"This presentation is for informational purposes only and may not be incorporated into a contract or agreement"

Using Oracle Application Server 10g with Oracle E-Business Suite Release 11i
April, 2006

"This presentation is for informational purposes only and may not be incorporated into a contract or agreement"

Steven Chan
Director, Applications Technology Integration Oracle Corporation

"This presentation is for informational purposes only and may not be incorporated into a contract or agreement"

Topics
Supported Architectures
Features and Benefits Technical Integration Overview Integration with Third Party Access Managers & LDAP Directories

Customer Snapshots Roadmap References

Desupport Notices
(Or, Why You Should Plan for OracleAS 10g Now) Discoverer 4i Login Server 3.0.9 Portal 3.0.9 Oracle Internet Directory 3.0.1

October 2006

July 2007

BUT: Sun may desupport JDK 1.3 -- the required prerequisite for 3.0.9 -- in ~ Fall 2006! For more details, see http://blogs.oracle.com/schan

Now Generally Available!

E-Business Suite 11i integrations with Oracle Application Server 10g 10.1.2.0.2 and 10.1.2.1 are now certified and Generally Available

Simple Physical Architecture

DMZ Firewall

OracleAS 10g Server

Portal Single Sign-On Oracle Internet Directory Directory Integration & Provisioning Delegated Administration Services Discoverer OracleAS Certificate Authority OracleAS 10g Metadata Repository

Intranet Firewall

External Users

Internal Users

Internet

Router

E-Business Suite 11i Application Server

Oracle9i Application Server 1.0.2.2.2 Oracle HTTP Server Forms Server Reports Server

Release 11i Database

11i Integration with OracleAS 10g

Release 11i instance runs Oracle9i Application Server 1.0.2.2.2 11i is integrated with a stand-alone Oracle Application Server 10g instance The existing Release 11i application-tier server nodes continue to run on Oracle9i Application Server 1.0.2.2.2

Distributed Architecture
Internal Users

External Users Single Sign-On 10g Internal 9iAS 1.0.2 Server

Oracle Internet Directory Server 10g

OracleAS 10g Infrastructure Database

Internet

Reverse Proxy External 9iAS 1.0.2 Server

Release 11i Database

Portal 10g Discoverer 10g

Firewall

Firewall

Firewall

Distributed Architecture Benefits

Oracle Portal

Enterprise Portal Server

May be scaled & managed by separate organization responsible for corporate communications

Oracle Single Sign-On Server

Oracle Internet Directory

Enterprise Security Servers

May be scaled & managed by separate organization responsible for corporate security and identity management

Enterprise Application Servers

9iAS 1.0.2.2.2 Applications 11i Database

May be scaled & managed by separate organization responsible for enterprise applications such as Oracle E-Business Suite Release 11i

OracleAS 10g Integration Benefits

1. 2. 3. 4. Enable Single Sign-On for 11i Manage users in Oracle Internet Directory Access 11i via custom Portals Integrate 11i with third-party PKI, SSO & LDAP directories, and legacy applications 5. Analyse 11i with Discoverer workbooks 6. Accelerate 11i performance with WebCache

Enable Single Sign-On for 11i

User

Single Sign-On 10g

E-Business Suite 11i Application Server

E-Business Suite is a Single Sign-On partner application Log on to Oracle Single Sign-On to get access to all registered partner applications, including 11i Log off any one partner application to log off all of them

Manage Users in Oracle Internet Directory

Oracle Internet Directory 10g

DIP Platform

E-Business Suite 11i FND_USER

Synchronise user credentials bidirectionally between Oracle Internet Directory and Release 11i (FND_USER) Set master source of truth as OID, Release 11i, or both

Manage user provisioning via powerful OID Directory Integration & Provisioning Platform templates Link an OID userid with one or more 11i userids on-the-fly

