Arun Bavera
Few of my technology tips.
http://www.linkedin.com/in/arunbavera
Updated: 5 hours 25 min ago
LoadBalancing JVMD in OEM12c
There is no official document on HA for JVMD, so far. Ideally , the setup is a generic setup and doesn’t involve anything specific to JVMD.
The only reference you can find is:
section for JVMD agent deployment:http://docs.oracle.com/cd/E24628_01/install.121/e24089/jvmd_installation.htm#CACFCBEF
It’s plain http/https communication between JVMD agents and manager(s)
The JVMD agents should connect to Load balancer and not the JVMD manager / OMS.
When Load Balancing has address translation enabled, it is important for the JVMD manager to obtain the correct host address where the agent
connection originates from in order to establish correct associations. This is ensured in JVMD 12.1.0.2 OEM12c .
Our Setup:
OEM12c 12.1.0.2 and F5 BIG-IP10.2
JVMD Agent are communicating to JVMD Managers the HTTP/HTTPS port 3800/3801.JVMD Agents will be uploading the polled information to JVMD Manager using this port where the JVMD comm Servlet will be running.
We will install the JVMD Manager on multiple OMS servers, which will create its own Weblogic server with ports 3800/3801.Lets call them JVMDManager1,JVMDManager3.
We will create VIP service for these ports in F5, attaching the configuration required in F5 for JVMD Manager VIP service.
We will download the agent and during the download we get an option to choose the JVMD Manager server name.We will chose “other” and mention the JVMD Manager VIP Server and Port from F5.
Most load balancing solutions allow a high scalability mode where the request is distributed by the LB, however the response bypasses the LB and goes directly to the client.
Full SSL:
JVMD Manager-----(SSL)----F5 ------(SSL)------Client(Agent)
SSL Termination:
JVMD Manager ----- (Non-SSL)-----F5-----(SSL)-----Client(Agent)
For the SSL Traffic we can leverage the SSL Termination at F5. The communication will look like this:
Configuration Details for F5
Note:HostA: node2.internal.comHostB: node3.internal.comVirtual Server: tstemgc.my.company.comSU=SecureUpload UU=UnsecureUpload
JVMD Management Service Ports Cloud Control Service TCP Port Monitor Name Persistence Pool Name Load Balancing Virtual Server Name Virtual Server Port Secure Upload 3801 mon_tstemgc.my.company.com_JVMD_SU3801 None pool_tstemgc.my.company.com_JVMD_SU3801 Round Robin vs_tstemgc.my.company.com_JVMD_SU3801 3801 Unsecure Upload 3800 mon_tstemgc.my.company.com_JVMD_UU3800 None pool_tstemgc.my.company.com_JVMD_UU3800 Round Robin vs_tstemgc.my.company.com_JVMD_UU3800 3800
JVMD Pools Pool Name Usage Members Persistence Load Balancing pool_tstemgc.my.company.com_JVMD_SU3801 Secured Upload access HostA:3801 HostB:3801 None Round Robin pool_tstemgc.my.company.com_JVMD_UU3800 Unsecured Upload access HostA:3800 HostB:3800 None Round Robin
JVMD Virtual Servers Virtual Server Name Usage Virtual Server Port Pool vs_tstemgc.my.company.com_JVMD_SU3801 Secure Upload access 3801 pool_tstemgc.my.company.com_JVMD_SU3801 vs_tstemgc.my.company.com_JVMD_UU3800 Unsecure Upload access 3800 pool_tstemgc.my.company.com_JVMD_UU3800
JVMD Health Monitors Monitor Name Configuration Associate With mon_tstemgc.my.company.com_JVMD_SU3801 Type: https HostA:3801 HostB:3801 Interval: 60 Timeout: 181 Send String: GET /jamservlet/comm HTTPS/1.1\r\nHost: host.domain.com\r\nConnection: Close\r\n\r\n Receive String: Reply to empty request mon_tstemgc.my.company.com_JVMD_UU3800 Type: http HostA:3800 HostB:3800 Interval: 60 Timeout: 181 Send String: GET /jamservlet/comm HTTP/1.0\r\nHost: host.domain.com\r\nConnection: Close\r\n\r\n Receive String: Reply to empty request
JVMD TCP Profiles tcp_tstemgc.my.company.com_JVMD_SU3801 tcp_tstemgc.my.company.com_JVMD_UU3800 Sample URL to test JVMD Manager: http://node2.internal.com:3800/jamservlet/comm http://tstemgc.my.company.com:3800/jamservlet/comm
Refer:
Deploying a Highly Available Enterprise Manager 12c Cloud Control
http://www.oracle.com/technetwork/oem/framework-infra/wp-em12c-building-ha-level3-1631423.pdf
Deploying the BIG-IP LTM with Oracle Enterprise Manager 12c Cloud Control
http://www.f5.com/pdf/deployment-guides/oracle-enterprise-manager-12c-dg.pdf
Installing JVMD with Advanced Install Optionshttp://docs.oracle.com/cd/E24628_01/install.121/e24089/jvmd_installation.htm
Categories: Development
How to Import thirdParty certificate to use Secured webServices into Oracle SOA Servers 11g
Creating the Custom Key Stores
./keytool -genkeypair -keyalg RSA -alias orakey -keypass welcome1 -keystore /d01/app/shared/admin/mycompany_domain/aserver/mycompany_domain/config/fmwconfig/mycompany-keystore.jks -storepass welcome1 -validity 3600
Assumption:
Custom Keystore for SOA-PROD:
/d01/app/shared/admin/mycompany_domain/aserver/mycompany_domain/config/fmwconfig/credMapKeystore.jks -storepass welcome1
ThirdCompany Certificate at:
/d01/app/shared/admin/mycompany_domain/aserver/mycompany_domain/config/fmwconfig/bsa.ThirdCompany.crt
/d01/app/oracle/product/fmw/wlserver_10.3/server/lib/bsa.ThirdCompany.crt
Importing ThirdCompany certificate for my Project:
cd /d01/app/oracle/product/fmw/wlserver_10.3
source /d01/app/oracle/product/fmw/wlserver_10.3/server/bin/setWLSEnv.sh
cd /d01/app/shared/admin/mycompany_domain/aserver/mycompany_domain/config/fmwconfig/
keytool -import -alias bsa.ThirdCompany -file bsa.ThirdCompany.crt -keystore /d01/app/shared/admin/mycompany_domain/aserver/mycompany_domain/config/fmwconfig/credMapKeystore.jks -storepass welcome1 -trustcacerts
keytool -list -keystore /d01/app/shared/admin/mycompany_domain/aserver/mycompany_domain/config/fmwconfig/credMapKeystore.jks -storepass welcome1
Verify Custom Keystore Location for SOA Domain
1) EM->Weblogic->SOA_Domain->Security Provider ->Keystore
For each server (Admin + MS) we have to change the KeyStore configuration.
