Sunday, September 23, 2012

WebLogic Administration Server - Failover / High Availability

For the last one or two years, customers are asking questions about how to enable High Availability for WebLogic Administration Server.

I designed and implemented WebLogic Administration Fail-over for a financial client back in 2004 using Veritas Hardware Cluster then in 2009, I did the same for my telecom client using HP Service guard hardware cluster.

The cost and overhead of hardware cluster makes the customer to think twice about implementing the Administration Server fail over but after Oracle acquired BEA, WebLogic Administration Server became integral part of Oracle Fusion Middleware. Meaning, the Administration server availability is mandatory for major implementations.

Here’s my rule of thumb
1 If the customer just uses WebLogic Application Server to host few Java EE applications, then the Administration Server fail over is not required (Note, Banks still wants to have Admin Server fail over).

 2 The Fusion Middleware control runs on Administration Server when WebLogic is installed with other Oracle Fusion Products like Oracle Service Bus, Oracle Internet Directory, Web center and other.  When the Administration Server node goes down, the Fusion control will also go down. When the monitoring components and associated logic is written into FMW control, then the administration server availability is mandatory.
Some products enabled their application monitoring logic through Administration Server (Ex: Amdocs Order Management)

Note: Failure of Administration Server will not affect the run time and life cycle operations of Managed Servers. The configuration changes can’t be done until the Administration Server comes up.

How to enable Administration Server fail over/HA

Myth

 1. I can use Hardware Load balancer in front of Administration Server fail over

Answer: NO, Administration Server is Singleton and No Active-Active, No Active-Passive. It can always run only one physical server or VM and can’t be replicated due to the security and design constraints.

 2. I can use WebLogic Cluster for Administration Server fail over

Answer: NO, Administration Server is Singleton and it is not clusterable. Moreover WebLogic Cluster provides Session fail over for the deployed components with some load distribution and it is always requires an external component like Proxy Plug-In or Hardware Load balancer to fail over.

Methods to implement Administration Server fail over/HA

1 Using Hardware Cluster (Automatic fail over)

The diagram below explains the Hardware cluster functionality and the following fail over scenario is applicable
·      
  • The hardware cluster provides floating IP (can float between two physical servers)
  • Make Administration server listen on floating IP
  • When the first physical node fails, the floating IP moves to second physical server and the administration server can be restarted using rc scripts or hardware cluster package scripts
  • The Administration server data (Embedded LDAP, pointers) exists on NAS
  • Managed servers were started through Administration server floating IP (with possible DNS) and they don’t see any difference regarding to administration server physical location.




2 Manual fail over

    A. After creating the WebLogic domain on the first physical server (with required managed 
    server entries), copy the whole domain into the second physical server.

    B. Make the Administration Server listens on a DNS address and the DNS address must be resolved to both the physical hosts.

C. Administration Server runs on first physical server and the managed servers started through administration server DNS listen address

     D. When first physical server fails, login into second physical server and start the
    administration server

The Managed Server won’t see any difference. Note, this is applicable only when the domain goes through minimum level changes for application roll out, configuration changes. The best practice is to copy the whole domain into the second physical server whenever the domain configuration changes at the first physical server.

Another best practice is to keep the domain (at least the Admin Server and config folders) on the NAS and the shared data avoids the above critical ‘copy’ work.

From my experience, WebLogic Administration Server availability is critical for Oracle Fusion Middleware based implementations. 

Good luck. If you have any questions/suggestions, please contact me.

Happy WebLogic journey!
Posted by at 8 comments:

Sunday, September 9, 2012

Explain Oracle Identity Management

Recently some forces pulled me into Oracle Identity Management consulting work and it’s a very cool area to work. Customers always have questions about Sun/Oracle roadmap and its product mapping. I think the below contents helps you to understand the product stack and its usage. Cheers!

Overview

This document describes the Oracle Identity Management (Oracle IDM) suite of products and their functional usage.

