This chapter presents planning information for your Oracle Communications ASAP system and describes recommended deployment topologies that enhance security.
For more information about installing ASAP, see ASAP Installation Guide.
This section explains the pre-requisites to install ASAP with security:
You must have at least one dedicated UNIX group and one dedicated user account within that group for ASAP.
Create a group for ASAP that includes the ASAP user account and the root user.
When creating the ASAP WebLogic server domain:
Make sure that the administration server and the optional managed server SSL ports are used.
After you have created the WebLogic Server domain for ASAP, start the WebLogic administration server. Then, use t3s to start the managed server:
startManagedWebLogic.sh ManagedServer t3s://host_name:SSL_Port
Where ManagedServer is the name of the WebLogic managed server, host_name and SSL_Port are the host name and the secure port number of the WebLogic administration server.
Using the WebLogic administration console, configure certificate identity and trust store to use TLS protocol. Do not use the default, demonstration certificate that comes with WebLogic server. See the WebLogic documentation for more information.
Note:
Oracle recommends that you configure WebLogic SSL ports so that only the TLS protocol is enabled. The SSL v3.0 protocol should be disabled.You can perform a custom installation or a typical installation. Perform a custom installation to avoid installing options you do not need. Unused options and sample files can contain security vulnerabilities if deployed in a production environment.
To deploy and configure ASAP resources securely in the ASAP WebLogic sever domain, do the following:
Follow the steps to install ASAP as described in the ASAP Installation Guide, selecting the following:
In the WebLogic Configuration screen, enter the secure port of WebLogic administration server.
Select the option Use SSL.
The Enter Keystore File field is enabled.
In the Enter Keystore File field, enter the KeyStore file.
After installing ASAP, change the passwords for all default ASAP WebLogic user accounts.
Oracle Business Intelligence Publisher (BI Publisher) is installed into a WebLogic server domain. When installing BI Publisher, configure it to communicate with the SARM and Admin server over an TLS-enabled channel, and disable all unused ports, especially unsecured ports. See the BI Publisher documentation for more information.