Oracle Applications Resume

Document Sample
Oracle Applications Resume Powered By Docstoc
					Oracle On Demand Access
Objectives
  What Systems You May Access
  Your Accounts, Privileges, and Commands
  Request Exceptions In Advance
     –   Access to Systems, Accounts, Privileges, or Commands
         Not Contained in the Standards Require Written Approval
         in Advance by Oracle On Demand
  Access Oversight
     –   Misuse May Result in Loss Of Access
Oracle On Demand:
Access
                                                                                    Service Delivery Manager




                                                                  Software Issues



                                          Oracle                                      Standard
                        Configurations   Metalink                                      Product
                          Information                                                  Support
                              Patches
                                                     On Demand     Alerts, Patch Sets, Workarounds
                                                        HUB                                               Product
                       Service Request   Toll Free
                                         Number                                                         Development
Customer/Implementer                                             Service Requests

                                                     Customer                        On Demand
                                                      Portal                          Delivery

                                           OEM Alert Toggle




                                                      Systems
Agenda
  How You Connect to The On Demand Intranet
  On Demand Powerbroker Basics
  Your Capabilities
     –   Linux
     –   Technology Stack (DB & iAS)
     –   Applications Administration
  How You Transfer Files To or From Oracle On
   Demand



 Note: This material is EBSO specific. OTO
   Data Will be Included in a Future Update.
How You Connect
 @Oracle Model
   –   Through the Oracle On Demand Hardware VPN
         Software VPN Connections Are Not Allowed
         Connections From an Intranet Other Than the Customer‟s Are
          Not Allowed
 @Customer Model
   –   Through Customers‟ Access Mechanisms
         You Do Not Have Access to the On Demand Intranet
On Demand Powerbroker Basics
                      SAS 70 Type II Compliant
  Powerbroker            –   Who, When, Where, What
 Controlled Linux     Limited Set of Customer Accessible
   Accounts
                       Accounts
                      Controls Access to Accounts and
                       Functions
       Powerbroker       –   Powerbroker Policies Map Predefined
                             Accounts and Functions
                      Provides Keystroke Logging
                         –   Keystrokes, Standard Output, Standard
   Named
    Individual               Error
       Linux
     Linux
     Account
   Account
On Demand Powerbroker Basics
                      Controls Access to Accounts and
  Powerbroker          Functions
 Controlled Linux        –   Powerbroker Policies Map Predefined
   Accounts                  Accounts and Functions
                               “customer”: Read Only Access to All
                                Database Objects, Access to Oracle
                                Applications Interface Tables
       Powerbroker             “impanalyst”: Read Only Access to Product,
                                Write Access to XBOL_TOP
                               “impdba”:     Write Access to Product,
                                XBOL_TOP
                                 - “impdba” is now available. 2 accounts will be
   Named
    Individual                     granted with „impdba‟ access initially. If more
                                   accounts are needed with this profile for the
       Linux
     Linux                         same customer, the exception will be
     Account
   Account                         requested by the SDM and it will be subject
                                   to approval.
 Linux Map – Non-Privileged
Non-Privileged     PB         DB        Mid      Directory / Schema
Account            Policy     Tier      Tier
Named Linux        customer   NA        P, NP*   Requested via the Oracle On
Account (Varies)                                 Demand oSDM
                                                 SSH Based
                                                 Standard Linux Command Set
                                                 Default Login Directory
                                                       –Full Access

                                                 Standard File Systems
                                                       –UID, GID Ranges Distinct From All
                                                       Others
                                                       –“world” Privilege Mask Applies




                                     * P=Production, NP=Non-Production
 Linux Map - Controlled
Controlled            PB           DB     Mid     Directory / Schema
Account               Policy       Tier   Tier
apd<4 char custid>i Impdba         NA     NP      AKA, “applmgr” Account, Linux Side
                    impanalyst                    Powerbroker Controlled
                                                        –SSH  to Named Linux Account
                                                        –Invoke Powerbroker Policy

                                                  APPL_TOP (/SID/applmgr)
                                                        –Full Access

