This section includes the following topics:
This section describes the following topics:
Prepare the shared storage for Oracle Identity Management and Oracle Fusion Applications as defined in the Oracle Fusion Applications Installation Workbook. Ensure the shared storage has the required space as defined in Storage: Plan Storage Configuration and that they are configured according to the instructions detailed in Shared Storage Considerations.
Tip:
The shared storage property value is available in the Oracle Fusion Applications Installation Workbook, then in the Storage tab, and then the Shared Storage section .
Mount the shared storage on each server according to the information defined in the Oracle Fusion Applications Installation Workbook , the in the Storage tab , and the in the Shared Storage table. Ensure that the file system is mounted as read-write.
If different shared storage are used for Oracle Identity Management and Oracle Fusion Applications, follow these steps to mount each shared drive:
The Oracle Identity Management shared storage should be mounted on the servers running Oracle Identity Management components (see the Topology tab in the Oracle Fusion Applications Installation Workbook).
The Oracle Fusion Applications shared storage should be mounted on the servers running Oracle Fusion Applications components (see the Topology tab in the Oracle Fusion Applications Installation Workbook).
Ensure the locations defined for the Install Directories and Temporary Shared Storage are owned by the appropriate user, are read/write and can be created later during install. They may include both shared and local file systems.
For servers located in the DMZ, which normally don't have access to the shared storage, the same base path used for the other servers (as defined in the Oracle Fusion Applications Installation Workbook) is applicable.
Tip:
The directory location values are available in the Oracle Fusion Applications Installation Workbook , then the Storage tab, then Temporary Shared Storage table, and then the Installers Directory Location field.
Ensure there is no oraInst.loc
file present in the /etc
directory unless using a central inventory and preferring to not have the installer create it later (which requires root access). In this case, ensure the oraInst.loc
file points at the location defined for oraInventory
in the Oracle Fusion Applications Installation Workbook. The oraInst.loc
file contains the following two lines:
inventory_loc=<oraInventory path>
inst_group=<oraInventory owner group>
The file must be present and have the correct oraInventory
and group owner values for all servers.
Tip:
The planned inventory location values are available in the Oracle Fusion Applications Installation Workbook , then the Storage tab, and then Inventories table.
This section describes tasks must be performed before running the Oracle Identity Management Provisioning Wizard. Many of these tasks are platform-specific.
When planning the Oracle Identity Management deployment, ensure that the Software Installation Location directory path is 45 characters or fewer in length. Specify this directory on the Installation and Configuration page when the provisioning profile is created. A longer path name can cause errors during Oracle Identity Management provisioning. See Null Error Occurs When WebLogic Patches Are Applied.
UNIX: The kernel parameter and shell limit values shown below are recommended values only. For production database systems, Oracle recommends to tune these values to optimize the performance of the system. See the operating system documentation for more information about tuning kernel parameters.
Kernel parameters must be set to a minimum of those below on all nodes in the cluster.
The values in the following table are the current Linux recommendations. See the Oracle Fusion Middleware System Requirements and Specifications.
To deploy a database onto the host, it might be necessary to modify additional kernel parameters.
Table 5-1 UNIX Kernel Parameters
Parameter | Value |
---|---|
kernel.sem |
256 32000 100 142 |
kernel.shmmax |
4294967295 |
Linux:
To set these parameters:
Log in as root
and add or amend the entries in /etc/sysctl.conf
.
Save the file.
Activate the changes by issuing the command:
/sbin/sysctl -p
Solaris:
The table lists the recommended kernel parameters on Solaris. Verify that the kernel parameters shown in the table are set to values greater than or equal to the minimum value shown.
Table 5-2 Solaris Kernel Parameters
Resource Control | Minimum Value |
---|---|
project.max-sem-ids |
100 |
process.max-sem-nsems |
256 |
project.max-shm-memory |
4294967295 |
project.max-shm-ids |
100 |
To verify the current value of kernel parameters:
Retrieve the project id:
Example:
$ /bin/id -p
uid=100(oracle) gid=100(dba) projid=1 (group.dba)
, where group.dba
is the project ID
Execute prctl
command with the project ID to get the current value:
/bin/prctl -n project.max-sem-ids -i project <project-id>
/bin/prctl -n process.max-sem-nsems -i project <project-id>
/bin/prctl -n project.max-shm-memory -i project <project-id>
/bin/prctl -n project.max-shm-ids -i project <project-id>
If any value listed for privileged is below the recommended value, increase it:
On all UNIX operating systems, the minimum Open File Limit should be 150000.
The following examples are for Linux operating systems. For other operating systems, consult the respective documentation to determine the commands to be used.
Linux: See how many files are open with the following command:
/usr/sbin/lsof | wc -l
To check the open file limits, use the following commands:
C shell:
limit descriptors
Bash:
ulimit -n
Solaris:
See how many files are open with the following command:
/usr/local/bin/lsof | wc -l
To check the open file limits, use the following command:
/bin/ulimit -n
UNIX:
To change the shell limits, login as root
and edit the /etc/security/limits.conf
file.
Add the following lines:
* soft nofile 150000 * hard nofile 150000 * soft nproc 327679 * hard nproc 327679
If installing on Oracle Linux Server release 6, edit /etc/security/limits.d/90-nproc.conf
to make sure it has the following line:
* soft nproc 327679
After editing the file, reboot the machine.
Solaris:
To change the shell limits, login as root
and edit the /etc/system
file.
To set shell limits parameter:
rlim_fd_cur 150000
rlim_fd_max 150000
maxuprc 327679
max_nprocs 327679
After editing the file, reboot the machine.
