DMZ setup on Oracle EBS R12

DMZ setup on Oracle EBS R12:

======================================


Environment Name: 
CRP3
Machine: 
Database/Conc/Admin Node: minez
Internal web/Form Node: minej
External Web Node: mine8

Pre-Clone Steps on Internal Server

As oracrp3 user:
cd $ORACLE_HOME/appsutil/scripts/CRP3_MINEZ
perl adpreclone.pl dbTier
As applcrp3 user:
cd $ADMIN_SCRIPTS_HOME
perl adpreclone.pl appsTier
Put the following entries in the Hosts File (/etc/hosts)
10.218.17.36            minez.sonapglobal.com minez
10.221.15.167           minej.bn.sonap.net minej.bn
cd /d21
chown –R oracrp3:dba oracrp3

Creating External Web Tier

Note:          Your steps should be more specific than the examples shown.
su – applcrp3
cd /d21/applcrp3/CRP3/apps/apps_st/comn/clone/bin
perl adclonectx.pl contextfile=/d21/applcrp3/CRP3/inst/apps/CRP3_minej/appl/admin/CRP3_minej.xml

Enter the APPS password: sonapcrp3
Target System Hostname (virtual or normal) [mine8]:
Do you want the inputs to be validated (y/n) [n]? :
Target System Database SID: CRP3
Target System Database Server Node [mine8]: minez
Target System Base Directory: /d21/oracrp3/CRP3
Target System Forms ORACLE_HOME Directory [/d21/oracrp3/CRP3/apps/tech_st/10.1.2]:
Target System Web ORACLE_HOME Directory [/d21/oracrp3/CRP3/apps/tech_st/10.1.3]:
Target System APPL_TOP Mountpoint [/d21/oracrp3/CRP3/apps/apps_st/appl]:
Target System COMMON_TOP Directory [/d21/oracrp3/CRP3/apps/apps_st/comn]:
Target System Instance Home Directory [/d21/oracrp3/CRP3/inst]:
Username for the Applications File System Owner [applcrp3]:
Group for the Applications File System Owner [dba]:
Target System Root Service [enabled]:
Target System Web Entry Point Services [enabled]:
Target System Web Application Services [enabled]:
Target System Batch Processing Services [disabled]:
Target System Other Services [enabled]:
Do you want to preserve the Display [minej:0.0] (y/n)? : n
Target System Display [mine8:0.0]:
Do you want the the target system to have the same port values as the source system (y/n) [y]? : n
Target System Port Pool [0-99]: 1
Choose a value which will be set as APPLPTMP value on the target node [1]: 2
New context path and file name [/d21/oracrp3/CRP3/inst/apps/CRP3_mine8/appl/admin/CRP3_mine8.xml]:
Cross Check if the Context File generated is correct or not, check with following command if the respective components are enabled on MINE8:
grep –i status $CONTEXT_FILE
su - applcrp3
cd /d21/applcrp3/CRP3/apps/apps_st/comn/clone/bin
perl adcfgclone.pl appsTier /d21/applcrp3/CRP3/inst/apps/CRP3_mine8/appl/admin/CRP3_mine8.xml
Enter the APPS password:
Check the logfile for any error.
Modify the following CONTEXT_FILE parameters:
Context File Variable
Existing Value
New Value
s_applcsf
/d21/applcrp3/CRP3/inst/apps/CRP3_mine8/logs/appl/conc
/d21/applcrp3/CRP3/conc
s_appltmp
/d21/applcrp3/CRP3/inst/apps/CRP3_mine8/temp
/crp3_appltmp
s_applptmp
/d21/applcrp3/CRP3/inst/apps/CRP3_mine8/ptemp
/crp3_applptmp
s_formshost
mine8
crp3ext
s_chronosURL
http://mine8.sonapglobal.com:8001/oracle_smp_chronos/oracle_smp_chronos_sdk.gif
http://crp3ext.sonapglobal.com:8001/oracle_smp_chronos/oracle_smp_chronos_sdk.gif
s_external_url
http://mine8.sonapglobal.com:8001
http://crp3ext.sonapglobal.com:8001
s_webentryhost
mine8
crp3ext
s_login_page
http://mine8.sonapglobal.com:8001/OA_HTML/AppsLogin
http://crp3ext.sonapglobal.com:8001/OA_HTML/AppsLogin



Configuring MINE8 for DMZ

Run the script txkChangeProfH.sql for the Profile option setup:
# sonapssh minez
$ su – applcrp3
$ sqlplus appUpdate Hierarchy Types/sonapcrp3 @$FND_TOP/patch/115/sql/txkChangeProfH.sql SERVRESP
Run AutoConfig on all nodes.
To change the value of the Node Trust Level profile option value to External for a particular node, perform the following steps:
1.       Login to Oracle E-Bsonapness Suite as sysadmin user sonapng the internal URL
2.       Select the System Administrator Responsibility
3.       Select Profile / System
4.       From the 'Find system profile option Values' window, select the server and get the valie MINE8 into it.
5.       Query for %NODE%TRUST%. You will see a profile option named 'Node Trust Level'. The value for this profile option at the site level will be Normal. Leave this setting unchanged.
6.       Set the value of this profile option to External at the server level. The site level value should remain set to Normal
To change the value of the Responsibility Trust Level profile option at the responsibility level for a particular responsibility, perform the following steps:
7.       Login to Oracle E-Bsonapness Suite as sysadmin user sonapng the internal URL
8.       Select System Administrator Responsibility
9.       Select Profile / System
10.    From the 'Find system profile option Values' window, select the responsibility that you want to make available to users logging in via the external web tier
11.    Query for %RESP%TRUST%. You will see a profile option named 'Responsibility trust level'. The value for this profile option at site level will be Normal.  Leave this setting unchanged.
12.    Set the value of this profile option for the chosen responsibility to External at the responsibility level. The site-level value should remain Normal.
13.    Repeat for all responsibilities that you want to make available from the external web tier.

List of Responsibilities which can be enabled on External Server is as followed:

Product Name
Externally Accessible Responsibilites
Additional Profile Options
iSupplier

POS Supplier Guest User
Plan to Pay Supplier View
Plan, Source, Pay Supplier View
Source to Pay Supplier View
Supplier Profile Manager
Procure to Pay Supplier View
POS: External URL
POS: Internal URL
Oracle Sourcing
Sourcing Supplier
PON: External Applications Framework Agent
PON: External login URL
Oracle iProcurement
Self Registered Employee Default Responsibility
Self Registered New User Default Responsibility 


1.       Set the value of Application Server Security Authentication (s_appserverid_authentication) to SECURE, in the CONTEXT_FILE on all the nodes.
2.       Run AutoConfig on each Applications middle tier to complete the configuration.
3.       After AutoConfig completes successfully, restart Oracle HTTP Server and OC4J processe
Change the following JVM parameter in the CONTEXT_FILE as mentioned in the below table:
Note: Take a backup of Context File before Changing.

Variable
Exisiting Value
New Value
s_oacore_jvm_start_options
-server -verbose:gc -Xmx512M -Xms128M -XX:MaxPermSize=160M
-server -verbose:gc –Xmx1024M –Xms521M -XX:MaxPermSize=256M

Run AutoConfig from ADMIN_SCRIPTS_HOME sonapng adautocfg.sh.

Enable SSL Login

Note:Include a subset of test steps that will confirm that the customization has been installed properly.
  • Metalink Document: “Oracle E-Bsonapness Suite R12 Configuration in a DMZ” Document ID: 380490.1

No comments: