"This presentation is for informational purposes only and may not be incorporated into a contract or agreement"

Using Oracle Application Server 10g

with Oracle E-Business Suite
Release 11i
April, 2006

"This presentation is for informational purposes only and may not be incorporated into a contract or agreement"
Steven Chan
Director,
Applications Technology Integration
Oracle Corporation

"This presentation is for informational purposes only and may not be incorporated into a contract or agreement"
 Topics
• Supported Architectures
• Features and Benefits
• Technical Integration Overview
• Integration with Third Party Access Managers
& LDAP Directories
• Customer Snapshots
• Roadmap
• References
Desupport Notices
(Or, “Why You Should Plan for OracleAS 10g Now”)

• Discoverer 4i October 2006

• Login Server 3.0.9

• Portal 3.0.9 July 2007
• Oracle Internet Directory 3.0.1

BUT: Sun may desupport JDK 1.3 -- the required

prerequisite for 3.0.9 -- in ~ Fall 2006!

• For more details, see http://blogs.oracle.com/schan

Now Generally Available!
• E-Business Suite 11i integrations with Oracle
Application Server 10g 10.1.2.0.2 and
10.1.2.1 are now certified and Generally
Available
Simple Physical Architecture
DMZ Intranet
Firewall OracleAS 10g Server Firewall

• Portal
• Single Sign-On
• Oracle Internet Directory
• Directory Integration & Provisioning
External Internal • Delegated Administration Services
Users Users • Discoverer
• OracleAS Certificate Authority
• OracleAS 10g Metadata Repository

Internet Router
E-Business Suite 11i Release 11i
Application Server Database
• Oracle9i Application Server 1.0.2.2.2
• Oracle HTTP Server
• Forms Server
• Reports Server
11i Integration with OracleAS 10g

• Release 11i instance runs Oracle9i

Application Server 1.0.2.2.2
• 11i is integrated with a stand-alone Oracle
Application Server 10g instance
• The existing Release 11i application-tier
server nodes continue to run on Oracle9i
Application Server 1.0.2.2.2
Distributed Architecture
Internal
Users

External Oracle OracleAS 10g

Users Infrastructure
Internet
Single Directory Database
Sign-On Internal 9iAS 1.0.2 Server 10g
10g Server

Internet Reverse
Proxy

External
9iAS 1.0.2 Release 11i
Server Database Portal 10g
Discoverer 10g

Firewall Firewall Firewall

Distributed Architecture Benefits
Oracle
Oracle Enterprise Portal Server
Portal
Portal May be scaled & managed by separate organization responsible
for corporate communications

Oracle
Oracle Single
Single
Sign-On
Oracle
Oracle
Internet
Enterprise Security Servers
Sign-On Internet May be scaled & managed by separate organization responsible
Server
Server Directory
Directory for corporate security and identity management

Enterprise Application Servers

Applications
Applications May be scaled & managed by separate organization responsible
9iAS
9iAS 1.0.2.2.2
1.0.2.2.2 for enterprise applications such as Oracle E-Business Suite
11i
11i
Database
Database Release 11i
OracleAS 10g Integration Benefits

1. Enable Single Sign-On for 11i

2. Manage users in Oracle Internet Directory
3. Access 11i via custom Portals
4. Integrate 11i with third-party PKI, SSO &
LDAP directories, and legacy applications
5. Analyse 11i with Discoverer workbooks
6. Accelerate 11i performance with WebCache
Enable Single Sign-On for 11i

User Single E-Business Suite 11i

Sign-On 10g Application Server

• E-Business Suite is a Single Sign-On partner application

• Log on to Oracle Single Sign-On to get access to all
registered partner applications, including 11i
• Log off any one partner application to log off all of them
Manage Users in Oracle Internet Directory

DIP
Oracle Internet Platform
Platform E-Business Suite 11i
Directory 10g FND_USER

• Synchronise user credentials bidirectionally between Oracle

Internet Directory and Release 11i (FND_USER)
• Set master “source of truth” as OID, Release 11i, or both
• Manage user provisioning via powerful OID Directory Integration &
Provisioning Platform templates
• Link an OID userid with one or more 11i userids “on-the-fly”
Access 11i via custom Portals

Oracle Portal 10g E-Business Suite 11i

• Access one or more E-Business Suite 11i instances from a

single Oracle Portal instance
• Add 11i portlets to custom Portal pages
• Display data in 11i portlets based on 11i responsibilities
Release 11i Portlets
• Applications Navigator
Access Applications menus based on user responsibilities

