Provision an Oracle E-Business Suite Instance

This chapter covers the following topics:

Requirements for Provisioning a New Environment

With the automated provisioning options in Oracle E-Business Suite Cloud Manager, you can create a new environment of Oracle E-Business Suite.

Options for New Environments

The tables in this section show the available options for provisioning a new environment.

The following table describes the options available for provisioning an environment as described in One-Click Provisioning.

Table 9-1 New Environment Options for One-Click Provisioning
Available Product Combination for Deployment Cloud Service For Application, Database, and Oracle Enterprise Command Center Framework Tiers [1]
  • Oracle E-Business Suite Release 12.2.10

  • Oracle Database Release 19c (19.8) - Vision demo

  • Oracle Enterprise Command Center Framework V5 [2]

  • Oracle Cloud Infrastructure Compute virtual machine (VM)

    • Oracle Cloud Infrastructure Compute supports only single instance databases; it does not support Oracle RAC databases.

Footnotes on Table 9-1:

  1. If you use One-Click Provisioning, then the application, database, and Oracle Enterprise Command Center Framework tiers will be installed on a single Compute VM as part of the streamlined preset topology. This Compute VM will be created with Oracle Linux 7.9.

  2. The Oracle Assets Command Center dashboard is pre-configured in your environment, and you can configure other dashboards as needed.

Note: Oracle E-Business Suite Release 12.2.10 (with Oracle Database 19c (19.8) and Oracle Enterprise Command Center Framework V5) is available only if you have upgraded to Oracle E-Business Suite Cloud Manager version 20.2.1.0.2 or later. If you are on Oracle E-Business Suite Cloud Manager version 20.2.1.0.1 or earlier, then the product combination available for One-Click Provisioning is Oracle E-Business Suite Release 12.2.9 with Oracle Database 19c (19.6) - Vision demo, and the combined application tier and database tier VM will be created with Oracle Linux 7.9.

The following table describes the options available for provisioning an environment as described in Advanced Provisioning.

Table 9-2 New Environment Options for Advanced Provisioning
Products Available for Deployment Cloud Service For Application Tier Cloud Service For Database Tier [1]
  • Oracle E-Business Suite Release 12.2.10 with the following Oracle Database release:

    • 19c (19.7) - Vision demo and fresh installation

  • Oracle E-Business Suite Release 12.2.9 with the following Oracle Database releases:

    • 19c (19.6) - Vision demo and fresh installation

    • 12.1.0.2 - Vision demo and fresh installation

  • Oracle E-Business Suite Release 12.2.8 with the following Oracle Database release:

    • 11.2.0.4 - Vision demo

  • Oracle E-Business Suite Release 12.1.3 with the following Oracle Database release:

    • 12.1.0.2 - Vision demo and fresh installation

    • 11.2.0.4 - Vision demo

Oracle Cloud Infrastructure Compute virtual machine (VM) [2]
  • Oracle Cloud Infrastructure Compute VM [2]

    Oracle Cloud Infrastructure Compute supports only single instance databases; it does not support Oracle RAC databases

  • 1-Node VM DB System (Single Instance) [3]

    • Database edition options:

      • Enterprise Edition

      • Enterprise Edition High Performance

      • Enterprise Edition Extreme Performance

  • 2-Node VM DB System (Oracle RAC)[3]

    • Database edition option

      • Enterprise Edition Extreme Performance

  • Exadata Cloud Service [4]

    This database tier service provides Oracle RAC support

Footnotes on Table 9-2:

  1. If you use Advanced Provisioning, then you can choose any of the cloud services listed here for your database tier.

  2. The application tier and database tier VMs will be created with Oracle Linux 7.9.

  3. When placing your Release 19c or 12.1.0.2 database tier on either 1-Node VM DB System or 2-Node VM DB System using Advanced Provisioning in Oracle E-Business Suite Cloud Manager, you will choose from the available certified database bundle patches shown.

  4. When placing your Release 19c or 12.1.0.2 database tier on Exadata Cloud Service using Advanced Provisioning in Oracle E-Business Suite Cloud Manager, you will choose from the available certified database bundle patches shown.

Cloud Services Minimum Resource Recommendations

To provision a new environment, we recommend that you have cloud service resources that match or exceed those specified in the following table:

Table 9-3 Cloud Services Minimum Resource Recommendations
Description Machine Type Number of Machines OCPUs Memory Storage External IPs
Oracle E-Business Suite Cloud Manager VM 1 1 7 GB 55 GB (block) 1
A load balancer (You can use your own load balancer or Load Balancer as a Service [LBaaS]) Not applicable Not applicable Not applicable Not applicable Not applicable 1
Application tier VM n (where 'n' is the number of application tier nodes in the target environment) n*m (where 'm' is the number of OCPUs in the shape selected for the application tier; the minimum for 'm' is 1) Release 12.2 = 14 GB per VM
Release 12.1 = 7 GB per VM
Shared application tier: 170 GB + 40 GB for each additional application tier (block)
Non-shared application tier: 170 GB x n (block)
Per language: 16 GB (block)
n
Database tier on Oracle Cloud Infrastructure Compute VM 1 2 14 GB Vision demo: 300 GB
Fresh install: 200 GB
1
Database tier on 1-Node VM DB System (Single Instance) VM 1 2 14 GB Vision demo: 256 GB
Fresh install: 256 GB
Total storage: 712 GB [1]
1
Database tier on 2-Node VM DB System VM 2 2 per VM 30 GB per VM Vision demo: 256 GB
Fresh install: 256 GB
Total storage: 912 GB [1]
2
Database tier on Exadata Cloud Service Oracle RAC [2] Bare Metal 2 11 x 2 720 GB x 2 84 TB 2

Footnotes on Table 9-3:

  1. The Available Storage Size and Total Storage Size are different. For more information, see Bare Metal and Virtual Machine DB Systems.

  2. These are the minimum specifications provided by an Exadata Cloud Service Quarter Rack.

One-Click Provisioning

One-Click Provisioning streamlines the process of provisioning a new environment by using preset topology options. This option is available if your network administrator created the necessary network resources for your Oracle E-Business Suite Virtual Cloud Network (VCN), using the ProvisionOCINetwork.pl script. These resources are grouped into a default network profile called DEFAULT_PROFILE_ONECLICK. Your Oracle E-Business Suite Cloud Manager administrator must also upload this network profile using the UploadOCINetworkProfile.pl script. One-Click Provisioning uses the subnets and security lists defined in the DEFAULT_PROFILE_ONECLICK network profile. See Create Network Resources For Deploying Oracle E-Business Suite Instances.

Your new environment will be created with a single application tier and database tier on the same Compute instance, using default configuration options. The Compute instance is created in Availability Domain 1, using the VM.Standard.E3.Flex shape in Release 21.1.1 and later; the VM.Standard2.1 shape was used in prior releases. For more information on the shape, refer to Compute Shapes.

The new environment uses the "Bring Your Own License (BYOL)" middleware licensing model.

The Web Entry Type is simply Application Tier Node.

The environment is configured with Transport Layer Security (TLS) enabled for inbound HTTP traffic.

Your new environment will have Enterprise Command Centers pre-configured, using the same virtual machine (VM) as the application tier and database tier. The Oracle Assets Command Center dashboard is pre-configured in your environment. You can configure other dashboards as needed.

If you would like to configure your environment instead of using the preset One-Click Provisioning topology, follow the steps in the section Advanced Provisioning.

When provisioning, you can choose a predefined tag or specify a new (free-form) tag to identify all resources associated with an environment or group of environments. Refer to Managing Tags and Tag Namespaces for more information.

