Professional Documents
Culture Documents
Audience:
Middle tier administrators, database administrators, application architects, developers and
ITMB team leads.
This server is to represent external (Internet) users to the internal application servers and
is the public face of the Ministry’s applications. The following is how it should behave:
It is entirely possible to serve certain public or static pages directly from the reverse
proxy server. In other words, this server can play two distinct roles at the same time:
For example, it can host a Ministry public web site and manage and serve all the static or
non-database related pages right from this server (public web server role) but any
requests for pages that need to be generated from databases, produce Oracle reports or
run in J2EE containers are transparently tunnelled through to an internal application
server and the responses are received and served back to the external user as if coming
from this server itself (reverse proxy role).
Another possibility is to use the caching capability of this server (provided by web cache
module) and greatly reduce the load on internal application servers. In this way a lot of
static or repeated requests aimed at internal application servers will be cached by this
server the first time and consequently served directly from the cache and not from the
internal application server.
Yet another advantage of this architecture is the ability to enable SSL (Secure Socket
Layer) encryption for the traffic between the reverse proxy server and external users.
The primary purpose of SSL is to encrypt and secure the communications over the
Internet and in general, due to its overhead and impact on performance, we do not want to
use it at the intra-net level. By limiting SSL on the traffic between the reverse proxy
server and the external users only, we can achieve secure Internet communications
without adversely affecting our internal users.
Although it is possible to use a free version of Apache HTTP server instead of Oracle
Application server 10g on this server (The current practice), we may find it preferable to
use a lightweight Oracle 10g instance instead. This is due to extensive 10g support by
Oracle and the fact that we will not need an extra set of expertise to deal with more than
one type of server. We can consider that option later on if the Oracle Licensing and the
Ministry’s budget allow such move, for the time being, the current configuration will do
fine.
If at some point there is a great demand to use Microsoft IIS as the public Web server, It
may be possible to use a specialized DLL written by Oracle in order to make the
Microsoft IIS act as reverse proxy server, This DLL currently exists, however this will
create a dependency on Oracle and assuming that it will keep this DLL up to date. Such
decision should only be taken after extensive tests and by accepting the extra risks
associated with such combination.
Application Servers
Application servers do the actual work. These servers support applications that require
services such as J2EE containers, web services, forms10g, Reports10g, Oracle Portal,
Discoverer, BI beans and PLSQL etc. They are based on Oracle Application server 10g
software.
Most of the Ministry applications running on the middle tier application servers will be
connected to and will be using the Oracle database servers. For most modules such as
mod_plsql, Forms servers and Report servers, depending on the version of Oracle
database server, we will use Oracle net8, net9 or later for communication. For the J2EE
applications, we use Oracle JDBC thin client libraries.
What Is a Farm?
A farm is a collection of clusters and instances that share the same Oracle application
server infrastructure.
When instances belong to a farm, we can manage them as a group and we can also cluster
them.
Oracle Application Server can store repository information in a database ("database-
based repository") or file system ("file-based repository"). Repository information
includes things such as the list of instances that belong to a farm, whether or not the
instances are clustered, and configuration information for clusters.
The repository for a file-based farm exists within a specific instance of a middle tier
instance Oracle Home. This instance is called the "repository host".
The repository for a database-based farm exists within the Metadata Repository.
We can set a J2EE and Web Cache instance to belong to a farm during or after
installation. If we are unsure during installation, we can install the instance as a
standalone instance (that is, not belonging to a farm). After installation, if we so desire,
we can associate the instance with a farm. Conversely, we can install an instance as part
of a farm and after installation; we can convert the instance to a standalone instance.
1. mtsbx cluster
a. Hornby
b. Cortez
2. mtdev cluster
a. Taku
b. Bighorn
3. mtprd cluster
a. Columbia
b. Fraser
Please see Appendix 1, Hardware/OS Details for more specific information for the
configuration of each cluster.
The following picture gives a logical high level view of the architecture:
Middle Tier Architecture
INTERNET
Desktop Laptop PDA
FIRE WALL
DMZ
PUBLIC WEB
SERVERS
(Apache)
T
U
N
N
E FIRE WALL
L
INTERA-
NET
APPLICATION
SERVERS
(OAS 10g)
DATABASE
DATABASE SERVERS SERVERS
OC4J GAME
Firewall LEGEND
Generic User = xxx_web
Intranet Client Named User = DB User (eg. jsmith)
Application = Code Repository (xxx_app)
Data = Data Repository (xxx)
where xxx = application acronym
After it was discovered in a failed proof of concept that Reports Services would not run
on Tru64, it was decided to do an evaluation of the Middle Tier software and an
architectural review for the operating system, clustering software, and servers for all
ITMB servers. The outcome of that exercise was the decision to run OAS 10g, Redhat 4.0
and HP Service Guard for Linux running on HP Proliant servers. Please refer to
Appendix 2 Architectural Review Forrester Research for details.
Another factor which influenced our decision to go with Linux was that Linux was a tier
one and fully supported operating system for Oracle software. See Appendix 3 Oracle’s
Linux support for details.
Currently we have two versions of OAS 10g in the middle tier environment.
Oracle HTTP Server is the underlying deployment platform for all programming
languages and technologies that Oracle Application Server supports. It provides a Web
Listener for Oracle Application Server Containers for J2EE (OC4J) and the framework
for hosting static and dynamic pages and applications over the Web. Based on the proven
technology of the Apache HTTP Server (version 1.3), Oracle HTTP Server includes
significant enhancements that facilitate load balancing, administration, and configuration.
It also includes a number of enhanced modules or mods, which are extensions to the
HTTP server that extend its functionality for other enterprise applications and services.
Oracle HTTP Server allows developers to program their sites in a variety of languages
and technologies, such as Java, Perl, C, C++, PHP, and PL/SQL. Additionally, it can
serve as either a forward or reverse proxy server. The following sections describe how
Oracle HTTP Server provides a deployment platform for web sites and applications.
Oracle HTTP Server consists of several components that run within the same process.
