DMZ configuration R12

DMZ configuration Implemented DMZ for the project, its not very difficult to implement but bit complex to troubleshoot.Most complex on troubleshooting firewall issue. My architecture goes like this… LB -> Load balancer RP -> Reverse Proxy server LB –>RP–>EBS(ISUPPLIER NODE) (APPS TIER) –> EBS (db tier) Load balancer — Not much involvement, F5 load balancer … asked sysadmin to point to reverse proxy URL on port 8080. Reverse proxy server — Installed standalone OHS (oracle HTTP server), I had trouble while redirection because I chosen a wrong software OAs (Oracle Application server) Test from RP –> EBS .. telnet <EBS host> port number EBS —- Mostly context file changes Create Context File - create /{inst_name}/inst/apps/ $INST_NAME_$dmz_hostname/appl/admin folder for new MT server - copy context file from Private MT server into the above location with new name. - Modify the context file as under: - change all the references to Private MT server to Public MT server, except the following: s_cphost s_javamailer_imaphost s_wfhost s_smtphost s_mwahost - change following parameters for the Public URL # webentryhost: company (public URL) # webentrydomain: (public URL) # login_page:

Application Framework Agent Applications Web Agent Applications JSP Agent Apps Servlet Agent Update URL for DMZ host to point to DMZ URL.update “Node Trust Level” profile option for that node as “External” contextfile=/{inst_name}/inst/apps/ $INST_NAME_$dmz_hostname/appl/admin/ $INST_NAME_$dmz_hostname. Login as system Admin Resp – Profiles – Select DMZ server name and search for required profiles .Assign Self Service Responsibilities to sysadmin Set “Responsibility Trust Level” 9) Update Agent profiles as DMZ server level to point to DMZ URL . Run the following command (replace the apps-schema-name/appspasswd with actual values) sqlplus <apps-schema-name>/<apps-passwd> @<FND_TOP>/patch/115/sql/txkChangeProfH.add node to fnd_nodes using the Sysadmin –> Install –> nodes .xml appspass=apps run=INSTE8_SETUP Verify DMZ Setup.sql SERVRESP Change the Node Trust Level Profile Option . Do not update URL at site level ! Run adconfig as under: # s_active_webport : 443 login to the private mt server as ap{inst_name}. .browse through the links to see if the basic navigation works fine. .loging to the DMZ url .#s_external_url:https://company.start all services on dmz server (keep the private mt down) .

Sign up to vote on this title
UsefulNot useful