Advanced Deployment Architectures for Oracle E-Business Suite

Similar documents
<Insert Picture Here> E-Business Suite Technology Stack Certification Roadmap

John Heimann Director, Security Product Management Oracle Corporation

Oracle Application Server 10 g Security. An Oracle White Paper December 2005

Oracle Application Server 10g

Introduction. The Safe-T Solution

Novell Access Manager

Oracle Fusion Middleware

KillTest *KIJGT 3WCNKV[ $GVVGT 5GTXKEG Q&A NZZV ]]] QORRZKYZ IUS =K ULLKX LXKK [VJGZK YKX\OIK LUX UTK _KGX

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Oracle WebLogic Server 12c: Administration I

Deploying High Availability and Business Resilient R12 Applications over the Cloud

Maximum Availability Architecture: Overview. An Oracle White Paper July 2002

SAML-Based SSO Solution

Oracle 10g and IPv6 IPv6 Summit 11 December 2003

Maximum Availability Architecture (MAA): Oracle E-Business Suite Release 12

NET EXPERT SOLUTIONS PVT LTD

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

DEPLOYMENT GUIDE Version 1.1. Deploying the BIG-IP Access Policy Manager with IBM, Oracle, and Microsoft

1 BRIEF / Oracle Solaris Cluster Features and Benefits

Blueprinting Questionnaire Sample

Configuring Advanced Windows Server 2012 Services

Oracle WebLogic Server 11g: Administration Essentials

SAML-Based SSO Solution

UiB 1. april 04. Sun Microsystems

Virtualizing Oracle on VMware

Novell Access Manager

Oracle Application Server 10g R2: Administration II

Oracle Fusion Middleware

X100 ARCHITECTURE REFERENCES:

Oracle Database Competency Center

Experience the GRID Today with Oracle9i RAC

Using Atrium Single Sign-On with TrueSight

W H I T E P A P E R : T E C H N I C AL. Symantec High Availability Solution for Oracle Enterprise Manager Grid Control 11g and Cloud Control 12c

OpenIAM Identity and Access Manager Technical Architecture Overview

What s New for Oracle Database 11gR2 on Windows?

White Paper. Major Performance Tuning Considerations for Weblogic Server

Sentinet for BizTalk Server SENTINET

WebSphere Application Server, Version 5. What s New?

Oracle Fusion Middleware

IBM Tivoli Access Manager for e-business V6.1.1 Implementation

App Gateway Deployment Guide

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Windows Server : Configuring Advanced Windows Server 2012 Services R2. Upcoming Dates. Course Description.

FileNet P8 Version 5.2.1

Oracle Communications Services Gatekeeper

ORACLE IDENTITY MANAGER SIZING GUIDE. An Oracle White Paper March 2007

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Microsoft Azure Course Content

Oracle WebCenter Portal. Starting Points for Oracle WebCenter Portal Installation

Oracle 10g Application Server Suite Deployment with Cisco Application Control Engine Deployment Guide, Version 1.0

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

Oracle WebLogic Server 12c on AWS. December 2018

BlackBerry Enterprise Server for IBM Lotus Domino Version: 5.0. Administration Guide

ARCHITECTURAL OVERVIEW REVISED 6 NOVEMBER 2018

(9A05803) WEB SERVICES (ELECTIVE - III)

Oracle9i Application Server Architecture and Com

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

Oracle Fusion Middleware

GIS - Clustering Architectures. Raj Kumar Integration Management 9/25/2008

Oracle Fusion Middleware

Oracle 10g: Build J2EE Applications

Oracle Application Server

Microsoft SharePoint Server 2013 Plan, Configure & Manage

Oracle WebCenter Portal

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

<Insert Picture Here> Exadata MAA Best Practices Series Session 12: Exadata Patching & Upgrades

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Oracle Data Warehouse with HP a scalable and reliable infrastructure