Prerequisites

Provision an Environment using One-Click Provisioning

  1. On the Oracle E-Business Suite Cloud Manager Environments page, click Provision Environment and select One-Click.

  2. Enter the values for your new environment:

    • Environment Name: Accept the system-generated name or enter a new name for your environment. For example: usdev1

    • Purpose: Vision Demo Install

    • EBS Version: Select the Oracle E-Business Suite version for your environment.

    • DB Version: Select the database version for your environment.

    The available database versions depend on the Oracle E-Business Suite version you selected. See Requirements for Provisioning a New Environment.

  3. Optionally enter tagging information in the Tags region.

    • Tag Namespace: Select a predefined tag namespace or select None (add a free-form tag).

    • Tag Key: Enter the name you use to refer to the tag.

    • Value: Enter the value for the tag key.

  4. Click Submit.

  5. You can check the status of the job to provision the environment in the Jobs page.

    After the environment is successfully provisioned, perform any necessary post-provisioning steps and access your environment following the instructions provided in Perform Post-Provisioning and Post-Cloning Tasks.

Advanced Provisioning

With Advanced Provisioning, you can choose how to configure your own topology for a new environment, instead of using the basic preset topology options in One-Click Provisioning. You can also use Advanced Provisioning to provision an environment based on a backup of another environment.

Note these additional key attributes:

In addition, you can configure multiple zones in your environment. Each zone has its own web entry point and application tier nodes. Each zone can have its own load balancer to manage traffic, or multiple zones of the same type can share a load balancer. One zone is created by default when you provision an environment. For more information on using zones, see: My Oracle Support Knowledge Document 1375670.1, Oracle E-Business Suite Release 12.2 Configuration in a DMZ.

Example Virtual Cloud Network with an Internal Zone and External Zone

the picture is described in the document text

Prerequisites

Additional Requirements for Exadata Cloud Service

Beginning with Release 20.2.1.1.1 of the Oracle E-Business Suite Manager, Advanced Provisioning can provision environments only on Exadata Cloud Service instances that follow the new Exadata Resource Model.

Existing Exadata DB Systems which follow the old resource model must be converted to the new resource model before you use the Cloud Manager to provision new environments. See: The New Exadata Cloud Service Resource Model and Switching an Exadata DB System to the New Resource Model and APIs.

If you plan to use Oracle E-Business Suite Cloud Manager Advanced Provisioning to provision your database to a pre-existing Exadata Cloud Service instance, you must first ensure that the SSH keys associated with the Oracle E-Business Suite Cloud Manager Virtual Machine (VM) are added to the associated Exadata VM cluster. Follow the instructions below to obtain the Oracle E-Business Suite Cloud Manager VM SSH key and copy it to the Exadata Cloud Service VM Cluster. For more information about Oracle E-Business Suite Cloud Manager deployment prerequisites, refer to Deploy Oracle E-Business Suite Cloud Manager on Oracle Cloud Infrastructure.

  1. Log in to the Oracle E-Business Suite Cloud Manager VM using the oracle user ID, as shown below:

    $ cd ~/.ssh
    $ cat id_rsa.pub
  2. Copy the contents to the clipboard.

  3. Use the Oracle Cloud Infrastructure Direct Sign-in to log in to the Oracle Cloud Infrastructure console.

  4. Using the menu, navigate to Oracle Database, then Bare Metal, VM, and Exadata.

  5. Choose the compartment where your infrastructure is located.

  6. Under Exadata at Oracle Cloud, select Exadata Infrastructure, and click on your Exadata Infrastructure resource to go to the Exadata Infrastructure Details page.

  7. Click on the name of the Exadata VM Cluster.

  8. Select Add SSH Keys.

  9. Select Paste SSH Keys, and paste the content previously copied into the SSH KEYS field.

  10. Click Save Changes.

Access the Advanced Provisioning Feature

Advanced Provisioning can be used to create a new environment or create an environment from a backup. Navigate to Advanced Provisioning using one of the following options. Then continue either to Enter Installation Details for a New Implementation or Enter Installation Details for an Environment from a Backup depending on the option you chose.

Enter Installation Details for a New Implementation

  1. Enter details for your new environment:

    • EBS Compartment: Select your Oracle E-Business Suite compartment. Only compartments that you have access to are shown.

    • Network Profile: Select the network profile that contains the network resources you want to use to provision your environment. For example: DEFAULT_PROFILE_ADVANCED.

      Click the information icon to view the Network Profile Details. You may wish to capture this information for use later in the interview.

    • Environment Name: Enter a name for your environment. For example: usdev1

  2. Ensure that the New Installation option is selected. Then enter values for the following:

    • Database: Select the type of environment you want to create, either Vision Demo Install or Fresh Install.

    • EBS Version: Select the Oracle E-Business Suite version for your environment.

    • DB Version: Select the database version for your environment. The available database versions depend on the Oracle E-Business Suite version you selected.

  3. Optionally select your operating system time zone. This is the operating system time zone for your application and database tier nodes. For more information on time zone support, see: Time Zone Support in Oracle E-Business Suite Cloud Manager.

    The default value for a Fresh Install implementation is 'UTC'.

    For a Fresh Install instance, leave the Bypass Server Timezone Profile Validation box unchecked.

    The default value for a new implementation for Vision Demo Install is 'America/Chicago', the time zone for the Vision Demo instance.

    For a Vision Demo Install instance, Oracle E-Business Suite Cloud Manager will validate your selection for the server time zone, unless you check the box Bypass Server Timezone Profile Validation.

    Note: If you are provisioning on an Exadata Cloud Service instance, when the Bypass Server Timezone Profile Validation box is unchecked, the system will set the time zone variable (TZ) in the database environment file and the SRVCTL utility will use this time zone value.

  4. Optionally enter tagging information in the Tags region.

    • Tag Namespace: Select a predefined tag namespace or select None (add a free-form tag).

    • Tag Key: Enter the name you use to refer to the tag.

    • Value: Enter the value for the tag key.

  5. Click Next. Now continue to the section Enter Database Information for the next steps.

Enter Installation Details for an Environment from a Backup

  1. Enter details for your new environment:

    • Environment Name: Enter a name for your environment. For example: usdev1

    • Network Profile: Select the network profile that contains the network resources you want to use to provision your environment. For example: DEFAULT_PROFILE_ADVANCED

      Click the information icon to view the Network Profile Details. You may wish to capture this information for use later in the interview.

  2. In the Installation Type region, ensure that the Provision from Object Storage Backup option is selected. Then enter values for the following:

    • Backup Bucket: Select the backup from which you want to provision the environment. If you navigated to Advanced Provisioning from the Backups page or from the Backups region in an environment details page, then the backup you chose there is selected by default.

    • Backup Encryption Password: Enter the encryption password that was specified for the backup when the backup was created.

    • Backup Apps Password: Enter the password for the Oracle E-Business Suite APPS schema for the source environment.

    • New WebLogic Server Password: (Conditionally Required) Enter the password that you want to set for the Oracle WebLogic Server administration user on the target environment. This field appears only if you selected a backup created from a source environment on Oracle E-Business Suite Release 12.2. Note that this password should comply with the Weblogic Server Policy that was present on the source instance at the time the backup was taken. If the default policy was set for the source instance, then provide a password complying with the default policy. If a custom policy was set for the source instance, then provide a password complying with the custom policy.

    • Source Wallet Password: (Conditionally Required) If you selected a backup created from a TDE-enabled source environment, enter the source wallet password.

  3. Optionally select your operating system time zone. This is the operating system time zone for your application and database tier nodes. For more information on time zone support, see: Time Zone Support in Oracle E-Business Suite Cloud Manager.

    Oracle E-Business Suite Cloud Manager will validate your selection for the server time zone, unless you check the box Bypass Server Timezone Profile Validation.

    Warning: If you choose to override the time zone defined in the backup environment, then the operating system for the new environment will be configured to use the selected time zone. After you provision your environment, and prior to starting any database and application tier services, you must set the TZ environment variable to match the Server Timezone profile option. Failure to do so could lead to data corruption. See: Time Zone Support in the Oracle E-Business Suite Setup Guide.

