In order for an OracleAS Active Failover Cluster to service Oracle Internet Directory LDAP and HTTP (for OracleAS Single Sign-On and Oracle Delegated Administration Services) requests, a load balancer is required for the OracleAS Active Failover Cluster configuration. The hostname of the load balancer virtual server is exposed as the hostname of the Infrastructure for these requests. This section describes the configuration requirements for the load balancer for the default installation of OracleAS Active Failover Cluster.
For high availability, the following is recommended:
■ The load balancer should be deployed in a fault tolerant configuration. Two load balancers should be used. These fault tolerant load balancers should be identical in terms of their configuration and capacity. Their failover should be automatic and seamless from the middle tier’s standpoint.
■ The load balancer type used should be able to handle both HTTP and LDAP traffic in the default OracleAS Active Failover Cluster configuration described in this chapter. Any load balancing mechanism that supports only one of the protocols (for example, OracleAS Web Cache for HTTP) cannot be used in the default configuration.
■ The load balancer should be accessible from all nodes of the OracleAS Active Failover Cluster deployment.
■ The load balancer should be accessible from all machines that need to access the Infrastructure.
■ The load balancer should not drop idle connections. Any timeouts associated with dropping of connection should be eliminated.
Two load balancer parameters are of primary importance for the OracleAS Active Failover Cluster configuration:
■ The nodes to which the load balancer directs traffic. ■ The persistence setting of the load balancer.
The recommended setting for the load balancer for the above two parameters are provided below in Table 3–2. Load balancers come in many flavors and each may have its own configuration mechanism. Consult your load balancer’s documentation for the specific instructions to achieve these configurations.
Table 3–2 Recommended settings for load balancer
Deployment Phase Traffic redirection Setting Persistence Setting
OracleAS Active Failover Cluster installation
■ Load balancer directs traffic to the node being installed and only to that node.
High Availability Configurations for Infrastructure
The persistence mechanism used should provide session level stickiness. By default, HTTP and Oracle Internet Directory requests both use the same virtual host address configured for the load balancer. Hence, the persistence mechanism used is available for both kinds of requests.
If the load balancer allows for the configuration of different persistence mechanisms for different server ports (LDAP and HTTP) for the same virtual server, then this is recommended strategy. In this case, a cookie-based persistence with session-level timeout is more suitable for the HTTP traffic. No persistence setting is required for the LDAP traffic.
OracleAS Active Failover Cluster normal operations
■ Load Balancer directs traffic to all nodes of the OracleAS Active Failover Cluster configuration that are up and is configured to load balance this traffic.
■ If not all hardware cluster nodes are used for the OracleAS Active Failover Cluster, the number of nodes to load balance traffic to may be less than the nodes in the hardware cluster .
■ If any node of the OracleAS Active Failover Cluster is not available or if any of the Oracle Internet Directory, HTTP, or SSO processes is down, the load balancer should not direct traffic to these nodes.
Session level persistence should be configured for LDAP and HTTP traffic.
OracleAS Active Failover Cluster node or process is brought down
■ If a node or an OracleAS Active Failover Cluster process on a node is being brought down, the current node should be disabled from the list of nodes the load balancer directs traffic to. Refer to your load balancer’s
documentation for the best way to do this.
Session level persistence should be configured for LDAP and HTTP traffic.
middle tier association ■ When a new middle tier is being associated (such as during middle tier installation), the load balancer is required to direct traffic to just one node of the OracleAS Active Failover Cluster. This could be any node in the cluster.
This is required only during the duration of the middle tier installation. Once middle tier association is done, the load balancer can be configured back to its previous state. Check with your load balancer
documentation on accomplishing this without disrupting existing connections (primarily LDAP) to the OracleAS Active Failover Cluster.
Session level persistence should be configured for LDAP and HTTP requests.
Table 3–2 (Cont.) Recommended settings for load balancer
High Availability Configurations for Infrastructure
If the load balancer does not allow specification of different persistence mechanisms for LDAP and HTTP, then the timeout value for session level stickiness should be configured based on the requirements of the deployed application. The timeout value should not be too high as chances of traffic from a given middle tier instance always being directed to the same node of the OracleAS Active Failover Cluster are higher. Alternatively, if the timeout is too low, the chances of a session timeout occurring for longer running operations that access the Infrastructure are higher.
The recommended default stickiness timeout is 60 seconds. This should be adjusted based on the nature of the deployment and the load balancing achieved across the OracleAS Active Failover Cluster nodes. It should be increased if session timeouts are experienced by Delegated Administration Services users. It should be decreased if even load balancing is not achieved.
Both the LDAP & HTTP traffic should be tested after configuration of the load
balancer. This should be done from any machine outside the OracleAS Active Failover Cluster. The tests should have the following coverage:
■ Access and test the Oracle Delegated Administration Services URL to test HTTP requests.
■ Access and test the OracleAS Single Sign-On URL to test HTTP requests. ■ Access and test the Oracle Internet Directory by running a few ldapsearch
commands for LDAP requests.
The requests types above should be directed to different nodes of the OracleAS Active Failover Cluster. The desired operation(s) should complete successfully for the tests to be successful.