Deploy JD Edwards EnterpriseOne on Oracle Cloud Infrastructure
Architecture
In this architecture, the deployment of JD Edwards EnterpriseOne EnterpriseOne is shown in a region with a single availability domain. For deployments in a multi-availability domain region, application instances can be distributed across the availability domain.
The architecture has a virtual cloud network (VCN) with one public subnet and multiple private subnets. Instances in private subnets require outbound connection to the internet to download patches and this can be done via Network Address Translation (NAT) gateway.
Oracle recommends that the database and the applications deployed on Oracle Cloud Infrastructure (OCI) have a robust backup of recovery strategy. The automatic and on-demand database backups are sent to OCI Object Storage and are encrypted with the same master key used for Transparent Data Encryption (TDE) wallet encryption.
The architecture consists of a virtual cloud network (VCN) with the bastion host, load balancer tier, presentation tier, middle tier, administration tier, and database tier. The tiers are placed in a single subnet of the VCN in a single availability domain. In this architecture diagram, the bastion host is deployed in a public subnet, and all the other instances are placed in private subnets. The instances are placed in public or private subnets. You can access the instances that are in private subnets over port 22 through the bastion host or the dynamic routing gateway (DRG). To enable communication between the DRG and the customer on-premises equipment, use IPSec VPN or OCI FastConnect.
A load balancer distributes traffic across the nodes. Customers can take advantage of flexible load balancer and choose a custom minimum bandwidth and an optional maximum bandwidth, anywhere between 10–8,000 Mbps. The minimum bandwidth is always available and provides instant readiness for your workloads. Based on incoming traffic patterns, available bandwidth scales up from the minimum as traffic increases.
For applications deployed on virtual machines (VM), customers can take advantage of flexible VM instances. Customers can increase or decrease capacity in minutes by adding CPUs and memory to their existing footprint: 1–64 cores and between 1–64 GB per core, up to 1,024 GB per instance.
The Server Manager in the administration tier communicates with presentation tier, middle tier, and database tier to provide code deployment, configuration management, runtime metrics access, and log access. The Deployment Server in the Administration tier communicates with the middle tier and the database tier to build and deploy code. The development client communicates with the middle tier and the Database tier. Application Development Framework (ADF) and Oracle Business Intelligence Publisher communicate with the HTML server in the Presentation tier.
The following diagram illustrates this reference architecture.
Description of the illustration deploy_jde_on_oci.png
The architecture has the following components:
Administration Tier
The administration tier contains a single instance of the following servers:
- Provisioning Server
Use to automate end-to-end deployment of JD Edwards EnterpriseOne components on OCI. It communicates with all the instances in the other tiers, including the instances in the database tier, over port 22. It hosts the JD Edwards EnterpriseOne One-Click Provisioning Console and JD Edwards Server Manager Console.
- Deployment server
During the installation process, this server acts as the central repository of all the required files and installation packages. The software is distributed or deployed to all other servers and clients from this server.
- Development client
The JD Edwards EnterpriseOne Development client contains components that run as standard Microsoft Windows applications, such as Active Console, Forms Design Aid (FDA), and Report Design Aid (RDA), and components that run in a web browser.
- Application Development Framework (ADF) server
JD Edwards EnterpriseOne ADF Server is a web application deployed on an Oracle WebLogic server with ADF runtime. It is used to run JD Edwards EnterpriseOne applications developed with Oracle ADF.
- Oracle Business Intelligence Publisher
Oracle Business Intelligence Publisher presents the data collected by JD Edwards EnterpriseOne in the form of reports. Use Oracle Business Intelligence Publisher to present reports using different templates based on your business requirements. You can design and control how the report outputs are presented by using template files.
Presentation Tier
The presentation tier contains redundant instances of Application Interface services and Java Application servers to provide high availability. These servers communicate with servers in the middle tier. All instances are active and receive traffic from the load balancer. Each instance is associated with a block storage volume. This tier also contains components that you can use to create integration between JD Edwards EnterpriseOne and an external system. Your implementation can include one or more of these components.
This tier contains the following servers:
- Java Application servers (JAS)
Java Application server receives requests from the load balancer and runs simple business logic. It passes requests to the logic server to run tasks that require complicated business logic.
- Application Interface Service (AIS) server
Application Interface Service server provides the communication interface between JD Edwards mobile enterprise applications and JD Edwards EnterpriseOne.
Middle Tier
The middle tier contains redundant instances of logic servers and batch servers to ensure high availability.
In a single availability domain architecture, you can host the logic server and the batch server on the same enterprise server instance. However, in a multiple availability domain architecture where you deploy production instances, we recommend that you set up the logic server and the batch server on separate enterprise server instances.
The middle tier receives requests from the load balancer and presentation tier. After processing the requests, it forwards the requests to the database servers. To ensure high availability, deploy redundant instances of logic servers and batch servers in an availability domain. All instances of the servers are active and process requests.
- Logic servers or enterprise servers
These servers contain the business logic or business functions.
- Batch servers
These servers are used for batch processing.
Database Tier
- Customer premises equipment (CPE)
Customer premises equipment is the on-premises endpoint for the VPN Connect or OCI FastConnect interconnection between the on-premises data center and the virtual cloud network in Oracle Cloud Infrastructure.
- Region
An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).
- Availability domains
Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.
- Fault domains
A fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain has three fault domains with independent power and hardware. When you distribute resources across multiple fault domains, your applications can tolerate physical server failure, system maintenance, and power failures inside a fault domain.
- Virtual cloud network (VCN) and subnets
A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.
- Security list
For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.
- Bastion host
The bastion host is a compute instance that serves as a secure, controlled entry point to the topology from outside the cloud. The bastion host is provisioned typically in a demilitarized zone (DMZ). It enables you to protect sensitive resources by placing them in private networks that can't be accessed directly from outside the cloud. The topology has a single, known entry point that you can monitor and audit regularly. So, you can avoid exposing the more sensitive components of the topology without compromising access to them.
- Compartment
Compartments are cross-region logical partitions within an Oracle Cloud Infrastructure tenancy. Use compartments to organize your resources in Oracle Cloud, control access to the resources, and set usage quotas. To control access to the resources in a given compartment, you define policies that specify who can access the resources and what actions they can perform.
- Cloud Guard
You can use Oracle Cloud Guard to monitor and maintain the security of your resources in Oracle Cloud Infrastructure. Cloud Guard uses detector recipes that you can define to examine your resources for security weaknesses and to monitor operators and users for risky activities. When any misconfiguration or insecure activity is detected, Cloud Guard recommends corrective actions and assists with taking those actions, based on responder recipes that you can define.
- Dynamic routing gateway (DRG)
The DRG is a virtual router that provides a path for private network traffic between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider.
- Local peering gateway (LPG)
An LPG enables you to peer one VCN with another VCN in the same region. Peering means the VCNs communicate using private IP addresses, without the traffic traversing the internet or routing through your on-premises network.
- Object storage
Object storage provides quick access to large amounts of structured and unstructured data of any content type, including database backups, analytic data, and rich content such as images and videos. Use standard storage for "hot" storage that you need to access quickly, immediately, and frequently. Use archive storage for "cold" storage that you retain for long periods of time and seldom or rarely access.
- Load balancer
The Oracle Cloud Infrastructure Load Balancing service provides automated traffic distribution from a single entry point to multiple servers in the back end.
- Security zone
Security zones ensure Oracle's security best practices from the start by enforcing policies such as encrypting data and preventing public access to networks for an entire compartment. A security zone is associated with a compartment of the same name and includes security zone policies or a "recipe" that applies to the compartment and its sub-compartments. You can't add or move a standard compartment to a security zone compartment.
- Service gateway
The service gateway provides access from a VCN to other services, such as Oracle Cloud Infrastructure Object Storage. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet.
- FastConnect
Oracle Cloud Infrastructure FastConnect provides an easy way to create a dedicated, private connection between your data center and Oracle Cloud Infrastructure. FastConnect provides higher-bandwidth options and a more reliable networking experience when compared with internet-based connections.
- NAT gateway
The NAT gateway enables private resources in a VCN to access hosts on the internet, without exposing those resources to incoming internet connections.
Recommendations
- VCN
When you create a VCN, determine the number of CIDR blocks required and the size of each block based on the number of resources that you plan to attach to subnets in the VCN. Use CIDR blocks that are within the standard private IP address space.
Select CIDR blocks that don't overlap with any other network (in Oracle Cloud Infrastructure, your on-premises data center, or another cloud provider) to which you intend to set up private connections.
After you create a VCN, you can change, add, and remove its CIDR blocks.
When you design the subnets, consider your traffic flow and security requirements. Attach all the resources within a specific tier or role to the same subnet, which can serve as a security boundary.
- Security
Use Oracle Cloud Guard to monitor and maintain the security of your resources in Oracle Cloud Infrastructure proactively. Cloud Guard uses detector recipes that you can define to examine your resources for security weaknesses and to monitor operators and users for risky activities. When any misconfiguration or insecure activity is detected, Cloud Guard recommends corrective actions and assists with taking those actions, based on responder recipes that you can define.
For resources that require maximum security, Oracle recommends that you use security zones. A security zone is a compartment associated with an Oracle-defined recipe of security policies that are based on best practices. For example, the resources in a security zone must not be accessible from the public internet and they must be encrypted using customer-managed keys. When you create and update resources in a security zone, Oracle Cloud Infrastructure validates the operations against the policies in the security-zone recipe, and denies operations that violate any of the policies.
Considerations
When deploying JD Edwards EnterpriseOne applications in Oracle Cloud Infrastructure, consider these points.
- Performance
Depending on the amount of data, you can use FastConnect or IPSec VPN to manage costs. Files that need frequent access can be stored in Object Storage Standard tier for faster access.
- Security
Oracle Cloud provides encryption by default of all objects stored in Object Storage buckets. For extra security, you can choose to encrypt these objects using customer-managed keys.
- Availability
Object Storage is highly available, although you can choose to configure cross-region replication to protect against unlikely regional outages.
- Cost
Pricing varies depending on which Object Storage tier you choose. So, carefully consider the appropriate tier. Moreover, some objects have retention requirements, and violating the requirements can trigger extra charges.