Encrypting Traffic Between 11i Application and Database Tiers

Editor Sep 20 Update:  Added discussion of performance impact for this configuration

It's now possible to encrypt the SQL*Net traffic that flows between your E-Business Suite Release 11i application and database tier servers.

ASO diagram:

This long-awaited certification is delivered through an Oracle database feature called Oracle Advanced Security Option (ASO).  For reasons too arcane to discuss here, this is also  referred to as Advanced Networking Option (ANO).

The process involves installing an E-Business Suite Concurrent Manager patch and Oracle Advanced Networking, changing several configuration files, and then relinking your Apps executables.

The minimum prerequisites for this configuration include:
  • Oracle Applications 11.5.10 users with RUP 3 or later (11i.ATG.PF.H RUP3 patch 4334965 or later)
Exception for HP-UX Users

HP-UX users cannot enable ANO/ASO until the resolution of bug 5398088. This bug prevents access to MOD PL/SQL from the $IAS_ORACLE_HOME.

Negligible Impact on Performance

Several readers have asked about the performance overhead for this configuration.  According to our E-Business Suite Performance Group, the overhead is approximately 5%, mainly due to an increase in round-trips and payload size as well as some trivial amount of packet processing when ASO is enabled.

For security-conscious customers, this overhead is a small price to pay for the added security for encrypting this sensitive traffic.

Related
Comments:

Good news and an excellent document to follow.

Sam
http://appstech-sam.blogspot.com

Posted by Sam on September 18, 2006 at 05:50 PM PDT #

Thank you very much. This is timely information for us as we started to working in this direction.
But, doc# 123718.1(11i: A Guide to Understanding and Implementing SSL for Oracle Applications) is very old and covers all the three servers (HTTP, Forms and Database). How this document is different from the other one?

Posted by Rama Nalam on September 19, 2006 at 12:03 AM PDT #

Rama,Note 123718.1 is still valid and current for enabling various SSL options for your E-Business Suite environment.  The latest Note 391248.1 documents a new configuration that isn't currently covered in Note 123718.1.Regards,Steven

Posted by Steven Chan on September 19, 2006 at 01:25 AM PDT #

This is great news. I logged the original bug so long ago I almost forgot about it.
Too bad the configuration could not be "autconfig'd" Or scripted, like has been done for enabling SSL...

I realize resources are tight for R12 ...
Thanks
Paul E.

Posted by Paul Emblin on September 19, 2006 at 02:23 AM PDT #

I'm implementing this right now in one of my development instances. Overall I'm pretty impressed with the quality of the note. Thanks!

Posted by jay Weinshenker on April 12, 2007 at 02:36 AM PDT #

Thanks for your feedback on this one, Jay. I know that the team that worked on ASO/ANO will be pleased to hear this; I'll pass on your comments verbatim to them.

Regards,
Steven

Posted by Steven Chan on April 12, 2007 at 08:57 AM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
4
5
6
7
8
9
10
11
12
13
14
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today