Solved

Using Load Balancer with Identity Management Cluster

Posted on 2006-11-05
12
568 Views
Last Modified: 2013-12-03
I am installing OAS 10.1.2 on Linux with Cluster (Identity Management) and Portal.

My content switch config looks like the following:

service server1
ip address 192.168.1.120
acitve

service server1-invalid
keepalive type tcp
ip address 192.168.1.120
keepalive port 9401
port 9401
active

service server1-oid
keepalive type tcp
keepalive port 389
ip address 192.168.1.120
active

service server1-oid-ldaps
keepalive type tcp
keepalive port 636
ip address 192.168.1.120
active

service server1-portal
keepalive type http
keepalive port 7777
ip address 192.168.1.120
port 80
active

service server1-portal-https
keepalive type http
keepalive port 4443
ip address 192.168.1.120
active

service server1-sso
keepalive type http
keepalive port 7777
ip address 192.168.1.120
active

service server1-sso-https
keepalive type http
keepalive port 4443
ip address 192.168.1.120
active

I then have similar entries for server2

service webcache
protocol tcp
port 80
keepalive type http
ip address 192.168.1.120

service webcache2
protocol tcp
port 80
keepalive type http
ip address 192.168.1.121

content intranets
balance srcip
vip address 192.168.1.125
add service server1
add server server2
active

content invalidations
protocol tcp
port 9401
vip address 192.168.1.125
add service server1-invalid
add service server2-invalid
active

content oid
protocol tcp
port 389
vip address 192.168.1.135
add service server1-oid
add service server2-oid
active

content oid-ldaps
protocol tcp
port 636
vip address 192.168.1.135
add service server1-oid-ldaps
add service server2-oid-ldaps
active

content portal
advanced-balance cookies
protocol tcp
port 80
vip address 192.168.1.125
add service server1-portal
add service server2-portal
active

content portal-https
advanced-balance cookies
protocol tcp
port 4443
vip address 192.168.1.125
add service server1-portal-https
add service server2-portal-https
active

content sso
advanced-balance cookies
protocol tcp
port 7777
url "/*"
vip address 192.168.1.125
add service server1-sso
add service server2-sso
active

content sso-https
protocol tcp
port 4443
vip address 192.168.1.125
add service server1-sso-https
add service server2-sso-https


My questions are:

Does this config make sense or has someone included redundant entries?

During my infrastructure installaion, what do I enter in the LDAP host and port? I guess oid and 389/636.
What do I enter in the HTTP virtual server host and ports? Is it sso or portal according to this config?

when do I use the other entries if they are not used here?

Lastly, when do I set my publicly accessible URL? Is it during the installation of the Infra or Mid or after complete installation?

0
Comment
Question by:Richard Olutola
  • 7
  • 5
12 Comments
 
LVL 7

Expert Comment

by:Stephen Lappin
ID: 17882308
I think you are correct with LDAP host and port (assuming you wish LDAP traffic to go thru the content switch).

Th infrastructure HTTP host is server1-sso (7777 and 4443 for SSL). Don't know why portal is defined on server1, as this is on the mid tier.

Your publicy accessible URL is the same as the hostame, defined at installation time (you can never change this after installation on the infrastructre server).

Sláinte mhath
Stephen
0
 
LVL 16

Author Comment

by:Richard Olutola
ID: 17884207
Stephen,

Thanks for that info. I will be installing the midtier (consisting portal, http, webcache, discoverer etc) afterwards. I am actually using an existing content switch configuration hence why everything is there. Also I'm installing both IDM and MidTier on the same server.

Your statement that the publicly accessible URL is the same as the hostname is slightly worrying. Where do I specify my www.mypublicdomain.com during the installation then for instance to access my portal? I've had few sources say you configure this as a virtual host after the mid-tier installation. What do you think?

I don't need my public URL for the infrastructure, just the portal am I correct?

Thanks,
Richard.
0
 
LVL 7

Expert Comment

by:Stephen Lappin
ID: 17887786
If you are using Single-SignOn, then you will need a public URL for your OID (virtual) server. If not, then there is no need.

With the midtier, you can change the hostname after installation if you prefer. Point the ORACLE_HOME environment variable to the middle tier that you are updating, and run the following:

cd $ORACLE_HOME/chgip/scripts
./chgiphost.sh -mid

The chgip.sh command propts for information that you must provide. The number of prompts depends on your mid-tier installation type. If prompts provide values the parentheses, please note  that these are reminders, NOT default values.

Verift that the process was successful by checking for errors in $ORACLE_HOME/chgip/log
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 16

Author Comment

by:Richard Olutola
ID: 17888286
Now I'm confused. When during the Infrastructure installation do I enter my public URL? Mind you I'm installing with a LBR.
If I enter oid as my LDAP host name and sso as my HTTP Virtual server name as you confirmed earlier I haven't seen the public URL requested during the installation. I know that the URL can be seen in SSO/OID admin page as the Login URL and there doesn't seem to be a way of changing after installation as you mentioned so it's important to get it right first time.

Please help.
0
 
LVL 7

Expert Comment

by:Stephen Lappin
ID: 17888304
Is the HTTP Virtual server name not the same as your public URL.

Note - if you are using SSO, you need TWO public urls. One for SSO (on infrastructure) and one for your mid-tier.

For example, your mid-tier may be accessed on www.mydomain.com but SSO is accessed on sso.mydomain.com
0
 
LVL 16

Author Comment

by:Richard Olutola
ID: 17888483
the virtual server is a content rule on the content switch same as the ldap virtual server is another content rule.
0
 
LVL 16

Author Comment

by:Richard Olutola
ID: 17896398
Can I use the same URL for both sso (http virtual server) and my public URL (www.mypublicurl.co.uk)? Are their any known issues, bearing in mind you I'm installing both IDM and mid-tier on same node (I will have 2 load-balanced nodes).

Thanks.
0
 
LVL 16

Author Comment

by:Richard Olutola
ID: 17896420
In addition to my last comment, what 'should' my namespace be and what does it do?

Thanks.
0
 
LVL 7

Expert Comment

by:Stephen Lappin
ID: 17896451
You can install them on the same node (and therefore use the same URL - with different port nos). It is good practive to have them on different nodes, especially in a production environment, but they can both be on the same node(s).
0
 
LVL 16

Author Comment

by:Richard Olutola
ID: 17896598
So that means my HTTP virtual server name during the installation will be www.mypublicurl.co.uk listening on port 7777 say, and my portal (public url) will be configured as www.mypublicurl.co.uk listening on port 7778 for example?

Also, should my namespace be dc=mypblicurl, dc=co, dc=uk ?

Thanks
0
 
LVL 7

Accepted Solution

by:
Stephen Lappin earned 500 total points
ID: 17896616
Yup, thats about right (although the port numbers will probably be different).

I don't think that there is any link between the URL and the namespace, so you do whatever you want here.
0
 
LVL 16

Author Comment

by:Richard Olutola
ID: 17896871
Wonderful. Thanks for all your help.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to fix error ""Failed to validate the vCentre certificate. Either install or verify the certificate by using the vSphere Data Protection Configuration utility" when you are trying to connect to VDP instance from Vcenter.
Storage devices are generally used to save the data or sometime transfer the data from one computer system to another system. However, sometimes user accidentally erased their important data from the Storage devices. Users have to know how data reco…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question