Oracle Identity Management Suite consists of the following Product families

1 Single Sign-On and Web Access Control
Oracle Access Manager
Oracle Identity Federation
Oracle Enterprise Single Sign-On Suite Plus
Oracle Security Token Service

2 Directory Services
Oracle Unified Directory
Oracle Internet Directory
Oracle Virtual Directory
Oracle Directory Server Enterprise Edition
Oracle Authentication Services for Operating Systems

3 Content Access Control
Oracle Information Rights Management

4 Strong Authentication
Extended Identity Management Ecosystem
Oracle Adaptive Access Manager

5 Identity Administration
Oracle Identity Manager
Oracle Role Manager

6 Web Services Security
Oracle Web Services Manager
Oracle Enterprise Gateway

7 Identity and Access Governance
Oracle Identity Analytics 

8 Security Toolkits
Oracle Security Developer Tools

9 Federated Identity
Oracle Identity Federation

10 Fine Grained Entitlements
Oracle Entitlements Server

11 Fraud Detection
Oracle Adaptive Access Manager 

12 Oracle - Sun
Oracle Waveset, Oracle OpenSSO

Business use of Oracle IDM Products

1 Single Sign-On and Web Access Control

1.1 Oracle Access Manager

Oracle Access Manager (OAM) 11g is a Java EE based enterprise-level security application that provides single sign-on, authentication and authorization, policy administration and auditing.

1.2 Oracle Identity Federation

A federated environment enables business partners to achieve integration in the identity management realm, by providing a mechanism for business partners to share identity information across their respective security domains on the top of Single Sign On.

Oracle Identity Federation is a federation server that enables single sign-on and authentication in a multiple domain identity network.

It uses Federated Identity Protocols such as Liberty ID-FF, OpenID and SAML.

1.3 Oracle Enterprise Single Sign-On Suite Plus

A .NET and Visual C++ based package which can be installed on every user Desktop to provide Single Sign On for day to day applications like VPN, Password Wallet etc.  The Administrator creates this deployment package and distributes at Desktop machine using File Share or through Web Server.

1.4 Oracle Security Token Service

Oracle Security Token Service (STS) brokers trust between a Web Service Consumer (WSC) and a Web Service Provider (WSP) and provides security token lifecycle management services to providers and consumers.

Oracle STS augments Oracle Identity Federation (OIF) to use federation protocols such as SAML, WS-Federation, Liberty, or OpenID. Additional tokens include Kerberos (primarily for Windows Native Authentication) and digital certificates.


2 Directory Services

2.1 Oracle Unified Directory (Part of Oracle Directory Services Plus)

Oracle Unified Directory (OUD) is the newest member of the Oracle Directory Services Plus product family.

It can function as

LDAP Server to store data 
LDAP Proxy to route requests from Client to the LDAP Server 
Replication Server Gateway between OUD and Oracle Directory Server Enterprise Edition
  
2.2 Oracle Internet Directory (Part of Oracle Directory Services Plus)

Oracle Internet Directory (OID) is a directory service server (LDAP v3) which uses Oracle Database to store data.

2.3 Oracle Virtual Directory

Oracle Virtual Directory (OVD) acts as a directory gateway that processes client requests and dynamically re-routes them to one or more existing directories regardless of format, be it LDAP, RDBMS or others.

Oracle Virtual Directory presents a virtual directory hierarchy, or tree, to its clients and then assigns hierarchy branches of that tree to designated LDAP or RDBMS servers.

2.4 Oracle Directory Server Enterprise Edition (Part of Oracle Directory Services Plus)

Oracle Directory Server Enterprise Edition (ODSEE), formerly Sun Directory Server Enterprise Edition is an Enterprise LDAP Server which provides core directory service with Embedded Database, Directory Proxy and Synchronization with Active Directory.

2.5 Oracle Authentication Services for Operating Systems

Oracle Authentication Services for Operating Systems (OAS4OS) enables enterprises to centralize management for UNIX and Linux authentication, user accounts, password policies, and sudo authorization policies using Oracle Internet Directory. Based on open standards interfaces, OAS4OS provides full automation of client configuration and user migration, and serves as LDAP based naming service to replace NIS.

