Deploy Oracle E-Business Suite Cloud Manager on Oracle Cloud Infrastructure

This chapter covers the following topics:

Overview of Deploying Oracle E-Business Suite Cloud Manager

This chapter describes how to deploy Oracle E-Business Suite Cloud Manager version 21.1.1 on Oracle Cloud Infrastructure.

If you are performing a demo or are testing, you may be able to leverage the procedure provided in Oracle E-Business Suite Cloud Manager Deployment for Demo and Test Purposes to simplify tenancy preparation, Oracle E-Business Suite Cloud Manager deployment and configuration by taking advantage of an Oracle Marketplace stack.

Note: If you have deployed a previous version of Oracle E-Business Suite Cloud Manager and wish to upgrade to the latest version, you do not need to perform the tasks in this chapter. Instead, follow the instructions described in Update Oracle E-Business Suite Cloud Manager to Latest Version (Conditional). Oracle strongly recommends that you upgrade to the latest version at your earliest convenience. To continue to use an older version of Oracle E-Business Suite Cloud Manager for a limited period, refer to the documentation included in My Oracle Support Knowledge Document 2363536.1, Oracle E-Business Suite on Oracle Cloud Tutorial Archive.

Before you provision your Oracle E-Business Suite environments, you must follow the instructions in Set Up Your Tenancy to Host Oracle E-Business Suite Environments. Setting up the tenancy includes creating a compartment, groups, policies, users, and network resources to support a specific purpose. For example, the purpose could be to support a function (such as production, development or test), to support a region, or to create any other desired tenancy segmentation (such as a business unit).

Before You Begin

To follow the instructions in this chapter successfully, you will need either an Oracle Cloud Infrastructure tenancy enabled by Oracle Identity Cloud Service, or an Identity Cloud Service account that can be used to federate an existing Oracle Cloud Infrastructure tenancy that is not Identity Cloud Service-enabled. (Note that if your Oracle Cloud Infrastructure account was issued after 2017-12-20, it is already Oracle Identity Cloud Service-enabled.) The tenancy administrator will be required to create groups and users.

The following are four distinct categories of users referenced throughout this procedure and their roles:

Note: If you wish, an Oracle E-Business Suite Cloud Manager administrator can also perform the duties of the network administrator and an Oracle E-Business Suite administrator. This is appropriate if you are configuring the system for demonstration use, or in any other circumstance where a single database administrator (DBA) will be performing all these roles. To accomplish this, you will make this user a member of the network administrators group and Oracle E-Business Suite administrators group.

Note: Ensure you perform all the applicable instructions in each section before proceeding to the next section.

Create Oracle Cloud Infrastructure Accounts and Resources

In this section, the tenancy administrator performs all tasks as described.

  1. Create Compartments

  2. Create and Map Groups in Oracle Cloud Infrastructure Identity and Access Management and Oracle Identity Cloud Service

  3. Assign Policies

  4. Create Users

Create Compartments

In this section, you will first map out your compartment topology and then create your compartment or compartments.

There are two types of compartments that we will refer to:

If you are giving a demonstration, you might choose to use one compartment for all components.

Oracle E-Business Suite Cloud Manager supports the use of nested compartments. The following depicts the compartment hierarchies that have been explicitly certified:

The following diagram depicts these compartment hierarchies:

Certified Compartment Hierarchies

the picture is described in the document text

To create each compartment, perform the following:

  1. While signed in to the Oracle Cloud Infrastructure Service Console, click the menu icon at the top left to open the navigation menu.

  2. Under Identity & Security, select Identity, and then click Compartments.

  3. On the Compartments page, click Create Compartment.

  4. In the dialog window, enter the required details:

    • NAME: Enter the compartment name (for example, network-compartment or ebscm-compartment).

    • DESCRIPTION: Enter a description of your choice.

    • PARENT COMPARTMENT: Select the root compartment under which the new compartment will be created.

    • Click Create Compartment at the bottom of the window.

Create and Map Groups in Oracle Cloud Infrastructure Identity and Access Management and Oracle Identity Cloud Service

In this section, you will define two groups in Oracle Cloud Infrastructure Identity and Access Management (IAM) and Oracle Identity Cloud Service (IDCS):

Perform the following steps to create and map the two groups:

  1. Open the Oracle Cloud Infrastructure console navigation menu. Under Identity & Security, select Identity, and click Groups.

  2. Create each of your groups as follows:

    1. Click Create Group.

    2. In the dialog window, enter the required details:

      • NAME: Enter the name for the group (for example, netadmin-grp and ebscmadmin-grp).

      • DESCRIPTION: Enter a description of your choice.

    3. Click Create.

  3. Create each of your groups in Oracle Identity Cloud Service as follows:

    1. In the console navigation menu, under Identity & Security, select Identity, and click Federation.

    2. Click on the name of the identity provider that corresponds to Oracle Identity Cloud Service (IDCS).

    3. On the left hand side under Resources, click Groups.

    4. Click Create IDCS Group.

    5. In the dialog window, enter the required details:

      • NAME: Supply a name for the group (for example, idcs-netadmin-grp and idcs-ebscmadmin-grp).

      • DESCRIPTION: Enter a description of your choice.

    6. Click Create.

  4. Within the same page, map the groups in Oracle Identity Cloud Service as follows:

    1. Click Group Mappings on the left hand side.

    2. Click Add Mappings.

    3. In the dialog window, select the Identity Provider group and the corresponding Oracle Cloud Infrastructure group from the drop-down lists (for example, idcs-netadmin-grp maps to netadmin-grp).

    4. Click + Another Mapping to add the second map (for example, idcs-ebscmadmin-grp maps to ebscmadmin-grp).

    5. Click Add Mappings.

Assign Policies

In this section, you will assign policies that allow for the proper permissions for administrators to manage and use the necessary compartments.

  1. In the Console navigation menu, under Identity & Security, select Identity, and then click Policies.

  2. Create a policy for the network compartment to allow network administrators to manage it and for Oracle E-Business Suite Cloud Manager administrators to use it:

    1. Select the network compartment from the COMPARTMENT drop-down list on the left.

    2. Click Create Policy.

    3. In the dialog window, enter the required details:

      • NAME: Enter a name (for example, networkcompartment-policy).

      • DESCRIPTION: Enter a description of your choice.

      • In the Policy Builder section, click Customize (Advanced). In the provided text field, add each of the following policy statements, substituting appropriate values for the variables designated by angle brackets.

        Allow group <network administrators group> to manage virtual-network-family in compartment <network compartment>
        Allow group <Oracle E-Business Suite Cloud Manager administrators group> to use virtual-network-family in compartment <network compartment>
    4. Click Create.

  3. Create a policy for the Oracle E-Business Suite Cloud Manager compartment to allow Oracle E-Business Suite Cloud Manager administrators to perform operations on Oracle Cloud Infrastructure resources within it:

    1. Select the Cloud Manager compartment from the COMPARTMENT drop-down list on the left.

    2. Click Create Policy.

    3. In the dialog window, enter the required details:

      • NAME: Enter a name (for example, ebscmcompartment-policy).

      • DESCRIPTION: Enter a description of your choice.

      • In the Policy Builder section, click Customize (Advanced). In the provided text field, add each of the following policy statements, substituting appropriate values for the variables designated by angle brackets.

        Allow group <Oracle E-Business Suite Cloud Manager administrators group> to manage instance-family in compartment <Oracle E-Business Suite Cloud Manager compartment> 
        Allow group <Oracle E-Business Suite Cloud Manager administrators group> to manage load-balancers in compartment <Oracle E-Business Suite Cloud Manager compartment>
        Allow group <Oracle E-Business Suite Cloud Manager administrators group> to manage tag-namespaces in compartment <Oracle E-Business Suite Cloud Manager compartment>
    4. Click Create Policy.

