OOW 2009 Using FMW EBS R12

2,159 views
1,943 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,159
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
116
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

OOW 2009 Using FMW EBS R12

  1. 1. Using Fusion Middleware with Oracle E-Business Suite Steven Chan Senior Director, Applications Technology Integration
  2. 2. Topics • Supported Optional External Integrations • In-Depth: Enabling Single Sign-On • In-Depth: Third-Party Access Managers & LDAP Directories • Case Studies • Certification Roadmap Last updated: Oct 14, 2009
  3. 3. Optional External Integrations
  4. 4. Simple Architecture 11i 12 Oracle Application Server • Portal • Single Sign-On • Oracle Internet Directory Firewall • Discoverer • Other Fusion Middleware Components External Users (via VPN) E-Business Suite Application Server Intranet E-Business Suite Firewall Database Internal Users
  5. 5. E-Business Suite Integration with OracleAS 10g 11i • Runs Oracle9i Application Server 1.0.2.2.2 on mid-tier • Runs Release 11i application-tier services such as Forms, Jserv • Integrated with an external stand-alone Oracle Application Server 10g instance for optional services (e.g. Single Sign-On) 12 • Runs Oracle Application Server 10g on mid-tier • Runs Release 12 application-tier services such as Forms, OC4J • Integrated with an external stand-alone Oracle Application Server instance for optional services (e.g. Single Sign-On)
  6. 6. Distributed Architecture 11i 12 Internal Users External OracleAS 10g Oracle Users Infrastructure Internet Directory Database Single Portal Internal EBS Server 10g Sign-On 10g 10g Server Internet Reverse Proxy EBS External Database EBS Server Firewall Firewall Firewall
  7. 7. OracleAS 10g Integration Options 11i 12 1. Access Apps via 8. Accelerate performance with Oracle Single Sign-On WebCache 2. Access Apps via Oracle Access Manager 9. Integrate applications via Oracle SOA Suite 3. Manage users with Oracle Internet Directory 10. Integrate with third-party signon tools 4. Build enterprise mashups with Oracle Web Center 11. Integrate with third-party LDAPs 5. Design custom portals with Oracle Portal 12. Search EBS content with Secure Enterprise Search 6. Analyse data with Discoverer 7. Analyse data with Business Intelligence Applications
  8. 8. External Fusion Middleware Certifications Oracle Application Server 10g Module Release 11i Release 12 Single Sign-On 10.1.4.3 10.1.4.3 Oracle Internet Directory 10.1.4.3 10.1.4.3 Web Center 10.1.3.4 Portal 10.1.4.2 10.1.4.2 Discoverer 10.1.2.3 10.1.2.3 Business Intelligence (EE+) 10.1.3.4 10.1.3.4 Business Intelligence Applications 7.9.6 7.9.6 Web Cache 10.1.2.3 10.1.2.3 Oracle SOA Suite (SOA development) 11.1.1.1 11.1.1.1 BPEL (prepackaged SOA integrations) 10.1.3.4 Secure Enterprise Search 10.1.8.4 10.1.8.4
  9. 9. Other Security-Related Certifications Certified by Fusion Middleware Product Teams 11i 12 Access Manager via OSSO 10.1.4.3 10.1.4.3 Identity Manager 9.1.0.0 9.1.0.0 Enterprise Single Sign-On 10.1.4.0.1 10.1.4.0.1 Identity Federation via OSSO 11.1.1.1 11.1.1.1 Oracle Virtual Directory via OID 11.1.1.1 11.1.1.1
  10. 10. Access Apps via Oracle Single Sign-On 11i 12 E-Business Suite User Application Server Single Sign-On 10g • E-Business Suite is a Single Sign-On partner application • Log on to Oracle Single Sign-On to get access to all registered partner applications, including EBS • Log off any one partner application to log off all of them
  11. 11. Access Apps via Oracle Access Manager 11i 12 Oracle Access E-Business Manager Suite Oracle Single Sign-On • Chain Oracle Access Manager with Oracle Single Sign-On • Support complex third-party single sign-on architectures
  12. 12. Manage Users in Oracle Internet Directory 11i 12 DBMS_LDAP Oracle E-Business Suite Internet FND_USER Directory DIP • Synchronise user credentials bidirectionally between Oracle Internet Directory and E-Business Suite (FND_USER) • Set master “source of truth” as OID, EBS, or both • Manage user provisioning via powerful OID Directory Integration & Provisioning (DIP) templates • Link an OID userid with one or more EBS userids “on-the-fly”
  13. 13. Provision Users with Oracle Identity Manager 11i 12 OID E-Business Suite Oracle LDAP Identity LDAP Manager • Use Oracle Identity Manager as a provisioning hub with third-party user directories and applications • Many connectors available, including OID, E-Business Suite’s FND_USER and HRMS directories
