Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 585
  • Last Modified:

Using Load Balancer with Identity Management Cluster

I am installing OAS 10.1.2 on Linux with Cluster (Identity Management) and Portal.

My content switch config looks like the following:

service server1
ip address 192.168.1.120
acitve

service server1-invalid
keepalive type tcp
ip address 192.168.1.120
keepalive port 9401
port 9401
active

service server1-oid
keepalive type tcp
keepalive port 389
ip address 192.168.1.120
active

service server1-oid-ldaps
keepalive type tcp
keepalive port 636
ip address 192.168.1.120
active

service server1-portal
keepalive type http
keepalive port 7777
ip address 192.168.1.120
port 80
active

service server1-portal-https
keepalive type http
keepalive port 4443
ip address 192.168.1.120
active

service server1-sso
keepalive type http
keepalive port 7777
ip address 192.168.1.120
active

service server1-sso-https
keepalive type http
keepalive port 4443
ip address 192.168.1.120
active

I then have similar entries for server2

service webcache
protocol tcp
port 80
keepalive type http
ip address 192.168.1.120

service webcache2
protocol tcp
port 80
keepalive type http
ip address 192.168.1.121

content intranets
balance srcip
vip address 192.168.1.125
add service server1
add server server2
active

content invalidations
protocol tcp
port 9401
vip address 192.168.1.125
add service server1-invalid
add service server2-invalid
active

content oid
protocol tcp
port 389
vip address 192.168.1.135
add service server1-oid
add service server2-oid
active

content oid-ldaps
protocol tcp
port 636
vip address 192.168.1.135
add service server1-oid-ldaps
add service server2-oid-ldaps
active

content portal
advanced-balance cookies
protocol tcp
port 80
vip address 192.168.1.125
add service server1-portal
add service server2-portal
active

content portal-https
advanced-balance cookies
protocol tcp
port 4443
vip address 192.168.1.125
add service server1-portal-https
add service server2-portal-https
active

content sso
advanced-balance cookies
protocol tcp
port 7777
url "/*"
vip address 192.168.1.125
add service server1-sso
add service server2-sso
active

content sso-https
protocol tcp
port 4443
vip address 192.168.1.125
add service server1-sso-https
add service server2-sso-https


My questions are:

Does this config make sense or has someone included redundant entries?

During my infrastructure installaion, what do I enter in the LDAP host and port? I guess oid and 389/636.
What do I enter in the HTTP virtual server host and ports? Is it sso or portal according to this config?

when do I use the other entries if they are not used here?

Lastly, when do I set my publicly accessible URL? Is it during the installation of the Infra or Mid or after complete installation?

0
Richard Olutola
Asked:
Richard Olutola
  • 7
  • 5
1 Solution
 
Stephen LappinSenior TechnologistCommented:
I think you are correct with LDAP host and port (assuming you wish LDAP traffic to go thru the content switch).

Th infrastructure HTTP host is server1-sso (7777 and 4443 for SSL). Don't know why portal is defined on server1, as this is on the mid tier.

Your publicy accessible URL is the same as the hostame, defined at installation time (you can never change this after installation on the infrastructre server).

Sláinte mhath
Stephen
0
 
Richard OlutolaConsultantAuthor Commented:
Stephen,

Thanks for that info. I will be installing the midtier (consisting portal, http, webcache, discoverer etc) afterwards. I am actually using an existing content switch configuration hence why everything is there. Also I'm installing both IDM and MidTier on the same server.

Your statement that the publicly accessible URL is the same as the hostname is slightly worrying. Where do I specify my www.mypublicdomain.com during the installation then for instance to access my portal? I've had few sources say you configure this as a virtual host after the mid-tier installation. What do you think?

I don't need my public URL for the infrastructure, just the portal am I correct?

Thanks,
Richard.
0
 
Stephen LappinSenior TechnologistCommented:
If you are using Single-SignOn, then you will need a public URL for your OID (virtual) server. If not, then there is no need.

With the midtier, you can change the hostname after installation if you prefer. Point the ORACLE_HOME environment variable to the middle tier that you are updating, and run the following:

cd $ORACLE_HOME/chgip/scripts
./chgiphost.sh -mid

The chgip.sh command propts for information that you must provide. The number of prompts depends on your mid-tier installation type. If prompts provide values the parentheses, please note  that these are reminders, NOT default values.

Verift that the process was successful by checking for errors in $ORACLE_HOME/chgip/log
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
Richard OlutolaConsultantAuthor Commented:
Now I'm confused. When during the Infrastructure installation do I enter my public URL? Mind you I'm installing with a LBR.
If I enter oid as my LDAP host name and sso as my HTTP Virtual server name as you confirmed earlier I haven't seen the public URL requested during the installation. I know that the URL can be seen in SSO/OID admin page as the Login URL and there doesn't seem to be a way of changing after installation as you mentioned so it's important to get it right first time.

Please help.
0
 
Stephen LappinSenior TechnologistCommented:
Is the HTTP Virtual server name not the same as your public URL.

Note - if you are using SSO, you need TWO public urls. One for SSO (on infrastructure) and one for your mid-tier.

For example, your mid-tier may be accessed on www.mydomain.com but SSO is accessed on sso.mydomain.com
0
 
Richard OlutolaConsultantAuthor Commented:
the virtual server is a content rule on the content switch same as the ldap virtual server is another content rule.
0
 
Richard OlutolaConsultantAuthor Commented:
Can I use the same URL for both sso (http virtual server) and my public URL (www.mypublicurl.co.uk)? Are their any known issues, bearing in mind you I'm installing both IDM and mid-tier on same node (I will have 2 load-balanced nodes).

Thanks.
0
 
Richard OlutolaConsultantAuthor Commented:
In addition to my last comment, what 'should' my namespace be and what does it do?

Thanks.
0
 
Stephen LappinSenior TechnologistCommented:
You can install them on the same node (and therefore use the same URL - with different port nos). It is good practive to have them on different nodes, especially in a production environment, but they can both be on the same node(s).
0
 
Richard OlutolaConsultantAuthor Commented:
So that means my HTTP virtual server name during the installation will be www.mypublicurl.co.uk listening on port 7777 say, and my portal (public url) will be configured as www.mypublicurl.co.uk listening on port 7778 for example?

Also, should my namespace be dc=mypblicurl, dc=co, dc=uk ?

Thanks
0
 
Stephen LappinSenior TechnologistCommented:
Yup, thats about right (although the port numbers will probably be different).

I don't think that there is any link between the URL and the namespace, so you do whatever you want here.
0
 
Richard OlutolaConsultantAuthor Commented:
Wonderful. Thanks for all your help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now