Warning |
---|
This documentation is still work in progress! |
The following diagram illustrates a typical deployment pattern for WSO2 Enterprise Mobility Manager.
...
The following databases are needed for the clustering.
Database Name | Description | Database Script Location |
---|---|---|
CDM core database (DM_DS) | This stores generic data about devices (such as unique identifier, device type, ownership type), device enrollment information, device operations, policy management related data, etc. | <PRODUCT_HOME>/dbscripts/cdm/ |
APIM Database (WSO2AM_DB) | This stores data related to JAX-RS APIs and OAuth token data. | <PRODUCT_HOME>/dbscripts/apimgt/ |
Registry database (REG_DB) | This acts as the registry database. This database stores governance and config registry and must be mounted to all nodes in the cluster. | <PRODUCT_HOME>/dbscripts/ |
User and permission manager (UM_DB) | This database stores the user permission related details. | <PRODUCT_HOME>/dbscripts/ |
The following databases are related to plugins. These enable you to keep the data that is essential for these devices to work (such as APNS related keys) and this data is not available in the CDM core database.
Database Name | Description | Database Script Location |
---|---|---|
iOS DB (MobileIOSDM_DS) | Stores the iOS related the data. | <PRODUCT_HOME>/dbscripts/cdm/plugins/ios |
Android DB (MobileAndroidDM_DS) | Stores the Android related data. | <PRODUCT_HOME>/dbscripts/cdm/plugins/android/ |
Windows DB (MobileWindowsDM_DS) | Stores the Microsoft Windows related data. | <PRODUCT_HOME>/dbscripts/cdm/plugins/windows/ |
To change the datasource configurations, please change the following files.
Files to change | Datasources |
---|---|
<PRODUCT_HOME>/repository/conf/datasources/master-datasources.xml | This file must include the datasource configuration for the following databases.
|
<PRODUCT_HOME>/repository/conf/datasources/emm-datasources.xml | This file must include the datasource configuration for the following databases.
|
See Setting up the Database for an example of how datasources are configured.
...
Open the nginx.conf file and do the following configurations for the worker node.
Note Note: The URL used by the worker nodes is
work.emm.wso2.com
. (make sure this is properly set up in DNS pointing to the load balancer)Code Block language xml upstream work.emm.wso2.com { ip_hash; server xxx.xxx.xxx.xxx:9763; server xxx.xxx.xxx.xxx:9763; } server { listen 80; server_name work.emm.wso2.com; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass http://work.emm.wso2.com; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } upstream ssl.work.emm.wso2.com { ip_hash; server xxx.xxx.xxx.xxx:9443; server xxx.xxx.xxx.xxx:9443; } server { listen 443; server_name work.emm.wso2.com; ssl on; ssl_certificate /Users/geeth/Documents/Product-Testing/clustering/emm/conf/keys/server.crt; ssl_certificate_key /Users/geeth/Documents/Product-Testing/clustering/emm/conf/keys/server.key; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass https://ssl.work.emm.wso2.com; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }
For Mutual SSL enabled setup, please note the following changes
Code Block language xml title Changes for Mutual SSL enabled deployeement server { listen 443; server_name ssl.work.emm.wso2.com; ssl on; ssl_certificate /etc/nginx/certs/server.crt; ssl_certificate_key /etc/nginx/certs/server.key; ssl_client_certificate /etc/nginx/certs/ca.crt; ssl_verify_client optional; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header PROXY-MUTUAL-AUTH-HEADER $ssl_client_s_dn; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass https://ssl.work.emm.wso2.com; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }
ssl_certificate - This is used to define the SSL certificate of nginx ssl_certificate_key - This is used to define the private key of the SSL certificate of nginx
ssl_client_certificate - CA certificate used to sign the client certificates.
ssl_verify_client - on | off | optional | optional_no_ca Please refer the nginx documentation for more details
http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_verify_client;proxy_set_header PROXY-MUTUAL-AUTH-HEADER $ssl_client_s_dn; This header is set so that the EMM server can validate the client details.
With latest nginx versions, the behaviour has changed and $ssl_client_s_dn_legacy must be used instead of ssl_client_s_dn
Open the nginx.conf file and do the following configurations for the manager node.
