Friday Oct 18, 2013

Sign E-Business Suite JAR Files Now

Java Security logoOracle E-Business Suite uses Java, notably for running Forms-based content via the Java Runtime Environment (JRE) browser plug-in. 

The default security settings for the JRE plug-in are expected to become more stringent over time.  To prepare for upcoming changes to Java security, all EBS 11i, 12.0, 12.1, and 12.2 system administrators must follow the procedures documented here:

More information about Java security is available here:

Getting help

If you have questions about Java Security, please log a Service Request with Java Support.

If you need assistance with the steps for signing EBS JAR files, please log a Service Request against the "Oracle Applications Technology Stack (TXK)" > "Java."


Tuesday Oct 15, 2013

Critical Patch Update for October 2013 Now Available

The  Critical Patch Update (CPU) for October 2013 was released on October 15, 2013. Oracle strongly recommends applying the patches as soon as possible.

The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

Supported products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

The Critical Patch Update Advisory is available at the following location:

The next four Critical Patch Update release dates are:

  • January 14, 2014
  • April 15, 2014
  • July 15, 2014
  • October 14, 2013
E-Business Suite Releases 11i and 12 Reference

Friday Sep 27, 2013

11.2.0.4 Database Certified with E-Business Suite

I’m pleased to announce that 11.2.0.4, the terminal patchset for the 11gR2 Database is now certified with Oracle E-Business Suite. Be sure to review the interoperability notes for R11i and R12 for the most up-to-date requirements for deployment.

Database support implications may also be reviewed in the database patching and support article.


Oracle E-Business Suite Release 11i

Prerequisites
  • 11.5.10.2 + ATG PF.H RUP 6 and higher
Certified Platforms
  • Linux x86 (Oracle Linux 4, 5)
  • Linux x86 (RHEL 4, 5)
  • Linux x86 (SLES 10)
  • Linux x86-64 (Oracle Linux 4, 5) -- Database-tier only
  • Linux x86-64 (RHEL 4, 5) -- Database-tier only
  • Linux x86-64 (SLES 10--Database-tier only)
Pending Platform Certifications
  • Oracle Solaris on SPARC
  • Oracle Solaris on x86-64 (64-bit)
  • IBM AIX on Power Systems
  • HP-UX Itanium
  • Microsoft Windows Server (32-bit)
  • Microsoft Windows x64 (64-bit)
  • HP-UX PA-RISC (64-bit)
  • IBM: Linux on System z 
Oracle E-Business Suite Release 12.0.4 and higher
Certified Platforms
  • Linux x86 (Oracle Linux 4, 5)
  • Linux x86 (RHEL 4, 5)
  • Linux x86 (SLES 10)
  • Linux x86-64 (Oracle Linux 4, 5)
  • Linux x86-64 (RHEL 4, 5)
  • Linux x86-64 (SLES 10)
Pending Certifications
  • Oracle Solaris on SPARC 
  • Oracle Solaris on x86-64
  • IBM AIX on Power Systems (64-bit)
  • HP-UX Itanium
  • Microsoft Windows Server (32-bit)
  • Microsoft Windows x64 (64-bit)
  • HP-UX PA-RISC (64-bit)
  • IBM: Linux on System z
Oracle E-Business Suite Release 12.1.1 and higher
Certified Platforms
  • Linux x86 (Oracle Linux 4, 5, 6)
  • Linux x86 (RHEL 4, 5, 6)
  • Linux x86 (SLES 10)
  • Linux x86-64 (Oracle Linux 4, 5, 6)
  • Linux x86-64 (RHEL 4, 5, 6)
  • Linux x86-64 (SLES 10, 11)
Pending Certifications
  • Oracle Solaris on SPARC 
  • Oracle Solaris on x86-64
  • IBM AIX on Power Systems (64-bit)
  • HP-UX Itanium
  • Microsoft Windows Server (32-bit)
  • Microsoft Windows x64 (64-bit)
  • HP-UX PA-RISC (64-bit)
  • IBM: Linux on System z
Database Feature and Option Certifications
The following database options and features are supported for use:
About the pending certifications

Oracle's Revenue Recognition rules prohibit us from discussing certification and release dates, but you're welcome to monitor or subscribe to this blog for updates, which I'll post as soon as soon as they're available.    

EBS 11i References
EBS 12 References
Related Articles
The preceding is intended to outline our general product direction.  It is intended for information purposes only, and may not be incorporated into any contract.   It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decision.  The development, release, and timing of any features or functionality described for Oracle's products remains at the sole discretion of Oracle.

12.1.0.1 Database Certified with Oracle E-Business Suite

(Feb 19, 2014 Update: Article has been updated to correctly reflect Active Data Guard and Data Guard as pending certifications.)

I’m pleased to announce that 12.1.0.1, the base release for the 12c Database is now certified. Be sure to review the interoperability notes for R11i and R12 for the most up-to-date requirements for deployment.

Database support implications may also be reviewed in the database patching and support article.


Oracle E-Business Suite Release 11i

Prerequisites
  • 11.5.10.2 + ATG PF.H RUP 7 and higher
Certified Platforms
  • Linux x86-64 (Oracle Linux 5) -- Database-tier only
  • Linux x86-64 (RHEL 5) -- Database-tier only
  • Oracle Solaris on SPARC (64-bit) (10)
  • Oracle Solaris on x86-64 (64-bit) (10) -- Database-tier only
Pending Platform Certifications
  • Microsoft Windows x64 (64-bit)
  • IBM AIX on Power Systems (64-bit)
  • HP-UX Itanium
  • IBM: Linux on System z 
Oracle E-Business Suite Release 12.0.6 and higher
Certified Platforms
  • Linux x86-64 (Oracle Linux 5)
  • Linux x86-64 (RHEL 5)
  • Oracle Solaris on SPARC (64-bit) (10)
  • Oracle Solaris on x86-64 (64-bit) (10) -- Database-tier only
Pending Platform Certifications
  • Microsoft Windows x64 (64-bit)
  • IBM AIX on Power Systems (64-bit)
  • HP-UX Itanium
  • IBM: Linux on System z 
    Oracle E-Business Suite Release 12.1.3 and higher
    Certified Platforms
    • Linux x86-64 (Oracle Linux 5, 6)
    • Linux x86-64 (RHEL 5, 6)
    • Linux x86-64 (SLES 11)
    • Oracle Solaris on SPARC (64-bit) (10, 11)
    • Oracle Solaris on x86-64 (64-bit) (10, 11) -- Database-tier only
    Pending Platform Certifications
    • Microsoft Windows x64 (64-bit)
    • IBM AIX on Power Systems (64-bit)
    • HP-UX Itanium
    • IBM: Linux on System z 
    Database Feature and Option Certifications
    The following database options and features are supported for use:

    Pending Feature/Option Certifications

    • Active Data Guard
    • Data Guard Redo Apply with Physical Standby Databases
    • Oracle Multitenant
    • Oracle Database Vault
    • Transportable Database and Transportable Tablespaces data migration processes

    About the pending certifications

    Oracle's Revenue Recognition rules prohibit us from discussing certification and release dates, but you're welcome to monitor or subscribe to this blog for updates, which I'll post as soon as soon as they're available.    

    EBS 11i References

    EBS 12 References
    Related Articles
    The preceding is intended to outline our general product direction.  It is intended for information purposes only, and may not be incorporated into any contract.   It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decision.  The development, release, and timing of any features or functionality described for Oracle's products remains at the sole discretion of Oracle.

    Thursday Jul 18, 2013

    Oracle Access Manager 11gR2 11.1.2.1.0 Certified With E-Business Suite

    I am happy to announce that Oracle Access Manager 11gR2  Patchset 1 (11.1.2.1.0) is now certified with E-Business Suite Releases 11i, 12.0 and 12.1.

    Choosing the Right Architecture

    If you are implementing single sign-on for the first time, or are an existing Oracle Access Manager user, you may integrate with Oracle Access Manager 11gR2 Patchset 1 using Oracle Access Manager WebGate and Oracle E-Business Suite AccessGate. If you are using Oracle Single Sign-On 10gR3 (10.1.4.3) you may migrate to Oracle Access Manager 11gR2 Patchset 1 with Oracle E-Business Suite Access Gate.

    Our previously published blog article and support note provides an overview of single sign-on integration options and recommendations:

    Platforms Certified

    The Oracle E-Business Suite AccessGate Java application is certified to run on any operating system for which Oracle WebLogic Server 11g is certified. Refer to the Oracle Fusion Middleware Release 11g (11.1.1.x) Certification Matrix for more details.

    For information on operating systems supported by Oracle Access Manager 11gR2 and its components, refer to the Oracle Identity and Access Management 11g Release 2 (11.1.2.1.0) Certification Matrix.

    Integration with Oracle Access Manager involves components spanning several different suites of Oracle products. There are no restrictions on which platform any particular component may be installed so long as the platform is supported for that component.

    References

      Related Articles

      (Article Contributor:  Allison Sparshott)

      Wednesday Jul 17, 2013

      Critical Patch Update for July 2013 Now Available

      The  Critical Patch Update (CPU) for July 2013 was released on July 16, 2013. Oracle strongly recommends applying the patches as soon as possible.

      The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

      Supported products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

      Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

      The Critical Patch Update Advisory is available at the following location:

      The next four Critical Patch Update release dates are:

      • October 15, 2013
      • January 14, 2014
      • April 15, 2014
      • July 15, 2014
      E-Business Suite Releases 11i and 12 Reference

      Tuesday Apr 23, 2013

      Using SAML-based Authentication for Web Services with Integrated SOA Gateway

      Web services provided by Oracle E-Business Suite Integrated SOA Gateway are secured at the transport level through SSL and at the message level through authentication tokens – Username Token and SAML Token (Sender Vouches). I will discuss SAML Token (Sender Vouches) here.

