Oracle9i Application Server Release Notes Release 2 (9.0.2) for Windows NT/2000 Part Number A90334-03 |
|
This chapter summarizes management and security issues associated with Oracle9i Application Server. Topics include:
This section contains the following topics:
Several Oracle9iAS components require the clocks on the machines on which they run to be synchronized. You can synchronize the clocks by running the Network Time Protocol (NTP) daemon on these machines. You do this by using abouttime
or such similar software for Windows.
There are several ways to configure how to load an application.
Concurrent administrative operations on a cluster are not supported in Oracle9iAS Release 2 (9.0.2). Configuration information for clusters is stored in a central repository. All members of the cluster have access to this repository. This keeps configuration consistent across the cluster. Since the objects in the repository are shared across the cluster, concurrent write access to these objects is not allowed.
This section describes how to direct requests to OC4J instances running on Oracle homes that are different from the one that first received the request. In other words, Oracle HTTP Server receives a request, then forwards it to an OC4J instance that belongs to a different Oracle home. In that Oracle home, OC4J instances are running, but Oracle HTTP Server may or may not be running. The Oracle homes can be installed on the same machine or different machines.
This scenario is different from clusters. In a cluster, all the Oracle9iAS instances are configured identically, and mod_oc4j sends requests to the instances in the cluster in a round-robin fashion. See the "Application Server Clustering" chapter in the Oracle9i Application Server Administrator's Guide for details on clustering.
In this scenario, the Oracle9iAS instances do not need to be the same type: they can be different mid-tier types and they can be configured differently. You can even direct requests between an infrastructure and a mid-tier type. See Section 3.1.4.3, "Directing Requests between Infrastructure and Mid-Tier" for details.
For this to work, your environment must have the following characteristics:
OC4J_Portal
, OC4J_DAS
, OC4J_Wireless
) and the OC4J instance must be running.
The procedure for directing requests to another Oracle home is to edit the Oc4jConf
directive in the ORACLE_HOME
/Apache/Apache/conf/mod_oc4j.conf
file. The directive maps URLs to OC4J instances.
By default, the directive directs requests to OC4J instances in the local Oracle home (the OC4J instances belong to the same host:port specified in the URL).
For example, the following lines route requests that begin with /webapp
and /portal
to the home
and OC4J_Portal
OC4J instances on the local Oracle9iAS instance, respectively:
Oc4jMount /webapp/* home Oc4jMount /portal/* OC4J_Portal
To direct requests to an OC4J instance on another Oracle home, you prepend the name of the Oracle9iAS instance to the OC4J instance name, and you use the keyword "instance".
Syntax:
Oc4jMount url instance://ias_instance_name1:oc4j_instance_name [, ias_instance_name2:oc4j_instance_name, ...] Oc4jMount url cluster://cluster_name1:oc4j_instance_name [, cluster_name2:oc4j_instance_name, ...]
where:
instance
is a keyword.
cluster
is a keyword.
If you specify more than one instance name, the requests are sent to the instances in a round-robin manner.
For clustering details, see the "Application Server Clustering" chapter in the Oracle9i Application Server Administrator's Guide.
For example, the following lines direct the requests to instances on an Oracle9iAS instance called "pw.machine2.us.oracle.com". The instances are running on a machine called "machine2.us.oracle.com".
Oc4jMount /webapp/* instance://pw.machine2.us.oracle.com:home Oc4jMount /portal/* instance://pw.machine2.us.oracle.com:OC4J_Portal
The syntax allows you to specify more than one instance to which to direct the requests. You separate the instances with the comma character. For example, the following line directs /portal/*
requests to the OC4J_Portal
instance running on machine2 and machine3 (all on one line):
Oc4jMount /portal/* instance://pw.machine2.us.oracle.com:OC4J_Portal, pw.machine3.us.oracle.com:OC4J_Portal
In the example above, the pw.machine2.us.oracle.com
and the pw.machine3.us.oracle.com
Oracle9iAS instances do not need to be the same install type, but they do need to be running the OC4J_Portal
instance.
The syntax also allows you to direct requests to clusters. Oracle HTTP Server distributes the requests to the Oracle9iAS instances in the cluster.
The following example directs requests to OC4J_Portal
instances in Oracle9iAS instances in the forms_cluster
cluster.
Oc4jMount /portal/* cluster://forms_cluster:OC4J_Portal
A specific situation where you might want to redirect requests is where you have installed the Oracle9iAS infrastructure and a mid-tier install type on the same machine, but in different Oracle homes. You have Oracle HTTP Server processes running from both Oracle homes; they listen at different port numbers. Figure 3-1 shows such a situation: a machine, called machine1, has two Oracle homes. The infrastructure Oracle HTTP Server listens at port 7777, and the mid-tier Oracle HTTP Server listens at port 7780.
You now want to reduce the number of Oracle HTTP Server processes. One way of doing this is to configure Oracle HTTP Server running on one Oracle home (infrastructure's or mid-tier's) so that it can be the front-end to the other Oracle home. Two scenarios are possible:
In both scenarios, the Oracle9iAS instances are different (infrastructure and mid-tier installation types) and thus cannot be clustered together.
