Simon Haslam Jacco Landlust

Enterprise Deployments:

The Real World of Best Practices

Simon Haslam Consultant at Veriton & O-box Tech. Director FMW infrastructure: high availability, security, performance

Jacco Landlust

Platform Architect Director at Oracle Consulting

Fusion middleware, database & Engineered Systems

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Safe Harbor Statement

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

A brief history

EDG benefits & what is covered by EDG

What is not covered by EDG - real world

Engineered Systems & state of the art

Firstly: Motivation

Business systems increasingly operate 24/7 ◦ Global customers and/or suppliers

◦ Self-service (web, mobile)

◦ Consolidated IT

Unplanned downtime is more visible than ever

Consumer web sites set high expectations

One big machine?

IBM zEnterprise 196 https://www-03.ibm.com/press/us/en/pressrelease/32166.wss

Perfectly valid

Suits particular kinds of organisations

Still state of the art for resilience and fault tolerance

Common Practice in Oracle Environments

High availability by redundancy

Security by network segregation

Scalability by adding more servers 6 4 5

1 2

Firewall

Note: HA term is generally used for single site, DR for multi-site (though boundary is blurred with active-active multi-site)

Oracle Clustering Technologies

Database ◦ RAC

Middleware ◦ WebLogic Clusters

◦ Coherence Clusters

◦ (product specific clustering, e.g. WebCenter Content)

… & active/passive, e.g. clusterware

MAA papers ◦ database

◦ middleware

Enterprise Deployment Guides (EDG)

History

Focus

Disaster Recovery High Availability Security Scalability (single site)

More exotic (e.g. active-active sites)

Docs: HA Guide, DR Guide, Admin Guides

Enterprise Deployment Guides

Fusion Middleware ◦ Business Intelligence

◦ Identity Management

◦ SOA Suite

◦ WebCenter Content

◦ WebCenter Portal

Exalogic-specific ◦ WebLogic

◦ Identity Management

◦ SOA Suite

(fka Fusion Applications)

A brief history

EDG benefits & what is covered by EDG

What is not covered by EDG - real world

Engineered Systems & state of the art

EDG Benefits

You don’t have to know so much (but knowledge helps )

Best practice configuration based on Oracle experience

Familiar to other admins using EDG

Recognised by Oracle Support

What is covered by EDG?

Topology and segregation

Some suggested naming conventions

Single site HA, including load balancers

Database HA (generally dictates RAC)

Security (starting point)

EDGs are sometimes treated like ‘facts’ – they are not – more like ‘a serving suggestion’

Quick Tour

12c generic EDG diagram

EDG Approach

Layering with verification at each stage ◦ Base domain (FMW infra in 12c) ◦ Web tier (web server and/or load balancers) ◦ [Extend, configure, test] repeat

Assumes manually installed ◦ Oracle doesn’t provide “EDG ready” scripts ◦ New EM 12c R4 is probably nearest to out of box EDG

Directory Structure

Green = shared Yellow = local

Topologies

SOA & OSB SOA & BAM Build Your Own

Your own topology New for 12c

A brief history

EDG benefits & what is covered by EDG

What is not covered by EDG - real world

Engineered Systems & state of the art

What is the “Real World” like?

Virtual Machines Licences Component workloads Shared storage Security & management networks Lifecycle requirements Non-Oracle admin teams Disaster Recovery

Real World: Virtual Machines

Very flexible – likely to want one function per VM Location flexibility so have alternative failover approaches ◦ E.g. to reduce use of VIPs and Whole Server Migration

Not attractive to have admin servers running alongside managed servers ◦ E.g. see ‘Admin Server Separation - Pros and Cons’

http://www.veriton.co.uk/roller/fmw/entry/admin_server_separation_pros_and

Real World: Licences

Licence optimisation is not a consideration for EDG

Licence hard partitioning option (only certain products, e.g. OVM) ◦ If so then BPM, SOA, OSB have

different prices

Real World: Component Workloads

EDG considers product components identical and no discussion of tuning ◦ E.g. OSB vs BPEL vs BPM vs WCP vs WSM

Real World: Shared Storage

Most (all?) Fusion Middleware products require shared storage of some sort ◦ Configuration

(e.g. deployment plans across cluster) ◦ Transactional

(e.g. inbound files, file adapters, JMS, JTA)