These components provide the extensive list of features that Oracle HTTP Server offers
when handling client requests. Major components include the following:
Module Description
mod_php Supports PHP version 4.3.9, an open source client-side scripting language
that is embedded in standard HTML.
mod_security Increases Web application security by protecting Web applications from
known and unknown attacks.
mod_fastcgi Supports FastCGI, which allows C, C++, and Java CGI programs to run in
a performant environment
mod_perl Routes requests to the Perl Interpreter
mod_plsql Routes requests for stored procedures to the database server
mod_oc4j Supports communication with Oracle Application Server Containers for
J2EE and also performs some load balancing tasks
mod_oradav Supports file as well as database distributed authoring and versioning
mod_ossl Supports Secure Sockets Layer (SSL) and certificate sharing
mod_osso Routes requests to Oracle Application Server Single Sign-On server
The following shows the path of various requests through Oracle HTTP Server
components.
At startup, the Web server parent process loads the entire configuration and the
associated mods, and spawns a preconfigured number of child processes.
The following shows the process architecture of Oracle HTTP Server in a Linux
environment.
On UNIX platforms, each child process handles a single HTTP request. The child
processes determine who should take the next request based on a mutex mechanism that
you can configure.
Modular Architecture
As mentioned above, the architecture of Oracle HTTP Server is modular. The core HTTP
listener is very small, and all capabilities are implemented as modules that plug in and are
invoked at the appropriate place during the HTTP request lifecycle. The following shows
the lifecycle of an HTTP request in Oracle HTTP Server.
A child process guides the request through this entire lifecycle. The modules register their
application programming interfaces (APIs), which are then either invoked automatically
when the request reaches a certain stage in its lifecycle, or can be configured to be
invoked only in certain situations.
In addition to the standard Web server functionality of serving client requests to other
Oracle Application Server components, Oracle HTTP Server provides the necessary
features for both creating dynamic applications and implementing enterprise support. It
also contains security enhancements that help protect important business resources. Key
features of Oracle HTTP Server include the following:
• PHP support through mod_php: Oracle HTTP Server now supports PHP
(recursive acronym for PHP: Hypertext Preprocessor), an open source, client-side
scripting language used to generate dynamic HTML pages. PHP support is
provided through mod_php.
• Increased application security with mod_security: mod_security is an
open source intrusion detection and prevention engine for Web applications,
which protects against known and unknown attacks.
• Security through Secure Sockets Layer: Secure Sockets Layer (SSL) is
required to run any Web site securely. Oracle HTTP Server supports SSL
encryption based on patented, industry standard algorithms. SSL works with both
Internet Explorer and Netscape browsers. Oracle HTTP Server also provides
support for dedicated SSL hardware, session renegotiation, and communication
with OC4J using the AJP protocol over SSL.
• Single Sign On Support: Oracle HTTP Server supports the standard basic
authentication features of Web servers. In addition, the mod_osso module is
included to support single sign on across sites and across applications, improving
the end-user experience.
• Virtual Host Support: A virtual host is a Web site that may share its Web
server with other similar sites. Oracle HTTP Server provides a "container"
environment for a virtual host, providing the virtual host with its own set of
security and configuration directives. It also provides the location from which
files are served. This allows ISPs to save on hardware and administrative costs by
enabling multiple sites to be served from a single runtime instance of Oracle
HTTP Server. However, due to technology limitations, only one virtual host can
enable SSL.
• Dynamic monitoring services (DMS): These services automatically measure
runtime performance statistics for both Oracle HTTP Server and OC4J processes.
As applications run, DMS collects detailed performance statistics. This data
allows you to monitor the duration of important request processing phases and
status information. With this information, you can locate performance bottlenecks
and tune the application server to maximize throughput and minimize response
time.
• Request ID: To enhance request tracking through various components, a
request ID is now attached to each request. This provides more detailed
tracking information, allowing you to see how much time a particular
request spends in any component or layer.
• External API for performance monitoring: This API allows you to use
external, third-party performance monitoring tools to monitor Oracle
Application Server-based J2EE components, such as servlets and JSPs,
as well as J2EE containers.
• OC4J Plug-In: The OC4J Plug-In provides a way for you to use Apache
as well as the IIS and Sun ONE third-party listeners to access servlets
running in OC4J without having to use the Oracle HTTP Server as a
proxy. The OC4J Plug-In routes requests directly from the third-party
HTTP listener to OC4J.
• Oracle Application Server Single Sign-On Plug-in: This plug-in is the
Oracle single sign-on solution for third-party listeners such as Sun ONE
and IIS. The plug-in is designed to protect native third-party listener
applications using the single sign-on infrastructure. Using this plug-in, you
can be authenticated to different third-party listener applications using only
one password. You can integrate these protected third-party listener
applications with other single sign-on enabled applications as long as they
are all protected by the same single sign-on server.
Common Gateway Interface (CGI) Support
Requests that are sent to a common gateway interface (CGI) program may
invoke two new processes—the child process that handles the HTTP request
and the CGI program itself. It is possible to avoid this overhead by configuring
Oracle HTTP Server to pre-start child processes and keep them running,
leveraging the Perl module to run the CGI programs in memory, or using the
FastCGI mechanism.
API Version
JavaServer Pages (JSP) 1.2
Java Servlet 2.3
Enterprise JavaBeans (EJB) 2.0
Java Database Connectivity (JDBC) 2.0 Extensions
Java Transaction API (JTA) 1.0
Java Message Service (JMS) 1.0.2b
JavaMail 1.2
JavaBeans Activation Framework 1.0
Java API for XML (JAXP) 1.1
J2EE Connector Architecture 1.0
Java Authentication and Authorization Service (JAAS) 1.0
J2EE Application
A J2EE application is an application that is written in Java using the J2EE APIs. It
can be deployed, managed, and executed on a J2EE-compatible server. The
J2EE application itself is composed of a set of components, such as Web
presentation modules, business logic modules, and data access modules. Each
component is assembled into the overall application with all of its related classes
and XML deployment descriptors.
• client machines
• J2EE Server machines hosting presentation services, like JSPs and
servlets, and business logic components, like EJBs
• database servers or legacy machines at the back end
Three-tiered applications that run in this way extend the standard two-tiered
client and server model by placing an application server between the client and
the back-end storage.
• Servlets: A servlet is a Java class that executes behind a Web server and
can extend the capability of the Web server to provide services for
dynamic page creation or application logic. The servlet works in the
standard HTTP request-response model.
• JavaServer Pages: JavaServer Pages (JSPs) are text files that contain
two types of information: static template data, which can be expressed in
any text-based format, such as HTML, XML, or WML (Wireless Markup
Language); and JSP elements, which construct dynamic content.
• Enterprise Beans: Enterprise beans are server-side components that
encapsulate the business logic of an application.
