This chapter serves as a guide for administrators and anyone installing the product to securely configure Oracle Retail Advanced Science Engine (ORASE).
The chapter begins with the operating system and moves through the supporting middleware to the application and its connections with other resources. It includes the following sections:
Note: The options set by default for the installer are the most secure selection. If you choose to not use any of the default selections, you need to consider the implications of that change on the security of your installed product. |
Intended Audience
This chapter is intended for security administrators and anyone who will install, deploy, and configure ORASE. These users typically perform the following tasks:
Install and deploy the applications
Configure the applications
Apply patches to the applications
It is assumed that the readers of this chapter have a general knowledge of administering the underlying technologies and the ORASE application.
This section describes any specific considerations related to the supported operating systems.
ORASE does not rely on insecure services or protocols. If the retailer or systems integrator customizes or extends the applications, these extensions must not rely on insecure services or protocols.
This section includes information on:
Ensure that you have installed all the critical patch updates (CPU) and patches available for Oracle Linux. Critical patch updates and patch sets for Oracle products are made available on the My Oracle Support Web site along with documentation or instructions on how you can install them.
For more information on securing Oracle Linux-based systems, refer to the Oracle Linux documentation.
Ensure that you have installed all the critical patch updates (CPU) and patches available for Oracle Solaris. Critical patch updates and patch sets for Oracle products are made available on the My Oracle Support Web site along with documentation or instructions on how you can install them.
For more information on securing Oracle Solaris-based systems, refer to the Oracle Solaris Security Guidelines.
Ensure that you have installed all the security patches and patch sets available for IBM-AIX. Security patches and patch sets for IBM AIX may be made available on the IBM Support Portal along with documentation or instructions on how you can install them.
For more information on securing IBM AIX-based systems, refer to the IBM AIX Security Guide.
The Center for Internet Security has published benchmarks for securing your systems at the operating system level. You can find the benchmark for some of the operating systems at the following link:
http://benchmarks.cisecurity.org/en-us/?route=downloads.browse.category.benchmarks.os
This section describes any specific considerations related to the supported infrastructure and middleware products (such as databases and application servers). This section includes the following sections:
Do not store sensitive data on Internet-accessible systems. For example, your application server and database server must not be on the same physical server. ORASE does not require the database server and application server to be hosted on the same physical server machine.
For information about secure configuration of Oracle Database, see the Oracle Database 2 Day + Security Guide. The guide is available at the following link on the Oracle Technology Network Web site:
http://docs.oracle.com/database/121/TDPSG/toc.htm
For information on the secure configuration of Oracle WebLogic Server, see the following documentation available at the following links on the Oracle Technology Network Web site:
Security for Oracle WebLogic Server 12c Release 1 (12.1.3):
http://docs.oracle.com/middleware/1213/wls/LOCKD/intro.htm#LOCKD107
Oracle Fusion Middleware Securing a Production Environment for Oracle WebLogic Server:
http://docs.oracle.com/middleware/1213/wls/LOCKD/toc.htm
This section describes any specific application-related configuration recommended for ORASE. It includes the following sections:
ORASE integrates with Oracle Retail RDF, Oracle Retail Category Management, Oracle Retail Retail Analytics, and Oracle Retail MSM applications through the use of File Copy and Shared Database schemas.
Note: File Copy refers to sharing data between applications by copying files to a file system. |
ORASE includes scripts and utilities that can be used after the installation to stage, load, and transform data. Ensure that access to such scripts and utilities are set up based on the business need.