Several viable approaches – EDG doesn’t mandate technology – see MAA shared storage white paper

Real World: Security & Management

Networks

Security is tackled it relatively broad scale ◦ HNV disabled then security activated later

EDG gives no consideration to:

◦ management on separate networks ◦ connection filters ◦ domain-wide admin port

Note: Engineered Systems have high performance

private networks (InfiniBand)

Real World: Life Cycle Management

Patching infra, e.g. OSB vs SOA, IDM vs IAM

Infra development/test needs own env

You need automation of some sort ◦ Infrastructure as code

◦ Disposable environments

App development life cycle on production infra only

Real World: Database

Considerations Database is a critical component of most FMW

EDG only discusses single site RAC

Newer DB features (GridLink, App Cont, MT, IMDB…)

RAC extended/stretch

Data Guard… Golden Gate

Storage replication, Delphix, SMU on ZFSSA etc

Real World: Disaster Recovery

DR is typically not a part of EDG

DR strategy can influence topology

Separate documentation exists

A brief history

EDG benefits & what is covered by EDG

What is not covered by EDG - real world

Engineered Systems & state of the art

Engineered Systems

Middleware Focus (not inc Exalytics)

Exalogic

ODA

Recap: Exalogic

Includes built-in ZFS Appliances ◦ shared storage over NFS

InfiniBand networking ◦ between compute nodes (and Exadata if you have that)

◦ different network implementations available (e.g. SDP)

◦ InfiniBand partitions (~VLANs)

Various WebLogic Enhancements

‘Exabus’

Exalogic

SOA

InfiniBand network (IB)

OTD = Oracle Traffic Director (uses IB)

EoIB = Ethernet over IB IPoIB = IP over IB

ZFS Appliance built-in

Exabus

Oracle Database Appliance

Virtualized Platform

Recap: Oracle Database Appliance VP

2 ~ Exalogic specification compute nodes

Direct attached storage connected to the database VMs

Supports EE, RAC One Node & RAC databases

ACFS for shared storage

10GbE interconnect between nodes

39 | 10 39

Multiple envs. on single ODA

Admin Server

Oracle Traffic Director Oracle Traffic Director Node 1/2

OTD Admin Server

https://obox-tr01soa..:7001

Public network, e.g. 10.1.1.0/24

Managed Server WLS_SOA1

Managed Server WLS_SOA2

7001

7002 7001

secure

insecure

7002 7001 7002 7001

7001 7001

80

https://<friendly-vip-name>

8998

via internal network via internal network

8998 8998

https://obox01-otd..:8998

443

ODA Base 1 ODA Base 2

https://obox01

only

443

O-box Manager

443

ODA internal 10GbE network 192.168.16.0/24

State of the art

Active-active middleware ◦ Driven by licensing & falling cost of metro+ scale dedicated

fibre

◦ See MAA SOA & WebCenter papers

◦ Work in progress

Continuous Availability & ‘Zero Downtime Patching’

Summary

Summary

EDGs give us good starting designs ◦ no-one implements EDG 100%

◦ EDGs are single site only (don’t cover DR or active-active sites)

Automate them into standard patterns ◦ across all environments (D)TAP

◦ across different FMW product families

Further Information

Oracle Docs ◦ FMW 12c/11g EDG – see main book list http://docs.oracle.com ◦ MAA middleware

http://www.oracle.com/technetwork/database/features/availability/fusion-middleware-maa-155387.html

◦ Exalogic EECS (e.g. SOA EDG) http://docs.oracle.com/cd/E18476_01/index.htm

◦ MAA Exalogic http://www.oracle.com/technetwork/database/features/availability/exalogic-maa-1529215.html

OTech Magazine

Enterprise Deployment of Oracle Fusion Middleware Products

http://otechmag.com

◦ Part 1 – Winter 2014 (2013 really)

◦ Part 2 – Spring 2014

◦ Part 3 (to come) – Winter 2014

Recommended Blogs

Oracle A-Team Chronicles (blog) http://www.ateam-oracle.com/

Oracle Fusion Middleware Security Blog http://fusionsecurity.blogspot.se/

Mark Nelson’s blog https://redstack.wordpress.com/

Questions?

@simon_haslam

http://simonhaslam.co.uk

@oraclemva

http://oraclemva.wordpress.com