solucion soa oracle
Post on 08-Apr-2018
239 Views
Preview:
TRANSCRIPT
-
8/7/2019 Solucion Soa Oracle
1/16
TESTING &INTEGRATION GROUP
AppDirector and AppXcel With Oracle Application
Server 10g Release 3 (10.1.3.1.0) - Oracle SOASuite Enterprise Deployment
INTRODUCTION......................................................................................................................... 2
SOLUTION DETAILS................................................................................................................. 2
SOFTWARE AND HARDWARE USED................................................................................... 6
NETWORK DIAGRAM .............................................................................................................. 7
MYSOACOMPANY WITH ORACLE SINGLE SIGN-ON..................................................................... 7
CONFIGURATION...................................................................................................................... 8
APPDIRECTOR.............................................................................................................................. 8
APPXCEL ................................................................................................................................... 12
TECHNICAL DOCUMENTTest Engineer: Iztok Umek
AUTHOR: Steve JenningsDATE: Friday, May 18, 2007
Version: 1.2
-
8/7/2019 Solucion Soa Oracle
2/16
AppDirector, AppXcel with Oracle Application Server 1/2/2008
COMPANY CONFIDENTIAL 2
Introduction
AppDirector and AppXcel w ithin the Oracle SOA Suite
Oracles SOA Suite is a complete set of service infrastructure components for building,
deploying, and managing SOAs. Oracle SOA Suite enables services to be created, managedand orchestrated into composite applications and business processes. Architects and
developers are addressing the complexity of their application and IT environments withOracle SOA Suite which facilitates the development of enterprise applications as modular
business services that can be easily integrated and reused, creating a truly flexible,adaptable IT infrastructure.
With AppDirector and AppXcel, the Oracle SOA Suite can be further enhanced to provide
increased scalability, performance and reliability to the benefits offered by the Oracle SOASuite. This document describes the architecture and configuration detail to integrate the
Radware products into the SOA environment
Solution Details
The solution described below employs an AppDirector for load balancing incomingapplication service requests to the Oracle SOA application, session persistency, and web
acceleration configured with an AppXcel farm for SSL decryption/encryption off loading. TheAppDirector is configured with 5 server farms: HTTP and HTTPS SSO farms, HTTP and
HTTPS SOA farms, and an Oracle Internet Directory farm. These entities are described
below. The AppXcel is configured with two tunnels. Configuration details for both theAppDirector and AppXcel are given later in the document.
The diagram below shows a schematic view of the environment under test, indicating the
flows between the Oracle SOA Suite components and the Radware AppDirectors and
AppXcels.
Schematic View of Test Environment
-
8/7/2019 Solucion Soa Oracle
3/16
AppDirector, AppXcel with Oracle Application Server 1/2/2008
COMPANY CONFIDENTIAL 3
How it works
A user desiring access to an SOA application generates a request directed toward the Oracle
HTTP Server (OHS). The AppDirector load balances these requests between the definedOracle HTTP Servers. In the tested scenario, the SOA application is registered with Oracle
Containers for Java (OC4J) as a Single Sign-On application. So when the OHS serverreceives the request the SSO process checks whether or not a cookie exists for the user
which would indicate that it has already been authenticated. If not, the OHS redirects theuser to an SSO process login / password prompt and the user then enters login credentials.This connection is secure and when the response reaches the AppDirector it is forwarded to
the AppXcel farm to be decrypted and processed.
Also for the test, the SOA application is defined to the Oracle Internet Directory for identitymanagement so the SSO process queries the OID server using the LDAP protocol for the
users Distinguished Name (DN) and to obtain role / group information for user accesspermissions. This request is passed through the AppDirector where it is load balanced
across the OID server farm. Once the user credentials are authenticated the application
binds to the directory and the users group / role information is retrieved from the OID.Subsequent requests by the user to the SOA application are then passed directly to the SOA
application server and load balanced appropriately.
