Skip Headers
Oracle® Beehive Installation Guide
Release 1 (1.4) for Microsoft Windows (32-Bit)

Part Number E13792-02
Go to Documentation Home
Go to Book List
Book List
Go to Table of Contents
Go to Index
Go to Feedback page
Contact Us

Go to previous page
Go to next page
View PDF

19 Configuring Oracle Beehive Demilitarized Zone Instances

This module describes how to configure Oracle Beehive DMZ instances. It involves the following steps:


If you want to configure your DMZ instances with SSL, follow the directions described in "Configuring SSL with Oracle Beehive DMZ Instances" in "Configuring SSL" These steps involve configuring your entire Oracle Beehive deployment for SSL.

Step A: Configuring Oracle Wallet with Oracle Beehive DMZ Instances

Follow these steps on all DMZ instances. Refer to "Configuring TLS with Oracle Wallet" for more information about Oracle Wallet.

  1. Set the ORACLE_HOME environment variable to the Oracle home of the DMZ instance.

  2. Run the following command to create a wallet:

    <Oracle home of DMZ instance>\bin\orapki wallet create
      -wallet <Oracle home of DMZ instance>\Apache\Apache\conf\ssl.wlt\default
      -pwd <new password for wallet>


    The default Oracle Wallet directory is <Oracle home of DMZ instance>\Apache\Apache\conf\ssl\default. Alternatively, you may create a new Oracle Wallet in a different directory (by changing the value of the -wallet option..
  3. Edit the file <Oracle home of DMZ instance>\beehive\conf\ and change the value of WalletDir to the wallet directory you specified in the previous step:

      <Oracle home of DMZ instance>\\Apache\\Apache\\conf\\ssl.wlt\\default


    Escape colons (:) and backslashes (\) with a backslash. For example, if the location of your wallet is C:\DMZ\Apache\Apache\conf\ssl.wlt\default, then you would specify C\:\\DMZ\\Apache\\Apache\\conf\\ssl.wlt\\default in the file.

    When using path names from this file for other purposes, such as in a command line, remember to remove the backslash escape character.

  4. Edit the file <Oracle home of DMZ instance>\opmn\conf\opmn.xml and change the value of wallet-file to the wallet directory you specified in Step 2:

    <notification-server interface="ipv4">
      <!-- ... -->
      <ssl enabled="true"
        wallet-file="<Oracle home of DMZ instance>
  5. Restart the DMZ instance:

    opmnctl stopall
    opmnctl startall

Step B: Configuring Oracle Beehive DMZ Instances

  1. If you have not already done so, configure Oracle Wallet with your Oracle Beehive DMZ instance. Refer to "Step A: Configuring Oracle Wallet with Oracle Beehive DMZ Instances".

  2. If you have configured your Oracle Beehive DMZ instances for SSL, then ignore this step.

    By default, Oracle Beehive DMZ instances are configured to receive secure ONS notifications. If you specifically do not want to use SSL, you must configure ONS to receive non-SSL notifications.

    To do this, edit the file <Oracle home of DMZ instance>/opmn/conf/opmn.xml as follows in all Oracle Beehive DMZ instances. In the <ssl> element, set the enable attribute to false:

    <ssl enabled="false"
  3. Update the file <Oracle home of DMZ instance>\opmn\conf\opmn.xml as follows in all Oracle Beehive DMZ instances to add the topology definition for all Oracle Beehive (non-DMZ) application tiers that are part of this configuration:

      <!-- ... -->
        <nodes list="
          <Application tier 1 host name>:<OPMN remote port of application tier 1>,
          <Application tier 2 host name>:<OPMN remote port of application tier 2>,

    For example, if you have two Oracle Beehive application tiers with host names and and OPMN remote port numbers 6200 and 6300, respectively, add the following topology definition to the opmn.xml file in your DMZ instances:

      <!-- ... -->
        <nodes list=","/>


    Retrieve the OPMN port of an Oracle Beehive application tier from the file <Oracle Beehive home>\opmn\conf\opmn.xml (of a non-DMZ application tier). The OPMN port is specified by the remote attribute of the port element in the notification-server element.
  4. Restart each DMZ instance whose opmn.xml file you changed with the <Oracle home of DMZ instance>\opmn\bin\opmnctl command:

    opmnctl stopall
    opmnctl startall
  5. From every DMZ instance, retrieve the following values from the specified files:

    • <Oracle home of DMZ instance>\opmn\conf\opmn.xml:

      • opmn_request_port

      • opmn_remote_port

    • <Oracle home of DMZ instance>\beehive\conf\

      • bti_server_port

      • bti_unique_id (PersistentId)

      • NumberOfClientWorkers

  6. Open the following ports in your firewall:

    • OPMN ports between your DMZ instances and non-DMZ instances

    • AJP ports between your intranet and your DMZ instances: This is required for connectivity between Oracle HTTP Server (OHS) and OC4J. By default, Oracle Beehive OC4J instances listens on port numbers in the range 12501-12600. Oracle Beehive OC4J instances will try to listen on the lowest port number in this range.

      Consequently, you only have to open the range of ports 12501-12504. Ensure that no other applications on Oracle Beehive servers occupy this range. As long as these ports are not occupied, Oracle Beehive OC4J instances will listen on this range of ports.

    • If you have installed Oracle Beehive Integration for Zimbra, open two additional ports (12505-12506).


    You do not need to open any OPMN ports between your DMZ instances and any Oracle RAC database host(s).

    The AJP port number range is defined in the AjpPortMinValue and AjpPortMaxValue parameters in each of Oracle Beehive's managed OC4J components:

    beectl list_components --type ManagedOc4j
    Component type | Component identifier
    ManagedOc4j    |
    beectl list_properties --component
    Property name             | Property value
    AdminPassword             | [Protected Value]
    AdminUsername             | oc4jadmin
    AjpPortMaxValue           | 12600
    AjpPortMinValue           | 12501

    You may open a range of ports other than 12501-12504 (or 12501-12506 if you have installed Oracle Beehive Integration for Zimbra); however, you must make the necessary changes in the Oracle Beehive configuration.

  7. On any Oracle Beehive non-DMZ instance, but not on a DMZ instance, run the following commands:

    1. Add the first DMZ instance to the non-DMZ instance by calling the beectl add_dmz_home_instance command on a non-DMZ instance:

      beectl add_dmz_home_instance
        --hostname <Host name of first DMZ instance>
        --oracle_home <Oracle home of DMZ instance>
        --opmn_request_port <OPMN request port of first DMZ instance>
        --opmn_remote_port <OPMN remote port of first DMZ instance>
        --bti_server_port <BTI server port of first DMZ instance>
        --bti_unique_id <BTI unique ID of first DMZ instance>
        --no_of_client_workers <NumberOfClientWorkers from>
    2. After the successful completion of the beectl add_dmz_home_instance command, immediately run the command beectl activate_configuration on the same non-DMZ instance. Do not execute any other other beectl commands on any other non-DMZ instance.

    3. Repeat steps a and b for each of your other DMZ instances.

  8. Run the following command on all the other non-DMZ instances:

    beectl modify_local_configuration_files --log_level FINEST

Troubleshooting DMZ Configuration

If you receive an HTTP 404 error when accessing and HTTP resource from a DMZ instance, verify that you have properly configured your DMZ instances. Do this by running the command <Oracle home>/opmn/bin/opmnctl @cluster status from any Oracle Beehive instance. If you have properly configured your DMZ instances, then this command will display all your application tiers in your site.