Oracle E-Business suite rapid external application reference architecture

The EBS rapid external Access Gateway architecture represents a set of components required for protecting an external use only Oracle E-Business Suite installation using Access Gateway.
This architecture is designed to meet the following requirements:

  • Provide external access to an Oracle E-Business Suite application.
  • Fault tolerant - Providing additional instances of Access Gateway, as cluster workers, such that if one is unavailable the cluster continues to perform normally.
  • Manage capacity - Providing additional instances of Access Gateway to handle expected load.
  • Provide a baseline for testing and development.

Benefits and drawbacks

Benefits Drawbacks
  • Relatively simple installation
  • Provides basic fault tolerance and capacity support
  • Can be expanded with additional workers as required to add capacity
  • Load balanced
  • Pre Access Gateway DMZ based load balancer must support session affinity (sticky sessions)
 

Architecture

Components

Location

Component Description
External internet Okta org

Your Okta org, providing identity services.

EBS Users Oracle E-Business Suite users, located in the external network.  Accessing Oracle E-Business Suite applications located within the internal network
Firewall External internet to DMZ Traditional firewall between the external internet and the DMZ hosting Access Gateway.
DMZ Pre Access Gateway load balancer Balances load between external users (clients) and the Access Gateway cluster.
Positioned between clients and Access Gateway cluster.
Firewall DMZ to internal Traditional firewall between the DMZ and the internal network.
Internal network
Access Gateway admin Access Gateway admin node, handling configuration, configuration backups, log forwarding and similar activities. Accessed by administrators within the internal network.
Access Gateway workers
and EBS SSO Agent
Access Gateway cluster, located in the DMZ is used to provide access to applications used by external internet clients.
Containing a pre-configured Oracle EBS SSO agent.
Typically hosted in a virtual environment such as Amazon Web Services, MS Azure, Oracle OCI or something similar.
See Manage Access Gateway deployment.
Database Oracle EBS Database, accessed using a previously defined Database Connect Descriptor file (DBC)
Protected EBS application The set of protected E-Business Suite web resources.

Other considerations

The Access Gateway EBS SSO agent passes various header attributes to the underlying Oracle E-Business Suite application.