So for each server go to: Configuration -> Keystores
/d01/app/shared/admin/mycompany_domain/aserver/mycompany_domain/config/fmwconfig/credMapKeystore.jks
Verify Custom Keystore Location for SOA Infra
2) Click SOA -> right-click soa-infra
Select SOA Administration -> Common Properties
Click More SOA Infra Advanced Properties->KeyStore:
/d01/app/shared/admin/mycompany_domain/aserver/mycompany_domain/config/fmwconfig/credMapKeystore.jks
Unset SSL Keystore from setDomainEnv:
vi /d01/app/shared/admin/mycompany_domain/aserver/mycompany_domain/bin/setDomainEnv.sh
Incase If we are using DemoTrust: Import the same ThirdCompany certificate:
keytool -list -keystore /d01/app/oracle/product/fmw/wlserver_10.3/server/lib/DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase
keytool -import -alias bsa.ThirdCompany -file bsa.ThirdCompany.crt -keystore /d01/app/oracle/product/fmw/wlserver_10.3/server/lib/DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase -trustcacerts
./keytool -genkeypair -keyalg RSA -alias orakey -keypass welcome1 -keystore /d01/app/shared/admin/mycompany_domain/aserver/mycompany_domain/config/fmwconfig/mycompany-keystore.jks -storepass welcome1 -validity 3600
Assumption:
Custom Keystore for SOA-PROD:
/d01/app/shared/admin/mycompany_domain/aserver/mycompany_domain/config/fmwconfig/credMapKeystore.jks -storepass welcome1
ThirdCompany Certificate at:
/d01/app/shared/admin/mycompany_domain/aserver/mycompany_domain/config/fmwconfig/bsa.ThirdCompany.crt
/d01/app/oracle/product/fmw/wlserver_10.3/server/lib/bsa.ThirdCompany.crt
Importing ThirdCompany certificate for my Project:
cd /d01/app/oracle/product/fmw/wlserver_10.3
source /d01/app/oracle/product/fmw/wlserver_10.3/server/bin/setWLSEnv.sh
cd /d01/app/shared/admin/mycompany_domain/aserver/mycompany_domain/config/fmwconfig/
keytool -import -alias bsa.ThirdCompany -file bsa.ThirdCompany.crt -keystore /d01/app/shared/admin/mycompany_domain/aserver/mycompany_domain/config/fmwconfig/credMapKeystore.jks -storepass welcome1 -trustcacerts
keytool -list -keystore /d01/app/shared/admin/mycompany_domain/aserver/mycompany_domain/config/fmwconfig/credMapKeystore.jks -storepass welcome1
Verify Custom Keystore Location for SOA Domain
1) EM->Weblogic->SOA_Domain->Security Provider ->Keystore
For each server (Admin + MS) we have to change the KeyStore configuration.
So for each server go to: Configuration -> Keystores
/d01/app/shared/admin/mycompany_domain/aserver/mycompany_domain/config/fmwconfig/credMapKeystore.jks
Verify Custom Keystore Location for SOA Infra
2) Click SOA -> right-click soa-infra
Select SOA Administration -> Common Properties
Click More SOA Infra Advanced Properties->KeyStore:
/d01/app/shared/admin/mycompany_domain/aserver/mycompany_domain/config/fmwconfig/credMapKeystore.jks
Unset SSL Keystore from setDomainEnv:
vi /d01/app/shared/admin/mycompany_domain/aserver/mycompany_domain/bin/setDomainEnv.sh
Incase If we are using DemoTrust: Import the same ThirdCompany certificate:
keytool -list -keystore /d01/app/oracle/product/fmw/wlserver_10.3/server/lib/DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase
keytool -import -alias bsa.ThirdCompany -file bsa.ThirdCompany.crt -keystore /d01/app/oracle/product/fmw/wlserver_10.3/server/lib/DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase -trustcacerts
Categories: Development