Access 11i via custom Portals

Oracle Portal 10g

E-Business Suite 11i

Access one or more E-Business Suite 11i instances from a single Oracle Portal instance Add 11i portlets to custom Portal pages Display data in 11i portlets based on 11i responsibilities

Release 11i Portlets

Applications Navigator
Access Applications menus based on user responsibilities

Applications Favorites
Bookmark specific Applications links for quick access

Applications Worklist
Summary of current workflow notifications

Oracle Balanced Scorecard

Display status of strategic and tactical business objectives

Performance Management Viewer

Display business intelligence key performance indicators in graphical and tabular format

Applications Navigator Portlet

Flat Mode Tree Mode

Applications Favorites Portlet

Applications Worklist Portlet

Balanced Scorecard Portlets

Integrate 11i with

3rd Party LDAP Oracle Internet Directory 10g Release 11i (FND_USER)

Third-party LDAP directories

Prepackaged: Microsoft Active Directory, Sun ONE / iPlanet Others via LDIF, custom connectors

Third-party single sign-on solutions

Microsoft Windows Native Authentication / Kerberos Oblix, Entrust, IBM, RSA, Netegrity, Sun, Thor, and others

PKI X.509v3 digital certificates

Integrate 11i with

Legacy Application Oracle Integration Release 11i

Over 250 adapters for Enterprise Application Integration with third-party applications J2EE and open standards-based integration, including:
E-Business Suite, third-party applications, database sources XML, JMS, JCA Web Services: SOAP, WSDL, UDDI B2B Protocols: RosettaNet, HIPAA, EDI

Analyse 11i with Discoverer

User

Discoverer 10g

E-Business Suite End-User Layer

Access APPS_MODE End-User Layer via Business Intelligence System Discoverer workbooks secured by Applications responsibilities Provide powerful end-user reporting via ad hoc queries Drill-down into data via tabular & graphical analytical tools Run Discoverer on separate cluster for enhanced scalability, wide deployment

Accelerate 11i Performance with WebCache

User

WebCache 10g

E-Business Suite 11i Application Server

Cache and compress frequently used items Reduce network consumption and accelerate response time Can act as a reverse-proxy server Can act as a load-balancer

Technical Integration Overview

Build Releases
E-Business Suite Interoperability Patch for OracleAS 10g integration released in Builds Build 1: Build 2.0: Build 2.2: Build 3.0: Build 3.1: Build 3.2: Jan 2004 Mar 2004 Jul 2004 Jan 2005 Feb 2005 Jul 2005 Aug 2005 Sep 2005 Feb 2006 Mar 2006
Released & Generally Available

Configuration Options with 11i

A. Single Sign-On Server
Minimum requirement for single sign-on support. Release 11i and regions via OA Framework

B. Portal and Single Sign-On Server

Optional.

C. Discoverer
Optional. SSO also optional for Discoverer standalone implementations.

OracleAS 10g + 11i Integration Points

SSO OID Single Sign-On partner application via SSO SDK 9.0.2 Provisioning integrated application via Directory Integration & Provisioning Platform

Portal
Discoverer

Oracle Applications Framework Web Provider & portlets

APPS_MODE End-User Layer in 11i database

Logical Architecture
OracleAS 10g

Enterprise Portal
Portal 10g

Metadata Repository
Portal Repository

Single Sign-On 10g

OID 10g

OID User Repository

Profile

Apps Web Provider & Portlets Portal 3.0.9 (Reqd for JPDK 3.0.9)

OracleAS 10g Interoperability Patches

Directory Integration & Provisioning Platform Applications 11i Database

9iAS 1.0.2.2.2

Application Tier

Database Tier

Single Sign-On Integration

Single Sign-On 10g OID 10g OID User Repository

Chain of Trust

Delegates SSO to

Release 11i 9iAS 1.0.2.2.2

FND_USER Applications 11i Database

Release 11i delegates user authentication to Single Sign-On Single Sign-On authenticates users against Oracle Internet Directory Authenticated users are redirected to Release 11i Release 11i validates the users authorization (I.e. 11i Responsibilities) against FND_USER

