Oracle® Clinical Installation Guide Release 5.1 E53553-02 |
|
|
PDF · Mobi · ePub |
This chapter describes how to install Oracle Application Server, which includes the Oracle Forms Server and the Oracle Reports Server, Oracle WebLogic Server, and Oracle Application Developer Framework.
This chapter includes:
Section 5.5, "Install and Configure Oracle Application Server 11gR2"
Section 5.6, "Enable SSL Between a Browser and Oracle HTTP Server"
Section 5.7, "Install Oracle Application Developer FrameWork and Apply Patches"
Section 5.8, "Modify the tnsnames.ora File on the Application Server"
Section 5.9, "Test Connectivity to Databases for Forms and Reports Servers"
Critical Patch Updates See Section 1.9, "Applying Oracle Critical Patch Updates."
Do the following.
You must install all application tier components using the same user account. The account must have administrator privileges on the server computer.
To support HTTPS, you need to request a certificate from a Certificate Authority (CA) vendor such as Thawte, Entrust, or Verisign, and then import the certificate into the Oracle Wallet for the Oracle Application Server.
In the last step in Section 5.6.1.1, "Creating an Oracle Wallet and Generating a Certificate Request" you generate an encoded plain text certificate request file that you can email to the CA vendor. The vendor will sign the file and send you a Trusted Certificate and a User Certificate.
Allow some time for the certificates to be issued.
Note:
If your intention is to install an environment that will never be taken into production, you can skip this step and create a self-signed demo certificate for testing purposes; see Section 5.6.2, "Enabling SSL Between a Browser and Oracle HTTP Server With Self Signing."Adobe Reader is required on the Reports Server and on client computers. If you have not already downloaded it, following instructions in Section 1.5.6, "Downloading Adobe Reader", do so now.
To install Oracle Java Development Kit (JDK):
If you have not already done so, follow instructions in Section 1.5.4, "Downloading Oracle Java Development Kit."
Follow instructions in the release notes to apply the patch.
Note:
Do not use the default download location. By default, the download directory is C:\Program Files\java\jdkversion. "Program Files" includes a space, which can cause problems. Oracle recommends specifying a directory with no spaces in the name.In additon, the directory name must have no more than 8 characters; for example, C:\app\java\jdk16065.
Make a note of the directory in which you install JDK. You will need it when you install WebLogic Server.
Instructions in this section should be complete. However, additional information is in the WebLogic 10.3.6 following instructions in Oracle® Fusion Middleware Installation Guide for Oracle WebLogic Server 11g Release 1 (10.3.6), which you can find on the media pack or at http://docs.oracle.com/cd/E23943_01/doc.1111/e14142/overview.htm
, or download the PDF from here: http://docs.oracle.com/cd/E23943_01/web.1111/e13708/toc.htm
.
The complete documentation set for Oracle WebLogic Server 10.3.6 is available at: http://docs.oracle.com/cd/E23943_01/wls.htm
.
In the staging area where you downloaded the media pack (see Section 1.5, "Downloading and Extracting the Software") locate the directory where you downloaded Oracle WebLogic Server 11gR1 (10.3.6) Generic and Coherence and extract the WebLogic Server .zip file if you have not already done so.
Log in as the user you selected in Section 5.1.1, "Identify a Single Account to Perform All Application Tier Installation Tasks".
Install Oracle WebLogic Server using a Generic Package installer—This type of installer is a .jar file; wls1036_generic.jar. Double-click on the .jar file to open the Installer.
You can accept most default values, with the exceptions noted below.
Note:
You can change the default value of the middleware_home directory, which is C:\Oracle\Middleware, if you wish but some code examples in this guide use that value to make it easier to copy and paste, so remember to change these if you change the value.You must NOT change the names for any of the middleware home's subdirectories, including wlserver_10.3.
Specify whether you want to register the product installation with My Oracle Support. If you register, Oracle Support emails you immediately of any security updates that are specific to your installation. Follow instructions on screen to register or to reject the option.