Before a Web or enterprise bean component can run, it must be assembled into
a J2EE application and deployed into a J2EE container. The assembly process
involves specifying container settings for each component, which customize the
underlying support provided by the J2EE server. These settings can be standard
J2EE settings or container-specific settings, depending on your application
requirements. Some of the container settings that you can specify include
security services, transaction model, naming and directory lookup, and remote
connectivity model.
J2EE components are packaged separately and bundled into a J2EE application.
Each component, with its related files such as GIF and HTML files or server-side
utility classes, are packaged together with a deployment descriptor (DD), and are
assembled into a module that is added to the J2EE application. Typically, a J2EE
application is composed of one or more enterprise beans and Web or application
client component modules.
The following shows the architecture of OC4J within Oracle Application Server.
OC4J is supported by the Java 2 Platform, Standard Edition (J2SE) infrastructure
as shown in. This means that the OC4J Web container and OC4J EJB use the
J2SE virtual machine. J2EE applications are modularized for reuse of application
components, such as:
The J2EE containers also perform services for applications, such as providing
access to the APIs and lifecycle management.
Oracle Application Server Containers for J2EE (OC4J) has the following features.
A servlet is a Java program that runs on a J2EE server, such as OC4J. A servlet
is one of the application component types of a J2EE application. It must execute
under the control of a servlet container, which is part of the OC4J Web container.
The servlet container calls the servlet's methods and provides services that the
servlet needs when running.
The servlet container executes and manages servlets. It provides the servlet with
access to properties of the HTTP request, such as headers and parameters.
Also, the container provides the servlet with access to other Java APIs, such as
JDBC to access a database, remote method invocation (RMI) to call remote
objects, or JMS to perform asynchronous messaging.
1. If an instance of the servlet does not exist, the container does the
following:
a. Loads the servlet class
b. Instantiates an instance of the servlet class
c. Initializes the servlet instance
2. The container then invokes the servlet, passing request and response
objects. The request object contains information about the client, request
parameters, and HTTP headers. The response object returns the servlet's
output to the client.
The servlet extracts information from the client request, accesses external
resources, and then populates the response based on that information.
A JSP is translated into a Java servlet before being run, and it processes HTTP
requests and generates responses like any servlet. However, JSP technology
provides a more convenient way to code a servlet. Translation occurs the first
time the application is run. A JSP translator is triggered by the .jsp file name
extension in a URL.
JSPs are fully interoperable with servlets. You can include output from a servlet
or forward the output to a servlet, and a servlet can include output from a JSP or
forward output to a JSP.
The JSP translator has a translator and a compiler. The JSP translator translates
a JSP into a Java source file. The container compiles the source file into a Java
bytecode (.class) file, which executes as a servlet in the servlet container using
the JSP runtime library. The servlet container provides access to Java APIs and
other services.
1. The Web server invokes the JSP translator, which translates Hello.jsp
and produces the file Hello.java.
2. The Java compiler is invoked, creating a Hello.class servlet.
3. Hello.class runs, using the JSP runtime library, which contains the
supporting files to interpret the tags and directives from the JSP.
4. If the Hello class requires information from a database, then the servlet
container provides JDBC access to the class so it can retrieve the
information and return its output to the client browser.
J2EE Services
Java 2 Platform Enterprise Edition (J2EE) provides core services for writing J2EE
components. The J2EE containers manage access to these services for the
application components. The services are as follows:
• Java Database Connectivity (JDBC): This service lets you invoke SQL
commands from Java programming methods. You use the JDBC API in an
enterprise bean when you override the default container-managed
persistence or have a session bean access the database. You can also
use the JDBC API from a servlet or a JSP to access a database directly
without going through an enterprise bean.
In addition to the standard J2EE Services, Oracle also provides the following
services to Java developers:
After you’ve created the EAR file, you can deploy it to the Oracle Application Server,
which will serve the application to the Web. You can deploy these files using Oracle
Enterprise Manager 10g using either an existing Reports OC4J instance
(OC4J_BI_FORMS) or preferably an application’s particular OC4J instance such as
OC4J_ECAS. Oracle recommends installing JSP reports in an OC4J instance other than
OC4J_BI_FORMS.
Deploying the J2EE Application Using an existing OC4J Instance
1. Make sure you’ve created the J2EE application based on creating a
new J2EE Application standards
2. In Oracle Enterprise Manager 10g, display the detail page for your
middle tier.
3. Under System Components, click OC4J_BI_Forms. (Or preferably
something like OC4J_ECAS)
4. Under Deployed Applications, click Deploy EAR file to deploy the
EAR file you created in Creating a New J2EE Application.
5. On the first page of the Deploy Application wizard, click Next
(located at the bottom of the screen).
6. On the Select Application page, under Select the J2EE application
(EAR file) to be deployed, enter the location of the EAR file you
created in the previous section.
7. Under Specify a unique application name for this application, type
the name of your application, such as MyReportApp, then click
Next.
8. On the URL Mapping page, note that the text in the URL Binding
field is the name your users will enter to access the new
application.
9. In the URL Binding field, add a forward slash (/) to the beginning of
the application name, since it is part of a URL address. For
example: /MyReportApp
10. Click Finish.
11. On the next page, click Deploy.
12. On the OC4J_BI_Forms detail page that displays, you should now
see your application (MyReportApp) listed under Deployed
Applications.
13. Click your application name (MyReportApp).
14. On the Application page, under Properties, click General.
15. Under Library Paths, click Add Another Row, then add the following
path to the rwrun.jar library:
ORACLE_HOME\reports\jlib\rwrun.jar
16. Add another row with the following path to the zrclient.jar library:
ORACLE_HOME\jlib\zrclient.jar
17. Click Apply, then click OK.
18. Click Stop, then Start to restart your application so that the new
library paths take effect.
Please note that there have been few changes to data source configuration and usage. The
OC4J Data Sources types are managed data sources and native data sources, replacing
emulated, non-emulated, and native. Managed data source uses OC4J container
connection pooling.
Note: For more information please refer to Oracle Containers for J2EE Services Guide
10g Release 3 (10.1.3)
Oracle Application Server Forms Services
• Immediate data validation as clients enter data into the form instead of
after submitting the form
• Automatic completion and list of value searches for fields that enable
users to enter correct information quickly
The following diagram illustrates this flow in terms of the Oracle Application
Server Forms Services architecture.