                                                  Special Operations Notes
                                                        –Only Two Individual Linux
                                                        Accounts Allowed to Access
                                                        –Must File Informational SR When
                                                        Modifying Files In APPL_TOP
apt<4 char custid>i   impdba       NA     NP      Same as Above, Applied to Test
                      impanalyst
inf<4 char custid>i   impanalyst   NA     P, NP   See FTP Slides For Full Details
                      impdba                            –FTP Server Treatment For This
                                                        Account Different Than DB, iAS
                                                        Servers
Controlled Account Access
Procedure: Non-Production
 SSH Login to Target Server With Named Linux Account
 Invoke Powerbroker
     –   General Format
           /usr/local/bin/pbrun <policy> -u [target user]
     –   Specific Example: Dev Environment, “anon” 4 char custid
           /usr/local/bin/pbrun impanalyst -u apdanoni
           All Standard Linux Commands Available
 Perform Unix Commands
     –   Keystroke Logging Is Active
 To Access Database or Oracle Applications, Use Password
  Manager
     –   General Format
           /usr/local/bin/pbrun <PB Policy> password-manager <Target Instance>
     –   Example: policy:impanalyst, instance:ppmpti
           /usr/local/bin/pbrun impanalyst password-manager ppmpti
 Exit the Powerbroker Run Command
     –   Type “exit” on the Unix Command Line
 SSH Logout
Controlled Account Access
Procedure: Production
 SSH Login to Target Middle Tier Server With Named Linux
  Account
    –   View Only Configuration
          Used To Access BOLINF and RAC_ACCNT
 Invoke Password Manager
    –   General Format
          All Passwords: /usr/local/bin/pbrun <PB Policy> password-manager
           <Target Instance>
          Single Password: /usr/local/bin/pbrun <PB Policy> password-
           manager <Target Instance> <Type>
    –   Example: policy:impdba, instance:ppmpti, type:bolinf
          All: /usr/local/bin/pbrun impdba password-manager ppmpti
          Single: /usr/local/bin/pbrun impdba password-manager ppmpti bolinf
 Invoke Sql*plus
    –   Use Data Returned from Password Manager
 Logout From Sql*plus
 SSH Logout
 Technology Stack Map - DB
Account     PB       DB      Mid     Directory / Schema
            Policy   Tier    Tier
BOLINF      Customer P, NP   P, NP   Sqlnet Based
                                           –Any In Non-Production
                                           –ADI, ADE, and Discoverer Only in Prod

                                     Standard Interface Table
                                           –Read,   Write, Delete
                                     Custom Schema
                                           –Full Access   Including DML and DDL
RAC_ACCNT   Customer P, NP   P, NP   Sqlnet Based
                                           –Any In Non-Production
                                           –ADI, ADE, and Discoverer Only in Prod

                                     All Database Tables
                                           –Read   Only
APPS        impdba   NA      NP      Usage Constrained by CEMLI Guidelines
                                     and Practices
Technology Stack Map – iAS / Portal
Account          PB       DB     Mid     Directory / Schema
                 Policy   Tier   Tier
portal30         TBD      NA     P, NP   Not Relevant for Standard EBSO
                                               –Associated  only if Customer Runs Portal
                                               3.0.9 with EBS0
Portal30_sso     TBD      NA     P, NP   Not Relevant for Standard EBSO
                                               –Associated  only if Customer Runs Portal
                                               3.0.9 with EBS0




