Tuesday Feb 19, 2013

Java JRE 1.7.0_15 Certified with Oracle E-Business Suite

Java logoJava Runtime Environment 7u15 (a.k.a. JRE 7u15-b03) and later updates on the JRE 7 codeline are now certified with Oracle E-Business Suite Release 11i and 12 for Windows-based desktop clients.

All JRE 6 and 7 releases are certified with EBS upon release

Our standard policy is that all E-Business Suite customers can apply all JRE updates to end-user desktops from JRE 1.6.0_03 and later updates on the 1.6 codeline, and from JRE 7u10 and later updates on the JRE 7 codeline.  We test all new JRE 1.6 and JRE 7 releases in parallel with the JRE development process, so all new JRE 1.6 and 7 releases are considered certified with the E-Business Suite on the same day that they're released by our Java team. 

You do not need to wait for a certification announcement before applying new JRE 1.6 or JRE 7 releases to your EBS users' desktops.

What's needed to enable EBS environments for JRE 7?

EBS customers should ensure that they are running JRE 7u15, at minimum, on Windows desktop clients.

Of the compatibility issues identified with JRE 7, the most critical is an issue that prevents E-Business Suite Forms-based products from launching on Windows desktops that are running JRE 7. 

Customers can prevent this issue -- and all other JRE 7 compatibility issues -- by ensuring that they have applied the latest certified patches documented for JRE 7 configurations to their EBS application tier servers.  These are summarized here for convenience. If the requirements change over time, please check the Notes for the authoritative list of patches:

  1. Apply Forms patch 14615390 to EBS 11i environments (Note 125767.1)
  2. Apply Forms patch 14614795 to EBS 12.0 and 12.1 environments (Note 437878.1)

These patches are compatible with JRE 6 and 7, production ready, and fully-tested with the E-Business Suite.  These patches may be applied immediately to all E-Business Suite environments. All other Forms prerequisites documented in the Notes above should also be applied. 

Where are the official patch requirements documented?

All patches required for ensuring full compatibility of the E-Business Suite with JRE 7 are documented in these Notes:

For EBS 11i:

For EBS 12

Prerequisites for 32-bit and 64-bit JRE certifications

JRE 1.70_15 32-bit + EBS 11.5.10.2

JRE 1.70_15 32-bit + EBS 12.0 & 12.1

JRE 1.7.0_15 64-bit + EBS 11.5.10.2

JRE 1.70_15 64-bit + EBS 12.0 & 12.1

EBS + Discoverer 11g Users

JRE 1.7.0_15 (7u15) is certified for Discoverer 11g in E-Business Suite environments with the following minimum requirements:

Worried about the 'mismanaged session cookie' issue?

No need to worry -- it's fixed.  To recap: JRE releases 1.6.0_18 through 1.6.0_22 had issues with mismanaging session cookies that affected some users in some circumstances.

The fix for those issues was first included in JRE 1.6.0_23. These fixes will carry forward and continue to be fixed in all future JRE releases on the JRE 6 and 7 codelines.  In other words, if you wish to avoid the mismanaged session cookie issue, you should apply any release after JRE 1.6.0_22 on the JRE 6 codeline, and JRE 7u10 and later JRE 7 codeline updates.

Implications of Java 6 End of Public Updates for EBS Users

The Support Roadmap for Oracle Java is published here:

The latest updates to that page (as of Sept. 19, 2012) state (emphasis added):

Java SE 6 End of Public Updates Notice

After February 2013, Oracle will no longer post updates of Java SE 6 to its public download sites. Existing Java SE 6 downloads already posted as of February 2013 will remain accessible in the Java Archive on Oracle Technology Network. Developers and end-users are encouraged to update to more recent Java SE versions that remain available for public download. For enterprise customers, who need continued access to critical bug fixes and security fixes as well as general maintenance for Java SE 6 or older versions, long term support is available through Oracle Java SE Support .

What does this mean for Oracle E-Business Suite users?

EBS users fall under the category of "enterprise users" above.  Java is an integral part of the Oracle E-Business Suite technology stack, so EBS users will continue to receive Java SE 6 updates from February 2013 to the end of Java SE 6 Extended Support in June 2017.

In other words, nothing will change for EBS users after February 2013. 

EBS users will continue to receive critical bug fixes and security fixes as well as general maintenance for Java SE 6. These Java SE 6 updates will be made available to EBS users for the Extended Support periods documented in the Oracle Lifetime Support policy document for Oracle Applications (PDF):

  1. EBS 11i Extended Support ends November 2013
  2. EBS 12.0 Extended Support ends January 2015
  3. EBS 12.1 Extended Support ends December 2018

How can EBS customers obtain Java 6 updates after the public end-of-life?

EBS customers can download Java 6 patches from My Oracle Support.  For a complete list of all Java SE patch numbers, see:

Will EBS users be forced to upgrade to JRE 7 for Windows desktop clients?

No. This upgrade is highly recommended but currently remains optional. JRE 6 will be available to Windows users to run with EBS for the duration of your respective EBS Extended Support period.  Updates will be delivered via My Oracle Support, where you can continue to receive critical bug fixes and security fixes as well as general maintenance for JRE 6 desktop clients. 

Coexistence of JRE 6 and JRE 7 on Windows desktops

The upgrade to JRE 7 is highly recommended for EBS users, but some users may need to run both JRE 6 and 7 on their Windows desktops for reasons unrelated to the E-Business Suite.

Most EBS configurations with IE and Firefox use non-static versioning by default. JRE 7 will be invoked instead of JRE 6 if both are installed on a Windows desktop. For more details, see "Appendix B: Static vs. Non-static Versioning and Set Up Options" in Notes 290807.1 and 393931.1.

Applying Updates to JRE 6 and JRE 7 to Windows desktops

Auto-update will keep JRE 7 up-to-date for Windows users with JRE 7 installed.

Auto-update will only keep JRE 7 up-to-date for Windows users with both JRE 6 and 7 installed. 

JRE 6 users are strongly encouraged to apply the latest Critical Patch Updates as soon as possible after each release. The Jave SE CPUs will be available via My Oracle Support.  EBS users can find more information about JRE 6 and 7 updates here:

The dates for future Java SE CPUs can be found on the Critical Patch Updates, Security Alerts and Third Party Bulletin.  An RSS feed is available on that site for those who would like to be kept up-to-date.

What will Mac users need?

Oracle will provide updates to JRE 7 for Mac OS X users. EBS users running Macs will need to upgrade to JRE 7 to receive JRE updates.

The certification of Oracle E-Business Suite with JRE 7 for Mac-based desktop clients accessing EBS Forms-based content is underway. Mac users waiting for that certification may find this article useful:

Will EBS users be forced to upgrade to JDK 7 for EBS application tier servers?

No. This upgrade will be highly recommended but will be optional for EBS application tier servers running on Windows, Linux, and Solaris.  You can choose to remain on JDK 6 for the duration of your respective EBS Extended Support period.  If you remain on JDK 6, you will continue to receive critical bug fixes and security fixes as well as general maintenance for JDK 6.

The certification of Oracle E-Business Suite with JDK 7 for EBS application tier servers on Windows, Linux, and Solaris as well as other platforms such as IBM AIX and HP-UX is planned.  Customers running platforms other than Windows, Linux, and Solaris should refer to their Java vendors's sites for more information about their support policies.

References

Related Articles

Thursday Feb 14, 2013

Webcast Replay Available: Top 10 Free Ways of Securing Your EBS Instance

I am pleased to announce the availability of the webcast replay for the Top 10 Free Ways of Securing Your EBS Instance here:

This webcast was presented by Eric Bing, Senior Director, and Elke Phelps, Senior Principal Product Manager, and covers things you can do to improve the security of your Oracle E-Business Suite instance. Best of all, the actions discussed in this webcast are free! This webcast was targeted to system administrators, DBAs, and implementers.

E-Business Suite architecture diagram showing firewalls and internal and external application servers

This webcast, led by Eric Bing,Senior Director, and Elke Phelps, Senior Principal Product Manager, covered the following topics:

  • Check Profile Settings
  • Change Default Passwords
  • Secure APPLSYSPUB
  • Activate Server Security
  • Implement IP address restrictions
  • Migrate to Password Hashing
  • Enable Application Tier Secure Socket Layer (SSL)
  • Move Off of Client/Server Components
  • Secure Configuration of Attachments
  • Turn on ModSecurity
  • Encrypt Credit Card Data
  • Separation of Duties: Review Access To “Sensitive Administrative Pages”

Related Articles

Wednesday Feb 06, 2013

Using Oracle Label Security with Oracle E-Business Suite

Most security administrators know how to use E-Business Suite responsibilities to manage access to data and functionality.  The majority of EBS customers will never need anything beyond those standard capabilities. Some organisations may need specialised security to complement the EBS responsibility model. Oracle Label Security may appropriate for certain specialised requirements.

