Deploying Policy Manager using Multiple Containers

Learn how to deploy Policy Manager using multiple containers for enhanced scalability.

Introduction
Configuration Overview
Step 1: Container (PM1)—Install and Configure Managed Services and Policy Manager Console Features
Step 2: Container (PM2)—Install and Configure Security Services Feature
Step 3: Container (PM3)—Install and Configure Scheduled Jobs Feature
Step 4: Launch Policy Manager Management Console

Introduction

To provide support for enhanced performance and scalability, the Policy Manager Services feature has been divided into three separate features which can be installed separately into three separate containers.

Managed Services—Installs the Policy Manager system services. After installation, these services are located in the Policy Manager > Services folder of the Policy Manager Management Console.
Security Services—Installs Policy Manager security-related services. After installation, these services are located in the Policy Manager > Services folder of the Policy Manager Management Console.
Scheduled Jobs—Installs a series of system background jobs that are executed by the Policy Manager job scheduler.

Configuration Overview

The general configuration process is summarized below. Each feature is assigned a container name (PM1, PM2, and PM3). These container names are referenced in the configuration tasks.

Container Installation

Managed Services (PM1), Security Services (PM2), and Scheduled Jobs (PM3) features must be installed into separate containers.
The Policy Manager Console feature can be installed in the same container as the Managed Services feature or in its own container.

Admin Console Login Credentials

As part of the Managed Services (PM1) container configuration, you must define Administration Console Credentials. You can use the default credentials that you defined via the Configure Container Instance Wizard(or silent configuration), or you can assign a different set of credentials.
You can log into the Administration Console for each container (PM1, PM2, or PM3) using the login credentials you specified in the Configure Container Instance Wizard, or by using credentials defined in the Change Administrator Details screen (Configuration > Configuration Actions > Manage Admin Console Administrator).

Database Configuration

When configuring the Managed Services (PM1) feature, you must initially create a new database and add the Policy Manager schema. During subsequent Security Services (PM2), and Scheduled Jobs (PM3) container configuration, you just select the Use existing database option and reference the database specified in the Managed Services (PM1) container configuration.
In PM2 and PM3 container configurations, the Manage Schemas screen will display, but the schemas will already be added because you selected the Use existing database option.

Container Identity (Key Assignments)

You must configure the container identity for each container by assigning keys using the Manage PKI Keys Wizard.

Metadata Exchange Service

The URL of the Metadata Exchange Service specified on the WS-MetaDataExchange Options screen should include the port specified on the PM1 container (for example, http://localhost:9900/wsmex).

Step 1: Container (PM1)—Install and Configure Managed Services and Policy Manager Console Features

Launch the Configure Container Instance Wizard. Navigate to the Platform release directory c:\{release directory}\bin and enter one of the following:
For Windows:
```
startup.bat configurator
```
For Unix:
```
startup.sh configurator
```
Define the container (PM1).
For Policy Manager 7.2 and below, use the Standalone deployment option. The Standalone option is the default for Policy Manager 8.0. For this example we will use port 9900.
In the Administration Console, select Available Features > Features filter, and install the Managed Services and Policy Manager Console features (select both checkboxes).
On the Select Key Management Options screen, select a Key Management Option and click Next to continue. The Generate PKI Keys & X.509 Certificate option is the most commonly used default option. Refer to Managing Keys and Certificates for information about available options.
After completing the key configuration, click Finish and Go To Next Task.
On the Select Database Option screen, select Create new database, define the database, click Finish and Go To Next Task.
For Oracle, choose Oracle Service Name (not SID). See Use Oracle Service Name, not SID (database notes, installation documentation).
Note: If you're using Oracle 18c or later, it's important that you create the database first, and then, in the Configure Database Options wizard, choose the Use Existing Database option (see Database creation, Oracle 18c or later).
On the Define Policy Manager Administrator Credentials screen, update the username/password or accept the defaults (as defined in the Configure Container Instance Wizard (or silent configuration), click Finish and Go To Next Task.
On the Install Schemas screen, select the Policy Manager schema and click Finish and OK to restart the container.

Step 2: Container (PM2)—Install and Configure Security Services Feature

Launch the Configure Container Instance Wizard. Navigate to the Platform release directory c:\{release directory}\bin and enter one of the following:
For Windows:
```
startup.bat configurator
```
For Unix:
```
startup.sh configurator
```
Define the container (PM2).
For Policy Manager 7.2 and below, use the Standalone deployment option. The Standalone option is the default for Policy Manager 8.0. For this example we will use port 9901.
In the Administration Console, select Available Features > Features filter, and install the Security Services features.
On the Select Key Management Options screen, select a Key Management Option and click Next to continue. The Generate PKI Keys & X.509 Certificate option is the most commonly used default option. Refer to Managing Keys and Certificates for information about available options.
After completing the key configuration, click Finish and Go To Next Task.
On the Select Database Option screen, select Use existing database, specify the database used in the PM1 configuration, click Finish and Go To Next Task.
On the Install Schemas screen, the schema is already added because you used an existing database.
On the Provisioning screen, click Finish to initialize resources associated with the current feature set being installed.
Click OK to restart the container.

Step 3: Container (PM3)—Install and Configure Scheduled Jobs Feature

Launch the Configure Container Instance Wizard. Navigate to the Platform release directory c:\{release directory}\bin and enter one of the following:
For Windows:
```
startup.bat configurator
```
For Unix:
```
startup.sh configurator
```
Define the container (PM3).
For Policy Manager 7.2 and below, use the Standalone deployment option. The Standalone option is the default for Policy Manager 8.0. For this example we will use port 9902.
In the Administration Console, select Available Features > Features filter, and install the Security Services features.
On the Select Key Management Options screen, select a Key Management Option and click Next to continue. The Generate PKI Keys & X.509 Certificate option is the most commonly used default option. Refer to Managing Keys and Certificates for information about available options.
After completing the key configuration, click Finish and Go To Next Task.
On the Select Database Option screen, select Use existing database, specify the database used in the PM1 configuration, click Finish and Go To Next Task.
On the Install Schemas screen, the schema is already added because you used an existing database. Click Finish and OK to restart the container.