of 75
8/8/2019 DMZ Advanced Architectures
1/75
This presentation is for informational purposes only and may not be incorporated into a contract or agreement.
8/8/2019 DMZ Advanced Architectures
2/75
The following is intended to outline our general product direction. It is intended forinformation purposes only, and may not be incorporated into any contract. It is not
a commitment to deliver any material, code, or functionality, and should not be
relied upon in making purchasing decision. The development, release, and timing
of any features or functionality described for Oracles products remains at the sole
discretion of Oracle.
8/8/2019 DMZ Advanced Architectures
3/75
8/8/2019 DMZ Advanced Architectures
4/75
Steven Chan
DirectorApplications Technology Group
This presentation is for informational purposes only and may not be incorporated into a contract or agreement.
8/8/2019 DMZ Advanced Architectures
5/75
Advanced Architectures:Oracle E-Business Suite Release 11i
May 2006
8/8/2019 DMZ Advanced Architectures
6/756
Architectural Goals
A. Ensure maximum security
B. Ensure maximum performance & scalability
C. Ensure business continuity
D. Provide extra services to end-usersE. Integrate with other applications
8/8/2019 DMZ Advanced Architectures
7/75
Selected E-Business
Suite References
340178.1OracleAS 10g + SSL
305918.1Portal 10g
313418.1Discoverer 10g
306653.1WebCache
217368.1Load-Balancing
217368.1OracleAS 10g Integration (SSO, OID)
312731.110g RAC + ASM
216212.1Business Continuity
123718.1SSL
287168.1Demilitarized Zones
NoteEDCBAGoal Metalink
Note
8/8/2019 DMZ Advanced Architectures
8/75
8
Bringing It Together
Challenges for System Architects:
Few resources for quick overviews of options
Each of these Notes are fine in isolation, butits often difficult to get a bigger picture
Oracle technology portfolio continues to
grow rapidly
8/8/2019 DMZ Advanced Architectures
9/75
E-Business Suite Basic Concepts
8/8/2019 DMZ Advanced Architectures
10/75
10
8/8/2019 DMZ Advanced Architectures
11/75
11
Automated Technical
Configuration (AutoConfig) Manual steps to configure the technology stack are
error prone AutoConfig populates configuration file templates with
values you give in Rapid Install
Subsequent patches can update configuration withoutmanual steps
AutoConfig is required for 11.5.8 and later
maintenance packs, for migration to iAS 1.0.2.2, andincreasingly for new features in the E-Business Suite
References: Note 165195.1
8/8/2019 DMZ Advanced Architectures
12/75
12
AutoConfigGeneratedGenerated
ConfigurationConfigurationFilesFiles
jserv.propertiesjserv.properties
appswebappsweb..cfgcfg
httpd.confhttpd.conf
Rapid InstallRapid Install
configconfig.txt.txt AutoConfigAutoConfig
ApplicationsApplicationsConfigurationConfiguration
TemplatesTemplates
ApplicationsApplicationsContext FileContext File
.xml.xml
OAMOAMContext EditorContext Editor
GeneratedGenerated
DatabaseDatabaseUpdatesUpdates
APPS_WEB_AGENTAPPS_WEB_AGENT
ICX_FORMS_LAUNCHEICX_FORMS_LAUNCHER
TCF:PORTTCF:PORTTCF:HOSTTCF:HOST
References: Note 165195.1
8/8/2019 DMZ Advanced Architectures
13/75
13
Advanced Configuration Wizards
8/8/2019 DMZ Advanced Architectures
14/75
14
Architectural Goals
A. Ensure maximum security
B. Ensure maximum performance & scalability
C. Ensure business continuity
D. Provide extra services to end-usersE. Integrate with other applications
8/8/2019 DMZ Advanced Architectures
15/75
15
Demilitarized Zone (DMZ)
Perimeter network
Portions of a corporate
network between thecorporate intranet and
external networks
Single or multi-segment
DMZ-based servers have
restricted responsibilities
Security breaches remain
contained within DMZ
ProtectedProtected
ZoneZone
DMZDMZ
Attack
References: Note 287176.1
8/8/2019 DMZ Advanced Architectures
16/75
16
NotRecomme
n
Configuration A.1ded!
