Clustered server environment prerequisite tasks

A clustered deployment is typically used in enterprise production environments.

Clusters enable you to scale your IBM® Security Privileged Identity Manager configuration. Clusters enable enterprise applications to be highly available because requests are automatically routed to the running servers in the event of a failure.

If you are reusing existing middleware that was previously deployed, apply the minimum supported fix packs before you install the Privileged Session Recorder Server.

On deployments with WebSphere® Application Server, Version 8.5.0.2, the following criteria must exist:
  • Specify a profile path without spaces in the name. For example: c:\was\ibm\WebSphere\profiles\<servername>
  • Install the WebSphere Application Server Java™ SDK component with the required interim fix, 8.5.0.0-WS-WASJavaSDK-WinX64-IFPM98574.
  • Prepare the Microsoft Visual C++ 2008 Redistributable Package for the IBM HTTP Server and web server plug-ins. For installations on x86 computers, install the x86 version of the Microsoft Visual C++ 2008 Redistributable Package. For installation on x64 computers, install both the x86 and x64 version of the Microsoft Visual C++ 2008 Redistributable Package. Go to the Microsoft website and search for Microsoft Visual C++ 2008 Redistributable Package x86 x64.
  • You must install the WebSphere Customization Toolbox V8.5 to set up the web server plug-ins and the IBM HTTP Server Administrator server.
On deployments with WebSphere Application Server, Version 7.0, the following criteria must exist:
  • Install at least Fix Pack 29 for WebSphere Application Server and the Java SDK.
  • Install the Web 2.0 and Mobile feature pack for WebSphere Application Server 7.0.
For a clustered deployment environment, follow this process:
  1. Create a deployment manager profile before you create the other profiles.

    The deployment manager profile provides centralized management of application servers.

  2. Optional: If your deployment requires security certificates of a specific key size, see Re-creating the root CA for WebSphere Application Server 7.0 on the deployment manager before creating member nodes
  3. Create the following custom profile for each managed node.

    Managed member nodes or a custom profile does not have its own administrative console. It is managed under the deployment manager node. You can use the administrative console to install the ISPIMRecorder application to the cluster that was created with the custom nodes.

  4. Create a cluster and cluster members.
  5. Configure the WebSphere Application Server for a cluster.
  6. Configure the IBM HTTP Server.
Note: If the server is newly installed on a computer that has no previous versions of the server, you can use the default values for the ports. Use a utility like netstat to check whether a port is already in use. Changing the default ports is typically done by an experienced WebSphere Application Server Administrator.

The port numbers and setting used for each profile you create is always recorded in the AboutThisProfile.txt file. The file is stored in <was_home>/profiles/<profile_name>/logs/. This file is helpful when you must determine the correct port number for a stand-alone, custom node or deployment manager profile.

Deployment manager profiles

A deployment manager is a server that manages operations for a logical group, or cell, of other servers. In a network deployment, you use a group of servers to provide workload balancing and failover. The deployment manager is the central location for administering the servers and clusters in the cell.

To create a network deployment environment, the deployment manager profile is the first profile that you create.

Important:
  • Do not provide a common user name like administrator as the WebSphere Application Server Administrator.
  • Choose a user name that is least likely to conflict with your potential enterprise directory users.

Custom profiles

To configure a network deployment environment, create custom nodes and federate them into the deployment manager. Later, you can use the WebSphere Application Server administrative console to install the Privileged Session Recorder application on the various member nodes.

Unlike a stand-alone profile, a custom profile is an empty node that does not contain the default server that the stand-alone profile includes. After the custom profile is federated to the deployment manager, the node becomes a managed node.

A managed node, which contains a node agent, is managed by a deployment manager.

  1. Creating a deployment manager profile (Profile Management Tool)
    Create a deployment manager profile to manage all other IBM WebSphere Application Server processes running in the cell, including node agents and application server processes.
  2. Creating a custom profile (Profile Management Tool)
    Create a custom profile that contains the node agent process and the managed server process that is part of the cluster.
  3. Creating a cluster and cluster members
    Create a cluster definition and add members to the cluster.
  4. Configuring WebSphere Application Server for a cluster
    Define the cluster and apply required security settings for WebSphere Application Server before you install the cluster.
  5. Configuring the heap size for the application server
    You can increase the minimum and maximum Java Virtual Machine (JVM) heap size limit in WebSphere Application Server. Increasing heap size improves startup, helps prevent out of memory errors, and reduces disk swapping.
  6. Optional: Creating a Windows service for the node agent
    In a network deployment configuration, you can create the node agent as a Windows service to make WebSphere Application Server nodes easier to start and manage.
  7. Configuring the IBM HTTP Server plug-in (network deployment)
    Deploy the IBM HTTP Server plug-in and configure connection requests to forward connections over Secure Sockets Layer (SSL) to the WebSphere Application Server.
  8. Enabling SSL directives on the IBM HTTP Server
    You must enable the Secure Sockets Layer (SSL) directives to encrypt traffic to and from the IBM HTTP Server.
Parent topic: Installation prerequisites for the Privileged Session Recorder Server