Page Comparison

The following diagram illustrates a typical deployment pattern for WSO2 Enterprise Mobility Manager.

...

The following databases are needed for the clustering.

The following databases are related to plugins. These enable you to keep the data that is essential for these devices to work (such as APNS related keys) and this data is not available in the CDM core database.

To change the datasource configurations, please change the following files.

See Setting up the Database for an example of how datasources are configured.

...

1. Open the nginx.conf file and do the following configurations for the worker node.

   Note
   Note: The URL used by the worker nodes is work.emm.wso2.com. (make sure this is properly set up in DNS pointing to the load balancer)

      

   Code Block
   language xml
   upstream work.emm.wso2.com { ip_hash; server xxx.xxx.xxx.xxx:9763; server xxx.xxx.xxx.xxx:9763; } server { listen 80; server_name work.emm.wso2.com; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass http://work.emm.wso2.com; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } upstream ssl.work.emm.wso2.com { ip_hash; server xxx.xxx.xxx.xxx:9443; server xxx.xxx.xxx.xxx:9443; } server { listen 443; server_name work.emm.wso2.com; ssl on; ssl_certificate /Users/geeth/Documents/Product-Testing/clustering/emm/conf/keys/server.crt; ssl_certificate_key /Users/geeth/Documents/Product-Testing/clustering/emm/conf/keys/server.key; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass https://ssl.work.emm.wso2.com; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }

   For Mutual SSL enabled setup, please note the following changes

   Code Block
   language xml title Changes for Mutual SSL enabled deployeement
   server { listen 443; server_name ssl.work.emm.wso2.com; ssl on; ssl_certificate /etc/nginx/certs/server.crt; ssl_certificate_key /etc/nginx/certs/server.key; ssl_client_certificate /etc/nginx/certs/ca.crt; ssl_verify_client optional; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header PROXY-MUTUAL-AUTH-HEADER $ssl_client_s_dn; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass https://ssl.work.emm.wso2.com;   proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }

   ssl_certificate             - This is used to define the SSL certificate of nginx
   ssl_certificate_key         - This is used to define the private key of the SSL certificate of nginx

   ssl_client_certificate      - CA certificate used to sign the client certificates.

   ssl_verify_client           - on | off | optional | optional_no_ca Please refer the nginx documentation for more details
                                 http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_verify_client;

   proxy_set_header PROXY-MUTUAL-AUTH-HEADER $ssl_client_s_dn; This header is set so that the EMM server can validate the client details.

    

   
   

2. Open the nginx.conf file and do the following configurations for the manager node.

   Note
   Note: The URL used by the manager nodes is mgt.emm.wso2.com. (make sure this is properly set up in DNS pointing to the load balancer)

   Code Block
   language xml
   upstream mgt.emm.wso2.com { ip_hash; server xxx.xxx.xxx.xxx:9763; server xxx.xxx.xxx.xxx:9763; } server { listen 80; server_name mgt.emm.wso2.com; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass http://mgt.emm.wso2.com; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } upstream ssl.mgt.emm.wso2.com { ip_hash; server xxx.xxx.xxx.xxx:9443; server xxx.xxx.xxx.xxx:9443; } server { listen 443; server_name mgt.emm.wso2.com; ssl on; ssl_certificate /Users/geeth/Documents/Product-Testing/clustering/emm/conf/keys/server.crt; ssl_certificate_key /Users/geeth/Documents/Product-Testing/clustering/emm/conf/keys/server.key; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass https://ssl.mgt.emm.wso2.com; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }

3. Open the nginx.conf file and do the following configurations for the key manager or identity provider node.

   Note
   Note: The key manager’s URL is keymgt.emm.wso2.com. (make sure this is properly set up in DNS pointing to the load balancer)

   Code Block
   language xml
   upstream keymgt.emm.wso2.com { ip_hash; server xxx.xxx.xxx.xxx:9763; server xxx.xxx.xxx.xxx:9763; } server { listen 80; server_name keymgt.emm.wso2.com; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass http://keymgt.emm.wso2.com; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } upstream ssl.keymgt.emm.wso2.com { ip_hash; server xxx.xxx.xxx.xxx:9443; server xxx.xxx.xxx.xxx:9443; } server { listen 443; server_name keymgt.emm.wso2.com; ssl on; ssl_certificate /Users/geeth/Documents/Product-Testing/clustering/emm/conf/keys/server.crt; ssl_certificate_key /Users/geeth/Documents/Product-Testing/clustering/emm/conf/keys/server.key; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass https://ssl.keymgt.emm.wso2.com; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }

...

1. Restart the configured load balancer.

2. Start the key manager node.
   sh <PRODUCT_HOME>/bin/wso2server.sh -Dsetup

3. Start the manager node.
   sh <PRODUCT_HOME>/bin/wso2server.sh

4. Start the two worker nodes.

   Warning
   title Note
   Make sure to start the worker node using the command given below. Do not use -DworkerNode=true to start the worker node.

   sh <PRODUCT_HOME>/bin/wso2server.sh -DworkerNode=true

5. Check for ‘member joined’ log messages in the worker consoles.