The operating system configuration can influence the behavior of characters supported by Oracle Fusion Middleware products.
On UNIX operating systems, Oracle highly recommends to enable Unicode support by setting the LANG
and LC_ALL
environment variables to a locale with the UTF-8 character set. This enables the operating system to process any character in Unicode.
If the operating system is configured to use a non-UTF-8 encoding, some components may function in an unexpected way. Oracle does not support problems caused by operating system constraints.
Synchronize the time on the individual Oracle Internet Directory nodes using Greenwich Mean Time so that there is a discrepancy of no more than 250 seconds between them.
If OID Monitor detects a time discrepancy of more than 250 seconds between the two nodes, the OID Monitor on the node that is behind stops all servers on its node. To correct this problem, synchronize the time on the node that is behind in time. The OID Monitor automatically detects the change in the system time and starts the Oracle Internet Directory servers on its node.
Before creating the new environment, review the following actions in this section to help ensure a smooth installation.
Increase the limit of open files to 327679 or higher for the operating system.
For Linux x86-64:
Modify /etc/security/limits.conf
to read as follows:
FUSION_USER_ACCOUNT
soft nofile 327679
FUSION_USER_ACCOUNT
hard nofile 327679
Edit /etc/ssh/sshd_config
as follows:
UsePAM
to Yes
.sshd
.Increase the maximum open files limit.
Edit /proc/sys/fs/file-max
and set it to 6553600. The change becomes effective immediately but does not persist after a reboot. To make the change permanent edit /etc/sysctl.conf
and set fs.file-max
= 6553600
. This change does not be effective until the sysctl
command is run or the server is rebooted.
For Oracle Solaris on SPARC (64-bit):
Edit /etc/system
and set as follows:
set rlim_fd_cur=327679
set rlim_fd_max=327679
For all platforms, typically, have max user processes set to 16384:
$ulimit -u 16384
Increase the maximum user process to 16384 or higher.
Linux:
To check the max user processes:
$ulimit -u
16384
To change the max user processes:
Modify /etc/security/limits.conf
to read as follows:
FUSION_USER_ACCOUNT soft nproc 16384
FUSION_USER_ACCOUNT hard nproc 16384
Solaris:
To check the max user processes:
$ulimit -u
16384
To change the maximum user processes:
Modify below parameter in file /etc/system
:
maxuprc = 16384
max_nprocs = 16384
After editing the file, reboot the machine.
The value of 16384 for max user processes is the recommended starting value for installing Oracle Fusion Applications in a multi-host topology. Depending on the hardware topology for the Oracle Fusion Applications environment planned for setup, a higher number for max user processes might need to be used when allocating more WebLogic domains and managed servers into a fewer number of hosts. Is is recommended to go through a proper sizing exercise to determine the configuration.
When a host reaches the limit of the max user processes during provisioning of Oracle Fusion Applications, the following error messages might be encountered while starting additional managed server processes even when the IP address and port number are valid.
Node Manager log:
2013-12-28 03:31:57.932 NOTIFICATION [logStatus] STATE=BUILD_ERROR!TIMESTAMP=2013-12-28 03:31:57 GMT!TARGET=common-apps-startup!CATEGORY=BUILD_ERROR!DOMAIN=HCMDomain!HOSTNAME=<host>!PRODUCTFAMILY=hcm!PRODUCT=HCM-Talent!TASK=nodeManagerStartServer!TASKID=hcm.HCM-Talent.BUILD_ERROR.common-apps-startup.nodeManagerStartServer!MESSAGE=Node Manager Start Server operation could not be carried out. Please check the log files in the Managed Server directory <file path to a managed server directory>/logs/ and the NodeManager log at <APPLICATIONS_CONFIG>/nodemanager/<host>/nodemanager.log to find out details of the problem.!DETAIL=Process execution failed with return code: 1. Check the logs for more information.!BUILDFILE=<FAPROV_HOME>/provisioning/provisioning-build/common-lifecycle-build.xml!LINENUMBER=68!
Failed Managed Server log:
####<Dec 28, 2013 3:31:39 AM GMT> <Error> <Server> <host> <TalentManagementServer_1> <DynamicListenThread[Default]> <<WLS Kernel>> <> <> <1388201499505> <BEA-002606> <Unable to create a server socket for listening on channel "Default". The address <ip address> might be incorrect or another process is using port <port>: java.net.BindException: Address already in use.>
####<Dec 28, 2013 3:31:39 AM GMT> <Critical> <WebLogicServer> <host> <TalentManagementServer_1> <Main Thread> <<WLS Kernel>> <> <> <1388201499517> <BEA-000362> <Server failed. Reason: Server failed to bind to any usable port. See preceeding log message for details.>
Define the local port range to ensure that it does not overlap with the ports used by the Java Virtual Machines (JVMs) and other servers. This action avoids port conflicts during server startup. To view and modify localRange
:
Linux:
To view:
$cat /proc/sys/net/ipv4/
ip_local_port_range
To modify:
$echo "32768 61000" > /proc/sys/net/
ipv4/ip_local_port_range
To make the local port range permanent after server restart, add (or update) the following line in /etc/sysctl.conf
:
net.ipv4.ip_local_port_range = 32768 61000
Solaris:
To view:
#/usr/sbin/ndd /dev/
tcp tcp_smallest_anon_port tcp_largest_anon_port
To modify:
#/usr/sbin/ndd -set /dev/
tcp tcp_smallest_anon_port
32768
#/usr/sbin/ndd -set /dev/
tcp tcp_largest_anon_port
61000
All engine and data tier servers (including SIP) must accurately synchronize their system clocks to a common time source, to within one or two milliseconds. Large differences in system clocks can cause severe problems.
