Beta Draft

12 Oracle Beehive Post-Installation Procedures

Depending on the installation scenario you have chosen, your security requirements, the standards-based clients you want to use with Oracle Beehive, or any other issue particular to your deployment, perform one or more of the following procedures:

Using Oracle Beehive Command-Line Utility
Configuring Oracle Beehive to Listen on Ports Less Than 1024
Opening Ports Required by Oracle Beehive for FTP
Configuring DMZ Instances
Integrating and Synchronizing LDAP with Oracle Beehive
Configuring SSL
Configuring TLS
Configuring SSL for LDAP Integration
Enabling AJPS
Configuring Oracle Beehive E-mail
Configuring Oracle Secure Enterprise Search
Configuring Oracle Single Sign-On
Configuring External Oracle BPEL Process Manager with Oracle Beehive
Installing Oracle Beehive Integration for Outlook
Configuring Oracle Beehive Integration for Zimbra
Cloning Oracle Beehive
Performing Oracle Beehive Administration Console Post-Installation Procedures

Using Oracle Beehive Command-Line Utility

Many of the following post-installation procedures use the Oracle Beehive command-line utility beectl. For more information about beectl, refer to "Oracle Beehive Command-Line Utility" in Oracle Beehive Administrator's Reference Guide.

Configuring Oracle Beehive to Listen on Ports Less Than 1024

Follow one of these series of steps to change a port number to which Oracle Beehive listens to a privileged port number (less than 1024):

Changing HTTP Port
Changing Other Ports
Enabling BPEL Workflows to Use New Port Number

Changing HTTP Port

Follow these steps to change the HTTP port to 80 or HTTPS port to 443 (or any other port less than 1024):

As the root user, change the owner of .apachectl to the root user, set its user ID to root, and give all users permission to execute it::

chown root <Oracle home>/Apache/Apache/bin/.apachectl
chmod a+x <Oracle home>/Apache/Apache/bin/.apachectl
chmod a+s <Oracle home>/Apache/Apache/bin/.apachectl

Tip:

Alternatively, instead of changing to the root user, you may use the sudo command instead:

sudo chown root <Oracle home>/Apache/Apache/bin/.apachectl
sudo chmod a+x <Oracle home>/Apache/Apache/bin/.apachectl
sudo chmod a+s <Oracle home>/Apache/Apache/bin/.apachectl

Determine the name of the listening component and property name of the port you want to change. Run the beectl list_ports command to list all available ports (the --format option is optional):

beectl list_ports --format xml

...
   <row>
      <column name="Protocol">HTTP</column>
      <column name="Listening Port">7777</column>
      <column name="Virtual Port">7777</column>
      <column name="Defining Component">ohs_site1.example.com</column>
      <column name="Property Name">HttpListenPort</column>
      <column name="Listening Component">ohs_site1.example.com</column>
   </row>
   <row>
      <column name="Protocol">HTTPS</column>
      <column name="Listening Port">4443</column>
      <column name="Virtual Port">4443</column>
      <column name="Defining Component">ohs_site1.example.com</column>
      <column name="Property Name">HttpSslListenPort</column>
      <column name="Listening Component">ohs_site1.example.com</column>
   </row>

In the previous example, the HTTP (and HTTPS) listening component is ohs_site1.example.com. The property name of the HTTP port is HttpListenPort, and the property name of the HTTPS port is HttpSslListenPort.

Change the listening port with the beectl modify_property command with the appropriate listening component and property name. The following example changes the HTTP port to 80:
```
beectl modify_property
  --component ohs_site1.example.com --name HttpListenPort --value 80
```
Change the HTTP (or HTTPS) port number in the _VIRTUAL_SERVER component. The following example changes the HTTP port number. (Use the property name HttpSslPort to change the HTTPS port number):
```
beectl modify_property --component _VIRTUAL_SERVER --name HttpPort --value 80
```
Activate configuration and commit changes:
```
beectl activate_configuration
beectl modify_local_configuration_files
```
Note:
The beectl modify_local_configuration_files command will ask you to run this command on all your other instances. Do not run this command on all your other instances at this time. For each instance, perform steps 1 to 3 before running the beectl modify_local_configuration_files command.

Changing Other Ports

Follow these steps to change ports of Oracle Beehive-specific protocols such as BTP/BTPS, IMAP/IMAPS and SMTP.

Note:

If you are changing e-mail port numbers, refer to "Configuring E-Mail with SSL" for additional information about changing the ports that SMTP and IMAP listen to.

