Presentation is loading. Please wait.

Presentation is loading. Please wait.

Oracle On Demand Access Objectives  What Systems You May Access  Your Accounts, Privileges, and Commands  Request Exceptions In Advance – Access to.

Published byDustin Reynolds Modified over 9 years ago

Similar presentations

Presentation on theme: "Oracle On Demand Access Objectives  What Systems You May Access  Your Accounts, Privileges, and Commands  Request Exceptions In Advance – Access to."— Presentation transcript:

1

2 Oracle On Demand Access

3 Objectives  What Systems You May Access  Your Accounts, Privileges, and Commands  Request Exceptions In Advance – Access to Systems, Accounts, Privileges, or Commands Not Contained in the Standards Require Written Approval in Advance by Oracle On Demand  Access Oversight – Misuse May Result in Loss Of Access

4 Oracle On Demand: Access Standard Product Support Service Request Customer/Implementer Service Delivery Manager On Demand HUB Configurations Information Patches Alerts, Patch Sets, Workarounds Software Issues Product Development On Demand Delivery Toll Free Number Service Requests Oracle Metalink Customer Portal Systems OEM Alert Toggle

5 Agenda  How You Connect to The On Demand Intranet  On Demand Powerbroker Basics  Your Capabilities – Linux – Technology Stack (DB & iAS) – Applications Administration  How You Transfer Files To or From Oracle On Demand Note: This material is EBSO specific. OTO Data Will be Included in a Future Update.

6 How You Connect  @Oracle Model – Through the Oracle On Demand Hardware VPN  Software VPN Connections Are Not Allowed  Connections From an Intranet Other Than the Customer’s Are Not Allowed  @Customer Model – Through Customers’ Access Mechanisms  You Do Not Have Access to the On Demand Intranet

7 On Demand Powerbroker Basics  SAS 70 Type II Compliant – Who, When, Where, What  Limited Set of Customer Accessible Accounts  Controls Access to Accounts and Functions – Powerbroker Policies Map Predefined Accounts and Functions  Provides Keystroke Logging – Keystrokes, Standard Output, Standard Error Individual Linux Account Powerbroker Controlled Linux Accounts Powerbroker Named Linux Account

8 On Demand Powerbroker Basics  Controls Access to Accounts and Functions – Powerbroker Policies Map Predefined Accounts and Functions  “customer”: Read Only Access to All Database Objects, Access to Oracle Applications Interface Tables  “impanalyst”: Read Only Access to Product, Write Access to XBOL_TOP  “impdba”:Write Access to Product, XBOL_TOP ­“impdba” is now available. 2 accounts will be granted with ‘impdba’ access initially. If more accounts are needed with this profile for the same customer, the exception will be requested by the SDM and it will be subject to approval. Individual Linux Account Powerbroker Controlled Linux Accounts Powerbroker Named Linux Account

9 Linux Map – Non-Privileged Non-Privileged Account PB Policy DB Tier Mid Tier Directory / Schema Named Linux Account (Varies) customerNAP, NP*  Requested via the Oracle On Demand oSDM  SSH Based  Standard Linux Command Set  Default Login Directory – Full Access  Standard File Systems – UID, GID Ranges Distinct From All Others – “world” Privilege Mask Applies * P=Production, NP=Non-Production

10 Linux Map - Controlled Controlled Account PB Policy DB Tier Mid Tier Directory / Schema apd iImpdba impanalyst NANP  AKA, “applmgr” Account, Linux Side  Powerbroker Controlled – SSH to Named Linux Account – Invoke Powerbroker Policy  APPL_TOP (/SID/applmgr) – Full Access  Special Operations Notes – Only Two Individual Linux Accounts Allowed to Access – Must File Informational SR When Modifying Files In APPL_TOP apt iimpdba impanalyst NANP  Same as Above, Applied to Test inf iimpanalyst impdba NAP, NP  See FTP Slides For Full Details – FTP Server Treatment For This Account Different Than DB, iAS Servers