AppDirector - P olicies, Farms, Servers
There are 3 VIPs defined on the AppDirector with 2 policies defined for each VIP. The first
VIP (10.143.181.37) has 2 policies associated with it: policy oidtcp389 and policy
oidtcp636. These policies listen for inbound traffic on TCP ports 389 and 636 directedtoward the Oracle Information Directory servers.
Policy: oidtcp389Port: TCP port 389
Farm: oid
Servers:Lnxi02 10.143.180.247
Lnxi03 10.143.180.248
Policy: oidtcp636Port: TCP port 636
Farm: oid
Servers:Lnxi02 10.143.180.247
Lnxi03 10.143.180.248
The second VIP (10.143.181.38) has 2 policies associated with it. The policy soahttp listens
for inbound HTTP traffic directed toward the Oracle Application Servers and sends matching
traffic to the servers associated with the SOA farm. The policy soahttps listens for inboundHTTPS traffic and passes it to the AppXcel farms to offload the SSL processing.
Policy: soahttpsPort: TCP port 443
Farm: soassl
Servers:
-
8/7/2019 Solucion Soa Oracle
4/16
AppDirector, AppXcel with Oracle Application Server 1/2/2008
COMPANY CONFIDENTIAL 4
Tunnel_192.168.1.102
Tunnel_192.168.1.202
Policy: soahttpPort: TCP port 80
Farm: soahttpServers:
Lnxi06 10.143.180.251:7777Lnxi07 10.143.180.252:7777
The third VIP (10.143.181.36) has 2 policies associated with it: policy ssohttp listens forinbound HTTP traffic directed toward the SSO service from from OHS, and ssohttps which
listens for HTTPS traffic and directs the matching inbound traffic to the AppXcel EP Farm tooff load the SSL processing.
Policy: ssohttp
Port: TCP port 80Farm: sso
Servers:Lnxi02: 10.143.180.247:7777
Lnxi03: 10.143.180.248:7777
Policy: ssohttps
Port: TCP port 443Farm: ssohttps
Servers:Tunnel_192.168.1.102
Tunnel_192.168.1.202
Health Monitoring
There are 6 Health Checks as follows.
Health Check: OID-lnxi02
Check Element: lnxi02Method: LDAP
Method Arguments:User Name: cn=cladmin
Password: (cladmin password)Attribute name: cn
Search value: asdb
Dest Port: 389
Health Check: OID-lnxi03Check Element: lnxi03
Method: LDAPMethod Arguments:
User Name: cn=cladminPassword: (cladmin password)
Attribute name: cnSearch value: asdb
Dest Port: 389
Health Check: SSO-HealthCheck-lnxi02Check Element: lnxi02
-
8/7/2019 Solucion Soa Oracle
5/16
AppDirector, AppXcel with Oracle Application Server 1/2/2008
COMPANY CONFIDENTIAL 5
Method: HTTP
Method Arguments:Path: /sso/status
HTTP method: GETProxy HTTP: Yes
Pragma Nocache: YesMatch Search String: OC4J_Security is running.
Match Mode: String ExistsDest Port: 7777
Health Check: SSO-HealthCheck-lnxi03Check Element: lnxi03
Method: HTTPMethod Arguments:
Path: /sso/status
HTTP method: GETProxy HTTP: Yes
Pragma Nocache: YesMatch Search String: OC4J_Security is running.