  4. Optionally enter tagging information in the Tags region.

    • Tag Namespace: Select a predefined tag namespace or select None (add a free-form tag).

    • Tag Key: Enter the name you use to refer to the tag.

    • Value: Enter the value for the tag key.

  5. Click Next. Oracle E-Business Suite Cloud Manager will validate all passwords. The WebLogic Server password will be validated based on the default/custom policy set on the source instance of the backup.

    If there are any validation issues, errors will be displayed. Correct the passwords and click Next to proceed.

Enter Database Information

  1. Select the Cloud Database Service option for your environment, either Compute, Virtual Machine DB System, or Exadata Infrastructure.

  2. If you chose Compute for the Cloud Database Service, enter the following:

    • DB SID: Enter the database SID. For example: demodb

    • Logical Hostname: Provide the logical hostname that will be used as part of the Oracle E-Business Suite configuration. Note that this is not the physical hostname.

    • Logical Domain: Provide the logical domain that will be used as part of the Oracle E-Business Suite configuration. Note that this is not the physical domain.

    • PDB Name: If the database version is 19c, enter the pluggable database (PDB) name.

    • Shape: Select a shape that is available in the OCI region. Ensure that you have checked your quota in advance. When choosing a flexible shape, for example VM.Standard.E4.Flex, you will use the sliders to choose 1) the Number of OCPUs and 2) Amount of memory (GB).

    • Enable TDE: Select this option if you want to enable Transparent Database Encryption (TDE) for a new environment on Compute, or for an environment on Compute that is created from a backup of a non-TDE source environment. If you provision an environment on Compute from a backup of a TDE-enabled source environment, then TDE is automatically enabled. Note that to run a TDE-enabled database on Compute, you must have or acquire the Advanced Security Option (ASO).

    • Admin Password: Enter the admin password for the database. This password is used for the SYS user as well, and must not contain the username 'SYS'. If TDE is enabled for the environment, then this password is also used as the TDE wallet password. The password must be 9 to 30 characters and contain at least two uppercase, two lowercase, two special, and two numeric characters. The special characters must be underscores (_), number signs (#), or hyphens (-). Re-enter the password in the next field to confirm it.

    • Fault Domain Selection: Select Automatic or Manual. If you choose Manual, you are prompted to select fault domains. Refer to Fault Domains for more information.

    • (Advanced Options) RMAN_CHANNEL_COUNT: Specify the number of Recovery Manager (RMAN) staging channels to allocate for restoring from the backup. The default value used by RMAN is 100% of the number of OCPUs. The minimum value is one channel. The maximum value is 255 irrespective of shape.

  3. If you chose Virtual Machine DB System for the Cloud Database Service, enter the following:

    • DB Name: Enter the database name. For example: vmdb1

    • DB Patch Level: Select a certified database patch level from the options provided, identified by the database version and the release year, month, and day.

    • Shape: Select the shape. Note that for an Oracle RAC environment, you must select a shape that supports it. For example: VM Standard2.2 (2 OCPU, 30GB RAM)

    • Node Count: Select 1 for a 1-Node VM DB System (Single Instance), or select 2 for a 2-Node VM DB System (Oracle RAC).

    • DB Software Edition: Select the database software edition. If the Node Count is 2, then the only choice is Enterprise Edition Extreme Performance. If the Node Count is 1, then you can choose either Enterprise Edition, Enterprise Edition High Performance, or Enterprise Edition Extreme Performance.

    • Cluster Name: If the Node Count is 2, then this field appears and you can optionally enter a cluster name. For example: demo-1

    • License Type: Select License Included if you want to obtain a new license or Bring Your Own License (BYOL) if you want to use a license you already own.

    • PDB Name: If the database version is either 12.1.0.2 or 19c, enter the pluggable database (PDB) name. For example: vmdbpdb

    • Admin Password: Enter the admin password for the database. This password is used for the SYS user as well, and must not contain the username 'SYS'. This password is also used as the TDE wallet password. The password must be 9 to 30 characters and contain at least two uppercase, two lowercase, two special, and two numeric characters. The special characters must be underscores (_), number signs (#), or hyphens (-). Re-enter the password in the next field to confirm it.

    • Fault Domain Selection: Select Automatic or Manual. If you choose Manual, you are prompted to select fault domains. Refer to Fault Domains for more information.

    • (Advanced Options) RMAN_CHANNEL_COUNT: Specify the number of Recovery Manager (RMAN) staging channels to allocate for restoring from the backup. The default value used by RMAN is 100% of the number of OCPUs. The minimum value is one channel. The maximum value is 255 irrespective of shape.

  4. If you selected Exadata Infrastructure for the Cloud Database Service, enter the following:

    • Infrastructure Name: Select the Exadata infrastructure name. The infrastructure resource is used to manage the hardware configuration and maintenance schedule at the infrastructure level. For information on using the infrastructure resource, see: The New Exadata Cloud Service Resource Model.

    • Cluster Name: Select the name of the VM Cluster resource. The VM cluster is a child resource of the infrastructure resource, providing a link between your Exadata cloud infrastructure resource and Oracle Database. For information on using the cluster resource, see: The New Exadata Cloud Service Resource Model.

    • DB System Name: Select the database system name. For example: demoexaxxxad1.

      Note: This field displays only Exadata Cloud Service instances with a status of ACTIVE. If an action is currently being performed on an Exadata Cloud Service instance that causes the system to have a status of UPDATING, then that system will temporarily be omitted from the list of values in this field. For example, if a user is adding SSH keys, then the system will have a status of UPDATING for a few minutes. Consequently, if you do not see the system you want to use, wait for the action being performed on the system to complete and then return to this page to select the system.

    • DB Name: Enter the database name. For example: exadb

    • PDB Name: If the database version is either 12.1.0.2 or 19c, enter the pluggable database (PDB) name. For example: exapdb

    • DB Patch Level: Select the database patch level, identified by the database version and the release year, month, and day.

    • Admin Password: Enter the admin password for the database. This password is used for the SYS user as well, and must not contain the username 'SYS'. This password is also used as the TDE wallet password. The password must be 9 to 30 characters and contain at least two uppercase, two lowercase, two special, and two numeric characters. The special characters must be underscores (_), number signs (#), or hyphens (-). Re-enter the password in the next field to confirm it.

    • (Advanced Options) RMAN_CHANNEL_COUNT: Specify the number of Recovery Manager (RMAN) staging channels to allocate for restoring from the backup. The default value used by RMAN is 16. The minimum value is one channel. The maximum value is 255 irrespective of shape.

  5. Click Next.

Enter Application Tier Information

  1. Define your zones. For more information on zones, refer to My Oracle Support Knowledge Document 1375670.1, Oracle E-Business Suite Release 12.2 Configuration in a DMZ.

    Note that you can have multiple zones across subnets. You can configure your environment such that your functional redirection per zone is in accordance with functional affinity.

    Also, you can have a load balancer shared between multiple zones of the same type. This configuration allows for two separate URLs to resolve to the same IP address and the shared load balancer will target one backend set or another.

    Note too that you have flexibility in your configuration. One zone, Zone A, can have one load balancer assigned to it, while another two zones, Zone B and Zone C, can have a second load balancer assigned to them.

    You must define your internal (primary) zone first, before optionally defining additional zones.

    Enter values for the following properties:

    • Name

    • Type

      Note: For the first zone that you define, which is your primary zone, the Type is Internal and is not selectable.

  2. In the Web Entry Point region, enter values for the following properties:

    • Web Entry Type: Choose one of the following: New Load Balancer (LBaaS), Use OCI Load Balancer to select an existing OCI load balancer, Manually Configured Load Balancer to select a manually deployed existing load balancer, or Application Tier Node to choose the primary application tier as the entry point.

