review topology and requirements

Read the earlier sections of this chapter for information about the Oracle WebCenter Content enterprise deployment topology and the requirements for setting it up.

Chapter 1, "Introduction to the Enterprise Deployment Reference Topology"

Prepare your network for an enterprise deployment

To prepare your network for an enterprise deployment, understand concepts such as IP addresses, virtual server names, and virtual IP addresses, and configure your load balancer by defining virtual host names.

Chapter 3, "Preparing the Network for an Enterprise Deployment"

Prepare your file system for an enterprise deployment

To prepare your file system for an enterprise deployment, review the terminology for directories and directory environment variables, and configure shared storage.

Chapter 4, "Preparing the File System for an Enterprise Deployment"

Prepare your database for an enterprise deployment

To prepare your database for an enterprise deployment, review database requirements, create database services, load the metadata repository in the Oracle RAC database, configure WebCenter Content, Oracle SOA Suite, Imaging, and Capture schemas for transactional recovery privileges, and back up the database.

Chapter 5, "Preparing the Database for an Enterprise Deployment"

Prepare your servers for an enterprise deployment

To prepare your servers for an enterprise deployment, you need to verify your servers and operating system, meet minimum hardware and operating system requirements, enable Unicode support and virtual IP addresses, mount shared storage onto the host, and configure users and groups.

Chapter 6, "Preparing the Servers for an Enterprise Deployment"

Install software

Install Oracle HTTP Server, Oracle WebLogic Server, and Oracle Fusion Middleware, and apply patchsets to Oracle Fusion Middleware components.

Chapter 7, "Installing the Software for an Enterprise Deployment"

Configure Oracle Web Tier

Configure Oracle HTTP Server with the load balancer, and configure virtual host names.

Chapter 9, "Configuring Oracle Web Tier for an Enterprise Deployment"

Create domain

Run the Fusion Middleware Configuration Wizard to create a domain.

Chapter 8, "Creating a Domain for an Enterprise Deployment"

Reassociate the security store with an OPSS database-based security store

Reassociate the default file-based security store for the domain with an OPSS database-based security store in Oracle Database. The security store contains security artifacts, including policies, credentials, and keys.

Chapter 8, "Reassociating the Domain with an OPSS Security Store in Oracle Database"

Extend domain with WebCenter Content

Extend the existing WebLogic Server domain by running the Fusion Middleware Configuration Wizard and configuring WebCenter Content.

Chapter 10, "Extending the Domain to Include WebCenter Content"

Extend domain with IBR (optional)

Extend the existing WebLogic Server domain by running the Fusion Middleware Configuration Wizard and configuring Inbound Refinery.

Section 11, "Extending the Domain to Include Inbound Refinery"

Extend domain with SOA (optional)

Before extending the existing WebLogic Server domain with Imaging, extend the domain by running the Fusion Middleware Configuration Wizard and configuring Oracle SOA Suite.

Chapter 12, "Extending the Domain to Include Oracle SOA Suite Components"

Extend domain with Imaging (optional)

Extend the existing WebLogic Server domain by running the Fusion Middleware Configuration Wizard and configuring Imaging.

Chapter 13, "Extending the Domain to Include Imaging"

Extend domain with Capture (optional)

Extend the existing WebLogic Server domain by running the Fusion Middleware Configuration Wizard and configuring Capture.

Chapter 14, "Extending the Domain to Include Capture"

Set up Node Manager

Set up Node Manager by enabling host name verification, starting Node Manager, and configuring WebLogic Server domains to use custom keystores.

Section 16, "Setting Up Node Manager for an Enterprise Deployment"

Install and Configure the WebCenter Content User Interface (optional)

Install and configure an Oracle WebCenter Content Managed Server with the WebCenter Content user interface for Oracle WebCenter Content Server, based on Oracle ADF.

Section 15, "Installing and Configuring the WebCenter Content User Interface"

Configure Server Migration (optional)

Configure server migration for the WLS_IMGn, WLS_CPTn, and WLS_SOAn Managed Servers. The WLS_IMG1, WLS_CPT1, and WLS_SOA1 Managed Servers are configured to restart on WCCHOST2, should a failure occur. The WLS_IMG2, WLS_CPT2, and WLS_SOA2 Managed Servers are configured to restart on WCCHOST1, should a failure occur.

Section 17, "Configuring Server Migration for an Enterprise Deployment"

Integrate with OAM/IDM (optional)

You can integrate your Oracle WebCenter Content enterprise deployment with Oracle Access Manager 11g for single sign-on (SSO).

Section 18, "Integrating with Oracle Identity Management"

1.6.3 The Incremental, Modular Approach to Enterprise Deployment

By design, this document describes an incremental and modular approach to setting up an enterprise deployment.

The instructions for setting up the storage, database, networking, and Oracle Web Tier infrastructure are similar to the instructions provided in the other Oracle Fusion Middleware enterprise deployment guides. These elements of the topology provide the foundation for the Oracle WebLogic Server domain that you later configure to support your enterprise deployment.

When you create the domain, the instructions vary from guide to guide. However, all the enterprise deployment guides provide separate, modular instructions for creating and extending an Oracle WebLogic Server domain, as follows:

  1. Install the Oracle Fusion Middleware software on disk and create the necessary binary directories.

  2. Run the Fusion Middleware Configuration Wizard to create the domain and configure only the administration components.

    The administration components include the Administration Server, Oracle WebLogic Server Administration Console, Oracle Enterprise Manager Fusion Middleware Control, and Oracle Web Services Manager.

  3. Run the Fusion Middleware Configuration Wizard again to extend the domain to include the primary Oracle Fusion Middleware product you want to use.

  4. Optionally, run the Fusion Middleware Configuration Wizard again to extend the domain to include other supporting components and products.

This incremental approach allows you to verify the environment after each pass of the Fusion Middleware Configuration Wizard. It also simplifies troubleshooting during the setup process.

In addition, this modular approach allows you to consider alternative topologies. Specifically, after you configure the Administration components, the domain you create does not need to contain all the components described in this guide. Instead, you can use the domain extension chapters independently and selectively, to configure individual components that are required for your specific organization.