1 / 24

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP). Presented By: Author Surender Sara - surender.sara@orabyte.com Co-Author Vivek Pavle - vivek.pavle@orabyte.com. Business Problem. Single Physical OID meta repository instance and server Single Middle Tier instance and server

gala
Download Presentation

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) Presented By: Author Surender Sara - surender.sara@orabyte.comCo-Author Vivek Pavle - vivek.pavle@orabyte.com

  2. Business Problem • Single Physical OID meta repository instance and server • Single Middle Tier instance and server • Have multiple SITES under this setup • Have separate DAS, OIDAMIN user, SSO user and group entries • Separate applications for each site • Shared Tables • Easy of backup • NO REPLICATION or DATA SYNC • NO INVESTMENT IN HARDWARE COST

  3. Typical Architecture of 10gAS

  4. Typical Architecture of 10gAS • We typically have one Infrastructure server with the following components • HTTP_Server, OC4J_SECURITY, OID, Single Sign-On: orasso, Management • We typically have one Application Server with the following components • Discoverer, Forms, HTTP_Server, OC4J_BI_Forms, OC4J_Portal, Reports Server, Web Cache, Management

  5. Issues With This Deployment • We have shared OID, SSO, DAS on the infrastructure tier, hence single password file management • We have shared portal application users, groups, Single DN entity tree

  6. Business Problem • Single Physical OID meta repository instance and server • Single Middle Tier instance and server • Have multiple SITES under this setup • Have separate DAS, OIDAMIN user, SSO user and group entries • Separate applications for each site • Shared Tables • Easy of backup • NO REPLICATION or DATA SYNC • NO INVESTMENT IN HARDWARE COST

  7. OPTION 1- Multiple Hosts >>Multiple Sites

  8. GOALS MET ? • NO – Redundant hardware • NO – Duplicated OID entries • Lack of Single Super Administrator access which can manage all instances. • Maintenance cost directly proportional to the scale of system • Very high cost for scalability

  9. What is Virtual Private portal (VPP)? Multiple Portal Sites Supported over one Application Server instance.

  10. How VPP Works • Oracle AS VPP is based on Virtual Private Database (VPD) technology. • It involves adding a context column which distinguishes site/subscriber in the database tables and employing policy to restrict queries based on context of the logged in user. • OID Administration of each site sub-tree can be delegated and the default subscriber admin can manage the whole tree.

  11. VPP Benefits Demo • Secure setup • Low cost setup • Each site/customer completely isolated • Highly Scalable • Easy to Manage • Virtually no cost to scale

  12. Step - I : Enable VPP on the host VPP – The solution • cd /d02/10g_PORTAL/portal/admin/plsql/wwhost • ./enblhstg.csh -pc rhas2.oracletop.com:1521:asdb -ps portal -pw ZcMulMDW -sc rhas2.oracletop.com:1521:asdb -ss orasso -sw H1JZ4DFT -h rhas2.oracletop.com -p 3060 -d "cn=orcladmin" -w pwd123 • [oracle@rhas2 bin]$ ./opmnctl stopproc ias-component=OC4J • opmnctl: stopping opmn managed processes... • [oracle@rhas2 bin]$ ./opmnctl startproc ias-component=OC4J

  13. Modify Login.jsp • ORACLE_HOME/j2ee/OC4J_SECURITY/applications/sso/web/jsp <!-- UNCOMMENT TO ENABLE MULTIPLE REALM SUPPORT <tr> <label> <th id="c6"><font class="OraFieldText"><%=msgBundle.getString(ServerMsgID.COMPANY_ LBL)%></font></th> <td headers="c6"> <INPUT TYPE="text" SIZE="30" MAXLENGTH="50" NAME="subscribername" value=""></td> </label> </tr> -->

  14. OID Tree Before running the script

  15. OID Tree after enabling VPP

  16. Step-II : Add Subscribers to VPP VPP – The solution • cd /d02/10g_PORTAL/portal/admin/plsql/wwhost • ./addsub.csh -name SURENDER -id 1003 -type all -pc rhas2.oracletop.com:1521:asdb -pp pwd123 -ps portal -pw ZcMulMDW -sc rhas2.oracletop.com:1521:asdb -sp pwd123 -ss orasso -sw H1JZ4DFT -a portal.asdb.rhas2.oracletop.com -h rhas2.oracletop.com -p 3060 -d "cn=orcladmin" -w pwd123 -rc "cn=OracleContext" -sd oracletop -tp /d02/10g_INFRA/ldap/schema/oid/ # Make sure to point ex to vi - else this will fail

  17. Subscriber entry in OID and Portal

  18. VPP – The solution Step-III : Apache Configuration • # Add following in httpd.conf under PORTAL Home <VirtualHost 67.100.66.98:7779> port 7778 RewriteEngine on RewriteRule ^/$ /pls/portal/portal.home [PT,L,NS] </VirtualHost>

  19. Step-III : Setting up Branded URL VPP – The solution • cd /d02/10g_PORTAL/portal/admin/plsql/wwhost • ./addburl.csh -name SURENDEDR -pc rhas2.oracletop.com:1521:asdb -ps portal -pw ZcMulMDW -pu http://surender.oracletop.com:7778/pls/portal -sc rhas2.oracletop.com:1521:asdb -ss orasso -sw H1JZ4DFT -su http://surender.oracletop.com:7777/pls/orasso

  20. VPP – The solution • cd /d02/10g_PORTAL/portal/admin/plsql/wwhost • ./rmsub.csh -name VIVEK -pc rhas2.oracletop.com:1521:asdb -pp pwd123 -ps portal -sc rhas2.oracletop.com:1521:asdb -sp pwd123 -ss orasso -a portal.asdb.rhas2.oracletop.com -h rhas2.oracletop.com -p 3060 -d "cn=orcladmin" -w pwd123 -cs 1000

  21. OID after implementing VPP

  22. Limitations / Restrictions • Data Sharing not allowed for security purposes. • ASP users and groups can not be more than two levels deep. • Manage non-default subscribers' ASP users and groups only with hosting scripts. • ASP group is only a placeholder for ASP users and groups. Privileges are not propagated to subscribers.

  23. Advanced Operations • ASP users/groups management (sync) • Removing subscribers • WebDAV support • Ultrasearch Support

  24. Q & A Surender.sara@orabyte.com

More Related