• Like
  • Save
OOW 2009 Using FMW EBS R12
Upcoming SlideShare
Loading in...5
×
 

OOW 2009 Using FMW EBS R12

on

  • 1,911 views

 

Statistics

Views

Total Views
1,911
Views on SlideShare
1,911
Embed Views
0

Actions

Likes
0
Downloads
81
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    OOW 2009 Using FMW EBS R12 OOW 2009 Using FMW EBS R12 Presentation Transcript

    • Using Fusion Middleware with Oracle E-Business Suite Steven Chan Senior Director, Applications Technology Integration
    • Topics • Supported Optional External Integrations • In-Depth: Enabling Single Sign-On • In-Depth: Third-Party Access Managers & LDAP Directories • Case Studies • Certification Roadmap Last updated: Oct 14, 2009
    • Optional External Integrations
    • Simple Architecture 11i 12 Oracle Application Server • Portal • Single Sign-On • Oracle Internet Directory Firewall • Discoverer • Other Fusion Middleware Components External Users (via VPN) E-Business Suite Application Server Intranet E-Business Suite Firewall Database Internal Users
    • E-Business Suite Integration with OracleAS 10g 11i • Runs Oracle9i Application Server 1.0.2.2.2 on mid-tier • Runs Release 11i application-tier services such as Forms, Jserv • Integrated with an external stand-alone Oracle Application Server 10g instance for optional services (e.g. Single Sign-On) 12 • Runs Oracle Application Server 10g on mid-tier • Runs Release 12 application-tier services such as Forms, OC4J • Integrated with an external stand-alone Oracle Application Server instance for optional services (e.g. Single Sign-On)
    • Distributed Architecture 11i 12 Internal Users External OracleAS 10g Oracle Users Infrastructure Internet Directory Database Single Portal Internal EBS Server 10g Sign-On 10g 10g Server Internet Reverse Proxy EBS External Database EBS Server Firewall Firewall Firewall
    • OracleAS 10g Integration Options 11i 12 1. Access Apps via 8. Accelerate performance with Oracle Single Sign-On WebCache 2. Access Apps via Oracle Access Manager 9. Integrate applications via Oracle SOA Suite 3. Manage users with Oracle Internet Directory 10. Integrate with third-party signon tools 4. Build enterprise mashups with Oracle Web Center 11. Integrate with third-party LDAPs 5. Design custom portals with Oracle Portal 12. Search EBS content with Secure Enterprise Search 6. Analyse data with Discoverer 7. Analyse data with Business Intelligence Applications
    • External Fusion Middleware Certifications Oracle Application Server 10g Module Release 11i Release 12 Single Sign-On 10.1.4.3 10.1.4.3 Oracle Internet Directory 10.1.4.3 10.1.4.3 Web Center 10.1.3.4 Portal 10.1.4.2 10.1.4.2 Discoverer 10.1.2.3 10.1.2.3 Business Intelligence (EE+) 10.1.3.4 10.1.3.4 Business Intelligence Applications 7.9.6 7.9.6 Web Cache 10.1.2.3 10.1.2.3 Oracle SOA Suite (SOA development) 11.1.1.1 11.1.1.1 BPEL (prepackaged SOA integrations) 10.1.3.4 Secure Enterprise Search 10.1.8.4 10.1.8.4
    • Other Security-Related Certifications Certified by Fusion Middleware Product Teams 11i 12 Access Manager via OSSO 10.1.4.3 10.1.4.3 Identity Manager 9.1.0.0 9.1.0.0 Enterprise Single Sign-On 10.1.4.0.1 10.1.4.0.1 Identity Federation via OSSO 11.1.1.1 11.1.1.1 Oracle Virtual Directory via OID 11.1.1.1 11.1.1.1
    • Access Apps via Oracle Single Sign-On 11i 12 E-Business Suite User Application Server Single Sign-On 10g • E-Business Suite is a Single Sign-On partner application • Log on to Oracle Single Sign-On to get access to all registered partner applications, including EBS • Log off any one partner application to log off all of them
    • Access Apps via Oracle Access Manager 11i 12 Oracle Access E-Business Manager Suite Oracle Single Sign-On • Chain Oracle Access Manager with Oracle Single Sign-On • Support complex third-party single sign-on architectures
    • Manage Users in Oracle Internet Directory 11i 12 DBMS_LDAP Oracle E-Business Suite Internet FND_USER Directory DIP • Synchronise user credentials bidirectionally between Oracle Internet Directory and E-Business Suite (FND_USER) • Set master “source of truth” as OID, EBS, or both • Manage user provisioning via powerful OID Directory Integration & Provisioning (DIP) templates • Link an OID userid with one or more EBS userids “on-the-fly”
