DMZ for Isupplier in 11i
Activities Prior to Installation
Make entries in your /etc/hosts
<IP reverseproxy> <hostname.domain> <hostname>
172.24.68.12 erpdbt2.erp.du.ae erpdbt2
172.24.68.17 external.erp.du.ae external
If want to make url like isupplier.erp.du.ae, make hostname isupplier
<IP> isupplier.erp.du.ae isupplier
Installation Procedure
Step 1: Create a Home for the Virtually External 11i Tier
Login as applINSTANCE user to the relevant INSTANCE
Go to /erpapp/INSTANCE/appl
Create a directory with name “external” at /erpapp/INSTANCE/appl
Step 2: Create a new Context File for the Virtually External 11i Tier
Go to $COMMON_TOP/clone/bin and run the adclonectx.pl
/erpapp/INSTANCE/appl/INSTANCEcomn/clone/bin
perl adclonectx.pl
contextfile=/erpapp/INSTANCE/appl/INSTANCEappl/INSTANCE_erpdbt2.xml
outfile=/erpapp/INSTANCE/appl/external/<INSTANCE_external>.xml
It will prompt for the inputs.
PROMPT :
Do you want to use a virtual hostname for the target node (y/n) [n] ?
ANSWER :
y
PROMPT :
Target hostname [erpdbt2]
ANSWER :
external
PROMPT :
It is recommended that your inputs are validated by the program.
However you might choose not to validate your inputs under following circumstances:
-If cloning a context on source system for a remote system.
-If cloning a context on a machine where the ports are taken and you do not want to
shutdown the services at this point.
-If cloning a context but the database it needs to connect is not available.
Do you want the inputs to be validated (y/n) [n] ?
ANSWER :
y
PROMPT :
Target system database SID [INSTANCE]
ANSWER :
INSTANCE
PROMPT :
Username for the applications file system owner [applINSTANCE]
ANSWER :
applINSTANCE
PROMPT :
Group for the applications file system owner [dba]
ANSWER :
dba
PROMPT :
Target system database server node [erpdbt2]
ANSWER :
erpdbt2
PROMPT :
Target system database domain name [erp.du.ae]
ANSWER :
erp.du.ae
PROMPT :
Does the target system have more than one application tier server node (y/n) [n] ?
ANSWER :
Y
PROMT
Does the target system application tier utilize multiple domain names (y/n) [n] ?:
Answer:
N
PROMPT:
Target system concurrent processing node [erpdbt2]:
Answer:
erpdbt2
PROMPT:
Target system administration node [erpdbt2]:
Answer:
erpdbt2
PROMPT:
Target system forms server node [erpdbt2]:
Answer:
erpdbt2
PROMPT:
Target system web server node [erpdbt2]:
Answer:
external
PROMPT :
Is the target system APPL_TOP divided into multiple mount points (y/n) [n] ?
ANSWER :
n
PROMPT :
Target system APPL_TOP mount point [/erpapp/INSTANCE/appl/INSTANCEappl]
ANSWER :
/erpapp/INSTANCE/appl/INSTANCEappl
PROMPT :
Target system COMMON_TOP directory [/erpapp/INSTANCE/appl/INSTANCEcomn]
ANSWER :
/erpapp/INSTANCE/appl/INSTANCEcomn
PROMPT :
Target system 8.0.6 ORACLE_HOME directory
[/erpapp/INSTANCE/appl/INSTANCEora/8.0.6]
ANSWER :
/erpapp/INSTANCE/appl/INSTANCEora/8.0.6
PROMPT :
Target system iAS ORACLE_HOME directory [/erpapp/INSTANCE/appl/INSTANCEora/iAS]
ANSWER : /erpapp/INSTANCE/appl/INSTANCEora/iAS
PROMPT :
Do you want to preserve the Display set to erpdbt2:10.0 (y/n) [y] ?
