Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Oracle E-Business Suite R12.2: Secure
Configuration...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to ...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
1
2
3
4
Secure Configure Console
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Agenda for Secure Configuration Console
Secure Conf...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Secure Configuration Console
EBS Users cannot login...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Secure Configuration Console
Automatic Assessment o...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Secure Configuration Console
Automatic Assessment o...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Secure Configuration Console
Automatic Assessment o...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Secure Configuration Console
Manual/Autofixable and...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Secure Configuration Console
Security Guideline Det...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Secure Configuration Console
1
2
3
4
1. Default app...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Secure Configuration Console
Checks introduced in 1...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Secure Configuration Console
Check: Attachment uplo...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Secure Configuration Console
Check: Default applica...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Secure Configuration Console
Check: Default databas...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Secure Configuration Console
Check: Application use...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Secure Configuration Console
Check: Database profil...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Secure Configuration Console
Check: PUBLIC role pri...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Secure Configuration Console
Check: Allowed Resourc...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Secure Configuration Console
Feature overview of Al...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Secure Configuration Console
Configuration overview...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Secure Configuration Console
Feature overview of Al...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
UI is accessible via the
Functional Administrator
r...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Details section
Enabled check box
indicates whether...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
User Interface for Allowed Resources
Product and Co...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
User Interface for Allowed Resources
Product and Co...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
User Interface for Allowed Resources
Product and Co...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
User Interface for Allowed Resources
Product Detail...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Evaluating Usage with Access Logs
Step 1. Generate ...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Populate Web usage data
Step 2. Populate Web Usage ...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Load Custom Configuration for Allowed Resources
Ste...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Secure Configuration Console
Command line utility
1...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Where to find more information ?
1
2
3
4
EBS Docume...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 35
Program Agenda: ADOP and Rapid Install Changes
S...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 36
New and Changed Features in ADOP
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Service Name change for Patch Edition FS
• The Orac...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Mandatory Steps for Migrating Service Name change
•...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Patch Service Rename: What to Know?
• Starting AD-T...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
• New prepare phase parameter (sync_mode) to contro...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
• sync_mode=delta
– As a faster alternative, you ca...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Improved Log Directory Structure
• Improved structu...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 43
Rapid Install: Patching Stage Area
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Rapid Install: Patching Stage Area
• Patch 25525148...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
• Oracle E-Business Suite Maintenance Guide Release...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
1
2
3
4
12.2 secure configureconsole_adop_changes_aioug_appsdba_nov17
12.2 secure configureconsole_adop_changes_aioug_appsdba_nov17
Próxima SlideShare
Cargando en…5
×

12.2 secure configureconsole_adop_changes_aioug_appsdba_nov17

Oracle Apps 12.2 Secure Configuration Console & ADOP changes

  • Inicia sesión para ver los comentarios

12.2 secure configureconsole_adop_changes_aioug_appsdba_nov17

  1. 1. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Oracle E-Business Suite R12.2: Secure Configuration Console and ADOP changes Shyam Sundar Rao (Senior Principal Developer, EBS Release Engineering) Chowdari Mathukumilli (Principal Developer, EBS Release Engineering) November 04, 2017
