Architecture and Components
- Single Host/Domain: All components are installed in one host under a single domain. This is recommended for testing and demos but not for production due to the lack of redundancy.
- Multi Host/Domain: Components are installed in multiple hosts and split in two domains for High Availability, AccessDomain (OAM) and GovernanceDomain (OIM). By having OAM and OIM in different domains also helps to maintain and patch each component separately.This approach also offers a mix of options:
- Distributed: 8 hosts, consisting of 2 web hosts, 2 OAM hosts, 2 OIM hosts and 2 directory hosts.
- Consolidated: 4 hosts, consisting of 2 web hosts, 2 IAM hosts (OIM + OAM + LDAP)
Automated x Manual Installation
- Automated. The biggest advantage is the time spent in deploying the components. The deployment of a HA, split domain, consolidated topology can be done in a couple of days work. Also, the complexity and numbers of manual steps required is greatly reduced, translating in fewer errors, issues and planning time. Rather than having to manually install and configure each component (JRE, WLS, OUD, OAM, SOA, OIM), this new tool allows you to run a few commands to install and configure the whole stack. Another advantage is the ability to reproduce a successful install: once you created a response file, is easy to just change its values (hostnames, port numbers, passwords, etc, etc) and run the deployment tool again on another environment. That also leads to consistency between your environments as they will all have the same basic structure and configuration.
- Manual. The manual approach gives you more freedom and flexibility, as to which components, architecture and products you want to install (though future releases will probably reduce this gap). The manual installation requires a considerable amount of time to plan, install and configure all components, and if not followed the exact process can lead to a problematic environment down the road. The number of required manual steps is estimated in over a thousand and it will require more than a week (if you're already familiar with the process) to get a full working OAM-OIM integrated environment in a High Available architecture. Reproducibility is another problem. Trying to recreate a second environment (Development, Test, Production, DR, etc) requires a controlled and documented installation process and I’ve seen many customers failing to do so.
Things to watch out when deploying with the new tool
- Get familiar with the 11gR2PS2 Enterprise Deployment Guide (http://docs.oracle.com/cd/E40329_01/doc.1112/e48618/toc.htm). It will help you understand the new concept and to make the required preparations before starting the deployment;
- Stick to the recommended architecture, whichever you choose, single domain or split domain, and to the number of hosts/components;
- Having a NFS shared mounting point to host the installation files makes the process even faster and easier. Make sure to mount the installation directory in the web hosts too, you can unmount it later after the installation completes.
- Dedicate some time to verify if all the hosts and infrastructure are correctly configured. Check if all hosts are resolvable both in through DNS and hosts files (again, you can isolate the web hosts later, after installation finishes), kernel parameters, mounting points, database, available disk space and temp directory, load balancer, etc. Refer to the EDG guide and make notes of all the requirements before starting the deployment.
- When you create the Database Schemas with RCU, use two prefixes, but make sure to create the ORASDPM schema for both OIM and OAM. For example:
OAM, IAU, ORASDPM, MDS, OPSS, OAAM
OIM, SOA_INFRA, MDS, OPSS, ORASDPM
- Before even start to run the tool check the Support Note 1662923.1. There are some required manual steps that need to be executed before and right after executing the tool.
- In case you encounter an error, the clean up procedure basically instructs you to erase everything and start all over. In my experience I found some minor issues (low /tmp space or hosts not resolvable) that were not caused by the tool itself. In my case just deleting the /stage/lcm/provisioning/phaseguards files for that particular phase lured the tool into thinking it hasn’t started the phase yet and it allowed me to correct the issue and run phase again. Might worth a try before erasing everything and starting over.
- After the installation (and the manual steps described in Support Note 1662923.1, https://support.oracle.com/epmos/faces/DocumentDisplay?id=1662923.1) completes, there are still a couple of manual steps that need to be executed. Don’t forget to check the EDG guide and follow them through.
- IDM 11gR2PS2 EDG: http://docs.oracle.com/cd/E40329_01/doc.1112/e48618/toc.htm
- Identity Management Deployment Repository Download Page: http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/oid-11gr2-2104316.html
- Support Note 1662923.1 - https://support.oracle.com/epmos/faces/DocumentDisplay?id=1662923.1