      Brief on SAML, SAML Token, SAML Token Profile

      Security Assertion Markup Language (SAML) is a XML-based framework to exchange security related information between Service Consumer, Identity Provider and Service Provider. The security information is expressed in terms of assertions. Statements about the subject or user form the SAML Token. 

      WS-Security defines a set of security token profiles for different types of tokens embedded within the SOAP message as headers. SAML Token Profile is one of the WS-Security Token Profiles that describe the syntax and meaning of SAML Tokens. SAML Tokens are embedded within SOAP messages by placing assertion elements inside the SOAP Header.

      As per WS-Security, there are three common methods to assure the Service Provider that the SOAP message came from the subject referenced in the token. The three common subject confirmation methods are Sender Vouches, Holder of Key, and Bearer. As of Oracle E-Business Suite Release 12.1.3, web services provided by Integrated SOA Gateway (inbound) support SAML Token using the Sender Vouches subject confirmation method.

      SAML Token - Sender Vouches

      SAML Tokens assert that the subject or user has already been authenticated. As the name suggests, in the Sender Vouches case, the Sender or SOAP web service client that sends the SOAP request message to SOAP web service vouches for the identity of the assertion’s subject.

      SAML flow diagram

      The SAML assertion may be provided by an external Identity Provider -- a SAML Authority or SAML Issuer. In this case, a client sends a SAML assertion request to a SAML Authority. The SAML Authority identifies the client, authenticates the subject, and sends SAML assertion as response to client. The client’s private key is used to sign both the assertion and the SOAP message body.

      The E-Business Suite's Integrated SOA Gateway uses Oracle Application Server’s Web Services Security framework. It verifies the digital signature in a SOAP request and extracts the SAML Token. It validates the SAML assertion such as the issuer, validity period, and authentication statement. It extracts the SAML Subject Name Identifier and verifies the same with registered Oracle Internet Directory (OID) for single sign-on users or with FND_USER table in Oracle E-Business Suite (EBS) database for non-single sign-on users. It uses Oracle Internet Directory to map the single sign-on user with the equivalent EBS user. The EBS username is then used for the authorization check for the web service execution.

      When to use SAML Sender Vouches based authentication for web services provided by Integrated SOA Gateway?

      SAML Token with Sender Vouches is best used for following scenarios:

      • Single Sign On: As part of your business process, you may want to authenticate once and propagate the authenticated identity as a SAML assertion to subsequent EBS web service calls.
      • Subject or user needs to be authenticated locally (at web service client end) or centrally by Identity Provider (or SAML Authority), and propagate the assertion to an EBS web service.

      How to use SAML Token Sender Vouches in Integrated SOA Gateway?

      The steps to expose an EBS API as web service are described in Oracle E-Business Suite Integrated SOA Gateway Implementation Guide and Developer's Guide

      • Create Grant for EBS API methods that you want to expose as web service operations
      • Generate and Deploy the EBS API as web service with SAML Token (Sender Vouches) authentication type
      • Configure client and EBS (server) for SAML  

      See Setting Up SAML Token Security for Oracle E-Business Suite Integrated SOA Gateway Release 12.1.3 [Note 1144313.1] 

      This Note describes the steps to configure SOAP Web Service Client as well as Oracle E-Business Suite (SOAP Web Service Provider). In Integrated SOA Gateway, a SAML Token Sender Vouches policy is applied at the web service level or port level. You may have to configure EBS for SAML for all web services that are deployed with Authentication Type as SAML Token (Sender Vouches).

      • Invoke web service with SAML Token

      The Note also describes steps to test web service invocation with a SAML Token. Depending upon the client program, you may programmatically insert SAML assertions or let web service security policy enforcement products such Oracle Web Services Manager (OWSM) insert a SAML Token in a SOAP request message.

      References

      Related Articles

      Monday Apr 01, 2013

      New Whitepaper: Function Security + Role-Based Access Control in Oracle EBS

      There are two main ways to implement security in Oracle E-Business Suite: “traditional” Oracle E-Business Suite responsibility-based security (usually referred to as “function security”) and Role-Based Access Control (RBAC).   Since they overlap in functionality, and RBAC incorporates and builds upon responsibility-based security, there is often confusion about how the two security models coexist and interact.

      I am pleased to announce the availability of a new whitepaper to help eliminate that confusion:

      RBAC vs. Grants

      This heavily-illustrated whitepaper discusses the main similarities and differences between the two types of security setups, as well as the objects involved.  It includes the following topics:

      1. Responsibility-based security (Function Security)
      2. Role-Based Access Control
      3. Functions and Permissions
      4. Roles and Grants
      5. Role Hierarchy and Role Inheritance
      6. Using Role Hierarchies to Simplify User Administration
      7. Best Practices for Implementing RBAC and Function Security

      This whitepaper is written for Oracle E-Business Suite system administrators, super-users, and implementers.  It applies to Oracle E-Business Suite Release 11i, 12.0, and 12.1.

      Happy reading!


      Wednesday Mar 27, 2013

      Migrating from EBS 11i + Oracle Single Sign-On to EBS 12 + Oracle Access Manager

      Our Identity Management team has just published an important change in the Oracle Software Technical Support Policies document (March, 2013):

      "For customers with a current support contract for Oracle Single Sign-On 10gR3, Extended Support will be made available until December 2013 at then-current Extended Support fees. During this period, Extended Support will be limited to Severity 1 fixes only; critical patch updates will not be made available."

      This is important if you've been wondering how to deal with this challenge: 

      • You know that Oracle Access Manager has supplanted Oracle Single Sign-On.  
      • You integrated Oracle Single Sign-On 10g with your E-Business Suite 11i environment several years ago.  
      • You plan to switch from Oracle Single Sign-On to Oracle Access Manager as part of your EBS 12 upgrade.
      • You want to get to EBS 12, but want to perform your EBS upgrade and OAM migrations different downtimes.
      • You've been staring at the latest EBS support timelines and deliberating your options:

      Timeline showing updated EBS Support dates

      All of the crucial pieces for this are now in place:

      1. Oracle Access Manager 11.1.2 is certified with EBS 11.5.10.2.
      2. Support for Oracle Single Sign-On 10g has been extended to Dec. 31, 2013.
      3. EBS 11.5.10's Exception to Sustaining Support has been extended to Dec. 31, 2014.
      4. EBS 12.1's Extended Support has been extended to Dec. 31, 2018.

      This means that you have sufficient support coverage for all major components while you do this in a multi-phase implementation.  You can migrate your EBS 11i environment from Oracle SSO 10g to Oracle Access Manager 11.1.2 this year, in one initial downtime.  You can then upgrade that environment from EBS 11i to EBS 12.1.3 in a later downtime. 

      Your implementation phases will look like this:

      1. Today: EBS 11i + Oracle Single Sign-On 10.1.4.3
      2. Interim phase:  EBS 11i + Oracle Access Manager 11.1.2
      3. Final phase: EBS 12.1.3 + Oracle Access Manager 11.1.2

      Each of these undertakings can be fairly major initiatives on their own, so breaking the overall project into smaller parts helps you manage your risk.  I would be very interested in hearing about your experiences with this kind of combined migration + upgrade implementation approach.  Please feel free to post a comment here or drop me a line privately.

      Related Articles


      Monday Mar 18, 2013

      Oracle Access Manager 11.1.2 Certified With E-Business Suite 11i

      I am pleased to announce that Oracle Access Manager 11gR2 (11.1.2.0.0) is now certified with E-Business Suite Release 11.5.10.2.  If you are implementing single sign-on for the first time, or currently use Oracle Access Manager or Oracle Single Sign-On, you may integrate with Oracle Access Manager 11gR2 using Oracle Access Manager WebGate and Oracle E-Business Suite AccessGate.

      EBS Oracle Access Manager architecture

      Transitionary architecture for EBS 12 upgrades

      This new certification can be used as a intermediate architecture on your upgrade path to EBS 12. This may allow you to reduce your overall risk and downtimes by doing your upgrade in multiple phases.

      For example, you might be using Oracle Single Sign-On with your EBS 11i environment today.  You will need to switch from Oracle Single Sign-On to Oracle Access Manager as part of your upgrade.  You can use the following strategy to phase in this new component:

      1. Today: EBS 11i + Oracle Single Sign-On 10.1.4.3
      2. Interim phase:  EBS 11i + Oracle Access Manager 11.1.2
      3. Final phase: EBS 12.1.3 + Oracle Access Manager 11.1.2
      Supported Architecture and Release Versions
      • Oracle Access Manager 11.1.2
      • Oracle E-Business Suite Release 11.5.10.2 + ATG Rollup Patchset 6 (11i.ATG_PF.H.delta.6) and higher.
      • Oracle Internet Directory 11.1.1.6
      • Oracle WebLogic Server 10.3.5+

      References

      Related Articles

      Monday Mar 04, 2013

      Java JRE 1.7.0_17 Certified with Oracle E-Business Suite

      Java logoJava Runtime Environment 7u17 (a.k.a. JRE 7u15-b02) and later updates on the JRE 7 codeline are now certified with Oracle E-Business Suite Release 11i and 12 for Windows-based desktop clients.

      All JRE 6 and 7 releases are certified with EBS upon release

      Our standard policy is that all E-Business Suite customers can apply all JRE updates to end-user desktops from JRE 1.6.0_03 and later updates on the 1.6 codeline, and from JRE 7u10 and later updates on the JRE 7 codeline.  We test all new JRE 1.6 and JRE 7 releases in parallel with the JRE development process, so all new JRE 1.6 and 7 releases are considered certified with the E-Business Suite on the same day that they're released by our Java team. 

      You do not need to wait for a certification announcement before applying new JRE 1.6 or JRE 7 releases to your EBS users' desktops.

      What's needed to enable EBS environments for JRE 7?