Before provisioning, ensure that the provisioning server and the computer hosting Oracle Access Server have the same date and time stamp settings. The WebGate installation fails with an Oracle Access Manager certificate error if the date and time settings on the provisioning server are different from the Oracle Access Server.
Before installing the Oracle Database using the Provisioning Wizard, ensure that the value of the kernel parameter shmmax
on the database host is greater than the value of the System Global Area (SGA) Memory.
The value of SGA Memory (sga_target) is 9 GB in the default Database Configuration Assistant (DBCA) template for the Starter database. If DBCA is run using the production DBCA template packaged with Oracle Fusion Applications Provisioning, the value of the SGA Memory is 18 GB. Ensure that shmmax
> (shmall * shmmni
) > SGA Memory
, where shmmax
, shmall
, shmmni
are kernel parameters.
Linux:
For example, to retrieve the values of these kernel parameters, use the following command:
user@host> /sbin/sysctl -a | grep shm kernel.shmmni = 4096 kernel.shmall = 3145728 kernel.shmmax = 12884901888
To set the value of a kernel parameter:
user@host> /sbin/sysctl -w sys.kernel.shmmax=value
Solaris:
To check the current values of these kernel parameters:
Execute id
to get the project ID.
Example: $ /bin/id -p
uid=100(oracle) gid=100(dba) projid=1 (group.dba),
where group.dba
is the project ID
Execute prctl
with the resource control and project ID to get the current value:
/bin/prctl -n project.max-shm-memory -i project <project-id>
/bin/prctl -n project.max-shm-ids -i project <project-id>
If any value listed for privileged
is below the recommended value, increase it using the following commands:
Before provisioning an Oracle Fusion Applications environment make sure the LIBPATH variable is not set. See Start the Wizard and Prepare to Install.
UNIX:
Use env
or echo $LIBPATH
to check if the variable is set.
Use unsetenv LIBPATH
to unset the variable.
All server machines must have the same time zone settings as described in the following paragraph:
The time zone should be the standard time zone for the instance.
Set the TZ
environment variable on Linux or an equivalent on other operating systems to have a valid time zone ID.
Check the time zone setting using the command: echo $TZ
. The tzselect tool may be handy if the setting needs to be changed.
Oracle WebLogic Server and Oracle Database then derive the default VM and database time zones from the system, respectively, unless otherwise configured. JVMs and the database need to be running in the same time zone.
If the Oracle Fusion Human Capital Management (Oracle Fusion HCM) application offerings are being provisioned, namely Workforce Development and Workforce Deployment, and the Workforce Reputation Management feature is planned to be used, perform the following tasks after provisioning is complete:
A warning message is displayed in the provisioning log during the preverify phase when the Workforce Development and Workforce Deployment offerings are selected for provisioning if the directory is not setup. The warning message is a reminder. Proceed with provisioning the environment and mount the shared disk after provisioning is complete and before starting using the Workforce Reputation application.
For UNIX platforms, ensure that the provisioning hosts have a miminum of 1 GB of swap space. During the provisioning of an Oracle Fusion Applications environment, a validation test is performed in the preverify phase. An error message is displayed if the provisioning hosts do not have at least 1 GB of swap space. This error must be resolved by increasing the swap space before proceeding with provisioning the environment.
UNIX:
Use free
or top
command to verify swap space. Refer to the respective Operating System manual for details about how to increase swap space.
A warning is received if there is at least 1 GB of swap space but less than the larger of 2 GB and 10% of memory allocated to the host. This means if a host has less than 20 GB of memory, then the swap space must be at least 2 GB. If a host has more than 20 GB of memory, then the swap space must be at least 10% of the memory.
The decision on whether to set swap space higher than 10% of the memory is a performance tuning exercise that can be made at a later time. Under certain conditions in some platforms, it might be necessary to increase swap space to 30% of the memory in order to complete provisioning an environment.
On the provisioning host where the Oracle Business Intelligence domain is provisioned, ensure it has at least 7 GB of swap space.
Solaris:
To see how many files are open, use the following command:
/usr/local/bin/lsof | wc -l
To check the open file limits, use the command below.
/bin/ulimit -n
For UNIX platforms, confirm that the host names are correctly formatted in /etc/hosts
, for each host that is participating in provisioning. Review /etc/hosts
for each participating host and edit any host entries that do not meet the following recommendations:
WARNING: Do not enter multiple host aliases into a single line in the /etc/hosts
file. There are some software components which do not process a line with more than 700 characters. Some error messages might be encountered during provisioning phases, such as "UNABLE TO OPEN CREDENTIAL STOREFAILED TO ADUTPSINITIALIZE" caused by incorrect resolution of the host names. If a host has many aliases, then limit the line to 700 characters and break it down into separate lines. Ensure that each line begins with the IP_address and canonical_hostname, then the aliases.
Ensure that /bin/bash
shell is installed on the hosts before provisioning an Oracle Fusion Applications environment. Ensure that the provisioning hosts have bash shell version 3.2 or higher when upgrading the environment at a later time.
To provision on UNIX platforms, ensure that the en_US.UTF-8
locale is installed on the operating system of the provisioning hosts. Oracle Business Intelligence expects the en_US.UTF-8
locale in the operating system before provisioning the Oracle Fusion Applications environment. Use the locale
command to list the locale-specific information of the operating system.