• Applications Favorites
Bookmark specific Applications links for quick access

• Applications Worklist
Summary of current workflow notifications

• Oracle Balanced Scorecard

Display status of strategic and tactical business objectives

• Performance Management Viewer

Display business intelligence key performance indicators in graphical and
tabular format
Applications Navigator Portlet
Flat Mode Tree Mode
Applications
Favorites Portlet

Applications Worklist Portlet

Balanced Scorecard Portlets
Integrate 11i with…

3rd Party Oracle Internet Release 11i

LDAP Directory 10g (FND_USER)

• Third-party LDAP directories

• Prepackaged: Microsoft Active Directory, Sun ONE / iPlanet
• Others via LDIF, custom connectors

• Third-party single sign-on solutions

• Microsoft Windows Native Authentication / Kerberos
• Oblix, Entrust, IBM, RSA, Netegrity, Sun, Thor, and others

• PKI X.509v3 digital certificates

Integrate 11i with…

Legacy Application Oracle Integration Release 11i

• Over 250 adapters for Enterprise Application Integration with

third-party applications
• J2EE and open standards-based integration, including:
• E-Business Suite, third-party applications, database sources
• XML, JMS, JCA
• Web Services: SOAP, WSDL, UDDI
• B2B Protocols: RosettaNet, HIPAA, EDI
Analyse 11i with Discoverer

User
Discoverer E-Business Suite
10g End-User Layer

• Access APPS_MODE End-User Layer via Business Intelligence System

Discoverer workbooks secured by Applications responsibilities
• Provide powerful end-user reporting via ad hoc queries
• Drill-down into data via tabular & graphical analytical tools
• Run Discoverer on separate cluster for enhanced scalability, wide
deployment
Accelerate 11i Performance with
WebCache

User WebCache 10g E-Business Suite 11i

Application Server

• Cache and compress frequently used items

• Reduce network consumption and accelerate response
time
• Can act as a reverse-proxy server
• Can act as a load-balancer
Technical Integration
Overview
 Build Releases
• E-Business Suite Interoperability Patch for OracleAS
10g integration released in Builds

• Build 1: Jan 2004 – Mar 2004

• Build 2.0: Jul 2004 – Jan 2005 Released
• Build 2.2: Feb 2005 – Jul 2005 &
Generall
• Build 3.0: Aug 2005 – Sep 2005 y
• Build 3.1: Feb 2006 Availabl
• Build 3.2: Mar 2006 e
Configuration Options with 11i

A. Single Sign-On Server

Minimum requirement for single sign-on support.
Release 11i and regions via OA Framework

B. Portal and Single Sign-On Server

Optional.

C. Discoverer
Optional.
SSO also optional for Discoverer standalone implementations.
OracleAS 10g + 11i Integration Points

SSO Single Sign-On partner application via

SSO SDK 9.0.2

OID Provisioning integrated application via

Directory Integration & Provisioning
Platform
Portal Oracle Applications Framework Web
Provider & portlets

Discoverer APPS_MODE End-User Layer in 11i

database
Logical Architecture
OracleAS 10g
Metadata
Enterprise Portal Repository

Portal
Portal Portal
Portal
10g
10g Repository
Repository

Single
Single
Sign-On OID OID
OID User
User
Sign-On OID 10g
10g
10g Repository
Repository Profile
Profile
10g

Directory
Directory
Integration
Integration &
&
Apps
Apps Web
Web OracleAS
OracleAS 10g
10g Provisioning
Provisioning
Provider
Provider && Interoperability
Interoperability Platform
Platform
Portlets
Portlets Patches
Patches
Portal Applications
Applications
Portal 3.0.9
3.0.9
(Req’d 11i
11i
(Req’d for
for 9iAS
9iAS 1.0.2.2.2
1.0.2.2.2
JPDK 3.0.9) Database
Database
JPDK 3.0.9)

Application Tier Database Tier

 Single Sign-On Integration
Single
Single
Sign-On OID OID
OID User
User
Sign-On OID 10g
10g
10g Repository
Repository
10g

Chain of Delegates
Trust SSO to

Release
Release 11i
11i FND_USER
FND_USER
9iAS 1.0.2.2.2
9iAS 1.0.2.2.2 Applications
Applications
11i
11i Database
Database

