Oracle Application Server : Secure Deployment
When we talk about Internet , the next question will be Security. Earlier applications were mostly maintained internal or in other terms Intra-net. The threat to the Intra-net system is very less and it is mostly the Intra-net users ( employees , administrators ). Present extensive increasing of internet usage has boosted more and more business applications on the internet.
Potential threat to Internet Applications are the attackers. Attackers are highly skilled and knowledged peoples where they probe into the system and cause damage. I am not going to walk through more on the attackers and how they attack.
Internet enabled applications must defend them-self from the threats by deploying well defined security mechanism , such as firewall or other measures. Oracle addresses security widely on two areas , software and hardware security.
Software Security: All Products are Security Vulnerability in some ways. Product companies tries to get rid of the vulnerability by recommending customer to get the version upgraded or by having a security patch applied on the existing environment. Oracle addresses the same with CPU. The term CPU used by Oracle means Critical Patch Update. CPU is bundles of patches released on quarterly basis to provide security fixes for Oracle Products. CPUs continue to be improved to minimize the cost and the risk of implementing a CPU.
I wanted to highlight a best practicer of CPUs , it is Oracle OnDemand. Oracle OnDemand takes up rapid and successful implementation of CPUs across all the hosted customers there by reducing the cost and downtime.
Hardware Security: Server hardware, especially production servers, are typically mounted on racks in server rooms. Server cabinets usually have lockable doors and other known advanced physical security mechanism. Servers which have applications running on the Internet are highly threat for vulnerability. Addressing Hardware Security is achieved by various deployment topology.
In the next few postings I will be discussing on some of the best practices and Oracle recommended topology which enables Oracle Application Server to become a key player on the Internet as an Internet Application with High Security.
The voice in my head may not be real , but they have some good ideas !!!
Fail Fast, Fail Forward, Fail Often, Fail Better , Standup Every Time
Every problem has at least one solution. Only some solutions are harder to find.
Tuesday, September 11, 2007
Popular Posts
-
FS_CLONE Phase It is a stand-alone command used for file system cloning. Standard cloning (using adcfgclone.pl) cannot be used to synch...
-
[oracle@testebsop3app01 ~]$ perl /u01/install/APPS/fs1/EBSapps/comn/clone/bin/adcfgclone.pl appltop /u01/install/APPS/fs1/inst/apps/SATURN_...
-
Abort Phase If for some reason either the prepare or apply phase failed or gave problems, you can abort the patching cycle. After runnin...
-
PRVG-2031 : Owner of file "/u01/app/oracle/diag/crs/rac01/crs/lck" did not match the expected value on node "HOST1". [Ex...
-
As a green field expert in data science, you would be responsible for designing and implementing data science projects from scratch. This i...
-
Suddenly all production reports in BI Publisher failed with message " ORA-01017: invalid username/password; logon denied" The da...
-
If you are an EBS administrator the first thing some asks you to do a health check of an environment , you return to him with a Request ID o...
-
EBS 12.2 ADOP Cycle Errors During Validation Cannot open XML file for load ADOP cycle will have validation errors in some cases. *****...
-
ADOP patching on a downtime mode with [ERROR] Patch service is not exist or running Please note , if you get ADOP issues on PROD ple...
-
Let me start telling a story , "Once upon a time there lived a great ♚EBS 12.2 instance , it was very kind to the DBAs and one fine day...