Oracle Label Security example diagram

Oracle Label Security allows administrators to classify every row in a table, ensuring that access to sensitive data is restricted to users with the appropriate clearance level. OLS can be used to enforce regulatory compliance with a policy-based administration model to support custom data classification schemes for implementing “need to know” access. Labels can be used as factors within Oracle Database Vault command rules for multi-factor authorization polices.

Supported but not certified

It is possible to use Oracle Label Security with the E-Business Suite.  Custom OLS policies will -- by design -- change the end-user behavior of EBS.  It is possible for an OLS policy to break EBS, so we can't offer the standard technology certification in this case.   What is certified is "the approach" of using OLS to implement custom security policies over EBS relational data.  We do not certify specific versions of OLS, nor do we certify specific OLS policies.

From a support perspective, we treat OLS policies like any other EBS customization, namely:

  • We can only issue EBS patches for issues that can be reproduced in environments without custom OLS policies.
  • If you report an issue that can't be reproduced in vanilla, uncustomized environments, our default guidance will be to disable the custom OLS policies.
  • We cannot review your OLS policies or make recommendations on how to create custom OLS policies.

How do I define OLS policies in EBS environments?

This rather-elderly Note explains techniques for adding OLS policy initialization logic to EBS session initialization.  Although this Note is written specifically for Oracle9i Label Security and EBS 11i, the techniques documented here remain valid today to later database and EBS releases:

Related Articles


Saturday Feb 02, 2013

Java JRE 1.7.0_13 Certified with Oracle E-Business Suite

Java logoJava Runtime Environment 7u13 (a.k.a. JRE 1.7.0_13 build 20) and later updates on the JRE 7 codeline are now certified with Oracle E-Business Suite Release 11i and 12 for Windows-based desktop clients.

All JRE 6 and 7 releases are certified with EBS upon release

Our standard policy is that all E-Business Suite customers can apply all JRE updates to end-user desktops from JRE 1.6.0_03 and later updates on the 1.6 codeline, and from JRE 7u10 and later updates on the JRE 7 codeline.  We test all new JRE 1.6 and JRE 7 releases in parallel with the JRE development process, so all new JRE 1.6 and 7 releases are considered certified with the E-Business Suite on the same day that they're released by our Java team. 

You do not need to wait for a certification announcement before applying new JRE 1.6 or JRE 7 releases to your EBS users' desktops.

What's needed to enable EBS environments for JRE 7?

EBS customers should ensure that they are running JRE 7u13, at minimum, on Windows desktop clients.

Of the compatibility issues identified with JRE 7, the most critical is an issue that prevents E-Business Suite Forms-based products from launching on Windows desktops that are running JRE 7. 

Customers can prevent this issue -- and all other JRE 7 compatibility issues -- by ensuring that they have applied the latest certified patches documented for JRE 7 configurations to their EBS application tier servers.  These are summarized here for convenience. If the requirements change over time, please check the Notes for the authoritative list of patches:

  1. Apply Forms patch 14615390 to EBS 11i environments (Note 125767.1)
  2. Apply Forms patch 14614795 to EBS 12.0 and 12.1 environments (Note 437878.1)

These patches are compatible with JRE 6 and 7, production ready, and fully-tested with the E-Business Suite.  These patches may be applied immediately to all E-Business Suite environments. All other Forms prerequisites documented in the Notes above should also be applied. 

Where are the official patch requirements documented?

All patches required for ensuring full compatibility of the E-Business Suite with JRE 7 are documented in these Notes:

For EBS 11i:

For EBS 12

Prerequisites for 32-bit and 64-bit JRE certifications

JRE 1.70_13 32-bit + EBS 11.5.10.2

JRE 1.70_13 32-bit + EBS 12.0 & 12.1

JRE 1.7.0_13 64-bit + EBS 11.5.10.2

JRE 1.70_13 64-bit + EBS 12.0 & 12.1

EBS + Discoverer 11g Users

JRE 1.7.0_13 (7u13) is certified for Discoverer 11g in E-Business Suite environments with the following minimum requirements:

Worried about the 'mismanaged session cookie' issue?

No need to worry -- it's fixed.  To recap: JRE releases 1.6.0_18 through 1.6.0_22 had issues with mismanaging session cookies that affected some users in some circumstances.

The fix for those issues was first included in JRE 1.6.0_23. These fixes will carry forward and continue to be fixed in all future JRE releases on the JRE 6 and 7 codelines.  In other words, if you wish to avoid the mismanaged session cookie issue, you should apply any release after JRE 1.6.0_22 on the JRE 6 codeline, and JRE 7u10 and later JRE 7 codeline updates.

Implications of Java 6 End of Public Updates for EBS Users

The Support Roadmap for Oracle Java is published here:

The latest updates to that page (as of Sept. 19, 2012) state (emphasis added):

Java SE 6 End of Public Updates Notice

After February 2013, Oracle will no longer post updates of Java SE 6 to its public download sites. Existing Java SE 6 downloads already posted as of February 2013 will remain accessible in the Java Archive on Oracle Technology Network. Developers and end-users are encouraged to update to more recent Java SE versions that remain available for public download. For enterprise customers, who need continued access to critical bug fixes and security fixes as well as general maintenance for Java SE 6 or older versions, long term support is available through Oracle Java SE Support .

What does this mean for Oracle E-Business Suite users?

EBS users fall under the category of "enterprise users" above.  Java is an integral part of the Oracle E-Business Suite technology stack, so EBS users will continue to receive Java SE 6 updates from February 2013 to the end of Java SE 6 Extended Support in June 2017.

In other words, nothing will change for EBS users after February 2013. 

EBS users will continue to receive critical bug fixes and security fixes as well as general maintenance for Java SE 6. These Java SE 6 updates will be made available to EBS users for the Extended Support periods documented in the Oracle Lifetime Support policy document for Oracle Applications (PDF):

  1. EBS 11i Extended Support ends November 2013
  2. EBS 12.0 Extended Support ends January 2015
  3. EBS 12.1 Extended Support ends December 2018

How can EBS customers obtain Java 6 updates after the public end-of-life?

EBS customers can download Java 6 patches from My Oracle Support.  For a complete list of all Java SE patch numbers, see:

Will EBS users be forced to upgrade to JRE 7 for Windows desktop clients?

No. This upgrade is highly recommended but currently remains optional. JRE 6 will be available to Windows users to run with EBS for the duration of your respective EBS Extended Support period.  Updates will be delivered via My Oracle Support, where you can continue to receive critical bug fixes and security fixes as well as general maintenance for JRE 6 desktop clients. 

Coexistence of JRE 6 and JRE 7 on Windows desktops

The upgrade to JRE 7 is highly recommended for EBS users, but some users may need to run both JRE 6 and 7 on their Windows desktops for reasons unrelated to the E-Business Suite.

Most EBS configurations with IE and Firefox use non-static versioning by default. JRE 7 will be invoked instead of JRE 6 if both are installed on a Windows desktop. For more details, see "Appendix B: Static vs. Non-static Versioning and Set Up Options" in Notes 290807.1 and 393931.1.

Applying Updates to JRE 6 and JRE 7 to Windows desktops

Auto-update will keep JRE 7 up-to-date for Windows users with JRE 7 installed.

Auto-update will only keep JRE 7 up-to-date for Windows users with both JRE 6 and 7 installed. 

JRE 6 users are strongly encouraged to apply the latest Critical Patch Updates as soon as possible after each release. The Jave SE CPUs will be available via My Oracle Support.  EBS users can find more information about JRE 6 and 7 updates here:

The dates for future Java SE CPUs can be found on the Critical Patch Updates, Security Alerts and Third Party Bulletin.  An RSS feed is available on that site for those who would like to be kept up-to-date.

What will Mac users need?

Oracle will provide updates to JRE 7 for Mac OS X users. EBS users running Macs will need to upgrade to JRE 7 to receive JRE updates.

The certification of Oracle E-Business Suite with JRE 7 for Mac-based desktop clients accessing EBS Forms-based content is underway. Mac users waiting for that certification may find this article useful:

Will EBS users be forced to upgrade to JDK 7 for EBS application tier servers?

No. This upgrade will be highly recommended but will be optional for EBS application tier servers running on Windows, Linux, and Solaris.  You can choose to remain on JDK 6 for the duration of your respective EBS Extended Support period.  If you remain on JDK 6, you will continue to receive critical bug fixes and security fixes as well as general maintenance for JDK 6.

The certification of Oracle E-Business Suite with JDK 7 for EBS application tier servers on Windows, Linux, and Solaris as well as other platforms such as IBM AIX and HP-UX is planned.  Customers running platforms other than Windows, Linux, and Solaris should refer to their Java vendors's sites for more information about their support policies.

