Friday, September 28, 2007

Oracle Application Server : Internet-Firewall-DMZ-Firewall-Intranet

Oracle Application Server : Internet-Firewall-DMZ-Firewall-Intranet

All Internet Applications are generally deployed with the known accepted concept "Internet-Firewall-DMZ-Firewall-Intranet".

An overview of this concept is below;




What is a DMZ ?
A DMZ (Demilitarized Zone) is a zone which is lies between the Internet and the Intranet seperated by Firewall at both the ends. The firewall between the DMZ Zone and the Internet is called as an Internet Firewall and the firewall between the DMZ Zone and the Intranet is called as an Intranet Firewall. In Oracle Application Server environment , the firewall between the DMZ Zone and the Infrastructure Metadata Database is know as Infrstructure Firewall.

In DMZ Architecture Configration the following holds;
- All incoming trafic first crosses and gets processed by the DMZ Hardware and no site resouces are directly connected to the internet.
- The internet to DMZ firewall does not allow any incoming trafic that has sender address of the DMZ Hardware.
- The internet to DMZ firewall allows IP and Ports that are related to the site applications.
- The DMZ to intranet firewall allows only trafic that has a DMZ sender address
- The DMZ to intranet firewall allows only restricted access to IP and Port based on specific protocols.


What must DMZ zone satisfy ?
All internet trafic that comes in must be processed by the DMZ HTTP Server connected to the Internet.
The below picture explains the Oracle Application Server components that must reside in the DMZ Zone
Oracle WebCache
Oracle HTTP Server
Oracle Single Sign-On Server
HTTP Loadbalancer
Secured HTTP ( HTTPs )
Oracle Internet Directory ( If required )

Direct Access to the HTTP Server CPU should be avoided. Hackers focus on these servers to make a path way into the Intra net site from the DMZ Zone.

Secured Deployment of Oracle Application Server
Oracle application server components should be distributed well on the web tier and the database tier. Web application components (Identity Management components such as HTTP Server , Single Sign-On and Delegated Administration Services )

should reside on the external DMZ and the database components ( Oracle Internet Directory and Directory Integration Platform) should reside behind the internal or the external DMZ.

I will be discussing on the same in details in the upcomming topics.

Saturday, September 15, 2007

Oracle Application Server : Load Balancer

Oracle Application Server : Load Balancer

Load Balancing is a technique used to spread work between many computers , processors , disks and other resouces in order to get optimal resource utilization and decreasing computing time.

Load Balancing technique are used across various application and system which are 24/7 to accomodate world wide access. Failure of one particular resource will not affect the availability of the system , Failover of the system will also not affect the availability of the system and moreover Failback of the system will be invisible to the end users when the Load Balancer techniques are well in place.

A Load Balancer is a virtual server which consists of virtual IP Address and Port , which internally talks to the other available real IP Address and Ports. Internal mapping make the Virtual IP Access to get load balanced towards the available resources.

Persistance in a concept where once a server is selected , subsequent request to the server from the client will not change and hit the same server. There are cases where sometimes an application need to maintain client state on a particular server , there are other possibilities on the Persistance usage with the Load Balancer , once such is that when the data is cached on a particular server and the requirement is that the client needs to get always hit the server which has been used previously to get connected. This internally boosts the performance of the server not getting the cache generated again. There are more features of Load Balancer which varies with the vendor

Scalability with the Load Balancer
When large internet based applications are considered they need to scale automatically based on the load. Most of the firewall algorithm supports the same. Some of them are Round Robin , Squid Cache Server , PHP Scripts and more.

What about Multiple Providers
When your internet application gets loaded and your provider is not able to hold the load , the application will fail finally. With the help of Load Balancer it is easy to configure Multiple Provider where it helps the application to be available with several provider where by keeping the system up and available 24/7.

Response Timeout
It is the time configured which indicated the failure of the physical server to respond. The most common way to get the timeout monitored is by pinging or by checking the port is open and active.

Tested LoadBalancer: The following are the some of the tested firewall that are found to be working good with version 10.1.2 and 10.1.3.
F5
Radware
Juniper
CAI Networks
Nortel
Foundary
NetScaler
Crescendo Networks
Cisco

More information follow the link as the above information differ in future.

Oracle Application Server : Need of a Firewall

Oracle Application Server : Need of a Firewall

Rapid growth of application and operating system on internet has indirectly made network security a major concern. Network administrators need to spend more time on analysing the methods and ways to protect the network from threat.