User
Firewall
9iAS 1.0.2
ebs.acme.comebs.acme.com
Internet Release 11i
DatabaseServer
Disadvantages:
No DMZ
Disadvantages:No DMZ
References: Note 287176.1
8/8/2019 DMZ Advanced Architectures
17/75
17
External
9iAS 1.0.2
Server
DMZDMZ
partners.acme.compartners.acme.compartners.acme.com
Configuration A.2Internal
Users
staff.acme.comstaff.acme.com
Internal
9iAS 1.0.2
Server
External Internet Release 11i
DatabaseUsers
Risk:
Internal users can
attack database
Risk:
Internal users can
attack databaseFirewall Firewall
References: Note 287176.1
8/8/2019 DMZ Advanced Architectures
18/75
18
External
9iAS 1.0.2
Server
DMZ 1
partners.acme.compartners.acme.compartners.acme.com
Configuration A.3Internal
Users
DMZ 2
Internal 9iAS 1.0.2
Server
Release 11i
Database
staff.acme.comstaff.acme.com
External Internet
Users
Firewall Firewall
References: Note 287176.1
8/8/2019 DMZ Advanced Architectures
19/75
19
Reverse Proxy Server
An intermediate server between a
client and a web server
Makes requests to the web server on
behalf of the client
Allows use of standard ports (80, 443)
on external side; higher ports internally Filter requests to web server via rules
Optionally allows for content caching
Oracle HTTP Server, WebCache,
Apache, other reverse proxy products
External
Users
Reverse
Proxy
9iAS 1.0.2Server
References: Note 287176.1
8/8/2019 DMZ Advanced Architectures
20/75
20
Configuration A.4
Firewall
Reverse
Proxy
External
9iAS 1.0.2
Server
Release 11iDatabaseDMZ 1 DMZ 2
DMZ 3
Internal
Users
Internal 9iAS 1.0.2
Server
External Internet
Users
Firewall Firewall
References: Note 287176.1
8/8/2019 DMZ Advanced Architectures
21/75
21
Oracle Application Server 10g
Integration for Single Sign-On By default, E-Business Suite has its
own login (AppsLocalLogin) and itsown user directory (FND_USER)
E-Business Suite may be optionally
integrated with OracleAS 10g
Login is delegated to Single Sign-On
10g
User management is delegated to
Oracle Internet Directory 10g
OracleAS 10gOracleAS 10g
InfrastructureInfrastructure
DatabaseDatabase
Single SignSingle Sign--On &On &Oracle InternetOracle Internet
Directory ServerDirectory Server
OracleAS 10gOracleAS 10g
ComponentsComponents
References: Note 233436.1, 261914.1
8/8/2019 DMZ Advanced Architectures
22/75
22
Configuration A.5
DMZ
Firewall
Release 11iDatabase
Intranet
Firewall
OracleAS 10g ServerExternal
UsersInternal
Users Single Sign-On
Oracle Internet Directory
Internet Router
Oracle9i Application Server 1.0.2.2.2
E-Business Suite 11iApplication Server
References: Note 233436.1, 261914.1
8/8/2019 DMZ Advanced Architectures
23/75
23
11i Integration with OracleAS 10g
Release 11i instance runs Oracle9i
Application Server 1.0.2.2.2
11i is integrated with a stand-alone Oracle
Application Server 10g instance
The existing Release 11i application-tier
server nodes continue to run on Oracle9i
Application Server 1.0.2.2.2
References: Note 233436.1, 261914.1
C fi ti A 6
8/8/2019 DMZ Advanced Architectures
24/75
24
Configuration A.6
Firewall
Reverse
Proxy
Single
Sign-On 10g
Firewall
External
Users
Internet
Firewall
Release 11iDatabase
External
9iAS 1.0.2
Server
OracleAS 10g
Infrastructure
Database
Oracle
Internet
Directory
Server 10g
Internal
Users
Portal
10gInternal 9iAS
1.0.2 Server
Discoverer
10g
References: Note 233436.1, 261914.1
8/8/2019 DMZ Advanced Architectures