References

Related Articles

Tuesday Jan 22, 2013

ATG Live Webcast Jan. 24th: Top 10 Free Ways of Securing Your EBS Instance

This webcast provides you with an understanding of the actions you can take now to improve the security of your Oracle E-Business Suite instance. Best of all, the actions being discussed in this webcast are free! This webcast is targeted to system administrators, DBAs, and implementers.

E-Business Suite architecture diagram showing firewalls and internal and external application servers

This webcast, led by Eric Bing,Senior Director, and Elke Phelps, Senior Principal Product Manager, will cover the following topics:

  • Check Profile Settings
  • Change Default Passwords
  • Secure APPLSYSPUB
  • Activate Server Security
  • Implement IP address restrictions
  • Migrate to Password Hashing
  • Enable Application Tier Secure Socket Layer (SSL)
  • Move Off of Client/Server Components
  • Secure Configuration of Attachments
  • Turn on ModSecurity
  • Encrypt Credit Card Data
  • Separation of Duties: Review Access To “Sensitive Administrative Pages”

Date:                Thursday, January 24, 2013
Time:               11:00 AM - 12:00 PM Pacific Standard Time
Presenters:   Elke Phelps, Senior Principal Product Manager
                         Eric Bing, Senior Director

Webcast Registration Link (Preregistration is optional but encouraged)

To hear the audio feed:

   Domestic Participant Dial-In Number:           877-697-8128
    International Participant Dial-In Number:      706-634-9568
    Additional International Dial-In Numbers Link:
    Dial-In Passcode:                                              104460

To see the presentation:
    The Direct Access Web Conference details are:
    Website URL: https://ouweb.webex.com
    Meeting Number:  593152632

If you miss the webcast, or you have missed any webcast, don't worry -- we'll post links to the recording as soon as it's available from Oracle University.  You can monitor this blog for pointers to the replay. And, you can find our archive of our past webcasts and training here.

If you have any questions or comments, feel free to email Bill Sawyer (Senior Manager, Applications Technology Curriculum) at BilldotSawyer-AT-Oracle-DOT-com.

Tuesday Jan 15, 2013

Critical Patch Update for January 2013 Now Available

The  Critical Patch Update (CPU) for January 2013 was released on January 15, 2013. Oracle strongly recommends applying the patches as soon as possible.

The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

Supported products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

The Critical Patch Update Advisory is available at the following location:

The next four Critical Patch Update release dates are:

  • April 16, 2013
  • July 16, 2013
  • October 15, 2013
  • January 14, 2014
E-Business Suite Releases 11i and 12 Reference

Monday Jan 14, 2013

Java JRE 1.7.0_11 Certified with Oracle E-Business Suite

Java logoJava Runtime Environment 7u11 (a.k.a. JRE 1.7.0_11 build 21) and later updates on the JRE 7 codeline are now certified with Oracle E-Business Suite Release 11i and 12 Windows-based desktop clients.

JRE 1.7.0_11 (7u11) is a CPU security release that includes the fix for Oracle Security Alert CVE-2013-0422. Oracle strongly recommends that users running JRE 7 on their desktop clients upgrade to this version. 

All JRE 6 and 7 releases are certified with EBS upon release

Our standard policy is that all E-Business Suite customers can apply all JRE updates to end-user desktops from JRE 1.6.0_03 and later updates on the 1.6 codeline, and from JRE 7u10 and later updates on the JRE 7 codeline.  We test all new JRE 1.6 and JRE 7 releases in parallel with the JRE development process, so all new JRE 1.6 and 7 releases are considered certified with the E-Business Suite on the same day that they're released by our Java team. 

You do not need to wait for a certification announcement before applying new JRE 1.6 or JRE 7 releases to your EBS users' desktops.

What's needed to enable EBS environments for JRE 7?

EBS customers should ensure that they are running JRE 7u11, at minimum, on Windows desktop clients.

Of the compatibility issues identified with JRE 7, the most critical is an issue that prevents E-Business Suite Forms-based products from launching on Windows desktops that are running JRE 7. 

Customers can prevent this issue -- and all other JRE 7 compatibility issues -- by ensuring that they have applied the latest certified patches documented for JRE 7 configurations to their EBS application tier servers.  These are summarized here for convenience. If the requirements change over time, please check the Notes for the authoritative list of patches:

  1. Apply Forms patch 14615390 to EBS 11i environments (Note 125767.1)
  2. Apply Forms patch 14614795 to EBS 12.0 and 12.1 environments (Note 437878.1)

These patches are compatible with JRE 6 and 7, production ready, and fully-tested with the E-Business Suite.  These patches may be applied immediately to all E-Business Suite environments. All other Forms prerequisites documented in the Notes above should also be applied. 

Where are the official patch requirements documented?

All patches required for ensuring full compatibility of the E-Business Suite with JRE 7 are documented in these Notes:

For EBS 11i:

For EBS 12

Prerequisites for 32-bit and 64-bit JRE certifications

JRE 1.70_11 32-bit + EBS 11.5.10.2

JRE 1.70_11 32-bit + EBS 12.0 & 12.1

JRE 1.7.0_11 64-bit + EBS 11.5.10.2

JRE 1.70_11 64-bit + EBS 12.0 & 12.1

EBS + Discoverer 11g Users

JRE 1.7.0_11 (7u11) is certified for Discoverer 11g in E-Business Suite environments with the following minimum requirements:

Worried about the 'mismanaged session cookie' issue?

No need to worry -- it's fixed.  To recap: JRE releases 1.6.0_18 through 1.6.0_22 had issues with mismanaging session cookies that affected some users in some circumstances.

The fix for those issues was first included in JRE 1.6.0_23. These fixes will carry forward and continue to be fixed in all future JRE releases on the JRE 6 and 7 codelines.  In other words, if you wish to avoid the mismanaged session cookie issue, you should apply any release after JRE 1.6.0_22 on the JRE 6 codeline, and JRE 7u10 and later JRE 7 codeline updates.

Implications of Java 6 End of Public Updates for EBS Users

The Support Roadmap for Oracle Java is published here:

The latest updates to that page (as of Sept. 19, 2012) state (emphasis added):

Java SE 6 End of Public Updates Notice

After February 2013, Oracle will no longer post updates of Java SE 6 to its public download sites. Existing Java SE 6 downloads already posted as of February 2013 will remain accessible in the Java Archive on Oracle Technology Network. Developers and end-users are encouraged to update to more recent Java SE versions that remain available for public download. For enterprise customers, who need continued access to critical bug fixes and security fixes as well as general maintenance for Java SE 6 or older versions, long term support is available through Oracle Java SE Support .

What does this mean for Oracle E-Business Suite users?

EBS users fall under the category of "enterprise users" above.  Java is an integral part of the Oracle E-Business Suite technology stack, so EBS users will continue to receive Java SE 6 updates from February 2013 to the end of Java SE 6 Extended Support in June 2017.

In other words, nothing will change for EBS users after February 2013. 

EBS users will continue to receive critical bug fixes and security fixes as well as general maintenance for Java SE 6. These Java SE 6 updates will be made available to EBS users for the Extended Support periods documented in the Oracle Lifetime Support policy document for Oracle Applications (PDF):

  1. EBS 11i Extended Support ends November 2013
  2. EBS 12.0 Extended Support ends January 2015
  3. EBS 12.1 Extended Support ends December 2018

How can EBS customers obtain Java 6 updates after the public end-of-life?

EBS customers can download Java 6 patches from My Oracle Support.  For a complete list of all Java SE patch numbers, see:

Will EBS users be forced to upgrade to JRE 7 for Windows desktop clients?

No. This upgrade is highly recommended but currently remains optional. JRE 6 will be available to Windows users to run with EBS for the duration of your respective EBS Extended Support period.  Updates will be delivered via My Oracle Support, where you can continue to receive critical bug fixes and security fixes as well as general maintenance for JRE 6 desktop clients. 

Coexistence of JRE 6 and JRE 7 on Windows desktops

The upgrade to JRE 7 is highly recommended for EBS users, but some users may need to run both JRE 6 and 7 on their Windows desktops for reasons unrelated to the E-Business Suite.

Most EBS configurations with IE and Firefox use non-static versioning by default. JRE 7 will be invoked instead of JRE 6 if both are installed on a Windows desktop. For more details, see "Appendix B: Static vs. Non-static Versioning and Set Up Options" in Notes 290807.1 and 393931.1.

Applying Updates to JRE 6 and JRE 7 to Windows desktops

Auto-update will keep JRE 7 up-to-date for Windows users with JRE 7 installed.

Auto-update will only keep JRE 7 up-to-date for Windows users with both JRE 6 and 7 installed. 

