DMZ for Isupplier in 11i

Activities Prior to Installation

Make entries in your /etc/hosts

<IP reverseproxy> <hostname.domain> <hostname>

172.24.68.12 erpdbt2.erp.du.ae erpdbt2

172.24.68.17 external.erp.du.ae external

If want to make url like isupplier.erp.du.ae, make hostname isupplier

<IP> isupplier.erp.du.ae isupplier

Installation Procedure

Step 1: Create a Home for the Virtually External 11i Tier

Login as applINSTANCE user to the relevant INSTANCE

Go to /erpapp/INSTANCE/appl

Create a directory with name “external” at /erpapp/INSTANCE/appl

Step 2: Create a new Context File for the Virtually External 11i Tier

Go to $COMMON_TOP/clone/bin and run the adclonectx.pl

/erpapp/INSTANCE/appl/INSTANCEcomn/clone/bin

perl adclonectx.pl

contextfile=/erpapp/INSTANCE/appl/INSTANCEappl/INSTANCE_erpdbt2.xml

outfile=/erpapp/INSTANCE/appl/external/<INSTANCE_external>.xml

It will prompt for the inputs.

PROMPT :

Do you want to use a virtual hostname for the target node (y/n) [n] ?

ANSWER :

y

PROMPT :

Target hostname [erpdbt2]

ANSWER :

external

PROMPT :

It is recommended that your inputs are validated by the program.

However you might choose not to validate your inputs under following circumstances:

-If cloning a context on source system for a remote system.

-If cloning a context on a machine where the ports are taken and you do not want to

shutdown the services at this point.

-If cloning a context but the database it needs to connect is not available.

Do you want the inputs to be validated (y/n) [n] ?

ANSWER :

y

PROMPT :

Target system database SID [INSTANCE]

ANSWER :

INSTANCE

PROMPT :

Username for the applications file system owner [applINSTANCE]

ANSWER :

applINSTANCE

PROMPT :

Group for the applications file system owner [dba]

ANSWER :

dba

PROMPT :

Target system database server node [erpdbt2]

ANSWER :

erpdbt2

PROMPT :

Target system database domain name [erp.du.ae]

ANSWER :

erp.du.ae

PROMPT :

Does the target system have more than one application tier server node (y/n) [n] ?

ANSWER :

Y

PROMT

Does the target system application tier utilize multiple domain names (y/n) [n] ?:

Answer:

N

PROMPT:

Target system concurrent processing node [erpdbt2]:

Answer:

erpdbt2

PROMPT:

Target system administration node [erpdbt2]:

Answer:

erpdbt2

PROMPT:

Target system forms server node [erpdbt2]:

Answer:

erpdbt2

PROMPT:

Target system web server node [erpdbt2]:

Answer:

external

PROMPT :

Is the target system APPL_TOP divided into multiple mount points (y/n) [n] ?

ANSWER :

n

PROMPT :

Target system APPL_TOP mount point [/erpapp/INSTANCE/appl/INSTANCEappl]

ANSWER :

/erpapp/INSTANCE/appl/INSTANCEappl

PROMPT :

Target system COMMON_TOP directory [/erpapp/INSTANCE/appl/INSTANCEcomn]

ANSWER :

/erpapp/INSTANCE/appl/INSTANCEcomn

PROMPT :

Target system 8.0.6 ORACLE_HOME directory

[/erpapp/INSTANCE/appl/INSTANCEora/8.0.6]

ANSWER :

/erpapp/INSTANCE/appl/INSTANCEora/8.0.6

PROMPT :

Target system iAS ORACLE_HOME directory [/erpapp/INSTANCE/appl/INSTANCEora/iAS]

ANSWER : /erpapp/INSTANCE/appl/INSTANCEora/iAS

PROMPT :

Do you want to preserve the Display set to erpdbt2:10.0 (y/n) [y] ?

