View
1.294
Download
3
Category
Preview:
Citation preview
Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential
ORACLE TRAFFIC DIRECTOR a vital part of your Oracle infrastructure
Simon Haslam eProseed UK
Jacco Landlust ING
2
© 2016, eProseed 3
Simon Haslam Technical Director &
Partner @ eProseed UK
Jacco Landlust Senior Managing Consultant @ ING
Dad, spouse, adventurer, procrastinator, Oracle ACE and general tech-head. Lives in Dalen, The Netherlands
Oracle infrastructure specialist ACE Director Founder of Veriton & Lives in Sherborne, Dorset, UK
© 2016, eProseed
AGENDA
Load Balancing – what is it good for?!
What is OTD? What’s new in OTD 12c
OTD specifics for WLS, SOA Suite, EM
OTD specifics for Exalogic & ODA
Summary
4
1
2
3
4
5
Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential
LOAD BALANCING What is it good for?!
6
Photo credit: Christian Holmér
© 2016, eProseed
WHY DO WE NEED LOAD BALANCERS?
• To distribute processing across nodes in a cluster
a) to allow for horizontal scaling
b) to handle failure
7
Load balancing algorithms
Health monitoring
Bonus feature! Good place for
SSL termination
• To distribute processing across sites
– Geographic Load Balancing
– Same principles except that client characteristics likely to be more significant
– Implemented using special DNS handling
– Not covered in this presentation
© 2016, eProseed
TYPICAL N-TIER ARCHITECTURE
8
Web Server
Web Server
App Server
App Server
Load balancer
Wouldn’t it be simpler if load balancer & web server were the same thing?
Database Server
Database Server
Firewall, IPS, IDS
App tier
DMZ
Data tier
Internet
© 2016, eProseed
HARDWARE LOAD BALANCERS
9
Application Delivery Controllers
Custom hardware High performance
Modular Robust
Appliance
NetScaler MPX
BIG-IP
© 2016, eProseed
LATEST BREED OF SOFTWARE LOAD BALANCERS
• BIG-IP VE
• NetScaler-VPX
• Oracle Traffic Director
• & others…
10
Exploit very fast processors Flexible, sold on bandwidth Smaller units owned by app
Scalable ‘cloud friendly’
+ Hybrid Hardware appliance
but virtualised (e.g. NetScaler SDX)
© 2016, eProseed
WHY NOT JUST USE ORACLE HTTP SERVER (OHS)?
OHS (web tier) licence is cheap so why not just use that?
• No built-in failover – either need:
– a load balancing layer in front of OHS, or,
– to use virtualization layer migration for OHS itself (slow)
– a home-grown solution
• OHS can’t do application-level health monitoring – it relies on WLS instance failure detection (not so good for complex products like SOA Suite)
• Arguably OTD is more secure
– OHS = Apache → big target
– Far fewer security patches for OTD
• OTD 12c config is more efficient than OHS
11
Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential
ORACLE TRAFFIC DIRECTOR
13
© 2016, eProseed
BASIC EXAMPLE
14
Oracle Traffic Director listens on a VIP and routes requests to 2 back-end web servers
© 2016, eProseed
OTD TERMINOLOGY
• Configuration: the full collection of config details for one or more services, typically for an environment
• OTD Instance: the engines that handle the traffic
• Origin Server: the back-end server(s) providing the underlying service
• Listener: the definition of a single service (type, port, etc)
• Virtual Server: the front-end service presented to uses that gets routed, via a Listener, through to an Origin Server Pool
• Admin Server: the management unit that co-ordinates config & monitors system
• Failover Group: active-passive pair of Instances grouped together
• 11g: Admin Server + Admin Nodes
• 12c: Admin Server + OTD Instances
15
© 2016, eProseed
THE EDG DILEMMA
• Disconnect between:
– load balancing at network level (to cope with webserver failure), and,
– load balancing at webserver level (to cope with managed server failure)
• Do we really want two layers of load balancing in the same site?
19
© 2016, eProseed
WHAT’S NEW IN TRAFFIC DIRECTOR 12c?
20
© 2016, eProseed 21
11g
© 2016, eProseed 22
12c
© 2016, eProseed
KEY NEW FEATURES
• WebLogic Management Framework
– Managed like WebLogic managed servers and OHS 12c
– WLST available for provisioning
– Standalone Management Console has gone (now UI in EM FMWC if co-located, otherwise no UI)
• Multi-tenancy
– OTD is MT-aware and can handle traffic for specific WLS partitions
• Queueing, Request Throttling & Prioritisation
• Health check can use external executable
• Origin server pool maintenance (11.1.1.9+)
23
© 2016, eProseed
PRE-REQS
For management UI you need to configure OTD into a co-located WLS domain, either:
1. (Full) FMW Infrastructure
– also need Database with RCU schemas
– (OTD doesn’t use DB so probably only need min schema for Infra, e.g. OPSS etc)
2. FMW Infra with Restricted JRF
– “This is the recommended mode of creating an OTD domain” says Oracle doc
– No database required (note: this is a 12.2.1+ feature for FMW Infra )
24
© 2016, eProseed
WATCH OUT FOR…
• Oracle Traffic Director instances cannot be created using the Configuration Wizard
– you must use either FMWC or WLST
• Standalone domain limitations
– You can use the WLST in a standalone domain, but not all offline WLST commands are available
– No management capabilities available (including FMWC and WLST custom commands)
25
© 2016, eProseed
DIRECTORIES
• Oracle Home – $ORACLE_HOME/otd
• Instance – $ASERVER_HOME/config/fmwconfig/components/OTD/ <config>/config
– $MSERVER_HOME/config/fmwconfig/components/OTD/ otd_<instance-name>/config
• Note: OTD 12c works exactly like OHS (12.12+) except:
– OTD instead of OHS (obviously!) in path – in both cases the config is sync’d by Node Manager
– You can’t currently (12.2.1) create OTD instances from Config Wizard (even though it looks like you can!)