25/75
25
Tips
Monitor Oracle Security Technology Center
www.oracle.com/technology/deploy/security
Apply quarterly Critical Patch Updates
Read Best Practices for Securing Oracle E-Business Suite (MetaLink Note 189367.1)
Work with stakeholders and executivesponsors to prioritize security objectives
8/8/2019 DMZ Advanced Architectures
26/75
26
Architectural Goals
A. Ensure maximum security
B. Ensure maximum performance & scalability
C. Ensure business continuity
D. Provide extra services to end-usersE. Integrate with other applications
8/8/2019 DMZ Advanced Architectures
27/75
27
Load-Balancers
Distributes requests from clients
to multiple nodes
Types discussed here
DNS-based
HTTP Layer
Supported but not discussed here
Apache Jserv Layer
Forms Metric Server Concurrent Processing Layer
Database Layer
User1 User2 User3
Node3Node1 Node2
References: Note 217368.1
8/8/2019 DMZ Advanced Architectures
28/75
28
High Availability Terminology
Active-Active
Used for balancing load
& improving scalability
Active-Passive
Used for business
continuity
Node 1(Active)
Node 2(Active)
Client
Requests
Node 1(Active)
Node 2(Passive)
Client
Requests
On
Failover
On
Failover
DNS Based Load Balancing Router
8/8/2019 DMZ Advanced Architectures
29/75
29
DNS-Based Load Balancing Router
Users query DNS LBR for IP
address of URL, then cache
that address for future queries
DNS LBR supplies different IP
addresses to different users
depending on load of a given
node
Vendor-dependent: may use
heartbeat checks against nodes
and sophisticated algorithms for
load-balancing
User DNS LBR
Q: IP for ebs.acme.com?
A: 10.10.10.10
10.10.10.10 10.10.10.20 10.10.10.30
References: Note 217368.1
8/8/2019 DMZ Advanced Architectures
30/75
8/8/2019 DMZ Advanced Architectures
31/75
31
HTTP Layer Load-Balancing
Users navigate to Web Entry Point
HTTP Layer LBR routes all
subsequent traffic for a specific userto a specific Web Node
LBR must support persistent
session connections (cookie-basedor IP-based stickiness)
LBRs may use heartbeat checks for
node death detection & restart, and
sophisticated algorithms for load-
balancing
User
HTTP Layer LBR
Web Node 1 Web Node 2 Web Node 3
References: Note 217368.1
8/8/2019 DMZ Advanced Architectures
32/75
32
Configuration B.2
ebs.acme.comebs.acme.com
9iAS 1.0.2
Server 1
User
9iAS 1.0.2
Server 2
Release 11i
Database
HTTP
Layer
LBR
References: Note 217368.1
8/8/2019 DMZ Advanced Architectures
33/75
33
Configuration B.3
Firewall
Reverse
Proxy
DMZ 1
HTTP
LBR1
Firewall
Internet
Firewall
Internal
Users
Release 11i
Database
External
Users
DMZ 2
DMZ 3
References: Note 217368.1, 287176.1
Web
Node 2
Web
Node 1
HTTP LBR2
Web
Node 3
Web
Node 4
Configuration B 4
8/8/2019 DMZ Advanced Architectures
34/75
34
Configuration B.4Internal
Users
Firewall
Reverse
Proxy
Firewall
Internet
External
Users
Firewall
Release 11iDatabase
OracleAS 10g
Infrastructure
Database
Oracle
Internet
Directory
Server 10g
HTTP LBR2
Web
Node 3
Web
Node 4Single
Sign-On
10g
Web
Node 1
HTTPLBR1
Web
Node 2
References: Note 233436.1, 261914.1
8/8/2019 DMZ Advanced Architectures
35/75
35
Real Application Clusters (RAC)
Allows multiple database servers
to access the same data in
parallel
Improves scalability & fault-
tolerance
Supported with 9i & 10gR1Databases
Supports Automatic Storage
Management (ASM), Cluster