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

Oracle9iAS Tech nicaloverview

1Z Oracle Application Grid 11g Essentials Exam Summary Syllabus Questions

AD FS v3. Deployment Guide

Business White Paper IDENTITY AND SECURITY. Access Manager. Novell. Comprehensive Access Management for the Enterprise

IBM Lotus Domino Product Roadmap

Edge Foundational Training

Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway

MCSE Productivity. A Success Guide to Prepare- Core Solutions of Microsoft SharePoint Server edusum.com

Welcome to the Gathering Intelligence from your Applications and Data: The case for Oracle BI eseminar

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

Oracle Fusion Middleware

This course prepares the student for Exam : Configuring Advanced Windows Server 2012 Services.

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved.

Focus On: Oracle Database 11g Release 2

Database Services at CERN with Oracle 10g RAC and ASM on Commodity HW

Installation and Upgrade Guide Access Manager 4.2. November 2015

IBM Spectrum Protect Version Introduction to Data Protection Solutions IBM

<Insert Picture Here> Exadata MAA Best Practices Series Session 1: E-Business Suite on Exadata

IBM Tivoli Storage Manager Version Introduction to Data Protection Solutions IBM

DEPLOYMENT GUIDE DEPLOYING F5 WITH ORACLE ACCESS MANAGER

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

Developing Microsoft Azure Solutions (70-532) Syllabus

Office 365 and Azure Active Directory Identities In-depth

Configuring Advanced Windows Server 2012 Services

Oracle Application Server

WEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices

1z0-479 oracle. Number: 1z0-479 Passing Score: 800 Time Limit: 120 min.

Customer Onboarding with VMware NSX L2VPN Service for VMware Cloud Providers

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

Ramnish Singh IT Advisor Microsoft Corporation Session Code:

Analytics in the Cloud Mandate or Option?

Transcription:

Advanced Deployment Architectures for Oracle E-Business Suite Steven Chan, Sr. Director, Applications Technology Integration Ivo Dujmovic, Director, Applications Technology Integration

Architectural Goals A. Ensure maximum security B. Ensure maximum performance & scalability C. Ensure business continuity D. Provide extra services to end-users E. Integrate with other systems F. Provide dynamic capacity September 2008

Architectural Goals A. Ensure maximum security B. Ensure maximum performance & scalability C. Ensure business continuity D. Provide extra services to end-users E. Integrate with other systems F. Provide dynamic capacity

Demilitarized Zone (DMZ) Attack DMZ Protected Zone Perimeter network Portions of a corporate network between the corporate intranet and external networks Single or multi-segment DMZ-based servers have restricted responsibilities Security breaches remain contained within DMZ References: Note 287176.1

Configuration A.1 Internal Users staff.acme.com partners.acme.com Internal EBS App Server External Users Internet External EBS App Server EBS Database DMZ Risk: Internal users can attack database References: Note 287176.1 (11i), 380490.1 (R12)

Configuration A.2 DMZ 2 Internal Users staff.acme.com partners.acme.com Internal EBS App Server External Users Internet External EBS App Server EBS Database DMZ 1 References: Note 287176.1 (11i), 380490.1 (R12)

Reverse Proxy Server External Users Reverse Proxy EBS App Server An intermediate server between a client and a web server Makes requests to the web server on behalf of the client Allows use of standard ports (80, 443) on external side; higher ports internally Filter requests to web server via rules Optionally allows for content caching Oracle HTTP Server, WebCache, Apache, other reverse proxy products References: Note 287176.1 (11i), 380490.1 (R12)

Configuration A.3 DMZ 3 Internal Users Internal EBS App Server External Users Internet Reverse Proxy External EBS App Server DMZ 1 DMZ 2 Release 11i Database References: Note 287176.1 (11i), 380490.1 (R12)