Match Mode: String ExistsDest Port: 7777
Health Check: SOA-lnxi06Check Element: lnxi06
Method: HTTPMethod Arguments:
Path: /,HTTP method: GET
Proxy HTTP: Yes
Pragma Nocache: YesMatch Mode: String is Absent
HTTP Return Code: 200
Dest Port: 7777
Health Check: SOA-lnxi07
Check Element: lnxi07
Method: HTTPMethod Arguments:
Path: /,HTTP method: GET
Proxy HTTP: YesPragma Nocache: Yes
Match Mode: String is Absent
HTTP Return Code: 200Dest Port: 7777
AppXcel - Tunnels
There are 2 tunnels defined on the AppXcel:
Virtual Host IP Remote IP Listen Port Remote Port192.168.1.101 10.143.181.38 443 80
192.168.1.202 10.143.181.36 443 80
-
8/7/2019 Solucion Soa Oracle
6/16
AppDirector, AppXcel with Oracle Application Server 1/2/2008
COMPANY CONFIDENTIAL 6
Software and Hardware used
Radwares AppDirector, hardware version 1.10, software version 1.03.04
Radwares AppXcel, device model XS1, software version 1.02.06
-
8/7/2019 Solucion Soa Oracle
7/16
AppDirector, AppXcel with Oracle Application Server 1/2/2008
COMPANY CONFIDENTIAL 7
Network DiagrammySOAcompany w ith Oracle Single Sign-On
-
8/7/2019 Solucion Soa Oracle
8/16
AppDirector, AppXcel with Oracle Application Server 1/2/2008
COMPANY CONFIDENTIAL 8
Configuration
AppDirector
Network Interfaces
Create IP 10.143.180.215/24 on port 2Create IP 192.168.1.1/24 on port 1
Create farms with the follow ing attributes:
Farm Name: oidAging Time: 300
Dispatch Method: CyclicSessions Mode: EntryPerSession
Connectivity Check: No Checks
Farm Name: ssoAging Time: 600Dispatch Method: Cyclic
Sessions Mode: EntryPerSessionConnectivity Check: No Checks
Farm Name: ssossl
Aging Time: 300
Dispatch Method: CyclicSessions Mode: EntryPerSession
Connectivity Check: TCP PortConnectivity Check Port: HTTPS
Farm Name: soaAging Time: 600Dispatch Method: Cyclic
Sessions Mode: EntryPerSession
Connectivity Check: No Checks
Farm Name: soasslAging Time: 600
Dispatch Method: CyclicSessions Mode: EntryPerSession
Connectivity Check: TCP PortConnectivity Check Port: HTTPS
Create servers with the follow ing attributes:
Farm Name: oidServer Address: 10.143.180.247
Server Port: NoneServer Name: lnxi02
Client NAT: EnabledClient NAT Range: 10.143.181.39
Farm Name: oid
-
8/7/2019 Solucion Soa Oracle
9/16
AppDirector, AppXcel with Oracle Application Server 1/2/2008
COMPANY CONFIDENTIAL 9
Server Address: 10.143.180.248
Server Port: NoneServer Name: lnxi03
Client NAT: EnabledClient NAT Range: 10.143.181.39
Farm Name: ssossl
Server Address: 192.168.1.102Server Port: 443Server Name: Tunnel_192.168.1.102
Farm Name: ssossl
Server Address: 192.168.1.202Server Port: 443
Server Name: Tunnel_192.168.1.202
Farm Name: sso
Server Address: 10.143.180.247Server Port: 7777
Server Name: lnxi02Client NAT: Enabled
Client NAT Range: 10.143.181.39
Farm Name: sso
Server Address: 10.143.180.248Server Port: 7777
Server Name: lnxi03Client NAT: Enabled
Client NAT Range: 10.143.181.39
Farm Name: soassl
Server Address: 192.168.1.101
Server Port: 443Server Name: Tunnel_192.168.1.101
Farm Name: soassl