3 Content Access Control

3.1 Oracle Information Rights Management

Oracle Information Rights Management secures and tracks sensitive digital information everywhere it is stored and used.

Oracle Information Rights Management uses encryption to extend the management of information beyond the server side repository - to every copy of an organization's most sensitive information, everywhere it is stored and used - on end user desktops, laptops and in other repositories, inside and outside the firewall.

4 Strong Authentication

4.1 Oracle Adaptive Access Manager

Oracle Adaptive Access Manager protects companies exposing Web applications and services, and their end users from online threats and insider fraud. It provides risk-aware authentication, real-time behaviour profiling, and transaction and event risk analysis.

5 Identity Administration

5.1 Oracle Identity Manager

Oracle Identity Manager is a user provisioning and administration solution, which automates the process of adding, updating, and deleting user accounts from applications and directories within an enterprise.

5.2 Oracle Role Manager (Formerly Bridgestream SmartRoles)

Oracle Role Manager is a Java EE based product which enforces Role based Management for organizations. Using its web interface, administrators can configure roles for applications, importing users from diverse repositories and exporting role definition for role life cycle management.

6 Web Services Security

6.1 Oracle Web Services Manager

Oracle Web Services Manager (OWSM) is part of WebLogic Server Installation from 11g. It secures the Web Services by having policies at Oracle Database.

6.2 Oracle Enterprise Gateway

Oracle Enterprise Gateway designed to simplify and secure SOA deployments on-premise, across domain boundaries or in the cloud. Oracle Enterprise Gateway secures, accelerates, integrates and routes XML and other types of data with SOA and Cloud infrastructures.

7 Identity and Access Governance

7.1 Oracle Identity Analytics (Formerly Sun Role Manager)

Oracle Identity Analytics provides enterprises with the ability to define and manage roles and automate critical identity-based controls.

8 Federated Identity

8.1 Oracle Identity Federation

Oracle Identity Federation is a standalone, self-contained federation server that enables single sign-on and authentication in a multiple-domain identity network. Oracle Identity Federation supports multiple federated identity protocols including the Liberty ID-FF, OpenID, and SAML protocols.

9 Fine Grained Entitlements

9.1 Oracle Entitlements Server (Formerly BEA AquaLogic Enterprise Security)

Oracle Entitlements Server is an authorization product that allows an organization to protect its resources by defining and managing policies that control access to, and usage of, these resources. The policy can enforce controls on all types of resources including software components (URLs, Java Server Pages, Enterprise JavaBeans, methods, servlets and the like used to construct an application) and business objects (representations of user accounts, personal profiles and contracts such as bank accounts in a banking application, patient records in a health care application, or anything used to define a business relationship).

Oracle Entitlements Server supports the creation of role policies and access control policies. Role policies are used to define constraints regarding which users are assigned roles. Access control policies define access to the software components and business objects.

Contents of the downloadable IDM packages

Oracle Identity Management (11.1.1.6.0)

Includes

HTTP Server
Oracle Internet Directory
Directory Integration Platform
Virtual Directory
Directory Services Manager
Identity Federation
Security Developer Tools
Enterprise Manager Fusion Middleware Control

Required Additional Software

WebLogic Server
Repository Creation Utility
Patch Scripts
Oracle Database

            Oracle Identity and Access Management (11.1.1.5.0)

Includes

Access Manager
Adaptive Access Manager
Identity Manager
Identity Navigator
Oracle Security Token Service
Oracle Entitlements Server

Required Additional Software

WebLogic Server
Repository Creation Utility
Patch Scripts
Oracle Database
BI Publisher
SOA Suite (for Oracle Identity Manager)

Oracle Access Manager WebGates (11.1.1.5.0)

Includes

Oracle HTTP Server 11g WebGates

Required Additional Software

Oracle Access Manager (11.1.1.5.0)
Oracle HTTP Server 11gR1

Posted by at 2 comments:

Saturday, December 31, 2011

Wish you a very Happy New Year 2012

While I sit and think about 2011, it is one of the years with few ups and downs. There won’t be any perfect year but the experience and tolerance which I gained until this age helps me to react to things positively.