OAS Reports Services is part of Oracle Reports. Oracle Application Server also
includes Oracle Reports Developer, a component of the Oracle Developer Suite.
Using Oracle Reports Developer you can build a complex data model and share
it between an existing high quality paper layout and an improved high quality
Web layout using servlets and JSP technology.
Developers can publish sophisticated, high quality reports from any data source,
in any data format, and deploy them anywhere on Oracle Application Server.
OAS Reports Services can combine data from multiple data sources into a single
report, including the Oracle database, XML feeds and JDBC-enabled data
sources.
The following illustration shows how Oracle Application Server Reports Services
handles client requests. OAS Reports Services runs reports by entering all
requests into a job queue. When one of the server's runtime engines becomes
available, the next job in the queue is dispatched to run.
As the number of jobs in the queue increases, the server can start more runtime
engines until it reaches the maximum limit specified in your server configuration.
OAS Reports Services runtime engines are shut down automatically after having
been idle for a period of time that you specify.
OAS Reports Services keeps track of all jobs submitted in the server, including
jobs that are running, scheduled to run, or finished. The Reports Queue Manager
(Windows), the Reports Queue Viewer (UNIX), or the show jobs command
(Web) enable you to view information on when jobs are scheduled, queued,
started, and finished, as well as the job output and the final status of the report.
Oracle Application Server Reports Services Architecture
Oracle Reports Developer enables you to embed a report within a larger existing
Web page. This technology enables you to open and save HTML, JSP, and XML
files that contain report definitions. When a report is saved as a JSP file, the data
model is embedded using XML tags. The entire report can also be defined using
XML tags and saved as an XML file.
You can also use Oracle Reports Developer to take retrieved data, using the
data model, and embed it into an existing Web page. This provides tremendous
flexibility in creating reports that meet business demands by completely
integrating multiple sources of information within a single Web page. If you
choose to create your own JSP, Oracle Reports Developer supplies templates
that can be used to build your report.
Developers can easily create a JSP layout using the Reports Block Wizard to
generate the necessary JSP tags in Oracle Reports Developer. Alternatively,
they can add the tags themselves manually for more precise control.
Prerequisites
1) Access to application server middle tier control console with admin user
username and password.
The information about the hostname and port # can be obtained from the file
$ORACLE_HOME/install/readme.txt
http://oasdev1.educ.gov.bc.ca:1812
export ORACLE_HOME=/oasdev1/home/oracle/product/oas.10.1.2.0.2
export
PATH=$PATH:$ORACLE_HOME/bin:/home/fred_dev/bin:$ORACLE_HOME/jdk/jre/lib/i386/se
rver
:/oasdev1/app1/freds/src
export LD_LIBRARY_PATH=$ORACLE_HOME/lib:$ORACLE_HOME/jdk/jre/lib/i386/server
:$ORACLE_HOME/jdk/jre/lib/i386/native_threads
export FORMS_PATH=/oasdev1/app1/freds/bin:$ORACLE_HOME/forms
export TMP=/oasdev1/app1/freds/tmp
export TMPDIR=/oasdev1/app1/freds/tmp
export TERM=vt220 Å important in order to run converting and compililation
scripts
cd /oasdev1/app1/freds
3) Create UNIX group fred_dev. Members are the UNIX users oracle and fred_dev.
Create new section freds in formsweb.cfg file. Add the following values to this
section:
2) Create new freds.env file that belongs to user oracle. Environment file must
be created manually in $ORACLE_HOME/forms/server with an .env extension.
cp default.env freds.dev
emctl stop em
emctl start em
From application server middle tier control console access Forms Æ Environment;
that brings to the page, which provides functionality to update freds.env file.
Update FORMS_PATH environment variable:
FORMS_PATH=/oasdev1/app1/freds/bin
b) Create new registry file that belongs to user oracle. Environment file
must be created manually in $ORACLE_HOME/forms/java/oracle/forms/registry
with a .dat extension.
cp Registry.dat freds.dat
In file $ORACLE_HOME/reports/conf/rep_dev1_freds.conf :
1) define cache directory
- find the section that starts from :
<cache class="oracle.reports.cache.RWCache">
ORACLE_HOME/reports/jlib/BLOBDestination.jar
<destination destype="BLOBDestination"
class="oracle.reports.plugin.destination.blob.BLOBDestination"></destinat
ion>
Set up Mod_PLSQL
Creating a Database Access Descriptor (DAD) for mod_plsql using Oracle HTTP
Server Home page:
1) From application server control console access HTTP Server Æ Administration
Æ PL/SQL Properties. This opens the mod_plsql Services page.
2) On the mod_plsql Services page, scroll to the DAD Status section. Click
Create. This opens the DAD Type page.
3) Select the General radio button. Click Next. This opens the Database
Connection page.
4) Enter the following values on Database connection page:
- unique name in the DAD Name field: /pls/freds
- database account: freds_app
- password: freds
- connect string: oradev1.educ.gov.bc.ca:1524:dev2
- connect string format: host:port:service_name
- name of the PL/SQL procedure that should be invoked when one is not
specified: test_mod_plsql.hello_world
- NLS Language field: AMERICAN_AMERICA.AL32UTF8
- authentication mode: Basic
Click Next. This opens the Document, Alias, and Session page.
5) The fields on the next two pages are typically not configured. Click Apply.
6) Restart Oracle HTTP Server.
Developer Forms/Reports/mod_plsql Middle Tier Setup – Example:
FREDS
Run upgradeall.sh
./upgradeall.sh <db connection string>
Run compall.sh
./compall.sh <db connection string>
Note: In case of a problem with compiling plsql library open and recompile
.plls in Forms Builder and then use compall_nopll.sh to compile menues forms
and reports.
The compall.sh script should create *.plx, *.mmx, *.fmx files and move them to
the directory
/oasdev1/app1/freds/bin
Oracle Portal
For example, a financial analyst's page would likely include information from real-time
Internet-based stock quotes, financial reports from an online repository, and access to
legacy financial accounting and banking systems. The data from these systems are
independent of each other, but the portal allows them to exist within a single page.
When a user requests an OAS Portal page, many Oracle Application Server
components service parts of the request. Requests have the following flow:
1. The browser requests a portal page. OAS Web Cache receives this
request.
2. OracleAS Web Cache forwards the request to the OracleAS Portal
Parallel Page Engine (PPE) through Oracle HTTP Server.