      EBS customers should ensure that they are running JRE 7u17, at minimum, on Windows desktop clients.

      Of the compatibility issues identified with JRE 7, the most critical is an issue that prevents E-Business Suite Forms-based products from launching on Windows desktops that are running JRE 7. 

      Customers can prevent this issue -- and all other JRE 7 compatibility issues -- by ensuring that they have applied the latest certified patches documented for JRE 7 configurations to their EBS application tier servers.

      These patches are compatible with JRE 6 and 7, production ready, and fully-tested with the E-Business Suite.  These patches may be applied immediately to all E-Business Suite environments. All other Forms prerequisites documented in the Notes above should also be applied. 

      Where are the official patch requirements documented?

      All patches required for ensuring full compatibility of the E-Business Suite with JRE 7 are documented in these Notes:

      For EBS 11i:

      For EBS 12

      Prerequisites for 32-bit and 64-bit JRE certifications

      JRE 1.70_17 32-bit + EBS 11.5.10.2

      JRE 1.70_17 32-bit + EBS 12.0 & 12.1

      JRE 1.7.0_17 64-bit + EBS 11.5.10.2

      JRE 1.70_17 64-bit + EBS 12.0 & 12.1

      EBS + Discoverer 11g Users

      JRE 1.7.0_17 (7u17) is certified for Discoverer 11g in E-Business Suite environments with the following minimum requirements:

      Worried about the 'mismanaged session cookie' issue?

      No need to worry -- it's fixed.  To recap: JRE releases 1.6.0_18 through 1.6.0_22 had issues with mismanaging session cookies that affected some users in some circumstances.

      The fix for those issues was first included in JRE 1.6.0_23. These fixes will carry forward and continue to be fixed in all future JRE releases on the JRE 6 and 7 codelines.  In other words, if you wish to avoid the mismanaged session cookie issue, you should apply any release after JRE 1.6.0_22 on the JRE 6 codeline, and JRE 7u10 and later JRE 7 codeline updates.

      Implications of Java 6 End of Public Updates for EBS Users

      The Support Roadmap for Oracle Java is published here:

      The latest updates to that page (as of Sept. 19, 2012) state (emphasis added):

      Java SE 6 End of Public Updates Notice

      After February 2013, Oracle will no longer post updates of Java SE 6 to its public download sites. Existing Java SE 6 downloads already posted as of February 2013 will remain accessible in the Java Archive on Oracle Technology Network. Developers and end-users are encouraged to update to more recent Java SE versions that remain available for public download. For enterprise customers, who need continued access to critical bug fixes and security fixes as well as general maintenance for Java SE 6 or older versions, long term support is available through Oracle Java SE Support .

      What does this mean for Oracle E-Business Suite users?

      EBS users fall under the category of "enterprise users" above.  Java is an integral part of the Oracle E-Business Suite technology stack, so EBS users will continue to receive Java SE 6 updates from February 2013 to the end of Java SE 6 Extended Support in June 2017.

      In other words, nothing will change for EBS users after February 2013. 

      EBS users will continue to receive critical bug fixes and security fixes as well as general maintenance for Java SE 6. These Java SE 6 updates will be made available to EBS users for the Extended Support periods documented in the Oracle Lifetime Support policy document for Oracle Applications (PDF):

      1. EBS 11i Extended Support ends November 2013
      2. EBS 12.0 Extended Support ends January 2015
      3. EBS 12.1 Extended Support ends December 2018

      How can EBS customers obtain Java 6 updates after the public end-of-life?

      EBS customers can download Java 6 patches from My Oracle Support.  For a complete list of all Java SE patch numbers, see:

      Will EBS users be forced to upgrade to JRE 7 for Windows desktop clients?

      No. This upgrade is highly recommended but currently remains optional. JRE 6 will be available to Windows users to run with EBS for the duration of your respective EBS Extended Support period.  Updates will be delivered via My Oracle Support, where you can continue to receive critical bug fixes and security fixes as well as general maintenance for JRE 6 desktop clients. 

      Coexistence of JRE 6 and JRE 7 on Windows desktops

      The upgrade to JRE 7 is highly recommended for EBS users, but some users may need to run both JRE 6 and 7 on their Windows desktops for reasons unrelated to the E-Business Suite.

      Most EBS configurations with IE and Firefox use non-static versioning by default. JRE 7 will be invoked instead of JRE 6 if both are installed on a Windows desktop. For more details, see "Appendix B: Static vs. Non-static Versioning and Set Up Options" in Notes 290807.1 and 393931.1.

      Applying Updates to JRE 6 and JRE 7 to Windows desktops

      Auto-update will keep JRE 7 up-to-date for Windows users with JRE 7 installed.

      Auto-update will only keep JRE 7 up-to-date for Windows users with both JRE 6 and 7 installed. 

      JRE 6 users are strongly encouraged to apply the latest Critical Patch Updates as soon as possible after each release. The Jave SE CPUs will be available via My Oracle Support.  EBS users can find more information about JRE 6 and 7 updates here:

      The dates for future Java SE CPUs can be found on the Critical Patch Updates, Security Alerts and Third Party Bulletin.  An RSS feed is available on that site for those who would like to be kept up-to-date.

      What will Mac users need?

      Oracle will provide updates to JRE 7 for Mac OS X users. EBS users running Macs will need to upgrade to JRE 7 to receive JRE updates.

      The certification of Oracle E-Business Suite with JRE 7 for Mac-based desktop clients accessing EBS Forms-based content is underway. Mac users waiting for that certification may find this article useful:

      Will EBS users be forced to upgrade to JDK 7 for EBS application tier servers?

      No. This upgrade will be highly recommended but will be optional for EBS application tier servers running on Windows, Linux, and Solaris.  You can choose to remain on JDK 6 for the duration of your respective EBS Extended Support period.  If you remain on JDK 6, you will continue to receive critical bug fixes and security fixes as well as general maintenance for JDK 6.

      The certification of Oracle E-Business Suite with JDK 7 for EBS application tier servers on Windows, Linux, and Solaris as well as other platforms such as IBM AIX and HP-UX is planned.  Customers running platforms other than Windows, Linux, and Solaris should refer to their Java vendors's sites for more information about their support policies.

      References

      Related Articles

      Tuesday Feb 19, 2013

      Java JRE 1.7.0_15 Certified with Oracle E-Business Suite

      Java logoJava Runtime Environment 7u15 (a.k.a. JRE 7u15-b03) and later updates on the JRE 7 codeline are now certified with Oracle E-Business Suite Release 11i and 12 for Windows-based desktop clients.

      All JRE 6 and 7 releases are certified with EBS upon release

      Our standard policy is that all E-Business Suite customers can apply all JRE updates to end-user desktops from JRE 1.6.0_03 and later updates on the 1.6 codeline, and from JRE 7u10 and later updates on the JRE 7 codeline.  We test all new JRE 1.6 and JRE 7 releases in parallel with the JRE development process, so all new JRE 1.6 and 7 releases are considered certified with the E-Business Suite on the same day that they're released by our Java team. 

      You do not need to wait for a certification announcement before applying new JRE 1.6 or JRE 7 releases to your EBS users' desktops.

      What's needed to enable EBS environments for JRE 7?

      EBS customers should ensure that they are running JRE 7u15, at minimum, on Windows desktop clients.

      Of the compatibility issues identified with JRE 7, the most critical is an issue that prevents E-Business Suite Forms-based products from launching on Windows desktops that are running JRE 7. 

      Customers can prevent this issue -- and all other JRE 7 compatibility issues -- by ensuring that they have applied the latest certified patches documented for JRE 7 configurations to their EBS application tier servers.  These are summarized here for convenience. If the requirements change over time, please check the Notes for the authoritative list of patches:

      1. Apply Forms patch 14615390 to EBS 11i environments (Note 125767.1)
      2. Apply Forms patch 14614795 to EBS 12.0 and 12.1 environments (Note 437878.1)

      These patches are compatible with JRE 6 and 7, production ready, and fully-tested with the E-Business Suite.  These patches may be applied immediately to all E-Business Suite environments. All other Forms prerequisites documented in the Notes above should also be applied. 

      Where are the official patch requirements documented?

      All patches required for ensuring full compatibility of the E-Business Suite with JRE 7 are documented in these Notes:

      For EBS 11i:

      For EBS 12

      Prerequisites for 32-bit and 64-bit JRE certifications

      JRE 1.70_15 32-bit + EBS 11.5.10.2

      JRE 1.70_15 32-bit + EBS 12.0 & 12.1

      JRE 1.7.0_15 64-bit + EBS 11.5.10.2

      JRE 1.70_15 64-bit + EBS 12.0 & 12.1

      EBS + Discoverer 11g Users

      JRE 1.7.0_15 (7u15) is certified for Discoverer 11g in E-Business Suite environments with the following minimum requirements:

      Worried about the 'mismanaged session cookie' issue?

      No need to worry -- it's fixed.  To recap: JRE releases 1.6.0_18 through 1.6.0_22 had issues with mismanaging session cookies that affected some users in some circumstances.

      The fix for those issues was first included in JRE 1.6.0_23. These fixes will carry forward and continue to be fixed in all future JRE releases on the JRE 6 and 7 codelines.  In other words, if you wish to avoid the mismanaged session cookie issue, you should apply any release after JRE 1.6.0_22 on the JRE 6 codeline, and JRE 7u10 and later JRE 7 codeline updates.

      Implications of Java 6 End of Public Updates for EBS Users

      The Support Roadmap for Oracle Java is published here:

      The latest updates to that page (as of Sept. 19, 2012) state (emphasis added):

      Java SE 6 End of Public Updates Notice

      After February 2013, Oracle will no longer post updates of Java SE 6 to its public download sites. Existing Java SE 6 downloads already posted as of February 2013 will remain accessible in the Java Archive on Oracle Technology Network. Developers and end-users are encouraged to update to more recent Java SE versions that remain available for public download. For enterprise customers, who need continued access to critical bug fixes and security fixes as well as general maintenance for Java SE 6 or older versions, long term support is available through Oracle Java SE Support .

