Oracle E-Business suite classic external application reference architecture
The EBS classic external Access Gateway architecture represents a set of components required for protecting an external traditional use only Oracle E-Business Suite installation using Access Gateway, Oracle Access Gate and an instance of either Oracle Internet Directory (OID) or Oracle User Directory(OUD). It represents a starting point for other architectures where an Access Gateway cluster protects and provides SSO for an EBS external use application.
This architecture is designed to meet the following requirements:
- Provide external access to an Oracle E-Business Suite application where Oracle AccessGate, and Oracle OID or Oracle OUD are required.
- Fault tolerant - Providing additional instances of Access Gateway, as cluster workers, such that if one is unavailable the cluster continues to perform normally.
- Manage capacity - Providing additional instances of Access Gateway to handle expected load.
Benefits and drawbacks
| Benefits | Drawbacks |
|---|---|
|
|
Architecture
Components
| Location | Component | Description |
|---|---|---|
| External internet | Okta org |
Your Okta org, providing identity services. |
| EBS Users |
Oracle E-Business Suite users, located in the external network. Accessing Oracle E-Business Suite applications located within the internal network. Accessing Oracle E-Business Suite using URL ebs-external.example.com. |
|
| Firewall | External internet to DMZ | Traditional firewall between the external internet and the DMZ hosting Access Gateway. |
| DMZ | Pre Access Gateway load balancer |
Balances load between external users (clients) and the Access Gateway cluster. Positioned between clients and Access Gateway cluster. |
| Access Gateway workers | Access Gateway cluster, located in the DMZ is used to provide access to applications used by external internet clients. | |
| Firewall | DMZ to internal | Traditional firewall between the DMZ and the internal network. |
| Internal network | Access Gateway workers | Access Gateway cluster, located in the DMZ is used to provide access to applications used by external internet clients. |
| Access Gateway admin | Access Gateway admin node, handling configuration, configuration backups, log forwarding and similar activities. Accessed by administrators within the internal network. | |
| Oracle AccessGate instance | Oracle AccessGate instance - used to obtain EBS session cookie. Default port 6801. In architecture shown using URL ebs-accessgate.example.com:6801 |
|
| Oracle EBS Login | Oracle EBS login - traditional internal EBS login. Passed EBS session in header attributes. In architecture shown using URL ebs-internal.example.com:8000 Default port 8000. Regularly synchronized with the EBS Database. |
|
| Oracle OID/OUD | Oracle OUD/oid instance - used for user GUID lookup based on EBS user identity. In architecture shown using URL ebs-oid.example.com:3060 Default port 3060. Regularly synchronized with the EBS Database. |
|
| Oracle EBS Database | Oracle EBS Database - providing supporting details for Oracle OID/OUD. |
Other considerations
Access Gateway creates a datastore to interact with Oracle OID/OUD.