What are the threats ?
Threats are to the confidential information and network resources.

Application Layer Attack
Some of the methods by which the application layer can be attacked are Sendmail , Postscripts , Telnet , File Transfer Protocol , HTML specifications, web browser functionality , HTTP protocols , Java Applets , ActiveX and more.

What is a firewall ?
A firewall is a hardware or software device which is configured to permit, deny, or proxy data through a computer network which has different levels of trust.

Added Security
Deploying a host firewall will be added security to the central firewall mechanism. This deployment will secure the server from the other hosted intranet servers. This is achived by denying and allowing ports between the servers.

Oracle Application Server is secured by itself. Customer running AS must check with Oracle on the CPUs that gets the vunlerability fixed. These CPUs are available on quaterly basis and it is the responsibilty of the Oracle Application Server Administrator to notify customer and apply it at the same quater as delaying will lead to huge backlogs of CPU Patches.

Tested Firewall: The following are the some of the tested firewall that are found to be working good with version 10.1.2 and 10.1.3.
Check Point FW1 NG [version 5.0 SP3]
Cisco Pix 520 [version 6.0(1)]

More information follow the link as the above information differ in future.

Tuesday, September 11, 2007

Oracle Application Server : Secure Deployment

Oracle Application Server : Secure Deployment

When we talk about Internet , the next question will be Security. Earlier applications were mostly maintained internal or in other terms Intra-net. The threat to the Intra-net system is very less and it is mostly the Intra-net users ( employees , administrators ). Present extensive increasing of internet usage has boosted more and more business applications on the internet.

Potential threat to Internet Applications are the attackers. Attackers are highly skilled and knowledged peoples where they probe into the system and cause damage. I am not going to walk through more on the attackers and how they attack.

Internet enabled applications must defend them-self from the threats by deploying well defined security mechanism , such as firewall or other measures. Oracle addresses security widely on two areas , software and hardware security.

Software Security: All Products are Security Vulnerability in some ways. Product companies tries to get rid of the vulnerability by recommending customer to get the version upgraded or by having a security patch applied on the existing environment. Oracle addresses the same with CPU. The term CPU used by Oracle means Critical Patch Update. CPU is bundles of patches released on quarterly basis to provide security fixes for Oracle Products. CPUs continue to be improved to minimize the cost and the risk of implementing a CPU.
I wanted to highlight a best practicer of CPUs , it is Oracle OnDemand. Oracle OnDemand takes up rapid and successful implementation of CPUs across all the hosted customers there by reducing the cost and downtime.

Hardware Security: Server hardware, especially production servers, are typically mounted on racks in server rooms. Server cabinets usually have lockable doors and other known advanced physical security mechanism. Servers which have applications running on the Internet are highly threat for vulnerability. Addressing Hardware Security is achieved by various deployment topology.

In the next few postings I will be discussing on some of the best practices and Oracle recommended topology which enables Oracle Application Server to become a key player on the Internet as an Internet Application with High Security.

Thursday, September 6, 2007

Oracle Application Server : Business Intelligence and Forms

Oracle Application Server : Business Intelligence and Forms

This option installs and configures Business Intelligence and Forms Components. Before beginning this installation the Infrastructure Installation must have been completed.

Business Intelligence and Forms comes with the Oracle Application Server Product and it carries J2EE and WebCache as an additional components for self deployment.
Oracle Application Server Portal , Wireless , Personalization , Reports Services are the other optional components that can be selected at the installation time.

The below screen shot explains the options



The below screen shot explains the components



Portal and Wireless Ports on 10g Release 2 (10.1.2)

Business Intelligence , Forms and Reports are some of the application types that can be deployed.

Supported Programming Language/Methodology are Discoverer or BI Beans with Java , Forms Developer and Reports Developer

Supported Build Time Recommendation are Discoverer Plus OLAP/Relational; JDeveloper with BI Beans (included in Oracle Developer Suite); Portal with Discoverer Portlets

Study at Oracle
Oracle Business Intelligence
Oracle Business Solutions

Oracle Business Intelligence Products
Operational Business Intelligence Applications
Financial Performance Management Applications
BI Foundation and Tools
Data Warehousing

Oracle Business Intelligence Oracle by Example

Business Intelligence Discussion Forums

Oracle Application Server : Portal and Wireless

Oracle Application Server : Portal and Wireless

This option installs and configures Portal and Wireless Components. Before beginning this installation the Infrastructure Installation must have been completed.