      What does this mean for Oracle E-Business Suite users?

      EBS users fall under the category of "enterprise users" above.  Java is an integral part of the Oracle E-Business Suite technology stack, so EBS users will continue to receive Java SE 6 updates from February 2013 to the end of Java SE 6 Extended Support in June 2017.

      In other words, nothing will change for EBS users after February 2013. 

      EBS users will continue to receive critical bug fixes and security fixes as well as general maintenance for Java SE 6. These Java SE 6 updates will be made available to EBS users for the Extended Support periods documented in the Oracle Lifetime Support policy document for Oracle Applications (PDF):

      1. EBS 11i Extended Support ends November 2013
      2. EBS 12.0 Extended Support ends January 2015
      3. EBS 12.1 Extended Support ends December 2018

      How can EBS customers obtain Java 6 updates after the public end-of-life?

      EBS customers can download Java 6 patches from My Oracle Support.  For a complete list of all Java SE patch numbers, see:

      Will EBS users be forced to upgrade to JRE 7 for Windows desktop clients?

      No. This upgrade is highly recommended but currently remains optional. JRE 6 will be available to Windows users to run with EBS for the duration of your respective EBS Extended Support period.  Updates will be delivered via My Oracle Support, where you can continue to receive critical bug fixes and security fixes as well as general maintenance for JRE 6 desktop clients. 

      Coexistence of JRE 6 and JRE 7 on Windows desktops

      The upgrade to JRE 7 is highly recommended for EBS users, but some users may need to run both JRE 6 and 7 on their Windows desktops for reasons unrelated to the E-Business Suite.

      Most EBS configurations with IE and Firefox use non-static versioning by default. JRE 7 will be invoked instead of JRE 6 if both are installed on a Windows desktop. For more details, see "Appendix B: Static vs. Non-static Versioning and Set Up Options" in Notes 290807.1 and 393931.1.

      Applying Updates to JRE 6 and JRE 7 to Windows desktops

      Auto-update will keep JRE 7 up-to-date for Windows users with JRE 7 installed.

      Auto-update will only keep JRE 7 up-to-date for Windows users with both JRE 6 and 7 installed. 

      JRE 6 users are strongly encouraged to apply the latest Critical Patch Updates as soon as possible after each release. The Jave SE CPUs will be available via My Oracle Support.  EBS users can find more information about JRE 6 and 7 updates here:

      The dates for future Java SE CPUs can be found on the Critical Patch Updates, Security Alerts and Third Party Bulletin.  An RSS feed is available on that site for those who would like to be kept up-to-date.

      What will Mac users need?

      Oracle will provide updates to JRE 7 for Mac OS X users. EBS users running Macs will need to upgrade to JRE 7 to receive JRE updates.

      The certification of Oracle E-Business Suite with JRE 7 for Mac-based desktop clients accessing EBS Forms-based content is underway. Mac users waiting for that certification may find this article useful:

      Will EBS users be forced to upgrade to JDK 7 for EBS application tier servers?

      No. This upgrade will be highly recommended but will be optional for EBS application tier servers running on Windows, Linux, and Solaris.  You can choose to remain on JDK 6 for the duration of your respective EBS Extended Support period.  If you remain on JDK 6, you will continue to receive critical bug fixes and security fixes as well as general maintenance for JDK 6.

      The certification of Oracle E-Business Suite with JDK 7 for EBS application tier servers on Windows, Linux, and Solaris as well as other platforms such as IBM AIX and HP-UX is planned.  Customers running platforms other than Windows, Linux, and Solaris should refer to their Java vendors's sites for more information about their support policies.

      References

      Related Articles

      Thursday Feb 14, 2013

      Webcast Replay Available: Top 10 Free Ways of Securing Your EBS Instance

      I am pleased to announce the availability of the webcast replay for the Top 10 Free Ways of Securing Your EBS Instance here:

      This webcast was presented by Eric Bing, Senior Director, and Elke Phelps, Senior Principal Product Manager, and covers things you can do to improve the security of your Oracle E-Business Suite instance. Best of all, the actions discussed in this webcast are free! This webcast was targeted to system administrators, DBAs, and implementers.

      E-Business Suite architecture diagram showing firewalls and internal and external application servers

      This webcast, led by Eric Bing,Senior Director, and Elke Phelps, Senior Principal Product Manager, covered the following topics:

      • Check Profile Settings
      • Change Default Passwords
      • Secure APPLSYSPUB
      • Activate Server Security
      • Implement IP address restrictions
      • Migrate to Password Hashing
      • Enable Application Tier Secure Socket Layer (SSL)
      • Move Off of Client/Server Components
      • Secure Configuration of Attachments
      • Turn on ModSecurity
      • Encrypt Credit Card Data
      • Separation of Duties: Review Access To “Sensitive Administrative Pages”

      Related Articles

      Wednesday Feb 06, 2013

      Using Oracle Label Security with Oracle E-Business Suite

      Most security administrators know how to use E-Business Suite responsibilities to manage access to data and functionality.  The majority of EBS customers will never need anything beyond those standard capabilities. Some organisations may need specialised security to complement the EBS responsibility model. Oracle Label Security may appropriate for certain specialised requirements.

      Oracle Label Security example diagram

      Oracle Label Security allows administrators to classify every row in a table, ensuring that access to sensitive data is restricted to users with the appropriate clearance level. OLS can be used to enforce regulatory compliance with a policy-based administration model to support custom data classification schemes for implementing “need to know” access. Labels can be used as factors within Oracle Database Vault command rules for multi-factor authorization polices.

      Supported but not certified

      It is possible to use Oracle Label Security with the E-Business Suite.  Custom OLS policies will -- by design -- change the end-user behavior of EBS.  It is possible for an OLS policy to break EBS, so we can't offer the standard technology certification in this case.   What is certified is "the approach" of using OLS to implement custom security policies over EBS relational data.  We do not certify specific versions of OLS, nor do we certify specific OLS policies.

      From a support perspective, we treat OLS policies like any other EBS customization, namely:

      • We can only issue EBS patches for issues that can be reproduced in environments without custom OLS policies.
      • If you report an issue that can't be reproduced in vanilla, uncustomized environments, our default guidance will be to disable the custom OLS policies.
      • We cannot review your OLS policies or make recommendations on how to create custom OLS policies.

      How do I define OLS policies in EBS environments?

      This rather-elderly Note explains techniques for adding OLS policy initialization logic to EBS session initialization.  Although this Note is written specifically for Oracle9i Label Security and EBS 11i, the techniques documented here remain valid today to later database and EBS releases:

      Related Articles


      Saturday Feb 02, 2013

      Java JRE 1.7.0_13 Certified with Oracle E-Business Suite

      Java logoJava Runtime Environment 7u13 (a.k.a. JRE 1.7.0_13 build 20) and later updates on the JRE 7 codeline are now certified with Oracle E-Business Suite Release 11i and 12 for Windows-based desktop clients.

      All JRE 6 and 7 releases are certified with EBS upon release

      Our standard policy is that all E-Business Suite customers can apply all JRE updates to end-user desktops from JRE 1.6.0_03 and later updates on the 1.6 codeline, and from JRE 7u10 and later updates on the JRE 7 codeline.  We test all new JRE 1.6 and JRE 7 releases in parallel with the JRE development process, so all new JRE 1.6 and 7 releases are considered certified with the E-Business Suite on the same day that they're released by our Java team. 

      You do not need to wait for a certification announcement before applying new JRE 1.6 or JRE 7 releases to your EBS users' desktops.

      What's needed to enable EBS environments for JRE 7?

      EBS customers should ensure that they are running JRE 7u13, at minimum, on Windows desktop clients.

      Of the compatibility issues identified with JRE 7, the most critical is an issue that prevents E-Business Suite Forms-based products from launching on Windows desktops that are running JRE 7. 

      Customers can prevent this issue -- and all other JRE 7 compatibility issues -- by ensuring that they have applied the latest certified patches documented for JRE 7 configurations to their EBS application tier servers.  These are summarized here for convenience. If the requirements change over time, please check the Notes for the authoritative list of patches:

      1. Apply Forms patch 14615390 to EBS 11i environments (Note 125767.1)
      2. Apply Forms patch 14614795 to EBS 12.0 and 12.1 environments (Note 437878.1)

      These patches are compatible with JRE 6 and 7, production ready, and fully-tested with the E-Business Suite.  These patches may be applied immediately to all E-Business Suite environments. All other Forms prerequisites documented in the Notes above should also be applied. 

      Where are the official patch requirements documented?

      All patches required for ensuring full compatibility of the E-Business Suite with JRE 7 are documented in these Notes:

      For EBS 11i:

      For EBS 12

      Prerequisites for 32-bit and 64-bit JRE certifications

      JRE 1.70_13 32-bit + EBS 11.5.10.2

      JRE 1.70_13 32-bit + EBS 12.0 & 12.1

      JRE 1.7.0_13 64-bit + EBS 11.5.10.2

      JRE 1.70_13 64-bit + EBS 12.0 & 12.1

      EBS + Discoverer 11g Users

      JRE 1.7.0_13 (7u13) is certified for Discoverer 11g in E-Business Suite environments with the following minimum requirements:

      Worried about the 'mismanaged session cookie' issue?

      No need to worry -- it's fixed.  To recap: JRE releases 1.6.0_18 through 1.6.0_22 had issues with mismanaging session cookies that affected some users in some circumstances.

