Oracle E-Business suite rapid internal application reference architecture

The EBS internal Access Gateway architecture represents a set of components required for protecting an internal use only Oracle E-Business Suite installation using Access Gateway.
This architecture represents a baseline or starting point for other architectures where an Access Gateway cluster protects and provides SSO for an EBS internal use only application.
This architecture is designed to meet the following requirements:

  • Protect an internal access only Oracle E-Business Suite application.
  • Fault tolerant - Providing additional instances of Access Gateway, as cluster workers, such that if one is unavailable the cluster continues to perform normally.
  • Manage capacity - Providing additional instances of Access Gateway to handle expected load.
  • Provide a baseline for testing and development.

Benefits and drawbacks

Benefits Drawbacks
  • Relatively simple installation
  • Provides basic fault tolerance and capacity support
  • Can be expanded with additional workers as required to add capacity
  • Load balanced
  • Internal only
  • Pre Access Gateway DMZ based load balancer must support session affinity (sticky sessions)
 

Architecture

Components

Location

Component Description
External internet Okta org

Your Okta org, providing identity services.

Firewall

External internet to DMZ

Traditional firewall between the external internet and the DMZ hosting Access Gateway.

Internal network

Users

Oracle E-Business Suite users, located in the internal network.  Accessing Oracle E-Business Suite applications also located within the internal network

Pre Access Gateway load balancer

Balances load between clients and the Access Gateway cluster.
Positioned between clients and Access Gateway cluster.

Access Gateway admin Access Gateway admin node, handling configuration, configuration backups, log forwarding and similar activities. Accessed by administrators within the internal network.

Access Gateway workers

and EBS SSO Agent

Access Gateway cluster, located in the DMZ is used to provide access to applications used by external internet clients.
Containing a pre-configured Oracle EBS SSO agent.
Typically hosted in a virtual environment such as Amazon Web Services, MS Azure, Oracle OCI or something similar. See Manage Access Gateway deployment.
Database Oracle EBS Database, accessed using a previously defined Database Connect Descriptor file (DBC)
Protected EBS application The set of protected E-Business Suite web resources.

Other considerations

The Access Gateway EBS SSO agent passes various header attributes to the underlying Oracle E-Business Suite application.