Portal and Wireless comes with the Oracle Application Server Product and it carries J2EE and WebCache as an additional components for self deployment.

The below screen shot explains the options



The below screen shot explains the components



Portal and Wireless Ports on 10g Release 2 (10.1.2)


J2EE , Portal , Wireless , Portal with Discoverer Portlets are some of the application types that can be deployed.

Supported Programming Language/Methodology are ADF/SOA , Portal, portlets, omniportlet , Wireless applications , Discoverer Portlets

Supported Build Time Recommendation are JDeveloper , Portal, JPDK , Wireless SDK (part of OracleAS Developer Kits)

Study at Oracle
Portal Center
Portal Integration Solutions

Portal Oracle by Example

Portal Discussion Forums

Oracle Application Server : Infrastructure

Oracle Application Server : Infrastructure

Infrastructure Installation is not mandatory for the J2EE and Web Cache Installation type of the Oracle Application Server Product.
Infrastructure is mandatory for the other options available on the Oracle Application Server Product. Before Installing Portal or Business Intelligence , the Infrastructure Installation must be completed.

What are the components on the Infrastructure Installation ?
Infrastructure has two major components the first one is the Oracle Application Server Metadata Repository and the other is the Oracle Identity Management.

What is Oracle Application Server Metadata Repository ?
Metadata Repository is a pre-defined schema on a database that help in supporting application server products. The product which requires the Metadata Repository are Identity Management , Portal , Wireless , Reports , Forms and Business Intelligence.

Ways to build Metadata Repository
Metadata Repository can be build in two ways. One that comes with the Infrastructure Installation. This option creates a database and installs the repository on top of it. The other method is to install the repository on an existing database using the OracleAS Metadata Repository Creation Assistance. This option helps to build the metadata repository on a High Availability System.

Other useful related document for Metadata Repository with Repository Creation Assistance.
Troublesooting OracleAS Metadata Repository Creation Assistant
Deregistering and Removing OracleAS Metadata Repository

What is Oracle Identity Management ?
Oracle Identity Management allows enterprises to manage end-to-end life cycle of user identities across all enterprise resources both within and beyond the firewall. It is a member of Fusion Middle Ware Family.

The following are the Components which are available on the Oracle Identity Management option.
Oracle Internet Directory
Oracle Application Server Single-SignOn
Oracle Application Server Delegated Administration
Oracle Application Server Directory Integration
Oracle Application Server Certificate Authority
High Availability and Replication

Oracle Application Server Infrastructure Detailed

There are three option available on the Installation and the below screen shot explains the options



First option is Identity Management and Metadata Repository. This option enables to install both the components on a single server. The first step installs Database , installs the metadata repository to top of the database and then installs the Identity Management Server.

The below screen shot explains the components



Second option is Identity Management alone. This option enables to configure and install Oracle Internet Directory and Certificate Associates. Before starting with the Installation , Oracle Application Server Metadata Repository must be installed prior. This option is widely used to install Identity Management on a separate Resource.

The below screen shot explains the components



Third option is Metadata Repository alone. This option installs a database and then installs the metadata repository. There are no additional components with this installation type. This options is used to install metadata repository on a separate resource.

The below screen shot explains the component


Infrastructure Ports on 10g Release 2 (10.1.2)

Next I will be targeting on the
Portal,Wireless,BI,Forms and Reports Topology

Wednesday, September 5, 2007

Oracle Application Server : J2EE and WebCache

Oracle Application Server : J2EE and WebCache Installation

This option installs and configures HTTP Server , OC4J Container for J2EE , Web Services and Web Cache.
Oracle Installation recommends atleast 512 MB of Memory. This Installation type does not require a Database.

The below screen shot explains the option



The configuration screen comes with additional option for the Installation.

HTTP Server and OC4J are mandatory components for this installation.
Whereas WebCache , Farm Repository and Identity Managment Access (SSO Enable option) are optional.

The below screen shot explains the option




J2EE and OracleAS Web Cache Ports on 10g Release 2 (10.1.2)

For the URL refer to setupinfo.txt in the install directory of the Oracle Home.

