• September 9, 2012

Oracle Application in DMZ (Demilitarized Zone)

Guest Author

 Business Needs

Large Organizations want to expose their Oracle Application services outside their private network (HTTP/HTTPS and SSL). Usually these exposures must exist to promote external communication. So they want to separate an external network from directly referencing an internal network


Business Challenges

·         Business does not want to compromise with security information

·         Business cannot expose internal domain or internal URL information


Business Solution

DMZ is the solution of this problem. In Oracle application we can achieve this by following way –


·         Oracle Application consists of fleet nodes (FND_NODES) so first decide which node have to expose to public

·         To expose the node to public use the profile “Node Trust Level”

·         Set node to Public/Private (Normal -> private, External -> public)

·         Set "Responsibility Trust Level" profile to decide whether to expose Application Responsibility to inside or outside firewall





Solution Features  

·         Exposed web services can be accessed by both internal and external users

·         Configurable and can be very easily rolled out

·         Internal network and business data is secured from outside traffic

·         Unauthorized access to internal network from outside is prohibited

·         No need for VPN and Secure FTP server



·       Large Organizations having Oracle Application can expose their web services like (HTTP/HTTPS and SSL) to the internet without compromise with security information and without exposing their internal domain


Possible Week Points 

·         If external firewall is compromised, then external application server is also compromised, exposing an attack on E-Business Suite database

·         There’s nothing to prevent internal users from attacking internal application server, also exposing an attack on E-Business Suite database


Reference Links 

·         https://blogs.oracle.com/manojmadhusoodanan/tags/dmz

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.