Oracle E-Business suite rapid internal application reference architecture
The EBS internal Access Gateway architecture represents a set of components required for protecting an internal use only Oracle E-Business Suite installation using Access Gateway.
This architecture represents a baseline or starting point for other architectures where an Access Gateway cluster protects and provides SSO for an EBS internal use only application.
This architecture is designed to meet the following requirements:
- Protect an internal access only Oracle E-Business Suite application.
- Fault tolerant - Providing additional instances of Access Gateway, as cluster workers, such that if one is unavailable the cluster continues to perform normally.
- Manage capacity - Providing additional instances of Access Gateway to handle expected load.
- Provide a baseline for testing and development.
Benefits and drawbacks
| Benefits | Drawbacks |
|---|---|
|
|
Architecture
Components
|
Location |
Component | Description |
|---|---|---|
| External internet | Okta org |
Your Okta org, providing identity services. |
| Firewall | External internet to DMZ | Traditional firewall between the external internet and the DMZ hosting Access Gateway. |
| Internal network | Users | Oracle E-Business Suite users, located in the internal network. Accessing Oracle E-Business Suite applications also located within the internal network |
| Pre Access Gateway load balancer | Balances load between clients and the Access Gateway cluster. Positioned between clients and Access Gateway cluster. | |
| Access Gateway admin | Access Gateway admin node, handling configuration, configuration backups, log forwarding and similar activities. Accessed by administrators within the internal network. | |
| Access Gateway workers and EBS SSO Agent | Access Gateway cluster, located in the DMZ is used to provide access to applications used by external internet clients. Containing a pre-configured Oracle EBS SSO agent. Typically hosted in a virtual environment such as Amazon Web Services, MS Azure, Oracle OCI or something similar. See Manage Access Gateway deployment. |
|
| Database | Oracle EBS Database, accessed using a previously defined Database Connect Descriptor file (DBC) | |
| Protected EBS application | The set of protected E-Business Suite web resources. |
Other considerations
The Access Gateway EBS SSO agent passes various header attributes to the underlying Oracle E-Business Suite application.