Deploy Oracle E-Business Suite Cloud Manager on Oracle Cloud Infrastructure

This chapter covers the following topics:

Overview of Deploying Oracle E-Business Suite Cloud Manager

This chapter describes how to deploy Oracle E-Business Suite Cloud Manager version 23.3.1 on Oracle Cloud Infrastructure.

If you are performing a demo or are testing, you may be able to leverage the procedure provided in Oracle E-Business Suite Cloud Manager Deployment for Demo and Test Purposes to simplify tenancy preparation, Oracle E-Business Suite Cloud Manager deployment and configuration by taking advantage of an Oracle Marketplace stack.

Note: If you have deployed a previous version of Oracle E-Business Suite Cloud Manager and wish to upgrade to the latest version, you do not need to perform the tasks in this chapter. Instead, follow the instructions described in Update Oracle E-Business Suite Cloud Manager to Latest Version. Oracle strongly recommends that you upgrade to the latest version at your earliest convenience. To continue to use an older version of Oracle E-Business Suite Cloud Manager for a limited period, refer to the documentation included in My Oracle Support Knowledge Document 2363536.1, Oracle E-Business Suite on Oracle Cloud Tutorial Archive.

Before you provision your Oracle E-Business Suite environments, you must follow the instructions in Set Up Your Tenancy to Host Oracle E-Business Suite Environments. Setting up the tenancy includes creating a compartment, groups, policies, users, and network resources to support a specific purpose. For example, the purpose could be to support a function (such as production, development or test), to support a region, or to create any other desired tenancy segmentation (such as a business unit).

Before You Begin

Some of the instructions in this chapter will differ based on whether or not your tenancy uses Oracle Cloud Infrastructure Identity and Access Management (IAM) with identity domains. Note that:

To determine your type of tenancy, log in to your Cloud account and click the menu icon to open the navigation menu. From the console navigation menu, under Identity & Security, select Identity. If the Domains option is present under Identity, then your tenancy uses IAM with identity domains.

The following are four distinct categories of users referenced throughout this procedure and their roles:

Note: If you wish, an Oracle E-Business Suite Cloud Manager administrator can also perform the duties of the network administrator and an Oracle E-Business Suite administrator. This is appropriate if you are configuring the system for demonstration use, or in any other circumstance where a single database administrator (DBA) will be performing all these roles. To accomplish this, you will make this user a member of the network administrators group and Oracle E-Business Suite administrators group.

Note: Ensure you perform all the applicable instructions in each section before proceeding to the next section.

Create Oracle Cloud Infrastructure Accounts and Resources

In this section, the tenancy administrator performs all tasks as described.

  1. Create Compartments

  2. Create Groups

  3. Assign Policies

  4. Create Users with Oracle E-Business Suite Cloud Manager Administrator Privileges

Create Compartments

In this section, you will first map out your compartment topology and then create your compartment or compartments.

There are two types of compartments that we will refer to:

If you are giving a demonstration, you might choose to use one compartment for all components.

Oracle E-Business Suite Cloud Manager supports the use of nested compartments. The following depicts the compartment hierarchies that have been explicitly certified:

The following diagram depicts these compartment hierarchies:

Certified Compartment Hierarchies

the picture is described in the document text

To create each compartment, perform the following:

  1. While signed in to the Oracle Cloud Infrastructure Service Console, open the navigation menu and click Identity & Security. Under Identity, click Compartments.

  2. On the Compartments page, click Create Compartment.

  3. In the dialog window, enter the required details:

    • Name: Enter the compartment name. For example, network-compartment or ebscm-compartment.

    • Description: Enter a description of your choice.

    • Parent Compartment: Select the root compartment under which the new compartment will be created.

    • Click Create Compartment.

Create Groups

Depending on your tenancy type, perform the instructions in one of the following sections to create two groups in Oracle Cloud Infrastructure Identity and Access Management (IAM) and, if applicable, Oracle Identity Cloud Service (IDCS). The tenancy administrator is required to create the groups described in these sections.

The groups created in these sections are:

Create Groups for Tenancies Using IAM with Identity Domains

Perform the following steps to create the two groups for tenancies using IAM with identity domains:

  1. Open the navigation menu and click Identity & Security. Under Identity, click Domains.

  2. Select the root compartment in the Compartment drop-down list.

  3. Within the list of domains, click the link for the "Default" domain.

  4. Click Groups.

  5. Click Create group.

  6. In the dialog window, enter the required details:

    • Name: Enter the name for the group. For example, netadmin-grp and ebscmadmin-grp.

    • Description: Enter a description of your choice.

  7. Click Create.

Create Groups for Tenancies Using IAM without Identity Domains

Perform the following steps to create and map the two groups for tenancies using IAM without identity domains:

  1. Open the navigation menu and click Identity & Security. Under Identity, click Groups.

  2. Create each of your groups as follows:

    1. Click Create Group.

    2. In the dialog window, enter the required details:

      • Name: Enter the name for the group. For example, netadmin-grp and ebscmadmin-grp.

      • Description: Enter a description of your choice.

    3. Click Create.

  3. Create each of your groups in Oracle Identity Cloud Service as follows:

    1. Open the console navigation menu and click Identity & Security. Under Identity, click Federation.

    2. Click on the name of the identity provider that corresponds to Oracle Identity Cloud Service (IDCS).

    3. On the left hand side under Resources, click Groups.

    4. Click Create IDCS Group.

    5. In the dialog window, enter the required details:

      • Name: Supply a name for the group. For example, idcs-netadmin-grp and idcs-ebscmadmin-grp.

      • Description: Enter a description of your choice.

    6. Click Create.

  4. Within the same page, map the groups in Oracle Identity Cloud Service as follows:

    1. Click Group Mappings on the left hand side.

    2. Click Add Mappings.

    3. In the dialog window, select the Identity Provider group and the corresponding Oracle Cloud Infrastructure group from the drop-down lists. For example, idcs-netadmin-grp maps to netadmin-grp.

    4. Click + Another Mapping to add the second map. For example, idcs-ebscmadmin-grp maps to ebscmadmin-grp.

    5. Click Add Mappings.

Assign Policies

In this section, you will assign policies that allow for the proper permissions for administrators to manage and use the necessary compartments.

  1. Open the navigation menu and click Identity & Security. Under Identity, click Policies.

  2. Create a policy for the network compartment to allow network administrators to manage it and for Oracle E-Business Suite Cloud Manager administrators to use it:

    1. Select the network compartment from the Compartment drop-down list on the left.

    2. Click Create Policy.

    3. In the dialog window, enter the required details:

      • Name: Enter a name. For example, networkcompartment-policy.

      • Description: Enter a description of your choice.

      • In the Policy Builder section, click the Show manual editor toggle switch. In the provided text field, add each of the following policy statements, substituting appropriate values for the variables designated by angle brackets.

        Allow group <network administrators group> to manage virtual-network-family in compartment <network compartment>
        Allow group <Oracle E-Business Suite Cloud Manager administrators group> to use virtual-network-family in compartment <network compartment>

        If you plan to use the File Storage service for a shared file system for your Oracle E-Business Suite environments, then you must also add the following policy statement, substituting appropriate values for the variables designated by angle brackets.

        Allow group <network administrators group> to manage mount-targets in compartment <network compartment>
    4. Click Create.

  3. Create a policy for the Oracle E-Business Suite Cloud Manager compartment to allow Oracle E-Business Suite Cloud Manager administrators to perform operations on Oracle Cloud Infrastructure resources within it:

    1. Select the Cloud Manager compartment from the Compartment drop-down list.

    2. Click Create Policy.

    3. In the dialog window, enter the required details:

      • Name: Enter a name. For example, ebscmcompartment-policy.

      • Description: Enter a description of your choice.

      • In the Policy Builder section, click the Show manual editor toggle switch. In the provided text field, add each of the following policy statements, substituting appropriate values for the variables designated by angle brackets.

        Allow group <Oracle E-Business Suite Cloud Manager administrators group> to manage instance-family in compartment <Oracle E-Business Suite Cloud Manager compartment> 
        Allow group <Oracle E-Business Suite Cloud Manager administrators group> to manage load-balancers in compartment <Oracle E-Business Suite Cloud Manager compartment>
        Allow group <Oracle E-Business Suite Cloud Manager administrators group> to manage tag-namespaces in compartment <Oracle E-Business Suite Cloud Manager compartment>
        
    4. Click Create Policy.

  4. Create a policy for the tenancy to allow network administrators and Oracle E-Business Suite Cloud Manager administrators to perform operations on Oracle Cloud Infrastructure resources within it:

    1. Select the root compartment from the Compartment drop-down list.

    2. Click Create Policy.

    3. In the dialog window, enter the required details:

      • Name: Enter a name. For example, tenancy-policy.

      • Description: Enter a description of your choice.

      • In the Policy Builder section, click the Show manual editor toggle switch. In the provided text field, add each of the following policy statements, substituting appropriate values for the variables designated by angle brackets.

