Tuesday, January 26, 2016

Oracle E-Business Suite SSL setup with F5 Load balance Big IP


The BIG-IP system provides intelligent traffic management and fail-over for Oracle E-Business Suite application servers. Through advanced health checking capabilities, the BIG-IP LTM recognizes when resources are unavailable or under-performing and directs traffic to another resource.

The BIG-IP LTM can also track Oracle E-Business Suite Application Server end-user sessions, enabling the application server to maintain client session data. The following diagram shows an example deployment with Oracle E-Business Suite and the BIG-IP LTM system.



Steps to do by F5 Network Admin.
1.       Creating a HTTP health monitor
§  . On the Main tab, expand Local Traffic, and then click Monitors. The Monitors screen opens.
§  Click the Create button. The New Monitor screen opens.
§  In the Name box, type a name for the Monitor. In our example, we type oracle-erp-http
§  From the Type list, select HTTP
§  The HTTP Monitor configuration options appear
§  In the Configuration section, in the Interval and Timeout boxes, type an Interval and Timeout. We recommend at least a 1:3 +1 ratio between the interval and the timeout (for example, the default setting has an interval of 5 and an timeout of 16). In our example, we use a Interval of 30 and a Timeout of 91.
§  In the Send String and Receive Rule sections, you can add an optional Send String and Receive Rule specific to the device being checked.
Click the Finished button. The new monitor is added to the Monitor list

Creating the Oracle E-Business Suite pool
 The next step is to create a pool on the BIG-IP LTM system for the Oracle E-Business Suite devices. A BIG-IP pool is a set of devices grouped together to receive traffic according to a load balancing method. To create the Oracle E-Business Suite pool 1. On the Main tab, expand Local Traffic, and then click Pools. The Pool screen opens.
       To create the Oracle E-Business Suite pool
1.       On the Main tab, expand Local Traffic, and then click Pools. The Pool screen opens.
2.       In the upper right portion of the screen, click the Create button. The New Pool screen opens. Note: For more (optional) pool configuration settings, from the Configuration list, select Advanced. Configure these settings as applicable for your network.
3.       In the Name box, enter a name for your pool. In our example, we use oracle-erp.
4.       In the Health Monitors section, select the name of the monitor you created in the Creating a HTTP health monitor section, and click the Add (<button. In our example, we select oracle-erp-http .
5.       From the Load Balancing Method list, select Predictive (node). This is the load balancing method recommended by Oracle.
6.       For this pool, we leave the Priority Group Activation Disabled
7.       In the New Members section, make sure the New Address option button is selected
8.       In the Address box, add the first server to the pool. In our example, we type 10.133.17.150
9.       In the Service Port box, type the appropriate port for your Oracle E-Business Suite server. In our example, we type 8000.
10.    Click the Add button to add the member to the list.
1.       Repeat steps 9-11 for each server you want to add to the pool. In our example, we repeat these steps once for 10.133.17.151.
2.       Click the Finished button (see Figure 1.3).
Creating Oracle E-Business Suite profiles

Creating an HTTP profile The first new profile we create is an HTTP profile. The HTTP profile contains numerous configuration options for how the BIG-IP LTM system handles HTTP traffic. For deployments where the majority of users accessing Oracle Portal are connecting across a WAN, F5 recommends enabling compression and caching on the BIG-IP LTM by using a profile introduced in BIG-IP version 9.4 called http-wan-optimized-compression-caching (if you are using LTM version 9.4.2 or later, we recommend using http-acceleration). This profile uses specific compression and caching (among other) settings to optimize traffic over the WAN. Note that to properly use this profile, you need to have compression and caching licensed on the BIG-IP LTM. For more information on licensing, contact your sales representative. If you are not using version 9.4, or do not have compression or caching licensed, you can choose the default HTTP parent profile, or one of the other optimized HTTP parent profiles.