      The fix for those issues was first included in JRE 1.6.0_23. These fixes will carry forward and continue to be fixed in all future JRE releases on the JRE 6 and 7 codelines.  In other words, if you wish to avoid the mismanaged session cookie issue, you should apply any release after JRE 1.6.0_22 on the JRE 6 codeline, and JRE 7u10 and later JRE 7 codeline updates.

      Implications of Java 6 End of Public Updates for EBS Users

      The Support Roadmap for Oracle Java is published here:

      The latest updates to that page (as of Sept. 19, 2012) state (emphasis added):

      Java SE 6 End of Public Updates Notice

      After February 2013, Oracle will no longer post updates of Java SE 6 to its public download sites. Existing Java SE 6 downloads already posted as of February 2013 will remain accessible in the Java Archive on Oracle Technology Network. Developers and end-users are encouraged to update to more recent Java SE versions that remain available for public download. For enterprise customers, who need continued access to critical bug fixes and security fixes as well as general maintenance for Java SE 6 or older versions, long term support is available through Oracle Java SE Support .

      What does this mean for Oracle E-Business Suite users?

      EBS users fall under the category of "enterprise users" above.  Java is an integral part of the Oracle E-Business Suite technology stack, so EBS users will continue to receive Java SE 6 updates from February 2013 to the end of Java SE 6 Extended Support in June 2017.

      In other words, nothing will change for EBS users after February 2013. 

      EBS users will continue to receive critical bug fixes and security fixes as well as general maintenance for Java SE 6. These Java SE 6 updates will be made available to EBS users for the Extended Support periods documented in the Oracle Lifetime Support policy document for Oracle Applications (PDF):

      1. EBS 11i Extended Support ends November 2013
      2. EBS 12.0 Extended Support ends January 2015
      3. EBS 12.1 Extended Support ends December 2018

      How can EBS customers obtain Java 6 updates after the public end-of-life?

      EBS customers can download Java 6 patches from My Oracle Support.  For a complete list of all Java SE patch numbers, see:

      Will EBS users be forced to upgrade to JRE 7 for Windows desktop clients?

      No. This upgrade is highly recommended but currently remains optional. JRE 6 will be available to Windows users to run with EBS for the duration of your respective EBS Extended Support period.  Updates will be delivered via My Oracle Support, where you can continue to receive critical bug fixes and security fixes as well as general maintenance for JRE 6 desktop clients. 

      Coexistence of JRE 6 and JRE 7 on Windows desktops

      The upgrade to JRE 7 is highly recommended for EBS users, but some users may need to run both JRE 6 and 7 on their Windows desktops for reasons unrelated to the E-Business Suite.

      Most EBS configurations with IE and Firefox use non-static versioning by default. JRE 7 will be invoked instead of JRE 6 if both are installed on a Windows desktop. For more details, see "Appendix B: Static vs. Non-static Versioning and Set Up Options" in Notes 290807.1 and 393931.1.

      Applying Updates to JRE 6 and JRE 7 to Windows desktops

      Auto-update will keep JRE 7 up-to-date for Windows users with JRE 7 installed.

      Auto-update will only keep JRE 7 up-to-date for Windows users with both JRE 6 and 7 installed. 

      JRE 6 users are strongly encouraged to apply the latest Critical Patch Updates as soon as possible after each release. The Jave SE CPUs will be available via My Oracle Support.  EBS users can find more information about JRE 6 and 7 updates here:

      The dates for future Java SE CPUs can be found on the Critical Patch Updates, Security Alerts and Third Party Bulletin.  An RSS feed is available on that site for those who would like to be kept up-to-date.

      What will Mac users need?

      Oracle will provide updates to JRE 7 for Mac OS X users. EBS users running Macs will need to upgrade to JRE 7 to receive JRE updates.

      The certification of Oracle E-Business Suite with JRE 7 for Mac-based desktop clients accessing EBS Forms-based content is underway. Mac users waiting for that certification may find this article useful:

      Will EBS users be forced to upgrade to JDK 7 for EBS application tier servers?

      No. This upgrade will be highly recommended but will be optional for EBS application tier servers running on Windows, Linux, and Solaris.  You can choose to remain on JDK 6 for the duration of your respective EBS Extended Support period.  If you remain on JDK 6, you will continue to receive critical bug fixes and security fixes as well as general maintenance for JDK 6.

      The certification of Oracle E-Business Suite with JDK 7 for EBS application tier servers on Windows, Linux, and Solaris as well as other platforms such as IBM AIX and HP-UX is planned.  Customers running platforms other than Windows, Linux, and Solaris should refer to their Java vendors's sites for more information about their support policies.

      References

      Related Articles

      Tuesday Jan 22, 2013

      ATG Live Webcast Jan. 24th: Top 10 Free Ways of Securing Your EBS Instance

      This webcast provides you with an understanding of the actions you can take now to improve the security of your Oracle E-Business Suite instance. Best of all, the actions being discussed in this webcast are free! This webcast is targeted to system administrators, DBAs, and implementers.

      E-Business Suite architecture diagram showing firewalls and internal and external application servers

      This webcast, led by Eric Bing,Senior Director, and Elke Phelps, Senior Principal Product Manager, will cover the following topics:

      • Check Profile Settings
      • Change Default Passwords
      • Secure APPLSYSPUB
      • Activate Server Security
      • Implement IP address restrictions
      • Migrate to Password Hashing
      • Enable Application Tier Secure Socket Layer (SSL)
      • Move Off of Client/Server Components
      • Secure Configuration of Attachments
      • Turn on ModSecurity
      • Encrypt Credit Card Data
      • Separation of Duties: Review Access To “Sensitive Administrative Pages”

      Date:                Thursday, January 24, 2013
      Time:               11:00 AM - 12:00 PM Pacific Standard Time
      Presenters:   Elke Phelps, Senior Principal Product Manager
                               Eric Bing, Senior Director

      Webcast Registration Link (Preregistration is optional but encouraged)

      To hear the audio feed:

         Domestic Participant Dial-In Number:           877-697-8128
          International Participant Dial-In Number:      706-634-9568
          Additional International Dial-In Numbers Link:
          Dial-In Passcode:                                              104460

      To see the presentation:
          The Direct Access Web Conference details are:
          Website URL: https://ouweb.webex.com
          Meeting Number:  593152632

      If you miss the webcast, or you have missed any webcast, don't worry -- we'll post links to the recording as soon as it's available from Oracle University.  You can monitor this blog for pointers to the replay. And, you can find our archive of our past webcasts and training here.

      If you have any questions or comments, feel free to email Bill Sawyer (Senior Manager, Applications Technology Curriculum) at BilldotSawyer-AT-Oracle-DOT-com.

      Tuesday Jan 15, 2013

      Critical Patch Update for January 2013 Now Available

      The  Critical Patch Update (CPU) for January 2013 was released on January 15, 2013. Oracle strongly recommends applying the patches as soon as possible.

      The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

      Supported products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

      Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

      The Critical Patch Update Advisory is available at the following location:

      The next four Critical Patch Update release dates are:

      • April 16, 2013
      • July 16, 2013
      • October 15, 2013
      • January 14, 2014
      E-Business Suite Releases 11i and 12 Reference

      Monday Jan 14, 2013

      Java JRE 1.7.0_11 Certified with Oracle E-Business Suite

      Java logoJava Runtime Environment 7u11 (a.k.a. JRE 1.7.0_11 build 21) and later updates on the JRE 7 codeline are now certified with Oracle E-Business Suite Release 11i and 12 Windows-based desktop clients.

      JRE 1.7.0_11 (7u11) is a CPU security release that includes the fix for Oracle Security Alert CVE-2013-0422. Oracle strongly recommends that users running JRE 7 on their desktop clients upgrade to this version. 

      All JRE 6 and 7 releases are certified with EBS upon release

      Our standard policy is that all E-Business Suite customers can apply all JRE updates to end-user desktops from JRE 1.6.0_03 and later updates on the 1.6 codeline, and from JRE 7u10 and later updates on the JRE 7 codeline.  We test all new JRE 1.6 and JRE 7 releases in parallel with the JRE development process, so all new JRE 1.6 and 7 releases are considered certified with the E-Business Suite on the same day that they're released by our Java team. 

      You do not need to wait for a certification announcement before applying new JRE 1.6 or JRE 7 releases to your EBS users' desktops.

      What's needed to enable EBS environments for JRE 7?

      EBS customers should ensure that they are running JRE 7u11, at minimum, on Windows desktop clients.

      Of the compatibility issues identified with JRE 7, the most critical is an issue that prevents E-Business Suite Forms-based products from launching on Windows desktops that are running JRE 7. 

      Customers can prevent this issue -- and all other JRE 7 compatibility issues -- by ensuring that they have applied the latest certified patches documented for JRE 7 configurations to their EBS application tier servers.  These are summarized here for convenience. If the requirements change over time, please check the Notes for the authoritative list of patches:

      1. Apply Forms patch 14615390 to EBS 11i environments (Note 125767.1)
      2. Apply Forms patch 14614795 to EBS 12.0 and 12.1 environments (Note 437878.1)

      These patches are compatible with JRE 6 and 7, production ready, and fully-tested with the E-Business Suite.  These patches may be applied immediately to all E-Business Suite environments. All other Forms prerequisites documented in the Notes above should also be applied. 

      Where are the official patch requirements documented?

      All patches required for ensuring full compatibility of the E-Business Suite with JRE 7 are documented in these Notes:

      For EBS 11i:

      For EBS 12

      Prerequisites for 32-bit and 64-bit JRE certifications

      JRE 1.70_11 32-bit + EBS 11.5.10.2

      JRE 1.70_11 32-bit + EBS 12.0 & 12.1

      JRE 1.7.0_11 64-bit + EBS 11.5.10.2

      JRE 1.70_11 64-bit + EBS 12.0 & 12.1

      EBS + Discoverer 11g Users

      JRE 1.7.0_11 (7u11) is certified for Discoverer 11g in E-Business Suite environments with the following minimum requirements:

      Worried about the 'mismanaged session cookie' issue?