    • Load Balancer Shape: If you chose "New Load Balancer (LBaaS)" as the web entry type, select the shape for your new load balancer. For example: 100Mbps

    • OCI Load Balancer: If you chose OCI Load Balancer for the web entry type, you will select an existing OCI Load Balancer from the dropdown list.

    • Protocol: Select the protocol for access to the environment, either http or https.

    • Hostname: Enter the hostname for your web entry point. For example: myhost

    • Domain: Enter the domain for your web entry point. For example: example.com

    • Port: Select the port for your web entry point. If there is no load balancer, then the port is automatically populated depending on the protocol: 8000 for http and 4443 for https. Otherwise, select the appropriate port for use with your load balancer, such as 80 for http or 443 for https. Note that to allow access to the Oracle E-Business Suite login URL, your network administrator must define an ingress rule in the load balancer security list. See Create Network Resources For Deploying Oracle E-Business Suite Instances.

  3. For Storage, choose the File System Type: Non-Shared or Shared.

    If you choose Shared, then the storage is shared across all nodes in your network. You must enter a value for the Block Volume Storage field for the first node under Application Tier Nodes. This storage is then shared across all nodes, so you do not enter in storage values for your subsequent nodes. In addition, after you save your first zone with Shared storage, any subsequent zones will also be defined with Shared storage automatically.

    Important: You must ensure you specify enough storage for your nodes. Refer to Oracle E-Business Suite Installation Guide: Using Rapid Install for guidelines on space usage.

    If you choose Non-Shared, you must specify a value for the Block Volume Storage field for every node in the Application Tier Nodes field.

  4. In the Logical Host region, enter values for the following properties:

    • Logical Host Option: Choose Automatic or Manual.

    • Logical Hostname Prefix: If you chose Automatic, enter your desired hostname prefix.

      You do not need to enter this if you chose Manual for your logical host option, but you will be prompted for the Logical Hostname for your nodes in the Application Tier Nodes region.

    • Logical Domain: Enter the logical domain.

  5. In the Application Tier Nodes region, click Add Node to enter properties for your primary application tier node, and then for each additional application tier node in your environment.

    In the Add Node dialog window, you will see the following properties. Enter the value for each property, except in the case where it has been generated for you.

    Note that you can define a specific shape for each application tier node.

    • Logical Hostname

    • Logical FQDN

    • Shape: Select a shape that is available in the OCI region. Ensure that you have checked your quota in advance. When choosing a flexible shape, for example VM.Standard.E4.Flex, you will use the sliders to choose 1) the Number of OCPUs and 2) Amount of memory (GB).

    • Block Volume Storage

    • Fault Domain: Select the fault domain. Refer to Fault Domains for more information.

    Click Add Node again to save your choices.

  6. Click Save Zone to save your zone definition.

  7. After you have saved the definition for your primary zone, you will choose a middleware licensing model, either 1) BYOL, or 2) UCM. If you choose BYOL, you are indicating that you have purchased or transferred the perpetual licenses required for customized Oracle E-Business Suite Applications. If you choose UCM, you are adopting the Universal Credits subscription-based model, and paying for usage as you go. Make sure you understand the cost associated with this choice.

  8. Define additional zones using the Add Zone button.

    For the additional internal zones, if New Load Balancer (LBaaS) is selected as the Web Entry Type for first zone, then an extra option Reuse Internal Zone1 Load Balancer is displayed in the Web Entry Type list along with the options New Load Balancer (LBaaS), Use OCI Load Balancer, and Manually Configured Load Balancer.

  9. When you are finished adding application tier nodes, scroll to the top of the window and click Save Zone to save your zone definition.

  10. When you have completed adding your zones, click Next.

Specify Your Extensibility Options

You can optionally extend the provisioning job to meet your own requirements. By default, Oracle E-Business Suite Cloud Manager follows a standard job definition for provisioning. However, Oracle E-Business Suite Cloud Manager administrators can also create extended job definitions that include additional tasks as part of the provisioning job. In this case you can select the appropriate extended job definition for Oracle E-Business Suite Cloud Manager to follow when provisioning your environment. If you select an extended job definition, you may need to enter values for input parameters required by the additional tasks in that plan.

Additional Information: For more information on using the Extensibility Framework to extend job definitions, see Set Up the Extensibility Framework.

Additionally, whether you are using the standard provisioning job definition or an extended job definition, you can choose to have Oracle E-Business Suite Cloud Manager pause at specified points during the provisioning job. For example, if you want to perform your own validations after a particular phase before allowing Oracle E-Business Suite Cloud Manager to proceed to the next phase, you can add a pause at that point. You can then resume the provisioning job when you are ready to proceed. See Monitor Job Status.

Specify Your Job Definition

  1. Optionally select an extended job definition for provisioning your environment in the Job Definition field.

  2. In the Task Parameters tab, specify any parameter values required for the additional tasks in the job definition. Some parameters may include default values, which you can override as needed.

Specify Your Job Definition Details

  1. Click the Job Definition Details tab. This tab displays a list of the phases in the job definition and the tasks within each phase.

  2. To specify that Oracle E-Business Suite Cloud Manager should pause its processing before a particular phase, click the Actions icon next to that phase, and then select Add Pause.

    Note: Pauses occur before the phase at which they are defined.

  3. Click Next.

Enter SSH Keys

Optionally upload SSH keys for users.

Note: You cannot add keys after the provisioning process is completed.

Note: If you selected Exadata Infrastructure as your Cloud Database Service, then you can add keys to the application tier only.

  1. Click Add Key.

  2. Specify the tiers for the SSH key. Choose All Tiers, Application Tier, or Database Tier.

  3. Specify the pertinent OS User type. Choose All Users, Operating System Administrator, or Application Administrator.

  4. Upload the SSH key file. The file name will default in.

  5. The system will validate the SSH key. Click Next to continue.

Review Your Advanced Provisioning Details

  1. Review the installation details, including:

    • Installation details, including environment name, installation type, network profile, and operating system time zone.

    • Database details, including database service type, database name, and pluggable database name. For Exadata Cloud Services, the cluster name is included.

    • Application tier details, including web entry details and information on zones.

    • Job definition details.

    • SSH Key information.

  2. To provision your environment, click Submit.

  3. You can check the status of the job to provision the environment in the Jobs page.

Known Issues for Advanced Provisioning

Workaround for Oracle Database 19c Restore Failure

When using the Oracle E-Business Suite Cloud Manager Advanced Provisioning to provision from a backup containing Oracle Database 19c, whether that backup is part of a lift and shift from on-premises or the result of a Create Backup operation in OCI, you may encounter the error "ORA-65174: invalid or conflicting name in service <service name> found in the pluggable database."

You can fix this issue by first deleting the conflicting service from the source environment. Here is the complete list of steps to work around the issue:

  1. On the database tier of the source environment, list the services registered with the database.

    $ source <cdb env file>
    $ lsnrctl status <LISTENER_NAME>
    $ sqlplus "/as sysdba"
    $ select NAME,NETWORK_NAME,CON_NAME,CREATION_DATE from v$active_services
  2. Next, connect to the CDB:

    $ cd <19c home>
    $ source <cdb_sid>_<hostname>.env     

    and run the query shown to list all services in the database:

    $ select name,enabled,creation_date,pdb from cdb_services;
  3. Ensure the conflicting service name is not in the list of lsnrctloutput and v$active_services. Perform this step to ensure that you are not deleting active services on the source. If the service does appear in the list, then do not proceed with the next steps; instead, contact your Oracle Support representative.