To create a new HTTP profile
1. On the Main tab, expand Local Traffic, and then click Profiles. The HTTP Profiles screen opens.
2. In the upper right portion of the screen, click the Create button. The New HTTP Profile screen opens.
3. In the Name box, type a name for this profile. In our example, we type oracle-erp-http-opt.
4. From the Parent Profile list, select http-wan-optimized-compression-caching. The profile settings appear.
5. Check the Custom box for Content Compression, and leave Content List selected. 
6. In the Content List section, add the following items to the existing entries in the Content Type box one at a time, each followed by clicking Include: • application/pdf • application/vnd.ms-powerpoint • application/vnd.ms-excel • application/msword • application/vnd.ms-publisher We add these MIME types to ensure these highly compressible document types are compressed.
7. In the RAM Cache section, click the Custom box for the URI Caching row.
8. From the URI Caching list, select URI List.
9. In the URI box, type the URI of the login, logout and the OA.jsp pages, and then click the Exclude button after each entry. In our example, we type /OA_HTML/AppsLogin, /OA_HTML/AppsLogout, and /OA_HTML/OA.jsp. If your users are accessing the Oracle E-Business Suite implementation through Oracle Portal, you must also exclude: /pls/portal/!PORTAL.wwpro_app_provider.do_object_signon
10. Modify any of the other settings as applicable for your network. In our example, we leave the settings at their default levels. 11. Click the Finished button.

Creating the TCP profiles
The next profiles we create are the TCP profiles. If most of the Oracle E-Business Suite users are accessing the portal via a Local Area Network, we recommend using the tcp-lan-optimized (for server-side TCP connections) parent profile. If the majority of the Portal users are accessing the system from remote or home offices, we recommend using an additional TCP profile, called tcp-wan-optimized (for client side TCP connections). In our example, we leave these profiles at their default levels; you can configure any of the options as applicable for your network. 1 - 9
Creating the LAN optimized TCP profile
 First we configure the LAN optimized profile. If you are not using version 9.4 or do not want to use this optimized profile, you can choose the default TCP parent profile.
To create a new TCP profile
 1. On the Main tab, expand Local Traffic, and then click Profiles. The HTTP Profiles screen opens.
 2. On the Menu bar, from the Protocol menu, click tcp.
3. In the upper right portion of the screen, click the Create button. The New TCP Profile screen opens.
4. In the Name box, type a name for this profile. In our example, we type oracle-erp-tcp-lan.
 5. From the Parent Profile list, select tcp-lan-optimized if you are using BIG-IP LTM version 9.4 or later; otherwise select tcp.
 6. Modify any of the settings as applicable for your network. In our example, we leave the settings at their default levels.
 7. Click the Finished button. Creating the WAN optimized TCP profile Now we configure the WAN optimized profile. Remember, if most users are accessing the portal via the LAN, you do not need to create this profile.
 To create a new TCP WAN optimized profile
1. On the Main tab, expand Local Traffic, and then click Profiles. The HTTP Profiles screen opens.
2. On the Menu bar, from the Protocol menu, click tcp. 

3. In the upper right portion of the screen, click the Create button. The New TCP Profile screen opens.
4. In the Name box, type a name for this profile. In our example, we type oracle-erp-tcp-wan.
5. From the Parent Profile list, select tcp-wan-optimized.
 6. Modify any of the settings as applicable for your network. In our example, we leave the settings at their default levels.
 7. Click the Finished button.
 Creating persistence profile
The final profile we create is a persistence profile. For Oracle E-Business Suite, we use Cookie Persistence in Insert mode, with an Oracle-recommended timeout value of 12 hours.
To create a new cookie persistence profile based on the default profile
 1. On the Main tab, expand Local Traffic, and then click Profiles. The HTTP Profiles screen opens.
2. On the Menu bar, click Persistence. The Persistence Profiles screen opens.
3. In the upper right portion of the screen, click the Create button. The New Persistence Profile screen opens.
 4. In the Name box, type a name for this profile. In our example, we type oracle-erp-cookie.
 5. From the Persistence Type list, select Cookie. The configuration options for cookie persistence appear.
 6. In the Expiration row, check the Custom box. Clear the Session Cookie box, and the Expiration options appear. In the Hours box, type 12. 7. Click the Finished button