    • Provision Users with Oracle Identity Manager 11i 12 OID E-Business Suite Oracle LDAP Identity LDAP Manager • Use Oracle Identity Manager as a provisioning hub with third-party user directories and applications • Many connectors available, including OID, E-Business Suite’s FND_USER and HRMS directories
    • Build Enterprise Mashups using Web Center 12 Web E-Business Center Dashboards Suite 10g Mashups PeopleSoft • Build websites, collaborative applications, and enterprise mashups in Web Center • Add EBS portlets via WSRP 1.0 / JSR-168 • Access one or more E-Business Suite instances • Display data in EBS portlets based on EBS responsibilities
    • Using Web Center Extension in JDeveloper 12
    • Design Custom Portals using Oracle Portal 11i 12 E-Business Oracle Suite Portal 10g Apps Portlets • Single Sign-On is a prerequisite • Access one or more E-Business Suite instances from Oracle Portal • Add EBS portlets to custom Portal pages via JPDK • Display data in EBS portlets based on EBS responsibilities
    • E-Business Suite Portlets 11i 12 • Applications Navigator Access Applications menus based on user responsibilities • Applications Favorites Bookmark specific Applications links for quick access • Applications Worklist Summary of current workflow notifications 11i • Oracle Balanced Scorecard Display status of strategic and tactical business objectives • Performance Management Viewer Display business intelligence key performance indicators in graphical and tabular format
    • Apps Portlets in Third-Party Portals 12 WSRP 1.0 & JSR-168 compatible portlets: • Application Navigator portlet • Application Favorites portlet • Application Worklist portlet May be used in third-party portals
    • Custom Portlets for Release 12 12 • Create custom portlets from selected Release 12 OAF Page Regions • WSRP 1.0 / JSR-168 compliant • Oracle Application Framework Developer's Guide Release 12 (Metalink Note 394780.1, Chapter 4, Portlets)
    • Analyse EBS with BI Applications 11i 12 User OBIEE Data Warehouse OBIEE • Analytic dashboards running on Oracle Business Intelligence Suite Enterprise Edition Plus • Extracts data to external data warehouse • Runs on separate cluster for enhanced scalability, wide deployment
    • Analyse EBS with BI Applications 11i 12 Drill • Provide end-user reporting via ad hoc queries • Drill-down into data via tabular & graphical analytical tools • Consolidates data Siebel CRM, PeopleSoft Enterprise
    • Analyse EBS with Discoverer 10g 11i 12 User E-Business Suite End-User Layer Discoverer • Access APPS_MODE End-User Layer via Business Intelligence System Discoverer workbooks secured by Applications responsibilities • Discoverer 10g End-User Layer resides in E-Business Suite database • Run Discoverer on separate cluster for enhanced scalability, wide deployment
    • Why Upgrade Discoverer 4i to 10g? 11i Tasty Carrots Big Stick It’s better It’s necessary • Automatic SQL trimming, per user • Discoverer 4i was desupported on memory caps, faster, new features October 31, 2006 It’s safe • Installation upgrades a copy of 4i End-User Layer to 10g Upgrade now It’s low-impact • TIP: Run Discoverer 4i and 10g on to avoid different physical servers to avoid Support issues Visibroker conflicts • Compare 4i and 10g workbooks side- by-side for User Acceptance Tests It’s free • Your existing Business Intelligence product license includes 10g
    • Accelerate Performance with WebCache 11i 12 E-Business Suite User Application Server WebCache 10g • Cache and compress frequently used items • Secured data (I.e. requiring authorization) is not cached • Reduce network consumption and accelerate response time • Can act as a reverse-proxy server or load-balancer • Partial page refresh supported for Portal
    • Integrate EBS with Third-Party Apps 11i 12 Other E-Business Suite Applications Oracle SOA Suite • Build integrations via Service Oriented Architecture (SOA) technologies • Over 250 adapters for Enterprise Application Integration J2EE and open standards-based integration, including: • E-Business Suite, third-party applications, database sources • XML, JMS, JCA • Web Services: SOAP, WSDL, UDDI • B2B Protocols: RosettaNet, HIPAA, EDI
    • Integrate with EBS using BPEL 11i 12 Use Oracle BPEL Process Manager to integrate third-party applications via custom business processes
