30.2 Preparing a Cluster for the Identity Applications

The identity applications supports HTTP session replication and session failover. If a session is in process on a node and that node fails, the session can be resumed on another server in the cluster without intervention. Before installing the identity applications in a cluster, you should prepare the environment.

30.2.1 Understanding Cluster Groups in Tomcat Environments

The User Application cluster group uses a UUID name to minimize the risk of conflicts with other cluster groups that users might add to their servers. You can modify the configuration settings for User Application cluster group using the User Application administration features. Changes to the cluster configuration take effect for a server node only when you restart that node.

For more information about prerequisites for installing in a cluster environment, see Prerequisites and Considerations for Installing the Identity Applications.

30.2.2 Setting System Properties for Workflow Engine IDs

Each server that hosts the identity applications in the cluster can run a workflow engine. To ensure performance of the cluster and the workflow engine, every server in the cluster should use the same partition name and partition UDP group. Also, each server in the cluster must be started with a unique ID for the workflow engine, because clustering for the workflow engine works independently of the cache framework for the identity applications.

To ensure that your workflow engines run appropriately, you must set system properties for Tomcat.

  1. Create a new JVM system property for each identity applications server in the cluster.

  2. Name the system property com.novell.afw.wf.engine-id where the engine ID is a unique value.

30.2.3 Using the Same Master Key for Each User Application in the Cluster

The identity applications encrypt sensitive data using a master key. All identity applications in a cluster must use the same master key. This section helps you ensure that all identity applications in a cluster use the same master key.

For more information about creating the master key, see Security - Master Key in Step 6. For more information about encrypting sensitive data in the identity applications, see Encrypting Sensitive Identity Applications Data in the NetIQ Identity Manager - Administrator’s Guide to the Identity Applications.

  1. Install the User Application on the first node in the cluster.

  2. In the Security - Master Key window of the installation program, note the location of the master-key.txt file that will contain the new master key for the identity applications. By default, the file is in the installation directory.

  3. Install the identity applications on the other nodes in the cluster.

  4. In the Security - Master Key window, click Yes and then click Next.

  5. In the Import Master Key window, copy the master key from the text file that was created in Step 2.