  4. Connect to the container and delete the service causing the conflict.

    $ cd <19chome>
    $ source <cdb_sid>_<hostname>.env
    $ sqlplus "/as sysdba"
    $ alter session set container="<PDB NAME>";
    $ exec DBMS_SERVICE.DELETE_SERVICE('<CONFLICTING SERVICE NAME>');
  5. Repeat the backup and restore operation that originally failed:

    1. Recreate the backup by running the Oracle E-Business Suite Cloud Backup Module or running the Oracle E-Business Suite Cloud Manager Create Backup feature.

    2. Use Oracle E-Business Suite Cloud Manager Advanced Provisioning to provision your new environment.

Additional Patches for the Internal Concurrent Manager

You might see issues regarding Internal Concurrent Manager (ICM) startup failure after provisioning in 12.1.3 environments. You should apply the following patches and restart Concurrent Manager Services:

After the environment is successfully provisioned, perform any necessary post-provisioning steps and access your environment following the instructions provided in Perform Post-Provisioning and Post-Cloning Tasks.

Perform Post-Provisioning and Post-Cloning Tasks

After you provision or clone an environment, you must perform some tasks to configure access and secure the environment. You may also need to perform other tasks depending on your Oracle E-Business Suite release, Oracle Database release, and the cloud service on which the database tier resides. These tasks apply for new environments created through either One-Click Provisioning or Advanced Provisioning, for environments created from a backup through Advanced Provisioning, and for environments created through cloning in Oracle E-Business Suite Cloud Manager.

Note: You can optionally use the Extensibility Framework to automate some of these tasks by adding them to custom provisioning and cloning job definitions. See Set Up the Extensibility Framework.

Implement Workaround for Oracle Databases on Exadata Cloud Services (Conditionally Required)

This workaround resolves a known issue that impacts SQL*Net configuration files on secondary nodes. The steps in this section are required only for a provisioned environment with the database on an Exadata Cloud Service instance with Oracle Database Release 12.1.0.2.

  1. Identify the private IP address of each secondary Exadata Cloud Service node from the Exadata Cloud Service console.

  2. Perform steps 3-8 for all secondary Exadata Cloud Service nodes.

  3. While logged in to the Oracle E-Business Suite Cloud Manager VM as the oracle user, use ssh to connect to the secondary Exadata Cloud Service node.

  4. Obtain the ORACLE_HOME details from the oratab file:

    $ cat /etc/oratab
  5. Source the environment file:

    $ cd <ORACLE_HOME>
    $ source <SID>_<HOSTNAME>.env
  6. Navigate to the $ORACLE_HOME/network/admin directory:

    $ cd $ORACLE_HOME/network/admin
  7. Using a text editor such as vi, edit the sqlnet.ora file. First, delete all existing lines from the sqlnet.ora file. Then add the following line:

    IFILE=<ORACLE_HOME>/network/admin/<SID>_<HOSTNAME>/sqlnet.ora 
  8. Create a listener.ora file with a text editor such as vi, and add the following line:

    IFILE=<ORACLE_HOME>/network/admin/<SID>_<HOSTNAME>/listener.ora

Implement Workaround for Oracle Databases on VM DB Systems (Conditionally Required)

This workaround is required only for a provisioned environment with the database on a VM DB System.

  1. On the VMDB node, run the following in order to obtain the database unique_name value:

    $ source <cdb>.env 
    $ sqlplus "/as sysdba" 
    SQL> show parameter unique; 
    SQL> exit;  

    The output displayed after entering the show parameter unique command is the unique_name value you should record for use in the next step.

  2. Using the unique_name from the previous step, update the <pdb>_ebs_patch service in the spfile as shown:

    $ source <cdb>.env 
    $ sqlplus "/as sysdba" 
    SQL> alter system set service_names='<unique_name>', '<PDB_SID>_ebs_patch' scope=both; 
    SQL> exit;

Update Profile Options (Conditionally Required)

If you provision an environment as part of a lift and shift process, then profile options, which impact the way your application looks and behaves, are carried over from the on-premises Oracle E-Business Suite environment to Oracle Cloud Infrastructure.

Profile options are handled in various ways by the automated lift and shift process through the Oracle E-Business Suite Cloud Backup Module and Oracle E-Business Suite Cloud Manager.

Review all the profile options in your newly provisioned environment and modify them as required to reflect your Oracle Cloud Infrastructure configuration.

For more information about the use of profile options in Oracle E-Business Suite, see User Profiles and Profile Options in Oracle Application Object Library, Oracle E-Business Suite Setup Guide.

Update Web Entry Host and Domain Name (Conditionally Required)

When you provision an Oracle E-Business Suite environment with One-Click Provisioning, the environment is automatically configured to use the application tier node as the web entry point, with Transport Layer Security (TLS) enabled for inbound HTTP traffic. The login URL is automatically generated in the format <instance name>.example.com, and the listener for the Oracle HTTP Server for the application tier is associated by default with a self-signed TLS certificate generated by Oracle E-Business Suite Cloud Manager.

With the simplified preset topology used in One-Click Provisioning, you cannot specify a different host and domain for the web entry point during provisioning. However, you can use the steps in this section to update the host and domain for the web entry point after provisioning is complete.

Note that if you plan to replace the self-signed certificate generated by Oracle E-Business Suite Cloud Manager with a certificate issued by a certificate authority (CA), then you must follow the steps in this section to change the domain name before you request the certificate, because you cannot obtain a certificate from a CA for the demonstration example.com domain.

If you provisioned an environment with Advanced Provisioning, you can also optionally use the steps in this section to update the host and domain for the web entry point if you need to change these values from those you initially specified during provisioning.

To update the host and domain, perform the following steps.

  1. Using a text editor such as vi, update the following variables in the context file on all application tier nodes.

    • s_webentryhost - Set the value for this variable to the new web entry host you want to use.

    • s_webentrydomain - Set the value for this variable to the new web entry domain you want to use.

    • s_external_url - Update the value for this variable to use the new web entry host and domain that you specified in the s_webentryhost and s_webentrydomain variables. Do not change any other parts of the URL value. The full new value should be in the following form:

      [http|https]://<web_entry_host>.<web_entry_domain>:<listener_port>

    • s_login_page - Update the value for this variable to use the new web entry host and domain that you specified in the s_webentryhost and s_webentrydomain variables. Do not change any other parts of the URL value. The full new value should be in the following form:

      [http|https]://<web_entry_host>.<web_entry_domain>:<listener_port>/OA_HTML/AppsLogin

  2. If you are finished updating the context file, then you should now run AutoConfig on all application tier nodes. See Using AutoConfig Tools for System Configuration, Oracle E-Business Suite Setup Guide.

    Note: If you plan to make additional changes in the context file in order to configure TLS, according to the instructions in later sections in this chapter, then you can defer running AutoConfig until you are instructed to do so in those sections. In this case, you can skip this step and the following step. Instead, proceed to the next task, Upload TLS Certificate.

  3. After running AutoConfig, on all application tier nodes, stop and restart all services by running the adstpall.sh script and the adstrtal.sh script.

Upload TLS Certificate (Conditionally Required)

Perform the steps in this section to upload a certificate if you enabled or plan to enable Transport Layer Security (TLS) for your environment.

TLS is enabled during provisioning if you used One-Click Provisioning, which automatically configures the application tier node as the web entry point with the https protocol, or if you used Advanced Provisioning and you chose either New Load Balancer (LBaaS), Use OCI Load Balancer, or Application Tier Node as the web entry type and you chose the https protocol. In this case Oracle E-Business Suite Cloud Manager configures your environment to encrypt inbound HTTP traffic with TLS. The initial configuration uses a self-signed certificate generated by Oracle E-Business Suite Cloud Manager. It is mandatory that you replace this certificate with a TLS certificate issued by a certificate authority (CA) or your own self-signed certificate generated using the web entry host for your Oracle E-Business Suite instance.

