Oracle EBS

1 Introduction

 KEMP’s LoadMaster family of purpose-built hardware and Virtual Appliances (Virtual LoadMaster) offer advanced Layer 4 and Layer 7 server load balancing, content switching, SSL Acceleration and many other advanced Application Delivery Controller (ADC) and optimization features.

The KEMP LoadMaster fully supports Oracle E-Business Suite and has been certified by Oracle. The LoadMaster efficiently distributes user traffic for the Oracle workload so users get the best performance experience possible. Also, High Availability (HA) and high capacity scale-out deployments of the Oracle solutions are complemented from the network technology side.

The entire KEMP LoadMaster product family, including the Virtual LoadMaster (VLM) supports Oracle.

For more information about KEMP Technologies, visit www.kemptechnologies.com.

1.1 Document Purpose

This document is intended to provide technical guidance on configuring the KEMP LoadMaster to provide various application delivery network services for Oracle E-Business Suite application.

1.2 Prerequisites

The reader should be a network administrator or a person familiar with networking and general computer terminology.

The Oracle environment must be set up and the KEMP LoadMaster installed.

A network and an Oracle administrator should collaborate on details relating to network and application configurations.

The minimum system requirements are:

LoadMaster with firmware version 7.1 or later

Oracle E-Business Suite 12 or later

Configured internal and external Domain Name Server (DNS) entries for the Oracle applications

Established access to the LoadMaster Web User Interface (WUI)

The complete LoadMaster documentation suite can be found at: http://www.kemptechnologies.com/documentation.

2 Load Balancing Oracle E-Business Suite

Load Balancing Oracle E Business.png

Deploying an Oracle environment requires multiple servers to provide High Availability (HA). Load balancing is necessary to distribute the traffic amongst these servers.

KEMP Technologies recommends the configuration shown in the above Oracle Network Topology diagram. In this scenario, the Oracle E-Business Suite version 12 leverages the Oracle Database version 11. If your configuration differs from the recommended one and there are issues deploying the LoadMaster, please contact your local KEMP Support Team for assistance.

3 Template

KEMP has developed a template containing our recommended settings for this workload. You can install this template to help when creating Virtual Services, as it automatically populates the settings. This is quicker and easier than manually configuring each Virtual Service. If needed, changes can be made to any of the Virtual Service settings after using the template.

Download released templates from the Templates section on the KEMP documentation page: http://kemptechnologies.com/documentation.

For more information and steps on how to import and use templates, refer to the Virtual Services and Templates, Feature Description on the KEMP Documentation Page.

For steps on how to manually add and configure each of the Virtual Services using the recommended settings, refer to the steps in this document.

4 Configuring Virtual Services for Oracle

The sections below provide instructions and recommended configuration options for setting up a KEMP LoadMaster to work with the Oracle E-Business Suite.

For an explanation of each of the fields mentioned, refer to the Web User Interface (WUI), Configuration Guide.

4.1 Ports

In some cases, the ports used for accessing Oracle E-Business Suite are non-standard to provide better security. In general, all ports used by the Oracle backend systems can be freely configured by the Oracle application administrator. The standard HTTP 80 and HTTPS 443 ports for Internet-facing traffic are supported and may be used during the configuration. However, the purpose of an ADC is to provide standard ports 80/443 for Internet-facing traffic and route that traffic to non-standard ports used on the Oracle backend systems as a passive security measure.

4.2 Persistence

Persistence will provide client connections to the same Oracle server node of a scale out cluster deployment for each subsequent request to the Virtual Service.

More information on Virtual Services and other LoadMaster features can be found in the Web User Interface (WUI), Configuration Guide on the KEMP Technologies website.

Source IP Address Persistence

If enabling Source IP Address persistence note that:

Clients from behind a Network Address Translation (NAT) device show up as a single IP address

It can result in uneven connection distribution

Cookie Persistence

If cookies are used, there is no negative impact. The name of the cookie does not have any specific requirements.

