Print Page

Friday, May 9, 2008

Oracle AS B2B DMZ setup

Instructions to setup and access B2B via DMZ.

This configuration is assumed to install B2B with in the firewall and standalone OHS in the DMZ and to obtain the firewall clearence for the Following port.

1. HTTP Port of OHS which sits in DMZ
2. HTTP Port of B2B which is with in the firewall.

Append the following lines to LoadModule section of standalone OHS
httpd.conf file

LoadModule proxy_module modules/ (If it is already there then not required)
LoadModule proxy_http_module modules/

Add following lines to end of standalone Apache2.0 httpd.conf file

ProxyPass / http://:/
ProxyPassReverse / http://:/)

To work above configuration, HTTP port on which B2B listens should be opened on internal firewall.

Testing of DMZ setup
Restart standalone Apache 2.0
Invoke the following URL from any machine in DMZ using browser

Above request initially goes to DMZ Apache and we have configured Apache to forward the request to B2B instance in intranet.It should display the
'transportServlet' parameters if everything goes well.

Above testing confirms that request is being passed from DMZ layer to Intranet layer but not from outside world to Intranet layer.

Testing from outside public network
Configure external firewall to accept the data for DMZ standalone Apache HTTP port.
Use the URL http://:/b2b/transportServlet
It should display the 'B2B server' parameters if everything goes well.

DMZ setup with load balancer
Optionally you can configure Load balancer like 'BigIP' on external firewall to route the requests to DMZ layer.If you have DMZ layer front ended by load balancer then configure the load balancer to communicate with standalone HTTP server in DMZ.
In this case we expose the URL http://:/b2b/transportServlet to outside world to communicate with B2B .

Proxy configuration for B2B
If you want to configure B2B to use proxy for all outgoing messages then read below.
Proxy server information needs to be provided in opmn.xml file of B2B midtier.

1) look for tag in opmn.xml
2) then look for tag 3) with in that tag make sure we should have
4) look for tag
5) then look for tag
6) with in that tag make sure we should have

In the above tag we also have some additional security attributes keep them as they are.

Now restart B2B and oc4j_b2b components or all components.

Refer the following documents for various High availability questions.

1 comment:

Mahesh said...

Hi Ramesh,
Does this mean that we cannot use AJP port instead of HTTP port for communication between DMZ OHS and B2B server?