Ready Services (CRS), Parallel
Concurrent Processing (PCP)Shared Filesystem
RAC
Instance 1
RAC
Instance 2
Private
Interconnect
Application Server
References: Note 312731.1
8/8/2019 DMZ Advanced Architectures
36/75
Configuration B.5
Shared 11i
Filesystem
RAC 1 RAC 2
Firewall
Reverse
Proxy
External
9iAS 1.0.2
Server
DMZ 1 DMZ 2
Firewall
Internet
Firewall
Internal
Users
DMZ 3
Internal 9iAS 1.0.2
Server
External
Users
References: Note 287176.1, 312731.1
8/8/2019 DMZ Advanced Architectures
37/75
Shared 11i
Filesystem
RAC 1 RAC 2
Configuration B.6
Firewall
Reverse
Proxy
DMZ 1
HTTP
LBR1
Firewall
Internet
Firewall
Internal
Users
HTTP LBR2
DMZ 3
External
Users
DMZ 2
References: Note 217368.1, 287176.1, 312731.1
Web
Node 2
Web
Node 1
Web
Node 3
Web
Node 4
Configuration B.7
8/8/2019 DMZ Advanced Architectures
38/75
Configuration B.7Internal
Users
Shared 11i
Filesystem
RAC 1 RAC 2
Firewall
Reverse
Proxy
HTTPLBR1
LBR1
Firewall
External
Users
Internet
Firewall
OracleAS 10g
Infrastructure
Database
Oracle
Internet
Directory
Server 10g
HTTP LBR2
References: Note 233436.1, 217368.1, 287176.1, 312731.1
Web
Node 3
Web
Node 4
SSO
Node 1
SSO
Node 2
Web
Node 1
Web
Node 2
8/8/2019 DMZ Advanced Architectures
39/75
39
OracleAS Web Cache
Content-aware server accelerator
Can act as a:
Reverse-proxy server Web caching
Load-balancer & failover detection
Fully certified with the E-BusinessSuite
Caches static & dynamic content,
but not user-specific secure content
User
OracleAS Web Cache
Web Node 1 Web Node 2 Web Node 3
References: OracleAS Web Cache Administrators Guide (10.1.2.0.2), Note 306653.1
8/8/2019 DMZ Advanced Architectures
40/75
40
OracleAS Clusters
Clusters of multiple Web
Cache instances
Single logical cache
Cluster members
communicate with each other
Coordinated & distributed
content caching
Coordinated node deathdetection & failure
management
User
Web
Cache 1
Web Node 2 Web Node 3
Web
Cache 2
Web Node 1
References: OracleAS Web Cache Administrators Guide (10.1.2.0.2), Note 306653.1
W b C h Effi i M it i
8/8/2019 DMZ Advanced Architectures
41/75
41
Web Cache Efficiency Monitoring
Internal
Users
C fi ti B 9
8/8/2019 DMZ Advanced Architectures
42/75
42
Configuration B.9
Firewall
DMZ 1
HTTP
LBR
Firewall
Internet Web
Cache
Firewall
Release 11iDatabase
External
Users
DMZ 2
DMZ 3
References: Note 217368.1, 287176.1, 306653.1
Web
Node 2
Web
Node 1
Web
Cache
Web
Node 3
Web
Node 4
Ti
8/8/2019 DMZ Advanced Architectures
43/75
43
Tips
Examine cost-effectiveness of SMP vs Linux-
based commodity servers on the middle-tier
Minimize 11i administration overhead via:
Oracle Applications Manager
Oracle Enterprise Manager Grid Control AutoConfig
Shared ORACLE_HOMEs
A hit t l G l
8/8/2019 DMZ Advanced Architectures
44/75
44
Architectural Goals
A. Ensure maximum security
B. Ensure maximum performance & scalabilityC. Ensure business continuity
D. Provide extra services to end-usersE. Integrate with other applications
B i C ti it
8/8/2019 DMZ Advanced Architectures
45/75
45
Business Continuity
A.k.a. Disaster Recovery
Planning for catastrophic site failures
Not just tape backups: operational failover
Can also be used for managing planned outages
Requires decisions about operational priorities
(e.g. Should all E-Business Suite services be fully
operational after a disaster? Or just a subset?)