  4. Create a policy for the tenancy to allow network administrators and Oracle E-Business Suite Cloud Manager administrators to perform operations on Oracle Cloud Infrastructure resources within it:

    1. Select the Cloud Manager compartment from the COMPARTMENT drop-down list on the left.

    2. Click Create Policy.

    3. In the dialog window, enter the required details:

      • NAME: Enter a name (for example, tenancy-policy).

      • DESCRIPTION: Enter a description of your choice.

      • In the Policy Builder section, click Customize (Advanced). In the provided text field, add each of the following policy statements, substituting appropriate values for the variables designated by angle brackets.

        Allow group <network administrators group> to inspect compartments in tenancy
        Allow group <Oracle E-Business Suite Cloud Manager administrators group> to inspect compartments in tenancy
        Allow group <Oracle E-Business Suite Cloud Manager administrators group> to inspect users in tenancy
        Allow group <Oracle E-Business Suite Cloud Manager administrators group> to inspect groups in tenancy
        
    4. Click Create Policy.

Create Users

Create Federated Users

While logged on to the Oracle Cloud Infrastructure Service Console as the tenancy administrator, create each of your users as follows.

Repeat these steps for all users of your Oracle E-Business Suite Cloud Manager administrator group and network administrator group.

  1. From the navigation menu, under Identity & Security, select Identity Federation.

  2. Click on the name of an Identity Provider of type IDCS.

  3. On the left hand side under Resources, click Users.

  4. Click Create User.

  5. In the "Create IDCS User" dialog box, enter the following:

    • NAME: Enter a user name of your choice. This name must be in the format <firstname>.<lastname>@<domain>.

    • EMAIL: A valid email ID. Confirm this email in the following field.

    • FIRST NAME: First name of the user.

    • LAST NAME: Last name of the user.

    • GROUPS: Select the appropriate Oracle Identity Cloud Service group (for example, either idcs-netadmin-grp or idcs-ebscmadmin-grp).

  6. Click Create.

Create Non-Federated Users

While logged on to the Oracle Cloud Infrastructure Service Console as the tenancy administrator, create the Oracle E-Business Suite Cloud Manager administrator user as follows:

  1. From the navigation menu, under Identity & Security, select Identity, and then click Users.

  2. Click Create User.

  3. In the corresponding dialog box, supply the following:

    • NAME: Enter a user name of your choice. This user has to match the user you defined for the first Oracle E-Business Suite Cloud Manager administrator user. The name must be in the format <firstname>.<lastname>@<domain>.

    • DESCRIPTION: A description of your choice (for example, "This is the Oracle E-Business Suite Cloud Manager administrator").

    • EMAIL: A valid email ID.

  4. Click Create.

  5. Generate the user's password and provide it to the user, who will need it to perform tasks such as uploading API signing keys and generating SMTP credentials.

  6. Add the Oracle E-Business Suite Cloud Manager administrator to the Oracle E-Business Suite Cloud Manager administrators group (ebscmadmin-grp in our example).

Create Network Resources for Deploying Oracle E-Business Suite Cloud Manager

In this section, the network administrator performs all tasks as described.

First, you will create a new Virtual Cloud Network (VCN) using the steps in Create a Virtual Cloud Network.

Then dependent on the subnet you intend to use, you will create associated network resources (including gateways, route tables, security lists, and subnets) that will be used by your Oracle E-Business Suite Cloud Manager Compute instance: Create Network Resources for Use with Public Subnets or Create Network Resources for Use with Private Subnets.

In a production environment, we strongly recommend you deploy a dedicated bastion server. This bastion server will be associated with a specific subnet that will be used as a bridge between the resources outside and inside Oracle Cloud Infrastructure. See Learn About Setting Up the Basic Infrastructure for a Cloud Environment for more information about the architecture of the bastion server.

If you are evaluating Oracle E-Business Suite Cloud Manager, you can use the Cloud Manager VM as a bastion server to connect to the Oracle E-Business Suite environments that it creates.

The following table shows the subnet types supported for Oracle E-Business Suite Cloud Manager and the associated load balancer.

Table 2-1- Subnet Types Supported for Oracle E-Business Suite Cloud Manager and Load Balancer
  Availability Domain-Specific Public Availability Domain-Specific Private Regional Public Regional Private
Oracle E-Business Suite Cloud Manager Yes Yes Yes Yes
Load balancer for Oracle E-Business Suite Cloud Manager Yes Yes Yes Yes

Create a Virtual Cloud Network

Note: If you have an existing Virtual Cloud Network you want to use, skip this section and proceed to Create Network Resources for Use with Public Subnets if you intend to use public subnets. If you intend to use private subnets, proceed to Create Network Resources for Use with Private Subnets.

To create a new Virtual Cloud Network (VCN):

  1. From the Oracle Cloud Infrastructure Service Console, click the menu icon at the top left to open the navigation menu. Under CORE INFRASTRUCTURE, go to Networking and click Virtual Cloud Networks.

  2. Click Create VCN and enter the required details for your VCN:

    • NAME: Enter a name, such as ebscm-vcn.

    • CREATE IN COMPARTMENT: Select your network compartment, created in Create Compartments.

    • CIDR BLOCK: Specify your choice of CIDR (for example, 10.0.0.0/16).

    Note: When creating the VCN, accept the default DNS resolver. Oracle E-Business Suite provisioning in Oracle Cloud Infrastructure does not currently support a non-default DNS resolver VCN.

  3. Click Create VCN at the bottom of the window.

Create Network Resources for Use with Public Subnets

Note: If you want to use private subnets for Oracle E-Business Suite Cloud Manager and load balancer, skip this section and proceed to Create Network Resources for Use with Private Subnets.

Create an Internet Gateway

To create an internet gateway:

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Under Resources on the navigation menu at the left, select Internet Gateways.

  3. Click Create Internet Gateway and enter the required details for your internet gateway:

    • NAME: Enter a name, such as ebscm-igw.

    • CREATE IN COMPARTMENT: Select your network compartment, created in Create Compartments.

  4. Click Create Internet Gateway at the bottom of the window.

Create Route Tables

In this section, you will create two separate route tables, one for the Oracle E-Business Suite Cloud Manager Compute instance and one for the load balancer. In the following examples, we will use the names ebscm-RouteTable and lbaas-RouteTable, respectively.

Perform these steps twice - once for the Oracle E-Business Suite Cloud Manager Compute instance route tables and once for the load balancer route tables.

To create the route tables:

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Under Resources in the navigation menu at the left, select Route Tables.

  3. Click Create Route Table and enter the required details for your route table:

    • NAME: Specify a name, such as ebscm-RouteTable or lbaas-RouteTable.

    • CREATE IN COMPARTMENT: Select your network compartment, created in Create Compartments.

  4. Click + Another Route Rule and enter the route rule details as follows:

    • TARGET TYPE: Select Internet Gateway.

    • DESTINATION CIDR BLOCK: 0.0.0.0/0

    • COMPARTMENT: Select your network compartment, created in Create Compartments.

    • TARGET INTERNET GATEWAY: Select the previously created gateway.

  5. Click Create Route Table at the bottom of the window.

Create Security Lists

In this section, you will create two separate security lists, one for the Oracle E-Business Suite Cloud Manager Compute instance and one for the load balancer. In the following examples, we will use the names ebscmvm-seclist and lbaas-seclist, respectively.

Create the Oracle E-Business Suite Cloud Manager Security List

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Under Resources in the navigation menu on the left, select Security Lists.

  3. Click Create Security List and enter the required details for the security list:

    • NAME: Specify a name such as ebscmvm-seclist.

    • CREATE IN COMPARTMENT: Select your network compartment, created in Create Compartments.

  4. Under Allow Rules For Ingress:

    1. Click + Another Ingress Rule.

    2. For the first ingress rule that is needed, modify the default rule as follows:

      • SOURCE TYPE: CIDR

      • SOURCE CIDR: Enter the CIDR of your choice.

