Your SlideShare is downloading. ×
Fusion Applications Bare Metal Provisioning - Lessons Learned
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Fusion Applications Bare Metal Provisioning - Lessons Learned

146
views

Published on

Published in: Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
146
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
4
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. ©2012TietoCorporation Companyconfidential Fusion Applications Bare Metal Provisioning Lessons Learned Andrejs Karpovs Lead Oracle Apps DBA Tieto andrejs.karpovs@tieto.com
  • 2. © 2012 Tieto Corporation Companyconfidential About me • Lead Oracle Apps DBA at Tieto Latvia • R12 OCP, 11g RAC OCE, 11g OCM, WLS OCA • Masters Degree in Computer Science • Speaker» UKOUG 2012, UOGH 2012, OUG_IRE 2012, LVOUG 2011 • Twitter: @AndrejsKarpovs • Blog: adbaday.wordpress.com 2013-10-152
  • 3. © 2012 Tieto Corporation Companyconfidential Fusion Apps Installation Options • Bare metal • On-premise, from scratch • Installation takes ~2 weeks • OVM template based • Templates shipped from Oracle • Installation takes 3 days • FSCM+H, CRM, HCM templates available • Oracle Cloud Applications (SaaS) 3 2013-10-15
  • 4. © 2012 Tieto Corporation Companyconfidential My UNSuccess Story • My company decides to build their own Fusion Apps POC environment • Fusion Applications: Installation and Administration, Redwood Shores, SFO4 2013-10-15
  • 5. © 2012 Tieto Corporation Companyconfidential Expectation • Install Fusion Applications from scratch • Understand all requirements and complete prerequisites • Fusion Apps Know-how 5 2013-10-15
  • 6. © 2012 Tieto Corporation Companyconfidential Result 6 2013-10-15 So are you ready to install Fusion Apps? My Boss Me
  • 7. © 2012 Tieto Corporation Companyconfidential Reality • 90% of Fusion Applications bare metal provisioning is related to Identity and Access Management. This is the base platform and main prerequisite • Identity and Access Management is not covered in the course • NEW! There is a separate course for that «Fusion Applications: Install And Configure Identity Management» • Bugs • IdM is the root cause mostly 7 2013-10-15
  • 8. © 2012 Tieto Corporation Companyconfidential Recommendation I 8 2013-10-15
  • 9. © 2012 Tieto Corporation Companyconfidential Why IdM? • Fusion Apps is truly build on modern Oracle middleware platfrorm • Fusion Apps leverages FMW’s service-oriented security to protect access to resources • For large-scale enterprise environments, FA takes advantage of IdM’s services, thus abstracting security from the applications, and administering the enterprise environment from a single point of control 9 2013-10-15
  • 10. © 2012 Tieto Corporation Companyconfidential Consequences • Every Fusion Apps customer will become a Fusion Middleware Security Customer • Independent set of products that must be actively managed • Mission critical. The IDM components of Fusion Applications are mission critical. If something is not working properly (or God forbid, aren’t working at all) then neither is Fusion Apps. It is that simple. • IdM Skill Sets are required • Oracle recommends separating Apps DBA’s and IdM experts 10 2013-10-15
  • 11. © 2012 Tieto Corporation Companyconfidential 11 2013-10-15 IdMArchitectureforFA
  • 12. © 2012 Tieto Corporation Companyconfidential Setup challenges • Complex architecture • Lot of hosts involved • Highly available • Lots of components • Needs intensive planning 12 2013-10-15
  • 13. © 2012 Tieto Corporation Companyconfidential Where to start? 13 2013-10-15
  • 14. © 2012 Tieto Corporation Companyconfidential Disclaimer • Not for Production deployments (Oracle Doc in for Prod) • POC and evaluation • Getting to know the overall process and training 14 2013-10-15
  • 15. © 2012 Tieto Corporation Companyconfidential Lesson I – Leverage Virtualization Server Role vCPU RAM (GB) Storage (GB) Identity Management 8 32 150 IdM DB 8 16 100+ Fusion Apps 8 150+ 500 Fusion Apps DB 8 32 100+ TOTAL 32 230+ 850+ 15 2013-10-15 Isolate IdM and Fusion DB’s
  • 16. © 2012 Tieto Corporation Companyconfidential Download the latest version from e-delivery 16 2013-10-15 All required components will be there!
