solucion soa oracle

8/7/2019 Solucion Soa Oracle

1/16

TESTING &INTEGRATION GROUP

AppDirector and AppXcel With Oracle Application

Server 10g Release 3 (10.1.3.1.0) - Oracle SOASuite Enterprise Deployment

INTRODUCTION......................................................................................................................... 2

SOLUTION DETAILS................................................................................................................. 2

SOFTWARE AND HARDWARE USED................................................................................... 6

NETWORK DIAGRAM .............................................................................................................. 7

MYSOACOMPANY WITH ORACLE SINGLE SIGN-ON..................................................................... 7

CONFIGURATION...................................................................................................................... 8

APPDIRECTOR.............................................................................................................................. 8

APPXCEL ................................................................................................................................... 12

TECHNICAL DOCUMENTTest Engineer: Iztok Umek

AUTHOR: Steve JenningsDATE: Friday, May 18, 2007

Version: 1.2


2/16

AppDirector, AppXcel with Oracle Application Server 1/2/2008

COMPANY CONFIDENTIAL 2

Introduction

AppDirector and AppXcel w ithin the Oracle SOA Suite

Oracles SOA Suite is a complete set of service infrastructure components for building,

deploying, and managing SOAs. Oracle SOA Suite enables services to be created, managedand orchestrated into composite applications and business processes. Architects and

developers are addressing the complexity of their application and IT environments withOracle SOA Suite which facilitates the development of enterprise applications as modular

business services that can be easily integrated and reused, creating a truly flexible,adaptable IT infrastructure.

With AppDirector and AppXcel, the Oracle SOA Suite can be further enhanced to provide

increased scalability, performance and reliability to the benefits offered by the Oracle SOASuite. This document describes the architecture and configuration detail to integrate the

Radware products into the SOA environment

Solution Details

The solution described below employs an AppDirector for load balancing incomingapplication service requests to the Oracle SOA application, session persistency, and web

acceleration configured with an AppXcel farm for SSL decryption/encryption off loading. TheAppDirector is configured with 5 server farms: HTTP and HTTPS SSO farms, HTTP and

HTTPS SOA farms, and an Oracle Internet Directory farm. These entities are described

below. The AppXcel is configured with two tunnels. Configuration details for both theAppDirector and AppXcel are given later in the document.

The diagram below shows a schematic view of the environment under test, indicating the

flows between the Oracle SOA Suite components and the Radware AppDirectors and

AppXcels.

Schematic View of Test Environment


3/16



How it works

A user desiring access to an SOA application generates a request directed toward the Oracle

HTTP Server (OHS). The AppDirector load balances these requests between the definedOracle HTTP Servers. In the tested scenario, the SOA application is registered with Oracle

Containers for Java (OC4J) as a Single Sign-On application. So when the OHS serverreceives the request the SSO process checks whether or not a cookie exists for the user

which would indicate that it has already been authenticated. If not, the OHS redirects theuser to an SSO process login / password prompt and the user then enters login credentials.This connection is secure and when the response reaches the AppDirector it is forwarded to

the AppXcel farm to be decrypted and processed.

Also for the test, the SOA application is defined to the Oracle Internet Directory for identitymanagement so the SSO process queries the OID server using the LDAP protocol for the

users Distinguished Name (DN) and to obtain role / group information for user accesspermissions. This request is passed through the AppDirector where it is load balanced

across the OID server farm. Once the user credentials are authenticated the application

binds to the directory and the users group / role information is retrieved from the OID.Subsequent requests by the user to the SOA application are then passed directly to the SOA

application server and load balanced appropriately.

AppDirector - P olicies, Farms, Servers

There are 3 VIPs defined on the AppDirector with 2 policies defined for each VIP. The first

VIP (10.143.181.37) has 2 policies associated with it: policy oidtcp389 and policy

oidtcp636. These policies listen for inbound traffic on TCP ports 389 and 636 directedtoward the Oracle Information Directory servers.