JRE 6 users are strongly encouraged to apply the latest Critical Patch Updates as soon as possible after each release. The Jave SE CPUs will be available via My Oracle Support.  EBS users can find more information about JRE 6 and 7 updates here:

The dates for future Java SE CPUs can be found on the Critical Patch Updates, Security Alerts and Third Party Bulletin.  An RSS feed is available on that site for those who would like to be kept up-to-date.

What will Mac users need?

Oracle will provide updates to JRE 7 for Mac OS X users. EBS users running Macs will need to upgrade to JRE 7 to receive JRE updates.

The certification of Oracle E-Business Suite with JRE 7 for Mac-based desktop clients accessing EBS Forms-based content is underway. Mac users waiting for that certification may find this article useful:

Will EBS users be forced to upgrade to JDK 7 for EBS application tier servers?

No. This upgrade will be highly recommended but will be optional for EBS application tier servers running on Windows, Linux, and Solaris.  You can choose to remain on JDK 6 for the duration of your respective EBS Extended Support period.  If you remain on JDK 6, you will continue to receive critical bug fixes and security fixes as well as general maintenance for JDK 6.

The certification of Oracle E-Business Suite with JDK 7 for EBS application tier servers on Windows, Linux, and Solaris as well as other platforms such as IBM AIX and HP-UX is planned.  Customers running platforms other than Windows, Linux, and Solaris should refer to their Java vendors's sites for more information about their support policies.

References

Related Articles

Thursday Dec 06, 2012

Oracle Access Manager 11.1.2 Certified with E-Business Suite 12

I am happy to announce that Oracle Access Manager 11gR2 (11.1.2) is now certified with E-Business Suite Releases 12.0.6 and 12.1. If you are implementing single sign-on for the first time, or are an existing Oracle Access Manager user, you may integrate with Oracle Access Manager 11gR2 using Oracle Access Manager WebGate and Oracle E-Business Suite AccessGate.

Supported Architecture and Release Versions

  • Oracle Access Manager 11.1.2
  • Oracle E-Business Suite Release 12.0.6, 12.1.1+
  • Oracle Identity Management 11.1.1.5, 11.1.1.6
  • Oracle Internet Directory 11.1.1.6
  • Oracle WebLogic Server 10.3.5+
What's New In This Oracle Access Manager 11gR2 Integration?
  • Simplified integration: We've simplified the instructions and cut the number of pages, while adding clarity to the steps.

  • Automation of configuration steps:  We've automated some of the required configuration steps. This is the first phase of automation and diagnostics that are part of our roadmap for this integration.

  • Use of default OAM Login page: We are reducing the required troubleshooting by delivering the default OAM Login page for the integration. A custom login page can still be created by using Oracle Access Manager.

  • Use of the Detached Credential collector in a Demilitarized Zone: We have certified the Detached Credential collector as part of a DMZ configuration. This will enhance the security of the underlying Oracle Access Manager and E-Business Suite components, which will now be required only within a company's intranet.  

Choosing the Right Architecture

Our previously published blog article and support note with single sign-on recommended and certified integration paths has been updated to include Oracle Access Manager 11gR2:

Other References

Related Articles

Monday Nov 12, 2012

E-Business Suite 12.1.3 Data Masking Certified with Enterprise Manager 12c

Following up on our prior announcement for EM 11g, we're pleased to announce the certification of the E-Business Suite 12.1.3 Data Masking Template for the Data Masking Pack with Enterprise Manager Cloud Control 12c.

You can use the Oracle Data Masking Pack with Oracle Enterprise Manager Grid Control 12c to scramble sensitive data in cloned E-Business Suite environments.  Due to data dependencies, scrambling E-Business Suite data is not a trivial task.  The data needs to be scrubbed in such a way that allows the application to continue to function. 

You may scramble data in E-Business Suite cloned environments with EM12c using the following template:

What does data masking do in E-Business Suite environments?

Application data masking does the following:

  • De-identify the data:  Scramble identifiers of individuals, also known as personally identifiable information or PII.  Examples include information such as name, account, address, location, and driver's license number.
  • Mask sensitive data:  Mask data that, if associated with personally identifiable information (PII), would cause privacy concerns.  Examples include compensation, health and employment information.  
  • Maintain data validity:  Provide a fully functional application.

How can EBS customers use data masking?

The Oracle E-Business Suite Template for Data Masking Pack can be used in situations where confidential or regulated data needs to be shared with other non-production users who need access to some of the original data, but not necessarily every table.  Examples of non-production users include internal application developers or external business partners such as offshore testing companies, suppliers or customers. 

The template works with the Oracle Data Masking Pack and Oracle Enterprise Manager to obscure sensitive E-Business Suite information that is copied from production to non-production environments.

The Oracle E-Business Suite Template for Data Masking Pack is applied to a non-production environment with the Enterprise Manager Grid Control Data Masking Pack.  When applied, the Oracle E-Business Suite Template for Data Masking Pack will create an irreversibly scrambled version of your production database for development and testing. 

What's new with EM 12c?

  • Command line integration: Some of the execution steps may also be performed with EM Command Line Interface (EM CLI).  Support of EM CLI is a new feature with the E-Business Suite Release 12.1.3 template for EM 12c.  
  • Integration with Sensitive Data Discovery and Application Data Model: After an EBS environment has been discovery using the Application Data Model and the EBS drivers, the EBS data masking template will automatically update the Application Data Model to identify the sensitive data in EBS that is being masked.

How data masking works

Is there a charge for this?

Yes. You must purchase licenses for the Oracle Data Masking Pack to use the Oracle E-Business Suite 12.1.3 template. The Oracle E-Business Suite 12.1.3 Template for the Data Masking Pack is included with the Oracle Data Masking Pack license.  You can contact your Oracle account manager for more details about licensing.

References

Additional details and requirements are provided in the following My Oracle Support Note:

Related Articles

Wednesday Nov 07, 2012

Implications of Java 6 End of Public Updates for EBS Users

[Update Feb. 28, 2013: Added pointer to Note 1439822.1]

[Update Dec. 11, 2012: JRE 7 is now certified with the E-Business Suite; see this announcement for complete details.]

Java logo

The Support Roadmap for Oracle Java is published here:

The latest updates to that page (as of Sept. 19, 2012) state (emphasis added):

Java SE 6 End of Public Updates Notice

After February 2013, Oracle will no longer post updates of Java SE 6 to its public download sites. Existing Java SE 6 downloads already posted as of February 2013 will remain accessible in the Java Archive on Oracle Technology Network. Developers and end-users are encouraged to update to more recent Java SE versions that remain available for public download. For enterprise customers, who need continued access to critical bug fixes and security fixes as well as general maintenance for Java SE 6 or older versions, long term support is available through Oracle Java SE Support .

What does this mean for Oracle E-Business Suite users?

EBS users fall under the category of "enterprise users" above.  Java is an integral part of the Oracle E-Business Suite technology stack, so EBS users will continue to receive Java SE 6 updates from February 2013 to the end of Java SE 6 Extended Support in June 2017.

In other words, nothing will change for EBS users after February 2013. 

EBS users will continue to receive critical bug fixes and security fixes as well as general maintenance for Java SE 6. These Java SE 6 updates will be made available to EBS users for the Extended Support periods documented in the Oracle Lifetime Support policy document for Oracle Applications (PDF):

  1. EBS 11i Extended Support ends November 2013
  2. EBS 12.0 Extended Support ends January 2015
  3. EBS 12.1 Extended Support ends December 2018

How can EBS customers obtain Java 6 updates after the public end-of-life?

EBS customers can download Java 6 patches from My Oracle Support.  For a complete list of all Java SE patch numbers, see:

Will EBS users be forced to upgrade to JRE 7 for Windows desktop clients?

No. This upgrade will be highly recommended but currently remains optional. JRE 6 will be available to Windows users to run with EBS for the duration of your respective EBS Extended Support period.  Updates will be delivered via My Oracle Support, where you can continue to receive critical bug fixes and security fixes as well as general maintenance for JRE 6 desktop clients. 

The certification of Oracle E-Business Suite with JRE 7 (for desktop clients accessing EBS Forms-based content) is in its final stages.  If you plan to upgrade your EBS desktop clients to JRE 7 when that certification is released, you can get a head-start on that today.

Coexistence of JRE 6 and JRE 7 on Windows desktops

The upgrade to JRE 7 will be highly recommended for EBS users, but some users may need to run both JRE 6 and 7 on their Windows desktops for reasons unrelated to the E-Business Suite.

Most EBS configurations with IE and Firefox use non-static versioning by default. JRE 7 will be invoked instead of JRE 6 if both are installed on a Windows desktop. For more details, see "Appendix B: Static vs. Non-static Versioning and Set Up Options" in Notes 290801.1 and 393931.1.

