We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Using Load Balancer with Identity Management Cluster

Medium Priority
599 Views
Last Modified: 2013-12-03
I am installing OAS 10.1.2 on Linux with Cluster (Identity Management) and Portal.

My content switch config looks like the following:

service server1
ip address 192.168.1.120
acitve

service server1-invalid
keepalive type tcp
ip address 192.168.1.120
keepalive port 9401
port 9401
active

service server1-oid
keepalive type tcp
keepalive port 389
ip address 192.168.1.120
active

service server1-oid-ldaps
keepalive type tcp
keepalive port 636
ip address 192.168.1.120
active

service server1-portal
keepalive type http
keepalive port 7777
ip address 192.168.1.120
port 80
active

service server1-portal-https
keepalive type http
keepalive port 4443
ip address 192.168.1.120
active

service server1-sso
keepalive type http
keepalive port 7777
ip address 192.168.1.120
active

service server1-sso-https
keepalive type http
keepalive port 4443
ip address 192.168.1.120
active

I then have similar entries for server2

service webcache
protocol tcp
port 80
keepalive type http
ip address 192.168.1.120

service webcache2
protocol tcp
port 80
keepalive type http
ip address 192.168.1.121

content intranets
balance srcip
vip address 192.168.1.125
add service server1
add server server2
active

content invalidations
protocol tcp
port 9401
vip address 192.168.1.125
add service server1-invalid
add service server2-invalid
active

content oid
protocol tcp
port 389
vip address 192.168.1.135
add service server1-oid
add service server2-oid
active

content oid-ldaps
protocol tcp
port 636
vip address 192.168.1.135
add service server1-oid-ldaps
add service server2-oid-ldaps
active

content portal
advanced-balance cookies
protocol tcp
port 80
vip address 192.168.1.125
add service server1-portal
add service server2-portal
active

content portal-https
advanced-balance cookies
protocol tcp
port 4443
vip address 192.168.1.125
add service server1-portal-https
add service server2-portal-https
active

content sso
advanced-balance cookies
protocol tcp
port 7777
url "/*"
vip address 192.168.1.125
add service server1-sso
add service server2-sso
active

content sso-https
protocol tcp
port 4443
vip address 192.168.1.125
add service server1-sso-https
add service server2-sso-https


My questions are:

Does this config make sense or has someone included redundant entries?

During my infrastructure installaion, what do I enter in the LDAP host and port? I guess oid and 389/636.
What do I enter in the HTTP virtual server host and ports? Is it sso or portal according to this config?

when do I use the other entries if they are not used here?

Lastly, when do I set my publicly accessible URL? Is it during the installation of the Infra or Mid or after complete installation?

Comment
Watch Question

Stephen LappinSenior Technologist

Commented:
I think you are correct with LDAP host and port (assuming you wish LDAP traffic to go thru the content switch).

Th infrastructure HTTP host is server1-sso (7777 and 4443 for SSL). Don't know why portal is defined on server1, as this is on the mid tier.

Your publicy accessible URL is the same as the hostame, defined at installation time (you can never change this after installation on the infrastructre server).

Sláinte mhath
Stephen
Richard OlutolaConsultant

Author

Commented:
Stephen,

Thanks for that info. I will be installing the midtier (consisting portal, http, webcache, discoverer etc) afterwards. I am actually using an existing content switch configuration hence why everything is there. Also I'm installing both IDM and MidTier on the same server.

Your statement that the publicly accessible URL is the same as the hostname is slightly worrying. Where do I specify my www.mypublicdomain.com during the installation then for instance to access my portal? I've had few sources say you configure this as a virtual host after the mid-tier installation. What do you think?

I don't need my public URL for the infrastructure, just the portal am I correct?

Thanks,
Richard.
Stephen LappinSenior Technologist

Commented:
If you are using Single-SignOn, then you will need a public URL for your OID (virtual) server. If not, then there is no need.

With the midtier, you can change the hostname after installation if you prefer. Point the ORACLE_HOME environment variable to the middle tier that you are updating, and run the following:

cd $ORACLE_HOME/chgip/scripts
./chgiphost.sh -mid

The chgip.sh command propts for information that you must provide. The number of prompts depends on your mid-tier installation type. If prompts provide values the parentheses, please note  that these are reminders, NOT default values.

Verift that the process was successful by checking for errors in $ORACLE_HOME/chgip/log
Richard OlutolaConsultant

Author

Commented:
Now I'm confused. When during the Infrastructure installation do I enter my public URL? Mind you I'm installing with a LBR.
If I enter oid as my LDAP host name and sso as my HTTP Virtual server name as you confirmed earlier I haven't seen the public URL requested during the installation. I know that the URL can be seen in SSO/OID admin page as the Login URL and there doesn't seem to be a way of changing after installation as you mentioned so it's important to get it right first time.

Please help.
Stephen LappinSenior Technologist

Commented:
Is the HTTP Virtual server name not the same as your public URL.

Note - if you are using SSO, you need TWO public urls. One for SSO (on infrastructure) and one for your mid-tier.

For example, your mid-tier may be accessed on www.mydomain.com but SSO is accessed on sso.mydomain.com
Richard OlutolaConsultant

Author

Commented:
the virtual server is a content rule on the content switch same as the ldap virtual server is another content rule.
Richard OlutolaConsultant

Author

Commented:
Can I use the same URL for both sso (http virtual server) and my public URL (www.mypublicurl.co.uk)? Are their any known issues, bearing in mind you I'm installing both IDM and mid-tier on same node (I will have 2 load-balanced nodes).

Thanks.
Richard OlutolaConsultant

Author

Commented:
In addition to my last comment, what 'should' my namespace be and what does it do?

Thanks.
Stephen LappinSenior Technologist

Commented:
You can install them on the same node (and therefore use the same URL - with different port nos). It is good practive to have them on different nodes, especially in a production environment, but they can both be on the same node(s).
Richard OlutolaConsultant

Author

Commented:
So that means my HTTP virtual server name during the installation will be www.mypublicurl.co.uk listening on port 7777 say, and my portal (public url) will be configured as www.mypublicurl.co.uk listening on port 7778 for example?

Also, should my namespace be dc=mypblicurl, dc=co, dc=uk ?

Thanks
Senior Technologist
Commented:
Yup, thats about right (although the port numbers will probably be different).

I don't think that there is any link between the URL and the namespace, so you do whatever you want here.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Richard OlutolaConsultant

Author

Commented:
Wonderful. Thanks for all your help.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.