  2. 2. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
  3. 3. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 1 2 3 4 Secure Configure Console
  4. 4. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Agenda for Secure Configuration Console Secure Configuration Console overview Checks of Secure Configuration Console in 12.2 Additional new checks introduced in 12.2.7 Deep dive into few checks Command line utility Where to find more information Q/A 1 2 3 4 5 6 7
  5. 5. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console EBS Users cannot login to the system 1 2 3 4 New
  6. 6. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Automatic Assessment of your Environment by Sysadmin 1 2 3 4 New
  7. 7. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Automatic Assessment of your Environment by Sysadmin 1 2 3 4 Configure or Acknowledge and Accept Warnings: Your system will be locked down until the system administrator configures or acknowledges the recommended security configurations. New
  8. 8. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Automatic Assessment of Your Environment 1 2 3 4 •Review and implement secure configuration recommendations from a single dashboard. •Access via the “Functional Administrator” responsibility, “Configuration Manager” tab •Check your configuration •Automatically configure items that are out of compliance •Checks are assigned a severity level •Suppress checks that are not relevant to your system
  9. 9. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Manual/Autofixable and Failed/Passed Checks 1 2 3 Details: Manual and Autofixable checks Details: Failed Configuration
  10. 10. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Security Guideline Details for a Check 1 2 3 4
  11. 11. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console 1 2 3 4 1. Default application users passwords have been changed to non-default values. 2. Attachment upload profiles are available and set correctly. 3. Critical profile values are set correctly. 4. Default database users default passwords have been changed to non-default values. 5. Forms blocking of bad characters on the web server is active. 6. Site level security profiles are available in the system. 7. ModSecurity on the web server is active. 8. Serversecurity (Secure Flag in DBC file) is enabled. 9. Allowed Redirects feature is enabled 10. APPLSYSPUB privileges are properly restricted. 11. Auditing profiles are set. 12. Cookie Domain scoping is configured. 13. Application user passwords have been migrated to hashed passwords. 14. HTTPS is enabled Confidential. Oracle E-Business Suite Security Guide Release 12.2
  12. 12. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Checks introduced in 12.2.7 1 2 3 4 1. Clickjacking protection is configured. 2. Diagnostic web page protection is configured. 3. PUBLIC role privileges are restricted. 4. Oracle Workflow generated emails that reference URLs in EBS require additional user authentication. 5. Allowed Resources feature is enabled. 6. Required whitelist configuration for the allowed resources feature is correct and up-to-date. 7. Recommended Database initialization parameters have been set. 8. Database profiles have been created in the EBS database for password management. 9. iRecruitment file upload security profile value is set. 10. Oracle Workflow Admin access is restricted. 10 Additional Checks for a Total of 24 Checks Oracle E-Business Suite Security Guide Release 12.2
  13. 13. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Check: Attachment upload profiles are available and set correctly 1 2 3 4 • The Attachments feature are configured to restrict the file types that may be uploaded (actually, it restricts using a blacklist of the file extensions that Windows considers as executables such as .COM,.EXE and so on). • Profile Option Name: FND_SECURITY_FILETYPE_RESTRICT _DFLT • Recommended Value: N • Define maximum allowed size of an uploaded attachment • Profile Option Name: UPLOAD_FILE_SIZE_LIMIT • Recommended Value: As needed in (kb) • Enable Antisamy HTML Filter • This allows upload of a sanitized version of HTML documents such as resumes for iRecruitment. • Profile Option Name: FND_DISABLE_ANTISAMY_FILTER • Recommended Value: N Oracle E-Business Suite Security Guide Release 12.2
  14. 14. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Check: Default application users passwords have been changed to non-default values 1 2 3 4 • Oracle ships seeded user accounts with default passwords that are recommended to be changed. • Depending on product usage, some seeded accounts can or can not be disabled. • Disable an application user account by setting the END_DATE for the account. • Do not disable the GUEST user account. • If the GUEST password is changed, set the AutoConfig variable s_guest_pass to the new value in the context file before running AutoConfig. AutoConfig must be run to propagate the new password to config files. • The GUEST password must always be in UPPERCASE. • Script “fnddefpw.sql” can be executed as “apps” user to list the seeded accounts that still have the default password. Oracle E-Business Suite Security Guide Release 12.2
