|
Oracle® Application Server Concepts
10g Release 2 (10.1.2) B13994-02 |
|
 Previous |
 Next |
|
Oracle® Application Server Concepts
10g Release 2 (10.1.2) B13994-02 |
|
|
Previous |
Next |
This chapter provides an overview of the Oracle Application Server Infrastructure. The topics include:
Oracle Application Server provides an industry standards-based application deployment platform and security and management facilities to simplify all aspects of application deployment. Oracle Application Server Infrastructure is a comprehensive deployment platform designed to streamline application deployment by leveraging a single security, directory, and product metadata framework for all applications.
Oracle Application Server Infrastructure includes the Oracle Identity Management infrastructure, which provides security life cycle management for network entities such as users, devices, processes, and applications. It provides a comprehensive, integrated security framework to support all Oracle Application Server components, as well as third party and custom applications deployed on Oracle Application Server. The framework is based on Oracle Application Server Single Sign-On for authentication, Oracle Internet Directory for authorization, user provisioning, password policy and delegated administration services, and directory integration and synchronization, and Oracle Application Server Certificate Authority to manage X.509v3 certificates supporting PKI-based (strong) authentication.
By providing an integrated infrastructure, Oracle Application Server reduces the time required to develop Internet applications, makes these applications more reliable when deployed, and lowers the total deployment cost.
Oracle Application Server Infrastructure is an installation type that provides centralized product metadata and security services, configuration information, and data repositories for middle tier installations. The middle tier instances typically use the Infrastructure for three main services:
Product Metadata Service: All of the product metadata required by the Oracle Application Server middle tier instances is bundled as part of the infrastructure. Product metadata is not accessed directly by customer applications. The Product Metadata Service is provided by Oracle Application Server Metadata Repository, which middle tier instances can use as a centralized component repository and leverage for product metadata lookups.
Identity Management Services: Identity Management Services provide a consistent security and identity management model for all Oracle Application Server applications. It also provides a single source of security metadata containing all administration and user privileges. Middle tier components use the Identity Management Services to increase security, centralize the authentication services, and manage passwords. The Identity Management Services are provided by the Oracle Identity Management infrastructure and its components.
Management Service: The Management Service in the Oracle Application Server Infrastructure is used to support the Distributed Configuration Management (DCM) tool. DCM stores information in the metadata repository.
Oracle Application Server Infrastructure contains the following components:
In addition to these components, dedicated Oracle HTTP Server and Oracle Application Server Containers for J2EE (OC4J) instances are also installed with Oracle Application Server Infrastructure. These instances are used by the various components of the Infrastructure to service requests.
Oracle Application Server Metadata Repository is an information store that enables both infrastructure and middle tier instances to manage and configure their components in an optimal way. Oracle Application Server Metadata Repository can be installed into either a new or an existing database. When you install the Metadata Repository into a new database, infrastructure installs an Oracle Enterprise Edition database server that contains the demo data, schemas, and metadata required by most of the Oracle Application Server middle tier instances. You can also choose to install the Metadata Repository and its associated data, schemas, and metadata into an existing database, using the Oracle Application Server Metadata Repository Creation Assistant tool.
There are two general types of data that can be stored in a database: customer or application data, and metadata. Customer or application data is user data created by a client application. It is accessed directly by the client application.
Metadata, by comparison, includes component-specific information that is accessed by the Oracle Application Server middle tier or Infrastructure components as part of their application deployment. The end user or the client application does not access this data directly. For example, a Portal application on the middle tier accesses the Portal metadata as part of the Portal page assembly aggregation. Metadata also includes demo data for many Oracle Application Server components.
The Oracle Application Server Metadata Repository stores three main types of metadata:
Management metadata
Identity Management metadata
Product metadata
Table 7-1 shows the Oracle Application Server components that store and use these types of metadata during application deployment.
Table 7-1 Metadata and Infrastructure Components
| Type of Metadata | Infrastructure Components Involved |
|---|---|
|
Distributed Configuration Management (DCM) |
|
|
Identity Management metadata |
Oracle Application Server Single Sign-On, Oracle Internet Directory, Oracle Application Server Certificate Authority |
|
Product metadata (includes demo data) |
Oracle Application Server Metadata Repository |
Oracle Application Server provides three middle tier install options. Oracle Application Server Metadata Repository is required for all installation types except for J2EE and Web Cache.
J2EE and Web Cache: Installs Oracle HTTP Server, Oracle Application Server Containers for J2EE, Web Cache, Web Services, UDDI, and Oracle Enterprise Manager Application Server Control. Installing Oracle Application Server Metadata Repository is optional, but recommended. Installing Oracle Application Server Infrastructure allows you to create database-managed OC4J clusters, and enables you to use Single Sign-On and other identity management protections available through the Infrastructure.
Portal and Wireless: Installs all components of J2EE and Web Cache, plus Portal, Ultra Search, and Wireless. Installing Oracle Application Server Metadata Repository is required.