4.3 SSL Acceleration

With SSL Acceleration enabled on a KEMP LoadMaster, there are two options which can be leveraged. Which option to choose is primarily determined by the corporate security policies within an organization.

SSL Acceleration.png

SSL Offloading

This option allows the LoadMaster to accept connections from the clients encrypted over HTTPS and then sends the traffic to the Oracle backend application un-encrypted over HTTP. In some environments this is not permitted due to the possible security risks.

SSL Acceleration_1.png

SSL Reencrypt

This option allows the LoadMaster to accept connections from the clients encrypted over HTTPS and then re-encrypts the traffic over HTTPS before sending to the Oracle EBS backend application. This configuration typically provides the security requirements for most organizations.

4.4 Certificates

Certificates play a large part in the configuration of the Oracle EBS applications. Several certificate types are used as in this configuration and must be imported into the LoadMaster.

More information about managing LoadMaster certificates can be found in SSL Accelerated Services, Feature Description document on the KEMP Technologies website.

4.4.1 Server Certificates

To encrypt traffic between the client and the LoadMaster, the necessary certificates must be installed. If the configuration is to be encrypted traffic from end to end, the same certificates on the back end systems may be used. These certificates can either be in .PEM or .PFX formats and are imported under Certificates & Security > SSL Certificates in the main menu of the LoadMaster WUI.

4.4.2 Intermediate Certificates

Intermediate certificates are imported to allow the LoadMaster to trust the Certificate Authorities used in obtaining the Server and Client Certificates. These certificates are in Base64 format and are imported under Certificates & Security > Intermediate Certs in the main menu of the LoadMaster WUI.

5 Configure the Virtual Service for Oracle E-Business Suite with SSL Acceleration

In most cases the deployment of Oracle E-Business Suite requires client to server encryption.  To configure a Virtual Service with SSL Acceleration for Oracle E-Business Suite, use the following steps:

1. In the main menu of the LoadMaster WUI, go to Virtual Services > Add New.

Configure the Virtual Service.png

2. Enter a valid IP address in the Virtual Address text box.

3. Enter 443 in the Port text box.

The port may differ depending on the Oracle environment.

4. Enter a recognisable Service Name, for example Oracle HTTPS.

5. Ensure tcp is selected as the Protocol.

6. Click Add This Virtual Service.

Configure the Virtual Service_1.png

7. Under Basic Properties, confirm that the Service Type is HTTP/ HTTPS.

Configure the Virtual Service_2.png

8. Expand the Standard Options section and select the following options:

a) Deselect the Transparency check box.

b) Select Active Cookie as the Persistence Mode.

c) Select 12 Hours as the Persistence Timeout.

d) Enter 1800 in the Idle Connection Timeout field and click Set Idle Timeout.

The Persistence and Scheduling may differ depending on requirements

Configure the Virtual Service_3.png

9. Expand the SSL Properties section and perform the following steps:

a) Select the Enabled check box.

b) Depending on the desired level of security, select Enable or Disable for Reencrypt.

c) To assign the EBS certificate previously imported, select it and click the > button.

More information about managing LoadMaster certificates can be found in SSL Accelerated Services, Feature Description document on the KEMP Technologies website.

d) Click Set Certificates.

e) Ensure the Require SNI hostname check box is deselected.

f) Select the Support TLS Only check box.

g) Select No Client Certificates required drop-down list.

Configure the Virtual Service_4.png

10. Expand the Real Servers section and set the following options:

a) Select HTTP Protocol in the health check drop-down menu.

b) Enter the correct Checked Port for the backend servers. Click Set Check Port.

c) Select HEAD as the HTTP Method.

Configure the Virtual Service_5.png

11. To add Real Servers:

a) Click the Add New button.

b) Enter the Real Server Address.

c) Enter the correct Port.

Please use the IP address and port of the backend server.

The Forwarding method and the Weight values are set, by default, to those shown in the diagram in the Real Servers section. If required these settings may be altered.

d) Click Add this Real Server.

e) If required, add more Real Servers by repeating steps b) to d).