More importantly, an opportunity is given to someone by somebody. No matter what type of soft skills and talent one possess, at the end of the day a man sits behind a desk and nod his head to give that opportunity.

I still have 2:45 hours to enter into the New Year. I use this time to think thankfully about the opportunity which I have received all these years from my parents, wife, son, friends, relatives, clients, managers, teachers, co workers, mentors, the system of two great countries (USA/Canada), INS officers, Homeland security officers, city cops, fire men, law makers, doctors, social workers, bankers, community centers, technology innovators, entrepreneurs, society and the government.

Hopefully 2012 will broaden my opportunities and May the Lord reminds me this in every moment “An opportunity is given by someone, be thankful”.

Wish you and your loved ones a very successful new year 2012.
Posted by at No comments:

Thursday, December 15, 2011

Oracle WebLogic Server 12c - Review

The most anticipated Oracle WebLogic 12c is available from last week and I did download earlier this week.

Technically there is no notable Software Infrastructure, Operational differences between Oracle WebLogic 11g (10.3.5) and Oracle WebLogic 12c. Install folder, Domain folder, Console navigation and Node Manager come with no difference and look the same.

From the Software Version perspective, it supports Java EE 6 and it can be considered as a major upgrade. I also noticed some additional libraries inside the /server/lib folder.

Let’s divide this in two sections 1) Software Infrastructure 2) Software Version

Software Infrastructure

Download

Download is a little disappointing experience and it may be related to new version. Hopefully Oracle will resolve this soon.

The Software can be downloaded from

http://www.oracle.com/technetwork/middleware/weblogic/downloads/wls-main-097127.html

Oracle still provides WebLogic with 32 bit JDK as a bundle and for generic installer, it doesn`t mention about JDK. It will be an ongoing challenge in several customer locations and Oracle must direct the customers what JDK version should be used with generic installer. At least for Windows installer, it should be bundled.

When download the Windows x86 with 32-bit JVM binary, it has only Sun JDK and No JRockit.




When download the Windows x86 with 32-bit JVM binary, it comes with both Sun JDK and JRockit.





Install

Install is a straight forward process and there are no notable differences. However when installsing Windows x86 with 32-bit JVM binary, it requires that we try to install Eclipse Enterprise Pack and does not mention about WebLogic until the 4th screen in the GUI Wizard. Need a fix from Oracle.




After Installing, I noticed a new folder called /endorsed under the WL_HOME with few web services based jar files.

Domain Creation

Domain creation process of 12c is same as 11g.

Compare with 11g, No differences in

  • script name (config.cmd or config.sh)
  • location (WL_HOME/common /bin)
  • domain creation screen options

and

  • Domain folder structure and operational scripts

Console

No major changes in WebLogic Console. The logging tab under server instance has a new log file entry for DataSources. The old WebLogic 8.1 had a separate log for JDBC and it just came back with 12c.





DataSources creation wizard has a new feature to connect to Oracle BI and Oracle TimesTen products.

JMS, JMS Bridge, Datasources, XML, Java Mail, Persistent Stores, JTA, Virtual Hosts, Node Manager, Work Managers, Deployments, Security Realms, WLDF and Domain parameter s are look same as Oracle WebLogic 11g.

From an Administration and Infrastructure Architecture stand point of view, Oracle WebLogic 12c don`t bring anything new. The new addition of Oracle Traffic Director is currently applicable to ExaLogic Systems only.

Software Version

WebLogic 12c supports Java EE 6 and it will enable the developers to upgrade their J2EE applications.