Policy: oidtcp389Port: TCP port 389

Farm: oid

Servers:Lnxi02 10.143.180.247

Lnxi03 10.143.180.248

Policy: oidtcp636Port: TCP port 636

Farm: oid

Servers:Lnxi02 10.143.180.247

Lnxi03 10.143.180.248

The second VIP (10.143.181.38) has 2 policies associated with it. The policy soahttp listens

for inbound HTTP traffic directed toward the Oracle Application Servers and sends matching

traffic to the servers associated with the SOA farm. The policy soahttps listens for inboundHTTPS traffic and passes it to the AppXcel farms to offload the SSL processing.

Policy: soahttpsPort: TCP port 443

Farm: soassl

Servers:


4/16



Tunnel_192.168.1.102

Tunnel_192.168.1.202

Policy: soahttpPort: TCP port 80

Farm: soahttpServers:

Lnxi06 10.143.180.251:7777Lnxi07 10.143.180.252:7777

The third VIP (10.143.181.36) has 2 policies associated with it: policy ssohttp listens forinbound HTTP traffic directed toward the SSO service from from OHS, and ssohttps which

listens for HTTPS traffic and directs the matching inbound traffic to the AppXcel EP Farm tooff load the SSL processing.

Policy: ssohttp

Port: TCP port 80Farm: sso

Servers:Lnxi02: 10.143.180.247:7777

Lnxi03: 10.143.180.248:7777

Policy: ssohttps

Port: TCP port 443Farm: ssohttps

Servers:Tunnel_192.168.1.102

Tunnel_192.168.1.202

Health Monitoring

There are 6 Health Checks as follows.

Health Check: OID-lnxi02

Check Element: lnxi02Method: LDAP

Method Arguments:User Name: cn=cladmin

Password: (cladmin password)Attribute name: cn

Search value: asdb

Dest Port: 389

Health Check: OID-lnxi03Check Element: lnxi03

Method: LDAPMethod Arguments:

User Name: cn=cladminPassword: (cladmin password)

Attribute name: cnSearch value: asdb

Dest Port: 389

Health Check: SSO-HealthCheck-lnxi02Check Element: lnxi02


5/16



Method: HTTP

Method Arguments:Path: /sso/status

HTTP method: GETProxy HTTP: Yes

Pragma Nocache: YesMatch Search String: OC4J_Security is running.

Match Mode: String ExistsDest Port: 7777


Method: HTTPMethod Arguments:

Path: /sso/status


Pragma Nocache: YesMatch Search String: OC4J_Security is running.


Health Check: SOA-lnxi06Check Element: lnxi06


Path: /,HTTP method: GET

Proxy HTTP: Yes

Pragma Nocache: YesMatch Mode: String is Absent

HTTP Return Code: 200

Dest Port: 7777

Health Check: SOA-lnxi07

Check Element: lnxi07



Proxy HTTP: YesPragma Nocache: Yes

Match Mode: String is Absent

HTTP Return Code: 200Dest Port: 7777

AppXcel - Tunnels

There are 2 tunnels defined on the AppXcel:

Virtual Host IP Remote IP Listen Port Remote Port192.168.1.101 10.143.181.38 443 80

192.168.1.202 10.143.181.36 443 80


6/16



Software and Hardware used

Radwares AppDirector, hardware version 1.10, software version 1.03.04

Radwares AppXcel, device model XS1, software version 1.02.06


7/16



Network DiagrammySOAcompany w ith Oracle Single Sign-On


8/16



Configuration

AppDirector

Network Interfaces

Create IP 10.143.180.215/24 on port 2Create IP 192.168.1.1/24 on port 1

Create farms with the follow ing attributes:

Farm Name: oidAging Time: 300

Dispatch Method: CyclicSessions Mode: EntryPerSession

Connectivity Check: No Checks

Farm Name: ssoAging Time: 600Dispatch Method: Cyclic

Sessions Mode: EntryPerSessionConnectivity Check: No Checks

Farm Name: ssossl

Aging Time: 300


Connectivity Check: TCP PortConnectivity Check Port: HTTPS

Farm Name: soaAging Time: 600Dispatch Method: Cyclic

Sessions Mode: EntryPerSession

Connectivity Check: No Checks

Farm Name: soasslAging Time: 600


Connectivity Check: TCP PortConnectivity Check Port: HTTPS

Create servers with the follow ing attributes:

Farm Name: oidServer Address: 10.143.180.247

Server Port: NoneServer Name: lnxi02

Client NAT: EnabledClient NAT Range: 10.143.181.39

Farm Name: oid


9/16



Server Address: 10.143.180.248

Server Port: NoneServer Name: lnxi03

Client NAT: EnabledClient NAT Range: 10.143.181.39

Farm Name: ssossl

Server Address: 192.168.1.102Server Port: 443Server Name: Tunnel_192.168.1.102

Farm Name: ssossl

Server Address: 192.168.1.202Server Port: 443

Server Name: Tunnel_192.168.1.202

Farm Name: sso


Server Name: lnxi02Client NAT: Enabled

Client NAT Range: 10.143.181.39

Farm Name: sso




Farm Name: soassl

Server Address: 192.168.1.101

Server Port: 443Server Name: Tunnel_192.168.1.101

Farm Name: soassl


Server Name: Tunnel_192.168.1.201

Farm Name: soaServer Address: 10.143.180.251

Server Port: 7777



Farm Name: soaServer Address: 10.143.180.252

Server Port: 7777




10/16



Create L4 Policies w ith the follow ing attributes:

Virtual IP: 10.143.181.37

L4 Protocol: TCPL4 Port: 389

L4 Policy Name: oidtcp389Farm Name: oid

Application: TCP

Virtual IP: 10.143.181.37


L4 Policy Name: oidtcp636Farm Name: oid

Application: TCP

Virtual IP: 10.143.181.36


L4 Policy Name: ssohttpFarm Name: sso

Application: HTTP

Virtual IP: 10.143.181.36


L4 Policy Name: ssohttpsFarm Name: ssossl

Application: HTTPS

Virtual IP: 10.143.181.38

L4 Protocol: TCP

L4 Port: 80L4 Policy Name: soahttpFarm Name: soa

Application: HTTP

Virtual IP: 10.143.181.38


L4 Policy Name: soahttpsFarm Name: soassl

Application: HTTPS

Create Health Checks with the follow ing attributes:


Method: LDAP

Method Arguments:User Name: cn=cladmin

Password: (cladmin password)Attribute name: cn

Search value: asdbDest Port: 389


11/16




Method: LDAPMethod Arguments:

User Name: cn=cladminPassword: (cladmin password)

Attribute name: cnSearch value: asdbDest Port: 389



Path: /sso/statusHTTP method: GET


Match Search String: OC4J_Security is running.Match Mode: String ExistsDest Port: 7777

Health Check: SSO-HealthCheck-lnxi03

Check Element: lnxi03Method: HTTP

Method Arguments:

Path: /sso/statusHTTP method: GET


Match Search String: OC4J_Security is running.


Health Check: SOA-lnxi06

Check Element: lnxi06Method: HTTP

Method Arguments:Path: /,


Pragma Nocache: Yes

Match Mode: String is AbsentHTTP Return Code: 200

Dest Port: 7777

Health Check: SOA-lnxi07Check Element: lnxi07



Proxy HTTP: Yes

Pragma Nocache: YesMatch Mode: String is Absent


12/16



HTTP Return Code: 200

Dest Port: 7777

AppXcel

-------------------------------------------------------

AppXcel 100 Configuration-------------------------------------------------------

appxcel fips mode get--------------------

Current FIPS mode is: none.

