Scribd
Upload
154 views

DMZ Configuration

1. The DMZ configuration implements a load balancer, reverse proxy server, and external backend server with the applications and database tiers separated. 2. Key steps include configuring the context file on the external backend server to point to the public URL, updating agent profiles on the DMZ server to reference the public URL, and verifying basic navigation works over the public URL. 3. Troubleshooting firewall issues was noted as the most complex part of implementing the DMZ configuration.

Uploaded by

riyazit
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
154 views

DMZ Configuration

1. The DMZ configuration implements a load balancer, reverse proxy server, and external backend server with the applications and database tiers separated. 2. Key steps include configuring the context file on the external backend server to point to the public URL, updating agent profiles on the DMZ server to reference the public URL, and verifying basic navigation works over the public URL. 3. Troubleshooting firewall issues was noted as the most complex part of implementing the DMZ configuration.

Uploaded by

riyazit
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 2

DMZ configuration R12

DMZ configuration Implemented DMZ for the project, its not very difficult to implement but bit complex to troubleshoot.Most complex on troubleshooting firewall issue. My architecture goes like this LB -> Load balancer RP -> Reverse Proxy server LB >RP>EBS(ISUPPLIER NODE) (APPS TIER) > EBS (db tier) Load balancer Not much involvement, F5 load balancer asked sysadmin to point to reverse proxy URL on port 8080. Reverse proxy server Installed standalone OHS (oracle HTTP server), I had trouble while redirection because I chosen a wrong software OAs (Oracle Application server) Test from RP > EBS .. telnet <EBS host> port number EBS - Mostly context file changes Create Context File - create /{inst_name}/inst/apps/ $INST_NAME_$dmz_hostname/appl/admin folder for new MT server - copy context file from Private MT server into the above location with new name. - Modify the context file as under: - change all the references to Private MT server to Public MT server, except the following: s_cphost s_javamailer_imaphost s_wfhost s_smtphost s_mwahost - change following parameters for the Public URL # webentryhost: company (public URL) # webentrydomain: domain.com (public URL) # login_page: https://company.domain.com/oa_servlet/AppsLogin

#s_external_url:https://company.domain.com # s_active_webport : 443 login to the private mt server as ap{inst_name}. Run the following command (replace the apps-schema-name/appspasswd with actual values) sqlplus <apps-schema-name>/<apps-passwd> @<FND_TOP>/patch/115/sql/txkChangeProfH.sql SERVRESP Change the Node Trust Level Profile Option - add node to fnd_nodes using the Sysadmin > Install > nodes - update Node Trust Level profile option for that node as External - Assign Self Service Responsibilities to sysadmin Set Responsibility Trust Level 9) Update Agent profiles as DMZ server level to point to DMZ URL . Login as system Admin Resp Profiles Select DMZ server name and search for required profiles . Application Framework Agent Applications Web Agent Applications JSP Agent Apps Servlet Agent

Update URL for DMZ host to point to DMZ URL. Do not update URL at site level ! Run adconfig as under: adconfig.sh contextfile=/{inst_name}/inst/apps/ $INST_NAME_$dmz_hostname/appl/admin/ $INST_NAME_$dmz_hostname.xml appspass=apps run=INSTE8_SETUP Verify DMZ Setup. - start all services on dmz server (keep the private mt down) - loging to the DMZ url - browse through the links to see if the basic navigation works fine.

You might also like