      • IP PROTOCOL: TCP

      • SOURCE PORT RANGE: All

      • DESTINATION PORT RANGE: 22

    3. For the second ingress rule that is needed, click + Another Ingress Rule and enter the following values:

      • SOURCE TYPE: CIDR

      • SOURCE CIDR: 0.0.0.0/0

      • IP PROTOCOL: ICMP

      • TYPE: 3

      • CODE: 4

    4. For the third ingress rule that is needed, click + Another Ingress Rule and enter the following values:

      • SOURCE TYPE: CIDR

      • SOURCE CIDR: Enter the CIDR of your LBaaS subnet, lbaas-subnet-ad1. For example, 10.0.1.0/24. Note that the subnet is created in the next step.

      • IP PROTOCOL: TCP

      • SOURCE PORT RANGE: All

      • DESTINATION PORT RANGE: 8081

    5. For the fourth ingress rule that is needed, click + Another Ingress Rule and enter the following values:

      Note: Note that the fourth ingress rule is not required if a regional subnet is chosen for your public load balancer or if you are in a single availability domain region.

      • SOURCE TYPE: CIDR

      • SOURCE CIDR: Enter the CIDR of your LBaaS subnet, lbaas-subnet-ad2. For example, 10.0.1.0/24. Note that the subnet is created in the next step.

      • IP PROTOCOL: TCP

      • SOURCE PORT RANGE: All

      • DESTINATION PORT RANGE: 8081

  5. Under Allow Rules For Egress, click + Another Egress Rule and modify the default rule as follows.

    • DESTINATION TYPE: CIDR

    • DESTINATION CIDR: 0.0.0.0/0

    • IP PROTOCOL: TCP

    • SOURCE PORT RANGE: All

    • DESTINATION PORT RANGE: All

  6. Click Create Security List at the bottom of the window.

Create the Load Balancer Security List

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Under Resources in the navigation menu on the left, select Security Lists.

  3. Click Create Security List and enter the required details of your security list:

    • NAME: Specify a name such as lbaas-seclist.

    • CREATE IN COMPARTMENT: Select your network compartment, created in Create Compartments.

  4. Under Allow Rules For Ingress, click + Another Ingress Rule and enter the following values for the ingress rule that is needed:

    • SOURCE TYPE: CIDR

    • SOURCE CIDR: Enter the CIDR corresponding to the IP addresses of your client machines that will access the Cloud Manager UI.

    • IP PROTOCOL: TCP

    • SOURCE PORT RANGE: All

    • DESTINATION PORT RANGE: 443 or other port of your choice. This port will be used in step 5 of Run Oracle E-Business Suite Cloud Manager Configure Script for the First Time, when prompting for the Load Balancer Listener Port.

  5. Under Allow Rules For Egress, click + Another Egress Rule and enter the following values for the egress rule that is needed:

    • DESTINATION TYPE: CIDR

    • DESTINATION CIDR: 0.0.0.0/0

    • IP PROTOCOL: TCP

    • SOURCE PORT RANGE: All

    • DESTINATION PORT RANGE: All

  6. Click Create Security List at the bottom of the window.

Create Subnets

In this section, you will create the following new subnets:

You will need to specify your own names and parameters, but you can use the examples in the following two tables for guidance.

If you choose to use regional subnets, refer to the following example:

Table 2-2 - Regional Public Subnet Example Names and Parameters
Subnet Name CIDR Block Route Table Subnet Access Security List
ebscm-subnet-phx 10.0.0.0/24 ebscm-RouteTable Public subnet ebscmvm-seclist
lbaas-subnet-phx 10.0.1.0/24 lbaas-RouteTable Public subnet lbaas-seclist

If you choose to use availability domain-specific subnets, refer to the following example:

Table 2-3 - Availability Domain-Specific Public Subnet Example Names and Parameters
Subnet Name Availability Domain (AD) CIDR Block Route Table Subnet Access Security List
ebscm-subnet-ad1 AD-1 10.0.0.0/24 ebscm-RouteTable Public subnet ebscmvm-seclist
lbaas-subnet-ad1 AD-1 10.0.1.0/24 lbaas-RouteTable Public subnet lbaas-seclist
lbaas-subnet-ad2 AD-2 10.0.2.0/24 lbaas-RouteTable Public subnet lbaas-seclist

To create a new subnet:

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Under Resources in the navigation menu on the left, select Subnets.

  3. Click Create Subnet, specifying your choice for the following parameters:

    • NAME

    • CREATE IN COMPARTMENT

    • SUBNET TYPE: Select either the Regional (Recommended) or Availability Domain-Specific option. If you choose Availability Domain-Specific, select your availability domain.

    • CIDR BLOCK

    • ROUTE TABLE COMPARTMENT IN <COMPARTMENT>: Ensure you choose a route table that has a target type of Internet Gateway.

    • SUBNET ACCESS: Select the Public Subnet option.

    • SECURITY LISTS: Select the security list that matches the subnet you are defining based on Table 3-3.

  4. Click Create at the bottom of the window.

Create Network Resources for Use with Private Subnets

When using private subnets, you could either:

Create a Network Address Translation (NAT) Gateway

To create a Network Address Translation, or NAT, gateway, perform the following steps:

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Under Resources in the navigation menu on the left, select NAT Gateways.

  3. Click Create NAT Gateway and specify the following:

    • NAME: Enter a name, such as ebscm-natgw.

    • CREATE IN COMPARTMENT: Select your network compartment, created in Create Compartments.

  4. Click Create NAT Gateway at the bottom of the window.

Create a Service Gateway

To create a service gateway, perform the following steps:

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Under Resources in the navigation menu on the left, select Service Gateways.

  3. Click Create Service Gateway and specify the following:

    • CREATE IN COMPARTMENT: Select your network compartment created in Create Compartments.

    • NAME: Enter a name, such as ebscm-srvgw.

    • Select "All <XXX> Services In Oracle Services Network" from the Services drop-down list. (Note that XXX is a region-specific code such as IAD or LHR.)

  4. Click Create Service Gateway at the bottom of the window.

Create Route Tables

In this section, you will create two separate route tables, one for the Oracle E-Business Suite Cloud Manager Compute instance and one for the load balancer. In the following examples, we will use the names ebscm-RouteTable and lbaas-RouteTable, respectively

Create the Route Table for Oracle E-Business Suite Cloud Manager Compute Instance

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Under Resources in the navigation menu on the left, select Route Tables.

  3. Click Create Route Table and specify the following:

    • CREATE IN COMPARTMENT: Select your network compartment, created in Create Compartments.

    • NAME: Enter a name, such as ebscm-rtbl.

  4. Click + Another Route Rule and enter the route rule details as follows:

    • TARGET TYPE: Select NAT Gateway.

    • DESTINATION CIDR BLOCK: 134.70.0.0/17 (Note that the 134.70.0.0/17 CIDR is required in order to connect to object storage.)

    • COMPARTMENT: Select your network compartment created in Create Compartments.

    • TARGET NAT GATEWAY: Select the previously created NAT gateway.

  5. Click + Another Route Rule and enter route rule details as follows:

    • TARGET TYPE: Select NAT Gateway.

    • DESTINATION CIDR BLOCK: CIDR for the Oracle Identity Cloud Service host being used (Note that the Oracle Identity Cloud Service host is of the format "idcs-xxxxxxxxxxxxxxxxxxxxxx.identity.oraclecloud.com". Use nslookup for getting the IP address of the Identity Cloud Service and derive the CIDR for the IP address to add the same here. In case the Oracle Identity Cloud Service CIDR changes, this rule must be updated as well. )

    • COMPARTMENT: Select your network compartment created in Create Compartments.

    • TARGET NAT GATEWAY: Select the previously created NAT gateway.

  6. Click + Another Route Rule and enter route rule details as follows:

    • TARGET TYPE: Select Service Gateway.

    • DESTINATION CIDR BLOCK: Select "All <XXX> Services In Oracle Services Network" (Note: XXX is a region-specific code such as IAD or LHR etc.)