3. The PPE retrieves the portal page definition, and coordinates with all of
the portlet providers to see if there is a cached copy available or if fresh
information is needed.
4. The PPE aggregates all of the portlet content into a single page. This
page is sent to OracleAS Web Cache.
5. OracleAS Web Cache returns the final page to the browser.
The following diagram illustrates this flow in terms of the OracleAS Portal
architecture.
Portal Page Creation, Management, and Customization
OracleAS Portal incorporates a portal creation and deployment framework. The
framework defines Web information sources as information components, and
assembles these components within a portal page. It also supports customization
of the Web page to one or more user communities.
Each portal page is divided into either item regions or portlet regions. Item
regions allow you to add text, images, and files to a portal page. Portlet regions
provide an area where you can place one or more portlets.
Items and portlets are the fundamental building blocks of an OracleAS Portal
page. Page owners can populate the pages they create with content, or they can
delegate that task, as well as page maintenance tasks, to other users.
High Availability
Requirements
Some of the requirements addressed by high availability are:
• Continuous uptime
• High availability of applications
• High level of flexibility in server management
• Minimized fail over time
• Improved application scalability
• Dynamic load balancing of client connections
• Increased capacity
Introduction
High availability solutions can be categorized into local high availability solutions that
provide high availability in a single data centre deployment, and disaster recovery
solutions, which are usually geographically distributed deployments that protect
applications from disasters such as floods or regional network outages.
Amongst possible types of failures, process, node, and media failures as well as human
errors can be protected by local high availability solutions. Local physical disasters can
be protected by geographically distributed disaster recovery solutions. Disaster recovery
is out of the scope of the current document; therefore we will focus on local high
availability only. The disaster recovery can be added later on if required.
To solve the high availability problem, a number of technologies and best practices are
needed. The most important mechanism is redundancy. High availability comes from
redundant systems and components.
Local high availability solutions can be categorized -- by their level of redundancy -- into
active-active solutions and active-passive solutions (see Figure 2). Active-active solutions
deploy two or more active system instances and can be used to improve scalability as
well as provide high availability. All instances handle requests concurrently.
Active-passive solutions deploy an active instance that handles requests and a passive
instance that is on standby. In addition, a heartbeat mechanism is set up between these
two instances. This mechanism is provided and managed through vendor-specific cluster
ware. Generally, vendor-specific cluster agents are also available to automatically
monitor and fail over between cluster nodes, so that when the active instance fails, an
agent shuts down the active instance completely, brings up the passive instance, and
application services can successfully resume processing. As a result, the active-passive
roles are now switched. The same procedure can be done manually for planned or
unplanned down time. Active-passive solutions are also generally referred to as cold fail
over clusters (CFC).
Hardware Cluster
A hardware cluster is a collection of loosely coupled computers (called nodes) that
provides a single view of network services (for example: an IP address) or application
services (for example: databases, web servers) to the clients of these services. Each node
in a cluster is a standalone server that runs its own processes. These processes can
communicate with one another to form what looks like a single system that cooperatively
provides applications, system resources, and data to users. This type of clustering offers
several advantages over traditional single server systems for highly available and scalable
applications.
Hardware clusters achieve high availability and scalability through the use of additional
hardware (cluster interconnect, shared storage) and software (health monitors, resource
monitors). (The cluster interconnect is a private link used by the hardware cluster for
heartbeat information to detect node death.) Due to the need for additional hardware and
software, hardware clusters are commonly provided by hardware vendors such as SUN,
HP, IBM, and Dell. While the number of nodes that can be configured in a hardware
cluster is vendor dependent, for the purpose of Oracle Application Server 10g High
Availability using the Oracle Application Server Cold Fail over Clusters solution, only
two nodes are required. Hence, this document will assume a two-node hardware cluster
for the purpose of explanation.
Fail over
Failover is the process by which the hardware cluster automatically relocates the
execution of an application from a failed node to a designated standby node. When a
failover occurs, clients may see a brief interruption in service and may need to reconnect
after the failover operation has completed. However, clients are not aware of the physical
server from which they are provided the application and data. The hardware cluster’s
software provides the APIs to automatically start, stop, monitor, and failover applications
between the two nodes of the hardware cluster.
Primary Node
The node that is actively executing one or more middle tier application or infrastructure
instance at any given time is called the primary node. If this node fails, the hardware
cluster automatically fails the middle tier or Infrastructure over to the secondary node.
Since the primary node runs the active middle tier or Infrastructure installation(s), it is
considered the "hot" node.
Secondary Node
This is the node that takes over the execution of the middle tier or Infrastructure if the
primary node fails. Since the secondary node does not originally run the middle tier or
Infrastructure, it is considered the "cold" node. And, because the application fails from a
hot node (primary) to a cold node (secondary), this type of failover is called cold failover.
Logical or Virtual IP
To present a single system view of the cluster to network clients, hardware clusters use
what is called a logical or virtual IP address. This is a dynamic IP address that is
presented to the outside world as the entry point into the cluster. The hardware cluster’s
software manages the movement of this IP address between the two physical nodes of the
cluster while the external clients connect to this IP address without the need to know
which physical node this IP address is currently active on. In a typical two-node cluster
configuration, each physical node has its own physical IP address and hostname, while
there could be several logical IP addresses, which float or migrate between the two nodes.
For a given OracleAS Infrastructure installation, the logical IP/virtual name associated
with that installation is the IP/name that is used by the clients to connect to the
Infrastructure.
Virtual Hostname
The virtual hostname is the hostname associated with the logical or virtual IP. This is the
name that is chosen to give the OracleAS middle tier a single system view of the
hardware cluster. This name-IP entry must be added to the DNS that the site uses, so that
the middle tier nodes can associate with the Infrastructure without having to add this
entry into their local /etc/hosts (or equivalent) file. For example, if the two physical
hostnames of the hardware cluster are node1.mycompany.com and
node2.mycompany.com, the single view of this cluster can be provided by the name
selfservice.mycompany.com. In the DNS, selfservice maps to the logical IP address of
the middle tier, which floats between node1 and node2 without the middle tier knowing
which physical node is active and servicing the requests. Whenever the phrase "virtual
name" is used in this document, it is assumed to be associated with the logical IP address.
In cases where just the IP address is needed or used, it will be explicitly stated so.