As the root user, change the owner of hasbind to the root user, set its user ID to root, and give all users permission to execute it:
```
chown root <Oracle home>/beehive/bin/hasbind
chmod a+x <Oracle home>/beehive/bin/hasbind
chmod a+s <Oracle home>/beehive/bin/hasbind
```
Note:
For hasbind to work, ensure that root only has write permission to the /etc directory, while all other users and groups have only read permission.
As the root user, create a text file named /etc/cap.ora (that contains the following, where instuser is the user who installed Oracle Beehive:
```
+user instuser: bind port 80
```
Ensure the owner and user ID of cap.ora is root, give root read and write access to it, and all other users only read access:
```
chown root /etc/cap.ora
chmod 644 /etc/cap.ora
```

Determine the name of the listening component and property name of the port you want to change. Run the beectl list_ports command to list all available ports (the --format option is optional):

beectl list_ports --format xml

...
   <row>
      <column name="Protocol">BTP</column>
      <column name="Listening Port">21401</column>
      <column name="Virtual Port">21401</column>
      <column name="Defining Component">SitewideBtiConfiguration</column>
      <column name="Property Name">ClientPort</column>
      <column name="Listening Component">BTI_site1.example.com</column>
   </row>
   <row>
      <column name="Protocol">BTPS</column>
      <column name="Listening Port">21451</column>
      <column name="Virtual Port">21451</column>
      <column name="Defining Component">SitewideBtiConfiguration</column>
      <column name="Property Name">SecureClientPort</column>
      <column name="Listening Component">BTI_site1.example.com</column>
   </row>

In the previous example, the BTP (and BTPS) listening component is BTI_site1.example.com. The property name of the BTP port is ClientPort, and the property name of the BTPS port is SecureClientPort.

Change the listening port with the beectl modify_property command with the appropriate listening component and property name. The following example changes the BTP port:
```
beectl modify_property
  --component BTI_site1.example.com --name ClientPort --value <new port number>
```
Change the appropriate property in the _VIRTUAL_SERVER component to the new port number. The following example changes the BTI port to the new port number (to list the properties of _VIRTUAL_SERVER, run the command beectl list_properties --component _VIRTUAL_SERVER):
```
beectl modify_property
  --component _VIRTUAL_SERVER
  --name BtiClientPort
  --value <new port number>
```
Activate configuration and commit changes:
```
beectl activate_configuration
beectl modify_local_configuration_files
```
Note:
The beectl modify_local_configuration_files command will ask you to run this command on all your other instances. Do not run this command on all your other instances at this time. For each instance, perform steps 1 to 3 before running the beectl modify_local_configuration_files command.

Enabling BPEL Workflows to Use New Port Number

If you changed the HTTP port number that Oracle Beehive listens to, follow these directions to enable BPEL workflows to use this new port number:

Modify the value element of the following properties in the file <Oracle home>/bpel/system/config/collaxa-config.xml to reflect the new HTTP port number:

clusterName
soapCallbackUrl
soapServerUrl

The following is an example:

<property id="clusterName">
     <name>Cluster Id</name>
     <value>www.example.com:80</value>
   </property>   
 
    <property id="soapCallbackUrl">
      <name>BPEL soap callback URL</name>
      <value>http://www.example.com:80</value>
    </property>   
   
    <property id="soapServerUrl">
      <name>BPEL soap server URL</name>
      <value>http://www.example.com:80</value>
    </property>

Restart the oc4j_soa component:
```
beectl restart --component oc4j_soa_instance1.example.com
```
Retrieve the component identifier of oc4j_soa with the beectl status command.
Re-deploy the SerialWorkflow and ParallelVoteWorkflow sample workflows by copying the jar files from <Oracle home>/beehive/seed/workflows into <Oracle home>/bpel/domains/default/deploy. Since the BPEL Process Manager is in auto-deploy mode, it will redeploy these processes after a few minutes.

Opening Ports Required by Oracle Beehive for FTP

If your Oracle Beehive instance is behind a firewall, ensure that the following ports are open in your firewall to enable FTP connections:

Table 12-1 Ports Required Open

Default Port Number	Property Name	Description
2121	Port	The FTP server listens at this port to accept new connections from clients
2120	DefaultDataPort	Port used by the FTP server in PORT (ACTIVE) mode to make active connections (outbound connections) to clients
12121	DataConnectionPort	In PASSIVE mode, the FTP server listens on a range of ports starting from DataConnectionPort to create new data connections, which will be used for data transfer operations. The property MaxDCPortCount indicates the number of ports in the range. For example, if the value of DataConnectionPort is 12121 and MaxDCPortCount is 10, then ensure that all the ports from 12121 to 12130 (inclusively) are open in your firewall.

Default Port Number

Property Name

Description

2121

Port

The FTP server listens at this port to accept new connections from clients

2120

DefaultDataPort

Port used by the FTP server in PORT (ACTIVE) mode to make active connections (outbound connections) to clients

12121

DataConnectionPort

In PASSIVE mode, the FTP server listens on a range of ports starting from DataConnectionPort to create new data connections, which will be used for data transfer operations.

The property MaxDCPortCount indicates the number of ports in the range.