    • COMPARTMENT: Select your network compartment, created in Create Compartments.

    • TARGET SERVICE GATEWAY: Select the previously created service gateway.

  7. (Optional) If you are using the Oracle Cloud Infrastructure Mailer service, click + Another Route Rule and enter route rule details as follows:

  8. Click Create Route Table at the bottom of the window.

Create the Route Table for Oracle E-Business Suite Cloud Manager Load Balancer

For this route table for the load balancer, no route rules will be added to this route table as it will be used as a placeholder in case we need to define any additional route rules at a later time. Note that for communication within the VCN, no route rules are needed.

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Under Resources in the navigation menu on the left, select Route Tables.

  3. Click Create Route Table and specify the following:

    • CREATE IN COMPARTMENT: Select your network compartment created in Create Compartments.

    • NAME: Enter a name, such as ebscm-RouteTable.

  4. Click Create Route Table at the bottom of the window.

Create Security Lists

In this section, you will create two separate security lists, one for the Oracle E-Business Suite Cloud Manager Compute instance and one for the load balancer. In the following examples, we will use the names ebscmvm-seclist and lbaas-seclist, respectively.

Create the Oracle E-Business Suite Cloud Manager Security List

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Under Resources in the navigation menu on the left, select Security Lists.

  3. Click Create Security List and specify the following:

    • CREATE IN COMPARTMENT: Select your network compartment, as created in Create Compartments.

    • NAME: Specify a name such as ebscmvm-seclist.

  4. Under Allow Rules for Ingress, click + Another Ingress Rule:

    1. For the first rule that is needed, modify the default rule as follows:

      • SOURCE TYPE: CIDR

      • SOURCE CIDR: The CIDR matching the IP address of the machine from which you plan to connect to Oracle E-Business Suite Cloud Manager, such as a bastion server.

      • IP PROTOCOL: TCP

      • SOURCE PORT RANGE: All

      • DESTINATION PORT RANGE: 22

    2. For the second rule that is needed, click + Another Ingress Rule and enter the following values:

      • SOURCE TYPE: CIDR

      • SOURCE CIDR: VCN CIDR

      • IP PROTOCOL: ICMP

      • TYPE: All

      • CODE: All

    3. For the third rule that is needed, click + Another Ingress Rule and enter the following values:

      • SOURCE TYPE: CIDR

      • SOURCE CIDR: Enter the CIDR of your LBaaS subnet, lbaas-subnet-ad1. For example, 10.0.1.0/24. Note that the subnet is created in the next step.

      • IP PROTOCOL: TCP

      • SOURCE PORT RANGE: All

      • DESTINATION PORT RANGE: 8081

  5. Under Allow Rules For Egress:

    1. Click + Another Egress Rule and enter the following values:

      • DESTINATION TYPE: CIDR

      • DESTINATION CIDR: 134.70.0.0/17 (134.70.0.0/17 is required to connect to object storage.)

      • IP PROTOCOL: TCP

      • SOURCE PORT RANGE: All

      • DESTINATION PORT RANGE: All

    2. Click + Another Egress Rule and enter the following values:

      • DESTINATION TYPE: CIDR

      • DESTINATION CIDR: CIDR for the Oracle Identity Cloud Service host being used

      • IP PROTOCOL: TCP

      • SOURCE PORT RANGE: All

      • DESTINATION PORT RANGE: 443

    3. (Optional) If you are using the Oracle Cloud Infrastructure Mailer service, click + Another Egress Rule and enter the following values:

      • DESTINATION TYPE: CIDR

      • DESTINATION CIDR: CIDR for the Oracle Cloud Infrastructure SMTP service being used (See Obtain the CIDR for the Oracle Cloud Infrastructure SMTP Server for instructions on how to obtain this CIDR)

      • IP PROTOCOL: TCP

      • SOURCE PORT RANGE: All

      • DESTINATION PORT RANGE: The SMTP server port you want to use (for example, 25 or 587)

    4. Click + Another Egress Rule and enter the following values:

      • DESTINATION TYPE: Service

      • DESTINATION CIDR: "All <XXX> Services In Oracle Services Network" (Note that XXX is a region-specific code, such as IAD or LHR.)

      • IP PROTOCOL: TCP

      • SOURCE PORT RANGE: All

      • DESTINATION PORT RANGE: All

    5. Click + Another Egress Rule and enter the following values:

      • DESTINATION TYPE: CIDR

      • DESTINATION CIDR: VCN CIDR

      • IP PROTOCOL: ICMP

      • TYPE: Leave this field blank.

      • CODE: Leave this field blank.

    6. Click Create Security List at the bottom of the window.

Create the Load Balancer Security List

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Under Resources in the navigation menu on the left, select Security Lists.

  3. Click Create Security List:

    • CREATE IN COMPARTMENT: Select your network compartment created in Create Compartments.

    • NAME: Specify a name, such as lbaas-seclist.

  4. Under Allow Rules For Ingress, click + Another Ingress Rule and enter the following values for the ingress rule that is needed:

    • SOURCE TYPE: CIDR

    • SOURCE CIDR: The CIDR matching the IP address of the machine from which you plan to connect to Oracle E-Business Suite Cloud Manager, such as a bastion server.

    • IP PROTOCOL: TCP

    • SOURCE PORT RANGE: All

    • DESTINATION PORT RANGE: 443 or other port of your choice. This port will be used in step 5 of Run Oracle E-Business Suite Cloud Manager Configure Script for the First Time, when prompting for the Load Balancer Listener Port.

  5. Under Allow Rules For Egress, click + Another Egress Rule and enter the following values for the egress rule that is needed:

    • DESTINATION TYPE: CIDR

    • DESTINATION CIDR: The CIDR matching the private IP of the Oracle E-Business Suite Cloud Manager VM's subnet.

    • IP PROTOCOL: TCP

    • SOURCE PORT RANGE: All

    • DESTINATION PORT RANGE: 8081

  6. Click Create Security List at the bottom of the window.

Create Subnets

In this section, you will create the following new subnets:

You will need to specify your own names and parameters, but you can use the examples in the following two tables for guidance.

If you choose to use regional subnets, refer to the following example:

Table 2-4 - Regional Private Subnet Example Names and Parameters
Subnet Name CIDR Block Route Table Subnet Access Security List
ebscm-subnet-phx 10.0.0.0/24 ebscm-RouteTable Private subnet ebscmvm-seclist
lbaas-subnet-phx 10.0.1.0/24 lbaas-RouteTable Private subnet lbaas-seclist

If you choose to use availability domain-specific subnets, refer to the following example:

Table 2-5 - Availability Domain-Specific Private Subnet Example Names and Parameters
Subnet Name Availability Domain (AD) CIDR Block Route Table Subnet Access Security List
ebscm-subnet-ad1 AD-1 10.0.0.0/24 ebscm-RouteTable Private subnet ebscmvm-seclist
lbaas-subnet-ad1 AD-1 10.0.1.0/24 lbaas-RouteTable Private subnet lbaas-seclist

For each of the subnets you create, perform the following steps:

  1. On the Virtual Cloud Networks screen, click the link with the name of your VCN, such as ebscm-vcn.

  2. Under Resources in the navigation menu on the left, select Subnets.

  3. Click Create Subnet, specifying your choice for the following parameters:

    • NAME

    • SUBNET TYPE: Select either Regional (Recommended) or Availability Domain-Specific. If you choose Availability Domain-Specific, select your availability domain.

    • CIDR BLOCK

    • ROUTE TABLE

    • SUBNET ACCESS: Select Private Subnet or Public Subnet for the subnet you wish to create.

    • SECURITY LIST: Select the security list that matches the subnet you are defining based on Table 3-5.

  4. Click Create at the bottom of the window.

Create Oracle E-Business Suite Cloud Manager Compute Instance

In this section, the Oracle E-Business Suite Cloud Manager administrator performs all tasks as described.

