Entries from Oracle E-Business Suite Technology tagged with 'security'
Critical Data Protection + Security in EBS (OpenWorld 2009 Recap)
Everyone gives lip service to the importance of security, but it's often relegated to the back-burner in actual practice. For example, my anecdotal experience is that when conference attendees are polled about Critical Patch Updates, usually fewer than 50% of the respondents state that they're up-to-date on the latest CPU. One potentially complicating factor is that there are many things that one can do to secure the E-Business Suite, and it may be hard to know where to start. At minimum, all Apps DBAs should be intimately familiar with these documents: * Best Practices for Securing Oracle E-Business Suite Release 11i (Note 189367.1) * Best Practices for Securing Oracle E-Business Suite Release 12 (Note 403537.1) There are many other security-related Oracle products that you can use with your E-Business Suite environment, too. Eric Bing and Robert Armstrong profiled all of the latest security-related tools and options that are relevant to E-Business Suite users in their recent OpenWorld 2009 session: * Critical Data Protection and Security in Oracle E-Business Suite (S307960, PDF, 1 MB)
Critical Patch Update for October 2009 Now Available
The Critical Patch Update (CPU) for October 2009 was released on October 20, 2009. Oracle strongly recommends applying the patches as soon as possible.
11gR2 Database Certified with E-Business Suite 11i
I'm very pleased to announce that the 11gR2 Database version 11.2.0.1 is certified with Oracle E-Business Suite Release 11i version 11.5.10.2. Existing Apps 11i environments currently running Oracle9i Release 2 (9.2.0), Oracle 10g Release 10 (10.1.0), Oracle 10g Release 2 (10.2.0), or Oracle 11g Release 1 (11.1.0) may be upgraded to the 11gR2 Database.
Database Vault 11.1.0.7 Certified for E-Business Suite on Windows Platforms
Our Applications Platforms Group continues to round out our E-Business Suite certification matrix for Oracle Database Vault 11gR1. Oracle DB Vault 11gR1 11.1.0.7 is now certified with E-Business Suite for the following Windows platforms: * Microsoft Windows Server (32-bit) * Microsoft Windows x64 (64-bit)
Configuring SSL with a Configuration Wizard in EBS R12
E-Business Suite R12.1.1 provides Advanced Configuration wizards that make it easier to deploy features such as SSL and load-balancing. Apps administrators can use these wizards to make configuration changes online through Oracle Applications Manager (OAM) and then run AutoConfig on the applications tier to make the changes effective. SSL (Secure Sockets Layer) is one of the most commonly used configurations in EBS. I'll walk through the SSL Advanced Configuration Wizard in this article.
Database Vault 11.1.0.7 Certified with Oracle E-Business Suite
Oracle DB Vault allows security administrators to protect a database from privileged account access to application data. Database objects can be placed in protected realms, which can be accessed only if a specific set of conditions are met.
Database Vault 10gR2 was certified last year with Oracle E-Business Suite. We're pleased to announce that the latest Database Vault 11gR1 Version 11.1.0.7 is now certified with E-Business Suite Release 11i and 12.
You can now enable Database Vault 11gR1 on your existing E-Business Suite 11.1.0.7 Database instance. If you already have DB Vault 10gR2 enabled in your E-Business Suite environment, you can now upgrade to the 11gR1 Database. We also support EBS patching with Database Vault 11.1.0.7 enabled. Our DB Vault realm creation and grants-related scripts have been revised to reduce patching downtimes.
Tablespace Encryption 11.1.0.7 Certified with EBS 12
Oracle Advanced Security is an optional licenced Oracle 11gR1 Database add-on. Oracle Advanced Security Transparent Data Encryption (TDE) offers two different features: column encryption and tablespace encryption. We certified the TDE column encryption feature with the E-Business Suite last year. We're pleased to expand our 11gR1 Database certification to include the tablespace encryption feature. This option was recently certified with Oracle E-Business Suite Release 11i, and now Tablespace Encryption 11.1.0.7 is certified with Oracle E-Business Suite Release 12.
What is Transparent Data Encryption (TDE) ?
Oracle Advanced Security Transparent Data Encryption (TDE) allows you to protect data at rest. TDE helps address privacy and PCI requirements by encrypting personally identifiable information (PII) such as Social Security numbers and credit card numbers.
TDE is completely transparent to existing applications with no triggers, views or other application changes required. Data is transparently encrypted when written to disk and transparently decrypted after an application user has successfully authenticated and passed all authorization checks. Authorization checks include verifying the user has the necessary select and update privileges on the application table and checking Database Vault, Label Security and Virtual Private Database enforcement policies.
Existing database backup routines will continue to work, with the data at rest remaining encrypted in the backup. For encryption of entire database backups, TDE can be used in combination with Oracle RMAN.
Critical Patch Update for July 2009 Now Available
The Critical Patch Update (CPU) for July 2009 was released on July 14th, 2009. Oracle strongly recommends applying the patches as soon as possible.
Tablespace Encryption 11.1.0.7 Certified with EBS 11i
Oracle Advanced Security is an optional licenced Oracle 11gR1 Database add-on. Oracle Advanced Security Transparent Data Encryption (TDE) offers two different features: column encryption and tablespace encryption. We certified the TDE column encryption feature with the E-Business Suite last year. We're pleased to expand our 11gR1 Database certification to include the tablespace encryption feature. Tablespace Encryption is now certified with Oracle E-Business Suite Release 11i.
What is Transparent Data Encryption (TDE) ?
Oracle Advanced Security Transparent Data Encryption (TDE) allows you to protect data at rest. TDE helps address
privacy and PCI requirements by encrypting personally identifiable information (PII) such as social security numbers and credit card numbers.
TDE is completely transparent to existing applications with no triggers, views or other application changes required. Data is transparently encrypted when written to disk and transparently decrypted after an application user has successfully authenticated and passed all authorization checks. Authorization checks include verifying the user has the necessary select and update privileges on the application table and checking Database Vault, Label Security and Virtual Private Database enforcement policies.
Which is Better: Forms Servlet or Socket Mode?
Many products within the Oracle E-Business Suite have screens that are built with Oracle Forms. Oracle Forms can be run in either servlet mode or socket mode. Apps 11i is based on Forms 6i and is configured to run in socket mode by default. Apps 12 is based on Forms 10g and is configured to run in servlet mode by default. What are these modes, and which is better?
What is Forms Servlet Mode?
The Forms Listener Servlet is a Java servlet that delivers the ability to run Oracle Forms applications over HTTP and HTTPS connections. It manages the creation of a Forms Server Runtime process for each client, as well as network communications between the client and its associated Forms Server Runtime process.
The desktop client sends HTTP requests and receives HTTP responses from the web server. The HTTP Listener on the web server acts as the network endpoint for the client, keeping other servers and ports from being exposed at the firewall.
Critical Patch Update for April 2009 Now Available
The Critical Patch Update for April 2009 was released on April 14, 2009. Oracle strongly recommends applying the patches as soon as possible.
Sun JRE 1.6 Certified on Windows XP for EBS 11i and FDCC Clients
Here's a quick update for our readers in the US Federal sector. Those readers likely already know that the US Office of Management and Budget has mandated that all US Federal Agencies that use or acquire Windows XP and Vista must adopt the Federal Desktop Core Configuration (FDCC) by February 1, 2008 (OMB Memorandum M-0-7-11 of March 22, 2007, on Implementation of Commonly Accepted Security Configurations for Windows Operating Systems, available at http://www.whitehouse.gov/omb/memoranda/fy2007/m07-11.pdf).
Oracle has published the following document in the Oracle Software Security Assurance Resource Library to address these requirements:
You may already also have heard that we've already certified Oracle E-Business Suite Release 11i with the US Federal Desktop Core Configuration for Windows XP and Vista desktop clients. All E-Business Suite Release 11i products are certified for use with the US Federal Desktop Core Configuration.
Since our original certification announcement, we've found that the latest FDCC images -- a.k.a. FDCC 1.1 -- have been updated and now are compatible with the native Sun JRE plug-in for Windows XP desktop clients. This adds one more certified Apps 11i configuration for FDCC clients.
Database 11gR1 Version 11.1.0.7 Certified with EBS 12
The Oracle 11gR1 Database version 11.1.0.7 was certified with Oracle E-Business Suite Release 11i last December. I'm pleased to announce that it's now certified with Oracle E-Business Suite Release 12, too. 11.1.0.7 is the first database patchset available for the 11g Release 1 Database version 11.1.0.6.
For those of you planning to upgrade from Oracle E-Business Suite Release 11i to 12, this means that the database releases for Apps are back in parity. You can upgrade directly to Apps R12. from whatever 11gR1 database release you might be running with your Apps 11i environment -- 11.1.0.6 or 11.1.0.7.
Oracle Critical Patch Update for January 2009 Now Available
The Critical Patch Update for January 2009 was released on January 13, 2009. Oracle strongly recommends applying the patches as soon as possible.
The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.
Supported Products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.
Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.
The Critical Patch Update Advisory is available at the following location:
Oracle, PeopleSoft and JD Edwards products:
Oracle BEA products:
The next four Critical Patch Update release dates are:
- April 14, 2009
- July 14, 2009
- October 13, 2009
- January 12, 2010
Oracle Database 11gR1 (11.1.0.7) Certified with EBS 11i for HP-UX PA-RISC
Following on the heels of our first set of 11gR1 DB certifications, our Applications Platforms Group has certified the Oracle 11gR1 11.1.0.7 Database with Oracle E-Business Suite Release 11i 11.5.10 CU2 on HP-UX PA-RISC.
Database 11gR1 Version 11.1.0.7 Certified with EBS 11i
Here's a great way to end the year 2008 for Certifications with EBS: Oracle Database 11gR1 version 11.1.0.7 is now certified with E-Business Suite Release 11i. 11.1.0.7 is the first database patchset available for the 11gR1 Release 11.1.0.6. Customers can upgrade to this version following the Notes listed in the Documentation section.
Seven New Platforms Certified for Apps 11i + Database Vault 10.2.0.4
This complements the Apps 12-corresponding announcement: Oracle E-Business Suite Release 11i has been certified with seven new platforms for DB Vault 10gR2 (10.2.0.4). This configuration is now certified with the following new operating system platforms:
EBS 12 + Database Vault 10gR2 Certified on Three New Platforms
It's always nice to start the week off with some new certification announcements. I'm pleased to announce that several new platforms have been added to our previously-announced certification of DB Vault 10gR2 (10.2.0.4) with Oracle E-Business Suite Release 12. This configuration is now certified on the following new operating system platforms:
Oracle Connection Manager Certified With Oracle E-Business Suite 12
Starting with Oracle E-Business Suite Release 12.0.4, we support configuring Oracle Connection Manager (CMAN) with Oracle E-Business Suite Release 12. Oracle Connection Manager ships with the Oracle Database, and certified versions are 10g and 11g.
Oracle Connection Manager enables large numbers of users to connect to a single server by acting as a connection concentrator to funnel multiple client database sessions across a single network connection. This is known as connection multiplexing. CMAN reduces operating system resource requirements by minimizing the number of network connections made to a server. CMAN also provides the additional benefit of access control.
US Federal Desktop Core Configuration Certified With Apps 11i
The US Office of Management and Budget (OMB) manages the budget for US Federal Government agencies. The US Office of Management and Budget mandates that all US Federal Agencies that use or acquire Windows XP and Vista must adopt the Federal Desktop Core Configuration (FDCC) by February 1, 2008 (OMB Memorandum M-0-7-11 of March 22, 2007, on Implementation of Commonly Accepted Security Configurations for Windows Operating Systems, available at http://www.whitehouse.gov/omb/memoranda/fy2007/m07-11.pdf).
Oracle has just published the following document in the Oracle Software Security Assurance Resource Library to address these requirements:
In conjunction with that document's release, I'm pleased to announce that Oracle E-Business Suite Release 11i is certified with the US Federal Desktop Core Configuration for Windows XP and Vista desktop clients. All E-Business Suite Release 11i products are certified for use with the US Federal Desktop Core Configuration.
Search All Blogs
Google Search
Feed Subscription
If you use an RSS reader, you can subscribe to a feed of all future entries tagged 'security'.