Server Address: 192.168.1.201Server Port: 443
Server Name: Tunnel_192.168.1.201
Farm Name: soaServer Address: 10.143.180.251
Server Port: 7777
Server Name: lnxi06Client NAT: Enabled
Client NAT Range: 10.143.181.39
Farm Name: soaServer Address: 10.143.180.252
Server Port: 7777
Server Name: lnxi07Client NAT: Enabled
Client NAT Range: 10.143.181.39
-
8/7/2019 Solucion Soa Oracle
10/16
AppDirector, AppXcel with Oracle Application Server 1/2/2008
COMPANY CONFIDENTIAL 10
Create L4 Policies w ith the follow ing attributes:
Virtual IP: 10.143.181.37
L4 Protocol: TCPL4 Port: 389
L4 Policy Name: oidtcp389Farm Name: oid
Application: TCP
Virtual IP: 10.143.181.37
L4 Protocol: TCPL4 Port: 636
L4 Policy Name: oidtcp636Farm Name: oid
Application: TCP
Virtual IP: 10.143.181.36
L4 Protocol: TCPL4 Port: 80
L4 Policy Name: ssohttpFarm Name: sso
Application: HTTP
Virtual IP: 10.143.181.36
L4 Protocol: TCPL4 Port: 443
L4 Policy Name: ssohttpsFarm Name: ssossl
Application: HTTPS
Virtual IP: 10.143.181.38
L4 Protocol: TCP
L4 Port: 80L4 Policy Name: soahttpFarm Name: soa
Application: HTTP
Virtual IP: 10.143.181.38
L4 Protocol: TCPL4 Port: 443
L4 Policy Name: soahttpsFarm Name: soassl
Application: HTTPS
Create Health Checks with the follow ing attributes:
Health Check: OID-lnxi02Check Element: lnxi02
Method: LDAP
Method Arguments:User Name: cn=cladmin
Password: (cladmin password)Attribute name: cn
Search value: asdbDest Port: 389
-
8/7/2019 Solucion Soa Oracle
11/16
AppDirector, AppXcel with Oracle Application Server 1/2/2008
COMPANY CONFIDENTIAL 11
Health Check: OID-lnxi03Check Element: lnxi03
Method: LDAPMethod Arguments:
User Name: cn=cladminPassword: (cladmin password)
Attribute name: cnSearch value: asdbDest Port: 389
Health Check: SSO-HealthCheck-lnxi02Check Element: lnxi02
Method: HTTPMethod Arguments:
Path: /sso/statusHTTP method: GET
Proxy HTTP: YesPragma Nocache: Yes
Match Search String: OC4J_Security is running.Match Mode: String ExistsDest Port: 7777
Health Check: SSO-HealthCheck-lnxi03
Check Element: lnxi03Method: HTTP
Method Arguments:
Path: /sso/statusHTTP method: GET
Proxy HTTP: YesPragma Nocache: Yes
Match Search String: OC4J_Security is running.
Match Mode: String ExistsDest Port: 7777
Health Check: SOA-lnxi06
Check Element: lnxi06Method: HTTP
Method Arguments:Path: /,
HTTP method: GETProxy HTTP: Yes
Pragma Nocache: Yes
Match Mode: String is AbsentHTTP Return Code: 200
Dest Port: 7777
Health Check: SOA-lnxi07Check Element: lnxi07
Method: HTTPMethod Arguments:
Path: /,HTTP method: GET
Proxy HTTP: Yes
Pragma Nocache: YesMatch Mode: String is Absent
-
8/7/2019 Solucion Soa Oracle
12/16
AppDirector, AppXcel with Oracle Application Server 1/2/2008
COMPANY CONFIDENTIAL 12
HTTP Return Code: 200
Dest Port: 7777
AppXcel
-------------------------------------------------------
AppXcel 100 Configuration-------------------------------------------------------
appxcel fips mode get--------------------
Current FIPS mode is: none.
appxcel security-world get--------------------------Fips is not supported.