        Allow group <network administrators group> to inspect compartments in tenancy
        Allow group <Oracle E-Business Suite Cloud Manager administrators group> to inspect compartments in tenancy
        Allow group <Oracle E-Business Suite Cloud Manager administrators group> to inspect users in tenancy
        Allow group <Oracle E-Business Suite Cloud Manager administrators group> to inspect groups in tenancy
        Allow group <Oracle E-Business Suite Cloud Manager administrators group> to inspect dynamic-groups in tenancy

        Note: If your tenancy is using IAM with identity domains, you must also add the following policy statement:

        Allow group <Oracle E-Business Suite Cloud Manager administrators group> to use domains in tenancy

    4. Click Create Policy.

Create Users with Oracle E-Business Suite Cloud Manager Administrator Privileges

The steps to create users with Oracle E-Business Suite Cloud Manager administrator privileges depends on whether or not your tenancy uses IAM with or without identity domains. The tenancy administrator is required to create the users in these sections.

Create Users with Oracle E-Business Suite Cloud Manager Administrator Privileges for Tenancies Using IAM with Identity Domains

While logged on to the Oracle Cloud Infrastructure Service Console as the tenancy administrator, create users who will have Oracle E-Business Suite Cloud Manager administrator privileges as follows.

Repeat these steps for all users of your Oracle E-Business Suite Cloud Manager administrator group and network administrator group.

  1. Open the navigation menu, and click Identity & Security. Under Identity, click Domains.

  2. Select the root compartment in the Compartment drop-down list.

  3. Within the list of domains, click the link for the "Default" domain.

  4. On the left hand side, click Users.

  5. Click Create User.

  6. In the Create User dialog box, enter the following:

    • First Name: First name of the user.

    • Last Name: Last name of the user.

    • Username / Email: A valid email ID.

    • Groups: Select the group that corresponds to the user you are creating. For example, if you are creating the Cloud Manager administrator, select the Cloud Manager administrators group. If you are creating the network administrator, select the network administrators group.

  7. Click Create.

  8. Grant the newly created user the Application Administrator role by following the steps in Assigning Users to Roles in the Oracle Cloud Infrastructure Documentation.

Create Users with Oracle E-Business Suite Cloud Manager Administrator Privileges for Tenancies Using IAM without Identity Domains

For tenancies using IAM without identity domains, each Oracle E-Business Suite Cloud Manager administrator must have a federated user and non-federated user with the same name. This requirement is not applicable for Oracle E-Business Suite administrator users (DBAs).

Create Federated Users

While logged on to the Oracle Cloud Infrastructure Service Console as the tenancy administrator, create users who will have Oracle E-Business Suite Cloud Manager administrator privileges as follows.

Repeat these steps for all users of your Oracle E-Business Suite Cloud Manager administrator group and network administrator group.

  1. Open the navigation menu, click Identity & Security, and then select Identity Federation.

  2. Click on the name of an Identity Provider of type IDCS.

  3. On the left hand side under Resources, click Users.

  4. Click Create User.

  5. In the "Create IDCS User" dialog box, enter the following:

    • NAME: Enter a user name of your choice. This name must be in the format <firstname>.<lastname>@<domain>.

    • EMAIL: A valid email ID. Confirm this email in the following field.

    • FIRST NAME: First name of the user.

    • LAST NAME: Last name of the user.

    • GROUPS: Select the appropriate Oracle Identity Cloud Service group. For example, either idcs-netadmin-grp or idcs-ebscmadmin-grp.

  6. Click Create.

Create Non-Federated Users

While logged on to the Oracle Cloud Infrastructure Service Console as the tenancy administrator, create the Oracle E-Business Suite Cloud Manager administrator user as follows:

  1. Open the navigation menu and click Identity & Security. Under Identity, click Users.

  2. Click Create User.

  3. In the corresponding dialog box, supply the following:

    • NAME: Enter a user name of your choice. This user has to match the user you defined for the first Oracle E-Business Suite Cloud Manager administrator user. The name must be in the format <firstname>.<lastname>@<domain>.

    • DESCRIPTION: A description of your choice For example, "This is the Oracle E-Business Suite Cloud Manager administrator."

    • EMAIL: A valid email address.

  4. Click Create.

  5. Generate the user's password and provide it to the user, who will need it to perform tasks such as uploading API signing keys and generating SMTP credentials.

  6. Add the Oracle E-Business Suite Cloud Manager administrator to the Oracle E-Business Suite Cloud Manager administrators group. In our example, this is ebscmadmin-grp.

Create Network Resources for Deploying Oracle E-Business Suite Cloud Manager

Note: Regarding host name resolution, be aware of the following important notes:

  1. All virtual machines created by Oracle E-Business Suite Cloud Manager will have oraclevcn.com as the physical (network) host name.

  2. These physical host names will be resolvable within the VCN and subnet in which they were created.

  3. You can set the logical name (domain name) for these virtual machines as desired; however, these will be resolvable through the use of the /etc/hosts file only.

In this section, the network administrator performs all tasks as described.

First, you will create a new Virtual Cloud Network (VCN) using the steps in Create a Virtual Cloud Network.

Then dependent on the type of subnet you intend to use, either public or private, you will create associated network resources that will be used by your Oracle E-Business Suite Cloud Manager Compute instance:

Oracle E-Business Suite Cloud Manager and associated load balancers work in regional and availability domain specific subnets. These subnets can be either public or private. Oracle recommends using regional and private subnets.

In a production environment, if you are not using FastConnect or IPsec VPN we recommend you deploy a dedicated bastion server. This bastion server will be associated with a specific subnet that will be used as a bridge between the resources outside and inside Oracle Cloud Infrastructure. See Bastion Hosts: Protected Access for Virtual Cloud Networks for more information about the architecture of the bastion server.

Create a Virtual Cloud Network

Note: If you have an existing Virtual Cloud Network you want to use, skip this section and proceed to Create Network Resources for Use with Public Subnets if you intend to use public subnets. If you intend to use private subnets, proceed to Create Network Resources for Use with Private Subnets.

To create a new Virtual Cloud Network (VCN):

  1. Open the navigation menu. Click Networking, then click Virtual Cloud Networks.

  2. Click Create VCN and enter the required details for your VCN:

    • Name: Enter a name, such as ebscm-vcn.

    • Create in Compartment: Select your network compartment, created in Create Compartments.

    • IPv4 CIDR Blocks: Specify your choice of CIDR. For example, 10.0.0.0/16.

    • Under DNS Resolution, select Use DNS hostnames in this VCN.

  3. Click Create VCN.

  4. Now, you must review and potentially modify the default DHCP options for your VCN.

    If your EBS environments need to contact a server in your local network that requires DNS name resolution, you must ensure your DHCP options include a custom DNS resolver. To do so, perform the following steps:

    1. Navigate to the DHCP options for your VCN and click on the name of the VCN you have just created.

    2. Under Resources, select DHCP Options.

    3. Review the Default DHCP Options for your VCN.

      If the DNS type for your default DHCP Options is Internet and VCN Resolver, perform the following steps:

      1. Click Edit DHCP Options.

      2. Change to Custom Resolver.

      3. Enter 169.254.169.254 for the IP address of the DNS Server (Note: This IP address corresponds to Oracle's VCN resolver.)

      4. Select DNS Search Domain Type.

        If you set your DNS Search Domain Type to "Customer Search Domain", you must confirm that when querying for host names, your DNS search domain returns fully qualified domain names (FQDN).

        To do so, use the command hostname -f on any of your Oracle E-Business Suite nodes to validate the host names.

        If your DNS search domain configuration does not result in FQDNs, you must set your DNS Search Domain Type to "Subnet Search Domain".

Create Network Resources for Use with Public Subnets (Conditional)

Note: If you want to use private subnets for Oracle E-Business Suite Cloud Manager and load balancer, skip this section and proceed to Create Network Resources for Use with Private Subnets.

Create an Internet Gateway

To create an internet gateway:

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Open the navigation menu. Under Resources, select Internet Gateways.

  3. Click Create Internet Gateway and enter the required details for your internet gateway:

    • Name: Enter a name, such as ebscm-igw.

    • Create in Compartment: Select your network compartment, created in Create Compartments.

  4. Click Create Internet Gateway.

Create Route Tables

In this section, you will create two separate route tables, one for the Oracle E-Business Suite Cloud Manager Compute instance and one for the load balancer. In the following examples, we will use the names ebscm-RouteTable and lbaas-RouteTable, respectively.

Perform these steps twice: once for the Oracle E-Business Suite Cloud Manager Compute instance route tables and once for the load balancer route tables.

To create the route tables:

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Open the navigation menu. Under Resources, select Route Tables.

  3. Click Create Route Table and enter the required details for your route table:

    • Name: Specify a name, such as ebscm-RouteTable or lbaas-RouteTable.

    • Create in Compartment: Select your network compartment, created in Create Compartments.

  4. Click + Another Route Rule and enter the route rule details as follows:

    • Target Type: Select Internet Gateway.

    • Destination CIDR Block: 0.0.0.0/0

    • Compartment: Select your network compartment, created in Create Compartments.

    • Target Internet Gateway: Select the previously created gateway.

  5. Click Create.

Configure Network Security

In this section, you will establish network security either using network security groups (NSGs) or security lists.

Both NSGs and security lists use security rules to control traffic at the packet level. NSGs let you define a set of security rules that applies to a group of virtual network interface cards (VNICs) of your choice, while security lists let you define a set of security rules that applies to all the VNICs in an entire subnet.

Oracle recommends using NSGs instead of security lists because NSGs let you separate the VCN's subnet architecture from your application security requirements.