Java Standards Support

Java Technology

Version

Java EE

6.0

Java EE Connector Architecture

1.6

Java EE EJB

3.1

Java EE Enterprise Web Services

1.3, 1.2, 1.1

Java EE JDBC

4.0, 3.0

Java EE JMS

1.1, 1.0.2b

Java EE JNDI

1.2

Java EE JSF

2.1, 2.0, 1.2, 1.1

Java EE JSP

2.2, 2.1, 2.0, 1.2, and 1.1

Java EE Servlet

3.0, 2.5, 2.4, 2.3, and 2.2

Java RMI

1.0

JavaMail

1.4

JCE

1.4

JDKs

6.0 (aka 1.6), 5.0 (aka 1.5, clients only)

JMX

1.2, 1.0

OTS/JTA

OTS 1.2 and JTA 1.1

RMI/IIOP

1.0

SOAP Attachments for Java (SAAJ)

1.3, 1.2

Contexts and Dependency Injection for Java EE

1.0

Dependency Injection for Java EE

1.0

Java EE Application Deployment

1.2

Java EE Bean Validation

1.1

Java EE Common Annotations

1.0

Refer Java EE 6 Tutorial for more information here http://docs.oracle.com/javaee/6/tutorial/doc/

  • WebLogic guarantees backward compatibility until Version 9.2
  • Upgrading to WebLogic Server 12c Release 1 (12.1.1) does not require you to recompile applications in order to create new generated classes
  • WebLogic Server 12.1.1 includes a new Maven plug-in for WebLogic Server (wls-maven-plugin) with enhanced functionality to install, start and stop servers, create domains, execute WLST scripts, and compile and deploy applications from within your Maven environment.
  • WL_HOME/server/lib has additional jar files like ons.jar to improve the support

Overall no major change from Operational Infrastructure perspective and Oracle says that they put a lot of focus to improve performance, reliability, availability, and scalability. We will come to know these features in the coming days. This new release will help the customers to upgrade their existing applications to Java EE 6 and a good step to move forward with Cloud Computing. Soon we will see more customers to start adapting this technology and more opportunities on the way.

Enjoy the Oracle WebLogic 12c!

Useful Links

Oracle WebLogic 12c documentation

http://docs.oracle.com/cd/E24329_01/index.htm

Oracle WebLogic 12c launch Q&A

http://blogs.oracle.com/cloudappfoundation/entry/oracle_weblogic_server_12c_launch

I am working to put together a document which contains install, configuration, new features with screen shot as pdf. If you would like to receive that pdf by email, kindly like us at the below facebook link

http://www.facebook.com/pages/Toyork-Systems-Inc/10150162382685078

or follow us at the below LinkedIn link

http://www.linkedin.com/company/toyork-systems-inc

Posted by at 2 comments:

Monday, November 21, 2011

Oracle WebLogic 12c

Oracle WebLogic 12c launch has been announced.

Link to register http://tinyurl.com/cfpud2v
Posted by at No comments:

Tuesday, October 25, 2011

Oracle Cloud Computing

I wanted to update the blog about Oracle Cloud Computing last week. Due to my new OEM (Oracle Enterprise Manager) 11g engagement at New Jersey and the regular workout schedule (Lost 4 pounds in the last 2 weeks), I had no time to do that. Here we go!

There was a lot of buzz about Oracle Cloud Computing approach at Oracle Open World. It is quite natural to think that Oracle is late to enter into Cloud Computing and Of course they are late. But no one should underestimate the persistence of Larry Ellison (Let’s not forget, he is the CEO of a major US corporation for more than 35 years).

While other Cloud providers depend upon the IT Service providers for the hardware and software, Oracle naturally has it all (Java, Solaris, Fusion Middleware and a Database). The recent ground breaking Oracle technologies ExaLogic and Exadata will be an added value to the Oracle Cloud Computing Initiative.

The problem Oracle faces today is not the technology for Cloud but the Governance. They lack knowledgeable Cloud Architects and Managers. The best bet for Oracle is to buy a Cloud Computing Company and integrate their resources and Governance into their technology stack.

Oracle could consider going after Work day, Inc which was started by David Duffield and buy the company. Due to the limited and focused nature (ERP hosting Cloud) of Work day, Inc, I suspect Larry would not pursue this route. Larry doesn’t want to go after salesforce.com, who wants another CRM?

