240 likes | 388 Views
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP). Presented By: Author Surender Sara - surender.sara@orabyte.com Co-Author Vivek Pavle - vivek.pavle@orabyte.com. Business Problem. Single Physical OID meta repository instance and server Single Middle Tier instance and server
E N D
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) Presented By: Author Surender Sara - surender.sara@orabyte.comCo-Author Vivek Pavle - vivek.pavle@orabyte.com
Business Problem • Single Physical OID meta repository instance and server • Single Middle Tier instance and server • Have multiple SITES under this setup • Have separate DAS, OIDAMIN user, SSO user and group entries • Separate applications for each site • Shared Tables • Easy of backup • NO REPLICATION or DATA SYNC • NO INVESTMENT IN HARDWARE COST
Typical Architecture of 10gAS • We typically have one Infrastructure server with the following components • HTTP_Server, OC4J_SECURITY, OID, Single Sign-On: orasso, Management • We typically have one Application Server with the following components • Discoverer, Forms, HTTP_Server, OC4J_BI_Forms, OC4J_Portal, Reports Server, Web Cache, Management
Issues With This Deployment • We have shared OID, SSO, DAS on the infrastructure tier, hence single password file management • We have shared portal application users, groups, Single DN entity tree
Business Problem • Single Physical OID meta repository instance and server • Single Middle Tier instance and server • Have multiple SITES under this setup • Have separate DAS, OIDAMIN user, SSO user and group entries • Separate applications for each site • Shared Tables • Easy of backup • NO REPLICATION or DATA SYNC • NO INVESTMENT IN HARDWARE COST
GOALS MET ? • NO – Redundant hardware • NO – Duplicated OID entries • Lack of Single Super Administrator access which can manage all instances. • Maintenance cost directly proportional to the scale of system • Very high cost for scalability
What is Virtual Private portal (VPP)? Multiple Portal Sites Supported over one Application Server instance.
How VPP Works • Oracle AS VPP is based on Virtual Private Database (VPD) technology. • It involves adding a context column which distinguishes site/subscriber in the database tables and employing policy to restrict queries based on context of the logged in user. • OID Administration of each site sub-tree can be delegated and the default subscriber admin can manage the whole tree.
VPP Benefits Demo • Secure setup • Low cost setup • Each site/customer completely isolated • Highly Scalable • Easy to Manage • Virtually no cost to scale
Step - I : Enable VPP on the host VPP – The solution • cd /d02/10g_PORTAL/portal/admin/plsql/wwhost • ./enblhstg.csh -pc rhas2.oracletop.com:1521:asdb -ps portal -pw ZcMulMDW -sc rhas2.oracletop.com:1521:asdb -ss orasso -sw H1JZ4DFT -h rhas2.oracletop.com -p 3060 -d "cn=orcladmin" -w pwd123 • [oracle@rhas2 bin]$ ./opmnctl stopproc ias-component=OC4J • opmnctl: stopping opmn managed processes... • [oracle@rhas2 bin]$ ./opmnctl startproc ias-component=OC4J
Modify Login.jsp • ORACLE_HOME/j2ee/OC4J_SECURITY/applications/sso/web/jsp <!-- UNCOMMENT TO ENABLE MULTIPLE REALM SUPPORT <tr> <label> <th id="c6"><font class="OraFieldText"><%=msgBundle.getString(ServerMsgID.COMPANY_ LBL)%></font></th> <td headers="c6"> <INPUT TYPE="text" SIZE="30" MAXLENGTH="50" NAME="subscribername" value=""></td> </label> </tr> -->
Step-II : Add Subscribers to VPP VPP – The solution • cd /d02/10g_PORTAL/portal/admin/plsql/wwhost • ./addsub.csh -name SURENDER -id 1003 -type all -pc rhas2.oracletop.com:1521:asdb -pp pwd123 -ps portal -pw ZcMulMDW -sc rhas2.oracletop.com:1521:asdb -sp pwd123 -ss orasso -sw H1JZ4DFT -a portal.asdb.rhas2.oracletop.com -h rhas2.oracletop.com -p 3060 -d "cn=orcladmin" -w pwd123 -rc "cn=OracleContext" -sd oracletop -tp /d02/10g_INFRA/ldap/schema/oid/ # Make sure to point ex to vi - else this will fail
VPP – The solution Step-III : Apache Configuration • # Add following in httpd.conf under PORTAL Home <VirtualHost 67.100.66.98:7779> port 7778 RewriteEngine on RewriteRule ^/$ /pls/portal/portal.home [PT,L,NS] </VirtualHost>
Step-III : Setting up Branded URL VPP – The solution • cd /d02/10g_PORTAL/portal/admin/plsql/wwhost • ./addburl.csh -name SURENDEDR -pc rhas2.oracletop.com:1521:asdb -ps portal -pw ZcMulMDW -pu http://surender.oracletop.com:7778/pls/portal -sc rhas2.oracletop.com:1521:asdb -ss orasso -sw H1JZ4DFT -su http://surender.oracletop.com:7777/pls/orasso
VPP – The solution • cd /d02/10g_PORTAL/portal/admin/plsql/wwhost • ./rmsub.csh -name VIVEK -pc rhas2.oracletop.com:1521:asdb -pp pwd123 -ps portal -sc rhas2.oracletop.com:1521:asdb -sp pwd123 -ss orasso -a portal.asdb.rhas2.oracletop.com -h rhas2.oracletop.com -p 3060 -d "cn=orcladmin" -w pwd123 -cs 1000
Limitations / Restrictions • Data Sharing not allowed for security purposes. • ASP users and groups can not be more than two levels deep. • Manage non-default subscribers' ASP users and groups only with hosting scripts. • ASP group is only a placeholder for ASP users and groups. Privileges are not propagated to subscribers.
Advanced Operations • ASP users/groups management (sync) • Removing subscribers • WebDAV support • Ultrasearch Support
Q & A Surender.sara@orabyte.com