Note:
Even if you accept this option you should check My Oracle Support for quarterly Oracle Critical Patch Update (CPU) security patches certified for use with Oracle Clinical; see Section 1.9, "Applying Oracle Critical Patch Updates."Choose the "Custom" Install Type
Select a "Custom" installation type rather than the default value, "Typical." This is required in order to create a Node Manager.
Browse to the Oracle Java Development Kit (JDK) 1.6.0_65 (JDK 6) that you installed in the previous section.
Be sure to install the Oracle WebLogic Node Manager in the Install Windows Service screen. The Node Manager is used to monitor, start, and stop server instances in a WebLogic domain.
Note:
Continue to click Next until you are finished. After the Installation Summary the processing may take a few minutes. You can safely ignore the Quick Start screen.Install Oracle Applications Server as indicated below.
Oracle Application Server 11.1.2.1 provides Oracle Forms, Oracle Reports, and Oracle HTTP Server (OHS).
To install Oracle Application Server 11.1.2.1:
Restart the computer.
Log in as the user you selected in Section 5.1.1, "Identify a Single Account to Perform All Application Tier Installation Tasks".
Stop the WebLogic Node Manager:
Close the command shell in which the Node Manager is running, if any.
If any DOS windows are open that are running the node manager, close them.
Go to the Windows Control Panel, then Services, and stop the Oracle WebLogic Node Manager service.
For more information on the Node Manager, see the Oracle® Fusion Middleware Node Manager Administrator's Guide for Oracle WebLogic Server 11g Release 1 (10.3.6) at http://docs.oracle.com/cd/E23943_01/web.1111/e13740/toc.htm
.
In the staging area where you downloaded the media pack—see Section 1.5, "Downloading and Extracting the Software"—locate the directory where you downloaded Oracle Forms and Reports 11g R2 (11.1.2.1.0) for Microsoft Windows x64 (64-bit) and extract the .zip file if you have not already done so.
Run the following file as an administrator:
Disk1\setup.exe
Follow the instructions on the installation screens as the Oracle Universal Installer guides you through the installation. You can accept most defaults except as noted below:
Select Skip Software Updates instead of the default value, Search My Oracle Support for Updates. Oracle Clinical may not be certified with these updates.
In the Select Domain window, the default name for the domain created by the Installer is ClassicDomain
. You must rename it to FRDomain
or RDC Onsite installation will fail.
In the same screen, enter and confirm a password for WebLogic Server.
Oracle Instance Must Be asinst_1
When prompted for the Oracle Instance, accept the default value: middleware_home\asinst_1.
Specify whether you want to register the product installation with My Oracle Support. By registering, Oracle Support emails you immediately of any security updates that are specific to your installation. Follow instructions on screen to register or to reject the option.
Note:
Even if you accept this option you should check My Oracle Support for quarterly Oracle Critical Patch Update (CPU) security patches certified for use with Oracle Clinical; see Section 1.9, "Applying Oracle Critical Patch Updates."For greater security, you may want to customize the port. Auto Port Configuration is the default setting.
For greater security, you may want to use a proxy. No proxy is the default setting.
Do NOT Use Application Identity Store
Uncheck the Use Application Identity Store check box at the top of the screen; Oracle Clinical does not use OID (Oracle Identity).
Note:
After installing Oracle Application Server, you can check the log file which by default is in C:\Program Files\Oracle\Inventory\logs.Shut down the following services:
WLS_FORMS under ORACLE_HOME
WLS_REPORTS under ORACLE_HOME
Oracle Process Manager
Download patch 16837591from My Oracle Support and apply it following instructions in the patch readme file. It is required to support JRE7 Update 65.
Note:
The readme says "Ensure that the directory containing the OPatch script appears in your $PATH." The OPatch here is the one under ORACLE_FRHOME. For example:
set ORACLE_FRHOME= your_ORACLE_FRHome
set path=%oracle_frhome%\opatch;%path%
In addition, you can safely ignore the Prerequisites section in the readme.
