DMZ setup on Oracle EBS R12

DMZ setup on Oracle EBS R12:

======================================

                                                                                  External Server Setup

Environment Name:  CRP3

Machine:  Database/Conc/Admin Node: minez Internal web/Form Node: minej External Web Node: mine8

Pre-Clone Steps on Internal Server

q Run adpreclone.pl on MINEJand MINEZ with applcrp3 and oracrp3 users.

As oracrp3 user:

cd $ORACLE_HOME/appsutil/scripts/CRP3_MINEZ

perl adpreclone.pl dbTier

As applcrp3 user:

cd $ADMIN_SCRIPTS_HOME

perl adpreclone.pl appsTier

q   Take a backup of /d21/applcrp/CRP3 folder on MINEJ

q   Restore the Backup into MINE8 server under /d21 mount point.

q   Setup Host File:

Put the following entries in the Hosts File (/etc/hosts)

10.218.17.36            minez.sonapglobal.com minez

10.221.15.167           minej.bn.sonap.net minej.bn

q   Change the owner Ship of /d21/oracrp3 folder and the file under it to applcrp3

cd /d21

chown –R oracrp3:dba oracrp3

Creating External Web Tier

Note:          Your steps should be more specific than the examples shown.

q   Create XML file for External Server:

su – applcrp3

cd /d21/applcrp3/CRP3/apps/apps_st/comn/clone/bin

perl adclonectx.pl contextfile=/d21/applcrp3/CRP3/inst/apps/CRP3_minej/appl/admin/CRP3_minej.xml

Enter the APPS password: sonapcrp3

Target System Hostname (virtual or normal) [mine8]:

Do you want the inputs to be validated (y/n) [n]? :

Target System Database SID: CRP3

Target System Database Server Node [mine8]: minez

Target System Base Directory: /d21/oracrp3/CRP3

Target System Forms ORACLE_HOME Directory [/d21/oracrp3/CRP3/apps/tech_st/10.1.2]:

Target System Web ORACLE_HOME Directory [/d21/oracrp3/CRP3/apps/tech_st/10.1.3]:

Target System APPL_TOP Mountpoint [/d21/oracrp3/CRP3/apps/apps_st/appl]:

Target System COMMON_TOP Directory [/d21/oracrp3/CRP3/apps/apps_st/comn]:

Target System Instance Home Directory [/d21/oracrp3/CRP3/inst]:

Username for the Applications File System Owner [applcrp3]:

Group for the Applications File System Owner [dba]:

Target System Root Service [enabled]:

Target System Web Entry Point Services [enabled]:

Target System Web Application Services [enabled]:

Target System Batch Processing Services [disabled]:

Target System Other Services [enabled]:

Do you want to preserve the Display [minej:0.0] (y/n)? : n

Target System Display [mine8:0.0]:

Do you want the the target system to have the same port values as the source system (y/n) [y]? : n

Target System Port Pool [0-99]: 1

Choose a value which will be set as APPLPTMP value on the target node [1]: 2

New context path and file name [/d21/oracrp3/CRP3/inst/apps/CRP3_mine8/appl/admin/CRP3_mine8.xml]:

Cross Check if the Context File generated is correct or not, check with following command if the respective components are enabled on MINE8:

grep –i status $CONTEXT_FILE

q   Run adpreclone.pl to add the MINE8 server as a node to CRP3:

su - applcrp3

cd /d21/applcrp3/CRP3/apps/apps_st/comn/clone/bin

perl adcfgclone.pl appsTier /d21/applcrp3/CRP3/inst/apps/CRP3_mine8/appl/admin/CRP3_mine8.xml

Enter the APPS password:

Check the logfile for any error.

q   CONTEXT_FILE configuration:

Modify the following CONTEXT_FILE parameters:

Context File Variable	Existing Value	New Value
s_applcsf	/d21/applcrp3/CRP3/inst/apps/CRP3_mine8/logs/appl/conc	/d21/applcrp3/CRP3/conc
s_appltmp	/d21/applcrp3/CRP3/inst/apps/CRP3_mine8/temp	/crp3_appltmp
s_applptmp	/d21/applcrp3/CRP3/inst/apps/CRP3_mine8/ptemp	/crp3_applptmp
s_formshost	mine8	crp3ext
s_chronosURL	http://mine8.sonapglobal.com:8001/oracle_smp_chronos/oracle_smp_chronos_sdk.gif	http://crp3ext.sonapglobal.com:8001/oracle_smp_chronos/oracle_smp_chronos_sdk.gif
s_external_url	http://mine8.sonapglobal.com:8001	http://crp3ext.sonapglobal.com:8001
s_webentryhost	mine8	crp3ext
s_login_page	http://mine8.sonapglobal.com:8001/OA_HTML/AppsLogin	http://crp3ext.sonapglobal.com:8001/OA_HTML/AppsLogin

q   Run AutoConfig on al l the Nodes.

Configuring MINE8 for DMZ

q   

Run the script txkChangeProfH.sql for the Profile option setup:

# sonapssh minez

$ su – applcrp3

$ sqlplus appUpdate Hierarchy Types/sonapcrp3 @$FND_TOP/patch/115/sql/txkChangeProfH.sql SERVRESP

Run AutoConfig on all nodes.

q   Update Node Trust Level

To change the value of the Node Trust Level profile option value to External for a particular node, perform the following steps:

1.       Login to Oracle E-Bsonapness Suite as sysadmin user sonapng the internal URL

2.       Select the System Administrator Responsibility

3.       Select Profile / System

4.       From the 'Find system profile option Values' window, select the server and get the valie MINE8 into it.

5.       Query for %NODE%TRUST%. You will see a profile option named 'Node Trust Level'. The value for this profile option at the site level will be Normal. Leave this setting unchanged.

6.       Set the value of this profile option to External at the server level. The site level value should remain set to Normal

q   Update List of Responsibility

To change the value of the Responsibility Trust Level profile option at the responsibility level for a particular responsibility, perform the following steps:

7.       Login to Oracle E-Bsonapness Suite as sysadmin user sonapng the internal URL

8.       Select System Administrator Responsibility

9.       Select Profile / System

10.    From the 'Find system profile option Values' window, select the responsibility that you want to make available to users logging in via the external web tier

11.    Query for %RESP%TRUST%. You will see a profile option named 'Responsibility trust level'. The value for this profile option at site level will be Normal.  Leave this setting unchanged.

12.    Set the value of this profile option for the chosen responsibility to External at the responsibility level. The site-level value should remain Normal.

13.    Repeat for all responsibilities that you want to make available from the external web tier.

List of Responsibilities which can be enabled on External Server is as followed:

Product Name	Externally Accessible Responsibilites	Additional Profile Options
iSupplier	POS Supplier Guest User Plan to Pay Supplier View Plan, Source, Pay Supplier View Source to Pay Supplier View Supplier Profile Manager Procure to Pay Supplier View	POS: External URL POS: Internal URL
Oracle Sourcing	Sourcing Supplier	PON: External Applications Framework Agent PON: External login URL
Oracle iProcurement	Self Registered Employee Default Responsibility Self Registered New User Default Responsibility

q   Enable Oracle E-Business Suite Application Server Security

1.       Set the value of Application Server Security Authentication (s_appserverid_authentication) to SECURE, in the CONTEXT_FILE on all the nodes.

2.       Run AutoConfig on each Applications middle tier to complete the configuration.

3.       After AutoConfig completes successfully, restart Oracle HTTP Server and OC4J processe

q   Increase JVM Size

Change the following JVM parameter in the CONTEXT_FILE as mentioned in the below table:

Note: Take a backup of Context File before Changing.

Variable	Exisiting Value	New Value
s_oacore_jvm_start_options	-server -verbose:gc -Xmx512M -Xms128M -XX:MaxPermSize=160M	-server -verbose:gc –Xmx1024M –Xms521M -XX:MaxPermSize=256M

q   Run Autoconfig

Run AutoConfig from ADMIN_SCRIPTS_HOME sonapng adautocfg.sh.

Enable SSL Login

Note:Include a subset of test steps that will confirm that the customization has been installed properly.

Reference

• Metalink Document: “Oracle E-Bsonapness Suite R12 Configuration in a DMZ” Document ID: 380490.1