Oracle Application Server : Internet-Firewall-DMZ-Firewall-Intranet
All Internet Applications are generally deployed with the known accepted concept "Internet-Firewall-DMZ-Firewall-Intranet".
An overview of this concept is below;
What is a DMZ ?
A DMZ (Demilitarized Zone) is a zone which is lies between the Internet and the Intranet seperated by Firewall at both the ends. The firewall between the DMZ Zone and the Internet is called as an Internet Firewall and the firewall between the DMZ Zone and the Intranet is called as an Intranet Firewall. In Oracle Application Server environment , the firewall between the DMZ Zone and the Infrastructure Metadata Database is know as Infrstructure Firewall.
In DMZ Architecture Configration the following holds;
- All incoming trafic first crosses and gets processed by the DMZ Hardware and no site resouces are directly connected to the internet.
- The internet to DMZ firewall does not allow any incoming trafic that has sender address of the DMZ Hardware.
- The internet to DMZ firewall allows IP and Ports that are related to the site applications.
- The DMZ to intranet firewall allows only trafic that has a DMZ sender address
- The DMZ to intranet firewall allows only restricted access to IP and Port based on specific protocols.
What must DMZ zone satisfy ?
All internet trafic that comes in must be processed by the DMZ HTTP Server connected to the Internet.
The below picture explains the Oracle Application Server components that must reside in the DMZ Zone
Oracle HTTP Server
Oracle Single Sign-On Server
Secured HTTP ( HTTPs )
Oracle Internet Directory ( If required )
Direct Access to the HTTP Server CPU should be avoided. Hackers focus on these servers to make a path way into the Intra net site from the DMZ Zone.
Secured Deployment of Oracle Application Server
Oracle application server components should be distributed well on the web tier and the database tier. Web application components (Identity Management components such as HTTP Server , Single Sign-On and Delegated Administration Services )
should reside on the external DMZ and the database components ( Oracle Internet Directory and Directory Integration Platform) should reside behind the internal or the external DMZ.
I will be discussing on the same in details in the upcomming topics.
Options ABANDON and RESTART adop phase=apply patches=10721639 abandon=yes Used to specify whether to restart the previous run of a...
FS_CLONE Phase It is a stand-alone command used for file system cloning. Standard cloning (using adcfgclone.pl) cannot be used to synch...
Abort Phase If for some reason either the prepare or apply phase failed or gave problems, you can abort the patching cycle. After runnin...
Scenario You have noticed that the on the patch edition there are lot of patches applied. You did the cutover and now customer wants t...
Cleanup Phase Drops now-redundant columns and other objects which are not required after the cutover phase. It is important that we do n...
Scenario You have been asked to apply a patch and you start with the first phase “PREPARE”. Background Customer has recently...
Scenario You have been asked to apply a patch and you completed the prepare phase and apply phase. Now customer has given a downtime f...
FMW 11g Upgrade Master Index After upgrading Discoverer and Portal to 11g logging on the portal or discoverer results in ORA-7445 in the ...
Ready the instance for cutover Perform the final operations like Compile Invalids , Generate Derived Objects and Pre-compute DDL to be run...
R12.2 Highlights This release is largely focused on providing new technology stack components, new configuration options, and new syst...