If the en-US.UTF-8
locale is not installed, an error is encountered during the provisioning configure phase. The runProvisioning-bi-configure.log
displays the following error message:
FAILED:Distributing Repository
Error:
<APPLICATIONS_BASE>/fusionapps/bi/bifoundation/provision/scripts/bidomain/bi-install.xml:274: exec returned: 1
.
Inspecting the oraInventory logs, it indicates that the EN_US.UTF-8
locale must be installed on the provisioning host for Oracle Business Intelligence. The error message is:
Executing Task: Distributing Repository
[CONFIG]:Distributing Repository
ReEncrypting RPD: [nQSError: 46116] The locale EN_US.UTF-8 needs to be installed on the machine for the Oracle BI locale setting english-usa specified in NQSConfig.INI.
javax.management.RuntimeMBeanException:javax.management.RuntimeMBeanException: Repository File '<APPLICATIONS_CONFIG>/BIInstance/tmp/OracleBIApps.rpd' does not exist or is not accessible.
If this error is encountered during the configure phase, install the missing locale and then retry the configure phase to complete the task.
Make sure the hosts have enough entropy values in the provisioning hosts. If this value is less than 1000, increase it to a value to a greater value using the rngd
command. Run these commands as the root user for the current session:
To check the entropy value:
cat /proc/sys/kernel/random/entropy_avail
To increase the entropy value:
rngd -r /dev/urandom -o /dev/random
To set the rngd
service to start automatically after rebooting the host, enter the following text into a script, such as, start.rngd
, and run the script as root user:
#! /usr/bin/perl -w # minimum required bytes to be happy with the device my $want_bytes = 8192; # list of commands to check my clist = qw(/sbin/rngd /usr/sbin/rngd); S # list of device names to check my slist = qw( /dev/hwrandom /dev/hw_random /dev/hwrng /dev/intel_rng /dev/i810_rng /dev/urandom ); use Fcntl qw(O_RDONLY); # find the rngd binary my $command; foreach (clist) { -x && ($command = $_) && last; } # stop if rngd isn't installed defined $command || die "$0 error: rngd is not installed\n"; # look for a hw random device my $source; my $continue = 1; $SIG{'ALRM'} = sub { $continue = 0 }; foreach my $test (slist) { -e $test || next; alarm 2; $continue = 1; my $bytes = 0; sysopen FILE, $test, O_RDONLY or next; while ($continue) { sysread FILE, $_, 4096 or last; $bytes += length $_; } close FILE; if ($bytes > $want_bytes) { $source = $test; last; } } # use the select command and source print "starting $command with $source... "; system "$command -r $source"; print "done.\n"; exit 0;
For Solaris 10 Only
For Oracle Solaris on SPARC (64-bit) platforms, ensure that the Solaris Operating System patch 150400-xx is installed on the servers.
For Oracle Solaris on x86-64 (64-bit) platforms, ensure that the Solaris x64 Operating System patch 150401-xx is installed on the servers.
These patches can be obtained from My Oracle Support.
For Solaris 11 Only
Ensure that the Solaris Package SUNWttf-bh-luxi is installed on the FA servers for both Oracle Solaris on SPARC (64-bit) and Oracle Solaris on x86-64 (64-bit) platforms.
The Solaris 11 Update 3 on SPARC or x86-64 requires the Support Repository Update (SRU) 11.3.3.6.0 or later (mandatory patch).
This section describes the network environment configuration required by Oracle Fusion Applications, more specifically these three areas:
Name Resolution: Configure Name Resolution
Load Balancers or Reverse Proxy: Configure Load Balancers/Reverse Proxy
Firewall: Configure Firewalls
While name resolution configuration applies to all topologies, the remaining topics (load balancer/reverse proxy and firewall) apply only if any of those are present in the topology.
At this point, configure name resolution for all endpoints in the environment. This includes:
Web Tier Virtual Hosts (Internal and External), if used
HTTP LBR Endpoints (Internal and External), if used
LDAP Endpoints
Oracle WebCenter Content (UCM) LBR Endpoint, if the environment is highly available
AdminServer VIPs, if used
Managed Server VIPs, if used
Name resolution can be done in DNS or in the Hosts file. Each table has a column called Name Resolution which defines if that specific endpoint should be resolved via DNS or Hosts file.
Use Table 5-3 along with the information in the Oracle Fusion Applications Installation Workbook to create the necessary DNS or Hosts entries for name resolution for the environment.