  14. 14. Build Enterprise Mashups using Web Center 12 Web E-Business Center Dashboards Suite 10g Mashups PeopleSoft • Build websites, collaborative applications, and enterprise mashups in Web Center • Add EBS portlets via WSRP 1.0 / JSR-168 • Access one or more E-Business Suite instances • Display data in EBS portlets based on EBS responsibilities
  15. 15. Using Web Center Extension in JDeveloper 12
  16. 16. Design Custom Portals using Oracle Portal 11i 12 E-Business Oracle Suite Portal 10g Apps Portlets • Single Sign-On is a prerequisite • Access one or more E-Business Suite instances from Oracle Portal • Add EBS portlets to custom Portal pages via JPDK • Display data in EBS portlets based on EBS responsibilities
  17. 17. E-Business Suite Portlets 11i 12 • Applications Navigator Access Applications menus based on user responsibilities • Applications Favorites Bookmark specific Applications links for quick access • Applications Worklist Summary of current workflow notifications 11i • Oracle Balanced Scorecard Display status of strategic and tactical business objectives • Performance Management Viewer Display business intelligence key performance indicators in graphical and tabular format
  18. 18. Apps Portlets in Third-Party Portals 12 WSRP 1.0 & JSR-168 compatible portlets: • Application Navigator portlet • Application Favorites portlet • Application Worklist portlet May be used in third-party portals
  19. 19. Custom Portlets for Release 12 12 • Create custom portlets from selected Release 12 OAF Page Regions • WSRP 1.0 / JSR-168 compliant • Oracle Application Framework Developer's Guide Release 12 (Metalink Note 394780.1, Chapter 4, Portlets)
  20. 20. Analyse EBS with BI Applications 11i 12 User OBIEE Data Warehouse OBIEE • Analytic dashboards running on Oracle Business Intelligence Suite Enterprise Edition Plus • Extracts data to external data warehouse • Runs on separate cluster for enhanced scalability, wide deployment
  21. 21. Analyse EBS with BI Applications 11i 12 Drill • Provide end-user reporting via ad hoc queries • Drill-down into data via tabular & graphical analytical tools • Consolidates data Siebel CRM, PeopleSoft Enterprise
  22. 22. Analyse EBS with Discoverer 10g 11i 12 User E-Business Suite End-User Layer Discoverer • Access APPS_MODE End-User Layer via Business Intelligence System Discoverer workbooks secured by Applications responsibilities • Discoverer 10g End-User Layer resides in E-Business Suite database • Run Discoverer on separate cluster for enhanced scalability, wide deployment
  23. 23. Why Upgrade Discoverer 4i to 10g? 11i Tasty Carrots Big Stick It’s better It’s necessary • Automatic SQL trimming, per user • Discoverer 4i was desupported on memory caps, faster, new features October 31, 2006 It’s safe • Installation upgrades a copy of 4i End-User Layer to 10g Upgrade now It’s low-impact • TIP: Run Discoverer 4i and 10g on to avoid different physical servers to avoid Support issues Visibroker conflicts • Compare 4i and 10g workbooks side- by-side for User Acceptance Tests It’s free • Your existing Business Intelligence product license includes 10g
  24. 24. Accelerate Performance with WebCache 11i 12 E-Business Suite User Application Server WebCache 10g • Cache and compress frequently used items • Secured data (I.e. requiring authorization) is not cached • Reduce network consumption and accelerate response time • Can act as a reverse-proxy server or load-balancer • Partial page refresh supported for Portal
  25. 25. Integrate EBS with Third-Party Apps 11i 12 Other E-Business Suite Applications Oracle SOA Suite • Build integrations via Service Oriented Architecture (SOA) technologies • Over 250 adapters for Enterprise Application Integration J2EE and open standards-based integration, including: • E-Business Suite, third-party applications, database sources • XML, JMS, JCA • Web Services: SOAP, WSDL, UDDI • B2B Protocols: RosettaNet, HIPAA, EDI
  26. 26. Integrate with EBS using BPEL 11i 12 Use Oracle BPEL Process Manager to integrate third-party applications via custom business processes
  27. 27. Monitor Business Processes with 11i 12 Business Activity Monitor
  28. 28. Single Sign On Integration
