Oracle E-Business suite classic external application reference architecture
The EBS classic external Access Gateway architecture represents a set of components required for protecting an external traditional use only Oracle E-Business Suite installation using Access Gateway, Oracle Access Gate and an instance of either Oracle Internet Directory (OID) or Oracle User Directory(OUD). It represents a starting point for other architectures where an Access Gateway cluster protects and provides SSO for an EBS external use application.
This architecture is designed to meet the following requirements:
- Provide external access to an Oracle E-Business Suite application where Oracle AccessGate, and Oracle OID or Oracle OUD are required.
- Fault tolerant - Providing additional instances of Access Gateway, as cluster workers, such that if one is unavailable the cluster continues to perform normally.
- Manage capacity - Providing additional instances of Access Gateway to handle expected load.
Benefits and drawbacks
|External internet||Okta org||
Your Okta org, providing identity services.
Oracle E-Business Suite users, located in the external network. Accessing Oracle E-Business Suite applications located within the internal network.
Accessing Oracle E-Business Suite using URL ebs-external.example.com.
|Firewall||External internet to DMZ||Traditional firewall between the external internet and the DMZ hosting Access Gateway.|
|DMZ||Pre Access Gateway load balancer||
Balances load between external users (clients) and the Access Gateway cluster.
Positioned between clients and Access Gateway cluster.
|Access Gateway workers||Access Gateway cluster, located in the DMZ is used to provide access to applications used by external internet clients.|
|Firewall||DMZ to internal||Traditional firewall between the DMZ and the internal network.|
|Internal network||Access Gateway workers||Access Gateway cluster, located in the DMZ is used to provide access to applications used by external internet clients.|
|Access Gateway admin||Access Gateway admin node, handling configuration, configuration backups, log forwarding and similar activities. Accessed by administrators within the internal network.|
|Oracle AccessGate instance||Oracle AccessGate instance - used to obtain EBS session cookie.
Default port 6801.
In architecture shown using URL ebs-accessgate.example.com:6801
|Oracle EBS Login||Oracle EBS login - traditional internal EBS login.
Passed EBS session in header attributes.
In architecture shown using URL ebs-internal.example.com:8000
Default port 8000. Regularly synchronized with the EBS Database.
|Oracle OID/OUD||Oracle OUD/oid instance - used for user GUID lookup based on EBS user identity.
In architecture shown using URL ebs-oid.example.com:3060
Default port 3060. Regularly synchronized with the EBS Database.
|Oracle EBS Database||Oracle EBS Database - providing supporting details for Oracle OID/OUD.|
Access Gateway creates a datastore to interact with Oracle OID/OUD.