• Release 11i delegates user authentication to Single Sign-On

• Single Sign-On authenticates users against Oracle Internet Directory
• Authenticated users are redirected to Release 11i
• Release 11i validates the user’s authorization (I.e. 11i Responsibilities)
against FND_USER
Oracle Internet Directory Integration

DIP
Oracle Internet Platform
Platform E-Business Suite 11i
Directory 10g FND_USER

• Oracle Internet Directory and FND_USER must be kept

synchronised
• Supported synchronisation directions:
• From OID to FND_USER (Asynchronous via the Directory Integration
& Provisioning Platform)
• From FND_USER to OID (Synchronous via ldap calls)
• Bidirectionally
• Synchronisation events are raised via the Workflow-based
Business Event System whenever users are added or modified
Oracle Internet Directory Accounts
linked with Release 11i Accounts
Oracle Release 11i
Internet (FND_USER)
Directory

Userid
Userid ==
“Link Account” Userid
Userid ==
“John.Smith”
“John.Smith” Global Unique Identifier (GUID) “jsmith”
“jsmith”

One-time User Registration

• Done at setup time by system administrator
• Optional: can be done by end-user on first logon (“Link on the fly”)
• Useful for situations where existing accounts in Oracle Internet Directory
10g or a third-party LDAP directory differ from existing accounts in Release
11i.
Associate OID Accounts with
Multiple 11i Accounts
Oracle Release 11i
Internet (FND_USER)
Directory

Userid
Userid ==
“Link Account” Userid
Userid ==
“John.Smith”
“John.Smith” “jsmith”
“jsmith”

Userid
Userid ==
“testuser1”
“testuser1”

Userid
Userid ==
“testuser2”
“testuser2”
Portal Integration

Portal 11i OAF Web JPDK 11i App

10g Portlet Provider 3.0.9 Server

OracleAS 10g 9iAS 1.0.2.2.2

• Single Sign-On is a prerequisite for Portal

• Oracle Applications Framework Web Provider is registered in Portal 10g
• 11i portlets are added to custom Portal pages
• 11i Portlets communicate with 11i 9iAS 1.0.2.2.2 server:
• Oracle Applications Framework Web Provider
• JPDK 3.0.9
• 11i portlet users must have a valid 11i responsibility, validated via
ICX_SESSION
Discoverer Integration

User
Discoverer E-Business Suite
10g End-User Layer

• Discoverer 10g End-User Layer resides in 11i database

• APPS_MODE option enforces Applications security for all
Discoverer users
• Easy migration from Discoverer 4i
• Installation upgrades a copy of 4i End-User Layer to 10g
• Run 4i and 10g side-by-side for User Acceptance Tests
• TIP: Run Discoverer 4i and 10g on different physical servers to
avoid Visibroker conflicts
Full Discoverer 10g Support
for Single Sign-On
• Earlier versions of Discoverer 10g did not support Single
Sign-On & Oracle Internet Directory integration for E-
Business Suite users

• Full SSO/OID support is now available

• No more dual-maintenance of E-Business Suite user

passwords in both FND_USER and OID for standalone
Discoverer connections

• See Metalink Note 313418.1 for details

 Accelerate 11i Performance
with WebCache

User WebCache 10g E-Business Suite 11i

Application Server

• Frequently used items (e.g. images, static text) are

cached, compressed, and served by WebCache
• Secured data (I.e. requiring authorization) is not cached
• Partial page refresh supported for Portal
• Can act as a reverse-proxy server
• Can act as a load-balancer
 11i Integration with
Third-Party Access Management
&
LDAP Directories
If you already have an
Enterprise Single Sign-On…
• Oracle products integrate with Oracle SSO
Server directly, so it must be installed.
• Oracle SSO server can integrate with external
authentication systems.
• Windows Native Authentication via Kerberos
• Entrust, IBM, RSA, Netegrity, Oblix, Sun, Thor, and
others
• PKI X.509v3 Digital Certificates
• Other SSO systems via custom adapter
 Third-Party Integration Logical
Architecture
Logs Authenticates
End on to Third-Party
Third-Party
Access
Access
user against
Third-Party
Third-Party Profile
Profile
User Manager
Manager LDAP
LDAP

Delegates
SSO to

Single
Single Directory
Directory
Portal Sign-On OID
OID User
User Integration
Portal 10g
10g Sign-On OID
OID 10g
10g Integration
10g Repository
Repository Platform
10g Platform 10g
10g