Follow the instructions in the applicable section to configure your method of network security:

Network Security Groups

To use network security groups (NSGs), create two separate NSGs. Their roles and some example names are shown in the following table:

Table 2-1 Network Security Groups
Component NSG Needed For Example NSG Name
EBS Cloud Manager Load Balancer ebscmlbaas-nsg
EBS Cloud Manager Virtual Machine ebscmvm-nsg

For more information, see Network Security Groups in the Oracle Cloud Infrastructure Documentation.

To create an NSG:

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Under Resources on the navigation menu at the left, select Network Security Groups.

  3. Click Create Network Security Group:

    • Name: Specify a name such as ebscmlbaas-nsg or ebscmvm-nsg.

    • Create in Compartment: Select your compartment name, such as network-compartment.

  4. Click Create.

Create Security Lists (Optional If Not Using NSGs)

If you are not using NSGs, in this section you will create two separate security lists: one for the Oracle E-Business Suite Cloud Manager Compute instance and one for the load balancer. In the following examples, we will use the names ebscmvm-seclist and ebscmlbaas-seclist, respectively.

To use security lists, create three to four separate security lists. Their roles and some example names are shown in the following table:

Table 2-2 Security Lists
Component Security List Needed For Example Security List Name
EBS Cloud Manager Virtual Machine ebscmvm-seclist
EBS Cloud Manager Load Balancer ebscmlbaas-seclist

Create the Oracle E-Business Suite Cloud Manager Virtual Machine Security List

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Open the navigation menu. Under Resources, select Security Lists.

  3. Click Create Security List and enter the required details for the security list:

    • Name: Specify a name such as ebscmvm-seclist.

    • Create in Compartment: Select your network compartment, created in Create Compartments.

Create the Load Balancer Security List

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Open the navigation menu. Under Resources, select Security Lists.

  3. Click Create Security List and enter the required details of your security list:

    • Name: Specify a name such as ebscmlbaas-seclist.

    • Create in Compartment: Select your network compartment, created in Create Compartments.

Create Security Rules

In this section, you will add the mandatory security rules shown in the following tables to the chosen security mechanism --either network security group or security list-- created in Configure Network Security.

Create Security Rules for the EBS Cloud Manager Virtual Machine

  1. Under Allow Rules for Ingress:

    1. Click + Another Ingress Rule.

    2. For the first ingress rule that is needed, modify the default rule as follows:

      • Source Type: CIDR

      • Source CIDR: Enter the CIDR of your choice.

      • IP Protocol: TCP

      • Source Port Range: All

      • Destination Port Range: 22

    3. For the second ingress rule that is needed, click + Another Ingress Rule and enter the following values:

      • Source Type: CIDR

      • Source CIDR: 0.0.0.0/0

      • IP Protocol: ICMP

      • Type: 3

      • Code: 4

    4. For the third ingress rule that is needed, click + Another Ingress Rule and enter the following values:

      • Source Type: CIDR

      • Source CIDR: Enter the CIDR of your LBaaS subnet, lbaas-subnet-ad1. For example, 10.0.1.0/24. Note that the subnet is created in the next step.

      • IP Protocol: TCP

      • Source Port Range: All

      • Destination Port Range: 8081

    5. For the fourth ingress rule that is needed, click + Another Ingress Rule and enter the following values:

      Note: Note that the fourth ingress rule is not required if a regional subnet is chosen for your public load balancer or if you are in a single availability domain region.

      • Source Type: CIDR

      • Source CIDR: Enter the CIDR of your LBaaS subnet, lbaas-subnet-ad2. For example, 10.0.1.0/24. Note that the subnet is created in the next step.

      • IP Protocol: TCP

      • Source Port Range: All

      • Destination Port Range: 8081

  2. Under Allow Rules for Egress, click + Another Egress Rule and modify the default rule as follows.

    • Destination Type: CIDR

    • Destination CIDR: 0.0.0.0/0

    • IP Protocol: TCP

    • Source Port Range: All

    • Destination Port Range: All

  3. Click Create Security List.

Create Security Rules for the EBS Cloud Manager Load Balancer

  1. Under Allow Rules for Ingress, click + Another Ingress Rule and enter the following values for the ingress rule that is needed:

    • Source Type: CIDR

    • Source CIDR: Enter the CIDR corresponding to the IP addresses of your client machines that will access the Cloud Manager UI.

    • IP Protocol: TCP

    • Source Port Range: All

    • Destination Port Range: 443 or other port of your choice. This port will be used in step 5 of Run Oracle E-Business Suite Cloud Manager Configure Script for the First Time, when prompting for the Load Balancer Listener Port.

  2. Under Allow Rules for Egress, click + Another Egress Rule and enter the following values for the egress rule that is needed:

    • Destination Type: CIDR

    • Destination CIDR: 0.0.0.0/0

    • IP Protocol: TCP

    • Source Port Range: All

    • Destination Port Range: All

  3. Click Create Security List.

Create Subnets

In this section, you will create the following new subnets:

You will need to specify your own names and parameters, but you can use the examples in the following two tables for guidance.

If you choose to use regional subnets, refer to the following example.

Note: The Security Lists column in the following table is labeled "optional" as it is not applicable if you are using NSGs.

Table 2-3 Regional Public Subnet Example Names and Parameters
Subnet Name CIDR Block Route Table Subnet Access Security List
(Optional)
ebscm-subnet-phx 10.0.0.0/24 ebscm-RouteTable Public subnet ebscmvm-seclist
lbaas-subnet-phx 10.0.1.0/24 lbaas-RouteTable Public subnet lbaas-seclist

If you choose to use availability domain-specific subnets, refer to the following example.

Note: The Security Lists column in the following table is labeled "optional" as it is not applicable if you are using NSGs.

Table 2-4 Availability Domain-Specific Public Subnet Example Names and Parameters
Subnet Name Availability Domain (AD) CIDR Block Route Table Subnet Access Security List
(Optional)
ebscm-subnet-ad1 AD-1 10.0.0.0/24 ebscm-RouteTable Public subnet ebscmvm-seclist
lbaas-subnet-ad1 AD-1 10.0.1.0/24 lbaas-RouteTable Public subnet lbaas-seclist
lbaas-subnet-ad2 AD-2 10.0.2.0/24 lbaas-RouteTable Public subnet lbaas-seclist

To create a new subnet:

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Open the navigation menu. Under Resources, select Subnets.

  3. Click Create Subnet, specifying your choice for the following parameters:

    • Name

    • Create in Compartment

    • Subnet Type: Select either the Regional (Recommended) or Availability Domain-Specific option. If you choose Availability Domain-Specific, select your availability domain.

    • IPv4 CIDR Block

    • Route Table: Ensure you choose a route table that has a target type of Internet Gateway.

    • Subnet Access: Select the Public Subnet option.

    • Security Lists: Select the security list that matches the subnet you are defining based on Table 3-3.

      Note: This parameter is not applicable if you are using NSGs.

  4. Click Create Subnet.

Create Network Resources for Use with Private Subnets (Conditional)

Note: If you plan to use public subnets for Oracle E-Business Suite Cloud Manager and a load balancer, do not perform the steps in this section. Instead, follow the steps in Create Network Resources for Use with Public Subnets.

When using private subnets, you could either:

Create a Network Address Translation (NAT) Gateway

To create a Network Address Translation, or NAT, gateway, perform the following steps:

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Open the navigation menu. Under Resources, select NAT Gateways.

  3. Click Create NAT Gateway and specify the following:

    • Name: Enter a name, such as ebscm-natgw.

    • Create in Compartment: Select your network compartment, created in Create Compartments.

  4. Click Create NAT Gateway.

Create a Service Gateway

To create a service gateway, perform the following steps:

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Open the navigation menu. Under Resources, select Service Gateways.

  3. Click Create Service Gateway and specify the following:

    • Create in Compartment: Select your network compartment created in Create Compartments.

    • Name: Enter a name, such as ebscm-srvgw.

    • Select "All <XXX> Services In Oracle Services Network" from the Services drop-down list. Note that XXX is a region-specific code such as IAD or LHR.

  4. Click Create Service Gateway.

Create Route Tables

In this section, you will create two separate route tables, one for the Oracle E-Business Suite Cloud Manager Compute instance and one for the load balancer. In the following examples, we will use the names ebscm-RouteTable and lbaas-RouteTable, respectively

Create the Route Table for Oracle E-Business Suite Cloud Manager Compute Instance

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Open the navigation menu. Under Resources, select Route Tables.

  3. Click Create Route Table and specify the following:

    • Create in Compartment: Select your network compartment, created in Create Compartments.

    • Name: Enter a name, such as ebscm-rtbl.

  4. Enable connectivity to object storage.

    Oracle E-Business Suite Cloud Manager requires access to object storage in the following two regions, in addition to your home region:

    • US West (Phoenix)

    • US East (Ashburn)

    You have two options to establish this connectivity:

    • Enable the connectivity using the NAT gateway by performing the following steps to add a route rule:

      Click + Another Route Rule and enter the route rule details as follows:

      • Target Type: Select NAT Gateway.

      • Destination CIDR Block: 134.70.0.0/16. Note that the 134.70.0.0/16 CIDR is required in order to connect to object storage.

      • Compartment: Select your network compartment created in Create Compartments.

      • Target NAT Gateway: Select the previously created NAT gateway.