Create the ORACLE_INSTANCE environment variable and define it as the Oracle Application Server Home:
From the Control Panel, select System, then Advanced System Settings.
Create a system variable named ORACLE_INSTANCE
and set its value to your Oracle Instance Home; for example C:\oracle\middleware\asinst_1
.
Create the following SSL (HTTP Secure Socket Layer) configuration: from users' browsers, HTTPS to Oracle HTTP Server (Web proxy), then HTTP to Oracle WebLogic Server.
Follow instructions in one of the following sections:
Section 5.6.1, "Enabling SSL Between a Browser and Oracle HTTP Server Using a Certificate Authority"
Section 5.6.2, "Enabling SSL Between a Browser and Oracle HTTP Server With Self Signing"—This may be useful if you want to set up HTTPS with a demo certificate for internal testing purposes.
The following basic steps are required:
Oracle HTTP Server uses a utility called Oracle Wallet Manager (OWM) to manage certificates on the server. An Oracle Wallet is a container that stores your credentials, such as certificates, trusted certificates, certificate requests, and private keys.
The Oracle Clinical Installer automatically enables traffic from Oracle HTTP Server to Oracle WebLogic Server.
Note:
Do all steps in this section with the same user account you have used in the previous steps in this chapter. You must have administrator privileges on the machine.Note:
If you have not set the Oracle Instance variable as instructed in Section 5.5.4, do so now.To create an Oracle Wallet:
Log in to Oracle HTTP Server as the user that installed Oracle Application Server.
Start Oracle Wallet Manager. From the Start menu, navigate to Oracle Classic 11g, then Integrated Management Tools, then Wallet Manager.
In Oracle Wallet Manager, from the Wallet menu, click New.
A dialog asks if you want to create a default directory.
Click No. Your account probably does not have privileges to do this. For Oracle Clinical the Wallet will be in the directory where the Installer created the default certificate and Wallet.
Enter and confirm a password that conforms to the rules listed in the dialog. This password will be required every time you open the Wallet.
Leave the Wallet Type set to Standard and click OK.
A new dialog opens, asking if you want to create a certificate request. Click Yes.
In the Create Certificate Request dialog, enter values in the following fields:
Common Name: Enter host.your_company_domain.
Note:
The Common Name must match the Server Name directory that is specified in the primary configuration file (httpd.conf), which is created during Oracle HTTP Server installation in C:\app\oracle\middleware\asinst_1\config\OHS\ohs1.The rest of the fields do not affect SSL functionality.
Organizational Unit: Your unit within your company.
Organization: Your company.
Locality or City, State or Province, and Country
Key Size: 2048 (bits)
Note:
Most providers encourage 2048-bit keys on all certificates.DN: OHS generates this value from the values you entered.
Click OK. The system displays a confirmation that a certificate request has been created. Click OK.
Go to the directory where the Wallet has been created:
oracle_instance_home\config\OHS\ohs1\keystores\default
For example:
C:\oracle\middleware\asinst_1\config\OHS\ohs1\keystores\default
In the keystores directory, create a new directory with a meaningful name such as your organizational unit:
oracle_instance_home\config\OHS\ohs1\keystores\your_unit
For example:
C:\oracle\middleware\asinst_1\config\OHS\ohs1\keystores\your_unit
In the navigation tree on the left, select Certificate: [Requested] and then select Export Certificate Request from the Operations menu.
Navigate to the new directory you created and enter a name for a file to be created; for example, server_name.csr. Click Save.
Select Save As from the Wallet menu, navigate to the new directory, and click OK. The wallet file is always named ewallet.p12.
The system displays a confirmation message along the bottom of the screen that a certificate request has been exported successfully.
The new directory now contains the certificate request file as well as the wallet file.