    • Monitor Business Processes with 11i 12 Business Activity Monitor
    • Single Sign On Integration
    • Authentication vs. Authorization Authentication Authorization Oracle E-Business Single Suite Sign-On Identifies data & Identifies the actions the user user can access Checks user Checks user credentials responsibilities
    • How Single Sign-On Works with EBS EBS Application Server … delegates user authentication to … Oracle Single Sign-On 10g • Unauthenticated users are automatically redirected to Oracle Single Sign-On 10g
    • How Single Sign-On Works with EBS Overview Oracle Internet Directory 10g User Single Sign-On 10g OracleAS 10g E-Business OID LDAP Directory Suite Application Server E-Business Suite Database
    • How Single Sign-On Works with EBS User E-Business Suite Application Server • Step 1: Unauthenticated user attempts to access the E-Business Suite
    • How Single Sign-On Works with EBS User Single Sign-On 10g E-Business Suite Application Server • Step 2: E-Business Suite redirects user to Single Sign-On 10g for authentication
    • How Single Sign-On Works with EBS Logon Form User Single Sign-On 10g • Step 3: Single Sign-On challenges the user with a logon form
    • How Single Sign-On Works with EBS Logon Form User Single Sign-On 10g • Step 4: User provides her credentials via the logon form
    • How Single Sign-On Works with EBS Oracle Internet Directory 10g Single Sign-On 10g • Step 5: Single Sign-On passes user credentials to Oracle Internet Directory for validation
    • How Single Sign-On Works with EBS Oracle Internet Directory 10g OracleAS 10g OID LDAP Directory • Step 6: Oracle Internet Directory authenticates the user credentials against the OracleAS 10g OID LDAP Directory (in the OracleAS 10g Metadata Repository)
    • How Single Sign-On Works with EBS SSO Security Token User Single Sign-On 10g • Step 7: Single Sign-On provides the authenticated user with a security token
    • How Single Sign-On Works with EBS SSO Security Token User E-Business Suite EBS Application Server • Step 8: User is redirected to E-Business Suite, which accepts the SSO security token as proof of an authenticated user
    • How Single Sign-On Works with EBS E-Business Suite Application Server E-Business Suite EBS Database (FND_USER) • Step 9: E-Business Suite’s application server checks the user’s authorization (i.e Apps responsibilities) in FND_USER
    • How Single Sign-On Works with EBS Apps Security Token User E-Business Suite Application Server E-Business Suite Database • Step 10: E-Business Suite issues its own Apps security tokens to the user, redirecting her to the requested Apps module
    • How Single Sign-On Works with EBS Oracle Internet Directory 10g User Single Sign-On 10g OracleAS 10g E-Business LDAP Directory Suite EBS Application Server E-Business Suite Database
    • Oracle Internet Directory Integration DBMS_LDAP Oracle E-Business Suite Internet FND_USER Directory DIP • Oracle Internet Directory and FND_USER must be kept synchronised • Supported synchronisation directions: • From OID to FND_USER (Asynchronous via the Directory Integration & Provisioning Platform) • From FND_USER to OID (Synchronous via dbms_ldap calls) • Bidirectionally • Synchronisation events are raised via the Workflow-based Business Event System whenever users are added or modified
    • Link Accounts Oracle E-Business Internet Suite Directory (FND_USER) Userid = “Link Account” Userid = “John.Smith” Global Unique Identifier (GUID) “jsmith” One-time User Registration • Done at setup time by system administrator • Optional: can be done by end-user on first logon (“Link on the fly”) • Useful when existing accounts in Oracle Internet Directory 10g or a third- party LDAP directory differ from existing E-Business Suite accounts
    • Link to Multiple EBS Accounts E-Business Oracle Suite Internet (FND_USER) Directory Userid = “Link Account” Userid = “John.Smith” “jsmith” Userid = “testuser1” Userid = “testuser2” • Note: It’s not possible to link multiple OID accounts to the same EBS account
    • Supported 3rd Party Identity Management Integrations
    • Third-Party Single Sign-On Integration EBS Application Server … delegates user authentication to … Oracle Single Sign-On 10g … delegates user authentication to … Third-Party SSO
