Hi friends,
We had to switch out of this Architecture since it doesn't give
appropriate security.
Planning on External Web Tier.
Here i would get a server which would not have the same OS as the
current one.
Can somebody detail on how can this be done?
Will we need to clone the present Apps to the new box or rebuild
the whole application?
Any metalink note on cloning or detailed steps of DMZ with external
web node.
Regards,
N P
________________________________
From: Naveen Patil <naveenspatil@xxxxxxxxxxx>
To: ora-apps-dba@xxxxxxxxxxxxx
Sent: Monday, August 31, 2009 4:25:35 PM
Subject: Re: DMZ -i modules - using Reverse Proxy
Hi DBAs,
Trying hard to get this setup done , will update you shortly.
Regards,
N P
________________________________
From: Luis Freitas <lfreitas34@xxxxxxxxx>
To: ora-apps-dba@xxxxxxxxxxxxx
Sent: Thursday, August 20, 2009 5:24:21 PM
Subject: Re: DMZ -i modules - using Reverse Proxy
Navel,
I have a setup similar to this, except that we have two separate
servers for the internal and external middle tier.
If you send more information about the problem we can try to help.
Do you have any error messages on the browser? What about Apache
error_log, Jserv mod_jserv.log, OACoreGroup.0.stderr and
OACoreGroup.0.stdout?
Regards,
Luis Freitas
--- On Tue, 8/18/09, Naveen Patil <naveenspatil@xxxxxxxxxxx> wrote:
From: Naveen Patil <naveenspatil@xxxxxxxxxxx>
Subject: DMZ -i modules - using Reverse Proxy
To: ora-apps-dba@xxxxxxxxxxxxx
Date: Tuesday, August 18, 2009, 3:27 PM
Hi All,
I am looking for the steps to setup DMZ setup for R12 using
reverse proxy.
My requirement is I cannot afford for another box for DMZ
so want to do a reverse proxy and release the imodule to
internet.
What i get from Metalink is we can do the setup:
But the external site doesnt work even when in intranet.
after setting the below.
Option
2.4: Using Reverse Proxy
with no External Web Tier
This configuration requires a
distinct Oracle HTTP
Server/OC4J instance configured per Web Entry Point. You
can not share the
configuration of one web entry point with another. For
example, you can not
share Oracle HTTP Server configured for
internal.us.oracle.com with
external.us.oracle.com . There has to be two Oracle HTTP
Server/oc4j running
for each of the Web Entry Points
The architecture diagram shown in the
figure below
represents a reverse proxy server configured to forward
external client
requests to an Oracle HTTP listener running on an intranet
application middle
tier server. In this configuration, internal and external
users use different
http listeners and oc4j processes to access Oracle
E-Business Suite.
Configuration Details for Using reverse proxy with No
External Web Tier
$ perl
$COMMON_TOP/clone/bin/adclonectx.pl \
contextfile=<location of the context file including
the file name of the
internal midtier> \
outfile=<enter name of the context file to be created
including its
location>
For example:
Internal Server Name 1:
internal1.company.com
External Server Name 1:
external1.company.com
Context file for Internal Entry
Point on Internal Server
1 including its location:
/d1/applmgr/visappl/admin/VIS_internal1.xml
Context file to be created for
External Entry Point on
Internal Server 1 including its location:
/d1/applmgr/visappl/admin/VIS_external1.xml
The script will prompt for various
inputs from the user
as shown in the table below. please note that the default
prompt values are
provided for reference purpose only and may not reflect
the actual values in
your environment.
Prompt
Required Value
Comments
Enter the Apps
password
<apps schema
password>
Target System
Hostname (virtual or
normal) [ap681wgs]:
ap681wgs
Enter
the physical hostname.
Not the virtual hostname
Do you want the
inputs to be validated
(y/n) [n] ?:
Y
Target system
database SID [ VIS ]
VIS
Enter the
target database SID
Target System
Database Server Node
[ap681wgs]
ap681wgs
Enter the
hostname where the new
database instance is running
Target System
Base directory
/d1/home/user9/R12/apps
Enter the base
directory of APPS
install
Target System
Instance Home Directory
[/d1/home/user9/R12/inst]:
/d1/home/user9/R12/inst
Username for
the applications file
system owner [applmgr]
applmgr
Group for the
applications file system
owner [dba]:
dba
Target System
Root Service [enabled] :
enabled
Must be enabled
if configuring 'Web
Entry Point Services' or 'Web Application
Services'.
Target System
Web Entry Point Services
[enabled] :
enabled
Must be enabled
if configuring 'Web Entry
Point Services'
Target System
Web Application Services
[enabled]:
enabled
Must be enabled
if configuring 'Web
Entry Point Services'.
Target System
Batch Processing Services
[enabled] :
enabled
Must be enabled
if configuring 'Batch
Processing Services'.
Target System
Other Services [disabled]
:
enabled
Must be enabled
if configuring 'Other
Service Group'.
Do you want to
preserve the Display set
to internal:0.0 (y/n) [y] ?:
Y
Do you want to
preserve the port values
from the source system on the target system (y/n) [y]
?
Y
It is possible
that adclone utiity will
report an error and prompt you to choose an alternative
port pool if the
services for the internal instance is running. To
prevent this from
happening, shutdown the application tier services when
you run this
utility.
After you provide all the required
inputs, the clonectx
utility will proceed and create the new context file for
the external entry
point at the location specified in the command
5.9.2: Verify
and Update the New
Context Files Created for the External Entry
Point
is
AutoConfig
Variable
Required
Value
Comments
s_isWeb
YES
Make
sure s_isWeb is set to YES.
This is the default setting for all node types
s_isWebDev
YES
Make sure
s_isWebDev is set to YES.
This is the default setting for all node types
s_http_listen_parameter
New Port for
the< HTTP Listener>
Pick a port that
is not used by any other
service
s_https_listen_parameter
New Port for
the< HTTPS Listener>
Pick a port that
is not used by any other
service
s_webentryurlprotocol
Set the value to
the < web entry
protocol>
For example,
value will be either http or
https
s_webentryhost
Set the value to
the <webentry point
hostname>
s_webentrydomain
Set the value to
the <webentry point
hostname>
s_active_webport
Set the value to
the <web entry
listener port>
s_login_page
Set the value to
<s_webentryurlprotocol>://<s_webentryhost>.<s_webentrydomain>:<s_active_webport>/OA_HTML/AppsLogin
s_hostname
Set the value of
this variable to the
hostname of the reverse proxy server
s_server_ip_address
Set the value of
this variable to the IP
address of the external facing network
interface
5.9.3:
Run AutoConfig and Restart
Oracle Applications
Processes
Run
AutoConfig on each Applications middle tier to
complete the configuration.
Please refer to the Oracle MetaLink Note 387859.1
"Using AutoConfig to Manage System Configurations
with Oracle
Applications R12 " for more information on
AutoConfig.After
AutoConfig completes successfully, restart Oracle
Applications server
processes.
Regards,
N P
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