The following table lists the advantages and disadvantages of consolidating Oracle HTTP Servers:
In this scenario (Figure 3-2), you shut down the Oracle HTTP Server running on the mid-tier. All requests goes through the Oracle HTTP Server running on the infrastructure Oracle home.
To enable the infrastructure Oracle HTTP Server to handle these requests, you have to do the following step:
To configure the mod_oc4j.conf
file on the infrastructure:
mod_oc4j.conf
file, so that you have a backup.
Oc4jMount
lines from the mid-tier mod_oc4j.conf
to the infrastructure mod_oc4j.conf
.
Note that there are some lines that are the same in both the infrastructure and mid-tier files. Do not copy these lines from the mid-tier file (that is, use the lines already in the infrastructure file).
The list below shows the lines in the mid-tier mod_oc4j.conf
file.
Oc4jMount /j2ee/* # do not copy; already in the infrastructure file Oc4jMount /wwcp OC4J_Wireless Oc4jMount /wwcp/* OC4J_Wireless Oc4jMount /modules OC4J_Wireless Oc4jMount /modules/* OC4J_Wireless Oc4jMount /push OC4J_Wireless Oc4jMount /push/* OC4J_Wireless Oc4jMount /async OC4J_Wireless Oc4jMount /async/* OC4J_Wireless Oc4jMount /ptg OC4J_Wireless Oc4jMount /ptg/* OC4J_Wireless Oc4jMount /jocdemo OC4J_Demos # do not copy; already in the infrastructure file Oc4jMount /jocdemo/* OC4J_Demos # do not copy; already in the infrastructure file Oc4jMount /ojspdemos OC4J_Demos Oc4jMount /ojspdemos/* OC4J_Demos Oc4jMount /repdemo OC4J_Demos Oc4jMount /repdemo/* OC4J_Demos Oc4jMount /bmp OC4J_Demos Oc4jMount /bmp/* OC4J_Demos Oc4jMount /callerInfo OC4J_Demos Oc4jMount /callerInfo/* OC4J_Demos Oc4jMount /onlineorders OC4J_Demos # do not copy; already in the infrastructure file Oc4jMount /onlineorders/* OC4J_Demos # do not copy; already in the infrastructure file Oc4jMount /webapp home # do not copy; already in the infrastructure file Oc4jMount /webapp/* home # do not copy; already in the infrastructure file Oc4jMount /cabo home # do not copy; already in the infrastructure file Oc4jMount /cabo/* home # do not copy; already in the infrastructure file Oc4jMount /studio OC4J_Portal Oc4jMount /studio/* OC4J_Portal Oc4jMount /jpdk OC4J_Portal Oc4jMount /jpdk/* OC4J_Portal Oc4jMount /syndserver OC4J_Portal Oc4jMount /syndserver/* OC4J_Portal Oc4jMount /ultrasearch/query OC4J_Portal Oc4jMount /ultrasearch/query/* OC4J_Portal Oc4jMount /customization OC4J_Portal Oc4jMount /customization/* OC4J_Portal Oc4jMount /webtool OC4J_Portal Oc4jMount /webtool/* OC4J_Portal Oc4jMount /wcp OC4J_Portal Oc4jMount /wcp/* OC4J_Portal Oc4jMount /ultrasearch/admin OC4J_Portal Oc4jMount /ultrasearch/admin/* OC4J_Portal Oc4jMount /ultrasearch/admin_sso OC4J_Portal Oc4jMount /ultrasearch/admin_sso/* OC4J_Portal Oc4jMount /uddi OC4J_Portal Oc4jMount /uddi/* OC4J_Portal Oc4jMount /provider/ultrasearch OC4J_Portal Oc4jMount /provider/ultrasearch/* OC4J_Portal Oc4jMount /portal OC4J_Portal Oc4jMount /portal/* OC4J_Portal Oc4jMount /examples OC4J_Portal Oc4jMount /examples/* OC4J_Portal Oc4jMount /OP OC4J_BI_Forms Oc4jMount /OP/* OC4J_BI_Forms Oc4jMount /reports OC4J_BI_Forms Oc4jMount /reports/* OC4J_BI_Forms Oc4jMount /click OC4J_BI_Forms Oc4jMount /click/* OC4J_BI_Forms Oc4jMount /discoverer OC4J_BI_Forms Oc4jMount /discoverer/* OC4J_BI_Forms
mod_oc4j.conf
file so that it contains the "instance://
" keyword and the name of the mid-tier instance.
Table 3-2 shows an example of how the lines would look in the infrastructure mod_oc4j.conf
. In the table, ias_mid_tier_instance_name refers to the name of your mid-tier instance. Note that the table shows only a sample of two lines; you need to edit the rest of the lines that you copied.