appxcel security-world get--------------------------Fips is not supported.

appxcel certificate get---------------------

Country Name = USState or Province name = New York

Locality Name = New YorkOrganization Name = RadwareOrganizational Unit Name = ApplicationServersCommon Name = www.radware.comEmail Address = [email protected]

appxcel key table get-------------------

Keys:

|-------|------|------|-------------------------------------------------------|| Index | Size | Cert | Common Name ||=======|======|======|=======================================================|| 1 | 1024 | Crt | soa.us.oracle.com || 2 | 1024 | Crt | sso.us.oracle.com ||-------|------|------|-------------------------------------------------------|

appxcel key get --------------------------

Info for Key number 1 :-----------------------Certificate (csr/crt/int) = crtDate not before = Apr 17 19:09:05 2007 GMTDate not after = Apr 16 19:09:05 2008 GMTKey Size (512/1024/2048) = 1024Common Name = soa.us.oracle.com

Tunnel IP / Server Name------ -------------------

1 soa.us.oracle.com

Info for Key number 2 :

-----------------------Certificate (csr/crt/int) = crtDate not before = Apr 17 19:09:32 2007 GMTDate not after = Apr 16 19:09:32 2008 GMTKey Size (512/1024/2048) = 1024Common Name = sso.us.oracle.com

Tunnel IP / Server Name------ -------------------

2 sso.us.oracle.com

appxcel local-triangulation get-------------------------------

Current local triangulation status is off.


13/16



appxcel mode get---------------

Active mode is: proxy

appxcel tunnel table get----------------------

Tunnels:

|-------|---------|-----------------|--------|-----------------|--------|-----|| Index | Enabled | Virtual Host IP | Listen | Remote IP | Remote | Key || | | | Port | | Port | ID ||=======|=========|=================|========|=================|========|=====|| 1 | yes | 192.168.1.101 | 443 | 10.143.181.38 | 80 | 1|| 2 | yes | 192.168.1.102 | 443 | 10.143.181.36 | 80 | 2||-------|---------|-----------------|--------|-----------------|--------|-----|

appxcel tunnel get -----------------------------

Tunnel info for Tunnel ID 1 :=================================Enabled : yesLAN : 2Default Gateway : 192.168.1.10

Virtual Host IP : 192.168.1.101Listening Port : 443Interface IP : 192.168.1.101Netmask : 255.255.255.0Remote IP : 10.143.181.38Remote Port : 80Transparent : onHostname : soa.us.oracle.comKeep Alive : onKeep Alive Timeout : 15Compression method : gzipGzip engine : offHTTP redirect : offHTTP redirect port :HTTPS redirect : offHTTP multiplexing : offHTTP multiplexing timeout : 0HTTP garbage : offSSL Key ID : 1

CipherSuites : RSABackend SSL : offBackend CipherSuites : LOWBackend L7 LB port : 0Service : httpClient CA : noCRL : noClient Timeout : 30Backend Timeout : 300Cache status : offCache expiration time : 86400Jpeg reduction status : offJpeg reduction ratio : 50Url-Rewerite Policy : noneUrl-Rewrite mode : disableUrl-Rewrite Default URL : noneLDAP authentication : offCdp tunnel bindings : none

Tunnel info for Tunnel ID 2 :=================================Enabled : yesLAN : 2Default Gateway : 192.168.1.10Virtual Host IP : 192.168.1.102Listening Port : 443Interface IP : 192.168.1.102Netmask : 255.255.255.0Remote IP : 10.143.181.36Remote Port : 80Transparent : onHostname : sso.us.oracle.comKeep Alive : onKeep Alive Timeout : 15Compression method : gzip


14/16



Gzip engine : offHTTP redirect : offHTTP redirect port :HTTPS redirect : offHTTP multiplexing : offHTTP multiplexing timeout : 0HTTP garbage : offSSL Key ID : 2CipherSuites : RSABackend SSL : offBackend CipherSuites : LOW

Backend L7 LB port : 0Service : httpClient CA : noCRL : noClient Timeout : 30Backend Timeout : 300Cache status : offCache expiration time : 86400Jpeg reduction status : offJpeg reduction ratio : 50Url-Rewerite Policy : noneUrl-Rewrite mode : disableUrl-Rewrite Default URL : noneLDAP authentication : offCdp tunnel bindings : none

ct url-rewrite policy table get----------------------------------

There are no url-rewrite policies.