Oracle Internet Directory Integration

Oracle Internet Directory 10g

DIP Platform

E-Business Suite 11i FND_USER

Oracle Internet Directory and FND_USER must be kept synchronised Supported synchronisation directions:
From OID to FND_USER (Asynchronous via the Directory Integration & Provisioning Platform) From FND_USER to OID (Synchronous via ldap calls) Bidirectionally

Synchronisation events are raised via the Workflow-based Business Event System whenever users are added or modified

Oracle Internet Directory Accounts linked with Release 11i Accounts

Oracle Internet Directory Userid = John.Smith

Release 11i (FND_USER)

Link Account
Global Unique Identifier (GUID)

Userid = jsmith

One-time User Registration

Done at setup time by system administrator Optional: can be done by end-user on first logon (Link on the fly)

Useful for situations where existing accounts in Oracle Internet Directory 10g or a third-party LDAP directory differ from existing accounts in Release 11i.

Associate OID Accounts with Multiple 11i Accounts

Oracle Internet Directory Userid = John.Smith Release 11i (FND_USER)

Link Account

Userid = jsmith Userid = testuser1 Userid = testuser2

Portal Integration

Portal 10g

11i Portlet

OAF Web Provider

JPDK 3.0.9

11i App Server

OracleAS 10g

9iAS 1.0.2.2.2

Single Sign-On is a prerequisite for Portal Oracle Applications Framework Web Provider is registered in Portal 10g 11i portlets are added to custom Portal pages 11i Portlets communicate with 11i 9iAS 1.0.2.2.2 server:
Oracle Applications Framework Web Provider JPDK 3.0.9

11i portlet users must have a valid 11i responsibility, validated via ICX_SESSION

Discoverer Integration
User

Discoverer 10g

E-Business Suite End-User Layer

Discoverer 10g End-User Layer resides in 11i database APPS_MODE option enforces Applications security for all Discoverer users Easy migration from Discoverer 4i
Installation upgrades a copy of 4i End-User Layer to 10g Run 4i and 10g side-by-side for User Acceptance Tests TIP: Run Discoverer 4i and 10g on different physical servers to avoid Visibroker conflicts

Full Discoverer 10g Support for Single Sign-On

Earlier versions of Discoverer 10g did not support Single Sign-On & Oracle Internet Directory integration for E-Business Suite users
Full SSO/OID support is now available No more dual-maintenance of E-Business Suite user passwords in both FND_USER and OID for standalone Discoverer connections See Metalink Note 313418.1 for details

Accelerate 11i Performance with WebCache

User WebCache 10g

E-Business Suite 11i Application Server

Frequently used items (e.g. images, static text) are cached, compressed, and served by WebCache Secured data (I.e. requiring authorization) is not cached Partial page refresh supported for Portal Can act as a reverse-proxy server Can act as a load-balancer

11i Integration with Third-Party Access Management & LDAP Directories

If you already have an Enterprise Single Sign-On

Oracle products integrate with Oracle SSO Server directly, so it must be installed. Oracle SSO server can integrate with external authentication systems.
Windows Native Authentication via Kerberos Entrust, IBM, RSA, Netegrity, Oblix, Sun, Thor, and others PKI X.509v3 Digital Certificates Other SSO systems via custom adapter

Third-Party Integration Logical Architecture

End User
Logs on to Third-Party Access Manager Authenticates user against Third-Party LDAP
Profile

Delegates SSO to Single Sign-On 10g Directory Integration Platform 10g

Portal 10g

OID 10g

OID User Repository

Delegates SSO to

Release 11i 9iAS 1.0.2.2.2

FND_USER Applications 11i Database

Profile

If you already have an Enterprise User Directory

Oracle products integrate with OID directly, so it must be installed and populated OID must be synchronized with external directories via Directory Integration & Provisioning Platform:
Microsoft Active Directory Sun ONE / iPlanet Prepackaged OID Connectors Any LDAP directory via LDIF files Any other directory via custom DIP agent