Shared Storage
Even though each hardware cluster node is a standalone server that runs its own set of
processes, the storage subsystem required for any cluster-aware purpose is usually
shared. Shared storage refers to the ability of the cluster to be able to access the same
storage, usually disks, from both nodes. While the nodes have equal access to the storage,
only one node, the primary node, has active access to the storage at any given time. The
hardware cluster’s software grants the secondary node access to this storage if the
primary node fails. For the OracleAS 10g, its ORACLE_HOME is on such a shared
storage file system. The primary node mounts this file system; if that node fails, the
secondary node takes over and mounts the file system. In some cases, the primary node
may relinquish control of the shared storage, such as when the hardware cluster’s
software deems the Infrastructure as unusable from the primary node and decides to
move it to the secondary.
Security Architecture
Security is a critical concern when deploying web applications. OAS 10g provides a solid
framework for building web applications using the Apache-based Oracle HTTP Server,
Oracle’s J2EE framework, and OAS 10g Portal. OAS 10g security starts from the basic,
highly configurable web security services provided by Apache, adds a comprehensive set
of web single sign-on, directory-based authorization and user management, and Java2
security services, and extends them further with portal security and application
integration mechanisms. OAS 10g also support secure access to Oracle database systems
using Oracle Advanced Security. In addition, the modular nature of the middle tier allows
integration with other security mechanisms such as the Government Security Gateway.
The use of Netegrity SiteMinder Policy Server and Web Agent by the Government
Security Gateway is outside the scope of this document and will be handled in a future
phase. The current document focuses on the introduction of various elements of security
infrastructure and their role and prepares the reader for the future security related phases.
For more information on the Government Security Gateway, please refer to
http://mtddev.educ.gov.bc.ca:8080/html/gsg/index.html.
Oracle HTTP Server Security Features
Oracle HTTP server is the Oracle web server component of OAS 10g. It is based on the
open source Apache web server. The Apache server is among the most widely adopted
web server products; it provides a flexible and well-understood security model. Apache is
a very well tested platform on which to deploy secure applications.
Oracle HTTP Server security services include the ability to restrict or allow access to
files and services based on the identity of users established via basic challenge/response
operations, via client-supplied X.509 certificates and via IP or hostname addresses.
Another important feature is protection of data exchanged between clients and the server.
This is provided via the SSL protocol, which also provides data integrity and strong
authentication of both users and HTTP servers.
In addition, Apache provides logging and other facilities needed to detect and resolve
intrusion attempts. It provides integration with the other OAS 10g components and
products such as the Oracle database.
Access Control
When URL requests arrive at the Oracle HTTP server they are processed in a number of
steps which are implemented via the mod/plug-in architecture common to all the popular
web server / listeners. Access control is applied early in the request processing cycle.
Oracle HTTP Server access control is based on Apache access control mechanisms,
which allow the server administrator to restrict access to particular files, directories, or
URLs on the server. For each restricted object on the server, the administrator can
specify, by means of a directive, that access to the object is denied or allowed based on
the value of one or more attributes associated with the requester. The administrator can
configure directives such as deny, allow and order to inhibit further processing, based on
user attributes such as hostname, IP address, or browser type. Restrictions can be applied
to particular files, directories or URL formats using the <files>, <directory> and
<location> configuration directives, respectively.
In the following example, requests originating from any IP address in the 192.168.1.*
range or with the hostname us.oracle.com are allowed access to files in the directory
/internalonly/.
<Directory /internalonly/>
order deny,allow
deny from all
allow from 192.168.1.* us.oracle.com
</Directory>
Note that allowing or restricting access based on hostname for Internet access is not
considered a very good method of providing security, since hostname is easy to spoof.
While the same is true of IP addresses, sabotage is slightly more difficult. Thus, access
control via IP/hostname for intranet use is reasonable in many situations where the same
cannot be said for Internet IP and hostname restrictions.
Although the Oracle HTTP Server is based on the open source Apache Server, it contains
some access control enhancements, which improve security. For example, the Apache
Server provides for access restrictions per directory/folder via files with the suffix
.htaccess. The processing of these files is disabled by default in Oracle HTTP Server,
since. htaccess processing involves both security and performance-degradation problems.
Mod_proxy
This is one of the modules that come with both OAS 10g and vanilla Apache server. It
implements and enables reverse proxy capabilities.
We can use the mod_proxy module for tunneling external users to application servers as
well as to other internal http servers if we choose to publish some of their information to
Internet.
To pass everything:
<IfModule mod_proxy.c>
ProxyRequests On
ProxyPass /
http://xyz.educ.bc.ca/
ProxyPassReverse /
http://xyz.educ.bc.ca/
</IfModule>
We may or may not need to use this option, however for the sake
of completeness, it has been mentioned here.
Netegrity Siteminder
The Provincial Government has selected Netegrity SiteMinder software to provide a
common authentication Single Sign-on service for all web-based applications/sites that
require authentication. Presently, authentication is handled within each application at
ITMB, typically with an html login form that prompts the user for an id/username and
password.
The Netegrity SiteMinder solution provides a secure foundation for centrally managed,
policy-based authentication and authorization across heterogeneous application
development environments
Here is a high-level diagram of the architecture ...
When a user attempts to access an application through a protected URL, the user is
challenged for credentials (username and password) and presents them to the Web Agent.
The user's credentials are passed to the SiteMinder Policy Server. The Policy Server
authenticates the credentials against the appropriate LDAP directory store (BCeID or
IDIR). The Policy Server grants access, if the user is authenticated. User profile
formation is passed to the application through custom header variables. The user gets
access to the secured application. Authorization and entitlements are handled by the
application security in phase one of the ITMB project to integrate with the Government
Security Gateway.
OAS 10g SSO provides an API for integration of third-party authentication and single
sign-on; The API allows SSO to be configured to obtain user identity from a trusted
external authentication mechanism, and allows integration of OAS 10g into an SSO
framework provided by a third party product, such as Siteminder from Netegrity, Inc.
This feature will become useful when the Ministry will attempt to integrate its
applications with BC Government’s Netegrity Siteminder.
A second phase will attempt to integrate various application level authorization
mechanisms either locally, using OID or using the Government Security Gateway
authorization mechanism if available. The long-term vision is to have one common
repository for authorization of users accessing ITMB-hosted applications.
Secure Socket Layer (SSL)
The Secure Sockets Layer provides point-to-point security between OAS 10g HTTP
Server and client browsers. Security-related services provided by SSL include
authentication, authorization, confidentiality and data integrity.
