APPS Blogs

TLS 1.2 Certified with E-Business Suite 12.1

Steven Chan - Tue, 2016-07-26 10:31

I'm pleased to announce that Oracle E-Business Suite 12.1 inbound, outbound, and loopback connections are now certified with TLS 1.2, 1.1, and 1.0. If you have not already migrated from SSL to TLS, you should begin planning the migration for your environment. 

For more information on patching and configuration requirements when migrating to TLS 1.2 from TLS 1.0 or SSL or enabling TLS for the first time, refer to the following My Oracle Support Knowledge Document:

Migrating to TLS 1.2 per the steps and configuration outlined in MOS Note 376700.1 will do the following:

  • Address recent security vulnerabilities (e.g. POODLE, FREAK, LOGIAM, RC4NOMORE)
  • Migrate to new OpenSSL libraries which will change the method by which you generate and import your certificate

Configuration Options

  • Configure TLS 1.2 with Backward Compatibility

    The default Oracle E-Business Suite 12.1 configuration allows for the handshake between the client and server to negotiate and use the highest version of TLS (either 1.2, 1.1, or 1.0) supported by both parties.

    For example, if the outbound connection used by iProcurement is by default configured for TLS 1.2, 1.1 and 1.0 and if a call is made from Oracle E-Business Suite iProcurement to an external site that supports TLS 1.2 and a common cipher suite is found, then TLS 1.2 will be used. If a call is made from Oracle E-Business Suite iProcurement to an external site that supports TLS 1.1 and a common cipher suite is found, then the handshake negotiation will resolve to use TLS 1.1.

  • Configure TLS 1.2 Only (Optional Configuration)

You may optionally configure Oracle E-Business Suite to use TLS 1.2 only for all inbound, outbound and loopback connections.

Warning: If you restrict Oracle E-Business Suite 12.1 to use only TLS 1.2, this configuration could result in the inability to connect with other sites or browsers that do not support TLS 1.2.
  • Disable the HTTP Port (Optional Configuration)

You may optionally configure the Oracle HTTP Sever (OHS) delivered with the Oracle E-Business Suite application technology stack to disable the HTTP port and use the HTTPS port only.

Where can I learn more?
There are several guides and documents that cover Oracle E-Business Suite 12.1 secure configuration and encryption. You can learn more by reading the following:

SSL or TLS 1.0 Reference Note

If you are using SSL or TLS 1.0 and need to review your current configuration or renew your certificate, you may refer to the following:

Related Articles

Categories: APPS Blogs

Positive Pay Implementation – Step by Step Guide

OracleApps Epicenter - Tue, 2016-07-26 10:27
Now that you know what Positive Pay is, you need to find out how to start using Positive Pay. First, we need to start by saying that EVERY bank handles Positive Pay differently. The steps/outline presented here are just a representation of what the most common implementation procedure could look like. 1. Contact your bank […]
Categories: APPS Blogs

EBS Release 12.x certified with Safari 9 on Apple OS X

Steven Chan - Mon, 2016-07-25 12:25
Apple logoOracle E-Business Suite Release 12.1.3 and 12.2.4 or higher are now certified with Apple Mac OS X with the following desktop configurations:
  • Mac OS X 10.11 ("El Capitan" version 10.11.5 or later 10.11 updates)
  • Mac OS X 10.10 ("Yosemite" version 10.10.2 or later 10.10 updates)
  • Safari version 9 (9.1.1 or later 9.x updates)
  • Oracle JRE 8 plugin (1.8.0_91 or higher)
Users should review all relevant information along with other specific patching requirements and known limitations posted in the Notes listed below.

More information on this can be found in the document:

Categories: APPS Blogs

Understanding Positive Pay

OracleApps Epicenter - Mon, 2016-07-25 10:36
Positive Pay can best be described as a fraud prevention program or tool. Technology has increasingly facilitated the ability of criminals to create counterfeit checks and false identification that can be used to engage in fraudulent check activities. As a result, companies must adopt practices to protect against check fraud. Positive pay can provide this […]
Categories: APPS Blogs

PeopleSoft Guest User Security

Being hospitable and welcoming to guests is usually considered good manners.  That said, being a gracious host does not mean you should be careless with your security.