Delegates
SSO to

Release
Release 11i
11i FND_USER
FND_USER Profile
Profile
9iAS
9iAS 1.0.2.2.2
1.0.2.2.2 Applications
Applications
11i
11i Database
Database
If you already have an
Enterprise User Directory…
• Oracle products integrate with OID directly, so it must be
installed and populated

• OID must be synchronized with external directories via

Directory Integration & Provisioning Platform:
• Microsoft Active Directory
• Sun ONE / iPlanet Prepackaged OID Connectors
• Any LDAP directory via LDIF files
• Any other directory via custom DIP agent

• OID must synchronize user info with Release 11i (FND_USER)

• Planned for OracleAS 10.1.4 Identity Management:
Novell eDirectory, OpenLDAP

"This presentation is for informational purposes only and may not be incorporated into a contract or agreement"
Early Adopter Program
Customer Snapshots

(as of Sept. 3, 2005)

Early Adopter Program
Snapshot
• Early Adopter Program duration 20 months

• Total EAP customer registrants 266

• Customers actively engaged 201
Deployed in Production
• Amdocs (Israel)
• Alcoa (Europe)
• Applied Materials (Israel)
• Atento (Norway)
• Bunnings (Australia)
• CapGemini / Councils Online (Australia)
• Central Bank of Nigeria
• Cisco Systems
• Cox Communications (USA)
• Fiera Milano (Italy)
• General Dynamics Land Sys
• General Electric (USA)
These are not customer references
• Guandong Unicom (China)
• Inter-Arab Investment Guarantee (Kuwait)
• International Enterprises (Singapore)
• International Institute for Applied
Systems Analysis (Austria)
• Ireland Dept of Defence
• Kansas State University
• Mitac (Taiwan)
• Phoenix Technologies
• Putrajaya (Malaysia)
• Rafael Armament Development
Authority (Israel)
• Telecom Italia Mobile (Italy)
• Universal Weather & Aviation (USA)
• Wind River Systems (USA)
 O/S Platform Usage
Solaris 85

Linux 83

HP-UX 52

AIX 21

NT 8

Tru64 4

0 20 40 60 80 100

Customers
 OracleAS 10g Usage
X% : Percentage of active EAP cts

SSO 191
96%

Portal 148
75%
Third-party LDAP 129
65%
Discoverer 120

61%
Third-party SSO 76

0 38%
50 100 150 200 250

Customers
 Third-Party LDAP Usage
X% : Percentage of customers using third-party LDAP

MS Active Directory 89% 115

SunONE 29
22%
Novell 6

IBM Tivoli 6

Lotus Notes 3

Other 3

Total exceeds 100% due to multiple

0 20 40 60 80 100
directories in use120 140
at customer sites

Customers
 Third-Party SSO
X% : Percentage of cts using third-party SSO

MS Kerberos 39
51%

Netegrity 25
33%
Other 9
12%
Oblix 7

9%
WebSeal 7

Novell 3 9%

Total exceeds 100% 40

due to45multiple
0 5 10 15 20 25 30 35
SSO solutions in use at customer sites

Customers
Customer Lessons

Organisational & Staffing Tips

• Proactively manage organisational politics:
Corporate Security vs. E-Business administrators
• Plan for complexity. Pad project plans with appropriate
contingency
• Experience helps. Trainee sysadmins may struggle.
Customer Lessons (2)

Organisational & Staffing Tips

• Demand skilled consultants from consulting firms
(including Oracle Consulting)
• Read OracleAS 10g manuals, FAQs, get training
• Skills required include:
• E-Business Suite system administration (e.g. AutoConfig)
• OracleAS 10g installation & configuration
• Security (e.g. LDAP, PKI)
• Networking (e.g. firewall, load-balancing router configuration)
Customer Lessons (3)
Systems Configuration Tips
• Check Oracle CERTIFY on Metalink for platform
availability (e.g. AIX & Tru64 weren’t available on
10.1.2.0.0)
• Frequent complete backups
• Stay current with certified OracleAS 10g releases &
E-Business Suite technology stack patches
• Only apply OracleAS 10g MLRs (emergency
patchsets) that have been certified with the E-
Business Suite
Customer Lessons (4)
Systems Configuration Tips
• Deploy incrementally:
• Get SSO & OID working first
• Add Portal & Discoverer
• Add third-party LDAP & SSO integration
• Test in “production-like” environment as early as
possible with firewalls, load-balancers, SSL
accelerators, etc.
• Load-balancers and firewalls = largest source of
problems when moving from TEST to PRODUCTION
Customer Lessons (5)
Working with Oracle Support
• Use the right Technical Assistance Request
(TARs) template (see Note 233436.1)
• Monitor closely and escalate TARs as needed
• All TARs must go to E-Business Suite Technology
Stack Support Specialists (“AOL Support”)
• Escalate as needed
Customer Lessons (5)
Working with Oracle Support
• Upload prepared environment summary:
• Build and OracleAS 10g versions used, NLS languages
• Network topology: third-party LDAP & SSO, load-
balancers, firewalls, SSL accelerators
• Provide detailed, reproducible testcase.
Bad testcase: “OID integration doesn’t
work.”
• File enhancement requests
 The more precisely the position is
determined, the less precisely the
momentum is known in this instant, and
vice versa.

