This chapter describes how to configure your network for an enterprise deployment.
This chapter contains the following sections:
The following sections explain how to configure the hardware load balancer for an enterprise deployment:
Section 6.1.1, "Overview of the Hardware Load Balancer Configuration"
Section 6.1.2, "Typical Procedure for Configuring the Hardware Load Balancer"
Section 6.1.4, "Additional Instructions for admin.example.com"
Section 6.1.5, "Additional Instructions for soa.example.com"
Section 6.1.6, "Additional Instructions for soainternal.example.com"
Section 6.1.7, "Additional Instructions for osb.example.com"
As shown in the topology diagrams, you must configure the hardware load balancer to recognize and route requests to several virtual servers and associated ports for different types of network traffic and monitoring.
In context of a load balancing device, a virtual server is a construct that allows multiple physical servers to appear as one for load-balancing purposes. It is typically represented by an IP address and a service, and it is used to distribute incoming client requests to the servers in the server pool.
The virtual servers should be configured to direct traffic to the appropriate host computers and ports for the various services available in the enterprise deployment.
For more information about the virtual servers required for an Oracle SOA Suite enterprise deployment, see Section 3.3.1, "Summary of Oracle SOA Suite Load Balancer Virtual Server Names".
In addition, you should configure the load balancer to monitor the host computers and ports for availability so that the traffic to a particular server is stopped as soon as possible when a service is down. This ensures that incoming traffic on a given virtual host is not directed to an unavailable service in the other tiers.
Note that after you configure the load balancer, you can later configure the Web server instances in the Web tier to recognize a set of virtual hosts that use the same names as the virtual servers you defined for the load balancer. For each request coming from the hardware load balancer, the Web server can then route the request appropriately, based on the server name included in the header in the request. For more information, see Section 11.7, "Configuring Oracle HTTP Server for Administration and Oracle Web Services Manager".
The procedures for configuring a load balancer differ, depending on the specific type of load balancer. Refer to the vendor supplied documentation for actual steps.
The following steps outline the general configuration flow. Refer to Table 6-1 for a listing of each virtual server you must define on the load balancer:
Create a pool of servers. This pool contains a list of servers and the ports that are included in the load balancing definition.
For example, for load balancing between the Web hosts, create a pool of servers which would direct requests to hosts WEBHOST1 and WEBHOST2 on port 7777.
Create rules to determine whether or not a given host and service is available and assign it to the pool of servers described in Step 1.
Create a Virtual Server on the load balancer. This is the address and port that receives requests used by the application.
For example, to load balance Web Tier requests you would create the following virtual host:
soa.example.com:80
When you define each virtual server on the load balancer, consider the following:
If your load balancer supports it, specify whether or not the virtual server is available internally, externally or both. Ensure that internal addresses are only resolvable from inside the network.
Configure SSL Termination, if applicable, for the virtual server.
Assign the Pool of servers created in Step 1 to the virtual server.
Table 6-1 provides a list of the virtual servers you must define on the hardware load balancer for the Oracle SOA Suite enterprise topology.
Table 6-1 Summary Virtual Servers to Define on the Hardware Load Balancer
| Virtual Host | Server Pool | Protocol | SSL Termination? | External? |
|---|---|---|---|---|
|
|
|
HTTP |
No |
No |
|
|
|
HTTPS |
Yes |
Yes |
|
|
|
HTTP |
No |
No |
|
|
|
HTTPS |
No |
Yes |
When you configure this virtual server on the hardware load balancer:
Enable address and port translation.
Enable reset of connections when services or hosts are down.
When you configure this virtual server on the hardware load balancer:
Use port 80 and port 443. Any request that goes to port 80 (non-ssl protocol) should be redirected to port 443 (ssl protocol).
Specify ANY as the protocol (non-HTTP protocols are required for B2B).
Enable address and port translation.
Enable reset of connections when services and/or nodes are down.
Create rules to filter out access to /console and /em on this virtual server.
These context strings direct requests to the Oracle WebLogic Server Administration Console and to the Oracle Enterprise Manager Fusion Middleware Control and should be used only when accessing the system from admin.example.com.
When you configure this virtual server on the hardware load balancer:
Enable address and port translation.
Enable reset of connections when services or nodes are down.
As with the soa.example.com, create rules to filter out access to /console and /em on this virtual server.
When you configure this virtual server on the hardware load balancer:
Use port 80 and port 443. Any request that goes to port 80 (non-ssl protocol) should be redirected to port 443 (ssl protocol).
Specify ANY as the protocol (non-HTTP protocols are required for B2B).
Enable address and port translation.
Enable reset of connections when services and/or nodes are down.
Create rules to filter out access to /console and /em on this virtual server.
