Thanks for the advices! Fortunately I am not using Portal.
LSC
On 2/21/06, Jurijs Velikanovs <j.velikanovs_at_gmail.com> wrote:
>
> >> So basically I need to open 6200 (OPMN), 7100 (DCM Discovery Port),
> 389, 838.
> A.
> Recently discovered during a Portal implementation in a DMZ zone.
> If case You are using Oracle Portal (web cache) in addition to the
> ports listened above you need to allow connections to the "Web Cache
> Invalidation" port (9401 default).
>
> B.
> If you put OID to LAN and SSO located in DMZ consider to decrease a
> tcp_keepalive_time parameter on the SSO host.
> Ref: bug 4094028 (metalink)
>
> Hope it will help somebody.
> J.
>
> On 2/6/06, Li-Shan Cheng <exriscer_at_gmail.com> wrote:
> > With cheap Blades its quite easy to sell these "Enterprise Deployments"
> :-P
> >
> > The set up basically is:
> >
> > 2 nodes, Metadata Repository -> Cold Failover Cluster (Serviceguard)
> > 2 nodes, OID -> Active-Active (new in 10gR2)
> > 2 nodes, SSO -> Active-Active (new in 10gR2)
> > 4 nodes, Internet Middle Tier
> > 4 nodes Intranet Middle Tier
> >
> > I talk to someone who performed a similar 10gR1 installation (15 nodes)
> in
> > the summer. I asked him to show me ons.conf of a Middle Tier Server, I
> > actually saw a line with 14 server names! That is, the server itself
> talks,
> > using OPMN, to all servers in the same Farm, which means that port 6200
> must
> > be opened no matter Middle Tier or Infrastructure.
> >
> > DCM is not that clear noone knows why why the port needs to be opened.
> >
> > Middle Tier servers communicate between them directly, I believe OPMN is
> > used to replicate OC4J session states across servers in same Cluster in
> case
> > to perform a process failover.
> >
> > So basically I need to open 6200 (OPMN), 7100 (DCM Discovery Port), 389,
> > 838.
> >
> > BUT.... I will try to convince the network guy to open all ports at the
> > Firewall just for installation.
> >
> >
> > LSC
> >
> >
> >
> >
> > On 2/6/06, Jurijs Velikanovs <j.velikanovs_at_gmail.com> wrote:
> > > Summary:
> > > You need to open 6200, 389, 636, DB Port from DMZ to Local Network. I
> > > think Infrastructure Instance doesn't make any connection to "Middle
> > > Tier Servers".
> > >
> > > > I am performing a 14 node Oracle Application Server 10gR2
> installation.
> > > I never have done a 14 nodes installation (3 AS connected Instances
> > > max) :) But hope my knowledge on the subject will help you :)
> > > Information below is based on experience and can be not 100% correct.
> > > I would be glad I you let me point me on any mistakes I have made
> > > describing things. Anyway lets try to describe how AS management works
> > > ...
> > >
> > > All AS services (components) located on a local host (Apache, OC4J
> > > Instances, DCM daemon) are managed by local OPMN process. Straight
> > > after startup any OPMN managed component establishes a connection to
> > > local OPMN port (6101 by default, but check you opmn.xml or AS Control
> > > in order to find OPMN Local port number for particular AS instance).
> > > All local management commands and messages go through OPMN local port
> > > only.
> > >
> > > If you are using AS installation with Infrastructure instance then and
> > > only then (I am not taking about OC4J clusters in this context) other
> > > AS instances can communicate messages (including DCM messages) to each
> > > other.
> > > In order to do that each AS Instance straight after a local OPMN
> > > service startup establishes a connection from a local host to the
> > > Infrastructure instance OPMN process using II OPMN Remote port (6200
> > > by default).
> > >
> > > "Middle Tier Servers" or I would say AS Instances doesn't communicate
> > > to each other in a direct way. The Infrastructure OPMN process is used
> > > for that purpose.
> > >
> > > BTW: Infrastructure instance doesn't include SSO. SSO Instances
> > > treated by Oracle as a regular instance ("Middle Tier Servers"). A SSO
> > > Instance have no a special dedicated communication channel. An
> > > Infrastructure Instance consist of OID and OPMN processes only.
> > >
> > > >> For example, does Middle Tier Servers communicate with
> > > >> OID and SSO Servers using ONS and DCM? And opposite?
> > > Middle Tier Servers communicate with the host there Infrastructure
> > > Instance installed using II OPMN Remote Port (6200), OID ports (389,
> > > 636), some components (as Portal) use direct connection to a
> > > repository database (not necessary the same database as infrastructure
> > > database, but by default is) using DB listener port as well.
> > >
> > > Summary:
> > > You need to open 6200, 389, 636, DB Port from DMZ to Local Network. I
> > > think Infrastructure Instance doesn't make any connection to "Middle
> > > Tier Servers".
> > >
> > > Bit more about AS you can find in my presentation.
> > >
> >
> http://www.alise.lv/ALISE/technolog.nsf/0/e40122e5a600ecb4c2256fd90050d122?OpenDocument
> > >
> > > Cheers,
> > > Jurijs
> > >
> > >
> > > On 2/3/06, Li-Shan Cheng <exriscer_at_gmail.com> wrote:
> > > > Hi
> > > >
> > > > I am performing a 14 node Oracle Application Server 10gR2
> installation.
> > I
> > > > have this setup
> > > >
> > > >
> > > > 2 nodes -> Metadata Repository DB: DMZ 1
> > > > 2 nodes -> OID: DMZ 1
> > > > 2 nodes -> SSO: DMZ 2
> > > > 4 nodes -> MIDDLE TIER for Intranet Accesses: DMZ 2
> > > > 4 nodes -> MIDDLE TIER for Internet Accesses: DMZ 3
> > > >
> > > > Alteon Load Balancers are used for OID, SSO and Middle Tiers
> > > >
> > > > Since I have 3 DMZs I have problems with ports settings in the
> firewall.
> > I
> > > > am clear about how to setup LBR ports however I am not sure how to
> setup
> > ONS
> > > > and DCM ports between OracleAS Servers.
> > > >
> > > > For example, does Middle Tier Servers communicate with OID and SSO
> > Servers
> > > > using ONS and DCM? And opposite?
> > > >
> > > > Cheers
> > > >
> > > >
> > > > LSC
> > > >
> > >
> > >
> > > --
> > > Jurijs
> > > +44 7738 013090 (GMT)
> > > ============================================
> > > http://otn.oracle.com/ocm/jvelikanovs.html
> > >
> >
> >
>
>
> --
> Jurijs
> +44 7738 013090 (GMT)
> ============================================
> http://otn.oracle.com/ocm/jvelikanovs.html
>
--
http://www.freelists.org/webpage/oracle-l
Received on Tue Feb 21 2006 - 06:24:37 CST