Obtain the certificates from the Certificate Authority as described in Section 5.1.2, "Get a CA Certificate for HTTPS". Depending on the Certificate Authority, you will need to send either the certificate request file generated in the previous section or you will need to copy and paste the text in that file.
After you have received the User Certificate and Trusted Certificate from a CA vendor:
Log in to Oracle HTTP Server as the admin user that owns OHS processes.
Start Oracle Wallet Manager. From the Start menu, navigate to Oracle Classic 11g, then Integrated Management Tools, then Wallet Manager.
In Oracle Wallet Manager, select Open from the Wallet menu.
A dialog asks if you want to create a default directory.
Click Yes.
Navigate to the directory where you saved the Wallet file and click OK.
Enter the Wallet password that you created.
From the Operations menu, select Import Trusted Certificate.
In the dialog, select the option Select a file that contains the certificate and click OK.
Navigate to the trusted certificate and click OK.
The system displays a confirmation message along the bottom of the screen that the trusted certificate has been imported successfully.
In the navigation tree on the left, select Certificate: [Requested] and then select Import User Certificate from the Operations menu.
Navigate to the signed certificate and click OK.
The system displays a confirmation message along the bottom of the screen that a certificate has been imported successfully.
In the Wallet menu, select Auto Login, then Exit.
Make the following two changes in the OHS configuration file, ssl.conf.
WebLogic Server installation creates a default, unsigned SSL wallet file for OHS. Its location is specified in the configuration file (ssl.conf) loaded at startup from the oracle_instance\config\OHS\ohs1 directory.
Make a backup copy of ssl.conf, which is located at:
oracle_instance\config\OHS\ohs1
Open ssl.conf in a text editor.
Find the string #Path to the wallet
and comment out the default location that follows it.
SSLWallet ${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default
Replace the above string (in bold) with the path to the directory you created:
SSLWallet oracle_instance_home\config\OHS\ohs1\keystores\your_unit
By default, the port for SSL is 8890, which means all URLs need to include :8890
. You can change the value to 443
in which case the URLs do not need to include any port. To change the port to 443, change the following lines:
Listen 8890 <VirtualHost *:8890>
to:
Listen 443 <VirtualHost *:443>
Stop and start Oracle HTTP Server using Oracle Process Manager Notification Server (OPMN) to load the configuration change:
oracle_instance\bin\opmnctl restartproc process-type=OHS
The OPMN opmnctl executable for the instance is located in oracle instance_home\bin directory.
Test that you can connect from a browser to your virtual host in HTTPS URL:
https://host.your_company_domain
While you have the ssl.conf file open, make the following additional change to make the application compatible with Internet Explorer 9 and 10.
OHS always returns HTTP 1.0 to Internet Explorer (IE) user-agents, which causes some problems in RDC Onsite in an IE 9 or 10 browser. It appears this configuration is outdated and should be commented out to work properly in IE 9 and 10.
Comment out or remove the following lines:
BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0
While you have the ssl.conf file open, make the following additional change to avoid weak ciphers and protocols for SSL (HTPS):
Search for the following text:
SSL Protocol Support
Comment out the following line:
SSLProtocol nzos_Version_1_0 nzos_Version_3_0
Add the line:
SSLProtocol -ALL +SSLv3 +TLSv1
Search for the following text:
SSL Cipher Suite
Comment out the current entry for SSL Cipher Suite:
SSLCipherSuite SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SH
Add the line:
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!NULL:RC4+RSA:+HIGH:+MEDIUM:!SSLv2:!EXPORT
To set up HTTPS with a demo certificate for internal testing purposes:
Log in to Oracle HTTP Server as the user that installed Oracle Application Server.
Start Oracle Wallet Manager. From the Start menu, navigate to Oracle Classic 11g, then Integrated Management Tools, then Wallet Manager.
In Oracle Wallet Manager, from the Wallet menu, click New.
A dialog asks if you want to create a default directory.
Click No. Your account probably does not have privileges to do this. For Oracle Clinical the Wallet will be in the directory where the Installer created the default certificate and Wallet.
