Warning |
---|
This documentation is still work in progress! |
The following diagram illustrates a typical deployment pattern for WSO2 Enterprise Mobility Manager.
...
The following databases are needed for the clustering.
Database Name | Description | Database Script Location |
---|---|---|
CDM core database (DM_DS) | This stores generic data about devices (such as unique identifier, device type, ownership type), device enrollment information, device operations, policy management related data, etc. | <PRODUCT_HOME>/dbscripts/cdm/ |
APIM Database (WSO2AM_DB) | This stores data related to JAX-RS APIs and OAuth token data. | <PRODUCT_HOME>/dbscripts/apimgt/ |
Registry database (REG_DB) | This acts as the registry database. This database stores governance and config registry and must be mounted to all nodes in the cluster. | <PRODUCT_HOME>/dbscripts/ |
User and permission manager (UM_DB) | This database stores the user permission related details. | <PRODUCT_HOME>/dbscripts/ |
The following databases are related to plugins. These enable you to keep the data that is essential for these devices to work (such as APNS related keys) and this data is not available in the CDM core database.
Database Name | Description | Database Script Location |
---|---|---|
iOS DB (MobileIOSDM_DS) | Stores the iOS related the data. | <PRODUCT_HOME>/dbscripts/cdm/plugins/ios |
Android DB (MobileAndroidDM_DS) | Stores the Android related data. | <PRODUCT_HOME>/dbscripts/cdm/plugins/android/ |
Windows DB (MobileWindowsDM_DS) | Stores the Microsoft Windows related data. | <PRODUCT_HOME>/dbscripts/cdm/plugins/windows/ |
To change the datasource configurations, please change the following files.
Files to change | Datasources |
---|---|
<PRODUCT_HOME>/repository/conf/datasources/master-datasources.xml | This file must include the datasource configuration for the following databases.
|
<PRODUCT_HOME>/repository/conf/datasources/emm-datasources.xml | This file must include the datasource configuration for the following databases.
|
See Setting up the Database for an example of how datasources are configured.
...
Open the nginx.conf file and do the following configurations for the worker node.
Note Note: The URL used by the worker nodes is
work.emm.wso2.com
. (make sure this is properly set up in DNS pointing to the load balancer)Code Block language xml upstream work.emm.wso2.com { ip_hash; server xxx.xxx.xxx.xxx:9763; server xxx.xxx.xxx.xxx:9763; } server { listen 80; server_name work.emm.wso2.com; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass http://work.emm.wso2.com; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } upstream ssl.work.emm.wso2.com { ip_hash; server xxx.xxx.xxx.xxx:9443; server xxx.xxx.xxx.xxx:9443; } server { listen 443; server_name work.emm.wso2.com; ssl on; ssl_certificate /Users/geeth/Documents/Product-Testing/clustering/emm/conf/keys/server.crt; ssl_certificate_key /Users/geeth/Documents/Product-Testing/clustering/emm/conf/keys/server.key; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass https://ssl.work.emm.wso2.com; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }
For Mutual SSL enabled setup, please note the following changes
Code Block language xml title Changes for Mutual SSL enabled deployeement server { listen 443; server_name ssl.work.emm.wso2.com; ssl on; ssl_certificate /etc/nginx/certs/server.crt; ssl_certificate_key /etc/nginx/certs/server.key; ssl_client_certificate /etc/nginx/certs/ca.crt; ssl_verify_client optional; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header PROXY-MUTUAL-AUTH-HEADER $ssl_client_s_dn; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass https://ssl.work.emm.wso2.com; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }
ssl_certificate - This is used to define the SSL certificate of nginx ssl_certificate_key - This is used to define the private key of the SSL certificate of nginx
ssl_client_certificate - CA certificate used to sign the client certificates.
ssl_verify_client - on | off | optional | optional_no_ca Please refer the nginx documentation for more details
http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_verify_client;proxy_set_header PROXY-MUTUAL-AUTH-HEADER $ssl_client_s_dn; This header is set so that the EMM server can validate the client details.
With latest nginx versions, the behaviour has changed and $ssl_client_s_dn_legacy must be used instead of ssl_client_s_dn
Open the nginx.conf file and do the following configurations for the manager node.
Note Note: The URL used by the manager nodes is
mgt.emm.wso2.com
. (make sure this is properly set up in DNS pointing to the load balancer)Code Block language xml upstream mgt.emm.wso2.com { ip_hash; server xxx.xxx.xxx.xxx:9763; server xxx.xxx.xxx.xxx:9763; } server { listen 80; server_name mgt.emm.wso2.com; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass http://mgt.emm.wso2.com; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } upstream ssl.mgt.emm.wso2.com { ip_hash; server xxx.xxx.xxx.xxx:9443; server xxx.xxx.xxx.xxx:9443; } server { listen 443; server_name mgt.emm.wso2.com; ssl on; ssl_certificate /Users/geeth/Documents/Product-Testing/clustering/emm/conf/keys/server.crt; ssl_certificate_key /Users/geeth/Documents/Product-Testing/clustering/emm/conf/keys/server.key; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass https://ssl.mgt.emm.wso2.com; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }
Open the
nginx.conf
file and do the following configurations for the key manager or identity provider node.Note Note: The key manager’s URL is
keymgt.emm.wso2.com
. (make sure this is properly set up in DNS pointing to the load balancer)Code Block language xml upstream keymgt.emm.wso2.com { ip_hash; server xxx.xxx.xxx.xxx:9763; server xxx.xxx.xxx.xxx:9763; } server { listen 80; server_name keymgt.emm.wso2.com; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass http://keymgt.emm.wso2.com; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } upstream ssl.keymgt.emm.wso2.com { ip_hash; server xxx.xxx.xxx.xxx:9443; server xxx.xxx.xxx.xxx:9443; } server { listen 443; server_name keymgt.emm.wso2.com; ssl on; ssl_certificate /Users/geeth/Documents/Product-Testing/clustering/emm/conf/keys/server.crt; ssl_certificate_key /Users/geeth/Documents/Product-Testing/clustering/emm/conf/keys/server.key; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass https://ssl.keymgt.emm.wso2.com; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }
...
Restart the configured load balancer.
Start the key manager node.
sh <PRODUCT_HOME>/bin/wso2server.sh -Dsetup
Start the manager node.
sh <PRODUCT_HOME>/bin/wso2server.sh
Start the two worker nodes.
Warning title Note Make sure to start the worker node using the command given below. Do not use
-DworkerNode=true
to start the worker node.sh <PRODUCT_HOME>/bin/wso2server.sh -DworkerNode=true
- Check for ‘member joined’ log messages in the worker consoles.