ANSWER :y

PROMPT :

Location of the JDK on the target system [/erpapp/INSTANCE/appl/java6]

ANSWER :

/erpapp/INSTANCE/appl/java6

PROMPT :

Target system JRE_TOP [/erpapp/INSTANCE/appl/java6]

ANSWER :

/erpapp/INSTANCE/appl/java6

PROMPT :

Do you want to preserve the port values from the source system on the target system (y/n)

[y] ?

ANSWER :

Y

PROMPT

RC-50220: Warning: Web Listener Port: 8020 is not free. Unable to preserve the port

settings from source system.

Clone Context uses the same port pool mechanism as the Rapid Install

Once you choose a port pool, Clone Context will validate the port availability.

Enter the port pool number [0-99]:

Answer:

5

PROMPT :

APPS password is required to validate database connection using portpool 5

Enter APPS Password [APPS]

ANSWER :

Apps

PROMPT

Choose a value which will be set as APPLPTMP value on the target node [1]:

Answer:

1

PROMPT:

Target system APPL_TOP of the Forms node:

Answer

/erpapp/FMI/fmiappl

The new context file has been created at:

/erpapp/INSTANCE/appl/external/INSTANCE_external.xml

Step 3: Verify and Edit the Newly Created Context File

The newly created Context file is INSTANCE_external.xml and located at

/erpapp/INSTANCE/appl/external/INSTANCE_external.xml

Change the below values to the respective port values and database port value to 1541.

s_webport = 8005

s_webport_pls = 8205

s_oprocmgr_port = 8105

Step 4: Instantiate the New Configuration Files Based on the New Context File

Execute the shared oracle home configuration script (txkSOHM.pl ) to instantiate the

required http server configuration files into the configuration home directory you created in

step 1:

cd $FND_TOP/patch/115/bin

perl -I $AU_TOP/perl txkSOHM.pl

It will prompt for the inputs

Absolute path of Application's Context XML file :

/erpapp/INSTANCE/appl/external/INSTANCE_external.xml

Type of Instance [primary/secondary] : secondary

Absolute path of 8.0.6 Shared Oracle Home :

/erpapp/INSTANCE/appl/INSTANCEora/8.0.6

Absolute path of iAS Shared Oracle Home :

/erpapp/INSTANCE/appl/INSTANCEora/iAS

Absolute path of config top : /erpapp/INSTANCE/appl/external

This will finish with running autoconfig.

Step 5 : Configure Reverse Proxy

Edit External Web XML file and add the following entries in the xml file.

s_webentryhost -to the reverse proxy server hostname

Value: external

s_webentrydomain -to the domain name of the reverse proxy server

Value: erp.du.ae

s_active_webport -to the reverse proxy listener port

Value: 8005

s_webentryurlprotocol -to the reverse proxy's protocol e.g. "http" or "https"

Value: http

s_login_page -to the values you specified above for

<webentry protocol>://<webentry host>.<webentry domain>:<active webport>

Value: http://external.erp.du.ae:8005

s_fnd_secure -confirm that this does not point to the same directory as the existing web

node. This variable specifies the location of the node's DBC file.

Value: /erpapp/INSTANCE/appl/INSTANCEappl/fnd/11.5.0/secure/INSTANCE_external

s_server_ip_address -to the IP address of the reverse proxy server

Value: 172.24.68.17

s_oacore_trusted_oproc_nodes – Add external node IP and node name.

Value: 172.24.68.17, external, external.erp.du.ae

Step 6: Host file entry for Internal and External access

This configuration requires your application middle tier server to have at least two network

interfaces. One network interface is required for the external entry point and another for the

internal entry point. These network interfaces must be configured to resolve to two different

hostnames in the DNS.

Alternatively, an alias IP can be assigned to the external node.

Eg:

/etc/hosts

172.24.68.12 erpdbt2.erp.du.ae erpdbt2

172.24.68.17 external.erp.du.ae external

Step 7: Run Auto config from Internal and external configuration location

Internal

1. Run auto config for database Tier.

Eg:

$ cd $ORACLE_HOME/appsutil/scripts/

$ ./adautocfg <apps_passwd>

2. Run aut config for concurrent manager Tier.

Eg:

$ cd $COMMON_TOP/admin/scripts/INSTANCE_erpdbst2

$ ./adautocfg <apps_passwd>

3.