Applying Updates to JRE 6 and JRE 7 to Windows desktops

Auto-update will keep JRE 7 up-to-date for Windows users with JRE 7 installed.

Auto-update will only keep JRE 7 up-to-date for Windows users with both JRE 6 and 7 installed. 

JRE 6 users are strongly encouraged to apply the latest Critical Patch Updates as soon as possible after each release. The Jave SE CPUs will be available via My Oracle Support.  EBS users can find more information about JRE 6 and 7 updates here:

The dates for future Java SE CPUs can be found on the Critical Patch Updates, Security Alerts and Third Party Bulletin.  An RSS feed is available on that site for those who would like to be kept up-to-date.

What will Mac users need?

Oracle will provide updates to JRE 7 for Mac OS X users. EBS users running Macs will need to upgrade to JRE 7 to receive JRE updates.

The certification of Oracle E-Business Suite with JRE 7 for Mac-based desktop clients accessing EBS Forms-based content is underway. Mac users waiting for that certification may find this article useful:

Will EBS users be forced to upgrade to JDK 7 for EBS application tier servers?

No. This upgrade will be highly recommended but will be optional for EBS application tier servers running on Windows, Linux, and Solaris.  You can choose to remain on JDK 6 for the duration of your respective EBS Extended Support period.  If you remain on JDK 6, you will continue to receive critical bug fixes and security fixes as well as general maintenance for JDK 6.

The certification of Oracle E-Business Suite with JDK 7 for EBS application tier servers on Windows, Linux, and Solaris as well as other platforms such as IBM AIX and HP-UX is planned.  Customers running platforms other than Windows, Linux, and Solaris should refer to their Java vendors's sites for more information about their support policies.

Related Articles


Monday Oct 29, 2012

Critical Patch Updates During EBS 11i Exception to Sustaining Support Period

As previously blogged in the EBS 11i and 12.1 Support Timeline Changes entry, two important changes to the Oracle Lifetime Support policies were announced at Oracle OpenWorld 2012 - San Francisco.  These changes affect E-Business Suite Releases 11i and 12.1.

Timeline showing updated EBS Support dates

Critical Patch Updates for EBS 11i during the Exception to Sustaining Support Period

You may be wondering about the availability of Critical Patch Updates (CPU) for EBS 11i during the Exception to Sustaining Support period.  The following details the E-Business Suite Critical Patch Update support policy for EBS 11i during the Exception to Sustaining Support period:

  • Oracle will continue to provide CPUs containing critical security fixes for E-Business Suite 11i. 
  • CPUs will be packaged and released as as cumulative patches for both ATG RUP 6 and ATG RUP 7.
  • As always, we try to minimize the number of patches and dependencies required for uptake of a CPU; however, there have been quite a few changes to the 11i baseline since its release.  For dependency reasons the 11i CPUs may require a higher number of files in order to bring them up to a consistent, stable, and well tested level.
  • EBS 11i customer will continue to receive CPUs up to and including the October 2014 CPU.

Where can I learn more?

There are two interlocking policies that affect the E-Business Suite:  Oracle's Lifetime Support policies for each EBS release (timelines which were updated by this announcement), and the Error Correction Support policies (which state the minimum baselines for new patches).

For more information about how these policies interact, see:

What about E-Business Suite technology stack components?

Things get more complicated when one considers individual techstack components such as Oracle Forms or the Oracle Database.  To learn more about the interlocking EBS+techstack component support windows, see these two articles:

Where can I learn more about Critical Patch Updates?

The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents. 

Related Articles

Wednesday Oct 17, 2012

Critical Patch Update for October 2012 Now Available

The Critical Patch Update (CPU) for October 2012 was released on October 16, 2012. Oracle strongly recommends applying the patches as soon as possible.

The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

Supported products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

The Critical Patch Update Advisory is available at the following location:

The next four Critical Patch Update release dates are:

  • January 15, 2013
  • April 16, 2013
  • July 16, 2013
  • October 15, 2013
E-Business Suite Releases 11i and 12 Reference

Tuesday Jul 17, 2012

Critical Patch Update for July 2012 Now Available

The Critical Patch Update (CPU) for July 2012 was released on July 17, 2012. Oracle strongly recommends applying the patches as soon as possible.

The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

Supported products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

The Critical Patch Update Advisory is available at the following location:

The next four Critical Patch Update release dates are:

  • October 16, 2012
  • January 15, 2013
  • April 16, 2013
  • July 16, 2013
E-Business Suite Releases 11i and 12 Reference

Monday Jul 09, 2012

Webcast Replay Available: Scrambling Sensitive Data in E-Business Suite Release 12 Cloned Environments

I am pleased to release the replay and presentation for ATG Live Webcast:

Scrambling Sensitive Data in EBS 12 Cloned Environments (Presentation)

E-Business Suite Data Masking Architecture

Eric Bing, Senior Director, Jagan Athreya, Enterprise Manager Product Management, and Elke Phelps, Senior Principal Product Manager, discussed the Oracle E-Business Suite Template for Data Masking Pack, and how it can be used in situations where confidential or regulated data needs to be shared with other non-production users who need access to some of the original data, but not necessarily every table.  Examples of non-production users include internal application developers or external business partners such as offshore testing companies, suppliers or customers. (July 2012)

Finding other recorded ATG webcasts

The catalog of ATG Live Webcast replays, presentations, and all ATG training materials is available in this blog's Webcasts and Training section.

Friday Jul 06, 2012

Building Extensions Using E-Business Suite SDK for Java

We’ve just released Version 2.0.1 of Oracle E-Business Suite SDK for Java.  This new version has several great enhancements added after I wrote about the first version of the SDK in 2010.  In addition to the AppsDataSource and Java Authentication and Authorization Service (JAAS) features that are in the first version, the Oracle E-Business Suite SDK for Java now provides:

  • Session management APIs, so you can share session information with Oracle E-Business Suite
  • Setup script for UNIX/Linux for AppsDataSource and JAAS on Oracle WebLogic Server
  • APIs for Message Dictionary, User Profiles, and NLS
  • Javadoc for the APIs (included with the patch)
  • Enhanced documentation included with Note 974949.1
Integration between custom apps and EBS

These features can be used with either Release 11i or Release 12. 

References

What's new in those references?

Note 974949.1 is the place to look for the latest information as we come out with new versions of the SDK.  The patch number changes for each release.  Version 2.0.1 is contained in Patch 13882058, which is for both Release 11i and Release 12.  Note 974949.1 includes the following topics:

  • Applying the latest patch
  • Using Oracle E-Business Suite Data Sources
  • Oracle E-Business Suite Implementation of Java Authentication and Authorization Service (JAAS)
  • Utilities
  • Error loggingSession management 
  • Message Dictionary
  • User profiles
  • Navigation to External Applications
  • Java EE Session Management Tutorial

For those of you using the SDK with Oracle ADF, besides some Oracle ADF-specific documentation in Note 974949.1, we also updated the ADF Integration FAQ as well.

EBS SDK for Java Use Cases

The uses of the Oracle E-Business Suite SDK for Java fall into two general scenarios for integrating external applications with Oracle E-Business Suite:

  1. Application sharing a session with Oracle E-Business Suite
  2. Independent application (not shared session)

With an independent application, the external application accesses Oracle E-Business  Suite data and server-side APIs, but it has a completely separate user interface. The external application may also launch pages from the Oracle E-Business Suite home page, but after the initial launch there is no further communication with the Oracle E-Business Suite user interface.

Shared session integration means that the external application uses an Oracle E-Business Suite session (ICX session), shares session context information with Oracle E-Business Suite, and accesses Oracle E-Business Suite data. The external application may also launch pages from the Oracle E-Business Suite home page, or regions or pages from the external application may be embedded as regions within Oracle Application Framework pages.

Both shared session applications and independent applications use the AppsDataSource feature of the Oracle E-Business Suite SDK for Java. Independent applications may also use the Java Authentication and Authorization (JAAS) and logging features of the SDK.

Applications that are sharing the Oracle E-Business Suite session use the session management feature (instead of the JAAS feature), and they may also use the logging, profiles, and Message Dictionary features of the SDK.  The session management APIs allow you to create, retrieve, validate and cancel an Oracle E-Business Suite session (ICX session) from your external application.  Session information and context can travel back and forth between Oracle E-Business Suite and your application, allowing you to share session context information across applications.

Note: Generally you would use the Java Authentication and Authorization (JAAS) feature of the SDK or the session management feature, but not both together.

Send us your feedback

Since the Oracle E-Business Suite SDK for Java is still pretty new, we’d like to know about who is using it and what you are trying to do with it.  We’d like to get this type of information:

  • customer name and brief use case
  • configuration and technologies (Oracle WebLogic Server or OC4J, plain Java, ADF, SOA Suite, and so on)
  • project status (proof of concept, development, production)
  • any other feedback you have about the SDK

You can send me your feedback directly at Sara dot Woodhull at Oracle dot com, or you can leave it in the comments below.  Please keep in mind that we cannot answer support questions, so if you are having specific issues, please log a service request with Oracle Support.