    • Supported Third-Party SSO Integrations Integrate Oracle Single Sign-On with • Windows Native Authentication via Kerberos • CA Entrust, CA Netegrity, IBM Tivoli, RSA • PKI X.509v3 Digital Certificates • Biometric and smartcard systems • Other SSO systems via custom adapters • Oracle Identity Federation • Formerly Oblix COREid Federation • SAML, WS-Federation, Liberty Alliance • Oracle Access Manager • Formerly Oblix COREid Access & Identity
    • If you already have a third-party LDAP… Third-Party LDAP … synchronizes user attributes with … Oracle Internet Directory 10g … synchronizes user attributes with … E-Business Suite DB (FND_USER)
    • Available Oracle Internet Directory Connectors • Microsoft Active Directory 2000/2003 • Microsoft Active Directory Application Mode (ADAM) 2003 • Microsoft Exchange 2000/2003 • Sun Java System Directory (Sun ONE / iPlanet) 5.2, 6.3 • Novell eDirectory 8.6 / 8.7 • OpenLDAP 2.2 • Any LDAP directory via LDIF files • Any other directory via custom DIP agent • Oracle Identity Manager • Formerly Thor Xellerate Identity Provisioning • Also integrates directly with E-Business Suite FND_USER & HRMS • Oracle Virtual Directory • Formerly OctetString Virtual Directory Engine
    • Passwords Stored in Third-Party LDAP Third-Party Oracle E-Business LDAP Internet Database (optional) Directory (FND_USER) User Password X User Password X User Password • Third-party LDAP: • Handles user authentication, usually with a third-party authentication solution • Commonly considered “Master” source-of-truth • Oracle Internet Directory and E-Business Suite take minimal copies of master user definition -- excluding passwords • E-Business Suite doesn’t maintain user passwords in this configuration
    • How 3rd Party Identity Management Integrations Work
    • Third-Party Integration Architecture Third-Party LDAP Oracle Third-Party Internet SSO Directory 10g EBS Database (FND_USER) End User Single Sign-On 10g EBS Application Server
    • User Logs onto Third-Party System Third-Party SSO • Step 1. User provides userid & password to third- party single sign-on system
    • Third-Party Authenticates User Third-Party LDAP Third-Party SSO • Step 2. Third-party single sign-on sends user’s credentials to third-party LDAP for authentication
    • Third-Party Grants User Access Third-Party Token Third-Party SSO • Step 3. Third-party single sign-on provides authenticated user with third-party security token
    • Logged-On User Attempts EBS Access Single Sign-On 10g E-Business Suite • Step 4. User attempts to access E-Business Suite, and is redirected to Oracle Single Sign-On 10g
    • Oracle SSO Grants User Access SSO Security Token Single Sign-On 10g • Step 5. Oracle Single Sign-On recognizes the third- party security token, then issues its own
    • EBS Grants User Access Single Apps Sign-On 10g Security Token E-Business Suite • Step 6. User is redirected back to E-Business Suite, which recognizes the SSO security token and issues its own
    • Third-Party Integration Architecture Third-Party LDAP Oracle Third-Party Internet SSO Directory 10g EBS Database (FND_USER) End User Single Sign-On 10g EBS Application Server
    • Case Studies
    • Deployed Widely in Production • Amdocs (Israel) • Guandong Unicom (China) • Inter-Arab Investment Guarantee (Kuwait) • Alcoa (Europe) • International Enterprises (Singapore) • Applied Materials (Israel) • International Institute for Applied Systems • Atento (Norway) Analysis (Austria) • Berwind Pharmaceuticals (USA) • Ireland Dept of Defence • Bunnings (Australia) • Kansas State University • CapGemini / Councils Online (Australia) • Libgo Travel (USA) • Central Bank of Nigeria • Mitac (Taiwan) • Cisco Systems • Phoenix Technologies (USA) • Putrajaya (Malaysia) • Cox Communications (USA) • Telecom Italia Mobile (Italy) • Fiera Milano (Italy) • Texas Instruments (USA) • General Dynamics Land Sys • Universal Weather & Aviation (USA) • General Electric (USA) • Wind River Systems (USA) • Google (USA) • World Wide Technology These are not customer references
    • Integration with Microsoft Active Directory Only Microsoft Active Directory Oracle Internet Directory 10g EBS Database End (FND_USER) User Single Sign-On 10g EBS Application Server