SSL Confidentiality
The primary service provided by SSL is confidentiality: messages are encrypted so they
cannot be read and understood by third parties. SSL uses a standard set of cryptographic
mechanisms to encrypt data and distribute keys between communicating devices. The
specific set of encryption, integrity protection, and key distribution algorithms chosen,
together with encryption key length used, define a cipher suite. The OAS 10g SSL
implementation supports a wide range of standard cipher suites. In particular, OAS 10g
supports those cipher suites that use X.509 certificates for authentication and key
distribution (also referred to as PKI authentication).
Oracle HTTP Server allows SSL sessions to be cached, so that multiple message
interchanges between two IP addresses can be exchanged under one session. Session
caching is very important for performance reasons. Establishment of SSL sessions are
very CPU-intensive, and have been known to take up to 90% of available CPU resources.
SSL session caching is specified via the SSLSessionCache directive, whose parameter
specifies the file or shared memory segment where SSL session information is
maintained.
SSL Logging
The Oracle HTTP server also provides for logging of SSL-related information. This can
be used to determine if intrusions were attempted, and if they succeeded. It can also be
used in determining the source of intrusion attacks, or for other purposes.
As described elsewhere in this document, the Ministry’s internal users will not need to
use SSL. Only the traffic between reverse proxy server and the external users should be
SSL enabled when the need arises.
PKI Support
PKI authentication is beginning to replace passwords in many applications. In web-based
applications, PKI authentication is typically performed through an exchange of X.509
certificates, as part of a Secure Sockets Layer (SSL) session establishment. PKI by itself
can be used to provide SSO, since a user with a certificate can authenticate to multiple
applications without entering a password. This capability is mentioned here for the sake
of completeness, since the current direction with GSG seems to be password based
authentication.
In OAS 10g R2, users can authenticate to the OAS 10g SSO Server via PKI. This will
provide SSO both to web-based applications supported by OAS 10g SSO Server, and to
other PKI enabled applications. Instead of providing an SSO username and password,
users will authenticate to the OAS 10g HTTP Server via SSL with client and server
X.509 certificate exchange. The OAS 10g SSO Server will obtain the user’s SSL-
validated certificate from the HTTP Server, and look up this certificate in Oracle Internet
Directory (OID). If the user is found, OID will return the user’s SSO identity to the OAS
10g SSO Server. The OAS 10g SSO Server, using the cookie-based approach described
previously will then perform authentication to partner and external applications.
The main benefits of this approach are that applications, which work within the OAS 10g
SSO Server framework, will automatically be PKI-enabled when the OAS 10g SSO
Server is PKI enabled. The OAS 10g SSO Server and OID assume responsibility for
name mapping. Moreover, since getting and checking a cookie is much less processing-
intensive than performing an SSL exchange, using PKI for initial authentication to the
SSO framework and cookies for authentication to partner applications should have better
performance than a PKI-only authentication approach. For web applications, which are
characterized by many short-lived sessions, this can lead to significant improvement in
server performance and throughput.
Directory-Enabled Security via OID
Oracle products use OID to manage enterprise security information, in particular that
which is shared among Oracle enterprise components. This information includes user
identities, authentication data such as SSO passwords, and authorization data such as
roles or group membership. In OAS 10g R2, OID is a core component of the OAS 10g
infrastructure, and is the common repository for user, authentication, and authorization
information. OID provides a common, LDAPv3 standard framework for representing
user privileges. Use of OID not only provides a common privilege management
mechanism for OAS 10g components, but also provides a vehicle for integrated
management of privileges between OAS 10g and other LDAP-compliant enterprise
components.
To manage privileges in OID, OAS 10g R2 also introduces Delegated Administrative
Services
(DAS), an application, which allows system administrators and, users themselves (where
appropriate), manage user information in OID. DAS includes both a web based GUI
application and a set of APIs for administration of OID data.
OID provides support for extensible authentication through a Password Verifier API.
This API provides support for a variety of custom and third party authentication
mechanisms.
To provide a single directory-based security framework across multiple applications,
organizations may need to integrate OID with other, third party directory products. OAS
10g R2 therefore introduces the Directory Integration Platform (DIP). The DIP provides a
framework for building connectors between OID and third party directories, and supports
referral and synchronization between OID and other directories.
Another approach to consider is to avoid duplication of information between Active
Directory (AD) and OID, by using OID’s plug-in capability to authenticate AD users
remotely without copying their information into OID. This will make the information to
be always up to date and avoid the problems associated with trying to get replication
access to Government Active directory.
In this approach, SSO refers to OID for authentication, however OID uses our plug-in to
remotely authenticate the user against the remote Active directory in which it resides,
once the authentication process is complete, it will communicate the success or failure of
authentication to SSO. As far as SSO is concerned, OID is doing the authentication.
What mechanism to use for the Ministry’s OID integration with other Government Active
directories (IDIR and BceID), will be determined when considering the integration
project with Government Security Gateway and then documented in this document.
Java Security
This is of great importance to the Ministry, since most of the future web applications will
be using Java, and in particular Java2 Enterprise Edition (J2EE).
Java2 Enterprise Edition defines a Java2 Security Model and a security framework
referred to as Java Authentication and Authorization Service (JAAS). OAS 10g
implements this framework through a fully-J2EE compliant JAAS provider. The JAAS
provider makes user authentication, authorization, and delegation services accessible to
application developers, and allows them to integrate these services into J2EE application
environments.
The OAS 10g JAAS provider implements the Java2 Security Model, allowing application
developers to obtain authenticated user (principal) identity from a set of standard
authentication services provided by JAAS, and to manage the privileges which principals
have for accessing objects. It also supports privilege delegation, for managing privileges
of methods invoked by principals.
The OAS 10g JAAS provider supports a flexible authentication framework. It provides
specific mechanisms for authentication, based on SSL and SSO, but also allows
developers to integrate custom authentication modules through the standard JAAS Login
Module API.
SSL authentication allows users who have client X.509v3 certificates to authenticate to
JAAS, and thus to J2EE applications, using these certificates. SSL authentication uses
mod_ossl in the Oracle HTTP Server to obtain an authenticated user identity from the
client X.509 certificate, as validated through an SSL exchange. This identity can then be
provided to Java applications through JAAS.
SSO authentication allows Java applications to use OAS 10g SSO for user authentication.