Happy coding!

Related Articles

Friday Jun 22, 2012

ATG Live Webcast June 28: Scrambling Sensitive Data in EBS 12 Cloned Environments

Securing the Oracle E-Business Suite includes protecting the underlying E-Business data in production and non-production databases.  While steps can be taken to provide a secure configuration to limit EBS access, a better approach to protecting non-production data is simply to scramble (mask) the data in the non-production copy.  

The Oracle E-Business Suite Template for Data Masking Pack can be used in situations where confidential or regulated data needs to be shared with other non-production users who need access to some of the original data, but not necessarily every table.  Examples of non-production users include internal application developers or external business partners such as offshore testing companies, suppliers or customers.

The Oracle E-Business Suite Template for Data Masking Pack is applied to a non-production environment with the Enterprise Manager Grid Control Data Masking Pack.  When applied, the Oracle E-Business Suite Template for Data Masking Pack will create an irreversibly scrambled version of your production database for development and testing. This ATG Live Webcast is your chance to come learn about the Oracle E-Business Suite Release 12.1.3 Template for Data Masking Pack from the experts.

Oracle E-Business Suite Release 12.1.3 Template for Data Masking

Example of Data Masking from Production to Non-Production Instance
The agenda for the Oracle E-Business Suite Template for Data Masking Pack webcast includes the following topics:

  • What does data masking do in E-Business Suite environments?
    • De-identify the data
    • Mask sensitive data
    • Maintain data validity
  • How can EBS customers use data masking?
  • References

Join Eric Bing, Senior Director and Elke Phelps, Senior Principal Product Manager, as they discusses the Oracle E-Business Suite Template for Data Masking Pack.

Date:                  Thursday, June 28, 2012
Time:                 8:00AM Pacific Standard Time
Presenters:     Eric Bing, Senior Director
                           Elke Phelps, Senior Principal Product Manager

Webcast Registration Link (Preregistration is optional but encouraged)

To hear the audio feed:
    Domestic Participant Dial-In Number:           877-697-8128
    International Participant Dial-In Number:      706-634-9568
Additional International Dial-In Numbers Link:
    Dial-In Passcode:                                              100865

To see the presentation:
    The Direct Access Web Conference details are:
    Website URL: https://ouweb.webex.com
    Meeting Number:  591170639

If you miss the webcast, or you have missed any webcast, don't worry -- we'll post links to the recording as soon as it's available from Oracle University.  You can monitor this blog for pointers to the replay. And, you can find our archive of our past webcasts and training here.

If you have any questions or comments, feel free to email Bill Sawyer (Senior Manager, Applications Technology Curriculum) at BilldotSawyer-AT-Oracle-DOT-com.

Tuesday May 29, 2012

Scrambling Sensitive Data in E-Business Suite Release 12 Cloned Environments

Securing the Oracle E-Business Suite includes protecting the underlying E-Business data in production and non-production databases.  While steps can be taken to provide a secure configuration to limit EBS access, a better approach to protecting non-production data is simply to scramble (mask) the data in the non-production copy. 

You can use the Oracle Data Masking Pack with Oracle Enterprise Manager today to scramble sensitive data in cloned environments. Due to data dependencies, scrambling E-Business Suite data is not a trivial task.  The data needs to be scrubbed in such a way that allows the application to continue to function. 

Using the Data Masking Pack in E-Business Suite environments is now easier with the release of new set of templates for E-Business Suite databases:

This template works with the Oracle Data Masking Pack and Oracle Enterprise Manager to obscure sensitive E-Business Suite information that is copied from production to non-production environments. 

Is there a charge for this?

Yes. You must purchase licenses for Oracle Enterprise Manager and the Oracle Data Masking Pack plug-in. The Oracle E-Business Suite 12.1.3 Template for the Data Masking Pack is included with the Oracle Data Masking Pack license.  You can contact your Oracle account manager for more details about licensing.

What does data masking do in E-Business Suite environments?

Application data masking does the following:

  • De-identify the data:  Scramble identifiers of individuals, also known as personally identifiable information or PII.  Examples include information such as name, account, address, location, and driver's license number.
  • Mask sensitive data:  Mask data that, if associated with personally identifiable information (PII), would cause privacy concerns.  Examples include compensation, health and employment information.  
  • Maintain data validity:  Provide a fully functional application.

How can EBS customers use data masking?

The Oracle E-Business Suite Template for Data Masking Pack can be used in situations where confidential or regulated data needs to be shared with other non-production users who need access to some of the original data, but not necessarily every table.  Examples of non-production users include internal application developers or external business partners such as offshore testing companies, suppliers or customers.  

The Oracle E-Business Suite Template for Data Masking Pack is applied to a non-production environment with the Enterprise Manager Grid Control Data Masking Pack.  When applied, the Oracle E-Business Suite Template for Data Masking Pack will create an irreversibly scrambled version of your production database for development and testing.  


References

For additional information on the Oracle E-Business Suite Template for Data Masking Pack please refer to the following:

Related Articles

Tuesday May 08, 2012

Understanding Options for Integrating Oracle Access Manager with E-Business Suite

Integrating Oracle Access Manager with the E-Business Suite can be tricky.  This is especially true if you're upgrading from EBS 11i to 12, or perhaps also switching from the older Oracle Single Sign-On technology to Oracle Access Manager.  Thing can get even more complicated if you're interested in integrating the E-Business Suite with a third-party authentication system such Windows Kerberos, or managing your users in a third-party LDAP directory like Microsoft Active Directory.

Understanding your options for integrating EBS with Oracle Access Manager and Oracle Internet Directory has just gotten a bit easier.  First, we've just published a new document that lays out the options and our recommendations:

OAM Oracle Access Manager architecture diagram and flow

This new document discusses:

  • Single sign-on concepts
  • Options for integrating single sign-on solutions for Oracle E-Business Suite including the following:
    • How the Oracle Access Manager Integration Works
    • How the Oracle Single Sign-On (OSSO) Integration Works
    • Integration with Third-Party Access Management Systems and LDAP
  • Considerations to take into account when choosing a single sign-on solution
  • Documentation roadmap specifying which document to follow dependent upon your integration goal
  • Reference architecture diagrams depicting example components by Oracle E-Business Suite release

Reworked instructions for integrating Oracle Access Manager + E-Business Suite 

In addition to the new overview document above, we've also made extensive revisions and updates to this previously-published document:

The updated Note is the result of your emails, Service Requests, and feedback to us on how we can improve our documentation. This is still an admittedly-complex implementation, with many detailed and exacting steps.  We're examining ways of streamlining and possibly automating some of the implementation steps in a future update to this certification.

Your feedback is welcome

We've tried hard to make this complex area just a little bit more-accessible.  We would love to hear about your experiences with these components.  Your feedback regarding the new note and updated note is welcome.  Please either post a comment here or log a bug request against the note in My Oracle Support.

References

Related Articles

(Special thanks to Allison Sparshott  and Hubert Ferst for their combined efforts in crafting these updates.)

Tuesday Apr 17, 2012

Critical Patch Update for April 2012 Now Available

The Critical Patch Update (CPU) for April 2012 was released on April 17, 2012. Oracle strongly recommends applying the patches as soon as possible.

The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

Supported products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

The Critical Patch Update Advisory is available at the following location:

The next four Critical Patch Update release dates are:

  • July 17, 2012
  • October 16, 2012
  • January 15, 2013
  • April 16, 2013
E-Business Suite Releases 11i and 12 Reference

Monday Mar 19, 2012

Webcast Replay Available: E-Business Suite Data Protection

I am pleased to release the replay and presentation for the latest ATG Live Webcast:

E-Business Suite Data Protection (Presentation)

Screenshot of E-Business Suite Data Access auditing


Robert Armstrong, Product Strategy Security Architect and Eric Bing, Senior Director discussed the best practices and recommendations for securing your E-Business Suite data.

Finding other recorded ATG webcasts

The catalog of ATG Live Webcast replays, presentations, and all ATG training materials is available in this blog's Webcasts and Training section.