Enter and confirm a password that conforms to the rules listed in the dialog. This password will be required every time you open the Wallet.
Leave the Wallet Type set to Standard and click OK.
A new dialog opens, asking if you want to create a certificate request. Click No.
Do Save As to save the empty password-protected Wallet to a meaningful location like your_unit. For example:
oracle_instance\config\OHS\ohs1\keystores\oc
Open a DOS window.
Navigate to: Middleware_Home\oracle_common\bin
Create and set the java_home environment variable; for example:
set java_home=c:\app\java\jdk16065
Run following orapki command for the Wallet created above:
c:\Oracle\Middleware\oracle_common\bin>orapki wallet add -wallet full-path_to_the_location_of_the_Wallet_after_step_7 -dn "CN=hostname.domain, OU=Department, O=Company, L=City, ST=State/Province, C=Country" -keysize 2048 -self_signed -validity 2190 -pwd password
Note:
Double quotes where specified above are required.Validity is hardcoded above to 2190 days, which is six years. You can change this value as required.
Start Oracle Wallet Manager. From the Start menu, navigate to Oracle Classic 11g, then Integrated Management Tools, then Wallet Manager.
Click Yes when prompted with "Your default wallet directory does not exist. Do you want to continue?"
In the Wallet Manager, open the Oracle Clinical Wallet. The self-signed certificate should be displayed with a status of READY.
In the Wallet menu, select Auto Login.
Save and exit.
To complete the setup, follow these instructions:
Section 5.6.1.4, "Edit the Oracle HTTP Server Configuration File"
Section 5.6.1.4.2, "Make OHS Compatible with Internet Explorer 9 and Above"
Note:
Since this is a demo certificate and is not from a recognized certificate authority, the browser will display a certificate warning. To prevent this, you can import the certificate into the browser and store it as a trusted publisher and trusted root CA, then restart the browser.For more information, see How To Generate A Wallet Containing A Self Signed Certificate Using ORAPKI in Oracle Application Server and Fusion Middleware on My Oracle Support (Article ID 560982.1).
Install Oracle Application Developer Framework (ADF, also known as Oracle Application Developer) and apply required patches.
Install Oracle Application Developer 11g R1 (11.1.1.6.0), also known as ADF, which is included in the media pack.
Additional information is included in the Oracle® Fusion Middleware Installation Guide for Application Developer 11g Release 1 (11.1.1.6.0), which you can find on the media pack or at http://docs.oracle.com/cd/E23943_01/doc.1111/e14827/toc.htm
.
In the staging area where you downloaded the media pack (see Section 1.5, "Downloading and Extracting the Software") locate the Oracle Application Development Runtime 11g Patch Set 5 (11.1.1.6.0) directory where you extracted the ADF .zip file.
If you have not done so already, log in as the user you selected in Section 5.1.1, "Identify a Single Account to Perform All Application Tier Installation Tasks".
In a DOS Command window, navigate to the above directory.
Execute the following command:
setup -jreLoc drive:\location_where_you_installed_jdk1.6.0_65
for example:
setup -jreLoc C:\app\Java\jdk16065
However, if you installed JDK in the default location, C:\Program Files\Java\jdk1.6.0_65, this command may not work because of the space between "Program" and "Files." The following command works for the same location:
setup -jreLoc C:\Progra~1\Java\jdk16065
Tip:
ADF's setup.exe file does not run if you double-click it. You must use the above command.Follow instructions on the Installer screens.
Note:
If you see the message "WLS installation detected, WebLogic Server support available in this Middleware Home." Press Next to continue the installation.Upgrade ADF to the latest patch set that is certified with Oracle Clinical. See Oracle Health Sciences (Life Sciences/ Pharmaceutical/ Healthcare) Supported Technology Stacks (Article ID 180430.1) on My Oracle Support for the latest information.