ANSWER :y
PROMPT :
Location of the JDK on the target system [/erpapp/INSTANCE/appl/java6]
ANSWER :
/erpapp/INSTANCE/appl/java6
PROMPT :
Target system JRE_TOP [/erpapp/INSTANCE/appl/java6]
ANSWER :
/erpapp/INSTANCE/appl/java6
PROMPT :
Do you want to preserve the port values from the source system on the target system (y/n)
[y] ?
ANSWER :
Y
PROMPT
RC-50220: Warning: Web Listener Port: 8020 is not free. Unable to preserve the port
settings from source system.
Clone Context uses the same port pool mechanism as the Rapid Install
Once you choose a port pool, Clone Context will validate the port availability.
Enter the port pool number [0-99]:
Answer:
5
PROMPT :
APPS password is required to validate database connection using portpool 5
Enter APPS Password [APPS]
ANSWER :
Apps
PROMPT
Choose a value which will be set as APPLPTMP value on the target node [1]:
Answer:
1
PROMPT:
Target system APPL_TOP of the Forms node:
Answer
/erpapp/FMI/fmiappl
The new context file has been created at:
/erpapp/INSTANCE/appl/external/INSTANCE_external.xml
Step 3: Verify and Edit the Newly Created Context File
The newly created Context file is INSTANCE_external.xml and located at
/erpapp/INSTANCE/appl/external/INSTANCE_external.xml
Change the below values to the respective port values and database port value to 1541.
s_webport = 8005
s_webport_pls = 8205
s_oprocmgr_port = 8105
Step 4: Instantiate the New Configuration Files Based on the New Context File
Execute the shared oracle home configuration script (txkSOHM.pl ) to instantiate the
required http server configuration files into the configuration home directory you created in
step 1:
cd $FND_TOP/patch/115/bin
perl -I $AU_TOP/perl txkSOHM.pl
It will prompt for the inputs
Absolute path of Application's Context XML file :
/erpapp/INSTANCE/appl/external/INSTANCE_external.xml
Type of Instance [primary/secondary] : secondary
Absolute path of 8.0.6 Shared Oracle Home :
/erpapp/INSTANCE/appl/INSTANCEora/8.0.6
Absolute path of iAS Shared Oracle Home :
/erpapp/INSTANCE/appl/INSTANCEora/iAS
Absolute path of config top : /erpapp/INSTANCE/appl/external
This will finish with running autoconfig.
Step 5 : Configure Reverse Proxy
Edit External Web XML file and add the following entries in the xml file.
s_webentryhost -to the reverse proxy server hostname
Value: external
s_webentrydomain -to the domain name of the reverse proxy server
Value: erp.du.ae
s_active_webport -to the reverse proxy listener port
Value: 8005
s_webentryurlprotocol -to the reverse proxy's protocol e.g. "http" or "https"
Value: http
s_login_page -to the values you specified above for
<webentry protocol>://<webentry host>.<webentry domain>:<active webport>
Value: http://external.erp.du.ae:8005
s_fnd_secure -confirm that this does not point to the same directory as the existing web
node. This variable specifies the location of the node's DBC file.
Value: /erpapp/INSTANCE/appl/INSTANCEappl/fnd/11.5.0/secure/INSTANCE_external
s_server_ip_address -to the IP address of the reverse proxy server
Value: 172.24.68.17
s_oacore_trusted_oproc_nodes – Add external node IP and node name.
Value: 172.24.68.17, external, external.erp.du.ae
Step 6: Host file entry for Internal and External access
This configuration requires your application middle tier server to have at least two network
interfaces. One network interface is required for the external entry point and another for the
internal entry point. These network interfaces must be configured to resolve to two different
hostnames in the DNS.
Alternatively, an alias IP can be assigned to the external node.
Eg:
/etc/hosts
172.24.68.12 erpdbt2.erp.du.ae erpdbt2
172.24.68.17 external.erp.du.ae external
Step 7: Run Auto config from Internal and external configuration location
Internal
1. Run auto config for database Tier.
Eg:
$ cd $ORACLE_HOME/appsutil/scripts/
$ ./adautocfg <apps_passwd>
2. Run aut config for concurrent manager Tier.
Eg:
$ cd $COMMON_TOP/admin/scripts/INSTANCE_erpdbst2
$ ./adautocfg <apps_passwd>
3.
Run auto config for web Tier.
Eg:
$ cd $COMMON_TOP/admin/scripts/INSTANCE_erpdbst2
$ ./adautocfg <apps_passwd>
External
1.
Run auto config for external web Tier
Eg:
$ cd $COMMON_TOP/admin/scripts/INSTANCE_external
$ ./adautocfg.sh <apps_passwd>
Step8:Update Hirarchy Type
•
1. Applications Web Agent APPS_WEB_AGENT
•
2. Applications Servlet Agent APPS_SERVLET_AGENT
•
3. Applications JSP Agent APPS_JSP_AGENT
•
4. Applications Framework Agent APPS_FRAMEWORK_AGENT
•
5. ICX:Forms Launcher ICX_FORMS_LAUNCHER
•
6. ICX: Oracle Discoverer Launcher ICX_DISCOVERER_LAUNCHER
•
7. ICX: Oracle Discoverer Viewer Launcher
ICX_DISCOVERER_VIEWER_LAUNCHER
•
8. Applications Help Web Agent HELP_WEB_AGENT
•
9. Applications Portal APPS_PORTAL
•
10. BOM:Configurator URL of UI Manager CZ_UIMGR_URL
•
11. ASO : Configurator URL ASO_CONFIGURATOR_URL
•
12. QP: Pricing Engine URL QP_PRICING_ENGINE_URL
•
13. TCF:HOST TCF:HOST
The configuration of the E-Business Suite environment for DMZ requires these profile
options hierarchy type to be set to SERVRESP. To change the profile options hierarchy type
values to SERVRESP, execute the following SQL script as shown below:
sqlplus <apps-schema-name>/<apps-passwd>
@<FND_TOP>/patch/115/sql/txkChangeProfH.sql SERVRESP
Step9: Update Node Trust level
•
Login to Oracle E-Business Suite as sysadmin user using the internal URL
•
Select System Administrator Responsibility
•
Select Profile / System
•
From the 'Find system profile option Values' window, select the server that you want
to make external
Query for %NODE%TRUST%. You will see a profile option named 'Node Trust
Level'. The value for this profile option at site level will be Normal. Leave this setting
as is
•
Set the value of this profile option to External at the server level (not site level). The
site-level value should remain Normal.
Step 10: Update List of Responsibilities
•
Login to Oracle E-Business Suite as sysadmin user using the internal URL
•
Select System Administrator Responsibility
•
Select Profile / System
•
From the 'Find system profile option Values' window, select the responsibility that you
want to make external
•
Query for %RESP%TRUST%. You will see a profile option named 'Responsibility
trust level'. The value for this profile option at site level will be Normal.
•
Set the value of this profile option for the chosen responsibility to External at
responsibility level (not site level). The site-level value should remain Normal.
Step11: Required Setup for iSupplier Portal
•
Using the System Administrator responsibility, open the System Profile Values
window
•
Search for the profile option POS: External URL
•
Set the profile option to:
http or https://<external web server machine>:<port>/ ie.
http://external.erp.du.ae:8005
•
Search for the profile option POS: Internal URL
•
Set the internal profile option to:
http or https://<internal web server machine>:<port>/ ie.
http://instance.erp.du.ae:8005
•
After setting the above profile options please run the following script using user APPS
through sqlplus:
$POS_TOP/patch/115/sql/pos_upg_usr.sql
•
The above script updates the user level values of profile option Applications
Framework Agent and Application Servlet Agent for all supplier users using the new
values in the profile option POS: External URL.
Step 12: Access Internal and External application using different URLs
•
Internal URL:
Value: http://erpdbt2.erp.du.ae:8020
· External URL:
Value: http://external.erp.du.ae:8005