Business Intelligence and Forms: Installs all components of J2EE and Web Cache, Portal and Wireless, plus Forms, Reports, Discoverer, and Personalization. Installing Oracle Application Server Metadata Repository is required.
Oracle Application Server Integration components, such as Oracle Application Server Integration B2B, Oracle Application Server Integration InterConnect, and Oracle Workflow are installed on top of any of these middle tier installation options.
Oracle Business Intelligence Discoverer and Oracle Content Management Software Developer Kit (CM SDK) are also installed separately in addition to one of the standard middle tier installations.
The Distributed Configuration Management (DCM) component enables you to manage middle tiers and the Identity Management Infrastructure, and stores its metadata in the Metadata Repository for the Portal and Wireless install options. For the J2EE and Web Cache install type, by default DCM uses a file-based repository. If you choose to associate the J2EE and Web Cache install type with an Infrastructure, the file-based repository is moved into the Metadata Repository, enabling database-managed Oracle Application Server clustering.
Within Oracle Application Server Metadata Repository, there is metadata for many Oracle Application Server components. Oracle Application Server Metadata Repository contains metadata for the following components:
Distributed Configuration Management (DCM)
Oracle Internet Directory
Oracle Application Server UDDI Registry (for Web Services)
Oracle Application Server Portal
Oracle Ultra Search
Oracle Application Server Single Sign-On
Oracle Application Server Wireless
Oracle Business Intelligence Discoverer
Oracle Application Server Integration
Oracle Workflow
Oracle Application Server Web Services
Online Analytical Processing (OLAP)
Oracle Application Server Certificate Authority
For information related to the metadata for each component, please see the Oracle Application Server Administrator's Guide.
Identity management is the process of managing the security life cycle for network entities in an organization, and most commonly refers to the management of an organization's application users. Oracle Identity Management is an integrated infrastructure that Oracle products use for centralized security in a complex multi-application or distributed processing environment. The Oracle Identity Management infrastructure includes the following components:
Oracle Internet Directory and its components
The following sections contain brief overviews of each Identity Management component. For more information on the Identity Management infrastructure, please see Chapter 11, "Security and Identity Management".
Oracle Application Server Single Sign-On enables users to access multiple Oracle Application Server applications with a single password. Using Single Sign-On, users can log in to Oracle Application Server and gain access to all applications for which they are authorized, without requiring them to re-enter a user name and password for each application. Oracle Application Server Single Sign-On retrieves user information from Oracle Internet Directory, and LDAP v3 compliant directory.
Oracle Internet Directory is the Oracle implementation of Lightweight Directory Access Protocol (LDAP), version 3. Application server instances, components, and infrastructures store security and management information in the directory. Oracle Internet Directory serves the Oracle Application Server environment by providing authentication and a centralized user provisioning model whereby you can create and manage users on an enterprise scale. It provides a single source of access to security administration information such as Oracle Application Server instance objects, Oracle Application Server instance configuration, Oracle Application Server component schema mappings, and application group information by components (such as Portal). When users log in, they are authenticated once by Oracle Application Server Single Sign-On against their OID credentials, and afterwards can access multiple applications seamlessly.
Directory Integration and Provisioning is a component of Oracle Internet Directory. It permits synchronization between Oracle Internet Directory and other directories; user repositories and automatic provisioning services for Oracle components; applications; and third-party applications through standard interfaces. Typically, provisioning an application means creating and managing separate user accounts and their privileges.
Delegated Administration Services is a component of Oracle Internet Directory. It allows users and application administrators to perform trusted proxy-based administration of directory information. You can assign administrative responsibilities according to business requirements, and control security policies for different components of the enterprise.
The Oracle Application Server Certificate authority manages and publishes X.509v3 certificates to support PKI-based (strong) authentication methods. OracleAS Certificate Authority also serves as an assertion services, since the certificates it generates are assertions about a network's identity and its entitlements.
Oracle Application Server Infrastructure provides centralized product metadata and security, configuration information, and data repositories for middle tier installations.
Figure 7-1 shows how the Oracle Application Server Infrastructure components work closely together to provide these services to the middle tier Oracle Application Server instances.
Figure 7-1 Oracle Application Server Infrastructure Components
Oracle Application Server Metadata Repository contains three types of metadata:
Product Metadata for middle tier instances
Management Metadata for Distributed Configuration Management
Security Metadata for Oracle Internet Directory and Oracle Application Server Single Sign-On
Oracle Application Server Single Sign-On uses Oracle HTTP Server, and the Delegated Administration Service uses the Infrastructure OC4J instance, which are part of the J2EE and Web Cache instance that is embedded in Oracle Application Server Infrastructure.
Oracle Application Server Single Sign-On stores user information in Oracle Internet Directory.
Oracle Application Server Infrastructure has several deployment architectures, which makes it easy to fit it into an existing enterprise deployment methodology. Some of the most frequently used deployment topologies for both Oracle Application Server Infrastructure itself and for applications which use Oracle Application Server Infrastructure are discussed in Chapter 12, "Recommended Topologies".