    • Alternatively, work with your network administrator to add a route rule in your private network to enable connectivity to the following CIDR block: 134.70.0.0/16. You may also need to add firewall rules to allow connections to the following locations:

      • https://objectstorage.us-phoenix-1.oraclecloud.com/

      • https://swiftobjectstorage.us-phoenix-1.oraclecloud.com/

      • https://objectstorage.us-ashburn-1.oraclecloud.com/

  5. Click + Another Route Rule and enter route rule details as follows:

    • Target Type: Select NAT Gateway.

    • Destination CIDR Block: The CIDR for the Oracle Identity Cloud Service host being used. Note that the Oracle Identity Cloud Service host is of the format "idcs-xxxxxxxxxxxxxxxxxxxxxx.identity.oraclecloud.com". Use nslookup for getting the IP address of the Identity Cloud Service and derive the CIDR for the IP address to add the same here. In case the Oracle Identity Cloud Service CIDR changes, this rule must be updated as well.

    • Compartment: Select your network compartment created in Create Compartments.

    • Target NAT Gateway: Select the previously created NAT gateway.

  6. Click + Another Route Rule and enter route rule details as follows:

    • Target Type: Select Service Gateway.

    • Destination CIDR Block: Select "All <XXX> Services In Oracle Services Network". Note that XXX is a region-specific code such as IAD or LHR.

    • Compartment: Select your network compartment, created in Create Compartments.

    • Target Service Gateway: Select the previously created service gateway.

  7. (Optional) If you are using the Oracle Cloud Infrastructure Mailer service, click + Another Route Rule and enter route rule details as follows:

  8. Click Create.

Create the Route Table for Oracle E-Business Suite Cloud Manager Load Balancer

For this route table for the load balancer, no route rules will be added to this route table as it will be used as a placeholder in case we need to define any additional route rules at a later time. Note that for communication within the VCN, no route rules are needed.

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Open the navigation menu. Under Resources, select Route Tables.

  3. Click Create Route Table and specify the following:

    • Create in Compartment: Select your network compartment created in Create Compartments.

    • Name: Enter a name, such as ebscm-RouteTable.

  4. Click Create.

Configure Network Security

In this section, you will establish network security either using network security groups (NSGs) or security lists when using private subnets.

Both NSGs and security lists use security rules to control traffic at the packet level. NSGs let you define a set of security rules that applies to a group of virtual network interface cards (VNICs) of your choice, while security lists let you define a set of security rules that applies to all the VNICs in an entire subnet.

Oracle recommends using NSGs instead of security lists because NSGs let you separate the VCN's subnet architecture from your application security requirements.

Follow the instructions in the applicable section to configure your method of network security:

Network Security Groups

To use network security groups (NSGs), create two NSGs. Their roles and some example names are shown in the following table:

Table 2-5 Network Security Groups
Component NSG Needed For Example NSG Name
EBS Cloud Manager Load Balancer ebscmlbaas-nsg
EBS Cloud Manager Virtual Machine ebscmvm-nsg

For more information, see Network Security Groups in the Oracle Cloud Infrastructure Documentation.

To create an NSG:

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Under Resources on the navigation menu at the left, select Network Security Groups.

  3. Click Create Network Security Group:

    • Name: Specify a name such as ebscmlbaas-nsg or ebscmvm-nsg.

    • Create in Compartment: Select your compartment name, such as network-compartment.

  4. Click Create.

Security Lists (Optional If Not Using NSGs)

In this section, you will create two separate security lists, one for the Oracle E-Business Suite Cloud Manager Compute instance and one for the load balancer. In the following examples, we will use the names ebscmvm-seclist and lbaas-seclist, respectively.

To use security lists, create two separate security lists. Their roles and some example names are shown in the following table:

Table 2-6 Security Lists
Component Security List Needed For Example Security List Name
EBS Cloud Manager Virtual Machine ebscmvm-seclist
EBS Cloud Manager Load Balancer ebscmlbaas-seclist

Create the Oracle E-Business Suite Cloud Manager Virtual Machine Security List

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Open the navigation menu. Under Resources, select Security Lists.

  3. Click Create Security List and specify the following:

    • Create in Compartment: Select your network compartment, as created in Create Compartments.

    • Name: Specify a name such as ebscmvm-seclist.

Create the Load Balancer Security List

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Open the navigation menu. Under Resources, select Security Lists.

  3. Click Create Security List:

    • Create in Compartment: Select your network compartment created in Create Compartments.

    • Name: Specify a name, such as lbaas-seclist.

Create Security Rules for the EBS Cloud Manager Virtual Machine and Load Balancer

Create Security Rules for EBS Cloud Manager Virtual Machine

In this section, you will add the mandatory security rules shown in the following steps to the chosen security mechanism --either network security group or security list-- created in Configure Network Security When Using Private Subnets.

  1. Under Allow Rules for Ingress, click + Another Ingress Rule:

    1. For the first rule that is needed, modify the default rule as follows:

      • Source Type: CIDR

      • Source CIDR: The CIDR matching the IP address of the machine from which you plan to connect to Oracle E-Business Suite Cloud Manager, such as a bastion server.

      • IP Protocol: TCP

      • Source Port Range: All

      • Destination Port Range: 22

    2. For the second rule that is needed, click + Another Ingress Rule and enter the following values:

      • Source Type: CIDR

      • Source CIDR: VCN CIDR

      • IP Protocol: ICMP

      • Type: All

      • Code: All

    3. For the third rule that is needed, click + Another Ingress Rule and enter the following values:

      • Source Type: CIDR

      • Source CIDR: Enter the CIDR of your LBaaS subnet, lbaas-subnet-ad1. For example, 10.0.1.0/24. Note that the subnet is created in the next step.

      • IP Protocol: TCP

      • Source Port Range: All

      • Destination Port Range: 8081

  2. Under Allow Rules for Egress:

    1. Click + Another Egress Rule and enter the following values:

      • Destination Type: CIDR

      • Destination CIDR: 134.70.0.0/16. This particular CIDR is required to connect to object storage.

      • IP Protocol: TCP

      • Source Port Range: All

      • Destination Port Range: All

    2. Click + Another Egress Rule and enter the following values:

      • Destination Type: CIDR

      • Destination CIDR: CIDR for the Oracle Identity Cloud Service host being used

      • IP Protocol: TCP

      • Source Port Range: All

      • Destination Port Range: 443

    3. (Optional) If you are using the Oracle Cloud Infrastructure Mailer service, click + Another Egress Rule and enter the following values:

      • Destination Type: CIDR

      • Destination CIDR: CIDR for the Oracle Cloud Infrastructure SMTP service being used. See Obtain the CIDR for the Oracle Cloud Infrastructure SMTP Server for instructions on how to obtain this CIDR.

      • IP Protocol: TCP

      • Source Port Range: All

      • Destination Port Range: The SMTP server port you want to use. For example, 25 or 587.

    4. Click + Another Egress Rule and enter the following values:

      • Destination Type: Service

      • Destination CIDR: "All <XXX> Services In Oracle Services Network". Note that XXX is a region-specific code, such as IAD or LHR.

      • IP Protocol: TCP

      • Source Port Range: All

      • Destination Port Range: All

    5. Click + Another Egress Rule and enter the following values:

      • Destination Type: CIDR

      • Destination CIDR: VCN CIDR

      • IP Protocol: ICMP

      • Type: Leave this field blank.

      • Code: Leave this field blank.

    6. Click Create Security List.

Create Security Rules

In this section, you will add the mandatory security rules shown in the following steps to the chosen security mechanism --either network security group or security list-- created in Configure Network Security

  1. Under Allow Rules for Ingress, click + Another Ingress Rule and enter the following values for the ingress rule that is needed:

    • Source Type: CIDR

    • Source CIDR: The CIDR matching the IP address of the machine from which you plan to connect to Oracle E-Business Suite Cloud Manager, such as a bastion server.

    • IP Protocol: TCP

    • Source Port Range: All

    • Destination Port Range: 443 or other port of your choice. This port will be used in step 5 of Run Oracle E-Business Suite Cloud Manager Configure Script for the First Time, when prompting for the Load Balancer Listener Port.

  2. Under Allow Rules for Egress, click + Another Egress Rule and enter the following values for the egress rule that is needed:

    • Destination Type: CIDR

    • Destination CIDR: The CIDR matching the private IP of the Oracle E-Business Suite Cloud Manager VM's subnet.

    • IP Protocol: TCP

    • Source Port Range: All

    • Destination Port Range: 8081

  3. Click Create Security List.

Create Subnets

In this section, you will create the following new subnets:

You will need to specify your own names and parameters, but you can use the examples in the following two tables for guidance.

If you choose to use regional subnets, refer to the following example.

Note: The Security Lists column in the following table is labeled "optional" as it is not applicable if you are using NSGs.

Table 2-7 Regional Private Subnet Example Names and Parameters
Subnet Name CIDR Block Route Table Subnet Access Security List
(Optional)
ebscm-subnet-phx 10.0.0.0/24 ebscm-RouteTable Private subnet ebscmvm-seclist
lbaas-subnet-phx 10.0.1.0/24 lbaas-RouteTable Private subnet lbaas-seclist

If you choose to use availability domain-specific subnets, refer to the following example.

Note: The Security Lists column in the following table is labeled "optional" as it is not applicable if you are using NSGs.