 Oracle EBSO Application Server (iAS) Specific Access
  and Functionality Provided By BOL_SETUP Account
  via Oracle Applications GUI as Detailed on Following
  Slides
       –   Examples:
                Form Registration
                Report Registration
Oracle Applications Administration
Map
Account     PB       DB     Mid      Directory / Schema
            Policy   Tier   Tier
BOL_SETUP   impdba   NA     P*, NP   Oracle Applications GUI
                                     Responsibilities
                                           –System Administrator:  NP
                                           –*Application Administrator: P Consists
                                           of On Demand Specified Subset of
                                           System Administrator
                                     Special Operations Notes
                                           –Must  File Informational SR When
                                           Performing Any “High Impact” Change
                                           as Defined in the “Oracle Applications
                                           System Administrator‟s Guide”
                                           –Must Run OEM Alert Toggle Prior to
                                           Starting or Stopping any Oracle
                                           Application Processes
OEM Blackout Command Line
Interface (CLI)
  Blackout Tool Prevents False Monitor Alerts
  Synchronized with Service Request Systems
  Accessible via the “impdba” Powerbroker Policy
     –   Specifics Subject To Change During Phased Rollout
  Command: blackout_ctl
     –   Parameters:
           Task [start | stop]
           Option [full | target | all_except_host]
           Duration (-d) [day HH:MM]
           User Name (-u)
           Reason (-r) [db_patch | app_patch | os_patch | agent_patch |
            maint | unsched]
           Change Management Number (-cm) (optional)
           Ticket Number (-t) (optional)
           Comment (-c) (optional)
     –   Help Facility:
           blackout_ctl help
OEM Blackout CLI
  Command: blackout_ctl (Con’t)
     –   Line Mode example:
           blackout_ctl start full –d 5 05:30 –u username –r db_patch –
            cm 333333 –t 88888888.999 –c “scheduled”
     –   Interactive Example:
           blackout_ctl
             Please enter all required fields….
             Task [start | stop]:
             Option [full | target | all_except_host]:
             Duration [day HH:MM]:
             User Name:
             Reason [db_patch | app_patch | os_patch | agent_patch | maint |
               unsched]:
             Change Management Number (optional):
             Ticket Number (optional):
             Comment (optional):
OEM Blackout CLI Procedure: Non-
Production
  SSH Login to Target Server With Named Linux Account
  Invoke Powerbroker
     –   Example: “impdba” Policy, Dev Environment, “anon” 4 char
         custid
           /usr/local/bin/pbrun impdba -u apdanoni
  Blackout the Required Environment
     –   Example: Start A Full OEM Blackout for 4.5 Days Under
         Username “smith” for a database patch with change
         management approval number “1776” Related to Service
         Request 12345678.999 With the Comment “Fixing It”
           blackout_ctl start full –d 4 12:00 –u smith –r db_patch –cm 1776
            –t 12345678.999 –c “Fixing It”
  Perform Necessary Activity
  Exit the Powerbroker Run Command
     –   Type “exit” on the Unix Command Line
  SSH Logout
File Transfers - FTP
 This Section Represents FTP in the @Oracle Model
  Only
 @Customer, the Customer is Solely Responsible for
  Implementing and Maintaining a File Transfer Model
  Specific to the Needs of Their Customer Application.
FTP Architecture – Two Tier
                                                Oracle                                 Customer
              SSH                              Hardware                                Hardware
                                                 VPN               SSH/FTP               VPN

Customer                                            SSH/FTP
DB Server
                                             FTP01
                                                                                       Customer
                                      SSH    Directory Structure
                                                                                       SSH / FTP
Directory                                                                            Customer Intranet
Structure


       NFS    NFS
                                             Directory Structure

 Net Apps
File System    NFS
                                       5 Min. Sweepers transfer




                                                                    Outer Firewall
                     Inner Firewall




                                       from /src to appropriate
                                       $XBOL_TOP


                                       Customer iAS Server
FTP Architecture – DMZ Configuration
                                             Oracle                                  Customer
                                            Hardware                                 Hardware
               SSH
                                              VPN            SSH/FTP                   VPN


 Customer                                      SSH/FTP
 DB Server
                                       FTP01
                                                                                     Customer
                                       Directory Structure                           SSH / FTP

 Directory                                                                       Customer Intranet
 Structure


        NFS    NFS                                                             Directory Structure


  Net Apps
 File System    NFS                                                            5 Min. Sweepers transfer


                                                              Outer Firewall
                                                                               from /src to appropriate
                      Inner Firewall




