Skip to end of metadata
Go to start of metadata

This section guides you through the logical separation of data that you can do when clustering the WSO2 Open Banking Identity and Access Management module.

Before you begin:

Note that creating separate databases as shown below is not actually required and can be skipped. Instead, you can point all the datasources given below to a single database. This will NOT make a difference in performance. To do this, see the steps given within the flow of the deployment pattern setup in the Configuring the datasources sub-topic.

However, if you want to separate the data logically into separate databases, you can follow the steps given below.

Each Carbon-based product uses a database to store information such as user management details and registry data. All nodes in the cluster must use one central database for config and governance registry mounts. By default, each WSO2 product is shipped with an embedded H2 database that works for all types of data. 

Embedded H2 is not recommended in production

The embedded H2 database is NOT recommended in enterprise testing and production environments. It has lower performance, clustering limitations, and can cause file corruption failures. Use an industry-standard RDBMS such as MySQL, MS SQL or Oracle instead.

You can use the embedded H2 database in development environments and as the local registry in a registry mount. However, in a production environment, it is recommended to change this. For more information on how to do this, set up the database and see the Changing the Carbon Database topic in the product administration guide.

You can create the following databases and associated datasources. This is NOT mandatory and you can choose not to create these databases if you wish and simply have a single database to handle all these concerns.

Database NameDescriptionScript locationDatasource file to be modified
WSO2UM_DB
Stores authorization manager configurations, internal permissions and roles.
<WSO2_OB_IAM_HOME>/dbscripts/
<WSO2_OB_IAM_HOME>/repository/conf/deployment.toml
WSO2AM_DB

Stores identity related data. For example, OAuth 2.0, SAML 2.0, User Managed Access (UMA).

<WSO2_OB_IAM_HOME>/dbscripts/identity/

UMA related scripts are in the

<WSO2_OB_IAM_HOME>/dbscripts/identity/uma directory. You can run the scripts to create the UMA related tables and indexes in the WSO2AM_DB.
<WSO2_OB_IAM_HOME>/repository/conf/deployment.toml
BPS_DS
Stores data related to the workflow feature.
  • To create workflow related tables and indexes, use the scripts in the <WSO2_OB_IAM_HOME>/dbscripts/bps/bpel/create directory.
  • To delete workflow related tables, use the scripts in the <WSO2_OB_IAM_HOME>/dbscripts/bps/bpel/drop directory.
  • To remove workflow related data from tables, use the scripts in the <WSO2_OB_IAM_HOME>/dbscripts/bps/bpel/truncate directory.
<WSO2_OB_IAM_HOME>/repository/conf/deployment.toml
WSO2_CARBON_DB
Stores data pertaining to user consents.
<WSO2_OB_IAM_HOME>/dbscripts/consent
<WSO2_OB_IAM_HOME>/repository/conf/deployment.toml
WSO2_OPEN_BANKING_DB

Stores open banking data.

<WSO2_OB_IAM_HOME>/dbscripts/finance
Find the relevant scripts according to the specification.
<WSO2_OB_IAM_HOME>/repository/conf/deployment.toml

To understand this concept further, see the following diagram.

For more information on the concept of sharing governance and config registry databases across the cluster, see the following topics in the WSO2 Identity Server documentation

Do the following configurations to implement the database setup.

Creating the databases

Create the databases that you require using the RDBMS of your choice and run the relevant script for the RDBMS of your choice according to the table above. See Working with databases in the WSO2 Identity Server documentation for instructions.

Configuring the datasources

Configure the datasources for the databases that you created above in both the WSO2 Open Banking Identity and Access Management nodes of your cluster. For instructions on how to configure the datasources for the databases you created, see Changing the Carbon Database in the WSO2 Identity Server documentation.

  • No labels