Note Note: The URL used by the manager nodes is
mgt.emm.wso2.com
. (make sure this is properly set up in DNS pointing to the load balancer)Code Block language xml upstream mgt.emm.wso2.com { ip_hash; server xxx.xxx.xxx.xxx:9763; server xxx.xxx.xxx.xxx:9763; } server { listen 80; server_name mgt.emm.wso2.com; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass http://mgt.emm.wso2.com; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } upstream ssl.mgt.emm.wso2.com { ip_hash; server xxx.xxx.xxx.xxx:9443; server xxx.xxx.xxx.xxx:9443; } server { listen 443; server_name mgt.emm.wso2.com; ssl on; ssl_certificate /Users/geeth/Documents/Product-Testing/clustering/emm/conf/keys/server.crt; ssl_certificate_key /Users/geeth/Documents/Product-Testing/clustering/emm/conf/keys/server.key; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass https://ssl.mgt.emm.wso2.com; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }
Open the
nginx.conf
file and do the following configurations for the key manager or identity provider node.Note Note: The key manager’s URL is
keymgt.emm.wso2.com
. (make sure this is properly set up in DNS pointing to the load balancer)Code Block language xml upstream keymgt.emm.wso2.com { ip_hash; server xxx.xxx.xxx.xxx:9763; server xxx.xxx.xxx.xxx:9763; } server { listen 80; server_name keymgt.emm.wso2.com; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass http://keymgt.emm.wso2.com; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } upstream ssl.keymgt.emm.wso2.com { ip_hash; server xxx.xxx.xxx.xxx:9443; server xxx.xxx.xxx.xxx:9443; } server { listen 443; server_name keymgt.emm.wso2.com; ssl on; ssl_certificate /Users/geeth/Documents/Product-Testing/clustering/emm/conf/keys/server.crt; ssl_certificate_key /Users/geeth/Documents/Product-Testing/clustering/emm/conf/keys/server.key; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass https://ssl.keymgt.emm.wso2.com; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }
...
- Download and unzip the WSO2 EMM binary distribution. The extracted directory is referred to as
<EMM_HOME>
in this document. Configure the
HostName
and theMgtHostName
. To do this, edit the<EMM_HOME>/repository/conf/carbon.xml
file as follows.Code Block language xml <HostName>work.emm.wso2.com</HostName> <MgtHostName>mgt.emm.wso2.com</MgtHostName>
HostName
: Host name or IP address of the machine hosting this server, e.g.work.emm.wso2.com
or192.168.1.10
.This is will become part of the End Point Reference of the services deployed on this server instance.MgtHostName
: Host name to be used for the Carbon management console.
Configure the HTTP/HTTPS proxy ports to communicate through the load balancer by editing the
<EMM_HOME>/repository/conf/tomcat/catalina-server.xml
file as follows.Code Block language xml <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="9763" proxyPort="80" redirectPort="443" … /> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="9443" proxyPort="443" redirectPort="443" … />
- Configure the policy monitoring frequency. You set the value in milliseconds and the default is 10 minutes. To do this, edit the
<EMM_HOME>/repository/conf/cdm-config.xml
file.
<MonitoringFrequency>60000</MonitoringFrequency>
Configure the URL in the invitation email (this must point to the worker’s public host name). To do this, edit the
<EMM_HOME>/repository/conf/cdm-config.xml
file.Tip Tip: In a real deployment, please make sure to use the HTTPS address for the URL with a properly signed SSL certificate.
<LBHostPortPrefix>http://work.emm.wso2.com</LBHostPortPrefix>
Configure the QR code URL to publically expose the URL in the emm-web-agent jaggery application and the URL of the key manager. This file is in the emm-web-agent.zip file. Edit the
<EMM_HOME>/repository/deployment/server/jaggeryapps/emm-web-agent/config/config.json
file. Use a ZIP file browser to change the file.Code Block "dynamicClientRegistrationEndPoint" : "https://keymgt.mdm.wso2.com/dynamic-client-web/register/", ……. …... "generalConfig" : { "host" : "http://work.emm.wso2.com", "companyName" : "WSO2 Enterprise Mobility Manager", ……………………. }
...
Restart the configured load balancer.
Start the key manager node.
sh <PRODUCT_HOME>/bin/wso2server.sh -Dsetup
Start the manager node.
sh <PRODUCT_HOME>/bin/wso2server.sh
Start the two worker nodes.
Warning title Note Make sure to start the worker node using the command given below. Do not use
-DworkerNode=true
to start the worker node.sh <PRODUCT_HOME>/bin/wso2server.sh -DworkerNode=true
- Check for ‘member joined’ log messages in the worker consoles.