Configuring E-Business Suite to Use the BIG-IP

Configuring E-Business Suite to Use the BIG-IP

• The Ebusiness suite configuration changes are extremely simple
• There are 6 Autoconfig variables that require configuration ..see note 380489.1
• s_webentryurlprotocol
• s_webentryhost
• s_webentrydomain
• s_active_webport v’s s_webport
• s_login_page
• s_external_url (web services


Configuring E-Business Suite to Use the BIG-IP
• s_webentryurlprotocol remains at http
• s_webentryhost changes from atg and apcappsx7 to bigip I.e. our virtual server
• s_webentrydomain remains at au.oracle.com
• s_active_webport changes from 8000 to 80
• s_login_page changes from http://atg.au.oracle.com:8000/OA_HTML/AppsLocalLogin.jsp and
http://apcappsx7.au.oracle.com:8000/OA_HTML/AppsLocalLogin.jsp to
http://bigip.au.oracle.com/OA_HTML/AppsLogin
• s_external_url remains unchanged. This is used for external connection for web services


Configuring E-Business Suite to Use the BIG-IP


• Make the changes in the previous slides on ALL application tiers
• Run Autoconfig on each application tier
• Re-start all application tier services on each application tier
The configuration on the E-Business Suite is now complete!
The new entry point is: http://bigip.au.oracle.com

============================================================================================================

Turning Off Load Balancing
• When debugging issues it may be of benefit in some situations to turn off load balancing alltogether to determine if
the load balancer is the cause of the particular issue
• One can use the following steps to quickly disable load balancing.
• Choose 1 middle tier to make the following changes
• Revert the autoconfig changes in the previous steps e.g.
• s_webentryurlprotocol remains at http
• s_webentryhost reverts to atg from bigip (actual app tier hostname)
• s_webentrydomain remains at au.oracle.com (actual app tier domain)
• s_active_webport reverts to 8000 from 80 (s_webport)
• s_login_page reverts to the original setting

Turning Off Load Balancing continued…
• Run Autoconfig
• Attempt to access this middle tier to determine if the problem can be reproduced
• If the problem is unable to be reproduced then its clear the problem is caused by the load balancer setup.
• Create a service request with BOTH the hardware vendor and Oracle



Presenter Note: Run Autoconfig on 2nd node
• SSL termination / Acceleration
• Multiple Entry Points
• Xforwarded-For



Enabling SSL Termination/Acceleration
Background Information
• Secure Socket Layer (SSL) Accelerators can be used to reduce the SSL traffic and workload off the web servers.
• SSL accelerators are the primary targets for https requests from the user's desktop and thus are the initial target for
all desktop client communication.
• Responsible for converting "https" SSL requests to non-SSL "http" requests, directing the request to the http server
which is running in non-SSL mode. Before sending the response back to the desktop they again convert the non-
SSL requests to SSL requests
• Improves performance
• Reduces complexity and maintenance
• SSL termination is not for everyone – security, network setup




Enabling SSL Termination/Acceleration – on the load balancer
• Select local traffic – SSL Certificates
• Select the create button
• Fill in the certificate properties and select the finished button
• Create a client SSL profile by selecting Local traffic – profiles – SSL – client tab
• Assign the certificate name created in the previous step to the „certificate? and „key? sections. Give the profile a
name e.g. „oracle-ebs-clientssl„ and select the update button
• Assign the profile to the virtual server. Local Traffic – virtual server. Choose your virtual server and now select the
ssl profile via the „SSL Profile (Client)? option
• Under the Virtual server change the Service port to 443

Enabling SSL Termination/Acceleration – on the application tier
• Autoconfig changes
• Change s_webentryurlprotocol to https
• Change s_login_page and s_external_url to use https
• Change s_active_webport from 80 to 443
• Change s_enable_sslterminator by removing the #
• Resolves logout issues
• Important: You must refer to note 376700.1 „SSL and R12?
• This assumes that the load balancer was previously configured as the entry point and we are now simply enabling
SSL
• Run Autoconfig on all web nodes
• Restart services ----? https://big.au.oracle.com

Users access ebusiness suite using multiple urls
• Servesp level profiles are used
• txkChangeProfH.sql SERVRESP
• Each url is serviced by a different VS on the load balancer
• Autoconfig changes


=============================================================================================================================



• This is not mandatory........but has been a common question
• If the BIG-IP is configured with a single interface or if SNAT is enabled on the virtual server then all requests in the
access_log will be that of the virtual server IP
• The X-Forwarded-For HTTP header field is a standard for identifying the originating IP address of a client
connecting to a web server through an HTTP proxy or load balancer
• enabling XForwarded-For adds the IP address of the client as the value of the XForwarded-For in the header.
• useful for security, auditing and diagnosis of issues
Load balancer configuration
Enable the „Insert Xforwarded For? setting for the http profile being used.
Ebusiness suite configuration
Change the httpd.conf log format to
LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b %T \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" X-Forwarded-For
Stop and Start the Http server