Transcript Slide 1
Multiplexing OID, SSO, PORTAL
Virtual Private Portals (VPP)
Presented By:
Author Surender Sara - [email protected]
Co-Author Vivek Pavle
- [email protected]
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
Business Problem
Single Physical OID meta repository instance and server
Single Middle Tier instance and server
Have multiple SITES under this setup
Have separate DAS, OIDAMIN user, SSO user and group
entries
Separate applications for each site
Shared Tables
Easy of backup
NO REPLICATION or DATA SYNC
NO INVESTMENT IN HARDWARE COST
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
Typical Architecture of 10gAS
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
Typical Architecture of 10gAS
We typically have one Infrastructure server with
the following components
HTTP_Server, OC4J_SECURITY, OID,
Single Sign-On: orasso, Management
We typically have one Application Server with
the following components
Discoverer, Forms, HTTP_Server, OC4J_BI_Forms,
OC4J_Portal, Reports Server, Web Cache, Management
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
Issues With This Deployment
We have shared OID, SSO, DAS on the
infrastructure tier, hence single password
file management
We have shared portal application users,
groups, Single DN entity tree
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
Business Problem
Single Physical OID meta repository instance and server
Single Middle Tier instance and server
Have multiple SITES under this setup
Have separate DAS, OIDAMIN user, SSO user and group
entries
Separate applications for each site
Shared Tables
Easy of backup
NO REPLICATION or DATA SYNC
NO INVESTMENT IN HARDWARE COST
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
OPTION 1- Multiple Hosts >>Multiple Sites
Clients
Network
Application
Servers
Middle Tier
Database Tier
Shared Cache
Shared
Disk
Database
Clustered Database
Server Nodes are
connected via
a high speed, low
latency Interconnect
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
GOALS MET ?
NO – Redundant hardware
NO – Duplicated OID entries
Lack of Single Super Administrator access
which can manage all instances.
Maintenance cost directly proportional to
the scale of system
Very high cost for scalability
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
What is Virtual Private portal (VPP)?
Multiple Portal Sites Supported over one Application Server instance.
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
How VPP Works
Oracle AS VPP is based on Virtual Private Database
(VPD) technology.
It involves adding a context column which distinguishes
site/subscriber in the database tables and employing
policy to restrict queries based on context of the logged
in user.
OID Administration of each site sub-tree can be
delegated and the default subscriber admin can manage
the whole tree.
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
VPP Benefits
Demo
Secure setup
Low cost setup
Each site/customer completely isolated
Highly Scalable
Easy to Manage
Virtually no cost to scale
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
VPP – The solution
Step - I : Enable VPP on the host
cd /d02/10g_PORTAL/portal/admin/plsql/wwhost
./enblhstg.csh -pc rhas2.oracletop.com:1521:asdb -ps
portal -pw ZcMulMDW -sc
rhas2.oracletop.com:1521:asdb -ss orasso -sw
H1JZ4DFT -h rhas2.oracletop.com -p 3060 -d
"cn=orcladmin" -w pwd123
[oracle@rhas2 bin]$ ./opmnctl stopproc ias-component=OC4J
opmnctl: stopping opmn managed processes...
[oracle@rhas2 bin]$ ./opmnctl startproc ias-component=OC4J
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
Modify Login.jsp
ORACLE_HOME/j2ee/OC4J_SECURITY/applications/sso/web/jsp
<!-- UNCOMMENT TO ENABLE MULTIPLE REALM SUPPORT
<tr>
<label>
<th id="c6"><font
class="OraFieldText"><%=msgBundle.getString(ServerMsgID.COMPANY_
LBL)%></font></th>
<td headers="c6"> <INPUT TYPE="text" SIZE="30" MAXLENGTH="50"
NAME="subscribername" value=""></td>
</label>
</tr>
-->
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
OID Tree Before running the script
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
OID Tree after enabling VPP
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
VPP – The solution
Step-II : Add Subscribers to VPP
cd /d02/10g_PORTAL/portal/admin/plsql/wwhost
./addsub.csh -name SURENDER -id 1003 -type all -pc
rhas2.oracletop.com:1521:asdb -pp pwd123 -ps portal
-pw ZcMulMDW -sc rhas2.oracletop.com:1521:asdb sp pwd123 -ss orasso -sw H1JZ4DFT -a
portal.asdb.rhas2.oracletop.com -h
rhas2.oracletop.com -p 3060 -d "cn=orcladmin" -w
pwd123 -rc "cn=OracleContext" -sd oracletop -tp
/d02/10g_INFRA/ldap/schema/oid/
# Make sure to point ex to vi - else this will fail
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
Subscriber entry in OID and Portal
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
VPP – The solution
Step-III : Apache Configuration
# Add following in httpd.conf under PORTAL Home
<VirtualHost 67.100.66.98:7779>
port 7778
RewriteEngine on
RewriteRule ^/$ /pls/portal/portal.home [PT,L,NS]
</VirtualHost>
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
VPP – The solution
Step-III : Setting up Branded URL
cd /d02/10g_PORTAL/portal/admin/plsql/wwhost
./addburl.csh -name SURENDEDR -pc
rhas2.oracletop.com:1521:asdb -ps portal -pw ZcMulMDW pu http://surender.oracletop.com:7778/pls/portal -sc
rhas2.oracletop.com:1521:asdb -ss orasso -sw H1JZ4DFT -su
http://surender.oracletop.com:7777/pls/orasso
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
VPP – The solution
cd /d02/10g_PORTAL/portal/admin/plsql/wwhost
./rmsub.csh -name VIVEK -pc
rhas2.oracletop.com:1521:asdb -pp pwd123 -ps portal -sc
rhas2.oracletop.com:1521:asdb -sp pwd123 -ss orasso -a
portal.asdb.rhas2.oracletop.com -h rhas2.oracletop.com -p
3060 -d "cn=orcladmin" -w pwd123 -cs 1000
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
OID after implementing VPP
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
Limitations / Restrictions
Data Sharing not allowed for security purposes.
ASP users and groups can not be more than
two levels deep.
Manage non-default subscribers' ASP users and
groups only with hosting scripts.
ASP group is only a placeholder for ASP users
and groups. Privileges are not propagated to
subscribers.
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
Advanced Operations
ASP users/groups management (sync)
Removing subscribers
WebDAV support
Ultrasearch Support
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
Q&A
[email protected]