Table 5-3 Name Resolution for Oracle Fusion Applications Web Tier Virtual Hosts
Name resolution for | Name for HTTP Endpoint | Points at IP Address |
---|---|---|
Oracle Fusion Applications (for each component: Financials, Projects, Procurement, Supplier Portal, IC, Common, CRM, SCM, HCM, BI) |
Oracle Fusion Applications Installation Workbook , Network - Virtual Hosts tab, FA WebTier Virtual Hosts table,
|
FA WebTier Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab. FA WebTier Virtual Hosts table, IP Endpoint column |
Oracle Identity Management (IDM and IDM Admin) |
Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, IDM WebTier Virtual Hosts table,
|
IDM WebTier Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, IDM WebTier Virtual Hosts table, IP Endpoint column |
Use Table 5-4 along with the information in the Oracle Fusion Applications Installation Workbook to create the necessary DNS or Hosts entries for name resolution for the environment:
Table 5-4 Name Resolution for HTTP LBR Endpoints
Name resolution for | Name for HTTP Endpoint | Points at IP Address |
---|---|---|
External |
Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, HTTP LBR Endpoints table, External Name column (for each component) |
External Load Balancer / Reverse Proxy Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, HTTP LBR Endpoints table, External IP Endpoint column |
Internal |
Oracle Fusion Applications Installation Workbook , Network - Virtual Hosts tab, HTTP LBR Endpoints table, Internal Name column (for each component) |
Internal Load Balancer / Reverse Proxy Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, HTTP LBR Endpoints table, Internal IP Endpoint column |
Use Table 5-5 along with the information in the Oracle Fusion Applications Installation Workbook to create the necessary DNS or Hosts entries for name resolution for the environment:
Table 5-5 Name Resolution for LDAP Endpoints
Name resolution for | Name for LDAP Endpoint | Points at IP Address |
---|---|---|
Policy Store (OID) |
Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, LDAP Endpoints table, Hostname column |
Internal Load Balancer, if using one; otherwise OID Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, HTTP LBR Endpoints table, IP Endpoint column |
Use Table 5-6 along with the information in the Oracle Fusion Applications Installation Workbook to create the necessary DNS or Hosts entries for name resolution for the environment:
Table 5-6 Name Resolution for Other Endpoints
Name Resolution for | Name for Endpoint | Points at IP Address |
---|---|---|
UCM LBR Endpoint |
Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, UCM LBR Endpoint table, Hostname column |
Internal Load Balancer, if using one; otherwise not necessary Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, UCM LBR Endpoint table, IP Endpoint column |
AdminServer Virtual Hosts / VIPs |
Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, AdminServer Virtual Hosts / VIPs table, Virtual Hostname column (for each component) |
Active AdminServer host for each domain Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, AdminServer Virtual Hosts / VIPs table, Virtual IP column (for each component) |
Managed Server Virtual Hosts/ VIPs |
Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, Managed Server Virtual Hosts/ VIPs table, Virtual Hostname column (for each component) (multiple columns for HA) |
Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, Managed Server Virtual Hosts/ VIPs table, Virtual IP column (for each component) (multiple columns for HA) |
If the Oracle Fusion Applications Topology includes the use of a Load Balancer or Reverse Proxy, they must be configured appropriately for Oracle Fusion Applications, which has specific requirements for:
Load balancing settings
SSL termination
Mappings
The instructions provided distinguish between internal traffic (to Internal HTTP endpoints and TCP/LDAP endpoints) and external traffic (External HTTP endpoints), so they can be used for topologies with one or two load balancer devices deployed separately on each network (internal and external). For more information about load balancer placement on the network, see Network Placement of Load Balancers/Reverse Proxy.
If the topology has a single load balancer device deployed on a single network, ensure the security implications of this have been fully considered and ensure the relevant firewall ports are opened to allow traffic through it. For more information about how to configure the firewall, see Configure Firewalls.
If a load balancer or reverse proxy is being used, follow the guidelines from Load Balancer Feature Requirements along with the requirements to configure their settings.
Oracle Fusion Applications configures SSL to terminate at the Load Balancer/Reverse Proxy, so you may also have to configure certificates, as appropriate, on the load balancer or reverse proxy.
The Oracle Fusion Applications Installation Workbook, SSL and Certificates tab contains the SSL Communication table which lists the communication that will be SSL-enabled during installation. In the current release of Oracle Fusion Applications there are two options for SSL termination:
External HTTP Endpoints (mandatory)
IDM Admin HTTP Endpoint (optional)
If a load balancer is used, set up certificates appropriately and ensure that SSL termination is configured for the endpoints that will use SSL when executing the next section.
Once name resolution for endpoints is configured, the load balancer or reverse proxy mappings must be configured if one is being used. Use Table 5-7 along with the information in the Oracle Fusion Applications Installation Workbook to create the necessary Load Balancer/Reverse Proxy mappings:
These should be configured at the load balancer or reverse proxy that provides external access to Oracle Fusion Applications (for end-users and external integrations as shown in Table 5-7).
Table 5-7 External HTTP LBR Endpoints
External LBR Mapping for | Hostname on LBR/RP | Port on LBR/RP | Maps to (Node) | Maps to (Port) |
---|---|---|---|---|
Oracle Fusion Applications (for each component: Financial, Projects, Procurement, Supplier Portal, IC, Common, CRM, SCM, HCM, BI) |
Oracle Fusion Applications Installation Workbook , Network - Virtual Hoststab, HTTP LBR Endpoints table, External Name column (for each component) |
Oracle Fusion Applications Installation Workbook. Network - Virtual Hosts tab, HTTP LBR Endpoints table, External Port column (for each component) |
Oracle Fusion Applications Installation Workbook, Topology tab, Topology table, All nodes containing the component FA Web Tier |
Oracle Fusion Applications Installation Workbook , Network - Virtual Hosts tab, FA WebTier Virtual Hosts table, External Port column (for each component) |
Oracle Identity Management (IDM) |
Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, HTTP LBR Endpoints table, External Name column |
Oracle Fusion Applications Installation Workbook , Network - Virtual Hosts tab, HTTP LBR Endpoints table, External Port column |
Oracle Fusion Applications Installation Workbook , Topology tab, Topology table, All nodes containing the component IDM Web Tier |
Oracle Fusion Applications Installation Workbook , Network - Virtual Hosts tab, IDM WebTier Virtual Hosts table, External Port column |
The default configuration when using the load balancer option during Oracle Fusion Applications provisioning is for the source environment to also have internal endpoints at the load balancer. In this case, create also appropriate mappings. Note that internal and external Load Balancer/Reverse Proxy(s) may be different.