If you did not enable TLS during provisioning, you can enable it manually as a post-provisioning step. TLS is not enabled during provisioning if you used Advanced Provisioning and you chose either New Load Balancer (LBaaS), Use OCI Load Balancer, or Application Tier Node as the web entry type and you chose the http protocol. As a prerequisite for enabling TLS, you must obtain and upload a TLS certificate issued by a certificate authority (CA) or generate and upload your own self-signed certificate using the web entry host for your Oracle E-Business Suite instance.

Additionally, if you are using an on-premises load balancer and you chose Manually Configured Load Balancer as the web entry type, you can enable TLS manually as a post-provisioning step. To do so, you must upload a TLS certificate as required for your load balancer.

New Load Balancer (LBaaS) or Use OCI Load Balancer

If you configured TLS using LBaaS during provisioning or will manually perform this configuration, perform the following steps to upload your certificate.

  1. Obtain a TLS certificate valid for the name of the web entry host for your Oracle E-Business Suite instance, or generate a self-signed certificate. The web entry host name is formed by combining the values of the application tier context variables s_webentryhost and s_webentrydomain.

    Oracle Cloud Infrastructure provides a public IP address but does not provide a public host name, so you should ensure that appropriate DNS entries are present to resolve the web entry host name to the public IP address.

    If you changed the web entry host and domain for your environment in the previous section, ensure that you use the new host, domain, and URL when you request or generate a certificate.

  2. If you are using a self-signed certificate that you generated yourself, ensure that you import the certificate to the JDK trust stores.

  3. Log in to the Oracle Cloud Infrastructure console. From the navigation menu, select Networking > Load Balancers, and then select the load balancer you want to configure.

  4. Add your certificate bundle to the load balancer. See To upload an SSL certificate bundle to your load balancing system in the Oracle Cloud Infrastructure Services documentation.

    If you have multiple certificates that form a single certification chain, such as one or more intermediate certificates together with a root certificate, then you must include all relevant certificates in one file before you upload them to the system. See "Uploading Certificate Chains" in the section Working with SSL Certificates in the Oracle Cloud Infrastructure Services documentation.

  5. If you chose the https protocol for LBaaS during Advanced Provisioning, and the load balancer listener is using the self-signed certificate generated by Oracle E-Business Suite Cloud Manager, then you should now update the certificate. To do so, on the Load Balancer page, click the Listeners link in the Resources menu. Click the Actions icon (three dots) for your listener, and select Edit from the context menu. In the Edit Listener pop-up, select the certificate bundle that you added in step 4 in the Certificate Name field. Then click Save Changes, and wait for the listener to be updated. See To edit a listener in the Oracle Cloud Infrastructure Services documentation.

Manually Configured Load Balancer

If you are using an on-premises load balancer, follow the instructions from your vendor to create and upload a certificate.

Application Tier Node

If you configured TLS at the application tier layer during provisioning, perform the following steps to upload your certificate. TLS is configured at the application tier layer in the following cases:

Note: If you plan to configure TLS at the application tier layer manually, you will perform the certificate steps as part of that configuration instead in the task Manually Enable TLS When Using Oracle HTTP Server on the Application Tier Node as the Web Entry Point.

  1. Obtain a TLS certificate valid for the name of the web entry host for your Oracle E-Business Suite instance, or generate a self-signed certificate. The web entry host name is formed by combining the values of the application tier context variables s_webentryhost and s_webentrydomain.

    Oracle Cloud Infrastructure provides a public IP address but does not provide a public host name, so you should ensure that appropriate DNS entries are present to resolve the web entry host name to the public IP address.

    If you changed the web entry host and domain for your environment in the previous section, ensure that you use the new host, domain, and URL when you request or generate a certificate. Note that if you deployed your environment with One-Click Provisioning and you plan to request a certificate from a CA, you must ensure that you have changed the domain name from the default example.com domain before you request the certificate, because you cannot obtain a certificate from a CA for the demonstration example.com domain.

  2. If you are using a self-signed certificate that you generated yourself, ensure that you import the certificate to the JDK trust stores.

  3. Upload your certificate to replace the initial certificate generated by Oracle E-Business Suite Cloud Manager.

Manually Enable TLS When Using Load Balancer as a Service (LBaaS) as an Alternate Termination Point (Conditionally Required)

We highly recommend that you configure your environment to encrypt inbound HTTP traffic with Transport Layer Security (TLS). The steps in this section are applicable in either of the following cases:

We highly recommend that you perform the steps in this section to offload the encryption to the LBaaS and configure Oracle E-Business Suite to use HTTPS (HTTP over TLS).

Note that the configuration described here terminates TLS at the load balancer; that is, TLS is used only for communication between the client and the load balancer. Communication between the load balancer and the Oracle E-Business Suite instance does not use TLS. See "Terminating SSL at the Load Balancer" in the section Configuring SSL Handling in the Oracle Cloud Infrastructure Services documentation.

If you used Advanced Provisioning and chose to deploy LBaaS with the https protocol, you can also optionally perform the relevant steps in this section to update the port for the load balancer listener if you need to change this value from the port you initially specified during provisioning.

To manually enable TLS in an environment that uses LBaaS as an alternate termination point, perform the following steps:

  1. Ensure that you have obtained and uploaded a certificate according to the steps in Upload TLS Certificate.

  2. Log in to the Oracle Cloud Infrastructure console. From the navigation menu, select Networking > Load Balancers, and then select the load balancer you want to configure.

  3. On the Load Balancer page, click the Listeners link in the Resources menu. Click the Actions icon (three dots) for your listener, and select Edit from the context menu.

  4. Edit the load balancer listener to enable TLS. Enter the port to use for secure communication, such as 443. Then check the Use SSL option and specify the certificate name. See To edit a listener in the Oracle Cloud Infrastructure Services documentation.

  5. Using a text editor such as vi, verify or update the following variables in the context file on all application tier nodes for your environment.

    • s_webentryurlprotocol - Set the value for this variable to https.

    • s_url_protocol - Set the value for this variable to http.

    • s_enable_sslterminator - Remove any value set for this variable; that is, the value should be left blank.

    • s_active_webport - Set the value for this variable to the port you specified for the load balancer listener, such as 443.

    • s_external_url - Update the value for this variable to use the https protocol and the port you specified for the load balancer listener. The full new value should be in the following form:

      https ://<web_entry_host>.<web_entry_domain>:<new_load_balancer_listener_port>

      If you are using the default HTTPS port 443, then you should omit the colon separator and the port from this URL. That is, if you are using port 443, then the value should be in the following form:

      https ://<web_entry_host>.<web_entry_domain>

    • s_login_page - Update the value for this variable to use the https protocol and the port you specified for the load balancer listener. The full new value should be in the following form:

      https ://<web_entry_host>.<web_entry_domain>:<new_load_balancer_listener_port>/OA_HTML/AppsLogin

      If you are using the default HTTPS port 443, then you should omit the colon separator and the port from this URL. That is, if you are using port 443, then the value should be in the following form:

      https ://<web_entry_host>.<web_entry_domain>/OA_HTML/AppsLogin

    For more information, see Using Load-Balancers with Oracle E-Business Suite Release 12.2, My Oracle Support Knowledge Document 1375686.1 or Using Load-Balancers with Oracle E-Business Suite Release 12.0 and 12.1, My Oracle Support Knowledge Document 380489.1.

    Additionally, ensure you have set other context file variables as needed for using the load balancer as the TLS termination point.

    If you are running Oracle HTTP Server on a privileged port - that is, a port number below 1024 - then you must perform additional configuration steps. See Running Oracle HTTP Server on a Privileged Port in Managing Configuration of Oracle HTTP Server and Web Application Services in Oracle E-Business Suite Release 12.2, My Oracle Support Knowledge Document 1905593.1. For more information, see Enabling Oracle HTTP Server to Run as Root for Ports Set to Less Than 1024 (UNIX Only), Oracle Fusion Middleware Administrator's Guide and Starting Oracle HTTP Server on a Privileged Port , Oracle Fusion Middleware Administrator's Guide for Oracle HTTP Server.