Note: Oracle E-Business Suite deployment on Oracle Cloud Infrastructure in a hybrid DNS configuration always requires access to a VCN DNS resolver. If you are using such a configuration, ensure that IP address 169.254.169.254 is listed as a DNS server in the DHCP options. For more information, see Hybrid DNS Configuration.

Follow the steps in this section to create and connect to a Compute instance (created using an image in the Oracle Cloud Infrastructure Console Marketplace) that will be used to host Oracle E-Business Suite Cloud Manager.

  1. Log in to the Oracle Cloud Infrastructure Service Console.

  2. From the console navigation menu, select Marketplace, and then select All Applications.

  3. Then, select the Oracle E-Business Suite Cloud Manager image.

  4. In the Version drop-down list, ensure that the default of Oracle-EBS-Cloud-Manager-21.1.1-<date> is selected.

  5. Select the compartment where you plan to install Oracle E-Business Suite Cloud Manager. For example, ebscm-compartment.

  6. Review and accept the Oracle Standard Terms and Restrictions.

  7. Click Launch Instance.

  8. In the Create Compute Instance dialog box, specify the following:

    1. Under Name, enter your choice of name for your instance. For example, ebscm-instance.

    2. In Create in compartment, choose your compartment for your instance in the drop-down list.

    3. Under Availability Domain, make a suitable selection (based on the subnets you created previously) from the displayed options.

    4. Under Image, you will see the name of the Oracle Cloud Infrastructure Console Marketplace image: Oracle E-Business Suite Cloud Manager.

    5. Under Shape, select a suitable shape. To do so, click Change Shape. Then select your desired shape (for example, select Intel Skylake and then "VM.Standard 2.2").

    6. Under Networking:

      1. Locate the Network subsection, click the "Change Compartment" hyperlink, and select the compartment where your VCN resides. For example, network-compartment.

      2. Also within the Network subsection, choose your VCN from the Select a Virtual Cloud Network drop-down list. For example, ebscm-vcn.

      3. Locate the Subnet subsection, click the "Change Compartment" hyperlink, and select the compartment where your VCN resides. For example, network-compartment.

      4. Also within the Subnet subsection, specify the Oracle E-Business Suite Cloud Manager subnet from the Select a subnet drop-down list. For example, ebscm-subnet-ad1.

      5. If the VM is associated with a public subnet and you want to assign a public IP address, select the Assign a public IPv4 address radio button.

    7. Under Add SSH Keys, choose one of the following options for this procedure:

      1. Select the Generate a key pair for me radio button, then click the "Save Private Key" link to download the private key. Doing so allows the SSH connection to be established.

      2. Alternatively, select the Upload public key files (.pub) radio button and then drag and drop the file or browse to specify the file containing your SSH public key generated previously.

      3. Another option is to select the Paste public keys radio button and paste the SSH public key content in the text field provided, using the content of the public key generated previously.

    8. Leave the values in the Configure Boot Volume section unselected in order to accept the default volume size.

  9. Click Create at the bottom of screen.

    Once the instance is created (provisioned), details of the new instance will appear on the screen. Full details (including IP addresses) can also be viewed by clicking on the instance name in the instance list.

    When the Oracle E-Business Suite Cloud Manager instance is fully provisioned and running, you can connect to it by following the instructions in Connecting to an Instance in the Oracle Cloud Infrastructure Documentation.

Configure Oracle E-Business Suite Cloud Manager Compute Instance

In this section, the Oracle E-Business Suite Cloud Manager administrator and tenancy administrator perform all the tasks as described.

Follow the instructions in this section to configure your Oracle E-Business Suite Cloud Manager Compute instance. You will perform many of these operations from the Oracle Cloud Infrastructure Service Console.

Configure Authentication API Keys

  1. If you do not have one already, generate an API signing key and associated fingerprint that will be used by the configuration and networking scripts in subsequent sections. Oracle E-Business Suite Cloud Manager does not support API signing keys with passphrases, so you must generate an API signing key with no passphrase. Reference the Oracle Cloud Infrastructure Documentation site, following the instructions under "To Generate an API Signing Key Pair".

  2. Add the public key for the Oracle E-Business Suite Cloud Manager administrator user by performing the following steps:

    1. Log in to the Oracle Cloud Infrastructure Service Console as the Oracle E-Business Suite Cloud Manager administrator user created previously in Create Users.

    2. Click the user icon.

    3. Select User Settings from the context menu.

    4. Under Resources in the navigation menu on the left, click API Keys. Then, click Add Public Key.

    5. Select the Paste Public Keys radio button.

    6. Paste the contents of the API public key in the dialog box and click Add. The key's fingerprint is displayed.

    7. Copy the Oracle Cloud Infrastructure API private PEM key file to the Oracle E-Business Suite Cloud Manager Compute instance. The file must be placed in a directory owned by the oracle user, for example /u01/install/APPS/.oci. The fully qualified path to the Oracle Cloud Infrastructure API private PEM key file will be needed for running configure.pl in Run Oracle E-Business Suite Cloud Manager Configure Script for the First Time.

Identify Credential Required for Configuration Steps

While still logged into the Oracle Cloud Infrastructure Service Console, identify and record the OCID of your tenancy. You will need to provide this credential when you run the Oracle E-Business Suite Cloud Manager configure.pl script.

  1. From the navigation menu, under Identity & Security, select Administration, then Tenancy Details.

  2. Click Copy to copy the OCID of the tenancy into your clipboard, and record this value for use in the next section.

Run Oracle E-Business Suite Cloud Manager Configure Script for the First Time

The Oracle E-Business Suite Cloud Manager administrator performs the tasks in this section.

  1. Connect to your Oracle E-Business Suite Cloud Manager Compute instance using SSH.

  2. As the oracle user, run the configure.pl script:

    $ sudo su - oracle
    $ cd /u01/install/APPS/apps-unlimited-ebs/bin
    $ perl configure.pl

    Note the creation of the session-specific log file, which will have the format shown in the following example:

    Log File : /u01/install/APPS/apps-unlimited-ebs/out/configure_<date>_<time>.log
  3. When prompted, enter an Oracle E-Business Suite Cloud Manager admin password and enter your user details required for authentication:

    Specify New Oracle E-Business Suite Cloud Manager Admin Password  : 
    Re-enter New Oracle E-Business Suite Cloud Manager Admin Password : 
    
    Enter Oracle E-Business Suite Cloud Manager User OCID : ocid1.user.oc1..xxxxxxxxxx
    Enter Absolute Path to API Private Signing Key        : /u01/install/APPS/.oci/oci_api_key.pem
    Enter Tenancy OCID                                    : ocid1.tenancy.oc1..xxxxxxxxxx

    Note: The password should contain at least one of these special characters: _ (underscore), # (hash), or $ (dollar). This password is used by the Oracle E-Business Suite Cloud Manager administrator to connect to the Cloud Manager database, and to run subsequent scripts.

  4. You will now be prompted for the Oracle E-Business Suite Cloud Manager Administrator Group. This example shows a group called ebscmadmin-grp being selected from the list of available choices.

    Available Groups from OCI for provided User:
    
    Group Name            Description
    ----------            -----------
    1: ebsdevdba-grp      EBS Dev DBA Group
    2: ebscmadmin-grp     EBS Cloud Manager Admin Group
    3: ebsdemodba-grp     EBS Test DBA Group
    4: ebsqadba-grp       EBS QA DBA Group
    
    Choose E-Business Suite Cloud Administrator Group from above list: 2
  5. You will now be asked if you wish to use an existing load balancer:

    Do you wish to use an existing load balancer?
    
    1: Yes
    2: No
    
    Enter your choice: 1

    If you choose option 1 (Yes), you will be asked to choose a load balancer from a list such as shown in this example. Note that the available load balancers reside in the same VCN and the same compartment as the Oracle E-Business Suite Cloud Manager VM.