-------------------------------------------------Network Configuration

-------------------------------------------------

net arp table get--------------------|-----------------|--------------------|-----------|| Address | HWaddress (MAC) | Interface ||=================|====================|===========|| 10.143.180.1 | 00:0E:38:24:72:3F | Lan1 || 192.168.1.2 | 00:03:B2:2E:3E:40 | Lan2 || 10.143.181.36 | 00:00:5E:00:01:B4 | Lan1 || 10.143.181.38 | 00:00:5E:00:01:B4 | Lan1 || 192.168.1.1 | 00:03:B2:2E:3A:00 | Lan2 ||-----------------|--------------------|-----------|

net dns table get--------------------

Configured Dns Table:

|-----------|-----------------|| Priority | IP address ||===========|=================||-----------|-----------------|

net management-ip get------------------------------

Management interfaces:

|-----------------|-----------------|-----------|

| IP Address | Net Mask | Interface ||=================|=================|===========|| 10.143.181.41 | 255.255.252.0 | Lan1 ||-----------------|-----------------|-----------|

net physical-interface table get---------------------------------

Physical Interfaces:

|-------|------------------------|-------|-------|----------------|------|| Index | Type | Speed | Duplex| Auto Negotiate | Link ||=======|========================|=======|=======|================|======|| 1 | Giga Ethernet (Copper) | 100 | full | on | up || 2 | Giga Ethernet (Copper) | 100 | full | on | up |


15/16



|-------|------------------------|-------|-------|----------------|------|

net route table get-----------------------Configured Routing Table:

|----------------------|-----------------|-----------------|-----------------|| Type | Destination | Netmask | Gateway ||======================|=================|=================|=================|| Management DefaultGW | | | 10.143.180.1 |

|----------------------|-----------------|-----------------|-----------------|Active Interface Routing Table:

|----------------------|-----------------|-----------------|-----------------|| Type | Destination | Netmask | Gateway ||======================|=================|=================|=================|| Default | | | 127.0.0.1 || Management DefaultGW | | | 10.143.180.1 ||----------------------|-----------------|-----------------|-----------------|

------------------------------------------------System Configuration

------------------------------------------------

system bypass get-------------------------Bypass is disabled.

system date get---------------------

Current date:Wed Apr 18 15:33:26 UTC 2007

system device community get--------------------------------------

The current community string is public.

system device info get-----------------------------

Device model: D V2.

Software version: AppXcel Version 1.02.06 Build Nov_26_2006_10-42-50.TPS: 4000.

Concurrent connections: 20000.

RAM size: 512 MB.

Mac Lan 1: 0010F30C622B.

Mac Lan 2: 0010F30C622C.

Type Lan 1: Giga Ethernet (Copper).

Type Lan 2: Giga Ethernet (Copper).

SSL Card: Cavium.

Compression Card: Active.

system device name get--------------------------------

The current device name is atlradax1.

system license concurrent-connections get--------------------------------------------------------

Current license is appxcel-4000-TPS-20000-CEC.

system license tps get-----------------------------


16/16



Current license is appxcel-4000-TPS-20000-CEC.

system mode get----------------------

Current system mode is: active

system terminal baudrate get-------------------------------------

Current terminal speed is: 19,200

system management ssh get-------------------------------------

The SSH agent is currently on.

system management wbm get--------------------------------------

The WBM/CWI agent is currently on.

solucion soa oracle

Documents