Run auto config for web Tier.

Eg:

$ cd $COMMON_TOP/admin/scripts/INSTANCE_erpdbst2

$ ./adautocfg <apps_passwd>

External

1.

Run auto config for external web Tier

Eg:

$ cd $COMMON_TOP/admin/scripts/INSTANCE_external

$ ./adautocfg.sh <apps_passwd>

Step8:Update Hirarchy Type

•

1. Applications Web Agent APPS_WEB_AGENT

•

2. Applications Servlet Agent APPS_SERVLET_AGENT

•

3. Applications JSP Agent APPS_JSP_AGENT

•

4. Applications Framework Agent APPS_FRAMEWORK_AGENT

•

5. ICX:Forms Launcher ICX_FORMS_LAUNCHER

•

6. ICX: Oracle Discoverer Launcher ICX_DISCOVERER_LAUNCHER

•

7. ICX: Oracle Discoverer Viewer Launcher

ICX_DISCOVERER_VIEWER_LAUNCHER

•

8. Applications Help Web Agent HELP_WEB_AGENT

•

9. Applications Portal APPS_PORTAL

•

10. BOM:Configurator URL of UI Manager CZ_UIMGR_URL

•

11. ASO : Configurator URL ASO_CONFIGURATOR_URL

•

12. QP: Pricing Engine URL QP_PRICING_ENGINE_URL

•

13. TCF:HOST TCF:HOST

The configuration of the E-Business Suite environment for DMZ requires these profile

options hierarchy type to be set to SERVRESP. To change the profile options hierarchy type

values to SERVRESP, execute the following SQL script as shown below:

sqlplus <apps-schema-name>/<apps-passwd>

@<FND_TOP>/patch/115/sql/txkChangeProfH.sql SERVRESP

Step9: Update Node Trust level

•

Login to Oracle E-Business Suite as sysadmin user using the internal URL

•

Select System Administrator Responsibility

•

Select Profile / System

•

From the 'Find system profile option Values' window, select the server that you want

to make external

Query for %NODE%TRUST%. You will see a profile option named 'Node Trust

Level'. The value for this profile option at site level will be Normal. Leave this setting

as is

•

Set the value of this profile option to External at the server level (not site level). The

site-level value should remain Normal.

Step 10: Update List of Responsibilities

•

Login to Oracle E-Business Suite as sysadmin user using the internal URL

•

Select System Administrator Responsibility

•

Select Profile / System

•

From the 'Find system profile option Values' window, select the responsibility that you

want to make external

•

Query for %RESP%TRUST%. You will see a profile option named 'Responsibility

trust level'. The value for this profile option at site level will be Normal.

•

Set the value of this profile option for the chosen responsibility to External at

responsibility level (not site level). The site-level value should remain Normal.

Step11: Required Setup for iSupplier Portal

•

Using the System Administrator responsibility, open the System Profile Values

window

•

Search for the profile option POS: External URL

•

Set the profile option to:

http or https://<external web server machine>:<port>/ ie.

http://external.erp.du.ae:8005

•

Search for the profile option POS: Internal URL

•

Set the internal profile option to:

http or https://<internal web server machine>:<port>/ ie.

http://instance.erp.du.ae:8005

•

After setting the above profile options please run the following script using user APPS

through sqlplus:

$POS_TOP/patch/115/sql/pos_upg_usr.sql

•

The above script updates the user level values of profile option Applications

Framework Agent and Application Servlet Agent for all supplier users using the new

values in the profile option POS: External URL.

Step 12: Access Internal and External application using different URLs

•

Internal URL:

Value: http://erpdbt2.erp.du.ae:8020

· External URL:

Value: http://external.erp.du.ae:8005