Deploying an external configuration database

Edit online

To optimize performance or increase storage capacity for the environment, you can deploy an external configuration database. You can configure the environment to connect to Db2®, PostgreSQL, Microsoft® SQL server, or Oracle database on an external server.

About this task

A Verify Identity Access environment with Advanced Access Control or Federation includes an internal database to store configuration data.

The configuration container provides scripts to deploy the configuration database on an external Db2, PostgreSQL, Microsoft® SQL server, or Oracle server. You can then configure the environment to use the external database.

The Oracle Compatibility mode in Db2 must be turned off when you are using an external Db2 Configuration Database or HVDB with IBM® Verify Identity Access.

Note: IBM Verify Identity Access uses the configured username as the schema name to connect to the database. Therefore, aliases might need to be created in Db2 if the username does not match the schema name in the database.

Procedure

  1. Use the File Downloads management page in the local management interface to access the configuration database deployment files for your environment.
    Table 1. Configuration database deployment scripts
    Database type Deployment scripts
    Db2 /common/database/db2/config/cluster_config_db2.sql
    PostgreSQL /common/database/postgresql/config/cluster_config_postgresql.sql
    Oracle /common/database/oracle/config/cluster_config_oracle.sql
    Microsoft® SQL server /common/database/mssql/config/cluster_config_mssql.sql
  2. Save the deployment script on the database server.
  3. Run the Db2, PostgreSQL, Microsoft® SQL server, or Oracle script to create the external database.
    PostgreSQL script

    Run the following command:

    psql --echo-all --variable ON_ERROR_STOP=1 --file <sql file name> 
--username <username> --host <host> --port <port> <database name>
    Oracle script
    1. Copy the downloaded cluster_config_oracle.sql file into the Oracle home directory. For example, ORACLE_HOME=/opt/oracle/app/oracle/product/11.2.0/dbhome_1 
    2. Log in to SQL*Plus.
    3. At the SQL prompt, run START cluster_config_oracle.sql.
    Db2 script
    1. Create a Db2 instance to contain the configuration database. For more information about creating the Db2 instance, see the Db2 documentation.
    2. Log in to the Db2 Command utility (Windows™) or Db2 host (UNIX™) as the Db2 administrator.
    3. Run the following command: 
      db2 -tsvf <fully_qualified_path_to_script>

      The following example shows the fully qualified path to the script:

      db2 -tsvf /tmp/cluster_config_db2.sql
    Microsoft® SQL server script

    Run the following command:

    sqlcmd -i <sql file name> -U <username> -P <password> -S <host> -d <database name>
  4. Validate that the tables were successfully created.
  5. Ensure that no errors were returned during the creation and log in to the database to manually check that the tables exist.
  6. Populate the database with initial configuration data. Use the File Downloads management page in the local management interface to access the configuration database initial data files for your environment.
    Table 2. Configuration database data files
    Database type Deployment scripts
    Db2 /common/database/db2/config/configdb_db2.zip
    PostgreSQL /common/database/postgresql/config/configdb_postgresql.zip
    Oracle /common/database/oracle/config/configdb_oracle.zip
    Microsoft® SQL server /common/database/mssql/config/configdb_mssql.zip
    Note: Each of the compressed files contains a README.txt file that describes the process to populate the database.
  7. From the top menu of the local management interface, select System > Database Configuration to open the Database Configuration management page.
  8. Select the Configuration Database tab.
  9. Enter the following JDBC connection information:
    Type
    The database type, which is either DB2, PostgreSQL, Microsoft® SQL server, or Oracle.
    Address
    The IP address of the external database server.
    Port
    The port on which the external database server is listening.
    Username
    The name of the database administrator.
    Password
    The password for the database administrator.

    Db2 also requires the following information:

    Secure
    Select this checkbox to create a secure connection with the server.
    Note: Before a secure connection can be established, you must first import the certificate that the environment uses to communicate with the server into the lmi_trust_store and rt_profile_keys key files. Use the SSL Certificates page to import the appropriate certificate.
    Database name

    The name of the database instance on the external Db2 server.

    Complete the following steps to identify and specify the Db2 database name when your Db2 database is remote to the cluster that you are configuring.
    1. Open the cluster_config_db2.sql file that was used to create the database and tables.
    2. In the CREATE DATABASE entry, get the name that is specified. In the following entry, CONFIG is the string that identifies the default database name:
      CREATE DATABASE CONFIG ALIAS CONFIG using codeset UTF-8 territory us
 PAGESIZE 32768 WITH "CONFIG Tables";
      Note: PAGESIZE 32768 is an example. Adjust according to your requirements.

    PostgreSQL also requires the following information:

    Secure
    Select this checkbox to create a secure connection with the server.
    Note: Before a secure connection can be established, you must first import the certificate that the environment uses to communicate with the server into the lmi_trust_store and rt_profile_keys key files. Use the SSL Certificates page to import the appropriate certificate.
    Database name
    The name of the database instance on the external PostgreSQL server.

    Oracle also requires the following information:

    Secure
    Select this checkbox to create a secure connection with the server.
    Note: Before a secure connection can be established, you must first import the certificate that the environment uses to communicate with the server into the lmi_trust_store. A keystore that contains the public keys also needs to be created. Use the SSL Certificates page to create this keystore and to import the appropriate certificate
    Certificate Store
    Choose the keystore that contains the certificate that is used to communicate with the server.
    Service name
    Specify the name of the Oracle instance on the external server. Contact your Oracle database administrator for this information. SID works but might show a warning in the LMI on saving configuration. This warning can be ignored.

    MSSQL also requires the following information:

    Secure
    Select this check box to create a secure connection with the server.
    Note: Before a secure connection can be established, you must first import the certificate that the environment uses to communicate with the server into the lmi_trust_store. A keystore that contains the public keys also needs to be created. Use the SSL Certificates page to create this keystore and to import the appropriate certificate.
    Database name

    The name of the database to connect to.

    Instance name

    The database instance name to connect to. When it isn't specified, a connection is made to the default instance.

    Trust the server certificate
    Select this check box if the server TLS/SSL certificate should not be validated.
  10. Click Save.
  11. Deploy the changes.

Results

The environment is configured to use the configuration database that is deployed on the external system.

What to do next