RECRUITMENT SERVER CONFIGURATION
Oracle E-Business Suite Release 12
Configuration in a DMZ
Terminology
Below are definitions of some of the
terms that are used in this document:
Firewall
Firewalls control access between the
internet and a corporation's internal network or intranet. Firewalls define
which internet communications will be permitted into the corporate network, and
which will be blocked. A well-designed firewall can foil many common
internet-based security attacks.
DMZ
The DMZ, which stands for
DeMilitarized Zone consists of the portions of a corporate network that are
between the corporate intranet and the Internet. The DMZ can be a simple one
segment LAN or it can be broken down into multiple regions as shown in Figure
F2. The main benefit of a properly-configured DMZ is better security: in the
event of a security breach, only the area contained within the DMZ is exposed
to potential damage, while the corporate intranet remains somewhat protected.
Load Balancer
Load balancers distribute an
application's load over many identically configured servers. This distribution
ensures consistent application availability even when one or more servers fail.
Service
A service is a functional set of
Oracle E-Business Suite application processes running on one or more nodes.
Node
A node is referred to as a server
that runs a set of E-Business Suite
R12 application processes or database processes. In a single
node installation of Oracle E-Business Suite, all the application processes
including the database processes run on one node whereas in a multi node
installation, the processes run on multiple nodes.
Internal Applications Middle Tier
The internal applications middle
tier is the server configured for internal users to access Oracle E-Business
Suite. It runs the following major application services:
- Web and Forms Services
- Administration and Concurrent Manager Services
- Reports and Discoverer Services
External Applications Web Tier
The external applications web tier
is the server configured for external users for accessing Oracle E-Business
Suite. It runs the following application service:
- Web server
URL Firewall
URL Firewall contains a white list
of URLs, for the externally exposed E-Business Suite Modules, that may be
accessed from the Internet. You can find more information on URL Firewall and
how to configure it in appendix E. Configuring
the URL Firewall of this document. (Oracle E-Business Suite R12
Configuration in a DMZ [ID 380490.1])
Points to be noted for the Network configuration as per Oracle’s
recommendations are as
under:
1.
Ensure that network firewalls are configured correctly
2.
Ensure that the network firewall rules have been defined correctly and are
permitting authorized E-Business Suite traffic between all network segments:
3.
Verify that access between intranet-based desktop clients and the internal
Application web tier is permitted and working
4.
Verify that access between the internal Application web tier and the
Applications database server is permitted and working
5.
Communication between Internet-based desktop clients and the external web tier servers
must be permitted and working.
6.
Verify that access between the Applications external web tier servers to the Applications
database server is permitted and working.
IRECRUITMENT SERVER CONFIGURATION
- Server details for the PROD configuration is as listed in the following table:
Server
Name Domain Server Type Remarks
|
erpdb01 oracle.ae Database
Node 01 1st DB node in the RAC environment
|
erpdb02 oracle.ae Database
Node 02 2nd DB node in the RAC environment
|
erpap01 oracle.ae Appl
Node 01 1st APPL node with HW load balancer
|
erpap02 oracle.ae Appl
Node 02 2nd APPL node with HW load balancer
|
careers oracle.ae IRecruitement Node Only 01 server in the external domain
erpPROD oracle.ae
HW load balancer HW load balancer for
Application load balancer.
|
The
iRecruitment server is hosted on careers.oracle.ae. This server is hosted in
the DMZ and
this
will have only the Web services configured for the Irecruitment access for the
external
candidates
and visitors.
Deployment Architecture:
The deployment architecture of the external
web server being used for the iRecruitment server
is illustrated in the above figure.
As
is evident the External web server CAREERS is behind the firewall in DMZ. Any
external access coming through internet first pass through the Oracle govt.
firewall and then reach to the CAREERS server. The CAREERS server in turn
connects to the enterprise database using the JDBC connectivity. The services
to the external server are restricted with the iRec external candidate
responsibility and features.
IREC external Web Server configuration Details:
All
the steps for the configuration of the iREC server in the external domain are
listed
in
the following table. Please refer Oracle Metalink note ID 380490.1 for complete
details.
STEPS
|
DESCRIPTION
|
Run maintain snapshot Information
in the PROD system (ERPAPP01)
|
1. Login as user applprod
in erpapp01 server and set the application environment
2. Run ADADMIN and
Update the current View Snapshot
NOTE – This is the
recommended step.
|
Run adpreclone
On application
Tier (ERPAPP01)
|
1. Login to
the Application Server (ERPAPP01) as user applprod, set the
application
environment and shudown the application services as under:
$ cd
$INST_TOP/admin/scripts
$
adstpall.sh apps/PASSWORD
Wait for 15
minutes and check that all the services are closed.
2. Run the
PRECLONE script at the Application Tier
$cd
$INST_TOP/ admin/scripts
$perl
adpreclone.pl appsTier.
|
copy the source application tier to target application
tier.
|
1. Copy the application
top file system (Complete) to target node CAREERS using SCP
|
Create OS user name on Target
node
For application
file and copy the
filesystem to
server CAREERS
|
Create the
same os user name for (application) on target node like source node. For an
example applprod:
dba
1. Create a
mount point like /u01/oracle/PROD and copy 02 folders apps and inst from
the SOURCE (ERPAPP01)
to CAREERS. Change the ownership of /u01/oracle
to applprod: dba as
user root on CAREERS server as under:
# cd /
# chown –R applprod:dba
u01.
|
Run CLONE steps on target
node CAREERS
|
1. Login as user applprod
and remove the environment file from .bash_profile if
exist and then again
relogin to ensure that the environment of previous one is
unset:
2. Go to the following
path and run the adcfgclone.pl
$ cd $COMMON_TOP/
clone/ bin
$ perl adcfgclone.pl
appsTier
Following are the
values which are to be passed specifically while cloning rest other values as
per normal CLONE process:
enable Root Service
Group [enabled] [enabled]: enabled
enable Web Entry Point
Services [enabled] [enabled] enabled
enable Web Application
Services [enabled] [enabled]: enabled
enable Batch Processing
Services [enabled] [disabled]:disabled
Other Service Group
[disabled] [disabled]: disabled
|
Add the new
application
tier
|
1. Before adding the
new nodes please check if the CAREERS server is already
added. Please login to
SQLPLUS as user apps and run the following commands:
SQL> select
node_name, status, server_address from fnd_nodes;
SQL> select NAME,
PATH from fnd_appl_tops;
SQL> select NAME,
ACTIVE_FLAG, DESCRIPTION from ad_appl_tops
where name='careers';
2. If the entry for the
server CAREERS exists then no need to perform this step. If
not then please follow
the commands as under from CAREERS server as user
applprod
$ cd $COMMON_TOP/
clone/ bin
$ perl adaddnod.pl
|
Change the
Hierarchy
type for the
list of profile
values
|
1. Login to the
Application Server ERPAPP01 as under applprod, set the
application environment
and run the following command
sqlplus apps/apps
@$FND_TOP/patch/115/sql/txkChangeProfH.sql SERVRESP
2. Run the AUTOCONFIG
after this to ensure that this change is affected.
$cd $INST_TOP/
admin/scripts
$ adautocfg.sh
Provide the password
for user APPS when prompted.
|
Update NODE_TRUST_LEVEL
profile value for the SERVER and Responsibility Trust Level for iRecruitment
External Candidate as shown below
System Administrator> Profile>
System> Responsibility to make the
below updates:
Only iRecruitment External Candidate is the responsibility which will be accessed through External web server
Oracle E-Business Suite R12
Configuration in a DMZ [ID 380490.1]