  15. 15. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Check: Default database users default passwords have been changed to non-default values 1 2 3 4 • The application database instance contains default, open schemas with default passwords. • These accounts and corresponding passwords are well-known, and they should be changed, especially for a database to be used in a production environment. • For Default database administration schemas we can make use of "alter user <SCHEMA> identified by <NEW_PASSWORD>;“ • For Schemas common to all Oracle E-Business Suite products and associated with specific Oracle E- Business Suite products we can make use of utility "FNDCPASS" Oracle E-Business Suite Security Guide Release 12.2
  16. 16. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Check: Application user passwords have been migrated to hashed passwords 1 2 3 4 • Traditionally, Oracle E-Business Suite has stored the password of the application users in encrypted form. • Starting with release 12.0.4, it is possible to switch the Oracle E-Business Suite system to store hashed versions of the passwords instead. • Hence its recommended as part of secure configuration console check to change the passwords. • Use AFPASSWD/FNDCPASS utility to hash the password. • IMPORTANT: This process is irreversible. Oracle E-Business Suite Security Guide Release 12.2
  17. 17. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Check: Database profiles have been created in the EBS database for password management 1 2 3 4 • Implement Two Profiles for Password Management • The database provides parameters to enforce password management policies. • However, some of the database password policy parameters could lock-out the Oracle E-Business Suite. • Because of this, we make specific recommendations for or against using certain management features depending upon schema type. • Create two database profiles: • One for middle tier application schemas (“managed schemas”) • One for all accounts used by individual database administrators to the second profile. Password Parameters Application Profile Administrator Profile FAILED_LOGIN_ATTEMPTS UNLIMITED 5 PASSWORD_LIFE_TIME UNLIMITED 90 PASSWORD_REUSE_TIME 180 180 PASSWORD_REUSE_MAX UNLIMITED UNLIMITED PASSWORD_LOCK_TIME UNLIMITED 7 PASSWORD_GRACE_TIME UNLIMITED 14 PASSWORD_VERIFY_FUNCTION Recommended Recommended Recommended Values Oracle E-Business Suite Security Guide Release 12.2
  18. 18. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Check: PUBLIC role privileges are restricted 1 2 3 4 Check whether the PUBLIC role privileges are restricted. • This checks whether unnecessary privileges to Oracle E-Business Suite object have been granted to the Oracle Database PUBLIC role. • Revoke unnecessary privileges from the PUBLIC role. Oracle E-Business Suite database objects should not have privileges granted to the PUBLIC role. • 'Create Index' should not be granted to PUBLIC Oracle E-Business Suite Security Guide Release 12.2
  19. 19. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Check: Allowed Resources feature is enabled 1 2 3 4 • Allowed JSPs introduced in E-Business Suite 12.2.4 • Enabled by default in E-Business Suite ATG 12.2.7 • Rebranded to Allowed Resources in 12.2.6 with the following patches: • ATG 12.2.6 (21900895:R12.ATG_PF.C.DELTA.6) • TKX Delta 9 (25180736:R12.TXK.C.DELTA.9) • ENABLE ALLOWED RESOURCES (24737426:R12.FND.C) - This patch will turn the Allowed Resources feature ON. Oracle E-Business Suite Security Guide Release 12.2
  20. 20. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Feature overview of Allowed Resources 1 2 3 4 • Defines whitelist of web allowed resources • A whitelist is an explicit list of items that are allowed for access • Enhancements to Allowed JSPs feature • Whitelist resources including servlets and JSPs • Prevents access to resources which are not used. • Allows custom resources to ne defined in the list of allowed resources. • Additional Features in 12.2.7 • Metadata now stored in the database (not in configuration files) • New user interface • With configuration metadata stored in the database, allowed resources configuration will be preserved when upgrading and patching • Whitelist configuration recommendations are provided based upon products used and underlying resource usage • Utilities to identify custom resources and populate usage data Oracle E-Business Suite Security Guide Release 12.2
  21. 21. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Configuration overview of Allowed Resources 1 2 3 4 • Applying Patch 24737426:R12.FND.C delivers new profile • "Security: Allowed Resources" (FND_SEC_ALLOWED_RESOURCES) • The default value is CONFIG (Configured). • This provides restricted access to the allowed resources as per the whitelisted resources listed in the configuration files. • The feature can be turned of by setting the profile option to “All” • New profile overrides profile: Allow Unrestricted JSP Access (FND_SEC_ALLOW_JSP_UNRESTRICED_ACCESS) • The profile is refreshed at the UPDATE_CHECK_INTERVAL rate. Its generally 60sec. Oracle E-Business Suite Security Guide Release 12.2
  22. 22. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Feature overview of Allowed Resources 1 2 3 4 3 Levels of Granularity for Configuring Access through the UI • If you are not using any products in a particular product family, ensure that the Enabled check box is not selected in the Details section of the Product Family Configuration page. • To restrict access at the product level, deny access to the appropriate product-level resources on the Product Details tab in the Product and Common Resources section. • To restrict access at the individual resource level, deny access to the resources in question by drilling down to the Resource Details or denying access in Common Resources tab. Oracle E-Business Suite Security Guide Release 12.2