With regard to PeopleSoft application security, the user GUEST is a default account created with the installation of PeopleSoft.  When performing a PeopleSoft security audit, several attributes of the GUEST user are reviewed, including the following -  take a look today at your settings:

For the GUEST user:

  • Change the default password
  • Ensure does not have access to sensitive menus and/or roles, including not having access to the following:
  • The role ‘PeopleSoft User’
  • Any role that includes the permission list PTPT1000
  • The role ‘PAPP_USER’
  • Any role that includes the permission list PAPP0002

If you have questions, please contact us at info@integrigy.com

Michael A. Miller, CISSP-ISSMP, CCSP

References

PeopleSoft Database Security

PeopleSoft Security Quick Reference

Auditing, Oracle PeopleSoft
Categories: APPS Blogs, Security Blogs

Release 12.2.5 AR Enhacement : Apply Receipts Automatically based on Match Score and Knapsack Method

OracleApps Epicenter - Sat, 2016-07-23 09:30
This is one of R12.2.5 Enhancement in EBS AR. The Automatic Cash Application improves accuracy and on-time application of cash receipts with the introduction of two new methods for automatically applying cash receipts. The first method generates match scores using the Levenshtein distance algorithm and automatically applies the receipt based on a score threshold. The […]
Categories: APPS Blogs

Oracle Data Relationship Management Analytics

OracleApps Epicenter - Sat, 2016-07-23 06:07
The following Patch Set Updates have been released Recently for Oracle Data Relationship Management 11.1.2.4.341. Patch 23236297 - PATCH SET UPDATE: ORACLE DATA RELATIONSHIP MANAGEMENT - 11.1.2.4.341 Patch 23750023 - PATCH SET UPDATE: DATA RELATIONSHIP MANAGEMENT ANALYTICS - 11.1.2.4.341 Oracle Data Relationship Management Analytics is a capstone dashboard and reporting application that draws upon the […]
Categories: APPS Blogs

Its all about DRG(Data Relationship Governance)

OracleApps Epicenter - Fri, 2016-07-22 10:47
You know, Oracle Data Relationship Management (DRM) is a web-based user-friendly platform for users to manage enterprise dimensions. The application provides many features such as SOX-compliant auditing, powerful and highly customizable business rule enforcement, versioning capabilities for storing historical views of dimensions, and multiple integration formats. Within DRM , DRG adds configurable, collaborative workflow to […]
Categories: APPS Blogs

Data governance

OracleApps Epicenter - Fri, 2016-07-22 10:25
Data governance is not a technology or a system but a set of processes and the organizational structure that governs the usage of all data assets of an enterprise. Data governance represents the convergence of data quality, data management, data policies,business process management, and risk management surrounding the handling of information as an asset within […]
Categories: APPS Blogs

ALL IN WITH DATA RELATIONSHIP MANAGEMENT (DRM) TOOL?

OracleApps Epicenter - Thu, 2016-07-21 06:18
Oracle Data Relationship Management (DRM) is an enterprise change management solution for building and retaining consistency within master data assets despite endless changes necessary to support underlying transactional and analytical systems. The Oracle Data Relationship Management (DRM) Suite is an integrated solution that helps enterprises master, govern and analyze enterprise dimensions, hierarchies and related attributes […]
Categories: APPS Blogs

BPEL 12.1.3 Certified for Prebuilt EBS 12.1.3 SOA Integrations

Steven Chan - Thu, 2016-07-21 02:07

Service Oriented Architecture (SOA) integrations with Oracle E-Business Suite can either be custom integrations that you build yourself or prebuilt integrations from Oracle.  For more information about the differences between the two options for SOA integrations, see this previously-published certification announcement.

The prebuilt BPEL business processes in Oracle E-Business Suite Release 12.1.3  are:

  • Oracle Price Protection (DPP)
  • Advanced Supply Chain Planning (MSC)
  • Oracle Transportation Management: Oracle Warehouse Management (WMS)
  • Oracle Transportation Management: Oracle Shipping Execution (WSH)
  • Oracle Transportation Management: Oracle Purchasing (PO)
  • Complex Maintenance, Repair & Overhaul (CMRO/AHL)

BPEL integration architecture diagram example

These prebuilt BPEL processes have now been certified with Oracle BPEL Process Manager 12c version 12.1.3 (in Oracle Fusion Middleware SOA Suite 12c) for Oracle E-Business Suite Release 12.1.3.