11 Controlled Account Access Procedure: Non-Production  SSH Login to Target Server With Named Linux Account  Invoke Powerbroker – General Format  /usr/local/bin/pbrun -u [target user] – Specific Example: Dev Environment, “anon” 4 char custid  /usr/local/bin/pbrun impanalyst -u apdanoni  All Standard Linux Commands Available  Perform Unix Commands – Keystroke Logging Is Active  To Access Database or Oracle Applications, Use Password Manager – General Format  /usr/local/bin/pbrun password-manager – Example: policy:impanalyst, instance:ppmpti  /usr/local/bin/pbrun impanalyst password-manager ppmpti  Exit the Powerbroker Run Command – Type “exit” on the Unix Command Line  SSH Logout

12 Controlled Account Access Procedure: Production  SSH Login to Target Middle Tier Server With Named Linux Account – View Only Configuration  Used To Access BOLINF and RAC_ACCNT  Invoke Password Manager – General Format  All Passwords: /usr/local/bin/pbrun password-manager  Single Password: /usr/local/bin/pbrun password- manager – Example: policy:impdba, instance:ppmpti, type:bolinf  All: /usr/local/bin/pbrun impdba password-manager ppmpti  Single: /usr/local/bin/pbrun impdba password-manager ppmpti bolinf  Invoke Sql*plus – Use Data Returned from Password Manager  Logout From Sql*plus  SSH Logout

13 Technology Stack Map - DB AccountPB Policy DB Tier Mid Tier Directory / Schema BOLINFCustomerP, NP  Sqlnet Based – Any In Non-Production – ADI, ADE, and Discoverer Only in Prod  Standard Interface Table – Read, Write, Delete  Custom Schema – Full Access Including DML and DDL RAC_ACCNTCustomerP, NP  Sqlnet Based – Any In Non-Production – ADI, ADE, and Discoverer Only in Prod  All Database Tables – Read Only APPSimpdbaNANP  Usage Constrained by CEMLI Guidelines and Practices

14 Technology Stack Map – iAS / Portal AccountPB Policy DB Tier Mid Tier Directory / Schema portal30TBDNAP, NP  Not Relevant for Standard EBSO – Associated only if Customer Runs Portal 3.0.9 with EBS0 Portal30_ssoTBDNAP, NP  Not Relevant for Standard EBSO – Associated only if Customer Runs Portal 3.0.9 with EBS0  Oracle EBSO Application Server (iAS) Specific Access and Functionality Provided By BOL_SETUP Account via Oracle Applications GUI as Detailed on Following Slides – Examples:  Form Registration  Report Registration

15 Oracle Applications Administration Map AccountPB Policy DB Tier Mid Tier Directory / Schema BOL_SETUPimpdbaNAP*, NP  Oracle Applications GUI  Responsibilities – System Administrator: NP – *Application Administrator: P Consists of On Demand Specified Subset of System Administrator  Special Operations Notes – Must File Informational SR When Performing Any “High Impact” Change as Defined in the “Oracle Applications System Administrator’s Guide” – Must Run OEM Alert Toggle Prior to Starting or Stopping any Oracle Application Processes

16 OEM Blackout Command Line Interface (CLI)  Blackout Tool Prevents False Monitor Alerts  Synchronized with Service Request Systems  Accessible via the “impdba” Powerbroker Policy – Specifics Subject To Change During Phased Rollout  Command: blackout_ctl – Parameters:  Task [start | stop]  Option [full | target | all_except_host]  Duration (-d) [day HH:MM]  User Name (-u)  Reason (-r) [db_patch | app_patch | os_patch | agent_patch | maint | unsched]  Change Management Number (-cm) (optional)  Ticket Number (-t) (optional)  Comment (-c) (optional) – Help Facility:  blackout_ctl help

17 OEM Blackout CLI  Command: blackout_ctl (Con’t) – Line Mode example:  blackout_ctl start full –d 5 05:30 –u username –r db_patch – cm 333333 –t 88888888.999 –c “scheduled” – Interactive Example:  blackout_ctl Please enter all required fields…. Task [start | stop]: Option [full | target | all_except_host]: Duration [day HH:MM]: User Name: Reason [db_patch | app_patch | os_patch | agent_patch | maint | unsched]: Change Management Number (optional): Ticket Number (optional): Comment (optional):