Enabling Single Sign-On for EBS Single Sign-On & Oracle Internet Directory Server By default, E-Business Suite has its own login (AppsLocalLogin) and its own user directory (FND_USER) E-Business Suite may be optionally integrated with OracleAS 10g Login is delegated to Single Sign-On 10g OracleAS 10g Infrastructure Database User management is delegated to Oracle Internet Directory 10g OracleAS 10g Components References: Note 233436.1, 261914.1 (11i); 376811.1 (R12)

Configuration A.4 External Users (via VPN) Oracle Application Server 10g Portal Single Sign-On Oracle Internet Directory Discoverer Other Fusion Middleware Components E-Business Suite Application Server Intranet E-Business Suite Database Internal Users References: Note 233436.1, 261914.1 (11i); 376811.1 (R12)

E-Business Suite Integration with OracleAS 10g 11i Runs Oracle9i Application Server 1.0.2.2.2 on mid-tier Runs Release 11i application-tier services such as Forms, Jserv Integrated with an external stand-alone Oracle Application Server 10g instance for optional services (e.g. Single Sign-On) 12 Runs Oracle Application Server 10g on mid-tier Runs Release 12 application-tier services such as Forms, OC4J Integrated with an external stand-alone Oracle Application Server 10g instance for optional services (e.g. Single Sign-On) References: Note 233436.1, 261914.1 (11i); 376811.1 (R12)

Configuration A.5 Internal Users External Users Single Sign-On 10g Internal EBS App Server Oracle Internet Directory Server 10g OracleAS 10g Infrastructure Database Internet Reverse Proxy External EBS App Server EBS Database References: Note 233436.1, 261914.1 (11i); 376811.1 (R12)

Tips Monitor Oracle Security Technology Center www.oracle.com/technology/deploy/security Apply quarterly Critical Patch Updates Read Best Practices for Securing Oracle E-Business Suite (11i: Note 189367.1; R12: Note 403537.1) Work with stakeholders and executive sponsors to prioritize security objectives

Architectural Goals A. Ensure maximum security B. Ensure maximum performance & scalability C. Ensure business continuity D. Provide extra services to end-users E. Integrate with other systems F. Provide dynamic capacity

Load-Balancers User1 User2 User3 Distributes requests from clients to multiple nodes Types discussed here DNS-based HTTP Layer Supported but not discussed here Apache Jserv Layer Forms Metric Server Concurrent Processing Layer Database Layer Node1 Node2 Node3 References: Note 217368.1 (11i), 380489.1 (R12)

High Availability Terminology Client Requests Client Requests On Failover Node 1 (Active) Node 2 (Active) Node 1 (Active) Node 2 (Passive) Active-Active Used for balancing load & improving scalability Active-Passive Used for business continuity References: Note 217368.1 (11i), 380489.1 (R12)

DNS-Based Load Balancing Q: IP for ebs.acme.com? Users query DNS LBR for IP address of URL, then cache that address for future queries User DNS LBR A: 10.10.10.10 DNS LBR supplies different IP addresses to different users depending on load of a given node Vendor-dependent: may use heartbeat checks against nodes and sophisticated algorithms for loadbalancing 10.10.10.10 10.10.10.20 10.10.10.30 References: Note 217368.1 (11i), 380489.1 (R12)

Configuration B.1 User EBS App Server 1 EBS App Server 2 EBS Database DNS LBR References: Note 217368.1 (11i), 380489.1 (R12)

HTTP Layer Load-Balancing Users navigate to Web Entry Point User HTTP Layer LBR HTTP Layer LBR routes all subsequent traffic for a specific user to a specific Web Node LBR must support persistent session connections (cookie-based or IP-based stickiness ) LBRs may use heartbeat checks for node death detection & restart, and sophisticated algorithms for loadbalancing Web Node 1 Web Node 2 Web Node 3 References: Note 217368.1 (11i), 380489.1 (R12)

Configuration B.2 ebs.acme.com EBS App Server 1 User HTTP Layer LBR EBS App Server 2 EBS Database References: Note 217368.1 (11i), 380489.1 (R12)