In this case, authenticated user identity is obtained from mod_osso, and made available to
Java applications through JAAS.
The OAS 10g JAAS provider supports the standard JAAS Login Module API, which
allows developers to integrate custom authentication methods into JAAS.
EVA Storage:
One terabyte useable storage (for sandbox, DEV … PRD)
1. “Giga estimates within three to four years there is high probability Linux will
overtake Windows to become the leading operating system on new server
shipments.” (Forrester Research)
2. “Aggressive action by Oracle during the past two years has moved the integration
capability of its application server platform from an afterthought to one of its
most significant features. This will serve the vendor well in its upcoming battles
against BEA Systems, IBM, Microsoft, and SAP.” (Executive Summary – Ken
Vollmer, Forrester Research Analyst)
4. Ken Vollmer, Forrester research analyst, recommends “Put Oracle as 10g on your
integration vendor shortlist.”
6. “Shops committed to the Oracle database and that are using both the Oracle
application server and third-party J2EE servers should consider consolidating
their J2EE investments on Oracle to capture savings on license fees and skills
development.” (Forrester Recommendation)
1. “In October 2003, over 5,000 Oracle developers migrated over to use Linux as the
platform on which we build the Oracle E-Business Suite product.” Oracle
Technology Network (OTN)
2. “Oracle is fully committed to supporting the Linux operating system. In fact,
Oracle was the first commercial database available on Linux. By supporting
Linux with Oracle's industry leading products, we are enabling customers to
deploy enterprise-class solutions on the lowest cost hardware and operating
system infrastructure. We believe that Linux is more attractive today than it ever
was, as customers are looking for open, cost effective solutions.” Oracle
Technology Network (OTN)
3. “Over the past few years Oracle and its customers have learned a tremendous
amount about running Oracle on Linux for enterprise class deployments.
Combining this knowledge with the opportunity to drastically reduce IT
infrastructure costs has provided the catalyst for Oracle to move to the next step,
which is to provide Oracle customers with seamless and complete technical
support for the Linux operating system in addition to support for the Oracle stack.
Oracle's delivery of a complete solution including direct technical support of the
operating system is critical to our customer's success.” Oracle Technology
Network (OTN)
4. “With technical contributions to enhance Linux, with code-level support of the
key Linux operating systems, and with strategic partnerships, Oracle is offering
an Unbreakable Linux platform for customers to safely deploy Linux in a mission
critical environment.” Oracle Technology Network
5. “Red Hat Enterprise Linux AS and ES … are certified and supported by Oracle.”
OTN
6. “Oracle provides direct support to its customers for Red Hat Enterprise Linux
AS/ES.” OTN
7. “In an effort to streamline and lower the cost of our operations, Oracle has
deployed Linux in various ways to make our infrastructure more efficient and less
expensive. Oracle's internal IT organization has analyzed and found that Linux
based systems are one of the most cost effective ways to reduce costs for IT
infrastructure. We have a large number of Linux based pilots and operational
systems in use at Oracle today. In fact, all of Oracle's recently deployed and new
outsourcing business runs on Linux. We run our Application Demo Systems and
Technology Demo Systems, which consist of several hundred servers, on Linux.
These systems are utilized by Oracle's worldwide sales organization to provide
Oracle E-Business Suite and Oracle Database with RAC demonstrations to
customers and prospects. In addition, several for our Global IT systems are now
running on Linux. In October 2003, over 5,000 Oracle developers migrated over
to use Linux as the platform on which we build the Oracle E-Business Suite
product.” OTN
We have tried to follow the recommendations as much as possible. However, there are cases in
which these port numbers do not conform to the preferences expressed by CITS or other
stakeholders. For example, there seems to be a strong preference for using HTTP ports in the
80xx range and not the suggested 7777-7877. In such cases, we will make and document our
own decision.
a. Ranges that allow us to modify the last three digits (e.g. HTTP server port: 7777-
7877)
b. Ranges that only allow the last two digits to change (e.g. Java Object cache: 7000-
7099)
c. Ranges that provide 10 to 20 ports only (e.g. Application server control port: 1810-
1829)
We would like to partition each range with the following factors in mind:
In order to make the middle tier and infrastructure related ports consistent and easy to remember,
and in order to avoid port conflicts across various landscapes, we will apply the following pattern
when assigning ports:
1. When the range allows the last three digits to change: (this mostly applies to HTTP and
WebCache ports)
i. The third digit from right will identify the middle tier vs. infrastructure
For example: the middle tier will use 80xx and the infrastructure will use 81xx
ii. The second digit from the right will identify the landscape:
If a second instance of any of these landscapes is created, the last digit of the port
numbers will be assigned to the new instance.
2. When the range only allows the last two digits to change and the range is 00 to 99
iv. The second digit from right will identify the landscape (similar to the previous
case)
v. The last digit on the right will be assigned to Middle tier and infrastructure
and documented following these rules:
For example: DCM discovery port range is 7100-7199, in this case the
Landscape Middle-Tier Infrastructure
sbx 7100 7101
dev 7110 7111
tst 7120 7121
uat 7130 7131
trn 7140 7141
efx 7150 7151
prd 7180 7181
3. When the range only allows the last digit to change or it only covers a range of 10 to 20
ports or any time the first and second rules don’t apply:
vi. The numbers within the range are assigned sequentially and documented
For example: for the Application Server Control range (1810-1829) we will use:
Instant / IP address
xyz
Environment Shorthand Root
Base Apache Server Application
/ code Directory
Accounts
Landscape
User 142.32.236.111
Acceptance uat1 http://oasuat1.educ.bc.ca:8030/ /oasuat1 xyz_uat
Testing
If a second instance of any of the above is created, they will be named as follows:
Instant /
Shorthand Root xyz Application
Environment / Base Apache Server
code Directory Accounts
Landscape
Programmer
tst2 http://oastst2.educ.bc.ca:802x/ /oastst2 xyz_tst
Testing
User Acceptance
uat2 http://oasuat2.educ.bc.ca:803x/ /oasuat2 xyz_uat
Testing
For the last digit of the port, The letter x has been used since a number of the ports in that
range may have been used by the first instance
Infrastructure Instances
Instant / Shorthand
Base Apache Server Root Directory
Environment / Landscape code
If a second instance of any of the above is created, they will be named as follows:
Instant / Shorthand
Base Apache Server Root Directory
Environment / Landscape code