18 OEM Blackout CLI Procedure: Non- Production  SSH Login to Target Server With Named Linux Account  Invoke Powerbroker – Example: “impdba” Policy, Dev Environment, “anon” 4 char custid  /usr/local/bin/pbrun impdba -u apdanoni  Blackout the Required Environment – Example: Start A Full OEM Blackout for 4.5 Days Under Username “smith” for a database patch with change management approval number “1776” Related to Service Request 12345678.999 With the Comment “Fixing It”  blackout_ctl start full –d 4 12:00 –u smith –r db_patch –cm 1776 –t 12345678.999 –c “Fixing It”  Perform Necessary Activity  Exit the Powerbroker Run Command – Type “exit” on the Unix Command Line  SSH Logout

19 File Transfers - FTP  This Section Represents FTP in the @Oracle Model Only  @Customer, the Customer is Solely Responsible for Implementing and Maintaining a File Transfer Model Specific to the Needs of Their Customer Application.

20 FTP Architecture – Two Tier Customer Hardware VPN Outer Firewall Inner Firewall Oracle Hardware VPN Customer SSH / FTP FTP01 Directory Structure Customer DB Server Directory Structure Customer iAS Server Directory Structure NFS SSH/FTP Customer Intranet SSH 5 Min. Sweepers transfer from /src to appropriate $XBOL_TOP NFS Net Apps File System

21 Customer Hardware VPN Outer Firewall Inner Firewall Oracle Hardware VPN Customer SSH / FTP FTP01 Directory Structure Customer DB Server Directory Structure NFS SSH/FTP Customer Intranet SSH NFS Customer iAS Server Directory Structure 5 Min. Sweepers transfer from /src to appropriate $XBOL_TOP Net Apps File System FTP Architecture – DMZ Configuration

22 FTP Connection Types & Transfer Programs  Secure Shell (SSH) – Secure Copy (SCP) May be Used to Transfer Data Within an SSH Connection to FTP01  File Transfer Protocol (FTP) Based – “ftp” Command Invoked Within an SSH Connection – Native “ftp” Invoked From the Customer’s Desktop – Native “ftp” Based Desktop Programs  There Are a Number of These  Typically add a Graphical User Interface (GUI)  May Also Provide File Transfer Interrupt / Resume Function – Secure FTP (sftp)

23 FTP Account & File Types  Uses a Single Login to FTP01 – Userid Format is: inf(4 char custid)i – Password Format is: inf(4 char custid)i – Example: Customer “Anonymous”  “infanoni”  Allowed File Types – Dev, Test  *.rdf, *.fmb, *.fmx, *.ctl, *.sh, *.sql (Specific Function)  *.dat, *.csv (Data) – Prod  *.dat, *.csv (Data Only)

24 FTP Directory Structure  FTP01 Customer Visible Directory Structure – Root is “/interface/inf(4 char custid)i” – Then Varies by Instance SID – Then “incoming”, “outgoing”, “archive”, “src”, “bad” /interface/inf(4 char custid)i /(DEV SID) /incoming/outgoing/archive/src/bad /(TEST SID) /incoming/outgoing/archive/src/bad /(PROD SID) /incoming/outgoing/archive/src/bad

25 FTP Inbound Move Automation  Files Automatically Moved From FTP01 Directory Structure to Customer iAS Server on 5 Minute Interval – Test & Dev  *.rdf  $XBOL_TOP/reports/US  *.fmb  $XBOL_TOP/forms/US/resource  *.fmx  $XBOL_TOP/forms/US  *.ctl  $XBOL_TOP/bin  *.sh  $XBOL_TOP/bin  *.sql  $XBOL_TOP/sql  *.dat  /interface/inf(4 char custid)i/(SID)/incoming  *.csv  /interface/inf(4 char custid)i/(SID)/incoming – Prod  *.dat  /interface/inf(4 char custid)i/(SID)/incoming  *.csv  /interface/inf(4 char custid)i/(SID)/incoming

26 FTP Miscellaneous  May send checksum file with data file for optional customer verification before loading data – File name = datafile_name.sum  Data transfer complete validated by CRON script – No data written in last 2 minutes  Oracle Applications Programmatic Interface Used to Load Data Into Database  Implementation Team Should Provide Detail of Invalid Data Loads