Table 5-8 Internal HTTP Endpoints
Internal LBR Mapping for | Hostname on LBR/RP | Port on LBR/RP | Maps to (Node) | Maps to (Port) |
---|---|---|---|---|
Oracle Fusion Applications (for each component: Financial, Projects, Procurement, Supplier Portal, IC, Common, CRM, SCM, HCM, BI) |
Oracle Fusion Applications Installation Workbook , Network - Virtual Hosts tab, HTTP LBR Endpoints table, Internal Name column (for each component) |
Oracle Fusion Applications Installation Workbook , Network - Virtual Hosts tab, HTTP LBR Endpoints table, Internal Port column (for each component) |
Oracle Fusion Applications Installation Workbook , Topology tab, Topology table, All nodes containing the component FA Web Tier |
Oracle Fusion Applications Installation Workbook , Network - Virtual Hosts tab, FA WebTier Virtual Hosts table, Internal Port column (for each component) |
Oracle Identity Management (IDM and IDM Admin) |
Oracle Fusion Applications Installation Workbook , Network - Virtual Hosts tab, HTTP LBR Endpoints table, Internal Name column (for each component) |
Oracle Fusion Applications Installation Workbook , Network - Virtual Hosts tab, HTTP LBR Endpoints table, Internal Port column (for each component) |
Oracle Fusion Applications Installation Workbook , Topology tab, Topology table, All nodes containing the component IDM Web Tier |
Oracle Fusion Applications Installation Workbook , Network - Virtual Hosts tab, IDM WebTier Virtual Hosts table, Internal Port column (for each component) |
In a highly-available or scaled-out topology, the load balancer is used to route requests to the various instances of Oracle Internet Directory and WebCenter Content. The communication protocol in this case is TCP (more specifically LDAP for OID).
Table 5-9 TCP/LDAP Endpoints
TCP LBR Mapping for | Hostname on LBR/RP | Port on LBR/RP | Maps to (Node) | Maps to (Port) |
---|---|---|---|---|
OID Identity Store (OID) |
Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, LDAP Endpoints table, Hostname column |
Oracle Fusion Applications Installation Workbook , Network - Virtual Hosts tab, LDAP Endpoints table, Port column |
Oracle Fusion Applications Installation Workbook, Topology tab, Topology table, All nodes containing the component IDM Identity and Access (or all nodes that contain OID) |
Oracle Fusion Applications Installation Workbook, Network - Ports tab, Identity Management Port Numbers table, Port Number column for Component OID |
UCM (Oracle WebCenter Content) |
Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, UCM LBR Endpoint table, Hostname column |
Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, UCM LBR Endpoint table, Port column |
Oracle Fusion Applications Installation Workbook, Topology tab, Topology table, All nodes containing the component FA Common Domain (or all nodes that contain the UCM_server Managed Server) |
UCM port is defined during Oracle Fusion Applications Provisioning (defaults to 7012 when Oracle Fusion Applications base port has the default value 7000) |
If the Oracle Fusion Applications environment is deployed in a topology where its tiers are separated by firewalls, configure the firewall to allow traffic through certain ports in order to install and use the environment.
For more information about different Oracle Fusion Applications topologies and tiers, see Oracle Fusion Applications Topologies.
Firewalls are normally found between the following tiers:
End User and Web Tier (DMZ)
Web Tier (DMZ) and Mid Tier
Mid Tier and IDM Directory Tier
Mid Tier and Database Tier
Table 5-10 lists the expected traffic between the different tiers in Oracle Fusion Applications. Use it with the Oracle Fusion Applications Installation Workbook and information about the environment's firewall configuration to determine which ports must be opened.
Table 5-10 Expected Traffic between different tiers in Oracle Fusion Applications
From | To | Ports | Protocol | Notes |
---|---|---|---|---|
End user |
External Load Balancer/ Reverse Proxy |
Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, HTTP LBR Endpoints table, External Port column (for each component) |
HTTP |
Applicable if a Load Balancer/ Reverse Proxy is used for external HTTP traffic |
End User |
FA Web Tier |
Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, FA WebTier Virtual Hosts table: FA WebTier Internal Port column (for each component) FA WebTier External Port column (for each component) |
HTTP |
Applicable if no Load Balancer/ Reverse Proxy is used |
End User |
IDM Web Tier |
Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, IDM WebTier Virtual Hosts table: IDM WebTier Internal Port column (for each component) IDM WebTier External Port column (for each component) |
HTTP |
Applicable if no Load Balancer/ Reverse Proxy is used |
External Load Balancer / Reverse Proxy |
FA Web Tier |
Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, FA WebTier Virtual Hosts table: FA WebTier Internal Port column (for each component) FA WebTier External Port column (for each component) |
HTTP |
Applicable if a Load Balancer/ Reverse Proxy is used for external HTTP traffic |
External Load Balancer / Reverse Proxy |
IDM Web Tier |
Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, IDM WebTier Virtual Hosts table: IDM WebTier Internal Port column (for each component) IDM WebTier External Port column (for each component) |
HTTP |
Applicable if a Load Balancer/ Reverse Proxy is used for external HTTP traffic |
FA Web Tier |
FA Mid Tier |
All AdminServer and Managed Server ports in all Oracle Fusion Applications WebLogic Domains |
HTTP / TCP(T3) |
T3 traffic: OHS registration with the AdminServers |
FA Web Tier |
IDM Application Tier |
Oracle Fusion Applications Installation Workbook, Network - Ports tab, Identity Management Port Numberstable, IDMDomain OAM AAA Server Port field |
TCP (OAP) |
OAP traffic: WebGate to OAM Server |
IDM Web Tier |
IDM Application Tier |
All AdminServer and Managed Server ports in the WebLogic IDMDomain field |