Creating a OneConnect profile

The next profile we create is a OneConnect profile. With OneConnect enabled, client requests can utilize existing, server-side connections, thus reducing the number of server-side connections that a server must open to service those requests. This can provide significant performance improvements for Oracle implementations. For more information on OneConnect, see the BIG-IP LTM documentation. In our example, we leave all the options at their default settings. You can configure these options as appropriate for your network.
To create a new OneConnect profile
 1. On the Main tab, expand Local Traffic, and then click Profiles. The HTTP Profiles screen opens.
2. On the Menu bar, from the Other menu, click OneConnect. The Persistence Profiles screen opens.
3. In the upper right portion of the screen, click the Create button. The New HTTP Profile screen opens.
4. In the Name box, type a name for this profile. In our example, we type oracle-erp-oneconnect.
 5. From the Parent Profile list, ensure that oneconnect is selected.
 6. Modify any of the other settings as applicable for your network. In our example, we leave the settings at their default levels.
7. Click the Finished button.

Creating the Oracle E-Business Suite virtual server
 Next, we configure a virtual server that references the profiles and pool you created in the preceding procedures.
To create the virtual server
 1. On the Main tab, expand Local Traffic, and then click Virtual Servers. The Virtual Servers screen opens.
2. In the upper right portion of the screen, click the Create button. The New Virtual Server screen opens.
3. In the Name box, type a name for this virtual server. In our example, we type oracle-erp-vs.
4. In the Destination section, select the Host option button.
5. In the Address box, type the IP address of this virtual server. In our example, we use 10.133.17.201 6. In the Service Port box, type 80.
7. From the Configuration list, select Advanced. The Advanced configuration options appear.
8. Leave the Type list at the default setting: Standard.

9. From the Protocol Profile (Client) list select the name of the profile you created in the Creating the WAN optimized TCP profile section. If you did not create a WAN optimized profile, select the LAN optimized profile as in the following Step. In our example, we select oracle-erp-tcp-wan.
10. From the Protocol Profile (Server) list, select the name of the profile you created in the Creating the LAN optimized TCP profile section. In our example, we select oracle-ebs-tcp-lan.
11. From the OneConnect Profile list, select the name of the profile you created in Creating a OneConnect profile. In our example, we select oracle-erp-oneconnect.
12. From the HTTP Profile list, select the name of the profile you created in the Creating an HTTP profile section. In our example, we select oracle-erp-http-opt (see Figure 1.6). 
13. From the SNAT Pool list, select Automap.
14. In the Resources section, from the Default Pool list, select the pool you created in the Creating the Oracle E-Business Suite pool section. In our example, we select oracle-ebs.
15. From the Default Persistence Profile list, select the persistence profile you created in the Creating persistence profile section. In our example, we select oracle-erp-cookie
16. Click the Finished button. The BIG-IP LTM configuration for the Oracle E-Business Suite configuration is now complete.



For Oracle ERP to run on Load Balancer with SSL enabled, the following configuration changes are to be done at ERP level :

1.      Login to Application Nodes and change the following parameters in the Context File (xml):
a.       Parameter : s_webentryurlprotocol
                                                  Value : https

b.      Parameter : s_webentryhost
 Value : virtaul_hostname

c.       Parameter : s_webentrydomain
 Value : company.com

d.      Parameter : s_active_webport
 Value : 443

e.      Parameter : s_login_page
 Value : https://XXXXXX.com/OA_HTML/AppsLogin

f.        Parameter : s_external_url
Value : https://xxx.com

g.       Parameter : s_enable_sslterminator
Value : remove the '#'

2.      Run autoconfig on all the application nodes one by one.
                        cd $ADMIN_SCRIPTS_HOME
                        ./adautocfg.sh
                        Enter apps password when prompted

3.      Start Application services, check Application access with the load balance URL.

Posted by at

1 comment:

  1. kamel khelifiDecember 3, 2019 at 6:02 AM

    hello
    good papier document.
    could you give us an example for example wiche value we should put in these two parameters:

    e. Parameter : s_login_page
    Value : https://XXXXXX.com/OA_HTML/AppsLogin

    f. Parameter : s_external_url
    Value : https://xxx.com


    XXXXXX?
    and
    xxx?

    regards
    kamal

    ReplyDelete

Subscribe to: Post Comments (Atom)