    • Integration with Microsoft Active Directory & Kerberos Microsoft Active Directory Microsoft Windows Oracle Native Authentication Internet via Kerberos Directory 10g End EBS User Database (FND_USER) Single Sign-On 10g EBS Application Server
    • Internal / External Configuration Internal Users External OracleAS 10g Oracle Users Infrastructure Internet Directory Database Single Internal 9iAS Server 10g Sign-On 10g 1.0.2 Server Internet Reverse Proxy Release 11i External Database 9iAS 1.0.2 Server Firewall Firewall Firewall
    • Highly Available Internal Users Firewall HTTP LBR2 SSO Node 1 External LBR1 Web Web Users Node 3 Node 4 SSO Node 2 Internet Reverse Proxy Web Node 1 RAC 1 RAC 2 OID 1 OID 2 HTTP LBR1 Web Node 2 Shared 11i OracleAS 10g Firewall Firewall Filesystem Infrastructure DB
    • Desupport Notices
    • Updated E-Business Suite Baselines New features, patches and certifications released for the current and previous ATG patchset (Note 363827.1) E-Business Suite 12.0 baseline • ATG Release Update Patch 6 (Patch 7237006) • ATG Release Update Patch 4 (Patch 6272680) E-Business Suite 11.5.10 baseline • ATG Rollup Patchset 7 (Patch 6241631) • ATG Rollup Patchset 6 (Patch 5903765)
    • New Support Policies for Technology Products New patches released for • Current patchset • Previous patchset for 12 months after current patchset Applies to • Quarterly Critical Update Patches (security fixes) • Patch bundles • Interim patches (a.k.a. “one-off” or emergency patches)
    • Real Examples Database • Database 10.2.0.4 patchset released in February 2008 • Database 10.2.0.3 patchset supported until February 2009 • All previous patchsets (e.g. 10.2.0.2) desupported Fusion Middleware • Oracle Identity Management 10.1.4.3 patchset released in November 2008 • Oracle Identity Management 10.1.4.2 patchset supported until November 2009 • All previous patchsets (e.g. 10.1.4.0.1) desupported
    • Support Policy References • Oracle Lifetime Support Policy www.oracle.com/support/lifetime-support-policy.html • Database, FMW, EM Grid Control, and OCS Software Error Correction Support Policy (Note 209768.1) • Release Schedule of Current Database Patch Sets (Note 742060.1) • Oracle Application Server 10g Release 2 (10.1.2) Support Status and Alerts (Note 329361.1)
    • Implications for E-Business Suite Users Articles on blogs.oracle.com/stevenChan • On Database Patching and Support: A Primer for E-Business Suite Users • On Apps Tier Patching and Support: A Primer for E-Business Suite Users
    • External Application Tier Desupport Notices • Discoverer 4i Oct 2006 • Login Server 3.0.9 July 2007 • Portal 3.0.9 July 2007 • Oracle Internet Directory 3.0.1 July 2007 • Oracle Application Server 10.1.2.2 Mar 2009 (incl. Portal, Discoverer, WebCache) • Single Sign-On / OID 10.1.4.2 Nov 2009 “Desupport” = “End of Premier Support”
    • Certification Roadmap
    • The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
    • Future Application Tier Certifications E-Business Suite Release 11i Both 11i & 12 • Developer6i Forms • Oracle Access Manager 10gR3 Patchset 20 (direct integration with EBS) • Oracle Internet Directory 11g E-Business Suite Release 12 • Discoverer 11g • SOA Suite 10.1.3.5 • Portal 11g • BPEL 10.1.3.5 • Web Cache 11g • OC4J 10.1.3.5 • Java SE (JDK) 7 • Web Center 11g
    • Oracle Access Manager & Oracle Internet Directory Oracle Internet Directory 10g or 11g User Oracle Access Manager 10gR3 OID LDAP E-Business Directory Suite Application Server E-Business Suite Database
    • Still Bubbling in the Labs • Generate portlets based on selected OA Framework regions (R12 only) • Server-level configuration of authentication mechanism (i.e. different authentication tools for internal vs. external users)
    • The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
    • OracleAS + E-Business Suite Resources • Application Server + 11i FAQ Note 186981.1 • 11i Documentation Roadmap Note 207159.1 • Application Server + R12 FAQ Note 415007.1 • R12 Documentation Roadmap Note 380482.1
    • E-Business Suite Technology Stack Blog blogs.oracle.com/stevenChan • Direct from EBS Development • Latest EBS techstack news • Certification announcements • Primers, FAQs, tips • Desupport reminders • Advanced architectures • Statements of Direction • Early Adopter Programs • Subscribe via email & RSS