      No need to worry -- it's fixed.  To recap: JRE releases 1.6.0_18 through 1.6.0_22 had issues with mismanaging session cookies that affected some users in some circumstances.

      The fix for those issues was first included in JRE 1.6.0_23. These fixes will carry forward and continue to be fixed in all future JRE releases on the JRE 6 and 7 codelines.  In other words, if you wish to avoid the mismanaged session cookie issue, you should apply any release after JRE 1.6.0_22 on the JRE 6 codeline, and JRE 7u10 and later JRE 7 codeline updates.

      Implications of Java 6 End of Public Updates for EBS Users

      The Support Roadmap for Oracle Java is published here:

      The latest updates to that page (as of Sept. 19, 2012) state (emphasis added):

      Java SE 6 End of Public Updates Notice

      After February 2013, Oracle will no longer post updates of Java SE 6 to its public download sites. Existing Java SE 6 downloads already posted as of February 2013 will remain accessible in the Java Archive on Oracle Technology Network. Developers and end-users are encouraged to update to more recent Java SE versions that remain available for public download. For enterprise customers, who need continued access to critical bug fixes and security fixes as well as general maintenance for Java SE 6 or older versions, long term support is available through Oracle Java SE Support .

      What does this mean for Oracle E-Business Suite users?

      EBS users fall under the category of "enterprise users" above.  Java is an integral part of the Oracle E-Business Suite technology stack, so EBS users will continue to receive Java SE 6 updates from February 2013 to the end of Java SE 6 Extended Support in June 2017.

      In other words, nothing will change for EBS users after February 2013. 

      EBS users will continue to receive critical bug fixes and security fixes as well as general maintenance for Java SE 6. These Java SE 6 updates will be made available to EBS users for the Extended Support periods documented in the Oracle Lifetime Support policy document for Oracle Applications (PDF):

      1. EBS 11i Extended Support ends November 2013
      2. EBS 12.0 Extended Support ends January 2015
      3. EBS 12.1 Extended Support ends December 2018

      How can EBS customers obtain Java 6 updates after the public end-of-life?

      EBS customers can download Java 6 patches from My Oracle Support.  For a complete list of all Java SE patch numbers, see:

      Will EBS users be forced to upgrade to JRE 7 for Windows desktop clients?

      No. This upgrade is highly recommended but currently remains optional. JRE 6 will be available to Windows users to run with EBS for the duration of your respective EBS Extended Support period.  Updates will be delivered via My Oracle Support, where you can continue to receive critical bug fixes and security fixes as well as general maintenance for JRE 6 desktop clients. 

      Coexistence of JRE 6 and JRE 7 on Windows desktops

      The upgrade to JRE 7 is highly recommended for EBS users, but some users may need to run both JRE 6 and 7 on their Windows desktops for reasons unrelated to the E-Business Suite.

      Most EBS configurations with IE and Firefox use non-static versioning by default. JRE 7 will be invoked instead of JRE 6 if both are installed on a Windows desktop. For more details, see "Appendix B: Static vs. Non-static Versioning and Set Up Options" in Notes 290807.1 and 393931.1.

      Applying Updates to JRE 6 and JRE 7 to Windows desktops

      Auto-update will keep JRE 7 up-to-date for Windows users with JRE 7 installed.

      Auto-update will only keep JRE 7 up-to-date for Windows users with both JRE 6 and 7 installed. 

      JRE 6 users are strongly encouraged to apply the latest Critical Patch Updates as soon as possible after each release. The Jave SE CPUs will be available via My Oracle Support.  EBS users can find more information about JRE 6 and 7 updates here:

      The dates for future Java SE CPUs can be found on the Critical Patch Updates, Security Alerts and Third Party Bulletin.  An RSS feed is available on that site for those who would like to be kept up-to-date.

      What will Mac users need?

      Oracle will provide updates to JRE 7 for Mac OS X users. EBS users running Macs will need to upgrade to JRE 7 to receive JRE updates.

      The certification of Oracle E-Business Suite with JRE 7 for Mac-based desktop clients accessing EBS Forms-based content is underway. Mac users waiting for that certification may find this article useful:

      Will EBS users be forced to upgrade to JDK 7 for EBS application tier servers?

      No. This upgrade will be highly recommended but will be optional for EBS application tier servers running on Windows, Linux, and Solaris.  You can choose to remain on JDK 6 for the duration of your respective EBS Extended Support period.  If you remain on JDK 6, you will continue to receive critical bug fixes and security fixes as well as general maintenance for JDK 6.

      The certification of Oracle E-Business Suite with JDK 7 for EBS application tier servers on Windows, Linux, and Solaris as well as other platforms such as IBM AIX and HP-UX is planned.  Customers running platforms other than Windows, Linux, and Solaris should refer to their Java vendors's sites for more information about their support policies.

      References

      Related Articles

      Thursday Dec 06, 2012

      Oracle Access Manager 11.1.2 Certified with E-Business Suite 12

      I am happy to announce that Oracle Access Manager 11gR2 (11.1.2) is now certified with E-Business Suite Releases 12.0.6 and 12.1. If you are implementing single sign-on for the first time, or are an existing Oracle Access Manager user, you may integrate with Oracle Access Manager 11gR2 using Oracle Access Manager WebGate and Oracle E-Business Suite AccessGate.

      Supported Architecture and Release Versions

      • Oracle Access Manager 11.1.2
      • Oracle E-Business Suite Release 12.0.6, 12.1.1+
      • Oracle Identity Management 11.1.1.5, 11.1.1.6
      • Oracle Internet Directory 11.1.1.6
      • Oracle WebLogic Server 10.3.5+
      What's New In This Oracle Access Manager 11gR2 Integration?
      • Simplified integration: We've simplified the instructions and cut the number of pages, while adding clarity to the steps.

      • Automation of configuration steps:  We've automated some of the required configuration steps. This is the first phase of automation and diagnostics that are part of our roadmap for this integration.

      • Use of default OAM Login page: We are reducing the required troubleshooting by delivering the default OAM Login page for the integration. A custom login page can still be created by using Oracle Access Manager.

      • Use of the Detached Credential collector in a Demilitarized Zone: We have certified the Detached Credential collector as part of a DMZ configuration. This will enhance the security of the underlying Oracle Access Manager and E-Business Suite components, which will now be required only within a company's intranet.  

      Choosing the Right Architecture

      Our previously published blog article and support note with single sign-on recommended and certified integration paths has been updated to include Oracle Access Manager 11gR2:

      Other References

      Related Articles

      Monday Nov 12, 2012

      E-Business Suite 12.1.3 Data Masking Certified with Enterprise Manager 12c

      Following up on our prior announcement for EM 11g, we're pleased to announce the certification of the E-Business Suite 12.1.3 Data Masking Template for the Data Masking Pack with Enterprise Manager Cloud Control 12c.

      You can use the Oracle Data Masking Pack with Oracle Enterprise Manager Grid Control 12c to scramble sensitive data in cloned E-Business Suite environments.  Due to data dependencies, scrambling E-Business Suite data is not a trivial task.  The data needs to be scrubbed in such a way that allows the application to continue to function. 

      You may scramble data in E-Business Suite cloned environments with EM12c using the following template:

      What does data masking do in E-Business Suite environments?

      Application data masking does the following:

      • De-identify the data:  Scramble identifiers of individuals, also known as personally identifiable information or PII.  Examples include information such as name, account, address, location, and driver's license number.
      • Mask sensitive data:  Mask data that, if associated with personally identifiable information (PII), would cause privacy concerns.  Examples include compensation, health and employment information.  
      • Maintain data validity:  Provide a fully functional application.

      How can EBS customers use data masking?

      The Oracle E-Business Suite Template for Data Masking Pack can be used in situations where confidential or regulated data needs to be shared with other non-production users who need access to some of the original data, but not necessarily every table.  Examples of non-production users include internal application developers or external business partners such as offshore testing companies, suppliers or customers. 

      The template works with the Oracle Data Masking Pack and Oracle Enterprise Manager to obscure sensitive E-Business Suite information that is copied from production to non-production environments.

      The Oracle E-Business Suite Template for Data Masking Pack is applied to a non-production environment with the Enterprise Manager Grid Control Data Masking Pack.  When applied, the Oracle E-Business Suite Template for Data Masking Pack will create an irreversibly scrambled version of your production database for development and testing. 

      What's new with EM 12c?

      • Command line integration: Some of the execution steps may also be performed with EM Command Line Interface (EM CLI).  Support of EM CLI is a new feature with the E-Business Suite Release 12.1.3 template for EM 12c.  
      • Integration with Sensitive Data Discovery and Application Data Model: After an EBS environment has been discovery using the Application Data Model and the EBS drivers, the EBS data masking template will automatically update the Application Data Model to identify the sensitive data in EBS that is being masked.

      How data masking works

      Is there a charge for this?

      Yes. You must purchase licenses for the Oracle Data Masking Pack to use the Oracle E-Business Suite 12.1.3 template. The Oracle E-Business Suite 12.1.3 Template for the Data Masking Pack is included with the Oracle Data Masking Pack license.  You can contact your Oracle account manager for more details about licensing.

      References

      Additional details and requirements are provided in the following My Oracle Support Note:

      Related Articles

      Wednesday Nov 07, 2012

      Implications of Java 6 End of Public Updates for EBS Users

      [Update Feb. 28, 2013: Added pointer to Note 1439822.1]

      [Update Dec. 11, 2012: JRE 7 is now certified with the E-Business Suite; see this announcement for complete details.]

