Pages

Wednesday, February 13, 2019

DMZ Configuration on R12

DMZ Configuration on R12


* OS verification
* Backup the source (prodcution instance)
* Copy the source application tier to the DMZ machine
* Create user and group for the DMZ machine
* Create directories for the target DMZ and give them the required grant and ownership
* Configure the DMZ
* Run autoconfig on both application tiers and the database tier
* Start and check the services

--> OS Verification

i)   Create OS user

ii)  Host file format
The  “/etc/hosts”  file  should use the  following  format  and Hostname  length should be less than 255 characters.
IP Address   Full Qualified Hostname    alias
Example:
10.10.19.39   externalnode.oracle.com    externalnode
10.10.11.31   internalnode.oracle.com    internalnode

iii) Mount Point / Storage Details
All disks in a disk group should have the same I/O density (Megabytes per second of transfer rate per Gigabyte of capacity)

iv)  Software Requirement
Ar, ld, make, X Display Server

v)   Login into the Source and shut the application services

vi)  Take a backup of the application directories and transfer it to the target server

--> Configuring DMZ

vii)  login as: appldmz

viii) Check the below settings

echo $PATH
which make
which ld

ix)  Navigate to the location where the files have been transfered.

x)  And further navigate to the clone bin diretory and run the adcfgclone.pl with appsTier
pwd
/oracle/appldmz
apps  inst
cd apps/apps_st/comn/clone/bin

perl adcfgclone.pl appsTier

It will ask the instance specific details:

Target System Hostname (virtual or normal) [externalnode] :
Target System Database SID : RAC1
Target System Database Server Node [irecruit] : internal
Target System Base Directory : /oracle/appldmzTarget System Forms ORACLE_HOME Directory [/oracle/appldmz/apps/tech_st/10.1.2] :Target System Web ORACLE_HOME

Directory [/oracle/appldmz/apps/tech_st/10.1.3] :
Target System APPL_TOP Mountpoint [/oracle/appldmz/apps/apps_st/appl] :
Target System COMMON_TOP Directory [/oracle/appldmz/apps/apps_st/comn] :
Target System Instance Home Directory [/oracle/appldmz/inst] :
Username for the Applications File System Owner [appldmz] :
Target System Root Service [enabled] :
Target System Web Entry Point Services [enabled] :
Target System Web Application Services [enabled] :
Target System Batch Processing Services [enabled] :
Target System Other Services [disabled] :
Do you want to preserve the Display [internal:0.0] (y/n) ? : n
Target System Display [irecruit:0.0] :
Do you want the the target system to have the same port values as the source system (y/n)[y] ? : n
Target System Port Pool [0-99] : 10

xi)  Once this process completes succesfully shut down the services change the following parameters in the .xml file

s_isWeb                           ----required value=YES
s_isWebDev                     ----required value=YES
s_http_listen_parameter    ----New Port for the http listener
s_https_listen_parameter  ----New Port for the https listener
s_webentryurlprotocol      ----Set the value to the web entry protocol (http/https)
s_webentryhost                ----Set the value to the webentry host
s_webentrydomain            ----Set the value to the webentry domain
s_active_webport              ----Set the value to the active port
s_login_page                    ----Set the value to point to the new webentry configuration
s_server_ip_address          ----Set the value of this variable to the IP address of the external facing network interface

xii)  Run the node clean package as apps user
Sqlplus apps/********
exec fnd_conc_clone.setup_clean;
commit;
exit
Run autoconfig in the series as stated below
a)  database tier
b)  primary apps tier (prodcution)
c)  DMZ (externalnode)

xiii)  After the completion of the autoconfig run the following script as apps from the primary node
sqlplus apps/welcome @$FND_TOP/patch/115/sql/txkChangeProfH.sql SERVRESP

This would change the profile options hierarchy type values to SERVRESP. Run autoconfig again on the primary node. As seen in the following lines