Configuration B.3 Internal Users HTTP LBR2 DMZ 3 Web Node 1 Web Node 3 Web Node 4 External Users Internet Reverse Proxy HTTP LBR1 Web Node 2 EBS Database DMZ 1 DMZ 2 References: 11i: Note 217368.1, 287176.1; R12: 380489.1, 380490.1

Configuration B.4 Internal Users HTTP LBR2 External Users Single Sign-On 10g Web Node 3 Web Node 4 Oracle Internet Directory Server 10g OracleAS 10g Infrastructure Database Internet Reverse Proxy HTTP LBR1 Web Node 1 EBS Database Web Node 2 References: 11i: Note 233436.1, 261914.1, 217368.1, 287176.1; R12: 376811.1, 380489.1, 380490.1

Real Application Clusters (RAC) Allows multiple database servers to access the same data in parallel Application Server RAC Instance 1 Private Interconnect RAC Instance 2 Improves scalability & fault-tolerance Supported with 9i, 10gR1, 10gR2, 11gR1 Databases Supports Automatic Storage Management (ASM), Cluster Ready Services (CRS), Parallel Concurrent Processing (PCP) Shared Filesystem References: Note 312731.1 (11i), 388577.1 (R12)

RAC Configuration Options General Pooling All RAC nodes handle all transactions Functional Specialization Specific RAC nodes handle transactions for specific Applications modules: RAC node 1 dedicated to Order Management RAC node 2 dedicated to Payroll References: Note 312731.1 (11i), 388577.1 (R12)

Configuration B.5 DMZ 3 Internal Users Internal EBS App Server External Users Internet Reverse Proxy External EBS App Server DMZ 1 DMZ 2 RAC 1 RAC 2 Shared EBS DB Filesystem References: 11i: Note 287176.1, 312731.1; R12: 380490.1, 388577.1

Configuration B.6 Internal Users HTTP LBR2 DMZ 3 Web Node 1 Web Node 3 Web Node 4 External Users Internet Reverse Proxy HTTP LBR1 Web Node 2 RAC 1 RAC 2 DMZ 1 DMZ 2 Shared EBS DB Filesystem References: 11i: Note 217368.1, 287176.1, 312731.1; R12: 380490.1, 388577.1, 389489.1

Configuration B.8 HTTP LBR2 Internal Users External Users LBR1 SSO Node 1 SSO Node 2 Web Node 3 Web Node 4 Internet Reverse Proxy HTTP LBR1 Web Node 1 RAC 1 RAC 2 OID 1 OID 2 Web Node 2 Shared EBS DB Filesystem OracleAS 10g Infrastructure DB Refs: 11i: Note 233436.1, 217368.1, 287176.1, 312731.1; R12: 380490.1, 388577.1, 389489.1; OracleAS HA Guide

OracleAS Web Cache Content-aware server accelerator User OracleAS Web Cache Can act as a: Reverse-proxy server Web caching Load-balancer & failover detection Fully certified with the E-Business Suite for web (HTML) traffic Caches static & dynamic content, but not user-specific secure content Web Node 1 Web Node 2 Web Node 3 References: OracleAS Web Cache Administrator s Guide (10.1.2.0.2), Note 306653.1

OracleAS Clusters User Clusters of multiple Web Cache instances Single logical cache Web Cache 1 Web Cache 2 Cluster members communicate with each other Coordinated & distributed content caching Coordinated node death detection & failure management Web Node 1 Web Node 2 Web Node 3 References: OracleAS Web Cache Administrator s Guide (10.1.2.0.2), Note 306653.1 (11i), 380486.1 (R12)

Tips Examine cost-effectiveness of SMP vs Linux-based commodity servers on the middle-tier Minimize 11i administration overhead via: Oracle Applications Manager Oracle Applications Management Pack Oracle Enterprise Manager Grid Control AutoConfig Shared application file systems

Architectural Goals A. Ensure maximum security B. Ensure maximum performance & scalability C. Ensure business continuity D. Provide extra services to end-users E. Integrate with other systems F. Provide dynamic capacity

