The identity applications supports HTTP session replication and session failover. If a session is in process on a node and that node fails, the session can be resumed on another server in the cluster without intervention. Before installing the identity applications in a cluster, you should prepare the environment.
The JGroups communications module provides communication among groups that share a common name, multicast address, and multicast port. JGroups is installed with JBoss, but you can use it without JBoss. The User Application includes a JGroups module in the identity applications WAR file to support caching in a cluster environment. For more information about configuring caching, see Caching Management in the NetIQ Identity Manager User Application: Administration Guide.
JBoss uses the JGroups communications module to implement JBoss clusters. JBoss defines the configuration of JGroups and session replication which depends on the version of JBoss you are using.
For more information about JBoss clusters, see the JBoss wiki page for High availability and clustering services.
The identity applications uses an additional cluster group solely to coordinate caches for the identity applications in a clustered environment in JBoss and WebSphere clusters. The User Application cluster group is independent of the two JBoss cluster groups and does not interact with them. By default, the User Application cluster group and the two JBoss groups use different group names, multicast addresses, and multicast ports, so no reconfiguration is necessary. The following table lists the default settings for the User Application cluster group.
|
Setting |
Default Value |
|---|---|
|
Name |
c373e901aba5e8ee9966444553544200 |
|
Multicast address |
228.8.8.8 |
|
Port |
45654 |
The User Application cluster group uses a UUID name to minimize the risk of conflicts with other cluster groups that users might add to their servers. You can modify the configuration settings for User Application cluster group using the User Application administration features. Changes to the cluster configuration take effect for a server node only when you restart that node.
For more information about prerequisites for installing in a cluster environment, see Section 28.3, Prerequisites and Considerations for Installing the Identity Applications.
Each server that hosts the identity applications in the cluster can run a workflow engine. To ensure performance of the cluster and the workflow engine, every server in the cluster should use the same partition name and partition UDP group. Also, each server in the cluster must be started with a unique ID for the workflow engine, because clustering for the workflow engine works independently of the cache framework for the identity applications.
To ensure that your workflow engines run appropriately, you must set system properties for the application server.
Open the JBoss startup script, by default located in the directory where you downloaded the identity applications files.
Linux: start-jboss.sh
Windows: start-jboss.bat
Add the following text to the script:
start run.bat -c IDM -Djboss.partition.name=PartitionName -Djboss.partition.udpGroup=UDP_Group -Dcom.novell.afw.wf.engine-id=Engine_ID
where
PartitionName represents the name of the partition, such as Example_Partition.
UDP_Group represents the User Datagram Protocol (UDP) group for the partition, such as 228.3.2.1.
Engine_ID represents the unique ID of the workflow engine, such as Engine1.
Close and save the setup script.
Repeat for each identity applications server in the cluster.
Create a new JVM system property for each identity applications server in the cluster.
Name the system property com.novell.afw.wf.engine-id where the engine ID is a unique value.
The identity applications encrypt sensitive data using a master key. All identity applications in a cluster must use the same master key. This section helps you ensure that all identity applications in a cluster use the same master key.
For more information about creating the master key, see Security - Master Key in Step 7. For more information about encrypting sensitive data in the identity applications, see “Encryption of Sensitive User Application Data” in the User Application Administration Guide.
Install the User Application on the first node in the cluster.
In the Security - Master Key window of the installation program, note the location of the master-key.txt file that will contain the new master key for the identity applications. By default, the file is in the installation directory.
Install the identity applications on the other nodes in the cluster.
In the Security - Master Key window, click Yes and then click Next.
In the Import Master Key window, copy the master key from the text file that was created in Step 2.