      Java logo

      The Support Roadmap for Oracle Java is published here:

      The latest updates to that page (as of Sept. 19, 2012) state (emphasis added):

      Java SE 6 End of Public Updates Notice

      After February 2013, Oracle will no longer post updates of Java SE 6 to its public download sites. Existing Java SE 6 downloads already posted as of February 2013 will remain accessible in the Java Archive on Oracle Technology Network. Developers and end-users are encouraged to update to more recent Java SE versions that remain available for public download. For enterprise customers, who need continued access to critical bug fixes and security fixes as well as general maintenance for Java SE 6 or older versions, long term support is available through Oracle Java SE Support .

      What does this mean for Oracle E-Business Suite users?

      EBS users fall under the category of "enterprise users" above.  Java is an integral part of the Oracle E-Business Suite technology stack, so EBS users will continue to receive Java SE 6 updates from February 2013 to the end of Java SE 6 Extended Support in June 2017.

      In other words, nothing will change for EBS users after February 2013. 

      EBS users will continue to receive critical bug fixes and security fixes as well as general maintenance for Java SE 6. These Java SE 6 updates will be made available to EBS users for the Extended Support periods documented in the Oracle Lifetime Support policy document for Oracle Applications (PDF):

      1. EBS 11i Extended Support ends November 2013
      2. EBS 12.0 Extended Support ends January 2015
      3. EBS 12.1 Extended Support ends December 2018

      How can EBS customers obtain Java 6 updates after the public end-of-life?

      EBS customers can download Java 6 patches from My Oracle Support.  For a complete list of all Java SE patch numbers, see:

      Will EBS users be forced to upgrade to JRE 7 for Windows desktop clients?

      No. This upgrade will be highly recommended but currently remains optional. JRE 6 will be available to Windows users to run with EBS for the duration of your respective EBS Extended Support period.  Updates will be delivered via My Oracle Support, where you can continue to receive critical bug fixes and security fixes as well as general maintenance for JRE 6 desktop clients. 

      The certification of Oracle E-Business Suite with JRE 7 (for desktop clients accessing EBS Forms-based content) is in its final stages.  If you plan to upgrade your EBS desktop clients to JRE 7 when that certification is released, you can get a head-start on that today.

      Coexistence of JRE 6 and JRE 7 on Windows desktops

      The upgrade to JRE 7 will be highly recommended for EBS users, but some users may need to run both JRE 6 and 7 on their Windows desktops for reasons unrelated to the E-Business Suite.

      Most EBS configurations with IE and Firefox use non-static versioning by default. JRE 7 will be invoked instead of JRE 6 if both are installed on a Windows desktop. For more details, see "Appendix B: Static vs. Non-static Versioning and Set Up Options" in Notes 290801.1 and 393931.1.

      Applying Updates to JRE 6 and JRE 7 to Windows desktops

      Auto-update will keep JRE 7 up-to-date for Windows users with JRE 7 installed.

      Auto-update will only keep JRE 7 up-to-date for Windows users with both JRE 6 and 7 installed. 

      JRE 6 users are strongly encouraged to apply the latest Critical Patch Updates as soon as possible after each release. The Jave SE CPUs will be available via My Oracle Support.  EBS users can find more information about JRE 6 and 7 updates here:

      The dates for future Java SE CPUs can be found on the Critical Patch Updates, Security Alerts and Third Party Bulletin.  An RSS feed is available on that site for those who would like to be kept up-to-date.

      What will Mac users need?

      Oracle will provide updates to JRE 7 for Mac OS X users. EBS users running Macs will need to upgrade to JRE 7 to receive JRE updates.

      The certification of Oracle E-Business Suite with JRE 7 for Mac-based desktop clients accessing EBS Forms-based content is underway. Mac users waiting for that certification may find this article useful:

      Will EBS users be forced to upgrade to JDK 7 for EBS application tier servers?

      No. This upgrade will be highly recommended but will be optional for EBS application tier servers running on Windows, Linux, and Solaris.  You can choose to remain on JDK 6 for the duration of your respective EBS Extended Support period.  If you remain on JDK 6, you will continue to receive critical bug fixes and security fixes as well as general maintenance for JDK 6.

      The certification of Oracle E-Business Suite with JDK 7 for EBS application tier servers on Windows, Linux, and Solaris as well as other platforms such as IBM AIX and HP-UX is planned.  Customers running platforms other than Windows, Linux, and Solaris should refer to their Java vendors's sites for more information about their support policies.

      Related Articles


      Monday Oct 29, 2012

      Critical Patch Updates During EBS 11i Exception to Sustaining Support Period

      As previously blogged in the EBS 11i and 12.1 Support Timeline Changes entry, two important changes to the Oracle Lifetime Support policies were announced at Oracle OpenWorld 2012 - San Francisco.  These changes affect E-Business Suite Releases 11i and 12.1.

      Timeline showing updated EBS Support dates

      Critical Patch Updates for EBS 11i during the Exception to Sustaining Support Period

      You may be wondering about the availability of Critical Patch Updates (CPU) for EBS 11i during the Exception to Sustaining Support period.  The following details the E-Business Suite Critical Patch Update support policy for EBS 11i during the Exception to Sustaining Support period:

      • Oracle will continue to provide CPUs containing critical security fixes for E-Business Suite 11i. 
      • CPUs will be packaged and released as as cumulative patches for both ATG RUP 6 and ATG RUP 7.
      • As always, we try to minimize the number of patches and dependencies required for uptake of a CPU; however, there have been quite a few changes to the 11i baseline since its release.  For dependency reasons the 11i CPUs may require a higher number of files in order to bring them up to a consistent, stable, and well tested level.
      • EBS 11i customer will continue to receive CPUs up to and including the October 2014 CPU.

      Where can I learn more?

      There are two interlocking policies that affect the E-Business Suite:  Oracle's Lifetime Support policies for each EBS release (timelines which were updated by this announcement), and the Error Correction Support policies (which state the minimum baselines for new patches).

      For more information about how these policies interact, see:

      What about E-Business Suite technology stack components?

      Things get more complicated when one considers individual techstack components such as Oracle Forms or the Oracle Database.  To learn more about the interlocking EBS+techstack component support windows, see these two articles:

      Where can I learn more about Critical Patch Updates?

      The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents. 

      Related Articles

      Wednesday Oct 17, 2012

      Critical Patch Update for October 2012 Now Available

      The Critical Patch Update (CPU) for October 2012 was released on October 16, 2012. Oracle strongly recommends applying the patches as soon as possible.

      The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

      Supported products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

      Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

      The Critical Patch Update Advisory is available at the following location:

      The next four Critical Patch Update release dates are:

      • January 15, 2013
      • April 16, 2013
      • July 16, 2013
      • October 15, 2013
      E-Business Suite Releases 11i and 12 Reference

      Tuesday Jul 17, 2012

      Critical Patch Update for July 2012 Now Available

      The Critical Patch Update (CPU) for July 2012 was released on July 17, 2012. Oracle strongly recommends applying the patches as soon as possible.

      The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

      Supported products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

      Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

      The Critical Patch Update Advisory is available at the following location:

      The next four Critical Patch Update release dates are:

      • October 16, 2012
      • January 15, 2013
      • April 16, 2013
      • July 16, 2013
      E-Business Suite Releases 11i and 12 Reference

      Monday Jul 09, 2012

      Webcast Replay Available: Scrambling Sensitive Data in E-Business Suite Release 12 Cloned Environments

      I am pleased to release the replay and presentation for ATG Live Webcast:

      Scrambling Sensitive Data in EBS 12 Cloned Environments (Presentation)

      E-Business Suite Data Masking Architecture

      Eric Bing, Senior Director, Jagan Athreya, Enterprise Manager Product Management, and Elke Phelps, Senior Principal Product Manager, discussed the Oracle E-Business Suite Template for Data Masking Pack, and how it can be used in situations where confidential or regulated data needs to be shared with other non-production users who need access to some of the original data, but not necessarily every table.  Examples of non-production users include internal application developers or external business partners such as offshore testing companies, suppliers or customers. (July 2012)

      Finding other recorded ATG webcasts

      The catalog of ATG Live Webcast replays, presentations, and all ATG training materials is available in this blog's Webcasts and Training section.

      Friday Jul 06, 2012

      Building Extensions Using E-Business Suite SDK for Java

      We’ve just released Version 2.0.1 of Oracle E-Business Suite SDK for Java.  This new version has several great enhancements added after I wrote about the first version of the SDK in 2010.  In addition to the AppsDataSource and Java Authentication and Authorization Service (JAAS) features that are in the first version, the Oracle E-Business Suite SDK for Java now provides:

      • Session management APIs, so you can share session information with Oracle E-Business Suite
      • Setup script for UNIX/Linux for AppsDataSource and JAAS on Oracle WebLogic Server
      • APIs for Message Dictionary, User Profiles, and NLS
      • Javadoc for the APIs (included with the patch)
      • Enhanced documentation included with Note 974949.1
      Integration between custom apps and EBS

      These features can be used with either Release 11i or Release 12. 

      References

      What's new in those references?

      Note 974949.1 is the place to look for the latest information as we come out with new versions of the SDK.  The patch number changes for each release.  Version 2.0.1 is contained in Patch 13882058, which is for both Release 11i and Release 12.  Note 974949.1 includes the following topics:

      • Applying the latest patch
      • Using Oracle E-Business Suite Data Sources
      • Oracle E-Business Suite Implementation of Java Authentication and Authorization Service (JAAS)
      • Utilities
      • Error loggingSession management 
      • Message Dictionary
      • User profiles
      • Navigation to External Applications
      • Java EE Session Management Tutorial

      For those of you using the SDK with Oracle ADF, besides some Oracle ADF-specific documentation in Note 974949.1, we also updated the ADF Integration FAQ as well.

