Configuration

As soon as you have deployed more than one Java server, you have a choice as to where run scheduler, request workflows and selected adaptors. Scheduler and request workflows can only be deployed on one server per domain. Most of the adaptors can run on all Java servers in parallel. If you want, you can disable one or more on selected servers. But if you run the associated type of workflows, make sure that at least one adaptor of this type is active. Using Server Admin you can move these components at runtime without re-starting the servers. See the chapter "Supervisor Customization" for instructions.

To support running all workflows on all IdS-J servers, make sure you configure all IdS-J servers so that they provide the same resource families. Keep in mind that workflow activities – in both provisioning and request workflows – require a resource family that the hosting IdS-J server must provide.

DirX Identity Manager can give you an overview of the adaptors, the scheduler and the timeout check deployment: open the Connectivity view and go to the Expert View. In the Connectivity Configuration Data tree, go to Configuration → DirX Identity Servers → Java Servers. Right-click on a Java-based server and then select Manage IdS-J Configuration from the context menu. This opens a dialog that gives you an overview of the adaptors, the scheduler, the request workflow timeout check responsibility and the supervisors in respective tabs.

The Adaptors tab presents a two-dimensional list: each Java-based server is listed horizontally, and each adaptor is listed vertically. Click the appropriate radio or check button(s) to deactivate adaptors that you don’t need. This action instructs the corresponding Java-based server not to start the adaptor, which saves threads and sockets resources in both the Java-based server and the messaging service.

The Request Workflow Timeout Check tab also presents the list of Java servers and radio buttons for the request workflow timeout check. This component should run on only one server.

The Scheduler tab lets you assign the scheduler to one of the Java servers of the domain.

For changing most of the settings however, you have to open the Java server configuration objects individually. To activate your changes, you must stop and then start all the Java-based servers in the proper sequence.

For Automatic Fail-over you have to configure a monitoring circle: each Java server should monitor another one and should in turn also be monitored by another one. See the section "Automatic Fail-over with Circular Monitoring" for an overview.

You must use the Identity Manager for the configuration task. In the HA tab of each Java-based server activate Automatic Monitoring, select the server to be monitored and reference the link to the supervisor configuration.

For checking your circle and obtain an overview, right-click a Java-based server object and then select Manage IdS-J Configuration from the context menu.

The Supervision tab shows whether automatic monitoring is set for all servers and how Java servers monitor each other.

For enabling recovery of adaptor messages, you don’t have to configure anything special. The backup adaptors start automatically when the Automatic Monitoring Flag is set.

If you use SSL to secure the connections to the Java-based servers, you need to generate a private key for the Java-based server and then put the corresponding certificate into the trust store of each client. To keep things simple, we recommend using the same private key for all Java-based servers. For more details, see the section "Establishing Secure Connections with SSL" in the chapter "Managing the Connectivity System" in the DirX Identity Connectivity Administration Guide.

If you operate Web Center in single sign-on mode, you must generate a private key for Web Center and then put the corresponding certificate into each Java-based server’s trust store. For details, see the section "Deployment Descriptor web.xml" in the chapter "Web Center Configuration" of the DirX Identity Web Center Reference. We recommend using the same private key for all deployed Web Center instances.