Potentially expensive, but what are the costs of total
system failure?
References: http://www.oracle.com/technology/deploy/availability/htdocs/maa.htm
Active Passive Architectures
8/8/2019 DMZ Advanced Architectures
46/75
46
Active-Passive Architectures
Database9iAS
San Francisco
Production
Database9iAS
Austin, TX
Standby
Data &
ConfigurationSynchronization
Completely standalone, self-contained sites
Data and configurations synchronizedconstantly between sites via Oracle
DataGuard and physical standby
References: Note 216212.1
Configuration C.1
8/8/2019 DMZ Advanced Architectures
47/75
g
User
9iAS Node 2
11iDB
HTTP
LBR 1
9iAS Node 1
Production
9iAS Node 4
11i
DB
HTTP
LBR 2
9iAS Node 3
Standby
DNS LBR
Traffic rerouted to
offsite HTTP Layer
LBR in event of
disaster
Traffic rerouted to
offsite HTTP Layer
LBR in event of
disaster
References: Note 217368.1
Supported Architectures
8/8/2019 DMZ Advanced Architectures
48/75
48
Supported Architectures
All standard architectures supported via
failover (e.g. RAC, DMZs, load-balancers,
OracleAS 10g integration)
Failover site architectures may be:
Exact duplicates of production sites Reduced in scale (e.g. fewer web nodes)
Reduced in scope (e.g. support internal employees
but not external users)
Not a Weekend Project
8/8/2019 DMZ Advanced Architectures
49/75
49
Not a Weekend Project
1. Work closely with users, stakeholders,
executive sponsors
2. Prioritize disaster recovery needs carefully
3. Research options, check references
4. Work with platform hardware vendors,experienced consultants and partners
5. Deploy proof-of-concept testbeds
6. Test thoroughly
Architectural Goals
8/8/2019 DMZ Advanced Architectures
50/75
50
Architectural Goals
A. Ensure maximum security
B. Ensure maximum performance & scalabilityC. Ensure business continuity
D. Provide extra services to end-usersE. Integrate with other applications
Optional E-Business Suite Services
8/8/2019 DMZ Advanced Architectures
51/75
51
Optional E-Business Suite Services
Integration with Oracle Portal 10g
Multidimensional OLAP analysis oftransactional data via Oracle Discoverer 10g
Oracle Portal 10g
8/8/2019 DMZ Advanced Architectures
52/75
g
Customise different Portal pages forPublic and Authenticated users Click to Log On to Single Sign-On Directly
Access 11i via custom Portals
8/8/2019 DMZ Advanced Architectures
53/75
53
Access 11i via custom Portals
Oracle Portal 10g E-Business Suite 11i
Access one or more E-Business Suite 11i instances from a
single Oracle Portal instance
Add 11i portlets to custom Portal pages Display data in 11i portlets based on 11i responsibilities
Release 11i Portlets
8/8/2019 DMZ Advanced Architectures
54/75
54
Release 11i Portlets
Applications NavigatorAccess Applications menus based on user responsibilities
Applications FavoritesBookmark specific Applications links for quick access
Applications Worklist
Summary of current workflow notifications Oracle Balanced Scorecard
Display status of strategic and tactical business objectives
Performance Management ViewerDisplay business intelligence key performance indicators in graphical and
tabular format
Access the E-Business Suite from Portal
8/8/2019 DMZ Advanced Architectures
55/75
Selecting any of these links invokes either aForms-based form or the Oracle Applications
