Services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the AWS European Sovereign Cloud Region, see the AWS European Sovereign Cloud User Guide.Configure HTTPS encryption for Oracle JD Edwards EnterpriseOne on Oracle WebLogic by using an Application Load Balancer
Thanigaivel Thirumalai, Amazon Web Services
Summary
This pattern explains how to configure HTTPS encryption for SSL offloading in Oracle JD Edwards EnterpriseOne on Oracle WebLogic workloads. This approach encrypts traffic between the user’s browser and a load balancer to remove the encryption burden from the EnterpriseOne servers.
Many users scale the EnterpriseOne JAVA virtual machine (JVM) tier horizontally by using an AWS Application Load Balancer. The load balancer serves as the single point of contact for clients, and distributes incoming traffic across multiple JVMs. Optionally, the load balancer can distribute the traffic across multiple Availability Zones and increase the availability of EnterpriseOne.
The process described in this pattern configures encryption between the browser and the load balancer instead of encrypting the traffic between the load balancer and the EnterpriseOne JVMs. This approach is referred to as SSL offloading. Offloading the SSL decryption process from the EnterpriseOne web or application server to the Application Load Balancer reduces the burden on the application side. After SSL termination at the load balancer, the unencrypted traffic is routed to the application on AWS.
Oracle JD Edwards EnterpriseOne is an enterprise resource planning (ERP) solution for organizations that manufacture, construct, distribute, service, or manage products or physical assets. JD Edwards EnterpriseOne supports various hardware, operating systems, and database platforms.
Prerequisites and limitations
Prerequisites
Product versions
Architecture
There are multiple approaches to perform SSL offloading. This pattern uses an Application Load Balancer and Oracle HTTP Server (OHS), as illustrated in the following diagram.
The following diagram shows the JD Edwards EnterpriseOne, Application Load Balancer, and Java Application Server (JAS) JVM layout.
Tools
AWS services
Application Load Balancers distribute incoming application traffic across multiple targets, such as Amazon Elastic Compute Cloud (Amazon EC2 instances), in multiple Availability Zones.
AWS Certificate Manager (ACM) helps you create, store, and renew public and private SSL/TLS X.509 certificates and keys that protect your AWS websites and applications.
Amazon Route 53 is a highly available and scalable DNS web service.
Best practices
Epics
| Task | Description | Skills required |
|---|
Install and configure Oracle components. | Install Fusion Middleware Infrastructure by following the standard installation process. This program helps you install and configure a WebLogic domain. For instructions, see the Oracle documentation. Install OHS by following the standard installation process. For instructions, see the Oracle documentation. When installation is complete, start the configuration wizard (config.sh file) to configure OHS. You can update an existing domain or create a new domain. This pattern assumes that you’re updating an existing domain. For Available Templates, choose Oracle Enterprise Manager-Restricted JRF and Oracle HTTP Server (Restricted JRF). Selecting these Java Required Files (JRF) options eliminates the connection to an external database. For Managed Servers, Clusters, Server Templates, Coherence Clusters, Machines, Assign Servers to Machines, Virtual targets, and Partitions, accept the default configuration values and choose Next to move to the next category. Complete the configuration details (for example, administrator host and port, listen address and port, server name) for the OHS instance (for example, ohs1).
| JDE CNC, WebLogic administrator |
Enable the WebLogic plugin at the domain level. | The WebLogic plugin is required for load balancing. To enable the plugin: Log in to the WebLogic administration console by using the link: http://<WeblogicServer>:<Adminport>/console
Choose Lock & Edit, and then choose Configuration, Web Applications. Choose the WebLogic Plugin Enabled (check box or dropdown option). Choose Save and Activate Changes.
| JDE CNC, WebLogic administrator |
Edit the configuration file. | The mod_wl_ohs.conf file configures proxy requests from OHS to WebLogic. Edit this file. It’s located at: $ORACLE_HOME/user_projects/domains/
For example: /home/oracle/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain/config/fmwconfig/components/OHS/instances/ohs1
Add the WebLogic host (WebLogicHost) and port (WebLogicPort) values (This pattern assumes localhost and port 8000.) Add WLProxySSL and WLProxySSLPassThrough values as follows:
<VirtualHost *:8000>
<Location /jde>
WLSRequest On
SetHandler weblogic-handler
WebLogicHost localhost
WebLogicPort 8000
WLProxySSL On
WLProxySSLPassThrough On
</Location>
</VirtualHost>
| JDE CNC, WebLogic administrator |
Start OHS by using the Enterprise Manager. | Log in to Enterprise Manager Fusion Middleware by using the link: http://<WeblogicServer>:<Adminport>/em/
In Target Navigation, under HTTP Server, select the OHS instance (for example, ohs1). Choose Shut Down and Start Up to restart the OHS instance. When OHS setup is complete, you can connect to the EnterpriseOne HTML client by using your HTTP server host name with port 8000 instead of the EnterpriseOne server host name. If you use a port other than the default Oracle HTTP port, edit the httpd.conf file to add a listener for that port in two places: #[Listen] OHS_LISTEN_PORT
Listen 8000
and: #
ServerName <WeblogicServer1>:8000
| JDE CNC, WebLogic administrator |
| Task | Description | Skills required |
|---|
Set up a target group. | Create a target group for the HTTP server port 8000. Register the targets under the target group with the same port. Check the status of the targets to confirm that they are healthy. Configure the health check settings as necessary.
For detailed instructions, see the Elastic Load Balancing documentation. | AWS administrator |
Set up the load balancer. | Create an Application Load Balancer with default attributes and the required virtual private cloud (VPC), security groups, and subnets. For instructions, see the Elastic Load Balancing documentation. Add a listener entry for HTTPS 443 and forward it to the target group that you created in the previous step. (For instructions, see the Elastic Load Balancing documentation.) An HTTPS listener requires an SSL certificate. You can choose a certificate from ACM or upload one. For both listeners, enable stickiness by following the instructions in the Elastic Load Balancing documentation.
| AWS administrator |
Add a Route 53 (DNS) record. | (Optional) You can add an Amazon Route 53 DNS record for the subdomain. This record would point to your Application Load Balancer. For instructions, see the Route 53 documentation. | AWS administrator |
Troubleshooting
| Issue | Solution |
|---|
HTTP server doesn’t appear. | If HTTP Server doesn’t appear in the Target Navigation list on the Enterprise Manager console, follow these steps: Under WebLogic Domain, Administration, choose OHS Instances. Choose Create to create a new OHS instance. Provide an instance name, and then choose OK to create the instance.
When the instance has been created and changes have been activated, you will be able to see the HTTP server in the Target Navigation panel. |
Related resources
AWS documentation
Oracle documentation:
