DMZ configuration
Implemented DMZ for the project, its not very difficult to implement but bit complex to troubleshoot.Most complex on troubleshooting firewall issue.
My architecture goes like this…
LB -> Load balancer
RP -> Reverse Proxy server
LB –>RP–>EBS(ISUPPLIER NODE) (APPS TIER) –> EBS (db tier)
Load balancer — Not much involvement, F5 load balancer … asked sysadmin to point to reverse proxy URL on port 8080.
Reverse proxy server — Installed standalone OHS (oracle HTTP server), I had trouble while redirection because I chosen a wrong software OAs (Oracle Application server)
Test from RP –> EBS .. telnet <EBS host> port number
EBS —- Mostly context file changes
Create Context File
– create /{inst_name}/inst/apps/$INST_NAME_$dmz_hostname/appl/admin folder for new MT server
– copy context file from Private MT server into the above location with new name.
– Modify the context file as under:
– change all the references to Private MT server to Public MT server, except the following:
s_cphost
s_javamailer_imaphost
s_wfhost
s_smtphost
s_mwahost
– change following parameters for the Public URL
# webentryhost: company (public URL)
# webentrydomain: domain.com (public URL)
# login_page: https://company.domain.com/oa_servlet/AppsLogin
#s_external_url:https://company.domain.com
# s_active_webport : 443
login to the private mt server as ap{inst_name}.
Run the following command (replace the apps-schema-name/apps-passwd with actual values)
sqlplus <apps-schema-name>/<apps-passwd> @<FND_TOP>/patch/115/sql/txkChangeProfH.sql SERVRESP
Change the Node Trust Level Profile Option
– add node to fnd_nodes using the Sysadmin –> Install –> nodes
– update “Node Trust Level” profile option for that node as “External”
– Assign Self Service Responsibilities to sysadmin
Set “Responsibility Trust Level”
9) Update Agent profiles as DMZ server level to point to DMZ URL .
Login as system Admin Resp – Profiles – Select DMZ server name and search for required profiles .
– Application Framework Agent
– Applications Web Agent
– Applications JSP Agent
– Apps Servlet Agent
Update URL for DMZ host to point to DMZ URL.
Do not update URL at site level !
Run adconfig as under:
adconfig.sh contextfile=/{inst_name}/inst/apps/$INST_NAME_$dmz_hostname/appl/admin/$INST_NAME_$dmz_hostname.xml appspass=apps run=INSTE8_SETUP
Verify DMZ Setup.
– start all services on dmz server (keep the private mt down)
– loging to the DMZ url
– browse through the links to see if the basic navigation works fine.