  6. Run AutoConfig on all application tier nodes. See Using AutoConfig Tools for System Configuration, Oracle E-Business Suite Setup Guide.

  7. On all application tier nodes, stop and restart all services by running the adstpall.sh script and the adstrtal.sh script.

  8. If necessary, update the security lists for the load balancer subnets by adding a security rule that allows inbound communication on the port you specified for the load balancer listener, from the clients from which you will access the Oracle E-Business Suite URL. See Working with Security Lists. This step is required only if you updated the port for the load balancer listener; that is, if you chose the http protocol for LBaaS during Advanced Provisioning, or if you chose the https protocol for LBaaS during Advanced Provisioning but used the preceding steps to change the port from the port specified during provisioning.

    In the Oracle Cloud Infrastructure console, open the security list for the load balancer and add a new entry under Allow rules for ingress with the following properties:

    • Source CIDR - The CIDR block for your on-premises network that includes the relevant clients

    • Protocol - TCP

    • Destination Port Range - The port you specified for the load balancer secure communication, such as 443

    Repeat these steps for each load balancer subnet.

Enable TLS for Manually Configured Load Balancer (Conditionally Required)

The steps in this section are applicable if you used Advanced Provisioning to deploy an environment and chose Manually Configured Load Balancer as the web entry type. These steps apply whether you chose http or https as the protocol for the web entry point.

We highly recommend that you perform the steps in this section to perform the necessary encryption. First, encrypt the traffic between the client and the load balancer. Next, encrypt the traffic between the load balancer and the Oracle HTTP Server. After the encryption setup is complete, configure the Oracle E-Business Suite web entry point.

  1. Encrypt the traffic from the client to the load balancer by performing the configuration for an alternate TLS termination point for your Oracle E-Business Suite release.

  2. Encrypt the traffic between the load balancer and the Oracle HTTP Server.

    • If you have VPN set up between your on-premises network and Oracle Cloud, then you can optionally set up TLS end-to-end, or you can skip this setup and go to the next step 3.

    • If you do not have VPN set up between your on-premises network and Oracle Cloud, then we highly recommend that you set up TLS end-to-end.

    To set up TLS end-to-end, perform the appropriate configuration for your Oracle E-Business Suite release.

  3. You can now configure access to the Oracle E-Business Suite web entry point. To do so, perform the steps in Manually Configure Firewall When Using Oracle HTTP Server or an On-Premises Load Balancer as the Web Entry Point.

Manually Enable TLS When Using Oracle HTTP Server on the Application Tier Node as the Web Entry Point (Conditionally Required)

The steps in this section are applicable if you used Advanced Provisioning to deploy an environment using Oracle HTTP Server as the web entry point, without using a load balancer, and you did not enable Transport Layer Security (TLS) during provisioning. That is, you chose Application Tier Node as the web entry type and you chose the http protocol for the web entry point. In this case we highly recommend that you perform the following steps to encrypt the traffic between the client and the Oracle HTTP Server. After the encryption setup is complete, you must configure the Oracle E-Business Suite web entry point.

  1. Prepare the environment by applying the prerequisites for your Oracle E-Business Suite release.

  2. Encrypt the traffic from the client to the Oracle HTTP Server by performing the configuration for inbound connections for your Oracle E-Business Suite release.

  3. You can now configure access to the Oracle E-Business Suite web entry point. To do so, perform the steps in Manually Configure Firewall When Using Oracle HTTP Server or an On-Premises Load Balancer as the Web Entry Point.

Manually Configure Firewall When Using Oracle HTTP Server or an On-Premises Load Balancer as the Web Entry Point (Conditionally Required)

Perform the steps in this section to configure the required firewall rules if you are using Oracle HTTP Server or an on-premises load balancer as the web entry point. These steps apply if you used one of the following deployment options:

We recommend limiting access to a specific CIDR range.

  1. First, on all application tier nodes, create firewall rules that allow inbound communication to the web entry port from the clients from which you will access the Oracle E-Business Suite URL. To do so, log on to the Oracle Cloud Infrastructure instance that hosts your Oracle E-Business Suite environment, using SSH. See Connecting to an Instance.

    Then switch to the root user:

    $ sudo su -

    Run the following commands to create the required firewall rules:

    # firewall-cmd --zone=public --add-rich-rule='rule family=ipv4 source address=<source_CIDR_range> port port=<web_entry_port> protocol=tcp accept' --permanent
    # firewall-cmd --zone=public --add-rich-rule='rule family=ipv4 source address=<source_CIDR_range> port port=<web_entry_port> protocol=tcp accept'

    In these commands, replace <source_CIDR_range> with the set of IP addresses from which you will access the Oracle E-Business Suite URL. Replace <web_entry_port> with the appropriate port, for example 4443.

    Run the following command to restart the firewall to activate the changes:

    # sudo systemctl restart firewalld  

    Run the following command to verify the current firewall settings:

    # firewall-cmd --list-all
  2. Next, update the security list for the subnet that contains the application tier nodes by adding a security rule that allows inbound communication on the web entry port from the clients from which you will access the Oracle E-Business Suite URL. See Working with Security Lists.

    In the Oracle Cloud Infrastructure console, open the security list for the application tier subnet and add a new entry under Allow rules for ingress with the following properties:

    • Source CIDR - The CIDR block for your on-premises network that includes the relevant clients, as specified in your firewall rules

    • Protocol - TCP

    • Destination Port Range - The web entry port, for example 443

Implement Workaround for Oracle Databases on 2-Node VM DB System (Conditionally Required)

This workaround resolves a known issue on 2-Node VM DB System. The steps in this section are required only for an environment created using an Oracle E-Business Cloud Manager version prior to 19.3.1.1, with the database on a 2-Node VM DB System with Oracle Database Release 11.2.0.4.

Perform the following steps on the primary node of the VM DB System, except where noted.

  1. Get the database unique name using the following command. Run this command as root.

    $  dbcli list-databases --json|grep databaseUniqueName

    Copy the output from this command. This value will be referred to in subsequent steps as <DB_UNIQUE_NAME>.

  2. Remove the database from srvctl using the following command. Run this command as the oracle user.

    $  srvctl stop database -d <dbname>
    $  srvctl remove database -d <dbname>
  3. On both VM DB System nodes, change the db_unique_name value in the database using the following commands.

    $ sqlplus "/ as sysdba" 
    $ startup nomount 
    $ alter system set db_unique_name='<DB_UNIQUE_NAME>' sid='*' scope=spfile; 
    
  4. On both VM DB System nodes, shut down the database using the following command.

    $ shutdown immediate
  5. Add the new database unique name to CRS using the following commands.

    $ srvctl add database -d <DB_UNIQUE_NAME> -o /u01/app/oracle/product/11.2.0.4/dbhome_1  
    $ srvctl add database -d <DB_UNIQUE_NAME> -i <SID of instance1> -n <Node 1 HOST_NAME> 
    $ srvctl add database -d <DB_UNIQUE_NAME> -i <SID of instance2> -n <Node 2 HOST_NAME> 
  6. On both VM DB System nodes, modify /etc/oratab as follows.

    <DB_UNIQUE_NAME>:/u01/app/oracle/product/11.2.0.4/dbhome_1:N              # line added by Agent 
  7. Start the database using the following command.

    $ srvctl start database -d <DB_UNIQUE_NAME>

Configure Security and Firewall Rules for Secure Access to the Fusion Middleware Control and WebLogic Server Administration Console (Conditionally Required)

The steps in this section are required only for Oracle E-Business Suite Release 12.2.