Table 2-8 Availability Domain-Specific Private Subnet Example Names and Parameters
Subnet Name Availability Domain (AD) CIDR Block Route Table Subnet Access Security List
(Optional)
ebscm-subnet-ad1 AD-1 10.0.0.0/24 ebscm-RouteTable Private subnet ebscmvm-seclist
lbaas-subnet-ad1 AD-1 10.0.1.0/24 lbaas-RouteTable Private subnet lbaas-seclist

For each of the subnets you create, perform the following steps:

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Under Resources in the navigation menu on the left, select Subnets.

  3. Click Create Subnet, specifying your choice for the following parameters:

    • Name

    • Subnet Type: Select either Regional (Recommended) or Availability Domain-Specific. If you choose Availability Domain-Specific, select your availability domain.

    • IPv4 CIDR Block

    • Route Table

    • Subnet Access: Select Private Subnet or Public Subnet for the subnet you wish to create.

    • Security Lists: Select the security list that matches the subnet you are defining based on Table 2-6.

      Note: Specifying a security list is not necessary if you are using NSGs.

  4. Click Create Subnet.

Create Oracle E-Business Suite Cloud Manager Compute Instance

In this section, the Oracle E-Business Suite Cloud Manager administrator performs all tasks as described.

Follow the steps in this section to create and connect to a Compute instance (created using an image in the Oracle Cloud Infrastructure Console Marketplace) that will be used to host Oracle E-Business Suite Cloud Manager.

  1. Log in to the Oracle Cloud Infrastructure Service Console.

  2. Open the navigation menu. Under Marketplace, click All Applications.

  3. Then, select the Oracle E-Business Suite Cloud Manager image.

  4. In the Version drop-down list, ensure that the default of Oracle-EBS-Cloud-Manager-23.3.1-<date> is selected.

  5. Select the compartment where you plan to install Oracle E-Business Suite Cloud Manager. For example, ebscm-compartment.

  6. Review and accept the Oracle Standard Terms and Restrictions.

  7. Click Launch Instance.

  8. In the Create Compute Instance dialog box, specify the following:

    1. Under Name, enter your choice of name for your instance. For example, ebscm-instance.

    2. In Create in compartment, choose your compartment for your instance in the drop-down list.

    3. Under Availability Domain, make a suitable selection, based on the subnets you created previously, from the displayed options.

    4. Under Image, you will see the name of the Oracle Cloud Infrastructure Console Marketplace image: Oracle E-Business Suite Cloud Manager.

    5. Under Shape, select a suitable shape. To do so, click Change Shape. Then select your desired shape. For example, select Intel Skylake and then "VM.Standard 2.2".

    6. Under Primary VNIC Information:

      1. Locate the Network subsection, click the "Change Compartment" hyperlink, and select the compartment where your VCN resides. For instance, following our example in Create Compartments, you would select the compartment network-compartment.

      2. Also within the Network subsection, choose your VCN from the Select a Virtual Cloud Network drop-down list. For example, ebscm-vcn.

      3. Locate the Subnet subsection, click the "Change Compartment" hyperlink, and select the compartment where your VCN resides. For example, network-compartment.

      4. Also within the Subnet subsection, specify the Oracle E-Business Suite Cloud Manager subnet from the Select a subnet drop-down list. For example, ebscm-subnet-ad1.

      5. If the VM is associated with a public subnet and you want to assign a public IP address, select the Assign a public IPv4 address radio button.

      6. If you plan to use NSGs, perform the following steps to define the EBS Cloud Manager NSGs:

        1. Click Show advanced options.

        2. Under Advanced Options, select the Use network security groups to control traffic checkbox.

        3. Select the EBS Cloud Manager NSGs (for example, ebscmvm-nsg).

    7. Under Add SSH Keys, choose one of the following options for this procedure:

      1. Select the Generate a key pair for me radio button, then click the "Save Private Key" link to download the private key. Doing so allows the SSH connection to be established.

      2. Alternatively, select the Upload public key files (.pub) radio button and then drag and drop the file or browse to specify the file containing your SSH public key generated previously.

      3. Another option is to select the Paste public keys radio button and paste the SSH public key content in the text field provided, using the content of the public key generated previously.

    8. Leave the values in the Configure Boot Volume section unselected in order to accept the default volume size.

  9. Click Create.

    Once the instance is created (provisioned), details of the new instance will appear on the screen. Full details, including IP addresses, can also be viewed by clicking on the instance name in the instance list.

    When the Oracle E-Business Suite Cloud Manager instance is fully provisioned and running, you can connect to it by following the instructions in Connecting to an Instance in the Oracle Cloud Infrastructure Documentation.

Configure Oracle E-Business Suite Cloud Manager Compute Instance

In this section, the Oracle E-Business Suite Cloud Manager administrator and tenancy administrator perform all the tasks as described.

Follow the instructions in this section to configure your Oracle E-Business Suite Cloud Manager Compute instance. You will perform many of these operations from the Oracle Cloud Infrastructure Service Console.

Configure Authentication API Keys

  1. If you do not have one already, generate an API signing key and associated fingerprint that will be used by the configuration and networking scripts in subsequent sections. Oracle E-Business Suite Cloud Manager does not support API signing keys with passphrases, so you must generate an API signing key with no passphrase. Reference the Oracle Cloud Infrastructure Documentation site, following the instructions under To Generate an API Signing Key Pair.

  2. Add the public key for the Oracle E-Business Suite Cloud Manager administrator user by performing the following steps:

    1. Log in to the Oracle Cloud Infrastructure Service Console as the Oracle E-Business Suite Cloud Manager administrator user created previously in Create Users with Oracle E-Business Suite Cloud Manager Administrator Privileges.

    2. Click the user avatar icon, labeled with your name.

    3. If you are using tenancies using IAM with identity domains, select My Profile from the context menu.

      If you are using tenancies using IAM without identity domains, select User Settings from the context menu.

    4. Open the navigation menu. Under Resources, click API Keys. Then, click Add Public Key.

    5. Select the Paste Public Keys radio button.

    6. Paste the contents of the API public key in the dialog box and click Add. The key's fingerprint is displayed.

    7. Copy the Oracle Cloud Infrastructure API private PEM key file to the Oracle E-Business Suite Cloud Manager Compute instance. The file must be placed in a directory owned by the oracle user, for example /u01/install/APPS/.oci. The fully qualified path to the Oracle Cloud Infrastructure API private PEM key file will be needed for running configure.pl in Run Oracle E-Business Suite Cloud Manager Configure Script for the First Time.

Identify Credential Required for Configuration Steps

While still logged into the Oracle Cloud Infrastructure Service Console, identify and record the OCID of your tenancy. You will need to provide this credential when you run the Oracle E-Business Suite Cloud Manager configure.pl script.

  1. Open the navigation menu and select Governance & Administration. Under Account Management, click Tenancy Details.

  2. Click Copy to copy the OCID of the tenancy into your clipboard, and record this value for use in the next section.

Run Oracle E-Business Suite Cloud Manager Configure Script for the First Time

The Oracle E-Business Suite Cloud Manager administrator performs the tasks in this section.

  1. Connect to your Oracle E-Business Suite Cloud Manager Compute instance using SSH.

  2. As the oracle user, run the configure.pl script:

    $ sudo su - oracle
    $ cd /u01/install/APPS/apps-unlimited-ebs/bin
    $ perl configure.pl

    Note the creation of the session-specific log file, which will have the format shown in the following example:

    Log File : /u01/install/APPS/apps-unlimited-ebs/out/configure_<date>_<time>.log
  3. When prompted, enter an Oracle E-Business Suite Cloud Manager admin password and enter your user details required for authentication:

    Enter New Oracle E-Business Suite Cloud Manager Admin Password :
    Re-enter New Oracle E-Business Suite Cloud Manager Admin Password : 
    
    Enter Oracle E-Business Suite Cloud Manager Admin User OCID (Non-Federated) : ocid1.user.oc1..xxxxxxxxxx
    Enter Full path to API Private Signing Key            : /u01/install/APPS/.oci/oci_api_key.pem
    Enter Tenancy OCID                                    : ocid1.tenancy.oc1..xxxxxxxxxx

    Note: The password should contain at least one of these special characters: _ (underscore), # (hash), or $ (dollar). This password is used by the Oracle E-Business Suite Cloud Manager administrator to connect to the Cloud Manager database, and to run subsequent scripts.

  4. You will now be prompted for the Oracle E-Business Suite Cloud Manager Administrator Group. This example shows a group called ebscmadmin-grp being selected from the list of available choices.

    Available Groups from OCI for provided User:
    
    Group Name            Description
    ----------            -----------
    1: ebsdevdba-grp      EBS Dev DBA Group
    2: ebscmadmin-grp     EBS Cloud Manager Admin Group
    3: ebsdemodba-grp     EBS Test DBA Group
    4: ebsqadba-grp       EBS QA DBA Group
    
    Choose Oracle E-Business Suite Cloud Manager Administration group from above list: 2
  5. You will now be asked if you wish to use an existing load balancer:

    Do you wish to use an existing load balancer?
    
    1: Yes
    2: No
    
    Enter your choice: 1
    • If you choose option 1 (Yes), you will be asked to choose a load balancer from a list such as shown in this example. Note that the available load balancers reside in the same VCN and the same compartment as the Oracle E-Business Suite Cloud Manager VM.