                                                                               $XBOL_TOP


                                                                               Customer iAS Server
FTP Connection Types & Transfer
Programs
  Secure Shell (SSH)
     –   Secure Copy (SCP) May be Used to Transfer Data Within
         an SSH Connection to FTP01
  File Transfer Protocol (FTP) Based
     –   “ftp” Command Invoked Within an SSH Connection
     –   Native “ftp” Invoked From the Customer‟s Desktop
     –   Native “ftp” Based Desktop Programs
           There Are a Number of These
           Typically add a Graphical User Interface (GUI)
           May Also Provide File Transfer Interrupt / Resume Function
     –   Secure FTP (sftp)
FTP Account & File Types
  Uses a Single Login to FTP01
     –   Userid Format is: inf(4 char custid)i
     –   Password Format is: inf(4 char custid)i
     –   Example: Customer “Anonymous”  “infanoni”
  Allowed File Types
     –   Dev, Test
           *.rdf, *.fmb, *.fmx, *.ctl, *.sh, *.sql (Specific Function)
           *.dat, *.csv (Data)
     –   Prod
           *.dat, *.csv (Data Only)
FTP Directory Structure
 FTP01 Customer Visible Directory Structure
    – Root is “/interface/inf(4 char custid)i”
    – Then Varies by Instance SID
    – Then “incoming”, “outgoing”, “archive”, “src”, “bad”


/interface/inf(4 char custid)i

                      /(DEV SID)

                                    /incoming   /outgoing   /archive   /src   /bad

                      /(TEST SID)

                                    /incoming   /outgoing   /archive   /src   /bad

                      /(PROD SID)

                                    /incoming   /outgoing   /archive   /src   /bad
FTP Inbound Move Automation
  Files Automatically Moved From FTP01 Directory
   Structure to Customer iAS Server on 5 Minute Interval
     –   Test & Dev
             *.rdf  $XBOL_TOP/reports/US
             *.fmb  $XBOL_TOP/forms/US/resource
             *.fmx  $XBOL_TOP/forms/US
             *.ctl  $XBOL_TOP/bin
             *.sh  $XBOL_TOP/bin
             *.sql  $XBOL_TOP/sql
             *.dat  /interface/inf(4 char custid)i/(SID)/incoming
             *.csv  /interface/inf(4 char custid)i/(SID)/incoming
     –   Prod
           *.dat  /interface/inf(4 char custid)i/(SID)/incoming
           *.csv  /interface/inf(4 char custid)i/(SID)/incoming
FTP Miscellaneous
 May send checksum file with data file for optional
  customer verification before loading data
    –   File name = datafile_name.sum
 Data transfer complete validated by CRON script
    –   No data written in last 2 minutes
 Oracle Applications Programmatic Interface Used to
  Load Data Into Database
 Implementation Team Should Provide Detail of Invalid
  Data Loads
FTP Inbound Process
 Open an FTP Session on Oracle Outsourcing FTP01
  –   Username/Password Example: “infanoni/infanoni”
 Navigate to the Appropriate Directory As Described
  Earlier
  –   /src: *.rdf, *.fmb, *.fmx, *.ctl, *.sh, *.sql
  –   /incoming: *.dat, *.csv
 Transfer Data
 CRON Script Moves Data As Described Earlier
 Execute API to import data into database
FTP Outbound Process
  Account Notes
   –   Either the RAC_ACCNT or BOLINF May Be Used To Generate
       The Output File in the Linux File System.
   –   In Order to Submit the Concurrent Manager Job to Transfer the
       File, Your Individual Application User Account Must Have the
       “Application Administrator” Responsibility
        Coordinate The Assignment Of “Application Administrator”
         Responsibility With the Customer Representatives
FTP Outbound Process
  Submit Concurrent Manager “BOL – FTP process”
   Request With The Following:
   –   Ttype: Path of the FTP server where the file will be transferred
       from the EBSO server
         E.g.: /interface/inf(4 char custid)I/(Target SID)/outgoing
   –   File: Name of the file to be transferred
         E.g.: filename.out
   –   File Location: Path to File on Customer EBSO Server
         E.g.: /(Target SID)/applcsf/out
   –   Enable Timestamp: Option to enable a timestamp
         Values: No/Yes
   –   Enable Checksum: Option to enable a checksum
         Values: No/Yes
  Open FTP Session on Oracle On Demand FTP01
  FTP File from Oracle On Demand FTP01

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:184
posted:3/7/2011
language:English
pages:29
Description: Oracle Applications Resume document sample