These context strings direct requests to the Oracle WebLogic Server Administration Console and to the Oracle Enterprise Manager Fusion Middleware Control and should be used only when accessing the system from admin.example.com.
Many Oracle Fusion Middleware components and services use ports. As an administrator, you must know the port numbers used by these services and ensure that the same port number is not used by two services on a host.
Most port numbers are assigned during installation.
Table 6-2 lists the ports used in the SOA topology, including the ports that you must open on the firewalls in the topology.
Note:
The TCP/IP port for B2B is a user-configured port and is not predefined. Similarly, the firewall ports depend on the definition of TCP/IP ports.Firewall notation:
FW0 refers to the outermost firewall.
FW1 refers to the firewall between the web tier and the application tier.
FW2 refers to the firewall between the application tier and the data tier.
Table 6-2 Port Information Required When Configuring the Firewalls in an Enterprise Deployment
| Type | Firewall | Port and Port Range | Protocol / Application | Inbound / Outbound | Other Considerations and Timeout Guidelines |
|---|---|---|---|---|---|
|
Browser request |
FW0 |
80 |
HTTP / Load Balancer |
Inbound |
Timeout depends on all HTML content and the type of process model used for SOA. |
|
Browser request |
FW0 |
443 |
HTTPS / Load Balancer |
Inbound |
Timeout depends on all HTML content and the type of process model used for SOA. |
|
Browser request |
FW1 |
80 |
HTTPS / Load Balancer |
Outbound (for intranet clients) |
Timeout depends on all HTML content and the type of process model used for SOA. |
|
Browser request |
FW1 |
443 |
HTTPS / Load Balancer |
Outbound (for intranet clients) |
Timeout depends on all HTML content and the type of process model used for SOA. |
|
Callbacks and Outbound invocations |
FW1 |
80 |
HTTPS / Load Balancer |
Outbound |
Timeout depends on all HTML content and the type of process model used for SOA. |
|
Callbacks and Outbound invocations |
FW1 |
443 |
HTTPS / Load Balancer |
Outbound |
Timeout depends on all HTML content and the type of process model used for SOA. |
|
Load balancer to Oracle HTTP Server |
n/a |
7777 |
HTTP |
n/a |
n/a |
|
OHS registration with Administration Server |
FW1 |
7001 |
HTTP/t3 |
Inbound |
Set the timeout to a short period (5-10 seconds). |
|
OHS management by Administration Server |
FW1 |
OHS Admin Port (7779) |
TCP and HTTP, respectively |
Outbound |
Set the timeout to a short period (5-10 seconds). |
|
WSM-PM access |
FW1 |
7010 Range: 7010 - 7999 |
HTTP / WLS_WSM-PMn |
Inbound |
Set the timeout to 60 seconds. |
|
SOA Server access |
FW1Foot 1 |
8001 Range: 8000 - 8010 |
HTTP / WLS_SOAn |
Inbound |
Timeout varies based on the type of process model used for SOA. |
|
Oracle Service Bus Access |
FW1 |
8011 Range: 8011-8021 |
HTTP / WLS_OSBn |
Inbound/ |
Set the timeout to a short period (5-10 seconds). |
|
BAM access |
FW1 |
9001 Range: 9000 - 9080 |
HTTP / WLS_BAMn |
Inbound |
Connections to BAM WebApps are kept open until the report/browser is closed, so set the timeout as high as the longest expected user session. |
|
Session replication within a WebLogic Server cluster |
n/a |
n/a |
n/a |
n/a |
By default, this communication uses the same port as the server's listen address. |
|
Administration Console access |
FW1 |
7001 |
HTTP / Administration Server and Enterprise Manager t3 |
Both |
You should tune this timeout based on the type of access to the admin console (whether it is planned to use the Oracle WebLogic Server Administration Console from application tier clients or clients external to the application tier). |
|
Node Manager |
FW1 |
5556 |
TCP/IP |
Both |
n/a |
|
Database access |
FW2 |
1521 |
SQL*Net |
Both |
Timeout depends on database content and on the type of process model used for SOA. |
|
Coherence for deployment |
n/a |
8088 Range: 8000 - 8090 |
n/a |
n/a |
|
|
Oracle Internet Directory access |
FW2 |
389 |
LDAP or LDAP/ssl |
Inbound |
You should tune the directory server's parameters based on load balancer, and not the other way around. |
|
Oracle Notification Server (ONS) |
FW2 |
6200 |
ONS |
Both |
Required for Gridlink. An ONS server runs on each database server. |
Footnote 1 External clients can access SOA servers directly on RMI or JMS (for example, for JDeveloper deployments and for JMX monitoring), in which case FW0 might need to be open or not depending on the security model that you implement.