      Available Load Balancers
      
      1: demolbaas1
      2: demolbaas2
      
      Choose a load balancer from the above list: 1

      Note: If you choose an existing load balancer, then the configure.pl script creates the necessary new resources under that load balancer, including "listener", "backend set", "backend", and "certificate". The creation of the new resources will not affect any existing resources under that load balancer.

    • Otherwise, if you choose option 2 (No), indicating that you wish to create a new load balancer, you will need to choose a load balancer visibility type, shape, and the subnets in which to place the load balancer. Example screens are shown as follows.

      • Choose the load balancer visibility type:

        Choose Load Balancer Visibility Type:
        
        1: Public
        2: Private
        
        Enter your choice: 1

        Select option 1 (Public) or option 2 (Private) for the load balancer visibility type.

      • Enter the bandwidth for the flexible shape load balancer:

        Choose Size of Bandwidth for Flexible Shape Load Balancer:
        
        Enter Minimum Bandwidth in Mbps                                                  : 10
        Enter Maximum Bandwidth in Mbps                                                  : 10
      • Subnets in which to place the load balancer (as defined in Create Network Resources for Use with Public Subnets or Create Network Resources for Use with Private Subnets):

        Available List of Subnets
        
        Regional ( recommended ):
        ------------------------------
        1: lbaas-subnet-phx    
        
        Availability Domain: CQIl:PHX-AD-1
        ------------------------------
        2: lbaas-subnet-ad1
        
        Availability Domain: CQIl:PHX-AD-2
        ------------------------------
        3: lbaas-subnet-ad2
        4: othersubnet1
        
        Availability Domain: CQIl:PHX-AD-3
        ------------------------------
        5: othersubnet2
        6: othersubnet3
        7: othersubnet4
        
        Choose subnet from above list: 1
        
        • If you are in a single availability domain region, your screen will show only two subnet groupings, one for regional subnets and one for your single availability domain.

        • When creating a public load balancer, only public subnets are listed.

        If you are in a multiple availability domain region and you choose an availability domain-specific public subnet (options 2 to 7 in the previous example), and not a regional subnet (option 1 in the previous example), you will be prompted for a second availability domain-specific subnet for the HA load balancer, as shown.

        Choose AD Specific HA subnet from above list: 6 
      • When prompted, enter the load balancer listener port:

        Enter Load Balancer Listener Port : 443
      • When prompted, enter the CIDR range information to access the load balancer port:

        Enter CIDR Block (Range) from which Client can Access Load Balancer Listener Port: 192.0.2.0/24
  6. Review the summary screen containing the information you specified earlier for Oracle E-Business Suite Cloud Manager.

    ----------------------------------------------------------------------------------------
    Summary of Inputs
    ----------------------------------------------------------------------------------------
    Oracle E-Business Suite Cloud Manager User Name ( Non Federated ) : xxxx.xxxxx@example.com
    Oracle E-Business Suite Cloud Manager User OCID ( Non Federated ) : ocid1.user.oc1..xxxxxxxxxxx
    Fingerprint of API Public Key : xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
    Path to Private PEM key file : /u01/install/APPS/.oci/oci_api_key.pem
    Tenancy OCID : ocid1.tenancy.oc1..xxxxxxxxxxxxxx
    Oracle E-Business Suite Cloud Manager VM Compartment Name : ebscm-compartment
    Oracle E-Business Suite Cloud Manager VM Compartment OCID : ocid1.compartment.oc1..xxxxxxxxxxxxxxx
    Oracle E-Business Suite Cloud Administrator Group Name : ebscmadmin-grp
    Oracle E-Business Suite Cloud Administrator Group OCID : ocid1.group.oc1..xxxxxxxxxxxxxxxxxxxx
    Network Compartment Name : network-compartment
    Network Compartment OCID : ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxx
    Network VCN Name : ebscm-vcn
    Network VCN OCID : ocid1.vcn.oc1.phx-subnet.xxxxxxxxxxxxxxxxxxxxxxxxxx
    Use an existing Load Balancer : false
    Load Balancer Listener Port : 443
    CIDR Block (Range) from which Client can Access Load Balancer Listener Port : 192.0.2.0/24
    Load Balancer Visibility Type : Public
    Load Balancer Shape : flexible
    Load Balancer Minimum Bandwidth in Mbps: 10
    Load Balancer Maximum Bandwidth in Mbps: 10
    Load Balancer Subnet Name : Public
    Load Balancer Subnet OCID : ocid1.subnet.oc1.phx-subnet1.xxxxxxxxxxxxxxxxxxxx
    Load Balancer Subnet CIDR : 10.0.3.16/28
    ----------------------------------------------------------------------------------------
    
    
    Do you wish to continue?
    
    1: Yes
    2: No
    
    Enter your choice: 1

    If you are satisfied with the values shown, enter option 1 to proceed.

  7. You will then see a screen containing a success message, similar to the following example, plus the load balancer URL you will need later.

    ========================================================================================================
    Load Balancer demolbaas1 configuration completed. Review screen messages above to determine if security rules are missing and must be added in order to access the load balancer URL.
    ========================================================================================================
    ========================================================================================================
    Register confidential application in IDCS with the URL: https://xxx.xxx.xx.xxx:xxx and then re-run this script to update your IDCS configuration.
    ========================================================================================================
    

Register Oracle E-Business Suite Cloud Manager as a Confidential Application

In this section, you will register Oracle E-Business Suite Cloud Manager as a confidential application. Depending on the tenancy you are using, follow the applicable set of instructions:

Register Cloud Manager as a Confidential Application in Tenancies Using IAM with Identity Domains

As an Oracle E-Business Suite Cloud Manager administrator who has been previously granted the Application Administrator role (in Create Users with Oracle E-Business Suite Cloud Manager Administrator Privileges), register Oracle E-Business Suite Cloud Manager as a confidential application using the following steps.

  1. Open the navigation menu and click Identity & Security. Under Identity, click Domains.

  2. Select the root compartment in the Compartment drop-down list.

  3. Within the list of domains, click the link for the "Default" domain.

  4. Click Applications in the menu on the left.

  5. Click Add application.

  6. Select Confidential Application in the dialog box.

  7. Click Launch Workflow.

  8. Under Add application details, enter the following:

    • Name: Enter a name.

    • Description: Enter a description.

  9. Click Next.

  10. Under Configure OAuth:

    1. Click Configure this application as a client now.

    2. Under Allowed Grant Types, select the following options:

      • Client Credentials

      • Refresh Token

      • Authorization Code

      Additionally, if you plan to create standby environments or to upgrade environments from Oracle E-Business Suite Release 12.1 to Release 12.2, select the Resource Owner option.

    3. Redirect URL: This is the load balancer URL from step 7 of Run Oracle E-Business Suite Cloud Manager Configure Script for the First Time in the following format: <Your Load Balancer URL>/cm/auth/callback. For example: https://xxx.xxx.xx.xxx:xxx/cm/auth/callback

    4. Post-Logout Redirect URL: <Your Load Balancer URL>/cm/ui/index.html?root=login. For example: https://xxx.xxx.xxx.xxx:xxx/cm/ui/index.html?root=login

    5. Logout URL: Leave this field empty.

    6. Under Client Type, ensure that the Confidential radio button is selected.

    7. Select the Introspect option for Allowed Operations.

    8. Under Token Issuance Policy, select the Add app roles checkbox.

      1. Click Add roles.

      2. Select Authenticator Client and Me.

      3. Click Add, and then click Next.

  11. Under Configure policy, click Finish.

  12. Make a note of the following values under General Information:

    • Client ID

    • Client secret (In order to view, click Show secret.)

  13. Click Activate and confirm to activate the confidential application.

  14. Record your Oracle Identity Cloud Service Client Tenant value. This is found in the Overview of the default domain under the Domain Information section. It is seen as part of the URL found in Domain URL, after the "//" and before ".identity.oraclecloud.com". It begins with the characters "idcs-", followed by a string of numbers and letters in the format idcs-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. Copy the value for use in the next section.

Register Cloud Manager as a Confidential Application in Tenancies Using IAM without Identity Domains

Grant the Oracle Identity Cloud Service Application Administrator Role to the Cloud Manager Administrator

As a tenancy administrator, grant the Oracle Identity Cloud Service application administrator role to the Oracle E-Business Suite Cloud Manager administrator user (created in Create Users with Oracle E-Business Suite Cloud Manager Administrator Privileges).

  1. Open the navigation menu. Under Identity, click Federation.

  2. Click on the identity provider.

  3. Click on the link for the Oracle Identity Cloud Service Console.

  4. In the navigation menu, under Security, click Administrators.

  5. Scroll down to the Application Administrator section and expand it. Within this section, perform the following:

    1. Click + Add.

    2. In the Add Users to the Administrator Role dialog window, select the user created previously created in Create Users with Oracle E-Business Suite Cloud Manager Administrator Privileges.

    3. Click OK.

  6. Log out.

Register the Application

  1. Open the Welcome email that was received as a result of your user created in Create Users with Oracle E-Business Suite Cloud Manager Administrator Privileges.

  2. Click Activate Your Account in the email.

  3. Enter a new password, confirm, and click Submit.

  4. Navigate to the My Services dashboard at https://myservices-<your tenancy name>.console.oraclecloud.com/mycloud/cloudportal/dashboard and click Sign In.