References

Certified Platforms

Oracle SOA Suite Release 12g 12.2.1 is certified to run on any operating system upon which Oracle WebLogic Server 12c is certified. Check the following for more details:

For information on operating systems supported by Oracle SOA Suite, refer to this document:

Integration with Oracle SOA Suite involves components spanning several different suites of Oracle products. There are no restrictions on which platform any particular component may be installed so long as the platform is supported for that component.

Getting Support

If you need support for the prebuilt EBS BPEL business processes, you can log Service Requests against the Applications Technology Group product family.

Related Articles

Categories: APPS Blogs

BPEL 12.2.1 Certified for Prebuilt EBS 12.1.3 SOA Integrations

Steven Chan - Thu, 2016-07-21 02:05

Service Oriented Architecture (SOA) integrations with Oracle E-Business Suite can either be custom integrations that you build yourself or prebuilt integrations from Oracle.  For more information about the differences between the two options for SOA integrations, see this previously-published certification announcement.

The prebuilt BPEL business processes in Oracle E-Business Suite Release 12.1.3  are:

  • Oracle Price Protection (DPP)
  • Advanced Supply Chain Planning (MSC)
  • Oracle Transportation Management: Oracle Warehouse Management (WMS)
  • Oracle Transportation Management: Oracle Shipping Execution (WSH)
  • Oracle Transportation Management: Oracle Purchasing (PO)
  • Complex Maintenance, Repair & Overhaul (CMRO/AHL)

BPEL integration architecture diagram example

These prebuilt BPEL processes have now been certified with Oracle BPEL Process Manager 12c version 12.2.1 (in Oracle Fusion Middleware SOA Suite 12c) for Oracle E-Business Suite Release 12.1.3.

References

Certified Platforms

Oracle SOA Suite Release 12g 12.2.1 is certified to run on any operating system upon which Oracle WebLogic Server 12c is certified. Check the following for more details:

For information on operating systems supported by Oracle SOA Suite, refer to this document:

Integration with Oracle SOA Suite involves components spanning several different suites of Oracle products. There are no restrictions on which platform any particular component may be installed so long as the platform is supported for that component.

Getting Support

If you need support for the prebuilt EBS BPEL business processes, you can log Service Requests against the Applications Technology Group product family.

Related Articles

Categories: APPS Blogs

JRE 1.8.0_101/102 Certified with Oracle EBS 12.x

Steven Chan - Wed, 2016-07-20 02:07

Java logo

Java Runtime Environment 1.8.0_101 (a.k.a. JRE 8u101-b13) and its corresponding Patch Set Update (PSU) JRE 1.8.0_102 and later updates on the JRE 8 codeline are now certified with Oracle E-Business Suite 12.1 and 12.2 for Windows desktop clients.

All JRE 6, 7, and 8 releases are certified with EBS upon release

Our standard policy is that all E-Business Suite customers can apply all JRE updates to end-user desktops:

  • From JRE 1.6.0_03 and later updates on the JRE 6 codeline
  • From JRE 1.7.0_10 and later updates on the JRE 7 codeline 
  • From JRE 1.8.0_25 and later updates on the JRE 8 codeline
We test all new JRE releases in parallel with the JRE development process, so all new JRE releases are considered certified with the E-Business Suite on the same day that they're released by our Java team. 

You do not need to wait for a certification announcement before applying new JRE 6, 7, or 8 releases to your EBS users' desktops.

What's new in this release?

Oracle now releases a Critical Patch update (CPU) at the same time as the corresponding Patch Set Update (PSU) release for Java SE 8.

  • CPU Release:  JRE 1.8.0_101
  • PSU Release:  JRE 1.8.0_102
Oracle recommends that Oracle E-Business Suite customers use the CPU release (JRE 1.8.0_101) and only upgrade to the PSU release (1.8.0_102) if they require a specific bug fix.  For further information and bug fix details see Java CPU and PSU Releases Explained.

32-bit and 64-bit versions certified

This certification includes both the 32-bit and 64-bit JRE versions for various Windows operating systems. See the respective Recommended Browser documentation for your EBS release for details.

Where are the official patch requirements documented?

All patches required for ensuring full compatibility of the E-Business Suite with JRE 8 are documented in these Notes:

For EBS 12.1 & 12.2

EBS + Discoverer 11g Users

This JRE release is certified for Discoverer 11g in E-Business Suite environments with the following minimum requirements:

Implications of Java 6 and 7 End of Public Updates for EBS Users

The Oracle Java SE Support Roadmap and Oracle Lifetime Support Policy for Oracle Fusion Middleware documents explain the dates and policies governing Oracle's Java Support.  The client-side Java technology (Java Runtime Environment / JRE) is now referred to as Java SE Deployment Technology in these documents.