appxcel certificate get---------------------
Country Name = USState or Province name = New York
Locality Name = New YorkOrganization Name = RadwareOrganizational Unit Name = ApplicationServersCommon Name = www.radware.comEmail Address = support@radware.com
appxcel key table get-------------------
Keys:
|-------|------|------|-------------------------------------------------------|| Index | Size | Cert | Common Name ||=======|======|======|=======================================================|| 1 | 1024 | Crt | soa.us.oracle.com || 2 | 1024 | Crt | sso.us.oracle.com ||-------|------|------|-------------------------------------------------------|
appxcel key get --------------------------
Info for Key number 1 :-----------------------Certificate (csr/crt/int) = crtDate not before = Apr 17 19:09:05 2007 GMTDate not after = Apr 16 19:09:05 2008 GMTKey Size (512/1024/2048) = 1024Common Name = soa.us.oracle.com
Tunnel IP / Server Name------ -------------------
1 soa.us.oracle.com
Info for Key number 2 :
-----------------------Certificate (csr/crt/int) = crtDate not before = Apr 17 19:09:32 2007 GMTDate not after = Apr 16 19:09:32 2008 GMTKey Size (512/1024/2048) = 1024Common Name = sso.us.oracle.com
Tunnel IP / Server Name------ -------------------
2 sso.us.oracle.com
appxcel local-triangulation get-------------------------------
Current local triangulation status is off.
-
8/7/2019 Solucion Soa Oracle
13/16
AppDirector, AppXcel with Oracle Application Server 1/2/2008
COMPANY CONFIDENTIAL 13
appxcel mode get---------------
Active mode is: proxy
appxcel tunnel table get----------------------
Tunnels:
|-------|---------|-----------------|--------|-----------------|--------|-----|| Index | Enabled | Virtual Host IP | Listen | Remote IP | Remote | Key || | | | Port | | Port | ID ||=======|=========|=================|========|=================|========|=====|| 1 | yes | 192.168.1.101 | 443 | 10.143.181.38 | 80 | 1|| 2 | yes | 192.168.1.102 | 443 | 10.143.181.36 | 80 | 2||-------|---------|-----------------|--------|-----------------|--------|-----|
appxcel tunnel get -----------------------------
Tunnel info for Tunnel ID 1 :=================================Enabled : yesLAN : 2Default Gateway : 192.168.1.10
Virtual Host IP : 192.168.1.101Listening Port : 443Interface IP : 192.168.1.101Netmask : 255.255.255.0Remote IP : 10.143.181.38Remote Port : 80Transparent : onHostname : soa.us.oracle.comKeep Alive : onKeep Alive Timeout : 15Compression method : gzipGzip engine : offHTTP redirect : offHTTP redirect port :HTTPS redirect : offHTTP multiplexing : offHTTP multiplexing timeout : 0HTTP garbage : offSSL Key ID : 1
CipherSuites : RSABackend SSL : offBackend CipherSuites : LOWBackend L7 LB port : 0Service : httpClient CA : noCRL : noClient Timeout : 30Backend Timeout : 300Cache status : offCache expiration time : 86400Jpeg reduction status : offJpeg reduction ratio : 50Url-Rewerite Policy : noneUrl-Rewrite mode : disableUrl-Rewrite Default URL : noneLDAP authentication : offCdp tunnel bindings : none
Tunnel info for Tunnel ID 2 :=================================Enabled : yesLAN : 2Default Gateway : 192.168.1.10Virtual Host IP : 192.168.1.102Listening Port : 443Interface IP : 192.168.1.102Netmask : 255.255.255.0Remote IP : 10.143.181.36Remote Port : 80Transparent : onHostname : sso.us.oracle.comKeep Alive : onKeep Alive Timeout : 15Compression method : gzip
-
8/7/2019 Solucion Soa Oracle
14/16
AppDirector, AppXcel with Oracle Application Server 1/2/2008
COMPANY CONFIDENTIAL 14
Gzip engine : offHTTP redirect : offHTTP redirect port :HTTPS redirect : offHTTP multiplexing : offHTTP multiplexing timeout : 0HTTP garbage : offSSL Key ID : 2CipherSuites : RSABackend SSL : offBackend CipherSuites : LOW
Backend L7 LB port : 0Service : httpClient CA : noCRL : noClient Timeout : 30Backend Timeout : 300Cache status : offCache expiration time : 86400Jpeg reduction status : offJpeg reduction ratio : 50Url-Rewerite Policy : noneUrl-Rewrite mode : disableUrl-Rewrite Default URL : noneLDAP authentication : offCdp tunnel bindings : none
ct url-rewrite policy table get----------------------------------
There are no url-rewrite policies.