To upgrade ADF, apply two patches, a JDeveloper patch and a WebCenter Composer patch, and enter an upgrade command as detailed below. For ADF 11.1.2.4 the patch numbers are:
16546129—JDeveloper patch
16546157—WebCenter Composer patch
Note:
Oracle supports only English OS language settings for the application tier.Additional information is in the patch readme files. However, because there are no WebCenter components explicitly installed, you cannot follow the patch readme instructions completely.
Restart the server.
Locate the patch files in the staging area where you downloaded them in Section 1.5, "Downloading and Extracting the Software."
Go to the Windows Control Panel, then Services, then stop all Oracle services (Oracle Process Manager, Oracle WebLogic Node Manager).
Open a DOS command window and set the oracle_home and path. For ADF (only) this should be:
set ORACLE_HOME=
your_oracle_common_home
For example: set ORACLE_HOME=C:\Oracle\Middleware\Oracle_Common
set path=%oracle_home%
\bin;%oracle_home%;%oracle_home%\opatch;%path%
Note:
The readme for the WebCenter patch directs you to set oracle_home to Oracle_WC1—the WebCenter install directory. However, if there are no WebCenter components explicitly installed, set oracle_home to oracle_common as above.Navigate to one patch directory. For example, for ADF 11.1.2.4:
cd c:\downloads\p16546129_111160_Generic\16546129
Enter
opatch apply
Navigate to the other patch directory. For example, for ADF 11.1.2.4:
cd c:\downloads\p16546157_111160_Generic\16546157
Enter
opatch apply
If you have started any WebLogic services, including the Administration and Managed Servers, close them now:
If any DOS windows are open that are running the node manager, close them.
Go to the Windows Control Panel, then Services, and turn off the Oracle WebLogic Node Manager service.
From the DOS command line, navigate to middleware_home\oracle_common\common\bin and execute the following commands:
setWlstEnv.cmd wlst.cmd
Then, in the WebLogic Server Scripting Tool shell, enter the following commands:
upgradeADF('middleware_home/user_projects/domains/frdomain') exit()
Note:
Be sure to use forward slashes (/) in the path.By default middleware_home is C:\oracle\middleware.
In the WLS Scripting Tool shell you can type help()
to get information on available commands.
Consult My Oracle Support article Supportability on Internet Explorer 11 (IE11) with Oracle ADF (ID 1599898.1) for information on what patches, if any, are required to make your version of ADF compatible with IE 11.
For ADF 11.1.2.4, the required patch is 18277436.
Download the patch from My Oracle Support at https://support.oracle.com
and apply it, following instructions in the readme file.
The tnsnames.ora file must have an entry for each database that matches the database's service name. There is a tnsnames.ora file in at least two locations in the installation. Oracle recommends maintaining a master file and copying it to each location whenever you add a database. See Section 4.1.9, "Modify the tnsnames.ora File on the Database Server" for the database server location.
The tnsnames.ora locations on the application server include:
middleware_home\asinst_1\config
oracle_fr_home\network\admin. Oracle Clinical requires a copy here. Check this location and if no tnsnames.ora file is present, create it there.
The Oracle Clinical database must be able to communicate with the application servers. Establish that SQL*Net connections can be created to connect the application server to all databases.
To ensure that you can connect to the database from each application server:
Open a Microsoft DOS command window.
Use SQL*Plus to verify that you can connect to the database:
sqlplus system/
password@dbname
If the system returns a connection error, you must resolve this problem before continuing with the installation of Oracle Clinical.
Possible causes of errors include:
The computer is not physically connected to the network.
One of the databases does not exist.
The network protocol software is not loaded on the computer. Try a remote login to check.
The database or SQL*Net listener process is not started on the server.
An incorrect connect string (service name), user ID, or password was entered.
The tnsnames.ora file is not present in the correct directory or does not contain the correct entries.
To ensure that all configuration changes for the Oracle Application Server are initialized, restart the computer before you continue with the next task in the installation process.