Starting with Java 7, Extended Support is not available for Java SE Deployment Technology.  It is more important than ever for you to stay current with new JRE versions.

If you are currently running JRE 6 on your EBS desktops:

  • You can continue to do so until the end of Java SE 6 Deployment Technology Extended Support in June 2017
  • You can obtain JRE 6 updates from My Oracle Support.  See:

If you are currently running JRE 7 on your EBS desktops:

  • You can continue to do so until the end of Java SE 7 Deployment Technology Premier Support in July 2016
  • You can obtain JRE 7 updates from My Oracle Support.  See:

If you are currently running JRE 8 on your EBS desktops:

Will EBS users be forced to upgrade to JRE 8 for Windows desktop clients?

No.

This upgrade is highly recommended but remains optional while Java 6 and 7 are covered by Extended Support. Updates will be delivered via My Oracle Support, where you can continue to receive critical bug fixes and security fixes as well as general maintenance for JRE 6 and 7 desktop clients. Note that there are different impacts of enabling JRE Auto-Update depending on your current JRE release installed, despite the availability of ongoing support for JRE 6 and 7 for EBS customers; see the next section below.

Impact of enabling JRE Auto-Update

Java Auto-Update is a feature that keeps desktops up-to-date with the latest Java release.  The Java Auto-Update feature connects to java.com at a scheduled time and checks to see if there is an update available.

Enabling the JRE Auto-Update feature on desktops with JRE 6 installed will have no effect.

With the release of the January Critical patch Updates, the Java Auto-Update Mechanism will automatically update JRE 7 plug-ins to JRE 8.

Enabling the JRE Auto-Update feature on desktops with JRE 8 installed will apply JRE 8 updates.

Coexistence of multiple JRE releases Windows desktops

The upgrade to JRE 8 is recommended for EBS users, but some users may need to run older versions of JRE 6 or 7 on their Windows desktops for reasons unrelated to the E-Business Suite.

Most EBS configurations with IE and Firefox use non-static versioning by default. JRE 8 will be invoked instead of earlier JRE releases if both are installed on a Windows desktop. For more details, see "Appendix B: Static vs. Non-static Versioning and Set Up Options" in Notes 290807.1 and 393931.1.

What do Mac users need?

JRE 8 is certified for Mac OS X 10.8 (Mountain Lion), 10.9 (Mavericks), and 10.10 (Yosemite) desktops.  For details, see:

Will EBS users be forced to upgrade to JDK 8 for EBS application tier servers?

No.

JRE is used for desktop clients.  JDK is used for application tier servers.

JRE 8 desktop clients can connect to EBS environments running JDK 6 or 7.

JDK 8 is not certified with the E-Business Suite.  EBS customers should continue to run EBS servers on JDK 6 or 7.

Known Iusses

Internet Explorer Performance Issue

Launching JRE 1.8.0_73 through Internet Explorer will have a delay of around 20 seconds before the applet starts to load (Java Console will come up if enabled).

This issue fixed in JRE 1.8.0_74.  Internet Explorer users are recommended to uptake this version of JRE 8.

Form Focus Issue

Clicking outside the frame during forms launch may cause a loss of focus when running with JRE 8 and can occur in all Oracle E-Business Suite releases. To fix this issue, apply the following patch:

References

Related Articles
Categories: APPS Blogs

JRE 1.7.0_111 Certified with Oracle E-Business Suite 12.x

Steven Chan - Wed, 2016-07-20 02:06

Java logo

Java Runtime Environment 1.7.0_111 (a.k.a. JRE 7u111-b13) and later updates on the JRE 7 codeline are now certified with Oracle E-Business Suite Release 12.x for Windows-based desktop clients.

All JRE 6, 7, and 8 releases are certified with EBS upon release

Our standard policy is that all E-Business Suite customers can apply all JRE updates to end-user desktops:

  • From JRE 1.6.0_03 and later updates on the JRE 6 codeline
  • From JRE 1.7.0_10 and later updates on the JRE 7 codeline 
  • From JRE 1.8.0_25 and later updates on the JRE 8 codeline
We test all new JRE releases in parallel with the JRE development process, so all new JRE releases are considered certified with the E-Business Suite on the same day that they're released by our Java team. 