OID must synchronize user info with Release 11i (FND_USER)

Planned for OracleAS 10.1.4 Identity Management:

Novell eDirectory, OpenLDAP

"This presentation is for informational purposes only and may not be incorporated into a contract or agreement"

Early Adopter Program Customer Snapshots

(as of Sept. 3, 2005)

Early Adopter Program Snapshot

Early Adopter Program duration Total EAP customer registrants Customers actively engaged 20 months 266 201

Deployed in Production
Amdocs (Israel) Alcoa (Europe) Applied Materials (Israel) Atento (Norway) Bunnings (Australia) CapGemini / Councils Online (Australia) Central Bank of Nigeria Cisco Systems Cox Communications (USA)

Guandong Unicom (China)

Inter-Arab Investment Guarantee (Kuwait)

Fiera Milano (Italy) General Dynamics Land Sys General Electric (USA)

International Enterprises (Singapore) International Institute for Applied Systems Analysis (Austria) Ireland Dept of Defence Kansas State University Mitac (Taiwan) Phoenix Technologies Putrajaya (Malaysia) Rafael Armament Development Authority (Israel) Telecom Italia Mobile (Italy) Universal Weather & Aviation (USA) Wind River Systems (USA)

These are not customer references

O/S Platform Usage

Solaris Linux HP-UX AIX NT Tru64 0 4 20 40
Customers

85 83 52 21 8

60

80

100

OracleAS 10g Usage

X% : Percentage of active EAP cts

SSO

96% 75% 65%

61% 38%
0 50

191

Portal

148

Third-party LDAP

129

Discoverer

120

Third-party SSO

76 100
Customers

150

200

250

Third-Party LDAP Usage

X% : Percentage of customers using third-party LDAP

MS Active Directory SunONE Novell IBM Tivoli Lotus Notes Other 0

89%

115 29

22%

6 6 3 3 20 40

Total exceeds 100% due to multiple directories in use at customer sites

60
Customers

80

100

120

140

Third-Party SSO
X% : Percentage of cts using third-party SSO

MS Kerberos Netegrity Other Oblix WebSeal Novell 0

51% 33% 12% 9% 9%

3 5 10 15 7 7 9 25

39

Total exceeds 100% due to multiple SSO solutions in use at customer sites
20 25 30 35 40 45

Customers

Customer Lessons
Organisational & Staffing Tips
Proactively manage organisational politics: Corporate Security vs. E-Business administrators Plan for complexity. Pad project plans with appropriate contingency Experience helps. Trainee sysadmins may struggle.

Customer Lessons (2)

Organisational & Staffing Tips
Demand skilled consultants from consulting firms (including Oracle Consulting) Read OracleAS 10g manuals, FAQs, get training Skills required include:
E-Business Suite system administration (e.g. AutoConfig) OracleAS 10g installation & configuration Security (e.g. LDAP, PKI) Networking (e.g. firewall, load-balancing router configuration)

Customer Lessons (3)

Systems Configuration Tips
Check Oracle CERTIFY on Metalink for platform availability (e.g. AIX & Tru64 werent available on 10.1.2.0.0) Frequent complete backups Stay current with certified OracleAS 10g releases & E-Business Suite technology stack patches Only apply OracleAS 10g MLRs (emergency patchsets) that have been certified with the EBusiness Suite

Customer Lessons (4)

Systems Configuration Tips
Deploy incrementally:
Get SSO & OID working first Add Portal & Discoverer Add third-party LDAP & SSO integration

Test in production-like environment as early as possible with firewalls, load-balancers, SSL accelerators, etc. Load-balancers and firewalls = largest source of problems when moving from TEST to PRODUCTION

Customer Lessons (5)