HTTP / TCP (T3) / TCP (OAP) |
T3 traffic: OHS registration with the AdminServers OAP traffic: WebGate to OAM Server |
FA Mid Tier |
IDM Web Tier |
If not using an Load Balancer/Reverse Proxy for Internal HTTP traffic: Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, IDM WebTier Virtual Hosts table, IDM WebTier Internal Port column (for IDM and IDM Admin) If using a Load Balancer/Reverse Proxy for Internal HTTP traffic: Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, HTTP LBR Endpoints table, Internal Port column (for IDM and IDM Admin) |
HTTP |
|
FA Mid Tier |
IDM Directory Tier |
Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, LDAP Endpoints table, Port and SSL Port columns for Policy Store (OID) |
TCP (LDAP) |
|
FA Mid Tier |
FA Mid Tier (via LBR) |
UCM port is defined during Oracle Fusion Applications Provisioning (defaults to 7012 when Oracle Fusion Applications base port is at the default value 7000) |
TCP |
Applicable only for HA environments where UCM has a load balancer as frontend |
IDM Mid Tier |
FA Web Tier |
If not using a Load Balancer/Reverse Proxy for Internal HTTP traffic: Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, FA WebTier Virtual Hosts table, FA WebTier Internal Port column (for HCM) If using a load balancer or reverse proxy for Internal HTTP traffic: Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, HTTP LBR Endpoints table, Internal Port column (for HCM) |
HTTP |
|
IDM Application Tier |
IDM Directory Tier |
Oracle Fusion Applications Installation Workbook, Network - Virtual Hosts tab, LDAP Endpoints table, Port and SSL Port columns for ODI Identity Store (OID) |
TCP (LDAP) |
|
FA Mid Tier |
FA Database |
Oracle Fusion Applications Installation Workbook, Database tab, FA Transactional Database table, Ports for each one of the FA DB Instances |
SQL*Net / JDBC |
|
FA Mid Tier |
IDM Database |
Oracle Fusion Applications Installation Workbook, Database tab, IDM Database table, Ports for each one of the IDM DB Instances |
SQL*Net / JDBC |
|
FA Mid Tier |
FA Data Warehouse Database |
Oracle Fusion Applications Installation Workbook, Database tab, FA Data Warehouse Database table, Ports for each one of the FA DW DB Instances |
SQL*Net / JDBC |
Applies only if a Data Warehouse database is used |
The provisioning repository contains all the installers required to provision a new Oracle Fusion Applications environment. Download the repository from the Oracle Fusion Applications Product Media Package to a preferred location (repository_location
).
The Oracle Identity Management Lifecycle Tools and the Oracle Fusion Applications provisioning wizard are packaged in the same Oracle Fusion Applications Media Packs downloaded from Oracle Software Delivery Cloud as detailed in Download from the Oracle Software Delivery Cloud Portal. Oracle Identity Management is in the idmlcm
folder and the Oracle Fusion Applications provisioning wizard is in the faprov
folder. When installing Oracle Identity Management ensure that the provisioning repository is accessible to the Oracle Identity Management hosts.
To set up a demilitarized zone (DMZ) for the web tier in the new environment, see Set Up a Demilitarized Zone (DMZ) for the Web Tier before creating the repository.
Oracle groups its software releases by product area. A Product Media Pack refers to those groupings. Each media pack may also include a zipped file containing electronic documentation files or Quick Install files, which facilitate the initial installation of the software.
For installations of Oracle Fusion Applications, have available the complete set of software contained in the product media pack. Individual pieces cannot be installed. Therefore, to install from media that is no longer available on Oracle Software Delivery Cloud, contact My Oracle Support to obtain the complete media pack.
After the software licensing agreements have been completed, obtain the Oracle Fusion Applications software using one of these two methods:
Oracle Software Delivery Cloud Portal: Provides a readme document that helps to determine which media is needed to fulfill the purchased license. Download only the necessary media. This is the default delivery method.
My Oracle Support: Provides a complete set of the software in DVD format. Use only the DVDs covered by thesoftware licensing agreement.
Using either method, obtain the Oracle Fusion Applications Provisioning repository and gain access to the Oracle Fusion Applications documentation library.
If Oracle Fusion Applications Release 12 Media Pack is downloaded for the following platforms, then use the following version (and above) of the UnZip / 7-Zip utility to extract the Oracle software to a preferred location (REPOSITORY_LOCATION). UnZip is freeware that is available at: http://www.info-zip.org
.
Linux x86-64 (64-bit) - Info-ZIP version 6.0
Oracle Solaris on SPARC (64-bit) - Info-ZIP version 6.0
Oracle Solaris on x86-64 (64-bit) - Info-ZIP version 6.0
Microsoft Windows x64 (64-bit) - 7-Zip version 9.20
The Microsoft Windows utility Xcopy does not copy long path names. Therefore, do not use Xcopy to copy Oracle Fusion Applications repositories and APPLTOP.
Resolution: Use Robocopy instead of Xcopy.
Windows: ROBOCOPY <source dir> <destination dir> /MIR
Go to the E-Delivery website and follow these instructions:
To use languages other than US English and install these languages during the initial installation process, perform the steps in this section.
Download the Oracle Fusion Applications NLS Release 12 software for each language to be installed. This is available from the NLS DVD media or from Oracle Software Delivery Cloud. The software for Release 12 is a zip file that contains a repository of the translated Oracle Fusion Applications files plus the installation utilities that are required to install the software.
Download the language pack repository to a preferred location. Extract the contents of all zipped files to the same target directory. This directory is referred to as REPOSITORY_LOCATION.