As I was typing this update, I just got into LinkedIn and saw that Oracle acquires RightNow, Inc for 1.5 Billion dollar. RightNow is a .NET based Cloud Provider and I am curious to see how Oracle is going to handle it this new inclusion. They can replace it with Oracle Fusion Middleware sooner and hopefully they can retain the right resources. Let’s wait and see how Oracle takes this forward! The NO SQL based databases could be a challenge for sometime but no one is going to migrate their databases to NO SQL model overnight. We all know Oracle Fusion Middleware rocks!!! I rarely see people these days who talk about IBM WebSphere.

I am confident Oracle will be a big winner in this Cloud market space in the coming days. I have faith in Larry Ellison’s marketing model, as always.

Have a good week!

Posted by at 1 comment:

Saturday, October 8, 2011

Grid to Cloud - Oracle Enterprise Manager 12c

Oracle announced the release of Oracle Enterprise Manager 12c at Oracle Open World last week at San Francisco. While majority of products from Oracle ends with letter ‘g’, the new product release ends with letter ‘c’. c stands for Cloud. Let’s see how Oracle will handle the remaining ‘g’s in the coming days.

Richard Sarwal, Head of product development at Oracle says "OEM12c is quite a transformatory product. It has about 200 major features into this release of the product and over 500 enhancement requests were done."

Due to the enormous attention OEM gains these days among Oracle customers, I am eager to pen a couple of lines on this upgrade. I will soon install this product and update the blog with screen shots.

Let’s see some of the new cool features of OEM 12c.

First, Cloud! OEM 12c provides complete cloud lifecycle management and Integrated cloud stack management.

Complete Cloud life cycle management consists of

  • Dynamic Resource Modeling for Cloud
  • Prerequisite Check
  • Consolidation Planning
  • Resource and Capacity Planning
  • Bare Metal to Cloud Ready
  • Application Modeling for Cloud
  • Dynamic Resource and Power Management
  • Self Service Provisioning
  • Metering and Chargeback

Using OEM 12c console, Administrators can

  • · Schedule Oracle VM availability for power management
  • · Migrate Guest VM's to other hosts
  • · View Cloud Infrastructure graphically
  • · Policy based control for Shared Resources
  • · Allocate Quotas
  • · Catalogue of virtual machines, databases, Applications, OS
  • · Automatic target discovery

Apart from the above Cloud and Virtualization support functionality, there are several new features related to Frame work, Incident Management, Monitoring and Diagnostics. See below my observations

1) Management features for Oracle Products now provided via plug-ins

2) Administrator can customize the look and feel of OEM 12c console to meet the specific needs

3) Administration of Management Agents as group

4) Integration with Oracle BI Publisher to provide various kind of reports

5) Token based Authentication for Web Services

6) A new wizard to create database instance, RAC based instances

7) DBA's can use OEM 12c console to maintain the settings of Oracle database and file system backups.

8) Compare functionality

9) WebLogic Administrators can create/clone domains, deploy applications through OEM 12c Console

10) Performance Monitoring for Oracle Directory Server Enterprise Edition

11) Composite Application dashboard

12) Middleware Diagnostic Advisor for WebLogic

13) Centralized log view, search for WebLogic Server Instances

14) Oracle Fusion Applications backup and recovery

15) New diagnostic snapshot feature captures Oracle WebLogic Server and JVM data and packages for later analysis.

16) Centralized and Secure Credentials storage

17) Connector Integration with Incident Management

18) Improved Monitoring and Diagnostics

19) Cache Data Management for Coherence to save the queries for future reference

20) Improved Configuration Management to save the configuration in the repository as an image and compare it against a current configuration

Enjoy the Cloud!

Useful Links

OEM 12c documentation

http://download.oracle.com/docs/cd/E24628_01/index.htm

A nice pdf from Oracle technet about OEM 12c install

http://www.oracle.com/technetwork/oem/pdf/512044.pdf

OEM Official Blog

http://blogs.oracle.com/oem

Posted by at 2 comments:
Subscribe to: Posts (Atom)