    Available Load Balancers
    
    1: demolbaas1
    2: demolbaas2
    
    Choose a load balancer from the above list: 1

    Otherwise, if you choose option 2 (No), and therefore wish to create a new load balancer, you will need to choose a load balancer visibility type, shape, and the subnets in which to place the load balancer. Example screens are shown as follows.

    • Choose the load balancer visibility type:

      Choose Load Balancer Visibility Type:
      
      1: Public
      2: Private
      
      Enter your choice: 1

      Select option 1 (Public) or option 2 (Private) for the load balancer visibility type.

    • Load balancer shape:

      1: 100Mbps
      2: 400Mbps
      3: 8000Mbps
      
      Choose Load Balancer Shape from above list: 1
    • Subnets in which to place the load balancer (as defined in Create Network Resources for Use with Public Subnets or Create Network Resources for Use with Private Subnets):

       Available List of Subnets
      
      Regional ( recommended ):
      ------------------------------
      1: lbaas-subnet-phx    
      
      Availability Domain: CQIl:PHX-AD-1
      ------------------------------
      2: lbaas-subnet-ad1
      
      Availability Domain: CQIl:PHX-AD-2
      ------------------------------
      3: lbaas-subnet-ad2
      4: othersubnet1
      
      Availability Domain: CQIl:PHX-AD-3
      ------------------------------
      5: othersubnet2
      6: othersubnet3
      7: othersubnet4
      
      Choose subnet from above list: 1
      
      • If you are in a single availability domain region, your screen will show only two subnet groupings, one for regional subnets and one for your single availability domain.

      • When creating a public load balancer, only public subnets are listed.

      If you are in a multiple availability domain region and you choose an availability domain-specific public subnet (options 2 to 7 in the previous example), and not a regional subnet (option 1 in the previous example), you will be prompted for a second availability domain-specific subnet for the HA load balancer, as shown.

      Choose AD Specific HA subnet from above list: 6 
    • When prompted, enter the load balancer listener port:

      Enter Load Balancer Listener Port : 443
    • When prompted, enter the CIDR range information to access the load balancer port:

      Enter CIDR Block (Range) from which Client can Access Load Balancer Listener Port: 192.0.2.0/24
  6. Review the summary screen containing the information you specified earlier for the Oracle E-Business Suite Cloud Manager.

    ----------------------------------------------------------------------------------------
    Summary of Inputs
    ----------------------------------------------------------------------------------------
    Oracle E-Business Suite Cloud Manager User Name ( Non Federated ) : xxxx.xxxxx@example.com
    Oracle E-Business Suite Cloud Manager User OCID ( Non Federated ) : ocid1.user.oc1..xxxxxxxxxxx
    Fingerprint of API Public Key : xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
    Path to Private PEM key file : /u01/install/APPS/.oci/oci_api_key.pem
    Tenancy OCID : ocid1.tenancy.oc1..xxxxxxxxxxxxxx
    Oracle E-Business Suite Cloud Manager VM Compartment Name : ebscm-compartment
    Oracle E-Business Suite Cloud Manager VM Compartment OCID : ocid1.compartment.oc1..xxxxxxxxxxxxxxx
    Oracle E-Business Suite Cloud Administrator Group Name : ebscmadmin-grp
    Oracle E-Business Suite Cloud Administrator Group OCID : ocid1.group.oc1..xxxxxxxxxxxxxxxxxxxx
    Network Compartment Name : network-compartment
    Network Compartment OCID : ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxx
    Network VCN Name : ebscm-vcn
    Network VCN OCID : ocid1.vcn.oc1.phx-subnet.xxxxxxxxxxxxxxxxxxxxxxxxxx
    Use an existing Load Balancer : false
    Load Balancer Listener Port : 443
    CIDR Block (Range) from which Client can Access Load Balancer Listener Port : 192.0.2.0/24
    Load Balancer Visibility Type : Public
    Load Balancer Shape : 100Mbps
    Load Balancer Subnet Name : Public
    Regional Subnet Load Balancer Subnet OCID : ocid1.subnet.oc1.phx-subnet1.xxxxxxxxxxxxxxxxxxxx
    Load Balancer Subnet CIDR : 10.0.3.16/28
    ----------------------------------------------------------------------------------------
    
    
    Do you wish to continue?
    
    1: Yes
    2: No
    
    Enter your choice: 1

    If you are satisfied with the values shown, enter option 1 to proceed.

  7. You will then see a screen containing a success message, similar to the following example, plus the load balancer URL you will need later.

    ========================================================================================================
    Load Balancer demolbaas1 configuration completed. Review screen messages above to determine if security rules are missing and must be added in order to access the load balancer URL.
    ========================================================================================================
    ========================================================================================================
    Register confidential application in IDCS with the URL: https://xxx.xxx.xx.xxx:xxx and then re-run this script to update your IDCS configuration.
    ========================================================================================================
    

Register Oracle E-Business Suite Cloud Manager as a Confidential Application

In this section, you will register the Oracle E-Business Suite Cloud Manager as a confidential application.

Grant the Oracle Identity Cloud Service Application Administrator Role to the Cloud Manager Administrator

As a tenancy administrator, grant the Oracle Identity Cloud Service application administrator role to the Oracle E-Business Suite Cloud Manager administrator user (created in Create Users).

  1. From the Oracle Cloud Infrastructure console navigation menu, select Identity, and then Federation.

  2. Click on the identity provider.

  3. Click on the link for the Oracle Identity Cloud Service console.

  4. Within the Oracle Identity Cloud Service console, click on the menu and navigate to Security, then click on Administrators.

  5. Scroll down to the Application Administrator section and expand it. Within this section, perform the following:

    1. Click + Add.

    2. In the Add Users to the Administrator Role dialog window, select the user created previously created in Create Users.

    3. Click OK.

  6. Log out.

Register the Application

  1. Open the Welcome email that was received as a result of your user created in Create Users.

  2. Click Activate Your Account in the email.

  3. Enter a new password, confirm, and click Submit.

  4. Navigate to the My Services dashboard at https://myservices-<your tenancy name>.console.oraclecloud.com/mycloud/cloudportal/dashboard and click Sign In.

  5. Click your user avatar menu in the top right corner. This will display a drop-down menu.

  6. Select My Home from the drop-down menu to display the My Oracle Services page.

  7. On the My Oracle Services page, search and click Admin Console. This will display the Oracle Identity Cloud Service Administration Console.

  8. In the top right of the Applications tile, click the icon to Add an Application.

  9. Select Confidential Application. This takes you to the Add Confidential Application page.

  10. Under Details, enter the following:

    • Name: Enter a name such as Oracle E-Business Suite Cloud Manager.

    • Description: Enter a description.

  11. Click Next.

  12. Under Client:

    1. Select Configure this application as a client now.

    2. Under Allowed Grant Types, select the following options:

      • Client Credentials

      • Refresh Token

      • Authorization Code

      Additionally, if you plan to create standby environments or to upgrade environments from Oracle E-Business Suite Release 12.1 to Release 12.2, select the Resource Owner option.

    3. Redirect URL: This is the load balancer URL from step 7 of Run Oracle E-Business Suite Cloud Manager Configure Script for the First Time in the following format: <Your Load Balancer URL>/cm/auth/callback. For example: https://xxx.xxx.xx.xxx:xxx/cm/auth/callback

    4. Logout URL: Leave this field empty.

    5. Post-Logout Redirect URL: <Your Load Balancer URL>/cm/ui/index.html?root=login. For example: https://xxx.xxx.xxx.xxx:xxx/cm/ui/index.html?root=login

    6. Select the Introspect option for Allowed Operations.

    7. Grant the client access to Identity Cloud Service Admin APIs:

      1. Click Add.

      2. Select Authenticator Client and Me.

      3. Click Add again, and then click Next.

  13. Under Resources, click Next.

  14. Under Authorization, click Finish.

  15. Make a note of the following values when they are displayed:

    • Client ID

    • Client Secret

  16. Click Activate to activate the Confidential Application.

  17. Record your Oracle Identity Cloud Service Client Tenant value. This can be seen as part of the URL in your browser's address bar, after the "//" and before ".identity.oraclecloud.com". It begins with the characters "idcs-", followed by a string of numbers and letters in the format idcs-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. Copy the value for use in the next section.