For example, if the value of DataConnectionPort is 12121 and MaxDCPortCount is 10, then ensure that all the ports from 12121 to 12130 (inclusively) are open in your firewall.

You may change the value of these ports as well as the value of MaxDCPortCount.

To retrieve a list of all available ports, call the beectl list_ports command (the --format option is optional):

beectl list_ports --format xml

...
   <row>
      <column name="Protocol">FTP</column>
      <column name="Listening Port">2121</column>
      <column name="Virtual Port">2121</column>
      <column name="Defining Component">_FtpService</column>
      <column name="Property Name">Port</column>
      <column name="Listening Component">
        BTI_instance1.example.com</column>
   </row>
   <row>
      <column name="Protocol"></column>
      <column name="Listening Port">2120</column>
      <column name="Virtual Port"></column>
      <column name="Defining Component">_FtpService</column>
      <column name="Property Name">DefaultDataPort</column>
      <column name="Listening Component">
        BTI_instance1.example.com</column>
   </row>
   <row>
      <column name="Protocol"></column>
      <column name="Listening Port">12121</column>
      <column name="Virtual Port"></column>
      <column name="Defining Component">_FtpService</column>
      <column name="Property Name">DataConnectionPort</column>
      <column name="Listening Component">
        BTI_instance1.example.com</column>
   </row>
...

To retrieve a list of all the properties for the FTP service, call the beectl list_properties command:

beectl list_properties --component _FtpService
--------------------------------------------------------------------------
| Property Name              | Property Value                            |
--------------------------------------------------------------------------
| Port                       | 2121                                      |
| DataConnectionPort         | 12121                                     |
| ChannelSecurity            | PLAIN_AND_TLS                             |
| MaxDCPortCount             | 200                                       |
| DefaultCommandCharacterset | UTF-8                                     |
| SessionTimeout             | 900000                                    |
| UploadBufferSize           | 390144                                    |
| DMSInstrumentation         | false                                     |
| FtpServerEnabled           | true                                      |
| Site                       | _CURRENT_SITE                             |
| ServiceInstances           | instance_ftp_BEEAPP_instance1.example.com |
| ServiceApplication         | svcapp_ftp                                |
| Alias                      | _FtpService                               |
--------------------------------------------------------------------------

To change a property, call the beectl modify_property command:

beectl modify_property
  --component _FtpService
  --name Port
  --value <new port value>

To save the your changes and activate them, call the following commands:

beectl activate_configuration
beectl modify_local_configuration_files

Note:

The beectl modify_local_configuration_files command will ask you to run this command on all your other instances. Do not run this command on all your other instances at this time. For each instance, make your desired changes to the Port property and run beectl activate_configuration before running the beectl modify_local_configuration_files command.

Configuring DMZ Instances

Refer to "Configuring Oracle Beehive Demilitarized Zone Instances" for instructions on how to configure DMZ instances and Oracle Wallet with DMZ instances.

Integrating and Synchronizing LDAP with Oracle Beehive

Oracle Beehive user data may be mastered in Oracle Beehive User Directory Service (UDS) or in an external LDAP-based directory, such as Oracle Internet Directory. "Mastered" means that a master source is used as the point of reference to determine the correct value for any user account attribute, and this source is used for making any changes to any account details.

After you have installed and configured Oracle Beehive, you may synchronize your external LDAP-based directory with UDS so that you may continue to manage your users and groups through your LDAP server. For more information, refer to "Integrating and Synchronizing LDAP with Oracle Beehive".

Configuring SSL

Refer to "Configuring SSL" for information about configuring SSL with Oracle Beehive and DMZ instances.

Configuring TLS

Some services, such as XMPP, require a Transport Layer Security (TLS) encrypted communication channel. Use Oracle Wallet to provide this.

To configure Oracle Beehive with Oracle Wallet so that clients may access it with a TLS connection, refer to "Configuring TLS with Oracle Wallet".

Configuring SSL for LDAP Integration

After configuring LDAP and Oracle Wallet with Oracle Beehive, you may configure Oracle Beehive authentication with Certificate Authority verification. For more information, refer to "Configuring SSL for LDAP Integration".

Enabling AJPS

To enable secure Apache JServ Protocol (AJPS), which is used instead of HTTP for communication between Oracle HTTP Server and OC4J, refer to "Enabling AJPS".

Configuring Oracle Beehive E-mail

The default installation of Oracle Beehive includes a basic configuration of e-mail services. This configuration does not include any filtering, dispatch rules, relay configuration, attachment blocking, or other common settings. For detailed configuration options and procedures, refer to "Managing Oracle Beehive E-Mail" in Oracle Beehive Administrator's Guide.

To secure Oracle Beehive e-mail with SSL, refer to "Configuring E-Mail with SSL". This involves configuring Oracle Beehive and your e-mail client.

