STEPS:
--------
1)Configured two Weblogic domains servers with SSL(Refer to
Weblogic HTTPS implementation in my old blog)
2)Make two weblogic domains as https:\\servername:80 to get
the PS login page
This can be done by creating a soft link to redirect
Weblogic admin console page from weblogic to signin.html page.So, when the
servername with port is called it gives the PS login page instead of console
page
3)Now the F5 device has to be configured with pool with load
balanced server name and listening port Eg.,https:\\servername1:80 and
https:\\servername2:80.
4)We have to NFS mount a common share such as /reports
between Web Domain hosting servername1 and servername2.Configure two web
servers with same report repository path as /reports - This is needed because
when User hits F5 he will be redirected to any one of the servername 1 or
servername2.Lets say he connected to servername1 from F5 and runs report it
gets posted to the /reports NFS mount and it available and readable from both
servername1 and servername2.Now after some time he login and if he landed on
server2 he will still see the report from report repository as /report is a NFS
from available from both load balanced servers through F5.
5)Set the Report Node as ABC.xinc.com with port 80 and mode
as HTTPS>make sure the F5 load balancer time out value more than the PS
timeout otherwise you will see session bounce between different web server.
6)If you are using REN and need SLL configure refer the old
blog with REN SSL implementation.Baically We need to Import SSL in to Database
to make the REN SSL work.
7)Now yo have two option of choosing session stickiness on
the F5 for the connection established session.
a)Server Ip - Session will lose connection when one of the
weblogic is down and we have to relogin and reconnect to connect to second
active webserver throuch F5.But the instance will be up and running for new session,
it is only issue with connected session.
b)Cookies enable - PS
Authenticated cookie will be caught on the browser and it will reconnect to
active web domain without re - connection .To do this follow below
*********************************************************************************
HOW TO SET PEOPLESOFT COOKIES ENABLED FOR F5 LOAD BALANCE WITH COOKIES
ENABLED STICKY SESSION
---> For customers that use a load balancer, Oracle
recommends using a cookie (session) based load balancer and sticky bits
enabled. Please consider using cookie
insertion and ensure that load balancer's cookie is configured to be in the
same domain as PeopleSoft's authentication domain. Contact your load balancer
vendor on how to use the load balancer's cookie insertion. IP based load balancing is not recommended
and IP based load balancing is known to cause session stickiness problems. Here is one example where IP based load
balancing will cause problems: Note 949387.1
DNS Round Robin is not recommended and customer should use
cookie based load balancing.
For more information on cookie based load balancing and
sticky bits, please follow up with your load balancer vendor.
Vendor URL's for Setting up their Load Balancers with the
PeopleSoft Application:
Deploying F5 With PeopleSoft Enterprise Applications
Note: The F5 document referenced recommends "content
compression" enabled on the F5, however this can prevent output docs from
being opened from the Process Monitor or Report Manager. Disabling F5's
"content compression" can resolve the issue of not being able to view
reports.
Cisco Application
Networking for PeopleSoft Enterprise Deployment Guide
Questions on the above documents need to be directed to the
third party vendor that created these instructions.
---> Ensure all your webservers have the same cookie name
in each weblogic.xml file. This file can
be found in the following directory:
In this example, there's two webservers behind the load
balancer. Therefore, verify that your cookie names are the same:
weblogic.xml (webserver 1):
weblogic.xml (webserver 2):
Save both weblogic.xml files.
Note: If you're
running Enterprise Portal and have content providers, please ensure that all
Enterprise Portal webserver cookie name are all exactly the same. The content
provider's webserver cookie names should have their own set of cookie names.
Therefore, both Portal and content should not have the exact same cookie name.
Suppose Enterprise Portal had 4 webservers and HR had 4 webservers. All 4
Enterprise Portal cookie names could be eportal-7011-PORTAL-PSJSESSIONID, but
all 4 HR cookie names could be hrms-7011-PORTAL-PSJSESSIONID. In addition, node URI should point to the
load balancer URL, not individual webservers directly.
---> In weblogic.xml, ensure CookieDomain is set in all
weblogic.xml. This value is automatically set when entering the authentication
domain during the PIA install. If the authentication domain isn't set during
PIA install, please reinstall PIA and set authentication domain. Please see Note 885452.1 for more information
on setting/changing cookiedomain.
---> In PIA, navigate to "PeopleTools -> Web
Profile -> Web Profile Configurations". Search for your Web Profile.
Click on
Virtual Address and populate your default addressing. For
example, suppose your end users access your load balancer with the following
URL:@ http://mycompany.com/ps/signon.html You would need to set the following:
Default addressing Protocol: HTTP
Default addressing Name: mycompany.com
Default addressing Port: 80
* The above is an example. You'll need to populate with your
load balancer info.
It is required that the load balancer and PeopleSoft
WebLogic web servers are in the same domain.
---> Please ensure PIA "Inactivity Logout" in
seconds matches HTTP timeout in minutes.
a) In PIA, navigate to "PeopleTools -> Web Profile
-> Web Profile Configurations". Search for webprofile. Click on
"Security" tab. PIA timeout is "Inactivity Logout" in
seconds. Suppose "Inactivity Logout" = 1200 seconds.
b) In WebLogic, open web.xml file. This file can be found in the following
directory:
WebLogic HTTP timeout appears in minutes:
In this example, ensure WebLogic HTTP timeout is 20 minutes
to match "Inactivity Logout" (1200 seconds).
The Load Balancer's timeout should be higher than the PIA
"Inactivity Logout" timeout and webserver HTTP timeout. Please
consult with load balancer vendor to find out where to set load balancer
timeout.
---> After updating weblogic.xml, web.xml and webprofile,
you must bounce your webservers.
For Radware load balancers the setting "Sessions
Mode" has several options. Set to "Regular" which tells the load
balancer to keep users sessions on the web server that they logged on to
initially to maintain session persistence.
If you have completed
all these steps and still experience intermittent problems, it's likely that
your load balancer is not maintaining session stickiness. Please review the document below for additional troubleshooting.
E-PIA: How To Identify Session Stickiness Problem On Load
Balancer? (Doc ID 1307344.1)
*********************************************************************************
1 comment:
This is same setup for CISCO load balancer also.
Post a Comment