Professional Documents
Culture Documents
Note: The slide shows a deployment with a single load balancer. To eliminate the load balancer as a single point of failure, deploy redundant load balancers. The slide also shows two redundant agents. Deploy as many agents as you need to satisfy reliability and scalability requirements.
Configuring a WebLogic Cluster of Oracle Access Manager Servers on Multiple Hosts (continued)
Domain Configuration Propagation Next, propagate the domain configuration from the first host to all other hosts on which managed server instances participating in the cluster reside. To propagate the domain configuration, use the pack.sh and unpack.sh utilities. Run the pack.sh utility on the first host to package the domain configuration, and unpack.sh on all other hosts to install the domain configuration. Start node managers on all the hosts to which you are propagating the domain configuration. Then start the other managed server instances running Oracle Access Manager by using the command line or the WebLogic console. Changing the Request Cache Type from the BASIC Type to the COOKIE Type Next, you can change the cookie request type from the BASIC type to the COOKIE type. This optional configuration change causes information normally maintained in the URL string during authentication to instead be maintained in the OAM_REQ cookie. You should make this change if your users' browsers enforce small size limits on the length of the URL string; this option enables you to decrease the URL size. Use the following WLST command to change the cache request type: configRequestCacheType(type="COOKIE") After changing the cache request type, you must restart all the managed server instances in the WebLogic cluster. Installing and Configuring the Load Balancer Next, you place a hardware load balancer, software load balancer, or Web proxy in front of managed server instances in the WebLogic cluster. The steps you follow depend on the type of load balancer you choose. You must configure the Oracle Access Manager server to be aware of the load balancer. In the console, change the host name and port number in the SSO engine configuration to the load balancer's host name and port. After changing the SSO engine host name and port number, you must restart all the managed server instances in the WebLogic cluster. Reconfiguring Agents Agents that previously communicated directly with the Oracle Access Manager server must be reconfigured to communicate with the load balancer. To reconfigure agents: Modify the agent configuration parameters to contain the cluster members' hosts and OAP port numbers. Note that agent HA is based on a primary/secondary failover model. Reregister the agent. Copy the agent artifacts to the agent configuration. Restart the agent.
You must configure the Oracle Access Manager server to be aware of the load balancer. In the console, change the host name and port number in the SSO engine configuration to the load balancer's host name and port.
After changing the SSO engine host name and port number, you must restart all the managed server instances in the WebLogic cluster.
Handling Administration Server Failure in a Cluster of Oracle Access Manager Instances (continued)
Starting a Standby Administration Server After an Administration Server Failure The reference architecture provides for a standby administration server on each host running redundant Oracle Access Manager servers. When you propagate the WebLogic domain to multiple hosts running clustered managed server instances, a copy of the administration server is also propagated. The slide shows the presence of two administration servers in the deployment, with one administration server active and the other administration server available as a standby. In normal operation, all the managed server instances run, while only a single administration server runs. In the event of an administration server failure, one of the standby instances can be brought up to service requests for configuration changes.
Data Tier
Oracle Access Manager uses the following types of data, which reside on the data tier: Audit data Oracle Access Manager policies Oracle Access Manager sessions Identity data For Oracle Access Manager 11g R1, audit data, policies, and sessions are always stored in an Oracle Database. A typical strategy for Oracle Database HA is Oracle Real Application Clusters (Oracle RAC). Refer to the following URL for more information about Oracle Database high availability, including Oracle RAC: http://www.oracle.com/technetwork/database/features/availability/ index.html. If you use Oracle Internet Directory for your identity store, then identity data is stored in an Oracle Database instance. Use Oracle RAC or another Oracle Database HA strategy. If you use a non-Oracle product for your identity store, refer to your vendor's documentation for information about making the identity store highly available.
It is important to consider your entire Oracle Fusion Middleware environment when performing backup and recovery. The installations of an Oracle Fusion Middleware environment are interdependent in that they contain configuration information, applications, and data that are kept in synchronization. For example, when you perform a configuration change, information in configuration files is updated. When you deploy an application, you might deploy it to all managed servers in a domain or cluster.
You should back up your entire Oracle Fusion Middleware environment after installation, then regularly. If a loss occurs, you can restore your environment to a consistent state. The backup strategy proposed in the Oracle Fusion Middleware Administrator's Guide is to perform full backups when the system is downafter installation, upgrading, and patching and backups of run-time artifacts regularly.
Run-Time Artifacts: Backed up During Full Backups and Regular Backups Run-time artifacts can change often. The Oracle Fusion Middleware Administrator's Guide recommends backing up the following files on a regular basis, typically nightly: Domain directories Oracle instance homes Applications artifacts, such as .ear and .war files, that reside outside of the domain Database artifacts, such as the policy and audit data store The identity store, which might or might not reside in an Oracle database
When performing the backup of run-time artifacts, do not back up local audit files if your Oracle Access Manager deployment is configured to write audit records to the database. Duplicate records might be uploaded to the audit database after a restore.
Backup Utilities
Oracle Fusion Middleware does not provide users with any special backup utilities or tools. You use tools provided with operating systems or other software: For file backup, use tools such as the tar utility on Linux and UNIX, and the xcopy command on Windows. For database backup, use Oracle Recovery Manager. For more information about Oracle Recovery Manager, refer to the Oracle Database Backup and Recovery User's Guide. For registry key backup, use the regedit utility or any other registry backup tool. For identity store backup, use Oracle Recover Manager for Oracle Internet Directory. If you use a different identity data store, refer to the documentation for the backup procedure for the identity store.
HA Topology Review
The diagram on the slide provides a reference topology for high availability Oracle Access Manager deployments. While your specific deployment might differ in some areas, the reference topology is a good starting point for complex Oracle Access Manager deployments. Some deployment elements on the slide have been covered earlier in this lesson. For example: Redundancy on the Web, application, and data tiers Usage of load balancers Other deployment elements on the slide are not in the scope of this lesson but are important to consider when configuring a high availability deployment. For example: Placement of firewalls Port numbers to be opened in firewalls Redundancy of the directory service
Answer: b