Tuesday Feb 21, 2012

ATG Live Webcast: E-Business Suite Data Protection

How do you address the security challenges within an E-Business Suite database? How should you make the best use of auditing, separation of duties, and other Oracle technologies with Oracle E-Business Suite? Join us for this week's ATG Live Webcast on Feb. 23, 2012:

E-Business Suite Data Protection

Join Robert Armstrong, Product Strategy Security Architect and Eric Bing, Senior Director, as they discuss the best practices and recommendations for securing your E-Business Suite data. The agenda for the E-Business Suite Data Protection webcast includes the following topics:

  • E-Business Suite Security Challenges
  • Auditing in E-Business Suite
  • Separation of Duties
  • Other Oracle Technologies for Data Security

Screenshot of E-Business Suite Data Access auditing

Date:               Thursday, February 23, 2012

Time:              8:00 AM - 9:00 AM Pacific Standard Time
Presenters:  Robert Armstrong, Product Strategy Security Architect
                        Eric Bing, Senior Director

Webcast Registration Link (Preregistration is optional but encouraged)

To hear the audio feed:
    Domestic Participant Dial-In Number:           1-877-697-8128
    International Participant Dial-In Number:      1-706-634-9568
    Dial-In Passcode:                                              99336

To see the presentation:
    The Direct Access Web Conference details are:
    Website URL: https://ouweb.webex.com
    Meeting Number:  593089134

If you miss the webcast, or you have missed any webcast, don't worry -- we'll post links to the recording as soon as it's available from Oracle University.  You can monitor this blog for pointers to the replay. And, you can find our archive of our past webcasts and training here.

If you have any questions or comments, feel free to email Bill Sawyer (Senior Manager, Applications Technology Curriculum) at BilldotSawyer-AT-Oracle-DOT-com.

Friday Jan 20, 2012

ATG Live Webcast: Oracle E-Business Suite Secure Configuration

Are you interested in the techniques and best practices to harden your E-Business Suite deployment for both internal and external users? If so, you need to attend the next install of our ATG Live Webcast series on Jan. 26, 2012:
Oracle E-Business Suite Secure Configuration
Join Erik Graversen, Senior Principal Software Engineer, for this wide-ranging discussion on the topic of hardening the security within E-Business Suite.

E-Business Suite architecture diagram showing firewalls and internal and external application servers

Secure deployment of your E-Business Suite begins with a secure platform, but it doesn't end there. It includes hardening your O/S with both proper patch levels and configuration, along with secure configuration of your network and firewall. Add to this foundation, best practices and vendor recommendations, and you are on your way to a secure E-Business Suite environment.

The agenda for the Oracle E-Business Suite Secure Configuration webcast includes the following topics:
  • Hardening Systems
  • General E-Business Suite Advice
  • Secure Configurations Guides from Oracle
  • Internal Deployment Considerations
  • External Deployment Considerations
Date:               Thursday, January 26, 2012
Time:              11:00 AM - 12:00 PM (NOON) Pacific Standard Time
Presenter:     Erik Graversen, Senior Principal Software Engineer

Webcast Registration Link (Preregistration is optional but encouraged)

To hear the audio feed:
    Domestic Participant Dial-In Number:           877-697-8128
    International Participant Dial-In Number:      706-634-9568
    Additional International Dial-In Numbers Link:
    Dial-In Passcode:                                              99326

To see the presentation:
    The Direct Access Web Conference details are:
    Website URL: https://ouweb.webex.com
    Meeting Number:  593599795

If you miss the webcast, or you have missed any webcast, don't worry -- we'll post links to the recording as soon as it's available from Oracle University.  You can monitor this blog for pointers to the replay. And, you can find our archive of our past webcasts and training here.

If you have any questions or comments, feel free to email Bill Sawyer (Senior Manager, Applications Technology Curriculum) at BilldotSawyer-AT-Oracle-DOT-com. 

Wednesday Jan 18, 2012

Critical Patch Update for January 2012 Now Available

The Critical Patch Update (CPU) for January 2012 was released on January 17, 2012. Oracle strongly recommends applying the patches as soon as possible.

The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

Supported products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

The Critical Patch Update Advisory is available at the following location:

The next four Critical Patch Update release dates are:

  • April 17, 2012
  • July 17, 2012
  • October 16, 2012
  • January 15, 2013

Friday Jan 06, 2012

Enabling Case-Sensitive Passwords with E-Business Release 12

Password security and complexity is often a concern for security and audit teams.  With the recent release of patch 12964564, Oracle E-Business Suite Release 12.1.1 with a minimum database level of 11gR1 now supports password case sensitivity.  Let's review this database feature in greater detail.  

Password case sensitivity was introduced with Oracle Database 11gR1.  Passwords were not case sensitive in earlier versions.  For Oracle database versions prior to 11gR1, the passwords "Manager", "MANAGER", and "manager" were all equivalent.  In an 11gR1 database and higher with password case sensitivity turned on, each of these passwords, "Manager", "MANAGER" and "manager" are unique passwords with unique hash values.  

Password case sensitivity is turned on by default for any newly created 11gR1 or higher database .  The database parameter for this feature is SEC_CASE_SENSITIVE_LOGON:

  • When this parameter is set to TRUE, password case sensitivity is enabled.
  • When set to FALSE, it is disabled.  
The DBA_USERS view now has a PASSWORD_VERSIONS column that indicates the database release in which the password was created or last modified. 

If you have migrated from a prior database version to 11gR1 and SEC_CASE_SENSITIVE_LOGON is set to true, the default behavior is as follows:
  • Existing users must first initiate a password change for password case sensitivity to be enforced
  • New users created in the 11g database will automatically use password case sensitivity 

The following example on a generic database -- not an E-Business Suite database -- illustrates how the password case sensitivity feature works in 11g.

First, a new user, "newuser1",  is created in an 11g database.

Next, information from the DBA_USERS view is displayed.

The following shows behavior of a migrated 10g user, "system" and an newly created 11g user, "newuser1" when password case sensitivity is disabled.

Finally, the following  shows behavior of a migrated 10g user, "system" and an newly created 11g user, "newuser1" when password case sensitivity is enabled.


For instructions on how to enable password case sensitivity with EBS R12.1.1 running on the 11gR1 Database and higher, please refer to the following MOS documentation:

Related Articles

Monday Nov 14, 2011

11gR2 11.2.0.3 Database Certified with E-Business Suite

[Nov 15, 2011 Update: Added TDE Tablespace and Column Encryption to the list of certified options]

The 11gR2 11.2.0.2 Database was certified with E-Business Suite (EBS) 11i and EBS 12 almost one year ago today.  I’m pleased to announce that 11.2.0.3, the second patchset for the 11gR2 Database is now certified. Be sure to review the interoperability notes for R11i and R12 for the most up-to-date requirements for deployment.

This certification announcement is important as you plan upgrades to the technology stack for your environment. For additional upgrade direction, please refer to the recently published EBS upgrade recommendations article. Database support implications may also be reviewed in the database patching and support article.


Oracle E-Business Suite Release 11i

Prerequisites
  • 11.5.10.2 + ATG PF.H RUP 6 and higher
Certified Platforms
  • Linux x86 (Oracle Linux 4, 5)
  • Linux x86 (RHEL 4, 5)
  • Linux x86 (SLES 10)
  • Linux x86-64 (Oracle Linux 4, 5) -- Database-tier only
  • Linux x86-64 (RHEL 4, 5) -- Database-tier only
  • Linux x86-64 (SLES 10--Database-tier only)
  • Oracle Solaris on SPARC (64-bit) (10)
  • Oracle Solaris on x86-64 (64-bit) (10) -- Database-tier only
Pending Platform Certifications
  • Microsoft Windows Server (32-bit)
  • Microsoft Windows Server (64-bit)
  • HP-UX PA-RISC (64-bit)
  • HP-UX Itanium
  • IBM: Linux on System z 
  • IBM AIX on Power Systems
Oracle E-Business Suite Release 12
Prerequisites
  • Oracle E-Business Suite Release 12.0.4 or later; or,
    Oracle E-Business Suite Release 12.1.1 or later
Certified Platforms
  • Linux x86 (Oracle Linux 4, 5)
  • Linux x86 (RHEL 4, 5)
  • Linux x86 (SLES 10)
  • Linux x86-64 (Oracle Linux 4, 5)
  • Linux x86-64 (RHEL 4, 5)
  • Linux x86-64 (SLES 10)
  • Oracle Solaris on SPARC (64-bit) (10)
  • Oracle Solaris on x86-64 (64-bit) (10)  -- Database-tier only
Pending Platform Certifications
  • Microsoft Windows Server (32-bit)
  • Microsoft Windows Server (64-bit)
  • HP-UX PA-RISC (64-bit)
  • IBM: Linux on System z
  • IBM AIX on Power Systems
  • HP-UX Itanium
Database Feature and Option Certifications
The following 11gR2 11.2.0.3 database options and features are supported for use:
About the pending certifications

Oracle's Revenue Recognition rules prohibit us from discussing certification and release dates, but you're welcome to monitor or subscribe to this blog for updates, which I'll post as soon as soon as they're available.    

