Oracle E-Business Suite
Contents
1 Introduction
Kemp's LoadMaster family of purpose-built hardware and Virtual Appliances (Virtual LoadMaster) offer advanced Layer 4 and Layer 7 server load balancing, content switching, SSL Acceleration and many other advanced Application Delivery Controller (ADC) and optimization features.
The Kemp LoadMaster fully supports Oracle E-Business Suite and has been certified by Oracle. The LoadMaster efficiently distributes user traffic for the Oracle workload so users get the best performance experience possible. Also, High Availability (HA) and high capacity scale-out deployments of the Oracle solutions are complemented from the network technology side.
The entire Kemp LoadMaster product family, including the Virtual LoadMaster (VLM) supports Oracle.
For more information about Kemp, visit www.kemptechnologies.com.
1.1 Document Purpose
This document is intended to provide technical guidance on configuring the Kemp LoadMaster to provide various application delivery network services for Oracle E-Business Suite application.
1.2 Prerequisites
The reader should be a network administrator or a person familiar with networking and general computer terminology.
The Oracle environment must be set up and the Kemp LoadMaster installed.
A network and an Oracle administrator should collaborate on details relating to network and application configurations.
The minimum system requirements are:
LoadMaster with firmware version 7.1 or later
Oracle E-Business Suite 12 or later
Configured internal and external Domain Name Server (DNS) entries for the Oracle applications
Established access to the LoadMaster Web User Interface (WUI)
The complete LoadMaster documentation suite can be found at: http://www.kemptechnologies.com/documentation.
2 Load Balancing Oracle E-Business Suite
Deploying an Oracle environment requires multiple servers to provide High Availability (HA). Load balancing is necessary to distribute the traffic amongst these servers.
Kemp recommends the configuration shown in the above Oracle Network Topology diagram. In this scenario, the Oracle E-Business Suite version 12 leverages the Oracle Database version 11. If your configuration differs from the recommended one and there are issues deploying the LoadMaster, please contact your local Kemp Support Team for assistance.
3 Template
Kemp has developed a template containing our recommended settings for this workload. You can install this template to help create Virtual Services (VSs) because it automatically populates the settings. You can use the template to easily create the required VSs with the recommended settings. You can remove templates after use and this will not affect deployed services. If needed, you can make changes to any of the VS settings after using the template.
Download released templates from the following page: LoadMaster Templates.
For more information and steps on how to import and use templates, refer to the Virtual Services and Templates, Feature Description.
4 Configuring Virtual Services for Oracle
The sections below provide instructions and recommended configuration options for setting up a Kemp LoadMaster to work with the Oracle E-Business Suite.
For an explanation of each of the fields mentioned, refer to the Web User Interface (WUI), Configuration Guide.
4.1 Ports
In some cases, the ports used for accessing Oracle E-Business Suite are non-standard to provide better security. In general, all ports used by the Oracle backend systems can be freely configured by the Oracle application administrator. The standard HTTP 80 and HTTPS 443 ports for Internet-facing traffic are supported and may be used during the configuration. However, the purpose of an ADC is to provide standard ports 80/443 for Internet-facing traffic and route that traffic to non-standard ports used on the Oracle backend systems as a passive security measure.
4.2 Persistence
Persistence will provide client connections to the same Oracle server node of a scale out cluster deployment for each subsequent request to the Virtual Service.
More information on Virtual Services and other LoadMaster features can be found in the Web User Interface (WUI), Configuration Guide on the Kemp website.
Source IP Address Persistence
If enabling Source IP Address persistence note that:
Clients from behind a Network Address Translation (NAT) device show up as a single IP address
It can result in uneven connection distribution
Cookie PersistenceIf cookies are used, there is no negative impact. The name of the cookie does not have any specific requirements.
4.3 SSL Acceleration
With SSL Acceleration enabled on a Kemp LoadMaster, there are two options which can be leveraged. Which option to choose is primarily determined by the corporate security policies within an organization.
This option allows the LoadMaster to accept connections from the clients encrypted over HTTPS and then sends the traffic to the Oracle backend application un-encrypted over HTTP. In some environments this is not permitted due to the possible security risks.
SSL Reencrypt
This option allows the LoadMaster to accept connections from the clients encrypted over HTTPS and then re-encrypts the traffic over HTTPS before sending to the Oracle EBS backend application. This configuration typically provides the security requirements for most organizations.
4.4 Certificates
Certificates play a large part in the configuration of the Oracle EBS applications. Several certificate types are used as in this configuration and must be imported into the LoadMaster.
More information about managing LoadMaster certificates can be found in SSL Accelerated Services, Feature Description document on the Kemp website.
4.4.1 Server Certificates
To encrypt traffic between the client and the LoadMaster, the necessary certificates must be installed. If the configuration is to be encrypted traffic from end to end, the same certificates on the back end systems may be used. These certificates can either be in .PEM or .PFX formats and are imported under Certificates & Security > SSL Certificates in the main menu of the LoadMaster WUI.
4.4.2 Intermediate Certificates
Intermediate certificates are imported to allow the LoadMaster to trust the Certificate Authorities used in obtaining the Server and Client Certificates. These certificates are in Base64 format and are imported under Certificates & Security > Intermediate Certs in the main menu of the LoadMaster WUI.
