×

IDMWORKS Blog

CA Identity Manager High Availability & JBoss Clustering


Over the course of the last few years I have seen configurations of CA Identity Manager for High Availability without using Application Server clustering. This is no longer an accepted practice. My understanding is that CA will be publishing an official technical note to debunk the old practice. As such I’d recommend the following

Over the course of the last few years I have seen configurations of  CA Identity Manager for High Availability without using Application Server clusteringThis is no longer an accepted practice. My understanding is that CA will be publishing an official technical note to debunk the old practice.  As such I’d recommend the following:

CA Identity Manager 12.x uses caching for transactions. The utilization of this feature can cause synchronization issues if the application is setup in a high availability mode without application server clustering.

An example I can give is a project I was involved with using JBoss as the CA IdM application server.   As such I will be addressing JBoss clustering in this entry.

JBoss uses a Hypersonic database to manage internal JMS data (JMS Queues).  JBoss uses the JMS queues for tracking tasks and processes within the application.  It is recommended to use a shared MS SQL database for the JMS database.  There are documents available online which explain how to migrate from Hypersonic to MS SQL.  In my example we opted to use the same MS SQL infrastructure used by Identity Manager to house the JMS database. In simplified terms, the steps to accomplish to clustering of IdM on JBoss is as follows:

1. Create a new SQL database (JBOSS_JMS)
2. Create a user/owner for this DB (jbossjms)
3. Migrate JBoss to SQL from the Hypersonic DB
4. Bring all services back up and test to ensure the migration was successful
5. Follow the procedures in the IdM documentation to configure JBoss clustering

Note: It is not recommended to configure both the migration and clustering all at once. It would be much easier to troubleshoot one major change at a time.

As always, questions, comments or concerns?  Feel free to reach out to us at IDMWorks.

Questions, comments or concerns? Feel free to reach out to us below, or email us at IDMWORKS to learn more about how you can protect your organization and customers.

Comments on: “CA Identity Manager High Availability & JBoss Clustering”

  1. Hi Team,

    I am in process for installation of latest CA IDM R12.5 SP7 on JBOSS 5.1.0 GA cluster. We faced a number of issues related to JMS and finally got rid of them by moving JMS store from Hypersonic to MSSQL used by Ca IDM. However the ear file for deployment in in FARM directory of clustered nodes and JBoss on startup doesnt pick up the EAR to deploy. Can you suggest us something here ??

    Thanks
    Akshay

  2. One idea: Check the path in the run_idm.bat and make sure the path is pointing to the farmIdentityMinder.ear

  3. CA IDM JBoss Clustering Question.

    IDM Version – CA IDM r12.6 Sp2
    App Server – Jboss 5.1 GA
    OS – ReHat Linux 6.4

    I had 2 IDM’s(1 & 2) running in a Cluster mode without any issue. As part of the new application on-boarding, I had to add 2 more IDM’s (3 & 4)to the existing cluster. I installed it and configured it succesfully. I am able to start 3 and 4 in standalone mode without any issue.

    When i start all 4 of them in cluster, 2 of them are getting started and 2 of them are failing with the deployment error. I tried the below sequences, either way i am able to start only one set of the servers,

    – if i start, IDM-1 & 2 in clsuter and 3 & 4 fails with deployment error.
    – if i start, IDM-3 & 4 in clsuter and 1 & 2 fails with deployment error.

    My JBoss servers are TCP clustering enabled due to the environment limitations. Below is the command which i use it for starting JBoss servers.

    /opt/jboss/bin/run.sh -c all -Djboss.default.jgroups.stack=tcp -Djgroups.tcpping.initial_hosts=sso-idm1[7600],sso-idm2[7600],sso-idm3[7600],sso-idm4[7600] &

    Do i need to follow any specific sequence to start Jboss servers or is there any diff set of command do i need to follow ?

    Your help is very much appreciated.

Leave a Reply

Your email address will not be published. Required fields are marked *