26
© 2016, eProseed
WATCH OUT FOR…
• There are quite a few subtleties with OTD 12c configuration. Consider:
– Domain specific or platform wide resource
– Patching
– UI or manual
• OTD 12.2.1 – see Release Notes “2.2 Configuration update fails after starting failover”
– Permissions issue when otd_startFailover has run
– Instead use WLST script for failover as described in note
27
© 2016, eProseed
TRAFFIC DIRECTOR LICENSING
• Exalogic (physical & virtual)
• Oracle WebLogic Suite + Multi-tenancy or Continuous Availability option
• Oracle Access Management Suite Plus and Oracle Enterprise Sign-On Suite Plus
– Restricted to load balancing OAM components inc. using OAM WebGate
• Enterprise Single Sign-On Suite Plus
– Restricted to load balancing ESSO components inc. using OAM WebGate
• SPARC Super Cluster
• Oracle Database Appliance
– With WebLogic licence
– Restricted to services within the ODA
28
New! 12.2.1
For Guidance Only Please check latest details with your
account manager or Oracle Partner
Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential
OTD SPECIFICS FOR WLS, SOA, EM
29
Photo credit: Imm808
© 2016, eProseed
WEBLOGIC SPECIFIC
• (as with OHS) OTD uses HTTP headers on existing connection to WebLogic servers to:
– Detect failure of managed server
– Add new origin servers
• Health monitor times also monitor successful requests
– a bit like time to trust idle connection for data sources
30
© 2016, eProseed
SOA SPECIFIC
• Health monitors need to check the SOA fabric status, not just port
– /soa-infra/ – HTTP 401 status code
– /soa-infra/services/isSoaServerReady – HTTP 200 status code
– Less important with lazy loading of composites in SOA 12c
31
© 2016, eProseed
ENTERPRISE MANAGER CLOUD CONTROL SPECIFICS
• This example still keeps OHS running as part of “OMS unit”
• You need:
– 1 virtual server: forwards to the OHS pool without context or anything - just a default route to the ohs-pool
– 1 TCP proxy: for the upload port (e.g. port 4900)
• Note: if you do not have a real certificate on OMS but are stuck with demo ones, you have to disable "validate server certificate" at the general settings tab of the default route (this is not the certificate on the VIP, it is traffic between OTD and OMS)
33
Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential
OTD ON ENGINEERED SYSTEMS Exalogic & Database Appliance (SSC later)
34
© 2016, eProseed
EXALOGIC SOA EDG
35
© 2016, eProseed
OTD ON EXALOGIC
• See “Tuning Oracle Traffic Director for Oracle Fusion Middleware, Business Applications”
– http://www.oracle.com/technetwork/middleware/otd/learnmore/otd-exalogic-tuning-whitepaper-2196721.pdf
• Key points:
– Exalogic network (IPoIB and EoIB alike) do not support multicast. This means that you cannot cluster OTD without the undocumented -unicast flag for (11g) tadm create-failover-group http://docs.oracle.com/cd/E23389_01/doc.11116/e21037/create-failover-group.htm
– Usage of TCP (instead of SDP) is a best practice for certain versions of virtualised Exalogic - see note 1932308.1. This has to do with a memory leak with SDP on OVM but has been fixed in a very recent kernel patch on Exalogic (Oct 15 PSU).
•
36
© 2016, eProseed 37
DOG’S BREAKFAST
htt
ps:
//h
emm
ingf
ord
do
gblo
g.w
ord
pre
ss.c
om
/20
12/1
0/1
5/i
t-se
em
s-th
at-b
reak
fast
-rea
lly-i
s-th
e-m
ost
-im
po
rtan
t-m
eal-
of-
the-
day
/
© 2016, eProseed
ODA
• There is a WLS ODA OTD template
– Fully configured single VIP with failure group
– Only 11.1.1.7 and no longer being maintained
– ODA X5-2, 12.1.2+
• License VMs with WebLogic to use OTD (for services within ODA)
• Same as on Exalogic on ODA – use the OTD white paper mentioned for Exalogic
39
Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential
SUMMARY
40
Photo credit: Steve-h
© 2016, eProseed
SUMMARY
• New licensing options (e.g. conventional hardware) mean Traffic Director is more widely available now
• OTD is a mature and stable product, well integrated into Oracle stack
• OTD is better suited to high performance pure Oracle infrastructures than OHS
• Big change in management in OTD 12c but now much more consistent with FMW admin
41
Recommended