Administration of the Oracle Fusion Middleware 11g components delivered with Oracle E-Business Suite Release 12.2, including Oracle HTTP Server and Oracle WebLogic Server, requires secure access to the WebLogic Server administration ports running on the Oracle E-Business Suite primary application tier node. Ports 7001 and 7002 are the default WebLogic Server administration ports for the dual file system with Oracle E-Business Suite Release 12.2. The examples in this section use these default ports. If you have configured different port numbers, change the port numbers in the instructions to match the port numbers for your environment.

When you create an Oracle E-Business Suite Release 12.2 environment on Oracle Cloud Infrastructure, you should create a security rule and firewall rules that allow inbound communication on the WebLogic Server administration ports on the primary application tier node from the Oracle E-Business Suite Cloud Manager VM. These rules are required as a prerequisite so that a system administrator can securely access the administration ports and the Fusion Middleware Control and WebLogic Server Administration Console. See Access the Fusion Middleware Control and WebLogic Server Administration Console with SSH Port Forwarding for Oracle E-Business Suite on Oracle Cloud Infrastructure.

Perform the following steps to configure the required security rule and firewall rules:

  1. Update the security list for the primary application tier node by adding a security rule that allows inbound communication on ports 7001 and 7002 from the Oracle E-Business Suite Cloud Manager VM. See Working with Security Lists.

    In the Oracle Cloud Infrastructure console, open the security list for the Oracle E-Business Suite application tier subnet and add a new entry under Allow rules for ingress with the following properties:

    • Source CIDR - The CIDR for the Oracle E-Business Suite Cloud Manager VM

    • Protocol - TCP

    • Destination Port Range - 7001-7002

  2. Create firewall rules on the primary application tier node that allow inbound communication on ports 7001 and 7002 from the subnet that contains the Oracle E-Business Suite Cloud Manager VM. First, log on to the Oracle Cloud Infrastructure instance that hosts your Oracle E-Business Suite environment, using SSH. See Connecting to an Instance.

    Then switch to the root user:

    $ sudo su -

    Run the following commands to create the required firewall rules:

    # firewall-cmd --zone=public --add-rich-rule 'rule family=ipv4 source address=<EBS_Cloud_Admin_Tool_VM_CIDR>   port port=7001 protocol=tcp accept' --permanent ;
    # firewall-cmd --zone=public --add-rich-rule 'rule family=ipv4 source address=<EBS_Cloud_Admin_Tool_VM_CIDR> port port=7002 protocol=tcp accept' --permanent ; 
    # firewall-cmd --zone=public --add-rich-rule 'rule family=ipv4 source address=<EBS_Cloud_Admin_Tool_VM_CIDR>  port port=7001 protocol=tcp accept'; 
    # firewall-cmd --zone=public --add-rich-rule 'rule family=ipv4 source address=<EBS_Cloud_Admin_Tool_VM_CIDR>  port port=7002 protocol=tcp accept'; 

    Run the following command to restart the firewall to activate the changes:

    # sudo systemctl restart firewalld  

    Run the following command to verify the current firewall settings:

    # firewall-cmd --list-all

Enable and Set Oracle E-Business Account Passwords (Conditionally Required)

The steps in this section are required only for a new environment or for a cloned environment if the steps were not previously performed on the source environment. To ensure your environment is adequately protected, you must change your Oracle E-Business Suite account passwords.

If you created your environment from a backup, you can skip this section.

  1. Log on to the Oracle Cloud Infrastructure instance that hosts your Oracle E-Business Suite environment.

  2. Switch user from the opc user to the oracle user using the following command:

    $ sudo su - oracle
  3. Set the environment using the appropriate command for your Oracle E-Business Suite release:

    • Release 12.2

      $ . /u01/install/APPS/EBSapps.env run
    • Release 12.1.3

      $ . /u01/install/APPS/apps_st/appl/APPS_<CONTEXT_NAME>.env run
  4. Download Patch 24831241 to obtain scripts to enable the SYSADMIN user and to enable demo users in a VISION demo environment.

    Download Patch 24831241 to the $PATCH_TOP directory and unzip the patch using the following commands:

    $ cd $PATCH_TOP
    $ unzip p24831241_R12_GENERIC.zip -d /u01/install/APPS/scripts/
  5. To log in through the web interface, you must initially set a password of your choice for the SYSADMIN user. After the SYSADMIN user is active with the new password, you can create new users or activate existing locked users. To enable the SYSADMIN user, run the following commands:

    $ mkdir -p ~/logs
    $ cd  ~/logs
    $ sh /u01/install/APPS/scripts/enableSYSADMIN.sh

    When prompted, enter a new password for the SYSADMIN user.

    The SYSADMIN user can now connect to Oracle E-Business Suite through the web interface and create new users or activate existing locked users.

  6. For a VISION demo environment, you can run another script to unlock a set of 36 application users that are typically used when demonstrating Oracle E-Business using the VISION database. Run this script with the same environment as when running the enableSYSADMIN.sh script. To enable the demo users, run the following commands:

    $ cd  ~/logs
    $ sh /u01/install/APPS/scripts/enableDEMOusers.sh

    When prompted, enter a new password.

    Do not run this script on a fresh or production environment.

For details about the default passwords set during installation, see:

Apply Oracle E-Business Suite and Database Patches (Conditionally Required)

If you provisioned your environment from a backup of an existing on-premises environment, then you must now apply any additional patches required for your release level and database tier. For a cloned environment or an environment provisioned from a backup of a Cloud environment, these steps are required only if you did not already apply these patches on the source environment.

  1. Apply the Oracle E-Business Suite patches required for your release.

  2. This step is required only if your new database tier is on 1-Node VM DB System, 2-Node VM DB System, or Exadata Cloud Service. Apply one-off database patches per the following:

    • For Oracle E-Business Suite Release 12.2, ETCC recommended database patches have been applied as part of the automated provisioning process. If you applied any additional one-off database patches beyond those recommended by ETCC to the source on-premises database, then you must now reapply those additional one-off patches to your new 1-Node VM DB System, 2-Node VM DB System, or Exadata Cloud Service database.

    • For Oracle E-Business Suite Release 12.1, if you applied any one-off database patches to the source on-premises database, then you must now reapply those one-off patches to your new 1-Node VM DB System, 2-Node VM DB System, or Exadata Cloud Service database.

    If your database tier is on an Oracle Cloud Infrastructure Compute VM, then you do not need to reapply any one-off database patches.

Configure Enterprise Command Centers after One-Click Provisioning (Conditionally Required)

If you create an environment with One-Click Provisioning and you want to use Enterprise Command Centers in that environment, perform the following configuration steps.

  1. Update the source system URL.

    • Log into your Oracle E-Business Suite environment as the sysadmin user, and select the ECC Developer responsibility.

    • Select Source System in the navigation pane of the Oracle Enterprise Command Center Framework administration UI.

    • In the Source System Definition page, enter your Oracle E-Business Suite login URL in the Source System URL field. For more information on the login URL, see User Access.

  2. Initially, the Oracle Enterprise Command Center Framework installation includes data only for the Oracle Assets Command Center (FA). Before you can access an Enterprise Command Center dashboard for any other products, you must perform a full load of the product-specific data into the Oracle Enterprise Command Center Framework installation.

    • Ensure that the Oracle E-Business Suite Cloud Manager VM can access the Oracle E-Business Suite login URL by either configuring a DNS entry for the Oracle E-Business Suite host name or updating the local hosts file on the VM. See User Access.

    • Run the data load concurrent program for your product as listed in Loading Product Data to Enterprise Command Centers, Installing Oracle Enterprise Command Center Framework, Release 12.2, My Oracle Support Knowledge Document 2495053.1. For more details about each data load program, see your product-specific Enterprise Command Center documentation.