The Enterprise Data Center Topology for Portal, Wireless, and Business Intelligence Applications distributes OracleAS components over multiple computers and tiers. Access to the computers in each tier is guarded by firewalls.
Web Server Tier DMZ: This tier is located just inside the outermost firewall. The load balancer gets requests from external users and forwards them to the two sets of computers in this tier. For each set, you should have at least two computers, to serve as a backup and also to improve performance. You can add more computers to each set as necessary. Internal users also access the Web servers running in this tier.
The computers in this tier run the following components:
One set of computers runs OracleAS Web Cache, Oracle HTTP Server, and Business Intelligence and Forms (or Portal and Wireless) instances. Oracle HTTP Server and OracleAS Web Cache handle requests for static objects and J2EE applications.
You deploy and run your applications on the Business Intelligence and Forms (or Portal and Wireless) instances. The applications can access business data in the Intranet tier. The instances access the OracleAS Metadata Repository in the Infrastructure DMZ for product metadata, security metadata, and management metadata.
If you are running OracleAS Portal, the oc4j_portal instance running the parallel page engine and the Oracle HTTP Server for the oc4j_portal instance must run on the same computer.
Another set of computers runs OracleAS Single Sign-On and Oracle Delegated Administration Services. OracleAS Single Sign-On authenticates internal and external users, and Oracle Delegated Administration Services enable users to edit their profiles in the Oracle Internet Directory.
Infrastructure DMZ: In this tier, you run all components of the OracleAS Infrastructure, except for OracleAS Single Sign-On and Oracle Delegated Administration Services, which run in the Web Server Tier DMZ.
OracleAS Metadata Repository contains security metadata, management metadata, and product metadata. The Business Intelligence and Forms (or Portal and Wireless) instance and the infrastructure components use the repository.
Oracle Internet Directory contains data for external and internal users. OracleAS Single Sign-On authenticates users based on the data in Oracle Internet Directory.
You can install the OracleAS Metadata Repository and the Oracle Internet Directory in a Real Application Clusters or cold failover cluster environment.
You install the OracleAS Infrastructure behind another firewall so that Web servers do not have direct access to other computers in the enterprise. The OracleAS Metadata Repository and Oracle Internet Directory contain critical data used by OracleAS instances.
Intranet: This tier contains the computers that run enterprise processes, including databases that contain the business data. The databases can be in a high availability environment such as Real Application Clusters or cold failover cluster. Applications running in the Web Server Tier DMZ can access the databases. If Web servers in the Web Server Tier DMZ become compromised, the intranet firewall prevents the Web servers from accessing the entire corporate intranet.