Apps DBA Concepts

Just another WordPress.com weblog

«

DMZ configuration R12

Posted by vasselva on November 27, 2010

DMZ configuration

Implemented DMZ for the project, its not very difficult to implement but bit complex to troubleshoot.Most complex on troubleshooting firewall issue.

My architecture goes like this…

LB -> Load balancer
RP -> Reverse Proxy server

LB –>RP–>EBS(ISUPPLIER NODE) (APPS TIER) –> EBS (db tier)

Load balancer — Not much involvement, F5 load balancer … asked sysadmin to point to reverse proxy URL on port 8080.

Reverse proxy server — Installed standalone OHS (oracle HTTP server), I had trouble while redirection because I chosen a wrong software OAs (Oracle Application server)

Test from RP –> EBS .. telnet <EBS host> port number

EBS —- Mostly context file changes

Create Context File
– create /{inst_name}/inst/apps/$INST_NAME_$dmz_hostname/appl/admin folder for new MT server
– copy context file from Private MT server into the above location with new name.
– Modify the context file as under:
– change all the references to Private MT server to Public MT server, except the following:

s_cphost
s_javamailer_imaphost
s_wfhost
s_smtphost
s_mwahost

– change following parameters for the Public URL
# webentryhost: company (public URL)
# webentrydomain: domain.com (public URL)
# login_page: https://company.domain.com/oa_servlet/AppsLogin
#s_external_url:https://company.domain.com
# s_active_webport : 443

login to the private mt server as ap{inst_name}.

Run the following command (replace the apps-schema-name/apps-passwd with actual values)

sqlplus <apps-schema-name>/<apps-passwd> @<FND_TOP>/patch/115/sql/txkChangeProfH.sql SERVRESP

Change the Node Trust Level Profile Option
– add node to fnd_nodes using the Sysadmin –> Install –> nodes
– update “Node Trust Level” profile option for that node as “External”
– Assign Self Service Responsibilities to sysadmin

Set “Responsibility Trust Level”

9) Update Agent profiles as DMZ server level to point to DMZ URL .

Login as system Admin Resp – Profiles – Select DMZ server name and search for required profiles .

– Application Framework Agent
– Applications Web Agent
– Applications JSP Agent
– Apps Servlet Agent

Update URL for DMZ host to point to DMZ URL.
Do not update URL at site level !

Run adconfig as under:
adconfig.sh contextfile=/{inst_name}/inst/apps/$INST_NAME_$dmz_hostname/appl/admin/$INST_NAME_$dmz_hostname.xml appspass=apps run=INSTE8_SETUP

Verify DMZ Setup.
– start all services on dmz server (keep the private mt down)
– loging to the DMZ url
– browse through the links to see if the basic navigation works fine.

This entry was posted on November 27, 2010 at 7:27 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a comment

«