Deploying OAM in high availability across data centres in Active Active cluster : New Feature in OAM 11gR2 PS2

I discussed about IAM (OAM, OIM, OES, OAAM) 11gR2 PS2 ( availability here  and changes introduced in installation of 11gR2 PS2 ( here

In this post I am going to cover new feature introduced in Oracle Access Manager i.e. to deploy OAM in high availability (Active-Active) across Data Centres. For list of all the new features introduced in OAM 11gR2 PS2 click here. Till before 11gR2 PS2 (i.e. 11gR1 and 11gR2 PS1) you could deploy OAM in Active-Active within data centre but only in Active-Passive across data centres.

From OAM 11gR2 PS2 ( you could use one of the three deployment model across data centres

1. Active – Active Mode : OAM cluster in Data Centre 1 and Data Centre 2 run Active – Active mode and both OAM clusters can be used at any given time (as shown in image above)

2. Active – Hot Standby Mode : OAM cluster in Data Centre 1 is active and OAM cluster in Data Centre 2 is running but not actively used until data centre 1 goes down.

3. Active – Standby Passive Mode : OAM cluster in Data Centre 1 is active and OAM cluster in Data Centre 2 is down. OAM cluster in data centre 2 can be bought up within reasonable time, if OAM cluster in primary data centre fails.
Key Points when deploying OAM across data centres in Active-Active mode

1. The WebLogic Server domain (containing OAM cluster) will NOT span across data centres. As shown in figure above, there will be two OAM WebLogic domains, one in Data Centre 1 and second OAM domain in data centre 2.

Note: You will have two WebLogic domains each containing 1 OAM cluster

2. Install (or use an existing OAM) and configure OAM domain in data centre 1 and install/configure (or clone) OAM in data centre 2 . Then use T2P (Test2Prod) tools to configure syncing of configuration and policies.

For more information on T2P (Test 2 Production) click here

3. WebGates in data center 1 will have Primary Server List pointing to OAM cluster in data center 1 and Secondary Server List pointing to OAM cluster in data center 2

4. WebGates in data center2 will have Primary Server List pointing to OAM cluster in data center 2 and Secondary Server List pointing to OAM cluster in data center 1

5. One of the OAM cluster is designated as master while other OAM cluster as clone, any modification to policies or configurations must be done on master OAM cluster .

More information to set one OAM as master check WLST setMultiDataCentreClusterName.

6. Other OAM cluster (in data centre 2) is designated as CLONE using WLST addPartnerForMultiDataCentre

7. T2P (Test to Prod) tools and utilities (like copyBinary , pasteBinarycopyConfig, pasteConfig more here) are used to create OAM environment marked as CLONE

8. Periodically syncing of data (policies/configuration) from Master to Clone happen using replication REST API

To learn more in Oracle Access Manager, Register for our free Minicourse by clicking on below image.


Series Navigation<< New OAMConsole in OAM 11gR2 PS2 : Enabling Federation, STS, Mobile & Social in Oracle Access Management Suite : 11g WebGate with OHS 11g integrated with OAM 11g : OBWebGate_AuthnAndAuthz: Oracle AccessGate API is not initialized >>

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

6 comments says February 5, 2014

Dear Atul

Thanks so much I was just looking for this 🙂

But I am looking for OAM11. HA installation and configuration.

Can you please help ?

Ashraf TP

Reply says February 6, 2014

Thanks Atul

atlusr says July 14, 2014

Hi Atul,

Have couple of questions.

1. As we will have two WebLogic domains each containing 1 OAM cluster. Do we need to name them the same. Also each domain will have it’s own Database schemas. As we don’t have a RAC how is the database replication handled do we need to replicate the database both sides or T2P handles it.

2. Do we need to replicate the application server side file-system.

3. How will the DIP and SSO work do we need to configure it on both ends.

Will appreciate your feedback.


gkout says February 26, 2015

Hi Atul,

Apologies for the question bombing.

In case the master Data Center goes down, does the clone assume the master functionality in terms of configuring new policies etc?
Or is the clone only usable for authentication?

What happens in case the master can never be recovered? Any mechanism to assume the master role on the clone side?


Yogi says May 7, 2015

Hello Atul,

I have questions around T2P tool for sync between data centers.

If the policy store is OAM 11g is Oracle database, which provides redundancy and HA via data guard. Do we still require T2P tool between data center?

User has a valid session in datacenter 1, and suddenly the datacenter 1 went down. Does the T2P tool manages to redirect the user session to datacenter 2 ?

If we are administering 2 data centers WebLogic domains with respective WebLogic Admin consoles. Do we still require T2P tool between two data centers ?

What will be synced to datacenter via T2P tool ? Is the assumption that the nodes all empty in datacenter 2, and T2P tool/utilities will provide a replica ?

Please advice.

Add Your Reply

Not found