Business Continuity A.k.a. Disaster Recovery Planning for catastrophic site failures Not just tape backups: operational failover Can also be used for managing planned outages Requires decisions about operational priorities (e.g. Should all E-Business Suite services be fully operational after a disaster or just a subset? ) Potentially expensive, but what are the costs of total system failure? References: http://www.oracle.com/technology/deploy/availability/htdocs/maa.htm

Active-Passive Architectures Production Standby AppServer Database Data & Configuration Synchronization AppServer Database San Francisco Austin, TX Completely standalone, self-contained sites Data and configurations synchronized constantly between sites via Oracle DataGuard and physical standby References: Note 216212.1 (11i), 452056.1 (R12)

Configuration C.1 Production User HTTP LBR 1 AS Node 1 AS Node 2 EBS DB Standby DNS LBR AS Node 3 Traffic rerouted to offsite HTTP Layer LBR in event of disaster HTTP LBR 2 AS Node 4 EBS DB References: Note 217368.1 (11i), 380489.1 (R12)

Supported Architectures All standard architectures supported via failover (e.g. RAC, DMZs, load-balancers, OracleAS 10g integration) Failover site architectures may be: Exact duplicates of production sites Reduced in scale (e.g. fewer web nodes) Reduced in scope (e.g. support internal employees but not external users)

Not a Weekend Project 1. Work closely with users, stakeholders, executive sponsors 2. Prioritize disaster recovery needs carefully 3. Research options, check references 4. Work with platform hardware vendors, experienced consultants and partners 5. Deploy proof-of-concept testbeds 6. Test thoroughly

Architectural Goals A. Ensure maximum security B. Ensure maximum performance & scalability C. Ensure business continuity D. Provide extra services to end-users E. Integrate with other systems F. Provide dynamic capacity

OracleAS 10g Integration Options 1. Access Apps via Oracle Single Sign-On 2. Access Apps via Oracle Access Manager 3. Manage users with Oracle Internet Directory 4. Design custom portals with Oracle Web Center 5. Design custom portals with Oracle Portal 6. Analyse data with Discoverer 7. Analyse data with Business Intelligence Applications

Configuration D.1 Internal Users HTTP LBR4 External Users HTTP LBR1 Web Node 1 Web Node 2 Web Node 3 Web Node 4 Oracle Internet Directory Server 10g OracleAS 10g Infrastructure Database Internet Reverse Proxy LBR2 LBR3 RAC 1 RAC 2 LBR5 SSO Node 1 SSO Node 2 Portal Node 1 Portal Node 2 Shared EBS DB Filesystem Disc. Node 1 Disc. Node 2 Refs: 11i: Note 233436.1, 217368.1, 287176.1, 312731.1, 305918.1; R12: 376811.1, 380491.1, 380489.1, 380484.1, 388577.1

Architectural Goals A. Ensure maximum security B. Ensure maximum performance & scalability C. Ensure business continuity D. Provide extra services to end-users E. Integrate with other systems F. Provide dynamic capacity

Integration With Other Applications The E-Business Suite supports integration with: 1. Other applications via Oracle Integration 2. PeopleSoft, Oracle Collaboration Suite using a common enterprise OracleAS 10g instance for: Single Sign-On & Oracle Internet Directory 10g Portal 10g 3. Other authentication systems & LDAP directories via OracleAS 10g Identity Management

Integrate EBS with Third-Party Apps Legacy Application E-Business Suite Oracle Integration Build integrations via Service Oriented Architecture (SOA) technologies Over 250 adapters for Enterprise Application Integration J2EE and open standards-based integration, including: E-Business Suite, third-party applications, database sources XML, JMS, JCA Web Services: SOAP, WSDL, UDDI B2B Protocols: RosettaNet, HIPAA, EDI