      EBS SDK for Java Use Cases

      The uses of the Oracle E-Business Suite SDK for Java fall into two general scenarios for integrating external applications with Oracle E-Business Suite:

      1. Application sharing a session with Oracle E-Business Suite
      2. Independent application (not shared session)

      With an independent application, the external application accesses Oracle E-Business  Suite data and server-side APIs, but it has a completely separate user interface. The external application may also launch pages from the Oracle E-Business Suite home page, but after the initial launch there is no further communication with the Oracle E-Business Suite user interface.

      Shared session integration means that the external application uses an Oracle E-Business Suite session (ICX session), shares session context information with Oracle E-Business Suite, and accesses Oracle E-Business Suite data. The external application may also launch pages from the Oracle E-Business Suite home page, or regions or pages from the external application may be embedded as regions within Oracle Application Framework pages.

      Both shared session applications and independent applications use the AppsDataSource feature of the Oracle E-Business Suite SDK for Java. Independent applications may also use the Java Authentication and Authorization (JAAS) and logging features of the SDK.

      Applications that are sharing the Oracle E-Business Suite session use the session management feature (instead of the JAAS feature), and they may also use the logging, profiles, and Message Dictionary features of the SDK.  The session management APIs allow you to create, retrieve, validate and cancel an Oracle E-Business Suite session (ICX session) from your external application.  Session information and context can travel back and forth between Oracle E-Business Suite and your application, allowing you to share session context information across applications.

      Note: Generally you would use the Java Authentication and Authorization (JAAS) feature of the SDK or the session management feature, but not both together.

      Send us your feedback

      Since the Oracle E-Business Suite SDK for Java is still pretty new, we’d like to know about who is using it and what you are trying to do with it.  We’d like to get this type of information:

      • customer name and brief use case
      • configuration and technologies (Oracle WebLogic Server or OC4J, plain Java, ADF, SOA Suite, and so on)
      • project status (proof of concept, development, production)
      • any other feedback you have about the SDK

      You can send me your feedback directly at Sara dot Woodhull at Oracle dot com, or you can leave it in the comments below.  Please keep in mind that we cannot answer support questions, so if you are having specific issues, please log a service request with Oracle Support.

      Happy coding!

      Related Articles

      Friday Jun 22, 2012

      ATG Live Webcast June 28: Scrambling Sensitive Data in EBS 12 Cloned Environments

      Securing the Oracle E-Business Suite includes protecting the underlying E-Business data in production and non-production databases.  While steps can be taken to provide a secure configuration to limit EBS access, a better approach to protecting non-production data is simply to scramble (mask) the data in the non-production copy.  

      The Oracle E-Business Suite Template for Data Masking Pack can be used in situations where confidential or regulated data needs to be shared with other non-production users who need access to some of the original data, but not necessarily every table.  Examples of non-production users include internal application developers or external business partners such as offshore testing companies, suppliers or customers.

      The Oracle E-Business Suite Template for Data Masking Pack is applied to a non-production environment with the Enterprise Manager Grid Control Data Masking Pack.  When applied, the Oracle E-Business Suite Template for Data Masking Pack will create an irreversibly scrambled version of your production database for development and testing. This ATG Live Webcast is your chance to come learn about the Oracle E-Business Suite Release 12.1.3 Template for Data Masking Pack from the experts.

      Oracle E-Business Suite Release 12.1.3 Template for Data Masking

      Example of Data Masking from Production to Non-Production Instance
      The agenda for the Oracle E-Business Suite Template for Data Masking Pack webcast includes the following topics:

      • What does data masking do in E-Business Suite environments?
        • De-identify the data
        • Mask sensitive data
        • Maintain data validity
      • How can EBS customers use data masking?
      • References

      Join Eric Bing, Senior Director and Elke Phelps, Senior Principal Product Manager, as they discusses the Oracle E-Business Suite Template for Data Masking Pack.

      Date:                  Thursday, June 28, 2012
      Time:                 8:00AM Pacific Standard Time
      Presenters:     Eric Bing, Senior Director
                                 Elke Phelps, Senior Principal Product Manager

      Webcast Registration Link (Preregistration is optional but encouraged)

      To hear the audio feed:
          Domestic Participant Dial-In Number:           877-697-8128
          International Participant Dial-In Number:      706-634-9568
      Additional International Dial-In Numbers Link:
          Dial-In Passcode:                                              100865

      To see the presentation:
          The Direct Access Web Conference details are:
          Website URL: https://ouweb.webex.com
          Meeting Number:  591170639

      If you miss the webcast, or you have missed any webcast, don't worry -- we'll post links to the recording as soon as it's available from Oracle University.  You can monitor this blog for pointers to the replay. And, you can find our archive of our past webcasts and training here.

      If you have any questions or comments, feel free to email Bill Sawyer (Senior Manager, Applications Technology Curriculum) at BilldotSawyer-AT-Oracle-DOT-com.

      Tuesday May 29, 2012

      Scrambling Sensitive Data in E-Business Suite Release 12 Cloned Environments

      Securing the Oracle E-Business Suite includes protecting the underlying E-Business data in production and non-production databases.  While steps can be taken to provide a secure configuration to limit EBS access, a better approach to protecting non-production data is simply to scramble (mask) the data in the non-production copy. 

      You can use the Oracle Data Masking Pack with Oracle Enterprise Manager today to scramble sensitive data in cloned environments. Due to data dependencies, scrambling E-Business Suite data is not a trivial task.  The data needs to be scrubbed in such a way that allows the application to continue to function. 

      Using the Data Masking Pack in E-Business Suite environments is now easier with the release of new set of templates for E-Business Suite databases:

      This template works with the Oracle Data Masking Pack and Oracle Enterprise Manager to obscure sensitive E-Business Suite information that is copied from production to non-production environments. 

      Is there a charge for this?

      Yes. You must purchase licenses for Oracle Enterprise Manager and the Oracle Data Masking Pack plug-in. The Oracle E-Business Suite 12.1.3 Template for the Data Masking Pack is included with the Oracle Data Masking Pack license.  You can contact your Oracle account manager for more details about licensing.

      What does data masking do in E-Business Suite environments?

      Application data masking does the following:

      • De-identify the data:  Scramble identifiers of individuals, also known as personally identifiable information or PII.  Examples include information such as name, account, address, location, and driver's license number.
      • Mask sensitive data:  Mask data that, if associated with personally identifiable information (PII), would cause privacy concerns.  Examples include compensation, health and employment information.  
      • Maintain data validity:  Provide a fully functional application.

      How can EBS customers use data masking?

      The Oracle E-Business Suite Template for Data Masking Pack can be used in situations where confidential or regulated data needs to be shared with other non-production users who need access to some of the original data, but not necessarily every table.  Examples of non-production users include internal application developers or external business partners such as offshore testing companies, suppliers or customers.  

      The Oracle E-Business Suite Template for Data Masking Pack is applied to a non-production environment with the Enterprise Manager Grid Control Data Masking Pack.  When applied, the Oracle E-Business Suite Template for Data Masking Pack will create an irreversibly scrambled version of your production database for development and testing.  


      References

      For additional information on the Oracle E-Business Suite Template for Data Masking Pack please refer to the following:

      Related Articles

      Tuesday May 08, 2012

      Understanding Options for Integrating Oracle Access Manager with E-Business Suite

      Integrating Oracle Access Manager with the E-Business Suite can be tricky.  This is especially true if you're upgrading from EBS 11i to 12, or perhaps also switching from the older Oracle Single Sign-On technology to Oracle Access Manager.  Thing can get even more complicated if you're interested in integrating the E-Business Suite with a third-party authentication system such Windows Kerberos, or managing your users in a third-party LDAP directory like Microsoft Active Directory.

      Understanding your options for integrating EBS with Oracle Access Manager and Oracle Internet Directory has just gotten a bit easier.  First, we've just published a new document that lays out the options and our recommendations:

      OAM Oracle Access Manager architecture diagram and flow

      This new document discusses:

      • Single sign-on concepts
      • Options for integrating single sign-on solutions for Oracle E-Business Suite including the following:
        • How the Oracle Access Manager Integration Works
        • How the Oracle Single Sign-On (OSSO) Integration Works
        • Integration with Third-Party Access Management Systems and LDAP
      • Considerations to take into account when choosing a single sign-on solution
      • Documentation roadmap specifying which document to follow dependent upon your integration goal
      • Reference architecture diagrams depicting example components by Oracle E-Business Suite release

      Reworked instructions for integrating Oracle Access Manager + E-Business Suite 

      In addition to the new overview document above, we've also made extensive revisions and updates to this previously-published document:

      The updated Note is the result of your emails, Service Requests, and feedback to us on how we can improve our documentation. This is still an admittedly-complex implementation, with many detailed and exacting steps.  We're examining ways of streamlining and possibly automating some of the implementation steps in a future update to this certification.

      Your feedback is welcome

      We've tried hard to make this complex area just a little bit more-accessible.  We would love to hear about your experiences with these components.  Your feedback regarding the new note and updated note is welcome.  Please either post a comment here or log a bug request against the note in My Oracle Support.

      References

      Related Articles

      (Special thanks to Allison Sparshott  and Hubert Ferst for their combined efforts in crafting these updates.)

      Tuesday Apr 17, 2012

      Critical Patch Update for April 2012 Now Available

      The Critical Patch Update (CPU) for April 2012 was released on April 17, 2012. Oracle strongly recommends applying the patches as soon as possible.

      The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

      Supported products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

      Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

      The Critical Patch Update Advisory is available at the following location:

      The next four Critical Patch Update release dates are:

      • July 17, 2012
      • October 16, 2012
      • January 15, 2013
      • April 16, 2013
      E-Business Suite Releases 11i and 12 Reference
      About

      Search

      Categories
      Archives
      « February 2016
      SunMonTueWedThuFriSat
       
      1
      2
      3
      4
      5
      6
      7
      9
      10
      12
      13
      14
      15
      16
      17
      18
      19
      20
      21
      22
      23
      24
      25
      26
      27
      28
      29
           
             
      Today