Solved

Using Load Balancer with Identity Management Cluster

Posted on 2006-11-05
12
560 Views
Last Modified: 2013-12-03
I am installing OAS 10.1.2 on Linux with Cluster (Identity Management) and Portal.

My content switch config looks like the following:

service server1
ip address 192.168.1.120
acitve

service server1-invalid
keepalive type tcp
ip address 192.168.1.120
keepalive port 9401
port 9401
active

service server1-oid
keepalive type tcp
keepalive port 389
ip address 192.168.1.120
active

service server1-oid-ldaps
keepalive type tcp
keepalive port 636
ip address 192.168.1.120
active

service server1-portal
keepalive type http
keepalive port 7777
ip address 192.168.1.120
port 80
active

service server1-portal-https
keepalive type http
keepalive port 4443
ip address 192.168.1.120
active

service server1-sso
keepalive type http
keepalive port 7777
ip address 192.168.1.120
active

service server1-sso-https
keepalive type http
keepalive port 4443
ip address 192.168.1.120
active

I then have similar entries for server2

service webcache
protocol tcp
port 80
keepalive type http
ip address 192.168.1.120

service webcache2
protocol tcp
port 80
keepalive type http
ip address 192.168.1.121

content intranets
balance srcip
vip address 192.168.1.125
add service server1
add server server2
active

content invalidations
protocol tcp
port 9401
vip address 192.168.1.125
add service server1-invalid
add service server2-invalid
active

content oid
protocol tcp
port 389
vip address 192.168.1.135
add service server1-oid
add service server2-oid
active

content oid-ldaps
protocol tcp
port 636
vip address 192.168.1.135
add service server1-oid-ldaps
add service server2-oid-ldaps
active

content portal
advanced-balance cookies
protocol tcp
port 80
vip address 192.168.1.125
add service server1-portal
add service server2-portal
active

content portal-https
advanced-balance cookies
protocol tcp
port 4443
vip address 192.168.1.125
add service server1-portal-https
add service server2-portal-https
active

content sso
advanced-balance cookies
protocol tcp
port 7777
url "/*"
vip address 192.168.1.125
add service server1-sso
add service server2-sso
active

content sso-https
protocol tcp
port 4443
vip address 192.168.1.125
add service server1-sso-https
add service server2-sso-https


My questions are:

Does this config make sense or has someone included redundant entries?

During my infrastructure installaion, what do I enter in the LDAP host and port? I guess oid and 389/636.
What do I enter in the HTTP virtual server host and ports? Is it sso or portal according to this config?

when do I use the other entries if they are not used here?

Lastly, when do I set my publicly accessible URL? Is it during the installation of the Infra or Mid or after complete installation?

0
Comment
Question by:rolutola
  • 7
  • 5
12 Comments
 
LVL 7

Expert Comment

by:lappins
ID: 17882308
I think you are correct with LDAP host and port (assuming you wish LDAP traffic to go thru the content switch).

Th infrastructure HTTP host is server1-sso (7777 and 4443 for SSL). Don't know why portal is defined on server1, as this is on the mid tier.

Your publicy accessible URL is the same as the hostame, defined at installation time (you can never change this after installation on the infrastructre server).

Sláinte mhath
Stephen
0
 
LVL 16

Author Comment

by:rolutola
ID: 17884207
Stephen,

Thanks for that info. I will be installing the midtier (consisting portal, http, webcache, discoverer etc) afterwards. I am actually using an existing content switch configuration hence why everything is there. Also I'm installing both IDM and MidTier on the same server.

Your statement that the publicly accessible URL is the same as the hostname is slightly worrying. Where do I specify my www.mypublicdomain.com during the installation then for instance to access my portal? I've had few sources say you configure this as a virtual host after the mid-tier installation. What do you think?

I don't need my public URL for the infrastructure, just the portal am I correct?

Thanks,
Richard.
0
 
LVL 7

Expert Comment

by:lappins
ID: 17887786
If you are using Single-SignOn, then you will need a public URL for your OID (virtual) server. If not, then there is no need.

With the midtier, you can change the hostname after installation if you prefer. Point the ORACLE_HOME environment variable to the middle tier that you are updating, and run the following:

cd $ORACLE_HOME/chgip/scripts
./chgiphost.sh -mid

The chgip.sh command propts for information that you must provide. The number of prompts depends on your mid-tier installation type. If prompts provide values the parentheses, please note  that these are reminders, NOT default values.

Verift that the process was successful by checking for errors in $ORACLE_HOME/chgip/log
0
 
LVL 16

Author Comment

by:rolutola
ID: 17888286
Now I'm confused. When during the Infrastructure installation do I enter my public URL? Mind you I'm installing with a LBR.
If I enter oid as my LDAP host name and sso as my HTTP Virtual server name as you confirmed earlier I haven't seen the public URL requested during the installation. I know that the URL can be seen in SSO/OID admin page as the Login URL and there doesn't seem to be a way of changing after installation as you mentioned so it's important to get it right first time.

Please help.
0
 
LVL 7

Expert Comment

by:lappins
ID: 17888304
Is the HTTP Virtual server name not the same as your public URL.

Note - if you are using SSO, you need TWO public urls. One for SSO (on infrastructure) and one for your mid-tier.

For example, your mid-tier may be accessed on www.mydomain.com but SSO is accessed on sso.mydomain.com
0
 
LVL 16

Author Comment

by:rolutola
ID: 17888483
the virtual server is a content rule on the content switch same as the ldap virtual server is another content rule.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 16

Author Comment

by:rolutola
ID: 17896398
Can I use the same URL for both sso (http virtual server) and my public URL (www.mypublicurl.co.uk)? Are their any known issues, bearing in mind you I'm installing both IDM and mid-tier on same node (I will have 2 load-balanced nodes).

Thanks.
0
 
LVL 16

Author Comment

by:rolutola
ID: 17896420
In addition to my last comment, what 'should' my namespace be and what does it do?

Thanks.
0
 
LVL 7

Expert Comment

by:lappins
ID: 17896451
You can install them on the same node (and therefore use the same URL - with different port nos). It is good practive to have them on different nodes, especially in a production environment, but they can both be on the same node(s).
0
 
LVL 16

Author Comment

by:rolutola
ID: 17896598
So that means my HTTP virtual server name during the installation will be www.mypublicurl.co.uk listening on port 7777 say, and my portal (public url) will be configured as www.mypublicurl.co.uk listening on port 7778 for example?

Also, should my namespace be dc=mypblicurl, dc=co, dc=uk ?

Thanks
0
 
LVL 7

Accepted Solution

by:
lappins earned 500 total points
ID: 17896616
Yup, thats about right (although the port numbers will probably be different).

I don't think that there is any link between the URL and the namespace, so you do whatever you want here.
0
 
LVL 16

Author Comment

by:rolutola
ID: 17896871
Wonderful. Thanks for all your help.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
The article will include the best Data Recovery Tools along with their Features, Capabilities, and their Download Links. Hope you’ll enjoy it and will choose the one as required by you.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now