  5. Click your user avatar icon, labeled with your name, in the top right corner. This will display a drop-down menu.

  6. Select My Home from the drop-down menu to display the My Oracle Services page.

  7. On the My Oracle Services page, search and click Admin Console. This will display the Oracle Identity Cloud Service Administration Console.

  8. In the Applications tile, click the icon to Add an Application.

  9. Select Confidential Application. This takes you to the Add Confidential Application page.

  10. Under Details, enter the following:

    • Name: Enter a name such as Oracle E-Business Suite Cloud Manager.

    • Description: Enter a description.

  11. Click Next.

  12. Under Client:

    1. Select Configure this application as a client now.

    2. Under Allowed Grant Types, select the following options:

      • Client Credentials

      • Refresh Token

      • Authorization Code

      Additionally, if you plan to create standby environments or to upgrade environments from Oracle E-Business Suite Release 12.1 to Release 12.2, select the Resource Owner option.

    3. Redirect URL: This is the load balancer URL from step 7 of Run Oracle E-Business Suite Cloud Manager Configure Script for the First Time in the following format: <Your Load Balancer URL>/cm/auth/callback. For example: https://xxx.xxx.xx.xxx:xxx/cm/auth/callback

    4. Logout URL: Leave this field empty.

    5. Post-Logout Redirect URL: <Your Load Balancer URL>/cm/ui/index.html?root=login. For example: https://xxx.xxx.xxx.xxx:xxx/cm/ui/index.html?root=login

    6. Select the Introspect option for Allowed Operations.

    7. Grant the client access to Identity Cloud Service Admin APIs:

      1. Click Add.

      2. Select Authenticator Client and Me.

      3. Click Add again, and then click Next.

  13. Under Resources, click Next.

  14. Under Authorization, click Finish.

  15. Make a note of the following values when they are displayed:

    • Client ID

    • Client Secret

  16. Click Activate to activate the Confidential Application.

  17. Record your Oracle Identity Cloud Service Client Tenant value. This can be seen as part of the URL in your browser's address bar, after the "//" and before ".identity.oraclecloud.com". It begins with the characters "idcs-", followed by a string of numbers and letters in the format idcs-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. Copy the value for use in the next section.

Run Oracle E-Business Suite Cloud Manager Configure Script for the Second Time

  1. Connect to your Oracle E-Business Suite Cloud Manager Compute instance using SSH.

  2. As the oracle user, run the configure.pl script again:

    $ sudo su - oracle
    $ cd /u01/install/APPS/apps-unlimited-ebs/bin
    $ perl configure.pl
    

    Note the creation of the session-specific log file, which will have the format shown in the following example:

    Log File : /u01/install/APPS/apps-unlimited-ebs/out/configure_2019-07-11_10_02_09.log
  3. When prompted, enter the Oracle E-Business Suite Cloud Manager administrator password and your Oracle Identity Cloud Service application details, as shown in the following example. The values you will need to enter for client ID and client secret were established when you registered Oracle E-Business Suite Cloud Manager as a confidential application in Register Oracle E-Business Suite Cloud Manager as a Confidential Application.

    Enter Oracle E-Business Suite Cloud Manager Admin Password  : 
    
    Enter IDCS Client ID        : <client id> (in a format similar to xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx)
    Enter IDCS Client Secret    : <client secret> (in a format similar to xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
    Enter IDCS Client Tenant    : <client tenant> (in a format similar to idcs-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx)
  4. You will see a summary screen containing the information you specified earlier:

    ----------------------------------------------------------------------------------------
    Summary of Inputs
    ----------------------------------------------------------------------------------------
    Enter IDCS Client ID         : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    Enter IDCS Client Secret     : xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
    Enter IDCS Client Tenant     : client tenant
    IDCS Host                    : https://idcs-xxxxxxxxxxxxxxxxxxxxxx.identity.oraclecloud.com
    ----------------------------------------------------------------------------------------
    
    
    Do you wish to continue?
    
    1: Yes
    2: No
    
    Enter your choice: 1

    Choose option 1 to continue.

  5. A Login URL is then displayed on the screen, as shown in the following example. This is the URL by which users will access the Oracle E-Business Suite Cloud Manager UI.

    Creating EBS Tagging Infrastructure.
    Implicit Namespace created.
    Implicit Tag key created.
    
    ========================================================================================
    Finished Configuring Oracle E-Business Suite Cloud Manager VM.
    Login URL : https://xxx.xxx.xx.xxx:xxx
    Ensure the confidential application is correctly configured in IDCS as per the documentation.
    ======================================================================================== 

    Note:

    • If you wish to update the URL by which users will access the Oracle E-Business Suite Cloud Manager UI, you can do so using your own DNS registered host name and certificate by following the instructions described in "Update Oracle E-Business Suite Cloud Manager URL" in Managing the Oracle E-Business Suite Cloud Manager Virtual Machine.

    • Oracle E-Business Suite resources will be tagged with "oracle-apps.purpose:EBS"

Configure Oracle Cloud Infrastructure Email Delivery Service (Optional)

This section provides instructions on how to set up the Oracle Cloud Infrastructure Email Delivery Service to send notifications.

Steps to Perform Prior to Enabling Mailer

Before enabling the mailer, you must perform these steps:

  1. Generate SMTP credentials by following the instructions in Generate SMTP Credentials for a User in the Oracle Cloud Infrastructure Documentation.

  2. Create an Approved Sender by following the instructions in Managing Approved Senders in the Oracle Cloud Infrastructure Documentation.

Enable and Disable the Mailer

In order to enable and disable the mailer, use the command provided in Enable Mailer Configuration and Disable Mailer Configuration.

Update to Latest Version of Oracle E-Business Suite Cloud Manager

To obtain the latest fixes, update to the latest version by following the instructions in Update Oracle E-Business Suite Cloud Manager to the Latest Version.

Obtain the CIDR for the Oracle Cloud Infrastructure SMTP Server

There are certain points within the deployment process in which you must provide the CIDR for the Oracle Cloud Infrastructure SMTP server. In order to obtain this CIDR, perform the following steps:

  1. See Configure SMTP Connection for the list of SMTP endpoints. Contact your tenancy administrator to determine the SMTP endpoint being used.

  2. Run nslookup on the endpoint. For example:

    $ nslookup smtp.us-phoenix-1.oraclecloud.com
  3. The resulting output will be the public IP address for the SMTP endpoint. The CIDR for the IP address obtained will be <IP address>/32. For example: 138.1.38.16/32.

Oracle E-Business Suite Cloud Manager Deployment for Demo and Test Purposes

You can leverage the procedure provided in this section to simplify tenancy preparation, Oracle E-Business Suite Cloud Manager deployment, and configuration by taking advantage of available automation. Doing so will streamline portions of the procedure documented in this chapter, as well as the instructions in Set Up Your Tenancy to Host Oracle E-Business Suite Environments.

This simplified procedure is most appropriate for demo purposes, as it has the following restrictions:

Identify or Create a Tenancy and Obtain Tenancy Administrator User Credentials

If you have an existing tenancy, you must have a user with tenancy administrator privileges to run this procedure.

If you do not have an existing tenancy, you can sign up for a free trial account using the following steps:

  1. Go to https://www.oracle.com/cloud/free/ and click Start for free.

  2. On the Oracle Cloud Sign Up page, enter the requested information including your desired tenancy name and tenancy password.

  3. Review your details and click Submit.

    Note: Ensure that you use the same email address that was used when you registered.

    You will be directed to the Oracle Cloud Infrastructure Console where you will perform the remainder of the procedure.

  4. Record your trial user name and password for future reference.

Prepare Your Tenancy for Oracle E-Business Suite Cloud Manager Stack for Demos

Set Up for Tenancies Using IAM with Identity Domains

Follow the instructions detailed in Register Cloud Manager as a Confidential Application in Tenancies Using IAM with Identity Domains. After completing these instructions, continue with the steps in Oracle E-Business Suite Cloud Manager Deployment and Configuration.

Set Up for Tenancies Using IAM without Identity Domains

Create the Oracle E-Business Suite Cloud Manager Administrator's Group and User in Oracle Identity Cloud Service

  1. As the tenancy administrator, log in to the Oracle Cloud Infrastructure Console.

  2. Open the navigation menu and select Identity & Security. Under Identity, click Federation.

  3. Click the OracleIdentityCloudService link to bring up the Identity Provider Details page, and then click the link in the Oracle Identity Cloud Service Console field to bring up the Identity Cloud Service Console.

  4. From the Oracle Identity Cloud Service Console, create your Oracle E-Business Suite Cloud Manager group:

    1. Using the navigation menu on the top left corner of your screen, click Groups.

    2. Click Add.

    3. In the Add Group dialog box under Step 1: Group Details, enter the following information:

      • Name: Enter the group name. For example, idcs-ebscm-group.

      • Description: Enter a description of your choice.

    4. Click Finish.

  5. While still in the Oracle Identity Cloud Service Console, create your Oracle E-Business Suite Cloud Manager administrator user.

    1. Using the navigation menu on the top left corner of your screen, click Users.

    2. Click Add.

    3. In the Add User dialog box under Step 1: Add User Details, enter the following information:

      • First Name: Enter the first name of the new user.

      • Last Name: Enter the last name of the new user.

