Re: DMZ -i modules - using Reverse Proxy
- From: Naveen Patil <naveenspatil@xxxxxxxxxxx>
- To: ora-apps-dba@xxxxxxxxxxxxx
- Date: Sat, 12 Sep 2009 06:46:02 -0700 (PDT)
Hi friends,
We had to switch out of this Architecture since it doesn't give appropriate
security.
Planning on External Web Tier.
Here i would get a server which would not have the same OS as the current one.
Can somebody detail on how can this be done?
Will we need to clone the present Apps to the new box or rebuild the whole
application?
Any metalink note on cloning or detailed steps of DMZ with external web node.
Regards,
N P
________________________________
From: Naveen Patil <naveenspatil@xxxxxxxxxxx>
To: ora-apps-dba@xxxxxxxxxxxxx
Sent: Monday, August 31, 2009 4:25:35 PM
Subject: Re: DMZ -i modules - using Reverse Proxy
Hi DBAs,
Trying hard to get this setup done , will update you shortly.
Regards,
N P
________________________________
From: Luis Freitas <lfreitas34@xxxxxxxxx>
To: ora-apps-dba@xxxxxxxxxxxxx
Sent: Thursday, August 20, 2009 5:24:21 PM
Subject: Re: DMZ -i modules - using Reverse Proxy
Navel,
I have a setup similar to this, except that we have two separate servers for
the internal and external middle tier.
If you send more information about the problem we can try to help.
Do you have any error messages on the browser? What about Apache error_log,
Jserv mod_jserv.log, OACoreGroup.0.stderr and OACoreGroup.0.stdout?
Regards,
Luis Freitas
--- On Tue, 8/18/09, Naveen Patil <naveenspatil@xxxxxxxxxxx> wrote:
> From: Naveen Patil <naveenspatil@xxxxxxxxxxx>
> Subject: DMZ -i modules - using Reverse Proxy
> To: ora-apps-dba@xxxxxxxxxxxxx
> Date: Tuesday, August 18, 2009, 3:27 PM
> Hi All,
>
> I am looking for the steps to setup DMZ setup for R12 using
> reverse proxy.
>
> My requirement is I cannot afford for another box for DMZ
> so want to do a reverse proxy and release the imodule to
> internet.
> What i get from Metalink is we can do the setup:
>
> But the external site doesnt work even when in intranet.
> after setting the below.
>
>
>
>
>
>
> Option
> 2.4: Using Reverse Proxy
> with no External Web Tier
>
> This configuration requires a
> distinct Oracle HTTP
> Server/OC4J instance configured per Web Entry Point. You
> can not share the
> configuration of one web entry point with another. For
> example, you can not
> share Oracle HTTP Server configured for
> internal.us.oracle.com with
> external.us.oracle.com . There has to be two Oracle HTTP
> Server/oc4j running
> for each of the Web Entry Points
>
> The architecture diagram shown in the
> figure below
> represents a reverse proxy server configured to forward
> external client
> requests to an Oracle HTTP listener running on an intranet
> application middle
> tier server. In this configuration, internal and external
> users use different
> http listeners and oc4j processes to access Oracle
> E-Business Suite.
>
>
>
>
>
>
> Configuration Details for Using reverse proxy with No
> External Web Tier
>
>
>
>
>
>
>
>
>
>
> $ perl
> $COMMON_TOP/clone/bin/adclonectx.pl \
>
> contextfile=<location of the context file including
> the file name of the
> internal midtier> \
>
> outfile=<enter name of the context file to be created
> including its
> location>
>
>
>
> For example:
> Internal Server Name 1:
> internal1.company.com
> External Server Name 1:
> external1.company.com
> Context file for Internal Entry
> Point on Internal Server
> 1 including its location:
> /d1/applmgr/visappl/admin/VIS_internal1.xml
>
>
> Context file to be created for
> External Entry Point on
> Internal Server 1 including its location:
> /d1/applmgr/visappl/admin/VIS_external1.xml
> The script will prompt for various
> inputs from the user
> as shown in the table below. please note that the default
> prompt values are
> provided for reference purpose only and may not reflect
> the actual values in
> your environment.
>
>
>
> Prompt
>
>
> Required Value
>
>
>
> Comments
>
>
>
>
>
> Enter the Apps
> password
>
>
> <apps schema
> password>
>
>
>
>
>
>
>
> Target System
> Hostname (virtual or
> normal) [ap681wgs]:
>
>
> ap681wgs
>
>
> Enter
> the physical hostname.
