Print Page

Sunday, August 26, 2007

Oracle AS B2B Firewall Setup

Please find below the step by step instructions to setup and access B2B via DMZ.

This configuration is assumed to install B2B with in the firewall and standalone OHS in the DMZ and to obtain the firewall clearence for the Following port.

1. HTTP Port of OHS which sits in DMZ
2. HTTP Port of B2B which is with in the firewall.

Append the following lines to LoadModule section of standalone OHS
httpd.conf file

LoadModule proxy_module modules/mod_proxy.so (If it is already there then not required)
LoadModule proxy_http_module modules/mod_proxy_http.so

Add following lines to end of standalone Apache2.0 httpd.conf file

ProxyPass / http://:/
ProxyPassReverse / http://:/)

To work above configuration, HTTP port on which B2B listens should be opened on internal firewall.

Testing of DMZ setup
----------------------
Restart standalone Apache 2.0
Invoke the following URL from any machine in DMZ using browser
http://:/b2b/transportServlet

Above request initially goes to DMZ Apache and we have configured Apache to forward the request to B2B instance in intranet.It should display the
'transportServlet' parameters if everything goes well.

Above testing confirms that request is being passed from DMZ layer to Intranet layer but not from outside world to Intranet layer.

Testing from outside public network
-------------------------------------
Configure external firewall to accept the data for DMZ standalone Apache HTTP port.
Use the URL http://:/b2b/transportServlet
It should display the 'B2B server' parameters if everything goes well.

DMZ setup with load balancer
-------------------------------
Optionally you can configure Load balancer like 'BigIP' on external firewall to route the requests to DMZ layer.
If you have DMZ layer front ended by load balancer then configure the load balancer to communicate with standalone HTTP server in DMZ.
In this case we expose the URL http://:/b2b/transportServlet to outside world to communicate with B2B .

Proxy configuration for B2B
-----------------------------
If you want to configure B2B to use proxy for all outgoing messages then read below.
Proxy server information needs to be provided in opmn.xml file of B2B midtier.

1) look for tag in opmn.xml
2) then look for tag 3) with in that tag make sure we should have
4) look for tag
5) then look for tag
6) with in that tag make sure we should have

In the above tag we also have some additional security attributes keep them as they are.

Now restart B2B and oc4j_b2b components or all components.

Refer the following documents for various High availability questions.

http://download-east.oracle.com/docs/cd/B14099_19/tru64.1012/install.1012/install/topo.htm#BABCFDBI

http://download-west.oracle.com/docs/cd/B14099_19/core.1012/b14003/mt_comp.htm

Posted by Ramesh Nittur at 6:49 AM

Labels:

2 comments:

Shan said...

"It is possible out of the box to migrate a Gentran map to Edifecs ecs file and back. Oracle AS B2B Document Editor provides out of the box features to do this migration. Refer to Document Editor Section for more details." - Can you provide some more details on this what all options are available to import Gentran VMP file.

October 30, 2007 at 9:16 AM
Ramesh Nittur said...

As you know, map is made up
of 3 parts:

A) Source definition (structure of the input data file)
B) Target definition (structure of the resulting data file)
C) Map instructions (links and functions which tell the engine how to
convert source to target)

ECS files define the source & target structure but not the map
instructions. Gentran defines the source and target structure in XML
files called DDF (Data Definition Files). We have in SpecBuilder import only from DDF files which represent structure for EDI files and not for map files.

November 8, 2007 at 1:19 AM

Post a Comment

Subscribe to: Post Comments (Atom)