  29. 29. Authentication vs. Authorization Authentication Authorization Oracle E-Business Single Suite Sign-On Identifies data & Identifies the actions the user user can access Checks user Checks user credentials responsibilities
  30. 30. How Single Sign-On Works with EBS EBS Application Server … delegates user authentication to … Oracle Single Sign-On 10g • Unauthenticated users are automatically redirected to Oracle Single Sign-On 10g
  31. 31. How Single Sign-On Works with EBS Overview Oracle Internet Directory 10g User Single Sign-On 10g OracleAS 10g E-Business OID LDAP Directory Suite Application Server E-Business Suite Database
  32. 32. How Single Sign-On Works with EBS User E-Business Suite Application Server • Step 1: Unauthenticated user attempts to access the E-Business Suite
  33. 33. How Single Sign-On Works with EBS User Single Sign-On 10g E-Business Suite Application Server • Step 2: E-Business Suite redirects user to Single Sign-On 10g for authentication
  34. 34. How Single Sign-On Works with EBS Logon Form User Single Sign-On 10g • Step 3: Single Sign-On challenges the user with a logon form
  35. 35. How Single Sign-On Works with EBS Logon Form User Single Sign-On 10g • Step 4: User provides her credentials via the logon form
  36. 36. How Single Sign-On Works with EBS Oracle Internet Directory 10g Single Sign-On 10g • Step 5: Single Sign-On passes user credentials to Oracle Internet Directory for validation
  37. 37. How Single Sign-On Works with EBS Oracle Internet Directory 10g OracleAS 10g OID LDAP Directory • Step 6: Oracle Internet Directory authenticates the user credentials against the OracleAS 10g OID LDAP Directory (in the OracleAS 10g Metadata Repository)
  38. 38. How Single Sign-On Works with EBS SSO Security Token User Single Sign-On 10g • Step 7: Single Sign-On provides the authenticated user with a security token
  39. 39. How Single Sign-On Works with EBS SSO Security Token User E-Business Suite EBS Application Server • Step 8: User is redirected to E-Business Suite, which accepts the SSO security token as proof of an authenticated user
  40. 40. How Single Sign-On Works with EBS E-Business Suite Application Server E-Business Suite EBS Database (FND_USER) • Step 9: E-Business Suite’s application server checks the user’s authorization (i.e Apps responsibilities) in FND_USER
  41. 41. How Single Sign-On Works with EBS Apps Security Token User E-Business Suite Application Server E-Business Suite Database • Step 10: E-Business Suite issues its own Apps security tokens to the user, redirecting her to the requested Apps module
  42. 42. How Single Sign-On Works with EBS Oracle Internet Directory 10g User Single Sign-On 10g OracleAS 10g E-Business LDAP Directory Suite EBS Application Server E-Business Suite Database
  43. 43. Oracle Internet Directory Integration DBMS_LDAP Oracle E-Business Suite Internet FND_USER Directory DIP • Oracle Internet Directory and FND_USER must be kept synchronised • Supported synchronisation directions: • From OID to FND_USER (Asynchronous via the Directory Integration & Provisioning Platform) • From FND_USER to OID (Synchronous via dbms_ldap calls) • Bidirectionally • Synchronisation events are raised via the Workflow-based Business Event System whenever users are added or modified
  44. 44. Link Accounts Oracle E-Business Internet Suite Directory (FND_USER) Userid = “Link Account” Userid = “John.Smith” Global Unique Identifier (GUID) “jsmith” One-time User Registration • Done at setup time by system administrator • Optional: can be done by end-user on first logon (“Link on the fly”) • Useful when existing accounts in Oracle Internet Directory 10g or a third- party LDAP directory differ from existing E-Business Suite accounts
  45. 45. Link to Multiple EBS Accounts E-Business Oracle Suite Internet (FND_USER) Directory Userid = “Link Account” Userid = “John.Smith” “jsmith” Userid = “testuser1” Userid = “testuser2” • Note: It’s not possible to link multiple OID accounts to the same EBS account
  46. 46. Supported 3rd Party Identity Management Integrations
  47. 47. Third-Party Single Sign-On Integration EBS Application Server … delegates user authentication to … Oracle Single Sign-On 10g … delegates user authentication to … Third-Party SSO