Order a complete set of the software in DVD format by contacting My Oracle Support. Use only the DVDs covered by the software licensing agreement.
On Solaris 11 hosts (Solaris on x86-64 systems), the OID startup may fail with core dump during Fusion Applications (FA) installation in Release 11.12.x.0.0. To resolve the OID startup failure, follow the below steps to patch the FA repository with the fix (not applicable for Solaris SPARC systems):
Download the OID bundle patch 25838345 from P4FA FOR FA REL 12.1 ONEOFFS SYSTEM PATCH 11.12.1.0.170628 from My Oracle Support.
Extract the patch bundle zip file into the following FA repository location:
<REPOSITORY_LOCATION>/installers/pltsec/patch
Oracle Fusion Applications require specific operating system packages and libraries in the hosts where the software is installed. During the preverify phase of provisioning an Oracle Fusion Applications environment as detailed in Provision a New Oracle Fusion Applications Environment, the Provisioning Wizard and the provisioning command line verifies if the hosts have the required packages, libraries, and other requirements such as swap space, free space, and kernel parameters. Any issues during the check are reported in the provisioning log. To perform the manual checks ahead of time, follow these steps after creating the provisioning repository.
For Database Host
Navigate to REPOSITORY_LOCATION/installer/database/Disk1
.
Run the command:
UNIX: ./runInstaller -executePrereqs -silent
Review the output located at: oraInventory/logs/installAction<timestamp>.log
. For example, oraInventory/logs/installActionyyyy-mm-dd_hh-mm-ssPM.log
.
Other Oracle Fusion Applications Hosts
Example 5-1 Sample Output
If any of the stated library (or package) is not found, obtain and install the library (or package) in order to continue after the preverify phase of the provisioning process.
Note: The list of libraries and version are example values. Thus, refer to the actual output from the environment for the correct values.
$$$$$DEBUG>>>>Packages Checking for binutils-2.17.50.0.6; found binutils-2.17.50.0.6-20.el5_8.3-x86_64. Passed Checking for compat-libstdc++-33-3.2.3-x86_64; found compat-libstdc++-33-3.2.3-61-x86_64. Passed Checking for compat-libstdc++-33-3.2.3-i386; found compat-libstdc++-33-3.2.3-61-i386. Passed Checking for elfutils-libelf-0.125; found elfutils-libelf-0.137-3.el5-x86_64. Passed Checking for elfutils-libelf-devel-0.125; found elfutils-libelf-devel-0.137-3.el5-x86_64. Passed Checking for gcc-4.1.1; found gcc-4.1.2-54.el5-x86_64. Passed Checking for gcc-c++-4.1.1; found gcc-c++-4.1.2-54.el5-x86_64. Passed Checking for glibc-2.5-12-x86_64; found glibc-2.5-107.el5_9.5-x86_64. Passed Checking for glibc-2.5-12-i686; found glibc-2.5-107.el5_9.5-i686. Passed Checking for glibc-common-2.5; found glibc-common-2.5-107.el5_9.5-x86_64. Passed Checking for glibc-devel-2.5-x86_64; found glibc-devel-2.5-107.el5_9.5-x86_64. Passed Checking for glibc-devel-2.5-12-i386; Not found. Failed <<<< Checking for libaio-0.3.106-x86_64; found libaio-0.3.106-5-x86_64. Passed Checking for libaio-0.3.106-i386; found libaio-0.3.106-5-i386. Passed Checking for libaio-devel-0.3.106; found libaio-devel-0.3.106-5-i386. Passed Checking for libgcc-4.1.1-x86_64; found libgcc-4.1.2-54.el5-x86_64. Passed Checking for libgcc-4.1.1-i386; found libgcc-4.1.2-54.el5-i386. Passed Checking for libstdc++-4.1.1-x86_64; found libstdc++-4.1.2-54.el5-x86_64. Passed Checking for libstdc++-4.1.1-i386; found libstdc++-4.1.2-54.el5-i386. Passed Checking for libstdc++-devel-4.1.1; found libstdc++-devel-4.1.2-54.el5-x86_64. Passed Checking for make-3.81; found make-1:3.81-3.el5-x86_64. Passed Checking for sysstat-7.0.0; found sysstat-7.0.2-12.0.1.el5-x86_64. Passed Check complete. The overall result of this check is: Failed <<<< Check Name:Kernel Check Description:This is a prerequisite condition to test whether the minimum required kernel parameters are configured. Checking for VERSION=2.6.18; found VERSION=2.6.18-348.4.1.0.1.el5. Passed Checking for hardnofiles=4096; found hardnofiles=327679. Passed Checking for softnofiles=4096; found softnofiles=327679. Passed Check complete. The overall result of this check is: Passed Kernel Check: Success. Checking for VERSION=2.6.18; found VERSION=2.6.18-348.4.1.0.1.el5. Passed Checking for hardnofiles=4096; found hardnofiles=327679. Passed Checking for softnofiles=4096; found softnofiles=327679. Passed Check complete. The overall result of this check is: Passed Check Name:GLIBC Check Description:This is a prerequisite condition to check whether the recommended glibc version is available on the system Expected result: ATLEAST=2.5-12 Actual Result: 2.5-107.el5_9.5 Check complete. The overall result of this check is: Passed GLIBC Check: Success. Expected result: ATLEAST=2.5-12 Actual Result: 2.5-107.el5_9.5 Check complete. The overall result of this check is: Passed
Install the Oracle Identity Management Lifecycle Tools and the Oracle Fusion Applications Provisioning Framework. Go to Install the Oracle Identity Management and Oracle Fusion Applications Provisioning Frameworks to get started.