5 Configure the Virtual Service for Oracle E-Business Suite with SSL Acceleration
In most cases the deployment of Oracle E-Business Suite requires client to server encryption. To configure a Virtual Service with SSL Acceleration for Oracle E-Business Suite, use the following steps:
1. In the main menu of the LoadMaster WUI, go to Virtual Services > Add New.
2. Enter a valid IP address in the Virtual Address text box.
3. Enter 443 in the Port text box.
The port may differ depending on the Oracle environment.
4. Enter a recognisable Service Name, for example Oracle HTTPS.
5. Ensure tcp is selected as the Protocol.
6. Click Add This Virtual Service.
7. Configure the settings as shown in the following table:
|
Section |
Option |
Value |
Comments |
|---|---|---|---|
| Basic Properties | Service Type | HTTP/HTTPS | |
|
Standard Options |
Transparency | Disabled | |
| Persistence Mode | Active Cookie | ||
| Persistence Timeout | 12 Hours | ||
| Idle Connection Timeout | 1800 | The Persistence and Scheduling may differ depending on requirements. | |
|
SSL Properties |
SSL Acceleration | Enabled | |
| Reencrypt | Enabled or Disabled | Depending on the desired level of security, select Enable or Disable.* | |
| Cipher Set | BestPractices | ||
| Certificates | Click Set Certificates. | ||
| Require SNI hostname | Disabled | ||
| Support TLS Only | Enabled | ||
| Client Certificates | No Client Certificates required | ||
|
Real Servers |
Real Server Check Method | HTTP Protocol | |
| Checked Port | Enter the correct checked port for your environment. | Click Set Check Port. | |
| HTTP Method | HEAD |
*To assign the EBS certificate previously imported, select it and click the > button.
More information about managing LoadMaster certificates can be found in SSL Accelerated Services, Feature Description document on the Kemp website.
Expand the section and set the following options:
8. To add Real Servers:
a) Click the Add New button.
b) Enter the Real Server Address.
c) Enter the correct Port.
Please use the IP address and port of the backend server.
The Forwarding method and the Weight values are set, by default, to those shown in the diagram in the Real Servers section. If required these settings may be altered.
d) Click Add this Real Server.
e) If required, add more Real Servers by repeating steps b) to d).
6 Configure the Virtual Service for Oracle EBS without SSL Acceleration
In some deployments of Oracle E-Business Suite there may be no requirement for encryption. To configure a Virtual Service without SSL Acceleration for Oracle E-Business Suite, perform the following steps:
1. In the LoadMaster WUI main menu, go to Virtual Services > Add New.
2. Enter a Virtual Address.
3. Enter 80 in the Port text box.
The port may differ depending on Oracle environment.
4. Enter a recognisable Service Name, for example Oracle EBS.
5. Ensure the Protocol is set to tcp.
6. Click Add This Virtual Service.
7. Configure the settings as shown in the following table:
|
Section |
Option |
Value |
Comments |
|---|---|---|---|
| Basic Properties | Service Type | HTTP/HTTPS | |
|
Standard Options |
Transparency | Disabled | |
| Persistence Mode | Active Cookie | ||
| Persistence Timeout | 12 Hours | The Persistence and Scheduling may differ depending on requirements. | |
| Idle Connection Timeout | 1800 | Click Set Idle Timeout. | |
|
Real Servers |
Real Server Check Method | HTTP Protocol | |
| Checked Port | Enter the correct checked port for your environment. | Click Set Check Port. | |
| HTTP Method | HEAD | The HTTPS Protocol may be used if re-encryption is used to the Real Servers. |
8. To add Real Servers:
a) Click the Add New button.
b) Enter the Real Server Address.
c) Enter the correct Port.
Please use the IP Address and Port of the backend server.
The Forwarding method and the Weight values are set, by default, to those shown in the diagram in the Real Servers section. If required these settings may be altered.
d) Click Add this Real Server.
e) If required, add more Real Servers by repeating steps b) to d).
Additional Kemp LoadMaster security and optimization features can be enabled for the deployment of Oracle E-Business Suite. The deployment and configuration settings of these features can be found in the documents listed in the References section of this document. These documents can be found on the Kemp documentation web page: http://kemptechnologies.com/documentation/
Edge Security Pack (ESP) - A solution which provides edge security, SSO application integration and flexible authentication options is critical for optimal user experience and information security policy compliance.
Web Application Firewall (WAF) - Enables the secure deployment of web applications and prevention of Layer 7 attacks while maintaining core load balancing services, thus ensuring superior application delivery and security.
Content Caching - The LoadMaster can cache static content which fits certain criteria (file extension, query string, caching headers, size, and so on.). As long as the file meets these criteria it can be stored locally in the LoadMaster to avoid unnecessary requests to the Real Server to retrieve the file.
Intrusion Detection - The LoadMaster's implementation of Intrusion Detection leverages Snort.
Snort is an open source network intrusion prevention and detection system (IDS/IPS). Snort rules can be imported to the LoadMaster and applied to HTTP/HTTPS connections.
References
Unless otherwise specified, the following documents can be found at http://www.kemptechnologies.com/documentation.
Kemp website
SSL Accelerated Services, Feature Description
Web User Interface (WUI), Configuration Guide
Web Application Firewall (WAF), Feature Description
Virtual Services and Templates, Feature Description
Last Updated Date
This document was last updated on 21 June 2022.