Working with Oracle Support
Use the right Technical Assistance Request (TARs) template (see Note 233436.1) Monitor closely and escalate TARs as needed All TARs must go to E-Business Suite Technology Stack Support Specialists (AOL Support) Escalate as needed

Customer Lessons (5)

Working with Oracle Support
Upload prepared environment summary:
Build and OracleAS 10g versions used, NLS languages Network topology: third-party LDAP & SSO, loadbalancers, firewalls, SSL accelerators

Provide detailed, reproducible testcase. Bad testcase: OID integration doesnt work. File enhancement requests

The more precisely the position is determined, the less precisely the momentum is known in this instant, and vice versa.
~ Heisenberg, 1927

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decision. The development, release, and timing of any features or functionality described for Oracles products remains at the sole discretion of Oracle.

Release 11i Certification Roadmap

Whats Coming
Build 4.0 New systems administration features Second-generation diagnostic tools Automated RAC, SSL, DMZ Support

Portal 10.1.4 Certification

These statements are subject to change

"This presentation is for informational purposes only and may not be incorporated into a contract or agreement"

Release 12 Technology Stack Plans

(Subject to Change)

Applications Landscape

Leveraging Fusion Middleware

AS 10g Discoverer AS 10g Identity Mgt

AS 10g WebCache E-Business Suite

AS 10g Portal

Collaboration Suite 10g

PeopleSoft

AS 10g Integration

3-Tier Logical Architecture

R11i10 Technology Stack R12 Technology Stack Client Application
9iAS 1.0.2.2 9i or 10g
OC4J

Database

Web Listener

JSP
SQL*Net

BC4J UIX Reports Forms

User Interface

Application logic

Database logic

R12 Application Server Tier

AS 10.1.3 ORACLE HOME RSF 10.1 Apache 1.3 OC4J Developer10.1.2 ORACLE HOME RSF 10.1 Forms 10 Reports 10 Database ORACLE HOME RSF 10.2

RDBMS Components

APPL TOP

COMMON TOP

R12 Application Server Tier

OracleAS 10g 10.1.2 for Forms & Reports Services
Replaces the 8.0.6-based Oracle_Home provided by iAS 1.0.2.2 in 11i

OracleAS 10g 10.1.3 for Oracle Containers for Java (OC4J)

Replaces the 8.1.7-based Oracle_Home provided by iAS 1.0.2.2 in 11i

Oracle JDeveloper 10.1.3 JDBC 10.2 JDK 5.0 for web & concurrent processing

R12 Preview: Deployment

10.1.3 ORACLE_HOME opmn Apache OC4J-Forms OC4J-oacore OC4J-xmlsrv COMMON_TOP /html, /java
Runtime processes started from 10.1.3 Oracle Home OPMN, Apache OC4J instances Forms runtime executable, frmweb, spawned by OC4J-Forms out of 10.1.2 O_HOME. oacore and xmlsrv OC4J instances use classes, html, jsp files from COMMON_TOP

10.1.2 ORACLE_HOME formsapp.ear frmweb

Optional on External Servers for R12

OracleAS 10g Single Sign-On & Oracle Internet Directory 10.1.2.x Discoverer 10.1.2.x Portal 10.1.2.x WebCache 10.1.2.x Oracle Integration 10.1.2.x Collaboration Suite 10gR2 Enterprise Manager 10gR2

New E-Business Suite Technology Stack Blog

http://blogs.oracle.com/schan
Certification and desupport announcements Discussions about architectures, advanced configurations Early Adopter Programs and Statements of Direction Other E-Business Suite technology stack topics, presentations Supports RSS feedreaders

Cut through the noise -- get the news directly from Development

OracleAS + E-Business Suite Resources

Frequently Asked Questions Installation Guide Implementation Guide Discoverer Installation Guide Documentation Roadmap Statement of Direction Note 186981.1 Note 233436.1 Note 261914.1 Note 313418.1 Note 207159.1 Note 223927.1