Configuring High Availability for Identity Management Components 8-49 automatically. ACLs and adapter namespaces must be configured independently of each other. The ACL configuration file is acls.os_xml. Oracle Virtual Directory instance-specific data is stored in the ORACLE_INSTANCE home. The wallet is also stored in the instance home. If a single Oracle Virtual Directory instance fails, use OPMN to restart the instance.

8.4.1.2.1 Oracle Virtual Directory Log File The log files for an Oracle Virtual Directory

instance are stored in the following directory in the instance home: ORACLE_INSTANCE diagnosticslogsOVDOVDComponentName For more information on using the Oracle Virtual Directory log files to troubleshoot Oracle Virtual Directory issues, see Section 8.4.6, Troubleshooting Oracle Virtual Directory High Availability .

8.4.2 Oracle Virtual Directory High Availability Concepts

This section provides conceptual information about using Oracle Virtual Directory in a high availability two-node cluster. See Section 8.4.2.2, Oracle Virtual Directory Prerequisites for prerequisites and Section 8.4.3, Oracle Virtual Directory High Availability Configuration Steps for specific steps for setting up the two-node cluster.

8.4.2.1 Oracle Virtual Directory High Availability Architecture

Figure 8–5 shows the Oracle Virtual Directory high availability architecture in an active-active configuration. Figure 8–5 Oracle Virtual Directory in a High Availability Environment Figure 8–5 shows Oracle Virtual Directory in the directory tier in a high availability architecture. The two-node cluster is set up at installation time. The load balancing router routes requests to the two Oracle Virtual Directory instances that are clustered on OVDHOST1 and OVDHOST2. Fast Connection Failover FCF is used for notification when an Oracle RAC instance becomes unavailable. The two computers have the same Oracle Virtual Directory configuration. The Oracle Virtual Directory configuration for each instance is stored in its ORACLE_INSTANCE. Each Oracle Virtual Directory Instance configuration must be updated separately by using Oracle Directory Services Manager to connect to each Oracle Virtual Directory instance one at a time. The alternate approach is to update the configuration of one Oracle Virtual Directory instance and then use cloning to copy the configuration to the other Oracle Virtual Directory instance or instances. See the Cloning Oracle Fusion Middleware chapter in Oracle Fusion Middleware Administrators Guide for more information about cloning. OVDHOST2 OVDHOST1 Firewall OVD OVD Load Balancer LDAP Store or Database Store 8-50 Oracle Fusion Middleware High Availability Guide OPMN is used to start and stop Oracle Virtual Directory instances. When a cluster that includes multiple Oracle Virtual Directory instances is started, there is no impact on the individual Oracle Virtual Directory instances in the cluster. The load balancing router detects a hang or failure of an Oracle Virtual Directory instance and routes LDAP and HTTP traffic to surviving instances. When the instance becomes available again, the load balancing router detects this and routes traffic to all the surviving instances. If an instance fails in the middle of a transaction, the transaction is not committed to the back end. If one Oracle Virtual Directory instance in the two-node Oracle Virtual Directory cluster fails, the load balancing router detects this and reroutes the LDAP client traffic to the surviving instance or instances in the cluster. When the Oracle Virtual Directory instance comes up again, the load balancing router detects this and reroutes the LDAP client traffic instance to the surviving instance or instances in the cluster.

8.4.2.1.1 Oracle Virtual Directory High Availability Connect Features Oracle Virtual Directory

offers multiple high availability capabilities, including: ■ Fault Tolerance and Failover: Oracle Virtual Directories provide fault tolerance in two forms: – They can be configured in fault tolerant configurations. – They can manage flow to fault tolerant proxied sources. Multiple Oracle Virtual Directories can be quickly deployed simply by copying, or even sharing configuration files. When combined with round-robin DNS, redirector, or cluster technology, Oracle Virtual Directory provides a complete fault-tolerant solution. For each proxied directory source, Oracle Virtual Directory can be configured to access multiple hosts replicas for any particular source. It intelligently fails over between hosts and spreads the load between them. Flexible configuration options allow administrators to control percentages of a load to be directed towards specific replica nodes and to indicate whether a particular host is a read-only replica or a read-write server master. This avoids unnecessary referrals resulting from attempts to write to a read-only replica. ■ Load Balancing: Oracle Virtual Directory was designed with powerful load balancing features that allow it to spread load and manage failures between its proxied LDAP directory sources. Oracle Virtual Directory’s virtual directory tree capability allows large sets of directory information to be broken up into multiple distinct directory servers. Oracle Virtual Directory is able to recombine the separated data sets back into one virtual tree by combining the separate directory tree branches. Note: Oracle Directory Services Manager should be used to manage Oracle Virtual Directory configuration. Oracle Directory Services Manager should not connect to Oracle Virtual Directory through the load balancer to perform configuration updates to an Oracle Virtual Directory instance; instead, it should connect explicitly to a physical Oracle Virtual Directory instance to perform a configuration update for that instance. Configuring High Availability for Identity Management Components 8-51 If you have multiple LDAP servers for a particular source, the Oracle Virtual Directory LDAP Adapter can load balance and failover for these servers on its own. This load balancing and failover happens transparently to the client and does not require any additional hardware or changes to the client connecting to Oracle Virtual Directory. The Database adapter supports load balancing and failover if the underlying JDBC driver provides this functionality. Additionally, Oracle Virtual Directory is certified for use with Oracle Real Application Clusters Oracle RAC. See Section 4.1.5, JDBC Clients for more information about using Oracle Virtual Directory with Oracle RAC. Oracle Virtual Directory Routing also provides load balancing capabilities. Routing allows search filters to be included in addition to the search base to determine optimized search targets. In this load balancing approach, Oracle Virtual Directory automatically routes queries to the appropriate virtualized directory sources enabling the ability to work with many millions of directory entries. The log files for an Oracle Virtual Directory instance are stored in the following directory in the instance home: ORACLE_INSTANCE diagnosticslogsOVDOVDComponentName For more information on using the Oracle Virtual Directory log files to troubleshoot Oracle Virtual Directory issues, see Section 8.4.6, Troubleshooting Oracle Virtual Directory High Availability .

8.4.2.2 Oracle Virtual Directory Prerequisites