RECRUITMENT SERVER CONFIGURATION
Oracle E-Business Suite Release 12 Configuration in a DMZ
Below are definitions of some of the terms that are used in this document:
Firewalls control access between the internet and a corporation's internal network or intranet. Firewalls define which internet communications will be permitted into the corporate network, and which will be blocked. A well-designed firewall can foil many common internet-based security attacks.
The DMZ, which stands for DeMilitarized Zone consists of the portions of a corporate network that are between the corporate intranet and the Internet. The DMZ can be a simple one segment LAN or it can be broken down into multiple regions as shown in Figure F2. The main benefit of a properly-configured DMZ is better security: in the event of a security breach, only the area contained within the DMZ is exposed to potential damage, while the corporate intranet remains somewhat protected.
Load balancers distribute an application's load over many identically configured servers. This distribution ensures consistent application availability even when one or more servers fail.
A service is a functional set of Oracle E-Business Suite application processes running on one or more nodes.
A node is referred to as a server that runs a set of E-Business Suite R12 application processes or database processes. In a single node installation of Oracle E-Business Suite, all the application processes including the database processes run on one node whereas in a multi node installation, the processes run on multiple nodes.
Internal Applications Middle Tier
The internal applications middle tier is the server configured for internal users to access Oracle E-Business Suite. It runs the following major application services:
- Web and Forms Services
- Administration and Concurrent Manager Services
- Reports and Discoverer Services
External Applications Web Tier
The external applications web tier is the server configured for external users for accessing Oracle E-Business Suite. It runs the following application service:
- Web server
URL Firewall contains a white list of URLs, for the externally exposed E-Business Suite Modules, that may be accessed from the Internet. You can find more information on URL Firewall and how to configure it in appendix E. Configuring the URL Firewall of this document. (Oracle E-Business Suite R12 Configuration in a DMZ [ID 380490.1])
Points to be noted for the Network configuration as per Oracle’s recommendations are as
1. Ensure that network firewalls are configured correctly
2. Ensure that the network firewall rules have been defined correctly and are permitting authorized E-Business Suite traffic between all network segments:
3. Verify that access between intranet-based desktop clients and the internal Application web tier is permitted and working
4. Verify that access between the internal Application web tier and the Applications database server is permitted and working
5. Communication between Internet-based desktop clients and the external web tier servers must be permitted and working.
6. Verify that access between the Applications external web tier servers to the Applications database server is permitted and working.
IRECRUITMENT SERVER CONFIGURATION
- Server details for the PROD configuration is as listed in the following table:
erpPROD oracle.ae HW load balancer HW load balancer for Application load balancer.
The iRecruitment server is hosted on careers.oracle.ae. This server is hosted in the DMZ and
this will have only the Web services configured for the Irecruitment access for the external
candidates and visitors.
The deployment architecture of the external web server being used for the iRecruitment server
is illustrated in the above figure.
As is evident the External web server CAREERS is behind the firewall in DMZ. Any external access coming through internet first pass through the Oracle govt. firewall and then reach to the CAREERS server. The CAREERS server in turn connects to the enterprise database using the JDBC connectivity. The services to the external server are restricted with the iRec external candidate responsibility and features.
IREC external Web Server configuration Details:
All the steps for the configuration of the iREC server in the external domain are listed
in the following table. Please refer Oracle Metalink note ID 380490.1 for complete
Run maintain snapshot Information in the PROD system (ERPAPP01)
1. Login as user applprod in erpapp01 server and set the application environment
2. Run ADADMIN and Update the current View Snapshot
NOTE – This is the recommended step.
1. Login to the Application Server (ERPAPP01) as user applprod, set the
application environment and shudown the application services as under:
$ cd $INST_TOP/admin/scripts
$ adstpall.sh apps/PASSWORD
Wait for 15 minutes and check that all the services are closed.
2. Run the PRECLONE script at the Application Tier
$cd $INST_TOP/ admin/scripts
$perl adpreclone.pl appsTier.
copy the source application tier to target application tier.
1. Copy the application top file system (Complete) to target node CAREERS using SCP
Create OS user name on Target node
file and copy the
Create the same os user name for (application) on target node like source node. For an
example applprod: dba
1. Create a mount point like /u01/oracle/PROD and copy 02 folders apps and inst from
the SOURCE (ERPAPP01) to CAREERS. Change the ownership of /u01/oracle
to applprod: dba as user root on CAREERS server as under:
# cd /
# chown –R applprod:dba u01.
Run CLONE steps on target node CAREERS
1. Login as user applprod and remove the environment file from .bash_profile if
exist and then again relogin to ensure that the environment of previous one is
2. Go to the following path and run the adcfgclone.pl
$ cd $COMMON_TOP/ clone/ bin
$ perl adcfgclone.pl appsTier
Following are the values which are to be passed specifically while cloning rest other values as per normal CLONE process:
enable Root Service Group [enabled] [enabled]: enabled
enable Web Entry Point Services [enabled] [enabled] enabled
enable Web Application Services [enabled] [enabled]: enabled
enable Batch Processing Services [enabled] [disabled]:disabled
Other Service Group [disabled] [disabled]: disabled
Add the new
1. Before adding the new nodes please check if the CAREERS server is already
added. Please login to SQLPLUS as user apps and run the following commands:
SQL> select node_name, status, server_address from fnd_nodes;
SQL> select NAME, PATH from fnd_appl_tops;
SQL> select NAME, ACTIVE_FLAG, DESCRIPTION from ad_appl_tops
2. If the entry for the server CAREERS exists then no need to perform this step. If
not then please follow the commands as under from CAREERS server as user
$ cd $COMMON_TOP/ clone/ bin
$ perl adaddnod.pl
type for the
list of profile
1. Login to the Application Server ERPAPP01 as under applprod, set the
application environment and run the following command
sqlplus apps/apps @$FND_TOP/patch/115/sql/txkChangeProfH.sql SERVRESP
2. Run the AUTOCONFIG after this to ensure that this change is affected.
$cd $INST_TOP/ admin/scripts
Provide the password for user APPS when prompted.
Update NODE_TRUST_LEVEL profile value for the SERVER and Responsibility Trust Level for iRecruitment External Candidate as shown below
System Administrator> Profile> System> Responsibility to make the below updates:
Only iRecruitment External Candidate is the responsibility which will be accessed through External web server
Oracle E-Business Suite R12 Configuration in a DMZ [ID 380490.1]