Deploying an external runtime database

Edit online

A Verify Identity Access containerized environment with Advanced Access Control or Federation enabled must deploy an external runtime database. You can configure the environment to connect to Db2®, PostgreSQL, Microsoft® SQL server, or Oracle database on an external server.

About this task

Note: If Oracle is set as the external runtime database and either the local management interface or runtime server trace specification includes Oracle trace points (for example, oracle.*) the underlying Oracle JDBC JAR file is changed to a debugging JAR file. The debugging JAR file might adversely affect performance. Enable Oracle tracing only for debugging purposes and disable it after the debugging is complete.
Warning: Enabling trace for Oracle components “oracle.*” might result in the Oracle database administrator password being logged in clear text.

The configuration container provides scripts to deploy the runtime database on an external Db2, PostgreSQL, Microsoft® SQL server, or Oracle server. You can then configure the environment to use the external database.

Procedure

  1. Use the File Downloads management page in the local management interface to access the runtime database deployment files for your environment.
    Table 1. Runtime database deployment scripts
    Database type Deployment scripts
    Db2 /common/database/db2/runtime/isam_access_control_db2.sql
    PostgreSQL /common/database/postgresql/runtime/isam_access_control_postgresql.sql
    Oracle /common/database/oracle/runtime/isam_access_control_oracle.sql
    Microsoft® SQL server /common/database/mssql/runtime/isam_access_control_mssql.sql
  2. Save the deployment script on the database server.
  3. Run the Db2, PostgreSQL, Microsoft® SQL server, or Oracle script to create the external database.
    PostgreSQL script

    Run the following command:

    psql --echo-all --variable ON_ERROR_STOP=1 --file <sql file name> 
--username <username> --host <host> --port <port> <database name>
    Oracle script
    1. Copy the downloaded isam_access_control_oracle.sql file into the Oracle home directory. For example, ORACLE_HOME=/opt/oracle/app/oracle/product/11.2.0/dbhome_1 
    2. Log in to SQL*Plus.
    3. At the SQL prompt, run START isam_access_control_oracle.sql.
    Db2 script
    1. Create a Db2 instance to contain the runtime database. For information about creating the Db2 instance, see the Db2 documentation.
    2. Open the isam_access_control_db2.sql file in an editor on the Db2 server.
    3. Replace the following macros with the values specific to your environment:
      &DBINSTANCE
      The name of the Db2 instance.
      &DBUSER
      The name of the Db2 administrator.
      &DBPASSWORD
      The password for the Db2 administrator.
    4. Save the changes.
    5. Log in to the Db2 Command utility (Windows™) or Db2 host (UNIX™) as the Db2 administrator.
    6. Run the following command: 
      db2 -tsvf <fully_qualified_path_to_script>

      The following example shows the fully qualified path to the script:

      db2 -tsvf /tmp/isam_access_control_db2.sql
    Microsoft® SQL server script

    Run the following command:

    sqlcmd -i <sql file name> -U <username> -P <password> -S <host> -d <database name>
  4. Validate that the tables were created.
  5. Ensure that no errors were returned during the creation and log in to the database to manually check that the tables exist.
  6. From the top menu of the local management interface, select System > Database Configuration to open the Database Configuration management page.
  7. Select the Runtime Database tab.
  8. Enter the following JDBC connection information:
    Type
    The database type, which can be DB2, PostgreSQL, MSSQL, or Oracle.
    Address
    The IP address of the external database server.
    Port
    The port on which the external database server is listening.
    Username
    The name of the database administrator.
    Password
    The password for the database administrator.

    Db2 also requires the following information:

    Secure
    Select this checkbox to create a secure connection with the server.
    Note: Before a secure connection can be established, you must first import the certificate that the environment uses to communicate with the server into the lmi_trust_store and rt_profile_keys key files. Use the SSL Certificates page to import the appropriate certificate.
    Database name

    The name of the database instance on the external Db2 server.

    Complete the following steps to identify and specify the Db2 database name that you are configuring.

    1. Open the isam_access_control_db2.sql file that was used to create the database and tables.
    2. In the CREATE DATABASE entry, get the name that is specified. In the following entry, HVDB is the string that identifies the default database name:
      CREATE DATABASE HVDB ALIAS HVDB using codeset UTF-8 territory us 
PAGESIZE 32768 WITH "HVDB Tables";
      Note: PAGESIZE 32768 is an example. Adjust according to your requirements.

    PostgreSQL also requires the following information:

    Secure
    Select this checkbox to create a secure connection with the server.
    Note: Before a secure connection can be established, you must first import the certificate that the environment uses to communicate with the server into the lmi_trust_store and rt_profile_keys key files. Use the SSL Certificates page to import the appropriate certificate.
    Database name
    The name of the database instance on the external PostgreSQL server.

    Oracle also requires the following information:

    Secure
    Select this checkbox to create a secure connection with the server.
    Note: Before a secure connection can be established, you must first import the certificate that the environment uses to communicate with the server into the lmi_trust_store and rt_profile_keys key files. Use the SSL Certificates page to import the appropriate certificate.
    Certificate Store
    Choose the keystore that contains the certificate that is used to communicate with the server.
    Service name
    Specify the name of the Oracle instance on the external server. Contact your Oracle database administrator for this information.

    MSSQL also requires the following information:

    Secure
    Select this check box to create a secure connection with the server.
    Note: Before a secure connection can be established, you must first import the certificate that the appliance uses to communicate with the server into the lmi_trust_store and rt_profile_keys key files. Use the SSL Certificates page to import the appropriate certificate.
    Database name

    The name of the database to connect to.

    Instance name

    The database instance name to connect to. When it isn't specified, a connection is made to the default instance.

    Trust the server certificate
    Select this check box if the server TLS/SSL certificate should not be validated.
  9. Click Save.
  10. Deploy the changes.

Results

The environment is configured to use the runtime database that is deployed on the external system.

General Information

HVDB data is language agnostic. Character support might not be an issue with regards to the installation that is chosen.

Oracle DB_BLOCK_SIZE or PAGE_SIZE can vary based on deployments but it is suggested to have at least 16384.

The suggested character set is ALUTF8.

User permissions for the database must have read/write access and the ability to run the commands in the SQL script.

Oracle:
dbca -createDatabase -templateName sampletemplate.dbc -gdbname hvdb -sid hvdb -responseFile NO_VALUE -
characterSet AL32UTF8 -memoryPercentage 20 -emConfiguration LOCAL -dbsnmpPassword mypassword -sysPassword 
mypassword -systemPassword mypassword -silent
Db2:
CREATE DATABASE HVDB ALIAS HVDB using codeset UTF-8 territory us 
PAGESIZE 32768 WITH "HVDB Tables";

What to do next