Run Oracle E-Business Suite Cloud Manager Configure Script for the Second Time

  1. Connect to your Oracle E-Business Suite Cloud Manager Compute instance using SSH.

  2. As the oracle user, run the configure.pl script again:

    $ sudo su - oracle
    $ cd /u01/install/APPS/apps-unlimited-ebs/bin
    $ perl configure.pl
    

    Note the creation of the session-specific log file, which will have the format shown in the following example:

    Log File : /u01/install/APPS/apps-unlimited-ebs/out/configure_2019-07-11_10_02_09.log
  3. When prompted, enter the Oracle E-Business Suite Cloud Manager administrator password and your Oracle Identity Cloud Service application details, as shown in the following example. The values you will need to enter for client ID and client secret were established when you registered the Oracle E-Business Suite Cloud Manager as a confidential application in Register Oracle E-Business Suite Cloud Manager as a Confidential Application.

    Enter Oracle E-Business Suite Cloud Manager Admin Password  : 
    
    Enter IDCS Client ID        : <client id> (in a format similar to xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx)
    Enter IDCS Client Secret    : <client secret> (in a format similar to xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
    Enter IDCS Client Tenant    : <client tenant> (in a format similar to idcs-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx)
  4. You will see a summary screen containing the information you specified earlier:

    ----------------------------------------------------------------------------------------
    Summary of Inputs
    ----------------------------------------------------------------------------------------
    Enter IDCS Client ID         : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    Enter IDCS Client Secret     : xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
    Enter IDCS Client Tenant     : client tenant
    IDCS Host                    : https://idcs-xxxxxxxxxxxxxxxxxxxxxx.identity.oraclecloud.com
    ----------------------------------------------------------------------------------------
    
    
    Do you wish to continue?
    
    1: Yes
    2: No
    
    Enter your choice: 1

    Choose option 1 to continue.

  5. A Login URL is then displayed on the screen, as shown in the following example. This is the URL by which users will access the Oracle E-Business Suite Cloud Manager UI.

    Creating EBS Tagging Infrastructure.
    Implicit Namespace created.
    Implicit Tag key created.
    
    ========================================================================================
    Finished Configuring Oracle E-Business Suite Cloud Manager VM.
    Login URL : https://xxx.xxx.xx.xxx:xxx
    Ensure the confidential application is correctly configured in IDCS as per the documentation.
    ======================================================================================== 

    Note:

    • If you wish to update the URL by which users will access the Oracle E-Business Suite Cloud Manager UI, you can do so using your own DNS registered host name and certificate by following the instructions described in "Update Oracle E-Business Suite Cloud Manager URL" in Managing the Oracle E-Business Suite Cloud Manager Virtual Machine.

    • Oracle E-Business Suite resources will be tagged with "oracle-apps.purpose:EBS"

Configure Oracle Cloud Infrastructure Email Delivery Service (Optional)

This section provides instructions on how to set up the Oracle Cloud Infrastructure Email Delivery Service to send notifications.

Steps to Perform Prior to Enabling Mailer

Before enabling the mailer, you must perform these steps:

  1. Generate SMTP credentials by following the instructions in Generate SMTP Credentials for a User in the Oracle Cloud Infrastructure Documentation.

  2. Create an Approved Sender by following the instructions in Managing Approved Senders in the Oracle Cloud Infrastructure Documentation.

Enable and Disable the Mailer

In order to enable and disable the mailer, use the command provided in Enable Mailer Configuration and Disable Mailer Configuration.

Update to Latest Version of Oracle E-Business Suite Cloud Manager

To obtain the latest fixes, update to the latest version by following the instructions in Update Oracle E-Business Suite Cloud Manager to the Latest Version (Conditional).

Obtain the CIDR for the Oracle Cloud Infrastructure SMTP Server

There are certain points within the deployment process in which you must provide the CIDR for the Oracle Cloud Infrastructure SMTP server. In order to obtain this CIDR, perform the following steps:

  1. See Configure SMTP Connection for the list of SMTP endpoints. Contact your tenancy administrator to determine the SMTP endpoint being used.

  2. Run nslookup on the endpoint. For example:

    $ nslookup smtp.us-phoenix-1.oraclecloud.com
  3. The resulting output will be the public IP address for the SMTP endpoint. The CIDR for the IP address obtained will be <IP address>/32. For example: 138.1.38.16/32.

Oracle E-Business Suite Cloud Manager Deployment for Demo and Test Purposes

You can leverage the procedure provided in this section to simplify tenancy preparation, Oracle E-Business Suite Cloud Manager deployment, and configuration by taking advantage of available automation. Doing so will streamline portions of the procedure documented in this chapter, as well as the instructions in Set Up Your Tenancy to Host Oracle E-Business Suite Environments.

This simplified procedure is most appropriate for demo purposes, as it has the following restrictions:

Identify or Create a Tenancy and Obtain Tenancy Administrator User Credentials

If you have an existing tenancy, you must have a user with tenancy administrator privileges to run this procedure.

If you do not have an existing tenancy, you can sign up for a free trial account using the following steps:

  1. From your laptop, go to https://www.oracle.com/cloud/free/ and click Start for free.

  2. On the Oracle Cloud Sign Up page, enter the requested information including your desired tenancy name and tenancy password.

  3. Review your details and click Submit.

    Note: Ensure that you use the same email address that was used when you registered.

    You will be directed to the Oracle Cloud Infrastructure console where you will perform the remainder of the procedure.

  4. Record your trial user name and password for future reference.

Set Up Oracle E-Business Suite Cloud Manager Authentication with Identity Cloud Service (IDCS)

Create the Oracle E-Business Suite Cloud Manager Administrator's Group and User in Oracle Identity Cloud Service

  1. As the tenancy administrator, log in to the Oracle Cloud Infrastructure console.

  2. In the Oracle Cloud Infrastructure console menu under Identity & Security, select Identity, and then select Federation.

  3. Click on the link next to Oracle Identity Cloud Service console.

  4. From the Oracle Identity Cloud Service console, create your Oracle E-Business Suite Cloud Manager group:

    1. Click the navigation menu and select Groups.

    2. Click Add.

    3. In the Add Group dialog box under Step 1: Group Details, enter the following information:

      • Name: Enter the group name (for example, idcs-ebscm-group).

      • Description: Enter a description of your choice.

    4. Click Finish.

  5. While still in the Oracle Identity Cloud Service console, create your Oracle E-Business Suite Cloud Manager administrator user.

    1. Click the navigation menu and select Users.

    2. Click Add.

    3. In the Add User dialog box under Step 1: Add User Details, enter the following information:

      • First Name: Enter the first name of the new user.

      • Last Name: Enter the last name of the new user.

      • User Name: Enter the user name. (For example, ebscm.admin@example.com. Ensure the user name has "." in its name, as per our example.).

      • Email: Enter the email of the new user.

      • Deselect the Use email address as the user name check box.

    4. Click Next.

    5. In the Step 2: Assign User to Groups dialog window, select the check box for the group you just created (such as idcs-ebscm-grp).

    6. Click Finish.

  6. From the Oracle Identity Cloud Service console navigation menu, click Security to expand the menu. Then click Administrators.

  7. On the Administrators page, expand the Application Administrators section and click Add.

  8. In the Add Users to the Administrator Role dialog box, select the check box for the user corresponding to the newly created user in step 5 (in this example, that would be ebscm.admin@example.com).

  9. Click OK.

  10. Log out of the Oracle Identity Cloud Service console by clicking on your user avatar icon at the top right of your screen and then click Sign Out.

Register Oracle E-Business Suite Cloud Manager as a Confidential Application in IDCS

Now, register the Oracle E-Business Suite Cloud Manager as a confidential application.

