1. Deploy a landing zone for Oracle E-Business Suite and Cloud Manager
  2. Deploy

Deploy

The Terraform stacks for this solution are available to deploy from Oracle Cloud Marketplace.

Deploy IAM Stack from Marketplace

Follow these steps to deploy the stack from Oracle Cloud Marketplace:
  1. Go to Oracle Cloud Marketplace.
  2. Click Get App.
  3. Follow the on-screen prompts to sign into your tenancy. This should redirect you to the marketplace page inside the console.
  4. Ensure you are in the home region, choose the root compartment, accept the terms and conditions, and click Launch Stack.
  5. Create stack and then choose these options:
    1. Optionally update the name, description, and tags for the stack.
    2. Click Next.
    3. Enter the variable inputs according to your decisions in the Consideration and Plan sections.
    4. Click Next.
    5. Click Finish.
    Don't select Run Apply.
  6. Follow these steps to run the stack:
    1. After creating the stack, on the Stack Details page, click Plan.
      Wait for the job to complete, and review the plan. Pay special attention to any resources that get destroyed or changed.
    2. Run the Plan action again.
      To make any changes, return to the Stack Details page, click Edit Stack, and make the required changes.
    3. If no further changes are necessary, return to the Stack Details page, and click Apply.
    4. Select the specific plan you reviewed instead of Automatic Approve.

The IAM stack is deployed.

Configure Identities Manually

A Tenancy Administrator must first create accounts for each user and add the IAM Administrators to their groups. IAM administrator can then add the rest of the users to their respective groups.

If you're using a tenancy without identity domains (IDCS standalone), create groups and group mappings to the groups created by the IAM Tenancy Stack in IDCS. Follow the instructions in the Oracle E-Business Suite Cloud Manager Guide, section Create Groups for Tenancies Using IAM without Identity Domains and then use the following table create the groups and mappings:
IAM Groups created by IAM Tenancy Stack IAM-Administrators Groups in IDCS standalone idcs-IAM-Administrators
<lz-prefix>-Network-Administrators idcs-<lz-prefix>-Network-Administrators
<lz-prefix>-Network-Users idcs-<lz-prefix>-Network-Users
<lz-prefix>-Security-Administrators idcs-<lz-prefix>-Security-Administrators
<lz-prefix>-Security-Users idcs-<lz-prefix>-Security-Users
<lz-prefix>-ebs-cm-Administrators idcs-<lz-prefix>-ebs-cm-Administrators
One Administrator per each EBS category defined in the Tenancy IAM stack with this nomenclature: <lz-prefix>-ebs-<category name>-Administrators One Administrator per each EBS category defined in Tenancy IAM stack with this nomenclature: idcs-<lz-prefix>-ebs-<category name>-Administrators
Use the OCI Console to create user accounts and add users to these groups or map these groups from a federated identity provider. Follow these steps:
  1. In the OCI Console, open the navigation menu.
  2. On the Identity and Security tab, click Identity.
  3. If you're using Identity Domains, click Domains, select the root compartment from the drop-down list, and click the default domain. For IDCS tenancies, navigate to Identity and follow these steps:
    1. Click Users.
    2. Click Create Users. For IDCS tenancies, click IAM User.
    3. Enter the values for Name and Username/Email.
    4. In Identity Domains, optionally, assign users to groups during user creation.
  4. Map users to groups:
    1. With Identity Domains, navigate to Identity, then Domains.
    2. Select the root compartment, then the default domain, and then Groups.
    3. Without Identity Domains, navigate to Identity, and then select Groups.
    4. Click the group name to take you to the specific page, click Assign users to the following groups.
    5. Select the desired users, and click Add.
    6. Alternatively, navigate to Users, and click on a specific username.
    7. Click Assign users to groups, select the desired groups, and click Assign User.
    8. IAM Administrators
      IAM-Administrators
Credential-Administrators
<lz-prefix>-Network-Users
<lz-prefix>-Security-Users
  5. You must create users that will register the EBS Cloud Manager Web Application with the Identity Provider to provide authentication services. Follow these steps to define the users that will have the Application Administrator role:
    1. In IDCS, navigate to Identity, Federation, and then OracleIdentityCloudService.
    2. Click the Oracle Identity Cloud Service Console link.
    3. In the hamburger menu, click Security, then Administrators.
    4. Expand role for IDCS Application Administrator and click Add Users.
    5. Add any users you want to give the ability to create confidential applications for EBS Cloud Manager and environment categories.
    6. In Identity Domains, navigate to Identity, and then Domains and select the root compartment.
    7. Select the default domain, Security, and then Administrators.
    8. Expand Application Administrator and click Add Users.