Framework
Configuration D.2
8/8/2019 DMZ Advanced Architectures
56/75
56
Firewall
Reverse
Proxy
Single
Sign-On 10g
Firewall
ExternalUsers
Internet
Firewall
Portal
10g
Release 11i
Database
OracleAS 10g
Infrastructure
Database
Oracle
Internet
Directory
Server 10g
Internal
Users
Internal 9iAS 1.0.2
Server
External9iAS 1.0.2
Server
References: Note 233436.1, 261914.1, 305918.1
Configuration D.3Internal
8/8/2019 DMZ Advanced Architectures
57/75
Internal
Users DMZ 3
Shared 11i
Filesystem
RAC 1 RAC 2
Firewall
Reverse
Proxy
DMZ 1
Single
Sign-On
10g
Portal
10g
Firewall
External
Users
Internet
Firewall
OracleAS 10g
Infrastructure
Database
Oracle
Internet
Directory
Server 10g
HTTP LBR2
References: Note 233436.1, 217368.1, 287176.1, 312731.1, 305918.1
HTTP
LBR1
Web
Node 1
Web
Node 3
Web
Node 4
Web
Node 2
DMZ 2
Analyse 11i with Discoverer
8/8/2019 DMZ Advanced Architectures
58/75
58
Analyse 11i with Discoverer
User
Discoverer10g E-Business SuiteEnd-User Layer
Access APPS_MODE End-User Layer via Business Intelligence SystemDiscoverer workbooks secured by Applications responsibilities
Provide powerful end-user reporting via ad hoc queries
Drill-down into data via tabular & graphical analytical tools
Run Discoverer on separate cluster for enhanced scalability, widedeployment
Optional: Integration with Single Sign-On 10g
References: Note 313418.1
Discoverer Integration
8/8/2019 DMZ Advanced Architectures
59/75
59
UserDiscoverer
10gE-Business Suite
End-User Layer
Discoverer 10g End-User Layer resides in 11i database
APPS_MODE option enforces Applications security for all
Discoverer users Easy migration from Discoverer 4i
Installation upgrades a copy of 4i End-User Layer to 10g
Run 4i and 10g side-by-side for User Acceptance Tests
TIP: Run Discoverer 4i and 10g on different physical servers toavoid Visibroker conflicts
References: Note 313418.1
Sample Discoverer Workbook
8/8/2019 DMZ Advanced Architectures
60/75
60
8/8/2019 DMZ Advanced Architectures
61/75
Configuration D.6
8/8/2019 DMZ Advanced Architectures
62/75
62
Firewall
Reverse
Proxy
Firewall
ExternalUsers
Internet
Firewall
Release 11i
Database
OracleAS 10g
Infrastructure
Database
Oracle
Internet
Directory
Server 10g
Internal
Users
Single
Sign-On 10gInternal 9iAS 1.0.2
Server
Discoverer 10gExternal9iAS 1.0.2
Server
References: Note 233436.1, 261914.1, 313418.1
Publish Discoverer Workbooks on Portal
8/8/2019 DMZ Advanced Architectures
63/75
63
Configuration D.7
8/8/2019 DMZ Advanced Architectures
64/75
64
Firewall
Reverse
Proxy
Single
Sign-On 10g
Firewall
ExternalUsers
Internet
Firewall
Release 11i
Database
OracleAS 10gInfrastructure
Database
Oracle
Internet
Directory
Server 10g
Internal
Users
Portal
10gInternal 9iAS 1.0.2
Server
Discoverer10gExternal9iAS 1.0.2
Server
References: Note 233436.1, 261914.1, 305918.1, 313418.1
Configuration D.8Internal
U
8/8/2019 DMZ Advanced Architectures
65/75
Users
Shared 11i
Filesystem
RAC 1 RAC 2
Firewall
External
Users
Internet Reverse
Proxy
HTTP
LBR1
SSO
Node 1
LBR2
Firewall
HTTP LBR4
OracleAS 10g
Infrastructure
Database
Oracle
Internet
Directory
Server 10g
References: Note 233436.1, 217368.1, 287176.1, 312731.1, 305918.1
Web
Node 3
Web
Node 4
Web
Node 1
Web
Node 2
LBR3 LBR5
SSO
Node 2
Portal
Node 1 No
Portal
de 2Disc.