Configuration E.1 E-Business LBR1 SSO Node 1 LBR3 App Server EBS DB SSO Node 2 OID 10g Node 1 OID 10g Node 2 PeopleSoft Users LBR2 OBIEE Node 1 OBIEE Node 2 RAC 1 RAC 2 OracleAS 10g Infrastructure App Server Siebel PSFT DB App Server Siebel DB

Third-Party Single Sign-On Integration EBS Application Server delegates user authentication to Oracle Single Sign-On 10g delegates user authentication to Third-Party SSO

Supported Third-Party SSO Integrations Integrate Oracle Single Sign-On with Windows Native Authentication via Kerberos CA Entrust, CA Netegrity, IBM Tivoli, RSA PKI X.509v3 Digital Certificates Biometric and smartcard systems Other SSO systems via custom adapters Oracle Identity Federation Formerly Oblix COREid Federation SAML, WS-Federation, Liberty Alliance Oracle Access Manager Formerly Oblix COREid Access & Identity

If you already have a third-party LDAP Third-Party LDAP Oracle Internet Directory 10g synchronizes user attributes with synchronizes user attributes with E-Business Suite DB (FND_USER)

Available Oracle Internet Directory Connectors Microsoft Active Directory 2000/2003 Microsoft Exchange 2000/2003 Sun Java System Directory (Sun ONE / iplanet) 5.2 Novell edirectory 8.6 / 8.7 OpenLDAP 2.2 Any LDAP directory via LDIF files Any other directory via custom DIP agent Oracle Identity Manager Formerly Thor Xellerate Identity Provisioning Also integrates directly with E-Business Suite FND_USER & HRMS Oracle Virtual Directory Formerly OctetString Virtual Directory Engine

Configuration E.2 Third-Party SSO Third-Party LDAP Oracle Internet Directory 10g End User Single Sign-On 10g EBS Database (FND_USER) EBS Application Server References: Note 261914.1 (11i), R12 System Administrator s Guide - Security

Architectural Goals A. Ensure maximum security B. Ensure maximum performance & scalability C. Ensure business continuity D. Provide extra services to end-users E. Integrate with other systems F. Provide dynamic capacity September 2008

Dynamic Capacity Provisioning a.k.a Cloud Computing -- Direction EBS deployment spectrum: Owned: Full EBS + eco-system on-premise Hosted: Full EBS + eco-system in cloud Web 2.0: On-premise EBS + cloud-hosted eco-system Web 2.0+: On-premise core EBS + partial eco-system, cloud provides overflow/peak capacity for EBS + select additional external services Other permutations Direction: Further enhance cloud-enabling of EBS

Cloud Delivered EBS Capacity -- Direction Rigid capacity provisioning feature set forced Sizing hardware for peak requirements, or Hosted solutions by vendors with their own provisioning solutions Goal: Better managing resource underutilization Versus historical focus on high utilization Buy hardware you need for 80% of the time Peak load services could Supplement existing resources Lower cost hurdles to new functionality adoption

Cloud Delivered EBS Capacity Potential Future EBS functionality direction includes EBS Instance Fingerprint extraction Transport Alteration Stamping

EBS Instance Dimension Fingerprinting Appsprint EBS Appl_Top code level Techprint Code level for technology Oracle_Homes Configprint Technology configurations (AutoConfig) Ecoprint Ecosystem integration points (AutoConfig, MetaLink) Database dbf s Transactional data, functional configuration data (isetup) Dynamic Provisioning = Extract * Alter * Stamp

OracleAS + E-Business Suite Resources Application Server + 11i FAQ Note 186981.1 11i Documentation Roadmap Note 207159.1 Application Server + R12 FAQ Note 415007.1 R12 Documentation Roadmap Note 380482.1

Oracle E-Business Suite Technology Stack Blog http://blogs.oracle.com/schan Latest Apps techstack news Primers & FAQs Certification & desupport announcements Advanced architectures Early Adopter Programs Statements of Direction Discussions with Oracle Development Subscribe via email & RSS

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback