X

The Latest Technology Stack News Directly from EBS Development

Configuring Reverse Proxies and DMZs for EBS 12.2

Steven Chan
Senior Director

You may have end-users outside of your organization's firewall who need access to E-Business Suite.  One way of doing that is to set up a reverse proxy server and a series of network segments separated by firewalls. 

EBS DMZ architecture

 

The outermost network segment that lies between the internet and an organization's intranet is often called a Demilitarized Zone (DMZ).  DMZs are enforced by firewalls and other networking security devices.

Setting up a DMZ

Instructions for deploying EBS 12.2 in a DMZ-based architecture are published here:

Externally-facing EBS products

A subset of EBS products can be deployed for external use, including iSupplier, iRecruitment, iSupport, and others.  Many of these products have special rules that must be enabled in the URL Firewall to work properly in external deployments.  For a complete list of E-Business Suite products certified for external use, see Section 6 in Note 1375670.1.

Related Articles

 

 

Join the discussion

Comments ( 2 )
  • Jaydeep Nandy Tuesday, March 13, 2018
    Hi Steven,

    What I understand from Note 1375670.1 is only WebLogic members are added to the domain - be it internal/external. That would need the following ports to be opened:

    1. To connect from Primary node to DMZ node's NodeManager
    2. To connect from DMZ Node to WLS Admin Server (on primary node)
    3. To connect from DMZ Node to Database over SQLNET
    4. SNMP & SSH connectivity from Primary node to DMZ Node

    Is there any way to get rid of first two from the list above? I guess it won't be possible - as the WLS Domain will create a cluster across all internal & external nodes. Please confirm.

    Thanks,
    Jaydeep
  • Elke Phelps (Oracle Development) Tuesday, March 13, 2018
    Jaydeep,

    To confirm - 1 & 2 are always required. Please note the following:

    1. There is always only internal application tier node that is designated as the WLS Admin Server. This server is referred to as the primary node.
    2. All external nodes must be able communicate with the primary node via WLS Admin Server port.
    3. The primary application tier node must be able to communicate to the node manager running on each internal and external node.
    4. The EBS WLS Domain includes the following clusters: oacore_cluster1, forms_cluster1, oafm_cluster1.
    5. There is one WLS cluster of each type (oacore_cluster1, forms_cluster1, oafm_cluster1) for the internal and external nodes (in other words– there is not a cluster for the external nodes and a cluster for the internal nodes)

    Hope this helps.
    Regards,
    Elke
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.

Recent Content