27 FTP Inbound Process  Open an FTP Session on Oracle Outsourcing FTP01 – Username/Password Example: “infanoni/infanoni”  Navigate to the Appropriate Directory As Described Earlier – /src: *.rdf, *.fmb, *.fmx, *.ctl, *.sh, *.sql – /incoming: *.dat, *.csv  Transfer Data  CRON Script Moves Data As Described Earlier  Execute API to import data into database

28 FTP Outbound Process  Account Notes – Either the RAC_ACCNT or BOLINF May Be Used To Generate The Output File in the Linux File System. – In Order to Submit the Concurrent Manager Job to Transfer the File, Your Individual Application User Account Must Have the “Application Administrator” Responsibility  Coordinate The Assignment Of “Application Administrator” Responsibility With the Customer Representatives

29 FTP Outbound Process  Submit Concurrent Manager “BOL – FTP process” Request With The Following: – Ttype: Path of the FTP server where the file will be transferred from the EBSO server  E.g.: /interface/inf(4 char custid)I/(Target SID)/outgoing – File: Name of the file to be transferred  E.g.: filename.out – File Location: Path to File on Customer EBSO Server  E.g.: /(Target SID)/applcsf/out – Enable Timestamp: Option to enable a timestamp  Values: No/Yes – Enable Checksum: Option to enable a checksum  Values: No/Yes  Open FTP Session on Oracle On Demand FTP01  FTP File from Oracle On Demand FTP01

Download ppt "Oracle On Demand Access Objectives  What Systems You May Access  Your Accounts, Privileges, and Commands  Request Exceptions In Advance – Access to."

Similar presentations

DataMigrator 7.7 in Real Time

DataMigrator 7.7 in Real Time
Oracle9i Database Administrator: Implementation and Administration 1 Chapter 2 Overview of Database Administrator (DBA) Tools.

Oracle9i Database Administrator: Implementation and Administration 1 Chapter 2 Overview of Database Administrator (DBA) Tools.
1 SuccessFactors Proprietary and Confidential © 2011 SuccessFactors, Inc. All rights reserved. Creating a Bulk Import Job in Quartz Dan Hayes Senior Technical.

1 SuccessFactors Proprietary and Confidential © 2011 SuccessFactors, Inc. All rights reserved. Creating a Bulk Import Job in Quartz Dan Hayes Senior Technical.
Chapter 9 Auditing Database Activities

Chapter 9 Auditing Database Activities
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Installing software on personal computer

Installing software on personal computer
9 Copyright © Oracle Corporation, 2001. All rights reserved. Oracle Recovery Manager Overview and Configuration.

9 Copyright © Oracle Corporation, All rights reserved. Oracle Recovery Manager Overview and Configuration.
Project Implementation for COSC 5050 Distributed Database Applications Lab1.

Project Implementation for COSC 5050 Distributed Database Applications Lab1.
Amazon EC2 Quick Start adapted from EC2_GetStarted.html.

Amazon EC2 Quick Start adapted from EC2_GetStarted.html.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
© 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Advanced Samba Administration Part.

© 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Advanced Samba Administration Part.
Automating Student Course Profile & Student Record Report Uploads to GaDOE Chris A. McManigal Camden County Schools Kingsland, GA.

Automating Student Course Profile & Student Record Report Uploads to GaDOE Chris A. McManigal Camden County Schools Kingsland, GA.
Telnet/SSH: Connecting to Hosts Internet Technology1.

Telnet/SSH: Connecting to Hosts Internet Technology1.
Database System Concepts and Architecture Lecture # 3 22 June 2012 National University of Computer and Emerging Sciences.

Database System Concepts and Architecture Lecture # 3 22 June 2012 National University of Computer and Emerging Sciences.
WINDOWS SERVICES. Introduction You often need programs that run continuously in the background Examples: –Email servers –Print spooler You often need.

WINDOWS SERVICES. Introduction You often need programs that run continuously in the background Examples: – servers –Print spooler You often need.
Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.

Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.
September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.

September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Module 8: Managing Client Configuration and Connectivity.

Module 8: Managing Client Configuration and Connectivity.
Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.

Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.

Similar presentations

Ads by Google