You can edit the mod_oc4j.conf
file using OEM or a text editor. See Section 3.1.4.9, "Editing the mod_oc4j.conf File" for details. If you use a text editor to edit mod_oc4j.conf
, you must run "dcmctl updateConfig
" and restart Oracle HTTP Server after you edit the file.
OC4J_Demos
and home
OC4J instances on the infrastructure. By default, these OC4J instances are not started up in the infrastructure. You can start them up using dcmctl
or OEM.
Figure 3-3 shows a configuration where the infrastructure Oracle HTTP Server goes away, and all requests go through the mid-tier Oracle HTTP Server.
You have to configure Oracle HTTP Server on the mid-tier to handle requests that used to be handled by the infrastructure Oracle HTTP Server. This involves:
To configure the mid-tier mod_oc4j.conf
file:
mod_oc4j.conf
file, so that you have a backup.
Oc4jMount
lines from the infrastructure mod_oc4j.conf
to the mid-tier mod_oc4j.conf
.
Note that there are some lines that are the same in both the infrastructure and mid-tier files. Do not copy these lines from the infrastructure file (that is, use the lines already in the mid-tier file). The only lines that you need to copy are the /oiddas
lines.
The list below shows the lines in the infrastructure mod_oc4j.conf
file.
Oc4jMount /j2ee/* # do not copy; already in the mid-tier file Oc4jMount /jocdemo OC4J_Demos # do not copy; already in the mid-tier file Oc4jMount /jocdemo/* OC4J_Demos # do not copy; already in the mid-tier file Oc4jMount /onlineorders OC4J_Demos # do not copy; already in the mid-tier file Oc4jMount /onlineorders/* OC4J_Demos # do not copy; already in the mid-tier file Oc4jMount /webapp home # do not copy; already in the mid-tier file Oc4jMount /webapp/* home # do not copy; already in the mid-tier file Oc4jMount /cabo home # do not copy; already in the mid-tier file Oc4jMount /cabo/* home # do not copy; already in the mid-tier file Oc4jMount /oiddas OC4J_DAS Oc4jMount /oiddas/* OC4J_DAS
mod_oc4j.conf
file so that it contains the "instance://
" keyword and the name of the infrastructure instance, as shown in Table 3-3.
In the table, ias_infra_instance_name refers to the name of the infrastructure instance.
You can edit the mod_oc4j.conf
file using Enterprise Manager or a text editor. See Section 3.1.4.9, "Editing the mod_oc4j.conf File" for details.
Note:
If you use a text editor to edit |
You can determine the name of an Oracle9iAS instance by running the dcmctl
command with the whichInstance
option:
prompt> dcmctl whichInstance doctest_j2ee.machine1.us.oracle.com
The instance name contains the host name, including the domain name.
dcmctl
is in ORACLE_HOME
/dcm/bin
. If you have multiple Oracle homes on the same machine, run the command from the appropriate ORACLE_HOME.
For example, to route requests from the mid-tier to infrastructure OC4J instances (scenario 2), you need the name of the infrastructure instance.
prompt> cd INFRASTRUCTURE_ORACLE_HOME prompt> cd dcm/bin prompt> ./dcmctl whichInstance doctest_infra.machine1.us.oracle.com
You can determine the names of installed OC4J instances on a machine by running the dcmctl
command with the listComponents
option on that machine:
prompt> dcmctl listComponents HTTP Server OC4J_BI_Forms OC4J_Demos OC4J_Portal OC4J_Wireless home
The command returns the names of Oracle HTTP Server instances as well. You can determine the type of a component by running the dcmctl
command with the getComponentType
option:
prompt> dcmctl getComponentType -co home oc4j prompt> dcmctl getComponentType -co "HTTP Server" ohs
To route requests from the mid-tier to the infrastructure OC4J instances (scenario 2), you need the OC4J_DAS
instance on the infrastructure.
You can determine the names of clusters by running the dcmctl
command with the listClusters
option.
prompt> dcmctl listClusters forms_cluster
You can edit the ORACLE_HOME
/Apache/Apache/conf/mod_oc4j.conf
file using a text editor or Enterprise Manager.
To edit the mod_oc4j.conf
file using Enterprise Manager:
http://host:1810/
where host specifies the machine running Enterprise Manager. The default port is 1810.
This displays the "Edit mod_oc4j.conf" page.
To edit the mod_oc4j.conf
file using a text editor:
ORACLE_HOME
/Apache/Apache/conf
.
prompt> cd ORACLE_HOME/Apache/Apache/conf
dcmctl
with the updateConfig
parameter.
prompt> cd ORACLE_HOME/dcm/bin prompt> ./dcmctl updateConfig
prompt> ./dcmctl restart -ct ohs
The following are known issues associated with Oracle9iAS security.
If a wallet contains a user certificate as a trustpoint for a server, then a core dump occurs when the user connects to the server.
Oracle Corporation recommends not adding user certificates to trustpoints or trusted certificate lists in the Oracle wallet. Instead, install the certificate authority (CA) signers' certificate as a trustpoint.
|
![]() Copyright © 2002 Oracle Corporation. All Rights Reserved. |
|