  23. 23. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | UI is accessible via the Functional Administrator responsibility  Functional Administrator page  Allowed Resources tab Easily allow or deny access to products and underlying resources A family name may be selected from the left menu to view the Product Family Configuration User Interface for Allowed Resources
  24. 24. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Details section Enabled check box indicates whether or not the product family resources are used and allowed. Product and Common Resources Details Section Use this section of the page to configure products. User Interface for Allowed Resources 12.2.7
  25. 25. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | User Interface for Allowed Resources Product and Common Resource Details  Product Details tab
  26. 26. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | User Interface for Allowed Resources Product and Common Resource Details  Common Resources Tab 12.2.7
  27. 27. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | User Interface for Allowed Resources Product and Common Resource Details  Product Details tab  Click on Product Name 12.2.7
  28. 28. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | User Interface for Allowed Resources Product Details tab  Click on Product Name  Used Tab 12.2.7
  29. 29. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Evaluating Usage with Access Logs Step 1. Generate Web Usage File - generate a summary of resources used in your instance. • Download webusage.awk – My Oracle Support Knowledge Document 2069190.1, Security Configuration and Auditing Scripts for Oracle E- Business Suite, for the latest zip file containing the script – Generates a summary of resources used from any available Apache access logs. – This can then be leveraged using the WLDataMigration utility to identify custom resources as well as populate web usage data. – Execute the webusage.awk script againstyour Apache access logs: $ cat access_log | tr '?' ' ' | awk -f webusage.awk > webusage.out 12.2.7 Oracle E-Business Suite Security Guide Release 12.2
  30. 30. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Populate Web usage data Step 2. Populate Web Usage and Custom Configurations •Populate web usage data or custom configuration with WLDataMigration •The WLDataMigration utility provides the ability to identify and populate custom resources and web usage data from your Apache access logs. It also allows you to populate that information, or migrate existing customization configuration files, into the allowed resources repository. •Execute Loader utility to populate web usage data for already seeded resources and generate CUSTOM.out for unknown resources $ java oracle.apps.fnd.security.resource.WLDataMigration MODE=seed INPUT_FILE=webusage.out DBC=$FND_SECURE/<SID>.dbc This mode allows you to leverage your existing Apache access logs to identify custom resources as well as populate web usage data. It takes the webusage.out file as input which is generated via the webusage.awk script described in the previous section. This mode also produces a CUSTOM.out file of potential custom resources. Oracle E-Business Suite Security Guide Release 12.2
  31. 31. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Load Custom Configuration for Allowed Resources Step 3 – Review CUSTOM.out and Load • Option 1: Use the CUSTOM.out file generated from WLDataMigration Review the CUSTOM.out file before uploading to ensure that entries are legitimate $ java oracle.apps.fnd.security.resource.WLDataMigration MODE=custom INPUT_FILE=CUSTOM.out DBC=$FND_SECURE/<SID>.dbc • Option 2: Use the custom.conf file from prior configuration of Allowed JSPs or Allowed Resources feature. $ java oracle.apps.fnd.security.resource.WLDataMigration MODE=custom INPUT_FILE=CUSTOM.conf DBC=$FND_SECURE/<SID>.dbc Oracle E-Business Suite Security Guide Release 12.2
  32. 32. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Command line utility 1 2 3 4 If a user with local system administrator privileges is not available, you can access the Secure Configuration Console by using the following command line utility: java oracle.apps.fnd.security.AdminSecurityCfg <APPS Username/APPS password[@<DB Host>] [-check|-fix|-status|-lock|-unlock] [DBC=<DBC File Path>] [CODES=<code1>,<code2>,<code3>...] This utility is provided for the following tasks: • To take the system out of locked down mode. • To compute the status of a certain configuration or all configurations. • To configure a certain configuration or all configurations of type 'Autofixable'. • To view the status of a certain configuration or all configurations. Oracle E-Business Suite Security Guide Release 12.2
  33. 33. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Where to find more information ? 1 2 3 4 EBS Documentation and Training – EBS 12.2 Information Center MOS Note 1581299.1 Includes link to the EBS Documentation Web Library FAQ: Oracle E-Business Suite Security (MOS Note 2063486.1) Oracle E-Business Suite Security Guide, Release 12.2 – Part# E22952 Security Configuration and Auditing Scripts for Oracle E-Business Suite (MOS Note 2069190.1)
