Oracle Application in DMZ (Demilitarized Zone)
- by PRajkumar
Business Needs
Large Organizations want to expose their Oracle Application services outside their private network (HTTP/HTTPS and SSL). Usually these exposures must exist to promote external communication. So they want to separate an external network from directly referencing an internal network
Business Challenges
· Business does not want to compromise with security information
· Business cannot expose internal domain or internal URL information
Business Solution
DMZ is the solution of this problem. In Oracle application we can achieve this by following way –
· Oracle Application consists of fleet nodes (FND_NODES) so first decide which node have to expose to public
· To expose the node to public use the profile “Node Trust Level”
· Set node to Public/Private (Normal -> private, External -> public)
· Set "Responsibility Trust Level" profile to decide whether to expose Application Responsibility to inside or outside firewall
Solution Features
· Exposed web services can be accessed by both internal and external users
· Configurable and can be very easily rolled out
· Internal network and business data is secured from outside traffic
· Unauthorized access to internal network from outside is prohibited
· No need for VPN and Secure FTP server
Benefits
· Large Organizations having Oracle Application can expose their web services like (HTTP/HTTPS and SSL) to the internet without compromise with security information and without exposing their internal domain
Possible Week Points
· If external firewall is compromised, then external application server is also compromised, exposing an attack on E-Business Suite database
· There’s nothing to prevent internal users from attacking internal application server, also exposing an attack on E-Business Suite database
Reference Links
· https://blogs.oracle.com/manojmadhusoodanan/tags/dmz