-------------------------------------------------Network Configuration
-------------------------------------------------
net arp table get--------------------|-----------------|--------------------|-----------|| Address | HWaddress (MAC) | Interface ||=================|====================|===========|| 10.143.180.1 | 00:0E:38:24:72:3F | Lan1 || 192.168.1.2 | 00:03:B2:2E:3E:40 | Lan2 || 10.143.181.36 | 00:00:5E:00:01:B4 | Lan1 || 10.143.181.38 | 00:00:5E:00:01:B4 | Lan1 || 192.168.1.1 | 00:03:B2:2E:3A:00 | Lan2 ||-----------------|--------------------|-----------|
net dns table get--------------------
Configured Dns Table:
|-----------|-----------------|| Priority | IP address ||===========|=================||-----------|-----------------|
net management-ip get------------------------------
Management interfaces:
|-----------------|-----------------|-----------|
| IP Address | Net Mask | Interface ||=================|=================|===========|| 10.143.181.41 | 255.255.252.0 | Lan1 ||-----------------|-----------------|-----------|
net physical-interface table get---------------------------------
Physical Interfaces:
|-------|------------------------|-------|-------|----------------|------|| Index | Type | Speed | Duplex| Auto Negotiate | Link ||=======|========================|=======|=======|================|======|| 1 | Giga Ethernet (Copper) | 100 | full | on | up || 2 | Giga Ethernet (Copper) | 100 | full | on | up |
-
8/7/2019 Solucion Soa Oracle
15/16
AppDirector, AppXcel with Oracle Application Server 1/2/2008
COMPANY CONFIDENTIAL 15
|-------|------------------------|-------|-------|----------------|------|
net route table get-----------------------Configured Routing Table:
|----------------------|-----------------|-----------------|-----------------|| Type | Destination | Netmask | Gateway ||======================|=================|=================|=================|| Management DefaultGW | | | 10.143.180.1 |
|----------------------|-----------------|-----------------|-----------------|Active Interface Routing Table:
|----------------------|-----------------|-----------------|-----------------|| Type | Destination | Netmask | Gateway ||======================|=================|=================|=================|| Default | | | 127.0.0.1 || Management DefaultGW | | | 10.143.180.1 ||----------------------|-----------------|-----------------|-----------------|
------------------------------------------------System Configuration
------------------------------------------------
system bypass get-------------------------Bypass is disabled.
system date get---------------------
Current date:Wed Apr 18 15:33:26 UTC 2007
system device community get--------------------------------------
The current community string is public.
system device info get-----------------------------
Device model: D V2.
Software version: AppXcel Version 1.02.06 Build Nov_26_2006_10-42-50.TPS: 4000.
Concurrent connections: 20000.
RAM size: 512 MB.
Mac Lan 1: 0010F30C622B.
Mac Lan 2: 0010F30C622C.
Type Lan 1: Giga Ethernet (Copper).
Type Lan 2: Giga Ethernet (Copper).
SSL Card: Cavium.
Compression Card: Active.
system device name get--------------------------------
The current device name is atlradax1.
system license concurrent-connections get--------------------------------------------------------
Current license is appxcel-4000-TPS-20000-CEC.
system license tps get-----------------------------
-
8/7/2019 Solucion Soa Oracle
16/16
AppDirector, AppXcel with Oracle Application Server 1/2/2008
COMPANY CONFIDENTIAL 16
Current license is appxcel-4000-TPS-20000-CEC.
system mode get----------------------
Current system mode is: active
system terminal baudrate get-------------------------------------
Current terminal speed is: 19,200
system management ssh get-------------------------------------
The SSH agent is currently on.
system management wbm get--------------------------------------
The WBM/CWI agent is currently on.
top related