  48. 48. Supported Third-Party SSO Integrations Integrate Oracle Single Sign-On with • Windows Native Authentication via Kerberos • CA Entrust, CA Netegrity, IBM Tivoli, RSA • PKI X.509v3 Digital Certificates • Biometric and smartcard systems • Other SSO systems via custom adapters • Oracle Identity Federation • Formerly Oblix COREid Federation • SAML, WS-Federation, Liberty Alliance • Oracle Access Manager • Formerly Oblix COREid Access & Identity
  49. 49. If you already have a third-party LDAP… Third-Party LDAP … synchronizes user attributes with … Oracle Internet Directory 10g … synchronizes user attributes with … E-Business Suite DB (FND_USER)
  50. 50. Available Oracle Internet Directory Connectors • Microsoft Active Directory 2000/2003 • Microsoft Active Directory Application Mode (ADAM) 2003 • Microsoft Exchange 2000/2003 • Sun Java System Directory (Sun ONE / iPlanet) 5.2, 6.3 • Novell eDirectory 8.6 / 8.7 • OpenLDAP 2.2 • Any LDAP directory via LDIF files • Any other directory via custom DIP agent • Oracle Identity Manager • Formerly Thor Xellerate Identity Provisioning • Also integrates directly with E-Business Suite FND_USER & HRMS • Oracle Virtual Directory • Formerly OctetString Virtual Directory Engine
  51. 51. Passwords Stored in Third-Party LDAP Third-Party Oracle E-Business LDAP Internet Database (optional) Directory (FND_USER) User Password X User Password X User Password • Third-party LDAP: • Handles user authentication, usually with a third-party authentication solution • Commonly considered “Master” source-of-truth • Oracle Internet Directory and E-Business Suite take minimal copies of master user definition -- excluding passwords • E-Business Suite doesn’t maintain user passwords in this configuration
  52. 52. How 3rd Party Identity Management Integrations Work
  53. 53. Third-Party Integration Architecture Third-Party LDAP Oracle Third-Party Internet SSO Directory 10g EBS Database (FND_USER) End User Single Sign-On 10g EBS Application Server
  54. 54. User Logs onto Third-Party System Third-Party SSO • Step 1. User provides userid & password to third- party single sign-on system
  55. 55. Third-Party Authenticates User Third-Party LDAP Third-Party SSO • Step 2. Third-party single sign-on sends user’s credentials to third-party LDAP for authentication
  56. 56. Third-Party Grants User Access Third-Party Token Third-Party SSO • Step 3. Third-party single sign-on provides authenticated user with third-party security token
  57. 57. Logged-On User Attempts EBS Access Single Sign-On 10g E-Business Suite • Step 4. User attempts to access E-Business Suite, and is redirected to Oracle Single Sign-On 10g
  58. 58. Oracle SSO Grants User Access SSO Security Token Single Sign-On 10g • Step 5. Oracle Single Sign-On recognizes the third- party security token, then issues its own
  59. 59. EBS Grants User Access Single Apps Sign-On 10g Security Token E-Business Suite • Step 6. User is redirected back to E-Business Suite, which recognizes the SSO security token and issues its own
  60. 60. Third-Party Integration Architecture Third-Party LDAP Oracle Third-Party Internet SSO Directory 10g EBS Database (FND_USER) End User Single Sign-On 10g EBS Application Server
  61. 61. Case Studies
  62. 62. Deployed Widely in Production • Amdocs (Israel) • Guandong Unicom (China) • Inter-Arab Investment Guarantee (Kuwait) • Alcoa (Europe) • International Enterprises (Singapore) • Applied Materials (Israel) • International Institute for Applied Systems • Atento (Norway) Analysis (Austria) • Berwind Pharmaceuticals (USA) • Ireland Dept of Defence • Bunnings (Australia) • Kansas State University • CapGemini / Councils Online (Australia) • Libgo Travel (USA) • Central Bank of Nigeria • Mitac (Taiwan) • Cisco Systems • Phoenix Technologies (USA) • Putrajaya (Malaysia) • Cox Communications (USA) • Telecom Italia Mobile (Italy) • Fiera Milano (Italy) • Texas Instruments (USA) • General Dynamics Land Sys • Universal Weather & Aviation (USA) • General Electric (USA) • Wind River Systems (USA) • Google (USA) • World Wide Technology These are not customer references
  63. 63. Integration with Microsoft Active Directory Only Microsoft Active Directory Oracle Internet Directory 10g EBS Database End (FND_USER) User Single Sign-On 10g EBS Application Server