Configuring Oracle Secure Enterprise Search

Oracle Secure Enterprise Search 10g is a stand-alone enterprise search solution. It incorporates best-in-class indexing crawling and security capabilities to create a reliable and comprehensive search solution for any organization. Refer to "Configuring Oracle Secure Enterprise Search".

Configuring Oracle Single Sign-On

You may register Oracle Beehive as a partner application with Oracle Single Sign-On, which means that you may delegate the authentication function to the single sign-on server. Refer to "Configuring Single Sign-On with Oracle Beehive".

Configuring External Oracle BPEL Process Manager with Oracle Beehive

If you have an existing instance of Oracle BPEL Process Manager, you may configure Oracle Beehive to use it instead of the one that is included with Oracle Beehive. Refer to "Configuring External Oracle BPEL Process Manager with Oracle Beehive".

Installing Oracle Beehive Integration for Outlook

Oracle Beehive Integration for Outlook (OBIO) extends the functionality of Microsoft Outlook by providing Outlook users with unified access to Oracle Beehive-based collaborative features and data in a familiar environment.

OBIO is supported in Windows operating systems with the following versions of Microsoft Outlook:

Microsoft Outlook 2000
Microsoft Outlook 2002
Microsoft Outlook 2003
Microsoft Outlook 2007

OBIO requires installation on the computers of individual users. For information about installing OBIO, refer to "Installing Oracle Beehive Integration for Outlook".

Configuring Oracle Beehive Integration for Zimbra

Oracle Beehive Integration for Zimbra is available for Oracle Beehive Release 1 (1.3) and later.

Oracle Beehive Integration for Zimbra is installed in an Oracle home separate from Oracle Beehive. As a result, Oracle Beehive Integration for Zimbra acts like an application tier and should be configured as such.

If you have not configured TLS or SSL for your Oracle Beehive deployment, you do not need to perform any post-installation steps; simply install Oracle Beehive Integration for Zimbra as described in "Installing Oracle Beehive Integration for Zimbra".

If you have configured TLS or SSL for your Oracle Beehive deployment, follow these steps to install Oracle Beehive Integration for Zimbra (these steps are similar to "Configuring SSL with Real Certificates During Installation of Oracle Beehive"):

If you have configured SSL for your Oracle Beehive deployment, ensure that all your Oracle Beehive application tiers are configured for SSL, including DMZ instances. Refer to "Configuring SSL".
Perform a software only install for Oracle Beehive Integration for Zimbra.
Replace orapki and Oracle Wallet Manager (owm) binaries of Oracle Beehive Integration for Zimbra with those from your Oracle Beehive instance. Create a new wallet located in <Oracle Beehive Integration for Zimbra home>/Apache/Apache/conf/ssl.wlt/default. Refer to "Step 1: Creating Auto-Login Oracle Wallet" for directions to create a wallet.
If you are using real (CA-signed) certificates for your application tier wallets, perform this step.

Remove the test certificates using Oracle Wallet Manager from the wallets in <Oracle Beehive Integration for Zimbra home>/opmn/conf/ssl.wlt/default and <Oracle Beehive Integration for Zimbra home>/Apache/Apache/conf/ssl.wlt/default, if any. The order of removal should be (1) user certificate, (2) certificate request, and (3) trusted certificate. Refer to "Creating CA-Signed Certificate and Importing it into Wallet" for information about CA-signed certificates.
Run the Config Wizard for Oracle Beehive Integration for Zimbra and complete the configuration.
Configure TLS for Oracle Beehive Integration for Zimbra. Perform "Step 2: Configuring Oracle Beehive Instance to Use Oracle Wallet". (Note that you already created an auto-login wallet for Oracle Beehive Integration for Zimbra in a previous step.
If you are using real (CA-signed) certificates for your application tier wallets, perform this step.

Remove the test certificates using Oracle Wallet Manager from the wallets in <Oracle Beehive Integration for Zimbra home>/Apache/Apache/conf/ssl.wlt/default, if any.

Note:

Oracle Beehive Integration for Zimbra installation will fail if the default test certificates are still in the wallets of your Oracle Beehive instances. Configure TLS on the failed Oracle Beehive Integration for Zimbra home, as described in "Configuring TLS with Oracle Wallet", and click Retry from the Install Wizard.

Cloning Oracle Beehive

Cloning is the process of copying an existing installation to a different location while preserving its configuration. For more information, refer to "Cloning Oracle Beehive Application Tiers and Sites".

Performing Oracle Beehive Administration Console Post-Installation Procedures

Oracle Beehive Administration Console is available for Oracle Beehive Release 1 (1.3) and later.

If you have installed Oracle Beehive Administration Console, perform one or more of the procedures described in "Oracle Beehive Administration Console Post-Installation Procedures", depending on your security requirements or any other issue particular to your deployment.