Some of the Application that can be developed for Deployment in Oracle Application Server are
Java and J2EE
Web Services
XML
PL/SQL

Programming Language/Methodology : JSP, Swing, Applets

Build Time Recommendation : JDeveloper

Study at Oracle
Oracle Containers for Java EE

Oracle by Example
Design, Develop, and Deploy J2EE Applications
Cache Web Applications Using OracleAS Web Cache

J2EE and WebCache
Discussion Forums

Monday, September 3, 2007

Oracle Application Server Installation

Oracle Application Server Installation

There are four types of edition available to meet the middleware need.
Enterprise Edition , Standard Edition , Standard Edition One and Java Edition.

Detailed description of the editions are discussed in detail at Application Server Family

Also the URL has a detailed map of what and which product is available in which edition.

Let me start with the Installation

The following are the different kinds of Installation that could be performed

Java Developer Topology :
J2EE and Webcache makes this Topology. On this deployment we can have any desired application which falls within the J2EE Technology.
Oracle Application Server provides a fully integrated J2EE (Java 2 Platform, Enterprise Edition) compliant platform to develop and deploy Internet applications, Web sites, portals, or browser-based applications.

Portal,Wireless,BI,Forms and Reports Topology :
Portal helps in building a browser based environment for building and deploying summaried version of application and web contents in defined regions of the page.

Wireless helps in building interfaces for mobile users

Business Intelligence helps in building intelligent reports and data that helps the day to day business activity.

Forms helps in building interfaces that enables user work with data like adding new information and editing the same.

Reports helps in building reports and delivering in different format with features like scheduling and emailing.

The most important component for the above installation is the Infrastructure Database. It comes with a new database and a new Oracle Internet Directory

Once the Infrastructure Database is setup we can deploy the other toplogy on top of it. The components are optional and it can be choosen during the installation.

Most of the setup has the combination like portal with wireless or Business Intelligence with Forms & Reports.

I am going to cover the enterprise edition installation.

Version Used : AS 10.1.2.0.2

There are two important installation screens , Product and Installation Type

Product Screen :

This is the first screen which prompts to select the product. There are three products available.
1. Oracle Application Server 10g which is also know as the middle tier. With this option we can have the components like HTTP Server , OC4J , WebCache , Portal , Wireless , Reports , Forms and Discoverer.

2. Oracle Application Server Infrastructure , with this option we can have Identity Managment services and Metadata Repository for Oracle Application Server. This option creates a new database and a new OID. Other components included are Single SignOn Server and Certificate Authority.

3. Oracle Application Server Developer Kit , with this option we can have API's and Developer Kit.

Below you can see a screen shot of the Product Screen.



Further I will be discussing on the different types of Installation

J2EE and WebCache
Infrastructure Database and OID Setup
Portal and Wireless
Business Intelligence and Forms

Overview of Oracle Application Server

Overview of Oracle Application Server

It is a part of Oracle's Fusion Middleware technology stack.Oracle HTTP Server and OC4J Containers make up the Application Server.

Detailed explanation for Application Server from Oracle

"Oracle Application Server is a completely standards-based application server that provides a comprehensive and fully integrated platform for running Web sites, J2EE applications, and Web services. It addresses all the challenges that you face as you refine your business processes to become an e-business."

"Oracle Application Server provides full support for the J2EE platform, XML, emerging Web services, and grid standards. With Oracle Application Server you can simplify information access for your customers and trading partners by delivering enterprise portals, which can be customized and accessed from a network browser or from wireless devices. It allows you to redefine your business processes, and integrate your applications and data sources with those from your customers or partners. You can deliver tailored customer experiences via real-time personalization, and assess and correlate customer navigation, purchasing, ratings, and demographic data."

"Oracle Application Server allows you to save on Web site infrastructure by deploying your fast, scalable Internet applications through built-in Web caching, load balancing and clustering capabilities. "

Further I will be covering on the Installation Part and then go in detail with some tips , tricks , scripts and examples that I have come across.

Oracle Fusion Middleware

Oracle Fusion Middleware is a portfolio of leading, standards-based and customer-proven software products that spans a range of tools and services from J2EE and developer tools, to integration services, business intelligence, collaboration, and content management.

This comprehensive and well-integrated family of products offers complete support for development, deployment, and management of Service-Oriented Architecture. Oracle Fusion Middleware's hot-pluggable architecture allows you to leverage your investments in any existing application, system, or technology. And because maximum uptime is good for business, the unbreakable qualities of Oracle Fusion Middleware's core technology minimize the disruption of planned or unplanned outages.

My further posting will be covering some of the key components of the Oracle Fusion Middleware Family

Popular Posts