6 Configure the Virtual Service for Oracle EBS without SSL Acceleration

In some deployments of Oracle E-Business Suite there may be no requirement for encryption.  To configure a Virtual Service without SSL Acceleration for Oracle E-Business Suite, perform the following steps:

1. In the LoadMaster WUI main menu, go to Virtual Services > Add New.

Configure the Virtual Service_1_1.png

2. Enter a Virtual Address.

3. Enter 80 in the Port text box.

The port may differ depending on Oracle environment.

4. Enter a recognisable Service Name, for example Oracle EBS.

5. Ensure the Protocol is set to tcp.

6. Click Add This Virtual Service.

Configure the Virtual Service_1_2.png

7. Under Basic Properties confirm that the Service Type is HTTP/ HTTPS.

Configure the Virtual Service_1_3.png

8. Expand the Standard Options section and select the following options:

a) Remove the tick from the Transparency check box.

b) Select Active Cookie as the Persistence Mode.

c) Select 12 Hours as the Persistence Timeout.

d) Enter 1800 in the Idle Connection Timeout field and click Set Idle Timeout.

The Persistence and Scheduling may differ depending on requirements.

Configure the Virtual Service_4.png

9. Expand the Real Servers section and set the following options:

a) Select HTTP Protocol in the health check drop-down menu.

b) Enter the correct Checked Port for backend servers. Click Set Check Port.

c) Select HEAD as the HTTP Method.

The HTTPS Protocol may be used if re-encryption is used to the Real Servers.

Configure the Virtual Service_1_4.png

10. To add Real Servers:

a) Click the Add New button.

b) Enter the Real Server Address.

c) Enter the correct Port.

Please use the IP Address and Port of the backend server.

The Forwarding method and the Weight values are set, by default, to those shown in the diagram in the Real Servers section. If required these settings may be altered.

d) Click Add this Real Server.

e) If required, add more Real Servers by repeating steps b) to d).

7 Additional Features

Additional KEMP LoadMaster security and optimization features can be enabled for the deployment of Oracle E-Business Suite. The deployment and configuration settings of these features can be found in the documents listed in the References section of this document. These documents can be found on the KEMP documentation web page: http://kemptechnologies.com/documentation/

Edge Security Pack (ESP) - A solution which provides edge security, SSO application integration and flexible authentication options is critical for optimal user experience and information security policy compliance.

Web Application Firewall (WAF) - Enables the secure deployment of web applications and prevention of Layer 7 attacks while maintaining core load balancing services, thus ensuring superior application delivery and security.

Content Caching - The LoadMaster can cache static content which fits certain criteria (file extension, query string, caching headers, size, and so on.). As long as the file meets these criteria it can be stored locally in the LoadMaster to avoid unnecessary requests to the Real Server to retrieve the file.

Intrusion Detection – The LoadMaster’s implementation of Intrusion Detection leverages Snort.

Snort is an open source network intrusion prevention and detection system (IDS/IPS). Snort rules can be imported to the LoadMaster and applied to HTTP/HTTPS connections.

References

Unless otherwise specified, the following documents can be found at http://www.kemptechnologies.com/documentation.

KEMP Technologies website

www.kemptechnologies.com

SSL Accelerated Services, Feature Description

Web User Interface (WUI), Configuration Guide

Web Application Firewall (WAF), Feature Description

Virtual Services and Templates, Feature Description

Document History

     Date

Change Reason for Change Version Resp.

May 2015

Initial draft

First draft of document

1.0

LB

Aug 2015

Minor updates

Updates to reflect templates

3.0

KG

Sep 2015

Release updates

Updates for 7.1-30

4.0

LB

Dec 2015

Release updates

Updates for 7.1-32

5.0

LB

Jan 2016

Minor updates

Updated Copyright Notices

6.0

LB

Mar 2016

Release updates

Updates for 7.1-34

7.0

LB

Jan 2017

Minor updates

Updated Copyright Notices

8.0

LB

July 2017 Minor updates Enhancements made 9.0 CMC

 

Was this article helpful?

0 out of 0 found this helpful

Comments