      • User Name: Enter the user name. For example, ebscm.admin@example.com. Ensure the user name has "." in its name, as per our example.

      • Email: Enter the email of the new user.

      • Deselect the Use email address as the user name checkbox.

    4. Click Next.

    5. In the Step 2: Assign User to Groups dialog window, select the checkbox for the group you just created, such as idcs-ebscm-grp.

    6. Click Finish.

  6. While still in the Oracle Identity Cloud Service Console, give the new user the Administrator role.

    1. Using the navigation menu on the top left corner of your screen, click Security, then Administrators.

    2. On the Administrators page, expand the Application Administrator section and click Add.

    3. In the Add Users to the Administrator Role dialog box, select the checkbox for the user corresponding to the newly created user in step 5. In this example, that would be ebscm.admin@example.com.

    4. Click OK.

  7. Log out of the Oracle Identity Cloud Service Console by clicking on your user avatar icon, labeled with your name, and then clicking Sign Out.

Register Oracle E-Business Suite Cloud Manager as a Confidential Application in IDCS

Now, register Oracle E-Business Suite Cloud Manager as a confidential application.

  1. Open the Welcome email that was received in the previous section.

  2. Click Activate Your Account in the email.

  3. Enter a new password, confirm, and click Submit.

  4. Click OK to continue, which will take you to the Oracle Identity Cloud Service Login screen.

  5. Enter the Oracle E-Business Suite Cloud Manager user name. For example, enter ebscm.admin@example.com and use the password entered in the previous screen to log in.

  6. Click your user avatar icon, labeled with your name, in the top right corner. This displays a drop-down menu.

  7. Select Admin Console. This displays the Oracle Identity Cloud Service Administration Console.

  8. In the Applications tile, click the icon to Add an Application.

  9. Select Confidential Application to go to the Add Confidential Application page.

  10. On the Details screen, enter the following:

    • Name: Enter Oracle E-Business Suite Cloud Manager.

    • Description: Enter a description.

  11. Click Next.

  12. On the Client screen:

    1. Select Configure this application as a client now.

    2. Under Allowed Grant Types, select the following checkboxes:

      • Resource Owner

      • Client Credentials

      • Refresh Token

      • Authorization Code

      Additionally, if you plan to create standby environments or to upgrade environments from Oracle E-Business Suite Release 12.1 to Release 12.2, select the Resource Owner option.

    3. Redirect URL: https://<Cloud-Manager-web-entry>:443/cm/auth/callback, where <Cloud-Manager-web-entry> is the name you plan to associate with your load balancer IP address. For example, myebscm.example.com. This name resolution has to be configured in your DNS or in the local hosts file, as per instructions in Log in to Oracle E-Business Suite Cloud Manager.

    4. Logout URL: Leave this field empty.

    5. Post-Logout Redirect URL: https://<Cloud-Manager-web-entry>:443/cm/ui/index.html?root=login, where <Cloud-Manager-web-entry> is the name you plan to associate with your load balancer IP address. For example, myebscm.example.com. This name resolution has to be configured in your DNS or in the local hosts file, as per instructions in Log in to Oracle E-Business Suite Cloud Manager.

    6. Select the Introspect option for Allowed Operations.

    7. Under Grant the client access to Identity Cloud Service Admin APIs:

      1. Click Add.

      2. Select Authenticator Client and Me in the pop-up window.

      3. Click Add again.

    8. Click Next.

  13. On the Resources screen, click Next.

  14. On the Web Tier Policy screen, click Next.

  15. On the Authorization screen, click Finish.

  16. Make note of the following values which will be used in the next section:

    • Client ID

    • Client Secret

    • IDCS Client Tenant

  17. Click Close.

  18. Click Activate to activate the Confidential Application.

  19. Click on the user avatar icon, labeled with your name.

  20. Select the About option.

  21. Make a note of the Instance GUID. Your Oracle Identity Cloud Service Client Tenant begins with the characters idcs- and then is followed by a string of numbers and letters. For example, idcs-6572bfeb183b4becad9e649bfa14a488.

Oracle E-Business Suite Cloud Manager Deployment and Configuration

In this section you will deploy and configure an Oracle E-Business Suite Cloud Manager Compute instance using an Oracle Marketplace stack.

Sign in to the Oracle Cloud Infrastructure Console

Use the tenancy administrator credentials to sign in to Oracle Cloud Infrastructure Console.

Sign in to the Oracle Cloud Infrastructure Console using the following:

Deploy and Configure Oracle E-Business Suite Cloud Manager

You will now deploy and configure Oracle E-Business Suite Cloud Manager using a Marketplace stack. The stack creates the following cloud resources:

Then, the stack will configure Oracle E-Business Suite Cloud Manager to work with your Oracle Cloud Infrastructure tenancy and the newly created Oracle Cloud Infrastructure resources.

Perform the following steps:

  1. While signed in to the Oracle Cloud Infrastructure Service console, open the navigation menu. Click Marketplace and then All Applications.

  2. In the Search field, search for Oracle E-Business Suite Cloud Manager Stack for Demos and then click the Oracle E-Business Suite Cloud Manager Stack for Demos listing.

  3. In the Version drop-down list, ensure that the default is selected. For example, Oracle-EBS-Cloud-Manager-RM-XX.X.X.X-XXXX.XX.XX.

  4. In the Compartment drop-down list, select the parent compartment of the compartment where the Oracle E-Business Suite Cloud Manager Compute instance will be deployed. For example, mycompanytenancy(root).

  5. Review and accept the Oracle standard Terms and Restrictions.

  6. Click Launch Stack.

  7. On the Configure Variables screen, enter the following values:

    1. Under Setup Details:

      1. Resource Prefix: A prefix that will be added to names of all the cloud resources created by the stack.

      2. Leave the Single Compartment Setup checkbox selected.

      3. Select the compartment under which the new compartment will be created.

    2. Under EBS Cloud Administrator Details:

      1. Enter the user name corresponding to the EBS Cloud Manager administrator created in step 5 of Create the Oracle E-Business Suite Cloud Manager Administrator's Group and User in Oracle Identity Cloud Service.

      2. Enter the email address of the EBS Cloud Manager administrator.

      3. Make sure the Create new REST API Key checkbox is selected.

    3. Under EBS Cloud Manager Instance Details:

      1. Enter the web entry fully qualified domain name you entered that corresponds to the Cloud-Manager-web-entry element you entered in step 12 of Register Oracle E-Business Suite Cloud Manager as a Confidential Application in Oracle Identity Cloud Service.

      2. Select VM.Standard.E2.2 for EBS Cloud Manager Shape.

      3. Enter a password which matches the following criteria: 8 to 30 characters, at least one lowercase character, one uppercase character, one special character from _#$.

      4. Enter the contents of a public key file that will be used to connect using SSH to your Oracle E-Business Suite Cloud Manager Compute instance. For more details on how to generate the key, see Creating a Key Pair in the Oracle Cloud Infrastructure Documentation.

      5. Choose the availability domain that ends in -1 from the list under EBS Cloud Manager Availability Domain.

    4. Under EBS Cloud Manager Network Details:

      1. Leave the Custom CIDR Ranges checkbox deselected.

      2. Enter a CIDR block that corresponds to the IP range of the clients you plan to use to connect to Oracle E-Business Suite Cloud Manager. For the whole internet, use 0.0.0.0/0.

      3. Enter the values corresponding to Client ID, Client Secret, and IDCS Client Tenant from Register Oracle E-Business Suite Cloud Manager as a Confidential Application.

  8. On the Review screen, verify the information and click Create.

  9. This takes you to the Stack Details page for your newly created stack. On this page, click the Terraform Actions drop-down list and select Apply.

  10. In the Apply dialog window, leave the default settings as-is and click Apply.

  11. On the Job Details page, you will see the job status which will cycle through Accepted, In Progress, and Succeeded. After the job succeeds, you will have all the network resources (VCN, load balancer, subnets, and so on) required to deploy the Oracle E-Business Suite Cloud Manager Compute instance.

  12. On the Application Information tab are details related to the Oracle E-Business Suite Cloud Manager instance and load balancer.

    Make a note of the Private IP, Public IP, Login URL, and LB Public IP. These variables are needed for the remainder of the procedures in this section.

Ensure You are on the Latest Cloud Manager Version

Check to make sure you are on the latest cloud manager version by following the instructions in Update Oracle E-Business Suite Cloud Manager to the Latest Version (Conditional).

Log in to Oracle E-Business Suite Cloud Manager

Before logging in to the Oracle E-Business Suite Cloud Manager web application, you need to add the host name in the Login URL to your local computer hosts file. Follow these instructions to perform this configuration:

  1. Edit the local hosts file on your laptop and add an entry.

    For Windows Users

    1. Navigate to Notepad in your start menu.

    2. Right-click on Notepad and select the option to run as administrator.

    3. In Notepad, click File, then click Open.

    4. Browse to C:\\Windows\System32\drivers\etc.

    5. Find the file hosts.

    6. In the hosts file, scroll down to the end of the content.

    7. Add the following entry to the very end of the file:

      <LB Public IP> <Cloud-Manager-web-entry>
    8. Save the file.

  2. Using the Login URL found in the Application Information tab, log in to Oracle E-Business Suite Cloud Manager using your Oracle Identity Cloud Service credentials.

    Once logged in, you are on the Environments page.