      Security Administrators

      <lz-prefix>-Security-Administrators
<lz-prefix>-Network-Users

      Network Administrators

      <lz-prefix>-Network-Administrators
<lz-prefix>-Security-Users

      EBS CM Administrators and EBS Application Administrators (per EBS category)

      <lz-prefix>-<ebs-workload-prefix>-<ebs-workload-environment-category>
<lz-prefix>-Network-Users
<lz-prefix>-Security-Users
    9. Add any users you want the ability to create confidential applications for EBS Cloud Manager and environment categories.
Your Identity Domains are configured.

Deploy Network Stack from Marketplace

A Network administrator must deploy the Network stack for each E-Business Suite environment category. They minimally need permissions to these groups:
  • <lz-prefix>-Network-Administrators
  • <lz-prefix>-Security-Users

For each environment category, follow these steps to deploy its own Network stack:

  1. Go to Oracle Cloud Marketplace.
  2. Click Get App.
  3. Follow the on-screen prompts to sign into your tenancy. This should redirect you to the marketplace page inside the console.
  4. Ensure you are in the home region, the compartment is <lz-prefix>-Network created by the IAM Stack, accept the terms and conditions, and click Launch Stack.
  5. Create stack and then choose these options:
    1. Optionally update the name, description, and tags for the stack.
    2. Click Next.
    3. Enter the variable inputs according to your decisions in the Consideration and Plan sections.
    4. Click Next.
    5. Click Finish.
    Don't select Run Apply.
  6. Follow these steps to run the stack:
    1. After creating the stack, on the Stack Details page, click Plan.
      Wait for the job to complete, and review the plan. Pay special attention to any resources that get destroyed or changed.
    2. Run the Plan action again.
      To make any changes, return to the Stack Details page, click Edit Stack, and make the required changes.
    3. If no further changes are necessary, return to the Stack Details page, and click Apply.
    4. Select the specific plan you reviewed instead of Automatic Approve.

The Network Stack should be deployed in your environment.

Deploy EBS Cloud Manager Stack Manually

Deploy the EBS Cloud Manager Stack with manual as well as Oracle Cloud Marketplace tasks.

The EBS Cloud Manager application has an Oracle Cloud Marketplace stack. However, you will have to complete several tasks manually.

Create DNS Entry and Certificate

You must work with your Network and Security teams to accomplish these tasks according to your corporate IT processes. DNS entries and certificates are recommended but optional.

A signed certificate is required for the EBS Cloud Manager and must use Server host for EBS Cloud Manager Login URL as the subject common or DNS name. The certificate should be issued by an intermediate or root Certificate Authority whose cert chain your company and your browser trusts. If you don't provide a certificate, one will be generated for you.

You should also create a DNS entry for EBS Cloud Manager and associate the Server host for EBS Cloud Manager Login URL with the IP address of the EBS Cloud Manager Load Balancer created by the Cloud Manager stack. The IP address of the EBS Cloud Manager Load Balancer must be created or updated after that stack is created.

Create a Confidential Application

You can use the OCI Console to register Confidential Applications in your identity provider, either IDCS or Identity Domains, for EBS Cloud Manager or any EBS environments. An application administrator/IDCS administrator or tenancy administrator must perform these steps.

You must now create a Confidential Application for EBS Cloud Manager. See these instructions to manually create a Confidential Application with or without Identity Domains.

Deploy EBS Cloud Manager Stack from Marketplace

A Cloud Manager administrator should run this stack minimally with permissions to these groups:
  • <lz-prefix>-<ebs-workload-prefix>-cm-Administrators
  • <lz-prefix>-<ebs-workload-prefix>-<ebs-workload-environment-category>-Administrators
  • <lz-prefix>-Network-Users
  • <lz-prefix>-Security-Users

Follow these steps to deploy the Cloud Manager stack:

  1. Go to Oracle Cloud Marketplace.
  2. Click Get App.
  3. Ensure you are in the home region, the compartment is <lz-prefix>-<workload prefix>-cm created by the IAM Stack, accept the terms and conditions, and click Launch Stack.
  4. Create stack and then choose these options:
    1. Optionally update the name, description, and tags for the stack.
    2. Click Next.
    3. Enter the variable inputs according to your decisions in the Consideration and Plan sections.
    4. Click Next.
    5. Click Finish.
    Don't select Run Apply.
  5. Follow these steps to run the stack:
    1. After creating the stack, on the Stack Details page, click Plan.
      Wait for the job to complete, and review the plan. Pay special attention to any resources that get destroyed or changed.
    2. Run the Plan action again.
      To make any changes, return to the Stack Details page, click Edit Stack, and make the required changes.
    3. If no further changes are necessary, return to the Stack Details page, and click Apply.
    4. Select the specific plan you reviewed instead of Automatic Approve.

Manage the EBS Cloud Manager Virtual Machine

Learn how to perform various administration tasks on the Cloud Manager virtual machine.

Before deploying any environment, ensure that you have updated Cloud Manager to the latest version and have both SSH terminal and UI access to the application.

Access Cloud Manager Web Portal Through Bastion

If you created a bastion service in the Network Stack, you can access the Cloud Manager web portal through an SSH tunnel to the load balancer.

In the OCI Console, navigate to your Bastion instance in the network compartment and then follow these steps:

  1. Click Create Session and enter the following values:
    1. Session Type: SSH port forwarding session
    2. IP Address: Load Balancer IP address (find in output variables)
    3. Port: 443
    4. Add SSH Key: Only used for bastion session
    A session lasts a maximum of three hours.
  2. To create the port forwarding connection, click the menu button for the newly created Bastion session (three dots).
  3. Copy SSH command and paste it into a text editor. Replace the following values as indicated here:
    1. <privateKey> to the file location of your Bastion SSH private key (~/.ssh/private_key_file).
    2. <localPort> to 443 (requires sudo).
    3. Prepend with sudo.
    4. Optionally, add arguments if you encounter a key type error: -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa.
    5. Paste code into a terminal window and execute it. The process will not exit.
  4. Open the webpage using the EBS Cloud Manager login URL which you can find in the output variables. You may need to import your certificates to your local machine or manually accept SSL certificates when accessing the webpage.

Access Cloud Manager SSH Terminal Through Bastion

If you created a bastion service in the Network Stack, you can access the Cloud Manager VM through SSH tunnels.

  1. Click Create Session and enter the following values:
    1. Session Type: SSH port forwarding session
    2. IP Address: Cloud Manager IP address (find in output variables)
    3. Port: 22 (default)
    4. Add SSH Key: Only used for bastion session (this can be the same as the instance SSH public key or different).
    A session lasts a maximum of three hours.
  2. To create the port forwarding connection, click the menu button for the newly created Bastion session (three dots).
  3. Copy the SSH command and paste it into a text editor. Replace the following values as indicated here:
    1. <privateKey> to the file location of your Bastion SSH private key (~/.ssh/private_key_file).
    2. <localPort> to 22 (requires sudo) or a user app port 1024-65535.
    3. Prepend with sudo.
    4. Optionally, add arguments if you encounter a key type error: -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa.
    5. Paste code into a terminal window and execute it. The process will not exit.
  4. Create the local SSH connection.
  5. Add this SSH command to your text editor: ssh -i <privateKey> -p <localPort> opc@localhost and replace the following:
    1. <privateKey> to the file location of your Bastion SSH private key (~/.ssh/private_key_file).
    2. Prepend with sudo.
    3. Optionally, add arguments if you encounter a key type error: -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa.
    4. Paste code into a terminal window and execute it. The process will not exit.
    A common error you encounter may need you to clear other entries of localhost from hosts file - sudo $EDITOR ~/.ssh/known_hosts Switch to the EBS Cloud Manager user: - sudo su - oracle.

Update EBS Cloud Manager to the Latest Version

Before deploying any environments through the Cloud Manager, you must update EBS Cloud Manager to the latest version.

See the instructions in the Update Oracle E-Business Suite Cloud Manager to the Latest Version chapter in the Oracle E-Business Suite Cloud Manager Guide.