Node 1 No
Disc.
de 2
Architectural Goals
8/8/2019 DMZ Advanced Architectures
66/75
66
A. Ensure maximum security
B. Ensure maximum performance & scalabilityC. Ensure business continuity
D. Provide extra services to end-users
E. Integrate with other applications
Integration With Other Applications
8/8/2019 DMZ Advanced Architectures
67/75
67
The E-Business Suite supports integration with:
1. Other applications via Oracle Integration
2. PeopleSoft, Oracle Collaboration Suite using a
common enterprise OracleAS 10g instance for:
Single Sign-On & Oracle Internet Directory 10g
Portal 10g
3. Other authentication systems & LDAP directoriesvia OracleAS 10g Identity Management
Integrate 11i with
8/8/2019 DMZ Advanced Architectures
68/75
68
Legacy Application Oracle Integration Release 11i
Over 250 adapters for Enterprise Application Integration with
third-party applications J2EE and open standards-based integration, including:
E-Business Suite, third-party applications, database sources
XML, JMS, JCA
Web Services: SOAP, WSDL, UDDI
B2B Protocols: RosettaNet, HIPAA, EDI
Configuration E.1 E-Business
8/8/2019 DMZ Advanced Architectures
69/75
69
DB
PeopleSoft
OracleAS
10g Server
11iDB
9iASServer
OracleAS 10g
Infrastructure
Database
Oracle
Internet
Directory
Server 10g
DBOracleAS
10g Server
CollabSuite
Users
Single
Sign-On
10g
Portal
10g
Configuration E.2 E-Business
8/8/2019 DMZ Advanced Architectures
70/75
70
DBOracleAS
10g Server
CollabSuite
11iDB
9iASServer
DB
PeopleSoft
OracleAS
10g Server
OracleAS 10g
Infrastructure
RAC 1 RAC 2
OID 10g
Node 1
OID 10g
Node 2
LBR3SSO
Node 1LBR1
SSO
Node 2
Users
Portal
Node 1LBR2
Portal
Node 2
8/8/2019 DMZ Advanced Architectures
71/75
Configuration E.3Third-Party Integration: Logical Architecture
8/8/2019 DMZ Advanced Architectures
72/75
72
Release 11iRelease 11i
9iAS 1.0.2.2.29iAS 1.0.2.2.2
FND_USERFND_USER
ApplicationsApplications
11i Database11i Database
ProfileProfile
OID 10gOID 10g
ProfileProfile
OID UserOID User
RepositoryRepository
SingleSingle
SignSign--OnOn
10g10g
ThirdThird--PartyParty
LDAPLDAP
Authenticates
user against
Logs
on toEnd
User
ThirdThird--PartyParty
AccessAccess
ManagerManager
Delegates
SSO to
DirectoryDirectory
IntegrationIntegration
Platform 10g
Portal 10gPortal 10g
Platform 10g
Delegates
SSO to
References: Note 261914.1
If you already have an
Enterprise User Directory
8/8/2019 DMZ Advanced Architectures
73/75
73
Enterprise User Directory
Oracle products integrate with OID directly, so it must beinstalled and populated
OID must be synchronized with external directories viaDirectory Integration & Provisioning Platform:
Microsoft Active Directory
Sun ONE / iPlanet
Any LDAP directory via LDIF files
Any other directory via custom DIP agent
OID must synchronize user info with Release 11i (FND_USER)
Planned for OracleAS 10.1.4 Identity Management:Novell eDirectory, OpenLDAP
Prepackaged OID Connectors
This presentation is for informational purposes only and may not be incorporated into a contract or agreement.
New E-Business Suite
Technology Stack Blog
8/8/2019 DMZ Advanced Architectures
74/75
74
Technology Stack Blog
http://blogs.oracle.com/schan
Certification and desupport announcements
Discussions about architectures, advanced configurations
Early Adopter Programs and Statements of Direction
Other E-Business Suite technology stack topics, presentations
Supports RSS feedreaders
Cut through the noise -- get the news directly from Development
8/8/2019 DMZ Advanced Architectures
75/75