  • 17. © 2012 Tieto Corporation Companyconfidential Lesson II – Start with right Docs • Oracle® Fusion Applications Release Notes 11.1.x • Contains all additional prereqs and patches for IdM • Check for the latest version of document in MoS • Oracle® Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management (Oracle Fusion Applications Edition) • Oracle® Fusion Applications Installation Guide 11.1.x • Check for your installation version (most likely the latest one) 17 2013-10-15
  • 18. © 2012 Tieto Corporation Companyconfidential Create your own step-by-step 18 2013-10-15
  • 19. © 2012 Tieto Corporation Companyconfidential Create your own step-by-step 19 2013-10-15
  • 20. © 2012 Tieto Corporation Companyconfidential The right approach 1. Install all the software from EDG for IdM (FA) – Do not configure 2. Apply all the patches and workarounds from Release notes 1. Check the patch README’s for Post Steps 3. Start the components 1. Apply the patch Post Steps 4. Follow the further steps from documentation 20 2013-10-15
  • 21. © 2012 Tieto Corporation Companyconfidential Get Ready! 21 2013-10-15 APM OID OIM OAM OHS
  • 22. © 2012 Tieto Corporation Companyconfidential What FMW Is In Fusion Apps • OPSS (Oracle Platform Security Services) provides the fine grained authorization for the application in Fusion Apps as well as an assortment of other functions such as LDAP connectivity and key management (security foundation). • APM (Authorization Policy Manager) graphical user- interface console for managing OPSS based authorization policies. APM was specifically designed to support FA security policies using a centrally managed approach 22 2013-10-15
  • 23. © 2012 Tieto Corporation Companyconfidential IdM components in Fusion Apps • ODS (Oracle Directory Services) • OID (Oracle Internet Directory) – identity data/OPSS security policies • OVD (Oracle Virtual Directory) – go-between layer for user stores when OID is not being used (Microsoft AD, third party ldaps) • OIM (Oracle Identity Manager) – administer user access privileges across resources • OAM (Oracle Access Manager) – provides authentication and SSO • Webgate - intercept access requests to resources, check for a pre-existing authentication, validate credentials, and authenticate users. 23 2013-10-15
  • 24. © 2012 Tieto Corporation Companyconfidential IdM components in Fusion Apps • OWSM (Oracle Web Services Manager) - provides web services security (WS-SEC) for both FA internal web services communication and the external web services interfaces to FA. • OHS (Oracle HTTP Server) - serves as the web tier for Fusion Apps • Front end for IdM • Front end for FA • SOA Suite – workflow engine used in user provisioning OIM 24 2013-10-15 Webgate OAM
  • 25. © 2012 Tieto Corporation Companyconfidential Recommendations: Plan • Network Considerations: Virtual Hostnames and IPs • admin.mycompany.com • oiminternal.mycompany.com • sso.mycompany.com • policystore.mycompany.com • idstore.mycompany.com • SSL? • Load Balancers? • Topology / Nodes? 25 2013-10-15
  • 26. © 2012 Tieto Corporation Companyconfidential Recommendations: Plan • Directory (File System) Structure • Database • OID • Policy store • Identity store • OIM related products (OIM, OAM, OIF) • RAC or Non RAC • OVD (third party ldap) and OIF (federation single sign-on) 26 2013-10-15
  • 27. © 2012 Tieto Corporation Companyconfidential Recommendations: Plan • Weblogic Servers • Clustered • Non Clustered • Communication mode • Open • Simple • Certificate • Authentication and authorization policies • You can end up with one host for everything 27 2013-10-15
  • 28. © 2012 Tieto Corporation Companyconfidential 28 2013-10-15
  • 29. © 2012 Tieto Corporation Companyconfidential Recommendations: Simplify • Maintain a table 29 2013-10-15 EDG Node Name Components Physical host WEBHOST OHS webhost1.mycompany.com WEBHOST 2 OHS webhost2.mycompany.com IDMHOST WLS, OAM, ODSM, EM idm1.mycompany.com IDMHOST 2 OAM, ODSM, EM idm2.mycompany.com OIMHOST OIM, SOA oim1.mycompany.com OIMHOST 2 OIM, SOA oim2.mycompany.com … … … idmsuite.mycompany.com idmsuite.mycompany.com idmsuite.mycompany.com