@txkChangeProfH.sql SERVRESP
Changing the hierarchy type for the  Profile APPS_WEB_AGENT
Profile APPS_WEB_AGENT hierarchy type has been
successfully changed to SERVRESP
Changing the hierarchy type for the  Profile APPS_SERVLET_AGENT
Profile APPS_SERVLET_AGENT hierarchy type has been
successfully changed to SERVRESP
Changing the hierarchy type for the  Profile APPS_JSP_AGENT
Profile APPS_JSP_AGENT hierarchy type has been
successfully changed to SERVRESP
Changing the hierarchy type for the  Profile APPS_FRAMEWORK_AGENT
Profile APPS_FRAMEWORK_AGENT hierarchy type has been
successfully changed to SERVRESP
Changing the hierarchy type for the  Profile ICX_FORMS_LAUNCHER
Profile ICX_FORMS_LAUNCHER hierarchy type has been
successfully changed to SERVRESP
Changing the hierarchy type for the  Profile ICX_DISCOVERER_LAUNCHER
Profile ICX_DISCOVERER_LAUNCHER hierarchy type has been
successfully changed to SERVRESP
Changing the hierarchy type for the  Profile ICX_DISCOVERER_VIEWER_LAUNCHER
Profile ICX_DISCOVERER_VIEWER_LAUNCHER hierarchy type has been
successfully changed to SERVRESP
Changing the hierarchy type for the  Profile HELP_WEB_AGENT
Profile HELP_WEB_AGENT hierarchy type has been
successfully changed to SERVRESP
Changing the hierarchy type for the  Profile APPS_PORTAL
Profile APPS_PORTAL hierarchy type has been
successfully changed to SERVRESP
Changing the hierarchy type for the  Profile CZ_UIMGR_URL
Profile CZ_UIMGR_URL hierarchy type has been
successfully changed to SERVRESP
Changing the hierarchy type for the  Profile QP_PRICING_ENGINE_URL
Profile QP_PRICING_ENGINE_URL hierarchy type has been
successfully changed to SERVRESP
Changing the hierarchy type for the  Profile TCF:HOST
Profile TCF:HOST hierarchy type has been
successfully changed to SERVRESP
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - 64bit
Production
With the Partitioning, OLAP and Data Mining options

xiv)  After the completion of the script start the primary instance and login as sysadmnin, And change the following profiles at server level
Server  : externalnode <server_name>
Profile : Node Trust Level <profile_name>
Make the changes at the server level to external

This Completes the DMZ Configuration !!!
xv)  Expose the responsibility to the external tier as per the requirement.

xvi) Once the above process is completed, the DMZ node can be started with the sequence given below.

xvii)  Startup and shutdown of DMZ Applications

We can start the externalnode(DMZ) node with the following sequence

adopmnctl.sh start
adoafmctl.sh start
adformsctl.sh start
adoacorectl.sh start
adapcctl.sh start

To stop the DMZ follow the sequence stated below

adapcctl.sh stop
adoacorectl.sh stop
adformsctl.sh stop
adoafmctl.sh stop
adopmnctl.sh stop

URL :  http://externalnode.oracle.com:8010/OA_HTML/IrcVisitor.jsp

Note:

1.Check SERVER_ADDRESS in fnd_nodes for external tier, make sure it should be pointing to external hostname, if it is not showing add node to fnd_nodes using the Sysadmin –> Install –> nodes.
Check the below columns:
*NODE_NAME                   
*SERVER_ADDRESS               
*HOST                   
*DOMAIN

2.Enable Oracle E-Business Suite Application Server Security

1.Set the value of Application Server Security Authentication (s_appserverid_authentication) to SECURE, in the CONTEXT_FILE on all the nodes.
2.Run AutoConfig on each Applications middle tier to complete the configuration.
3.After AutoConfig completes successfully, restart Oracle HTTP Server and OC4J processes








No comments:

Post a Comment