> Not the virtual hostname
>
>
>
>
> Do you want the
> inputs to be validated
> (y/n) [n] ?:
>
>
> Y
>
>
>
>
>
>
>
> Target system
> database SID [ VIS ]
>
>
> VIS
>
>
> Enter the
> target database SID
>
>
>
>
> Target System
> Database Server Node
> [ap681wgs]
>
>
> ap681wgs
>
>
> Enter the
> hostname where the new
> database instance is running
>
>
>
>
> Target System
> Base directory
>
>
> /d1/home/user9/R12/apps
>
>
> Enter the base
> directory of APPS
> install
>
>
>
>
> Target System
> Instance Home Directory
> [/d1/home/user9/R12/inst]:
>
>
> /d1/home/user9/R12/inst
>
>
>
>
>
>
>
> Username for
> the applications file
> system owner [applmgr]
>
>
> applmgr
>
>
>
>
>
>
>
> Group for the
> applications file system
> owner [dba]:
>
>
> dba
>
>
>
>
>
>
>
> Target System
> Root Service [enabled] :
>
>
> enabled
>
>
> Must be enabled
> if configuring 'Web
> Entry Point Services' or 'Web Application
> Services'.
>
>
>
>
> Target System
> Web Entry Point Services
> [enabled] :
>
>
> enabled
>
>
> Must be enabled
> if configuring 'Web Entry
> Point Services'
>
>
>
>
> Target System
> Web Application Services
> [enabled]:
>
>
> enabled
>
>
> Must be enabled
> if configuring 'Web
> Entry Point Services'.
>
>
>
>
> Target System
> Batch Processing Services
> [enabled] :
>
>
> enabled
>
>
> Must be enabled
> if configuring 'Batch
> Processing Services'.
>
>
>
>
> Target System
> Other Services [disabled]
> :
>
>
> enabled
>
>
> Must be enabled
> if configuring 'Other
> Service Group'.
>
>
>
>
> Do you want to
> preserve the Display set
> to internal:0.0 (y/n) [y] ?:
>
>
> Y
>
>
>
>
>
>
>
> Do you want to
> preserve the port values
> from the source system on the target system (y/n) [y]
> ?
>
>
> Y
>
>
> It is possible
> that adclone utiity will
> report an error and prompt you to choose an alternative
> port pool if the
> services for the internal instance is running. To
> prevent this from
> happening, shutdown the application tier services when
> you run this
> utility.
>
>
>
>
>
> After you provide all the required
> inputs, the clonectx
> utility will proceed and create the new context file for
> the external entry
> point at the location specified in the command
>
>
>
>
>
>
>
> 5.9.2: Verify
> and Update the New
> Context Files Created for the External Entry
> Point
>
> is
>
>
>
>
> AutoConfig
> Variable
>
>
> Required
> Value
>
>
> Comments
>
>
>
>
>
> s_isWeb
>
>
> YES
>
>
> Make
> sure s_isWeb is set to YES.
> This is the default setting for all node types
>
>
>
>
>
> s_isWebDev
>
>
> YES
>
>
> Make sure
> s_isWebDev is set to YES.
>
>
>
>
> This is the default setting for all node types
>
>
>
>
>
> s_http_listen_parameter
>
>
> New Port for
> the< HTTP Listener>
>
>
> Pick a port that
> is not used by any other
> service
>
>
>
>
> s_https_listen_parameter
>
>
> New Port for
> the< HTTPS Listener>
>
>
> Pick a port that
> is not used by any other
> service
>
>
>
>
> s_webentryurlprotocol
>
>
> Set the value to
> the < web entry
> protocol>
>
>
> For example,
> value will be either http or
> https
>
>
>
>
> s_webentryhost
>
>
> Set the value to
> the <webentry point
> hostname>
>
>
>
>
>
>
>
>
> s_webentrydomain
>
>
> Set the value to
> the <webentry point
> hostname>
>
>
>
>
>
>
>
>
> s_active_webport
>
>
> Set the value to
> the <web entry
> listener port>
>
>
>
>
>
>
>
>
> s_login_page
>
>
> Set the value to
>
> <s_webentryurlprotocol>://<s_webentryhost>.<s_webentrydomain>:<s_active_webport>/OA_HTML/AppsLogin
>
>
>
>
>
>
>
>
>
> s_hostname
>
>
> Set the value of
> this variable to the
> hostname of the reverse proxy server
>
>
>
>
>
>
>
>
> s_server_ip_address
>
>
> Set the value of
> this variable to the IP
> address of the external facing network
> interface
>
>
>
>
>
>
>
>
> 5.9.3:
> Run AutoConfig and Restart
> Oracle Applications
> Processes
>
> Run
> AutoConfig on each Applications middle tier to
> complete the configuration.
> Please refer to the Oracle MetaLink Note 387859.1
> "Using AutoConfig to Manage System Configurations
> with Oracle
> Applications R12 " for more information on
> AutoConfig.After
> AutoConfig completes successfully, restart Oracle
> Applications server
> processes.
>
>
>
>
> Regards,
> N P
>
>
>
>
>
>
>
>
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Other related posts:
