Multiplexing OID, SSO, PORTAL Virtual Private Portals VPP

1
Multiplexing OID, SSO, PORTAL Virtual
Private Portals (VPP)

• Presented By
• Surender Sara - surender.sara_at_veritiesllc.comVive
  k Pavle - vivek.pavle_at_veritiesllc.com

2
Business Problem

• Single Physical OID meta repository instance and
  server
• Single Middle Tier instance and server
• Have multiple SITES under this setup
• Have separate DAS, OIDAMIN user, SSO user and
  group entries
• Separate applications for each site
• Shared Tables
• Easy of backup
• NO REPLICATION or DATA SYNC
• NO INVESTMENT IN HARDWARE COST

3
Typical Architecture of 10gAS
4
Typical Architecture of 10gAS

• We typically have one Infrastructure server with
  the following components
• HTTP_Server, OC4J_SECURITY, OID,
• Single Sign-On orasso, Management
• We typically have one Application Server with the
  following components
• Discoverer, Forms, HTTP_Server, OC4J_BI_Forms,
  OC4J_Portal, Reports Server, Web Cache,
  Management

5
Issues With This Deployment

• We have shared OID, SSO, DAS on the
  infrastructure tier, hence single password file
  management
• We have shared portal application users, groups,
  Single DN entity tree

6
Business Problem

• Single Physical OID meta repository instance and
  server
• Single Middle Tier instance and server
• Have multiple SITES under this setup
• Have separate DAS, OIDAMIN user, SSO user and
  group entries
• Separate applications for each site
• Shared Tables
• Easy of backup
• NO REPLICATION or DATA SYNC
• NO INVESTMENT IN HARDWARE COST

7
OPTION 1- Multiple Hosts gtgtMultiple Sites
8
GOALS MET ?

• NO Redundant hardware
• NO Duplicated OID entries
• Lack of Single Super Administrator access which
  can manage all instances.
• Maintenance cost directly proportional to the
  scale of system
• Very high cost for scalability

9
What is Virtual Private portal (VPP)?
Multiple Portal Sites Supported over one
Application Server instance.
10
How VPP Works

• Oracle AS VPP is based on Virtual Private
  Database (VPD) technology.
• It involves adding a context column which
  distinguishes site/subscriber in the database
  tables and employing policy to restrict queries
  based on context of the logged in user.
• OID Administration of each site sub-tree can be
  delegated and the default subscriber admin can
  manage the whole tree.

11
VPP Benefits Demo

• Secure setup
• Low cost setup
• Each site/customer completely isolated
• Highly Scalable
• Easy to Manage
• Virtually no cost to scale

12
VPP The solution
Step - I Enable VPP on the host

• cd /d02/10g_PORTAL/portal/admin/plsql/wwhost
• ./enblhstg.csh -pc rhas2.oracletop.com1521asdb
  -ps portal -pw ZcMulMDW -sc rhas2.oracletop.com15
  21asdb -ss orasso -sw H1JZ4DFT -h
  rhas2.oracletop.com -p 3060 -d "cnorcladmin" -w
  pwd123
• oracle_at_rhas2 bin ./opmnctl stopproc
  ias-componentOC4J
• opmnctl stopping opmn managed processes...
• oracle_at_rhas2 bin ./opmnctl startproc
  ias-componentOC4J
  
  

13
Modify Login.jsp

• ORACLE_HOME/j2ee/OC4J_SECURITY/applications/sso/we
  b/jsp
• lt!-- UNCOMMENT TO ENABLE MULTIPLE REALM SUPPORT
• lttrgt
• ltlabelgt
• ltth id"c6"gtltfont
• class"OraFieldText"gtltmsgBundle.getString(Server
  MsgID.COMPANY_
• LBL)gtlt/fontgtlt/thgt
• lttd headers"c6"gt ltINPUT TYPE"text" SIZE"30"
  MAXLENGTH"50"
• NAME"subscribername" value""gtlt/tdgt
• lt/labelgt
• lt/trgt
• --gt

14
OID Tree Before running the script
15
OID Tree after enabling VPP
16
VPP The solution
Step-II Add Subscribers to VPP

• cd /d02/10g_PORTAL/portal/admin/plsql/wwhost
• ./addsub.csh -name SURENDER -id 1003 -type all
  -pc rhas2.oracletop.com1521asdb -pp pwd123 -ps
  portal -pw ZcMulMDW -sc rhas2.oracletop.com1521
  asdb -sp pwd123 -ss orasso -sw H1JZ4DFT -a
  portal.asdb.rhas2.oracletop.com -h
  rhas2.oracletop.com -p 3060 -d "cnorcladmin" -w
  pwd123 -rc "cnOracleContext" -sd oracletop -tp
  /d02/10g_INFRA/ldap/schema/oid/
• Make sure to point ex to vi - else this
  will fail

17
Subscriber entry in OID and Portal
18
VPP The solution
Step-III Apache Configuration

• Add following in httpd.conf under PORTAL Home
• ltVirtualHost 67.100.66.987779gt
  port 7778
  
  RewriteEngine on
  RewriteRule /
  /pls/portal/portal.home PT,L,NS
• lt/VirtualHostgt

19
VPP The solution
Step-III Setting up Branded URL

• cd /d02/10g_PORTAL/portal/admin/plsql/wwhost
• ./addburl.csh -name SURENDEDR -pc
  rhas2.oracletop.com1521asdb -ps portal -pw
  ZcMulMDW -pu http//surender.oracletop.com7778/p
  ls/portal -sc rhas2.oracletop.com1521asdb -ss
  orasso -sw H1JZ4DFT -su http//surender.oracletop
  .com7777/pls/orasso

20
VPP The solution

• cd /d02/10g_PORTAL/portal/admin/plsql/wwhost
• ./rmsub.csh -name VIVEK -pc rhas2.oracletop.com1
  521asdb -pp pwd123 -ps portal -sc
  rhas2.oracletop.com1521asdb -sp pwd123 -ss
  orasso -a portal.asdb.rhas2.oracletop.com -h
  rhas2.oracletop.com -p 3060 -d "cnorcladmin" -w
  pwd123 -cs 1000

21
OID after implementing VPP
22
Limitations / Restrictions

• Data Sharing not allowed for security purposes.
• ASP users and groups can not be more than two
  levels deep.
• Manage non-default subscribers' ASP users and
  groups only with hosting scripts.
• ASP group is only a placeholder for ASP users and
  groups. Privileges are not propagated to
  subscribers.

23
Advanced Operations

• ASP users/groups management (sync)
• Removing subscribers
• WebDAV support
• Ultrasearch Support

24
Q A

• ?
• Visit www.oracletop.com for FREE streaming
  audiovisual presentation of this and many other
  seminars.