  64. 64. Integration with Microsoft Active Directory & Kerberos Microsoft Active Directory Microsoft Windows Oracle Native Authentication Internet via Kerberos Directory 10g End EBS User Database (FND_USER) Single Sign-On 10g EBS Application Server
  65. 65. Internal / External Configuration Internal Users External OracleAS 10g Oracle Users Infrastructure Internet Directory Database Single Internal 9iAS Server 10g Sign-On 10g 1.0.2 Server Internet Reverse Proxy Release 11i External Database 9iAS 1.0.2 Server Firewall Firewall Firewall
  66. 66. Highly Available Internal Users Firewall HTTP LBR2 SSO Node 1 External LBR1 Web Web Users Node 3 Node 4 SSO Node 2 Internet Reverse Proxy Web Node 1 RAC 1 RAC 2 OID 1 OID 2 HTTP LBR1 Web Node 2 Shared 11i OracleAS 10g Firewall Firewall Filesystem Infrastructure DB
  67. 67. Desupport Notices
  68. 68. Updated E-Business Suite Baselines New features, patches and certifications released for the current and previous ATG patchset (Note 363827.1) E-Business Suite 12.0 baseline • ATG Release Update Patch 6 (Patch 7237006) • ATG Release Update Patch 4 (Patch 6272680) E-Business Suite 11.5.10 baseline • ATG Rollup Patchset 7 (Patch 6241631) • ATG Rollup Patchset 6 (Patch 5903765)
  69. 69. New Support Policies for Technology Products New patches released for • Current patchset • Previous patchset for 12 months after current patchset Applies to • Quarterly Critical Update Patches (security fixes) • Patch bundles • Interim patches (a.k.a. “one-off” or emergency patches)
  70. 70. Real Examples Database • Database 10.2.0.4 patchset released in February 2008 • Database 10.2.0.3 patchset supported until February 2009 • All previous patchsets (e.g. 10.2.0.2) desupported Fusion Middleware • Oracle Identity Management 10.1.4.3 patchset released in November 2008 • Oracle Identity Management 10.1.4.2 patchset supported until November 2009 • All previous patchsets (e.g. 10.1.4.0.1) desupported
  71. 71. Support Policy References • Oracle Lifetime Support Policy www.oracle.com/support/lifetime-support-policy.html • Database, FMW, EM Grid Control, and OCS Software Error Correction Support Policy (Note 209768.1) • Release Schedule of Current Database Patch Sets (Note 742060.1) • Oracle Application Server 10g Release 2 (10.1.2) Support Status and Alerts (Note 329361.1)
  72. 72. Implications for E-Business Suite Users Articles on blogs.oracle.com/stevenChan • On Database Patching and Support: A Primer for E-Business Suite Users • On Apps Tier Patching and Support: A Primer for E-Business Suite Users
  73. 73. External Application Tier Desupport Notices • Discoverer 4i Oct 2006 • Login Server 3.0.9 July 2007 • Portal 3.0.9 July 2007 • Oracle Internet Directory 3.0.1 July 2007 • Oracle Application Server 10.1.2.2 Mar 2009 (incl. Portal, Discoverer, WebCache) • Single Sign-On / OID 10.1.4.2 Nov 2009 “Desupport” = “End of Premier Support”
  74. 74. Certification Roadmap
  75. 75. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
  76. 76. Future Application Tier Certifications E-Business Suite Release 11i Both 11i & 12 • Developer6i Forms • Oracle Access Manager 10gR3 Patchset 20 (direct integration with EBS) • Oracle Internet Directory 11g E-Business Suite Release 12 • Discoverer 11g • SOA Suite 10.1.3.5 • Portal 11g • BPEL 10.1.3.5 • Web Cache 11g • OC4J 10.1.3.5 • Java SE (JDK) 7 • Web Center 11g
  77. 77. Oracle Access Manager & Oracle Internet Directory Oracle Internet Directory 10g or 11g User Oracle Access Manager 10gR3 OID LDAP E-Business Directory Suite Application Server E-Business Suite Database
  78. 78. Still Bubbling in the Labs • Generate portlets based on selected OA Framework regions (R12 only) • Server-level configuration of authentication mechanism (i.e. different authentication tools for internal vs. external users)
  79. 79. The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
  80. 80. OracleAS + E-Business Suite Resources • Application Server + 11i FAQ Note 186981.1 • 11i Documentation Roadmap Note 207159.1 • Application Server + R12 FAQ Note 415007.1 • R12 Documentation Roadmap Note 380482.1
  81. 81. E-Business Suite Technology Stack Blog blogs.oracle.com/stevenChan • Direct from EBS Development • Latest EBS techstack news • Certification announcements • Primers, FAQs, tips • Desupport reminders • Advanced architectures • Statements of Direction • Early Adopter Programs • Subscribe via email & RSS

×