  34. 34. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 35 Program Agenda: ADOP and Rapid Install Changes Service Name Change for Patch Edition FS File System Synchronization Improved Log Directory Structure Rapid Install: Patching Stage Area References Q/A 1 2 3 4 5 6
  35. 35. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 36 New and Changed Features in ADOP
  36. 36. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Service Name change for Patch Edition FS • The Oracle Grid Infrastructure is required by Oracle Automatic Storage Management (ASM), which can be used by Oracle Real Application Clusters. • The Grid Listener requires all registered service names to be unique. • AD-TXK Delta 9 introduces full support for the Oracle Grid Listener used by ASM. • AD-TXK Delta 8 and earlier, the service name for connections to the patch edition of the database was always 'ebs_patch'. • In AD-TXK Delta.9, the service name to connect to the patch edition has been changed to '<instance_name>_ebs_patch'. 37
  37. 37. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Mandatory Steps for Migrating Service Name change • Migrate changes from Application Tier to Database tier nodes (after AD-TXK Delta patching cycle). • On Run Edition File System – Execute the admkappsutil.pl utility to create the appsutil.zip file in <INST_TOP>/admin/out. • $ perl <AD_TOP>/bin/admkappsutil.pl • On Database tier nodes: – Source the environment for RDBMS ORACLE_HOME • Copy or FTP the appsutil.zip file to <RDBMS ORACLE_HOME> • Uncompress appsutil.zip, under <RDBMS ORACLE_HOME> – $ unzip -o appsutil.zip • Run Autoconfig on Database Tier nodes • Run Autoconfig on Run Edition File System Confidential – Oracle Internal 38
  38. 38. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Patch Service Rename: What to Know? • Starting AD-TXK Delta.9, the service name to connect to the patch edition has been changed to '<instance_name>_ebs_patch'. • Mandatory to Update database tier with the latest patches post AD-TXK Delta application. • Avoid bouncing of Database during adop cycle for applying AD-TXK Delta. • fs_clone to be run post AD-TXK Delta. If not, next prepare will automatically run fs_clone. 39
  39. 39. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | • New prepare phase parameter (sync_mode) to control synchronization behavior. • adop phase=prepare sync_mode=(delta|patch) [default: patch] – adop phase=prepare sync_mode=patch (default) – adop phase=prepare sync_mode=delta (new file based) • sync_mode=patch – Default behavior. – adop will synchronize the file systems by applying patches applied in the previous patching cycle to the patch file system. Confidential – Oracle Internal 40 File System Synchronization
  40. 40. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | • sync_mode=delta – As a faster alternative, you can specify the parameter/value pair sync_mode=delta to synchronize the file systems by running a user-specified third-party file synchronization (copy) utility. – Delta style synchronization uses the file system synchronization command specified in: $AD_TOP/patch/115/etc/delta_sync_drv.txt – Only files changed in the previous patching cycle are synchronized – The delta_sync_drv.txt file includes examples for setting up synchronization using rsync on UNIX or RoboCopy on Windows – Automatic support for customizations Confidential – Oracle Internal 41 File System Synchronization
  41. 41. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Improved Log Directory Structure • Improved structure of log directories – Log directories organized in a logical hierarchical structure • $ADOP_LOG_HOME/<session_id>/<execution_id>/<phase>/<node>/ – Consistent naming of top level log file • adop.log – Validation logs in a named directory 42 • $ADOP_LOG_HOME – 120 ‒20171020_152612 ‒prepare ‒rws1401232 • $ADOP_LOG_HOME – <session_id> ‒<execution_id> –<phase> ‒<node>
  42. 42. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 43 Rapid Install: Patching Stage Area
  43. 43. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Rapid Install: Patching Stage Area • Patch 25525148 (Rapid install consolidated one-off bundle on top of Startcd 51) • To patch the stage area created using startCD 12.2.0.51 (Patch#22066363) • Prerequisite: Create the stage area using startCD 12.2.0.51 and latest Oracle E-Business Suite Release 12.2 Media Pack. • Download and Unzip patch 25525148 • Execute patchRIStage.sh (patchRIStage.cmd in case of Windows); Provide Rapid Install stage area as input parameter. Confidential – Oracle Internal 44
  44. 44. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | • Oracle E-Business Suite Maintenance Guide Release 12.2 – (Part#E22954) • Applying the Latest AD and TXK Release Update Packs to Oracle E-Business Suite Release 12.2 (Doc ID 1617461.1) • Oracle E-Business Suite Applications DBA and Technology Stack Release Notes for R12.AD.C.Delta.10 and R12.TXK.C.Delta.10 (Doc ID 2295390.1) • Oracle E-Business Suite Setup Guide, Release 12.2 – (Part#E22953) • Oracle E-Business Suite Installation Using Rapid Install Guide – (Part#E22950) Confidential – Oracle Internal 45 Where to find more information ?
  45. 45. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 1 2 3 4

×