EBS 11i References
EBS 12 References
Related Articles
The preceding is intended to outline our general product direction.  It is intended for information purposes only, and may not be incorporated into any contract.   It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decision.  The development, release, and timing of any features or functionality described for Oracle's products remains at the sole discretion of Oracle.

Wednesday Oct 19, 2011

Critical Patch Update for October 2011 Now Available

The Critical Patch Update (CPU) for October 2011 was released on October 18, 2011. Oracle strongly recommends applying the patches as soon as possible.

The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

Supported products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

The Critical Patch Update Advisory is available at the following location:

The next four Critical Patch Update release dates are:

  • January 17, 2012
  • April 17, 2012
  • July 17, 2012
  • October 16, 2012

Wednesday Aug 03, 2011

Why Does EBS Integration with Oracle Access Manager Require Oracle Internet Directory?

The E-Business Suite has its own security and user-management capabilities.  You can use the E-Business Suite's native features to authenticate users, authorize users (i.e. assign responsibilities to them), and manage your EBS user repository.  The majority of E-Business Suite system administrators simply use these built-in capabilities for enabling access to the E-Business Suite.

When EBS built-in capabilities aren't enough

Some organisations have third-party user authentication systems in place.  These include CA Netegrity SiteMinder, Windows Kerberos, and others.  These organisations frequently use third-party LDAP directory solutions such as Microsoft Active Directory, OpenLDAP, and others. 

We don't certify the E-Business Suite with those third-party products directly, and we don't have any plans to do so.  This article is intended to explain why Oracle Internet Directory (OID) is required when integrating with Oracle Access Manager (OAM), but you can safely infer that the same requirements prevent the use of third-party authentication products directly with the E-Business Suite.

It's possible to integrate the E-Business Suite with those third-party solutions via Oracle Access Manager and Oracle Internet Directory.  See these articles:

Before going on, I'd recommend reading one of those two third-party integration articles.  If you don't have those concepts under your belt, the rest of this article isn't going to make much sense.

Architecture diagram showing Oracle Access Manager Oracle Internet Directory E-Business Suite AccessGate WebGate

Why does EBS require OID with OAM?

Oracle Access Manager itself doesn't require Oracle Internet Directory.  However, Oracle Internet Directory is a mandatory requirement when Oracle Access Manager is integrated with the E-Business Suite.

Why?  The short answer is that the E-Business Suite has hardcoded dependencies on Oracle Internet Directory for this configuration. These dependencies mean that you cannot replace Oracle Internet Directory with any third-party LDAP directory for this particular configuration. 

There are two cases of hardcoded dependencies on Oracle Internet Directory:

1. Reliance on Oracle GUIDs

From the articles linked above, you know that user authentication is handled by Oracle Access Manager, and user authorization is handled by the E-Business Suite itself.  This means that there are two different user namespaces. 

These namespaces must be linked and coordinated somehow, to ensure that a particular user logging in via Oracle Access Manager is the same user represented within the E-Business Suite's own internal FNDUSER repository.

We associate externally-managed Oracle Access Manager users with internally-managed E-Business Suite users via a Global Unique Identifier (GUID).  These Global Unique Identifiers are generated exclusively by Oracle Internet Directory. 

The E-Business Suite has hardcoded functions to handle the mapping of these Global Unique Identifiers between Oracle Access Manager and the E-Business Suite.  These mapping functions are specific to Oracle Internet Directory; it isn't possible to replace Oracle Internet Directory with a generic third-party LDAP directory and still preserve this functionality.

2. Synchronous user account creation

The E-Business Suite is predominantly used internally within an organisation.  Certain E-Business Suite application modules can be made visible to users outside of an organisation.  These include iStore, iRecruitment, iSupplier, and other application modules where the users aren't necessarily restricted to an organisation's own employees.

Users of some of those application modules expect to be able to register for a new account and use it immediately.  This makes sense.  If you're posting job openings via iRecruitment, potential applicants shouldn't need to hold off on submitting their resumes while your E-Business Suite sysadmin creates an account manually, assigns EBS responsibilities, and emails them the account login details. They'll be long gone before that happens.

This means that EBS application modules that support self-registration must create user accounts synchronously.  A new account must be created within the E-Business Suite and the externalized directory at the same time, on demand.

The E-Business Suite has hardcoded dependencies upon Oracle Internet Directory function calls that handle these synchronous account creation tasks.  These function calls are specific to Oracle Internet Directory; it isn't possible to replace Oracle Internet Directory with a generic third-party LDAP directory and still preserve this functionality.

Sun is setting for Oracle Single Sign-On

The older articles linked above refer to Oracle Single Sign-On.  All conceptual references to Oracle Single Sign-On apply equally to Oracle Access Manager.  Oracle Access Manager offers the same capabilities as Oracle Single Sign-On when integrated with the E-Business Suite.

You may have noticed that I have specifically been referring to Oracle Access Manager rather than Oracle Single Sign-On in this article.  There's a very good reason for this.

The Fusion Middleware Lifetime Support Policy shows that Premier Support for Oracle Single Sign-On 10gR2 ends on December 2011.  If you're using Portal 11gR1, Forms & Reports 11gR1, or Discoverer 11gR1, Premier Support for Oracle Single Sign-On 10gR2 is extended to December 2012. 

Extended Support is not available for Oracle Single Sign-On 10gR2.  This is true regardless of whether you're using those other Fusion Middleware 11gR1 products or not.  These support policy timelines for Oracle Single Sign-On are not affected by the E-Business Suite's own support timelines.  There are no special exceptions from these Fusion Middleware support timelines for E-Business Suite customers. 

Given that the Oracle Single Sign-On is nearing its end-of-life, anyone considering a new external authentication solution for the E-Business Suite should use Oracle Access Manager at this point.  If you're currently using Oracle Single Sign-On, I would recommend evaluating your plans for migrating to Oracle Access Manager as soon as possible.

Related Articles


Wednesday Jul 20, 2011

Critical Patch Update for July 2011 Now Available

The Critical Patch Update (CPU) for July 2011 was released on July 19, 2011. Oracle strongly recommends applying the patches as soon as possible.

The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

Supported Products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

The Critical Patch Update Advisory is available at the following location:

The next four Critical Patch Update release dates are:

  • October 18, 2011
  • January 17, 2012
  • April 17, 2012
  • July 17, 2012

Thursday May 19, 2011

Critical Patch Update for April 2011 Now Available

The Critical Patch Update (CPU) for April 2011 was released on April 19, 2011. Oracle strongly recommends applying the patches as soon as possible.

The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

Supported Products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

The Critical Patch Update Advisory is available at the following location:

The next four Critical Patch Update release dates are:

  • July 19, 2011
  • October 18, 2011
  • January 17, 2012
  • April 17, 2012

Monday May 16, 2011

TDE Tablespace Encryption 11.2.0.2 Certified with E-Business Suite

Oracle Advanced Security is an optional licenced Oracle 11g Database add-on. Oracle Advanced Security Transparent Data Encryption (TDE) offers two different features: column encryption and tablespace encryption. TDE Tablespace Encryption 11.2.0.2 is now certified with Oracle E-Business Suite Release 11i (11.5.10.2 + ATG PF.H RUP 6 and higher) and Release 12 (Releases 12.0.6 and higher and 12.1.1 and higher).

What is Transparent Data Encryption (TDE) ?

Oracle Advanced Security Transparent Data Encryption (TDE) allows you to protect data at rest. TDE helps address privacy and PCI requirements by encrypting personally identifiable information (PII) such as Social Security numbers and credit card numbers.

TDE is completely transparent to existing applications with no triggers, views or other application changes required. Data is transparently encrypted when written to disk and transparently decrypted after an application user has successfully authenticated and passed all authorization checks. Authorization checks include verifying the user has the necessary select and update privileges on the application table and checking Database Vault, Label Security and Virtual Private Database enforcement policies.

Existing database backup routines will continue to work, with the data at rest remaining encrypted in the backup. For encryption of entire database backups, TDE can be used in combination with Oracle RMAN.

What is Tablespace Encryption ?

TDE Key Management architectureNew in Oracle Database 11g, the Oracle Advanced Security now includes support for tablespace encryption.

When a tablespace is created through Enterprise Manager or on the command line, an option now exists to specify that the file be encrypted on the file system. When new data is added to the new tablespace using the insert command or datapump, entire tables will be transparently encrypted. When the database reads data blocks from the encrypted tablespace it will transparently decrypt the data blocks.

With this certification, Oracle E-Business Suite environments can be migrated to the latest 11gR2 version of encrypted tablespaces. For more information, see:

This database option is certified for all EBS platforms on which Oracle Database 11.2.0.2 is certified.  You can refer to the Certifications system on My Oracle Support for details about certified EBS platforms for this database release.

Related Articles



About

Search

Categories
Archives
« July 2015
SunMonTueWedThuFriSat
   
1
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
       
Today