2 Performing a Secure ASAP Installation

This chapter presents planning information for your Oracle Communications ASAP system and describes recommended deployment topologies that enhance security.

For more information about installing ASAP, see ASAP Installation Guide.

Pre-Installation Configuration

This section explains the pre-requisites to install ASAP with security:

• You must have at least one dedicated UNIX group and one dedicated user account within that group for ASAP.

  • Create a group for ASAP that includes the ASAP user account and the root user.

• When creating the ASAP WebLogic server domain:

  • Make sure that the administration server and the optional managed server SSL ports are used.

  • After you have created the WebLogic Server domain for ASAP, start the WebLogic administration server. Then, use t3s to start the managed server:

    startManagedWebLogic.sh ManagedServer t3s://host_name:SSL_Port 
    

    Where ManagedServer is the name of the WebLogic managed server, host_name and SSL_Port are the host name and the SSL port number of the WebLogic administration server.

• Using the WebLogic administration console, configure certificate identity and trust store to use SSL. Do not use the default, demonstration certificate that comes with WebLogic server. See the WebLogic documentation for more information.

Installing ASAP Securely

You can perform a custom installation or a typical installation. Perform a custom installation to avoid installing options you do not need. Unused options and sample files can contain security vulnerabilities if deployed in a production environment.

To deploy and configure ASAP resources securely in the ASAP WebLogic sever domain, do the following:

1. Follow the steps to install ASAP as described in the ASAP Installation Guide, selecting the following:

   1. In the WebLogic Configuration screen, enter the SSL port of WebLogic administration server.

   2. Select the option Use SSL.

      The Enter Keystore File field is enabled.

   3. In the Enter Keystore File field, enter the KeyStore file.

   4. After installing ASAP, change the passwords for all default ASAP WebLogic user accounts.

Securely Integrating BI Publisher with ASAP

Oracle Business Intelligence Publisher (BI Publisher) is installed into a WebLogic server domain. When installing BI Publisher, configure it to communicate with the SARM and Admin server over an SSL-enabled channel, and disable all unused ports, especially unsecured ports. See the BI Publisher documentation for more information.