~ Heisenberg, 1927
 The following is intended to outline our general product direction. It
is intended for information purposes only, and may not be
incorporated into any contract. It is not a commitment to deliver any
material, code, or functionality, and should not be relied upon in
making purchasing decision. The development, release, and timing
of any features or functionality described for Oracle’s products
remains at the sole discretion of Oracle.
 Release 11i
Certification Roadmap
What’s Coming

• Build 4.0 New systems administration features

Second-generation diagnostic tools
Automated RAC, SSL, DMZ Support

• Portal 10.1.4 Certification

• These statements are subject to change

"This presentation is for informational purposes only and may not be incorporated into a contract or agreement"
 Release 12
Technology Stack Plans

(Subject to Change)
 Applications Landscape
Leveraging Fusion Middleware
AS 10g AS 10g
Discoverer Identity Mgt

AS 10g AS 10g
WebCache Portal

E-Business Suite

Collaboration AS 10g
Suite 10g Integration
PeopleSoft
 3-Tier Logical Architecture
R11i10
R12 Technology
Technology Stack
Stack

Client Application Database

9iAS 1.0.2.2
9i or 10g
OC4J

JSP
SQL*Net
BC4J
WebListener

UIX

Reports

Forms

User Interface Application logic Database logic

R12 Application Server Tier

AS 10.1.3 Developer10.1.2 Database

ORACLE HOME ORACLE HOME ORACLE HOME

RSF 10.1 RSF 10.1 RSF 10.2

Apache 1.3 Forms 10

RDBMS
Components
OC4J Reports 10

APPL TOP

COMMON TOP
 R12 Application Server Tier
• OracleAS 10g 10.1.2 for Forms & Reports Services
• Replaces the 8.0.6-based Oracle_Home provided by iAS 1.0.2.2
in 11i

• OracleAS 10g 10.1.3 for Oracle Containers for Java

(OC4J)
• Replaces the 8.1.7-based Oracle_Home provided by iAS 1.0.2.2
in 11i

• Oracle JDeveloper 10.1.3

• JDBC 10.2
• JDK 5.0 for web & concurrent processing
R12 Preview: Deployment
10.1.3 10.1.2
ORACLE_HOME ORACLE_HOME
opmn formsapp.ear

Apache frmweb

OC4J-Forms
Runtime processes started from 10.1.3 Oracle
OC4J-oacore Home
• OPMN, Apache
OC4J-xmlsrv • OC4J instances
Forms runtime executable, frmweb, spawned by
OC4J-Forms out of 10.1.2 O_HOME.
COMMON_TOP
oacore and xmlsrv OC4J instances use classes,
/html, /java html, jsp files from COMMON_TOP
Optional on External Servers for R12

• OracleAS 10g Single Sign-On &

Oracle Internet Directory 10.1.2.x
• Discoverer 10.1.2.x
• Portal 10.1.2.x
• WebCache 10.1.2.x
• Oracle Integration 10.1.2.x
• Collaboration Suite 10gR2
• Enterprise Manager 10gR2
New E-Business Suite
Technology Stack Blog
• http://blogs.oracle.com/schan

• Certification and desupport announcements

• Discussions about architectures, advanced configurations
• Early Adopter Programs and Statements of Direction
• Other E-Business Suite technology stack topics, presentations
• Supports RSS feedreaders

Cut through the noise -- get the news directly from Development
OracleAS + E-Business Suite
Resources

• Frequently Asked Questions Note 186981.1

• Installation Guide Note 233436.1
• Implementation Guide Note 261914.1
• Discoverer Installation Guide Note 313418.1
• Documentation Roadmap Note 207159.1
• Statement of Direction Note 223927.1