  • 30. © 2012 Tieto Corporation Companyconfidential Recommendations: Simplify • And 30 2013-10-15 Virtual Host Maps to sso.mycompany.com sso.mycompany.com oiminternal.mycompany.com oiminternal.mycompany.com admin.mycompany.com idm- fa.admin.mycompany.com policystore.mycompany.com ldap.mycompany.com idstore.mycompany.com ldap.mycompany.com idmsuite.mycompany.com idmsuite.mycompany.com idmsuite.mycompany.com idmsuite.mycompany.com idmsuite.mycompany.com
  • 31. © 2012 Tieto Corporation Companyconfidential Recommendations: Verify • Make sure all services are running (OAM, OIM, ODSM, SOA) • Verify that connection to OID is working (login through ODSM) • Verify that the following users exist • Document all the passwords! 31 2013-10-15
  • 32. © 2012 Tieto Corporation Companyconfidential Recommendations: Verify • Verify the following groups exist • Verify user membership • Verify OAM • Verify OIM • Verify OAM and OIM integration • Verify Webgate is working properly 32 2013-10-15
  • 33. © 2012 Tieto Corporation Companyconfidential Recommendations: Test • oamtest tool (IAM_HOME/oam/server/tester) 33 2013-10-15 Beware of the bug [ID 1345915.1] when using Webgate 11g agent Do not proceed unless it is working
  • 34. © 2012 Tieto Corporation Companyconfidential Provisioning Wizard • Remaining 10% of manual work • Fusion DB host: • Install Provisioning Framework • Start and create Transactional Database • Load metadata using RCU • Fusion Apps host: • Install Provisioning Framework • Create a response file 34 2013-10-15
  • 35. © 2012 Tieto Corporation Companyconfidential Recommendations: Pass • idmConfigTool will generate and append idmDomainConfig.param upon each configuration step • Transfer the file to Fusion Applications server • Open the file during Provisioning wizard 35 2013-10-15
  • 36. © 2012 Tieto Corporation Companyconfidential Recommendations: Execute • Run provisioning wizard with -ignoreSysPrereqs true • Skip failed prerequisites 36 2013-10-15
  • 37. © 2012 Tieto Corporation Companyconfidential Recommendations: Execute • Environment variable PROV_ENCRYPT_DISABLE=TRUE • Clear text passwords in response file • Helps in troubleshooting 37 2013-10-15
  • 38. © 2012 Tieto Corporation Companyconfidential Recommendations: Execute • 7 provisioning stages • a 38 2013-10-15
  • 39. © 2012 Tieto Corporation Companyconfidential Recommendations: If it goes wrong… 39 2013-10-15 • Consult the Release notes for known issues • Search in MoS for related notes/bugs • Log an SR [Fusion Applications Toolkit] • Try to understand the scope of the problem • Assign to the right team for troubleshooting
  • 40. © 2012 Tieto Corporation Companyconfidential Recommendations: As the last resort • Modify the provisioning phaseguards • DISCLAIMER: You should NEVER touch the phaseguards unless you are sure you know what you are doing • MoS [1516819.1] • Delete the phaseguard file APPLICATIONS_CONFIG/phaseguards/validate-<host name>- FAILED.grd • Create zero byte files validate-<host name>-COMPLETED.grd and validate-<host name>-ENDED.grd • Go back to the Provisioning Wizard. The Next button should be enabled to go to the Summary phase. 40 2013-10-15
  • 41. © 2012 Tieto Corporation Companyconfidential Summary • If you have a possibility, attend or have your technicians attend the correct course (IdM) • Plan your infrastructure (use virtualization) • Simplify your setup if applicable • Download the latest FA version and use the correct documentation • Skip the ignorable prerequisite failures 41 2013-10-15
  • 42. © 2012 Tieto Corporation Companyconfidential Success 42 2013-10-15
  • 43. © 2012 Tieto Corporation Companyconfidential Success 43 2013-10-15
  • 44. © 2012 Tieto Corporation Companyconfidential Useful links • http://fusionsecurity.blogspot.com • http://www.oracle.com/technetwork/indexes/documentation/i ndex.html#fusion_applications • http://fusionapplications-ateam.blogspot.com/ • Fusion Applications Security Best Practices [1369336.1] 44 2013-10-15
  • 45. ©2012TietoCorporation Companyconfidential 45 2013-10-15