  1. Open the Welcome email that was received in the previous section.

  2. Click Activate Your Account in the email.

  3. Enter a new password, confirm, and click Submit.

  4. Click OK to continue, which will take you to the Oracle Identity Cloud Service Login screen.

  5. Enter the Oracle E-Business Suite Cloud Manager user name (for example, ebscm.admin@example.com) and password you just entered in the previous screen to log in.

  6. Click on your user avatar menu in the top right corner. This will display a drop-down menu.

  7. Select Admin Console. This will display the Oracle Identity Cloud Service Administration Console.

  8. In the top right of the Applications tile, click the icon to Add an Application.

  9. Select Confidential Application. This takes you to the Add Confidential Application page.

  10. On the Details screen, enter the following:

    • Name: Enter Oracle E-Business Suite Cloud Manager.

    • Description: Enter a description.

  11. Click Next.

  12. On the Client screen:

    1. Select Configure this application as a client now.

    2. Under Allowed Grant Types, select the following check boxes:

      • Resource Owner

      • Client Credentials

      • Refresh Token

      • Authorization Code

      Additionally, if you plan to create standby environments or to upgrade environments from Oracle E-Business Suite Release 12.1 to Release 12.2, select the Resource Owner option.

    3. Redirect URL: https://<Cloud-Manager-web-entry>:443/cm/auth/callback, where <Cloud-Manager-web-entry> is the name you plan to associate with your load balancer IP address. (For example, myebscm.example.com). This name resolution has to be configured in your DNS or in the local hosts file, as per instructions in Log in to Oracle E-Business Suite Cloud Manager.

    4. Logout URL: Leave this field empty.

    5. Post-Logout Redirect URL: https://<Cloud-Manager-web-entry>:443/cm/ui/index.html?root=login, where <Cloud-Manager-web-entry> is the name you plan to associate with your load balancer IP address. (For example, myebscm.example.com). This name resolution has to be configured in your DNS or in the local hosts file, as per instructions in Log in to Oracle E-Business Suite Cloud Manager.

    6. Select the Introspect option for Allowed Operations.

    7. Under Grant the client access to Identity Cloud Service Admin APIs:

      1. Click Add.

      2. Select Authenticator Client and Me in the pop-up window.

      3. Click Add again.

    8. Click Next.

  13. On the Resources screen, click Next.

  14. On the Web Tier Policy screen, click Next.

  15. On the Authorization screen, click Finish.

  16. Make note of the following values which will be used in the next section:

    • Client ID

    • Client Secret

  17. Click Close.

  18. Click Activate to activate the Confidential Application.

  19. Click on the avatar icon the top right hand side of the screen.

  20. Select the About option.

  21. Make a note of the Instance GUID. Your Oracle Identity Cloud Service Client Tenant begins with the characters idcs- and then is followed by a string of numbers and letters. (For example, idcs-6572bfeb183b4becad9e649bfa14a488.)

Oracle E-Business Suite Cloud Manager Deployment and Configuration

In this section you will deploy and configure an Oracle E-Business Suite Cloud Manager Compute instance using an Oracle Marketplace stack.

Sign in to the Oracle Cloud Infrastructure Console

Use the tenancy administrator credentials to sign in to Oracle Cloud Infrastructure console.

Sign in to the Oracle Cloud Infrastructure console using the following:

Deploy and Configure Oracle E-Business Suite Cloud Manager

You will now deploy and configure the Oracle E-Business Suite Cloud Manager using a Marketplace stack. The stack creates the following cloud resources:

Then, the stack will configure Oracle E-Business Suite Cloud Manager to work with your Oracle Cloud Infrastructure tenancy and the newly created Oracle Cloud Infrastructure resources.

Perform the following steps:

  1. Log in to the Oracle Cloud Infrastructure Service Console.

    1. In the menu on the left panel under the heading, click Solutions and Platform, then click Marketplace, and then click Applications.

    2. Then, click Oracle E-Business Suite Cloud Manager Stack for Demos.

    3. In the Version drop-down list, ensure that the default of Oracle-EBS-Cloud-Manager-RM-20.1.1-2020.08.20 is selected.

    4. In the Compartment drop-down list, select the parent compartment of the compartment where the Oracle E-Business Suite Cloud Manager Compute instance will be deployed. For example, mycompanytenancy(root).

    5. Review and accept the Terms of Use.

    6. Click Launch Instance.

  2. On the Configure Variables screen, enter the following values:

    1. Resource Prefix: A prefix that will be added to names of all the cloud resources created by the stack.

    2. Leave the Single Compartment Setup check box selected.

    3. Select the compartment under which the new compartment will be created.

    4. Enter the user name corresponding to the EBS Cloud Administrator created in step 5 of Create the Oracle E-Business Suite Cloud Manager Administrator's Group and User in Oracle Identity Cloud Service.

    5. Make sure the Create New REST API key check box is selected.

    6. Enter the web entry fully qualified domain name you entered that corresponds to the Cloud-Manager-web-entry element you entered in step 12 of Register Oracle E-Business Suite Cloud Manager as a Confidential Application in Oracle Identity Cloud Service.

    7. Select VM.Standard.E2.2 for EBS Cloud Manager Shape.

    8. Enter a password which matches the following criteria: 8 to 30 characters, at least one lower character, one upper case character, one special character from _#$.

    9. Enter the contents of a public key file that will be used to connect using SSH to your Oracle E-Business Suite Cloud Manager Compute instance. For more details on how to generate the key, see Creating a Key Pair in the Oracle Cloud Infrastructure Documentation.

    10. Choose the availability domain that ends in -1 from the list under EBS Cloud Manager Availability Domain.

    11. Leave the Custom CIDR Ranges check box deselected.

    12. Enter a CIDR block that corresponds to the IP range of the clients you plan to use to connect to the Oracle E-Business Suite Cloud Manager. For the whole internet, use 0.0.0.0/0.

    13. Enter the values corresponding to Client ID, Client Secret, and IDCS Client Tenant from Register Oracle E-Business Suite Cloud Manager as a Confidential Application in Oracle Identity Cloud Service.

  3. On the Review screen, verify the information and click Create.

  4. This takes you to the Stack Details page for your newly created stack. On this page, click the Terraform Actions drop-down list and select Apply.

  5. In the Apply dialog window, leave the default settings as-is and click Apply.

  6. On the Job Details page, you will see the job status which will cycle through Accepted, In Progress, and Succeeded. After the job succeeds, you will have all the network resources (VCN, load balancer, subnets, and so on) required to deploy the Oracle E-Business Suite Cloud Manager Compute instance.

  7. On the Application Information tab are details related to the Oracle E-Business Suite Cloud Manager instance and load balancer.

    Make a note of the Private IP, Public IP, Login URL, and LB Public IP. These variables are needed for the remainder of the procedures in this section.

Ensure You are on the Latest Cloud Manager Version

Check to make sure you are on the latest cloud manager version by following the instructions in Update Oracle E-Business Suite Cloud Manager to the Latest Version (Conditional).

Log in to Oracle E-Business Suite Cloud Manager

Before logging in to the Oracle E-Business Suite Cloud Manager web application, you need to add the host name in the Login URL to your local computer hosts file. Follow these instructions to perform this configuration:

  1. Edit the local hosts file on your laptop and add an entry.

    For Windows Users

    1. Navigate to Notepad in your start menu.

    2. Hover over Notepad, right-click, and select the option “Run as Administrator.”

    3. In Notepad, click File, then click Open.

    4. Browse to C:\\Windows\System32\drivers\etc.

    5. Find the file hosts.

    6. In the hosts file, scroll down to the end of the content.

    7. Add the following entry to the very end of the file:

      <LB Public IP> <Cloud-Manager-web-entry>
    8. Save the file.

  2. Using the Login URL found in the Application Information tab, log into the Oracle E-Business Suite Cloud Manager using your Oracle Identity Cloud Service credentials.

    Once logged in, you are on the Environments page.