Anda di halaman 1dari 5


Oracle E-Business Suite Release 12 Configuration in a DMZ

Below are definitions of some of the terms that are used in this document:
Firewalls control access between the internet and a corporation's internal network or intranet. Firewalls
define which internet communications will be permitted into the corporate network, and which will be
blocked. A well-designed firewall can foil many common internet-based security attacks.
The DMZ, which stands for DeMilitarized Zone consists of the portions of a corporate network that are
between the corporate intranet and the Internet. The DMZ can be a simple one segment LAN or it can be
broken down into multiple regions as shown in Figure F2. The main benefit of a properly-configured DMZ
is better security: in the event of a security breach, only the area contained within the DMZ is exposed to
potential damage, while the corporate intranet remains somewhat protected.
Load Balancer
Load balancers distribute an application's load over many identically configured servers. This distribution
ensures consistent application availability even when one or more servers fail.
A service is a functional set of Oracle E-Business Suite application processes running on one or more
A node is referred to as a server that runs a set of E-Business Suite R12 application processes or
database processes. In a single node installation of Oracle E-Business Suite, all the application
processes including the database processes run on one node whereas in a multi node installation, the
processes run on multiple nodes.
Internal Applications Middle Tier
The internal applications middle tier is the server configured for internal users to access Oracle EBusiness Suite. It runs the following major application services:

Web and Forms Services

Administration and Concurrent Manager Services

Reports and Discoverer Services

External Applications Web Tier

The external applications web tier is the server configured for external users for accessing Oracle EBusiness Suite. It runs the following application service:

Web server
URL Firewall
URL Firewall contains a white list of URLs, for the externally exposed E-Business Suite Modules, that
may be accessed from the Internet. You can find more information on URL Firewall and how to configure
it in appendix E. Configuring the URL Firewall of this document. (Oracle E-Business Suite R12
Configuration in a DMZ [ID 380490.1])
Points to be noted for the Network configuration as per Oracles recommendations are as

1. Ensure that network firewalls are configured correctly

2. Ensure that the network firewall rules have been defined correctly and are permitting authorized E-Business
Suite traffic between all network segments:
3. Verify that access between intranet-based desktop clients and the internal Application web tier is permitted
and working

4. Verify that access between the internal Application web tier and the Applications database server is
permitted and working
5. Communication between Internet-based desktop clients and the external web tier servers must be permitted
and working.
6. Verify that access between the Applications external web tier servers to the Applications database server is
permitted and working.



Server details for the PROD configuration is as listed in the following table:


Name Domain Server Type Remarks

Database Node 01 1 DB node in the RAC environment
Database Node 02 2 DB node in the RAC environment
Appl Node 01 1 APPL node with HW load balancer
Appl Node 02 2 APPL node with HW load balancer
IRecruitement Node Only 01 server in the external domain
HW load balancer HW load balancer for Application load balancer.




The iRecruitment server is hosted on This server is hosted in the DMZ and
this will have only the Web services configured for the Irecruitment access for the external
candidates and visitors.
Deployment Architecture:

The deployment architecture of the external web server being used for the iRecruitment server
is illustrated in the above figure.
As is evident the External web server CAREERS is behind the firewall in DMZ. Any external access coming
through internet first pass through the Oracle govt. firewall and then reach to the CAREERS server. The
CAREERS server in turn connects to the enterprise database using the JDBC connectivity. The services to the
external server are restricted with the iRec external candidate responsibility and features.

IREC external Web Server configuration Details:

All the steps for the configuration of the iREC server in the external domain are listed
in the following table. Please refer Oracle Metalink note ID 380490.1 for complete
Run maintain snapshot 1. Login as user applprod in erpapp01 server and set the application environment
Information in the
2. Run ADADMIN and Update the current View Snapshot
PROD system
NOTE This is the recommended step.
Run adpreclone
On application
Tier (ERPAPP01)

copy the source

application tier to
target application tier.
Create OS user name
on Target node
For application
file and copy the
filesystem to

1. Login to the Application Server (ERPAPP01) as user applprod, set the

application environment and shudown the application services as under:
$ cd $INST_TOP/admin/scripts
Wait for 15 minutes and check that all the services are closed.
2. Run the PRECLONE script at the Application Tier
$cd $INST_TOP/ admin/scripts
$perl appsTier.
1. Copy the application top file system (Complete) to target node CAREERS using SCP

Create the same os user name for (application) on target node like source node. For an
example applprod: dba
1. Create a mount point like /u01/oracle/PROD and copy 02 foldersapps and inst from
the SOURCE (ERPAPP01) to CAREERS. Change the ownership of /u01/oracle
to applprod: dba as user root on CAREERS server as under:

server CAREERS

# cd /
# chown R applprod:dba u01.
Run CLONE steps on 1. Login as user applprod and remove the environment file from .bash_profile if
target node CAREERS exist and then again relogin to ensure that the environment of previous one is
2. Go to the following path and run the
$ cd $COMMON_TOP/ clone/ bin
$ perl appsTier
Following are the values which are to be passed specifically while cloning rest other
values as per normal CLONE process:
enable Root Service Group [enabled] [enabled]: enabled
enable Web Entry Point Services [enabled] [enabled] enabled
enable Web Application Services [enabled] [enabled]: enabled
enable Batch Processing Services [enabled] [disabled]:disabled
Other Service Group [disabled] [disabled]: disabled
Add the new
1. Before adding the new nodes please check if the CAREERS server is already
added. Please login to SQLPLUS as user apps and run the following commands:
SQL> select node_name, status, server_address from fnd_nodes;
SQL> select NAME, PATH from fnd_appl_tops;
SQL> select NAME, ACTIVE_FLAG, DESCRIPTION from ad_appl_tops
where name='careers';
2. If the entry for the server CAREERS exists then no need to perform this step. If
not then please follow the commands as under from CAREERS server as user
$ cd $COMMON_TOP/ clone/ bin
$ perl
Change the
1. Login to the Application Server ERPAPP01 as under applprod, set the
application environment and run the following command
sqlplus apps/apps @$FND_TOP/patch/115/sql/txkChangeProfH.sql SERVRESP
type for the
2. Run the AUTOCONFIG after this to ensure that this change is affected.
list of profile
$cd $INST_TOP/ admin/scripts
Provide the password for user APPS when prompted.

Update NODE_TRUST_LEVEL profile value for the SERVER and Responsibility Trust Level for
iRecruitment External Candidate as shown below
System Administrator> Profile> System> Responsibility to make the below updates:

Only iRecruitment External Candidate is the responsibility which will be accessed through External web