You do not need to wait for a certification announcement before applying new JRE 6, 7, or 8 releases to your EBS users' desktops.

Effects of new support dates on Java upgrades for EBS environments

Support dates for the E-Business Suite and Java have changed.  Please review the sections below for more details:

  • What does this mean for Oracle E-Business Suite users?
  • Will EBS users be forced to upgrade to JRE 7 for Windows desktop clients?
  • Will EBS users be forced to upgrade to JDK 7 for EBS application tier servers?

32-bit and 64-bit versions certified

This certification includes both the 32-bit and 64-bit JRE versions for various Windows operating systems. See the respective Recommended Browser documentation for your EBS release for details.

Where are the official patch requirements documented?

EBS + Discoverer 11g Users

This JRE release is certified for Discoverer 11g in E-Business Suite environments with the following minimum requirements:

JRE 7 End of Public Updates

The JRE 7u79 release was the last JRE 7 update available to the general public.  Java is an integral part of the Oracle E-Business Suite technology stack, so EBS users will continue to receive Java SE 7 updates to the end of Java SE 7 Premier Support to the end of July 2016.

How can EBS customers obtain Java 7 updates after the public end-of-life?

EBS customers can download Java 7 patches from My Oracle Support.  For a complete list of all Java SE patch numbers, see:

Both JDK and JRE packages are now contained in a single combined download.  Download the "JDK" package for both the desktop client JRE and the server-side JDK package. 

Coexistence of multiple JRE releases Windows desktops

The upgrade to JRE 8 is recommended for EBS users, but some users may need to run older versions of JRE 6 or 7 on their Windows desktops for reasons unrelated to the E-Business Suite.

Most EBS configurations with IE and Firefox use non-static versioning by default. JRE 8 will be invoked instead of earlier JRE releases if both are installed on a Windows desktop. For more details, see "Appendix B: Static vs. Non-static Versioning and Set Up Options" in Notes 290807.1 and 393931.1.

Java Auto-Update Mechanism

With the release of the January 2015 Critical patch Updates, the Java Auto-Update Mechanism will automatically update JRE 7 plug-ins to JRE 8.

Coexistence of multiple JRE releases Windows desktops

The upgrade to JRE 8 is recommended for EBS users, but some users may need to run older versions of JRE 6 or 7 on their Windows desktops for reasons unrelated to the E-Business Suite.

Most EBS configurations with IE and Firefox use non-static versioning by default. JRE 8 will be invoked instead of earlier JRE releases if both are installed on a Windows desktop. For more details, see "Appendix B: Static vs. Non-static Versioning and Set Up Options" in Notes 290807.1 and 393931.1.

What do Mac users need?

Mac users running Mac OS X 10.7 (Lion), 10.8 (Mountain Lion), 10.9 (Mavericks), and 10.10 (Yosemite) can run JRE 7 or 8 plug-ins.  See:

Will EBS users be forced to upgrade to JDK 7 for EBS application tier servers?

JRE is used for desktop clients.  JDK is used for application tier servers

JDK upgrades for E-Business Suite application tier servers are highly recommended but currently remain optional while Java 6 is covered by Extended Support. Updates will be delivered via My Oracle Support, where you can continue to receive critical bug fixes and security fixes as well as general maintenance for JDK 6 for application tier servers. 

Java SE 6 is covered by Extended Support until June 2017.  All EBS customers with application tier servers on Windows, Solaris, and Linux must upgrade to JDK 7 by June 2017. EBS customers running their application tier servers on other operating systems should check with their respective vendors for the support dates for those platforms.

JDK 7 is certified with E-Business Suite 12.  See:

Known Issues

When using Internet Explorer, JRE 1.7.0_01 had a delay of around 20 seconds before the applet started to load. This issue is fixed in JRE 1.7.0_95.

References

Related Articles
Categories: APPS Blogs

JRE 1.6.0_121 Certified with Oracle E-Business Suite 12.x

Steven Chan - Wed, 2016-07-20 02:05
Java logThe latest Java Runtime Environment 1.6.0_121 (a.k.a. JRE 6u121-b9) and later updates on the JRE 6 codeline are now certified with Oracle E-Business Suite Release 12.x for Windows-based desktop clients.

All JRE 6, 7, and 8 releases are certified with EBS upon release

Our standard policy is that all E-Business Suite customers can apply all JRE updates to end-user desktops:

  • From JRE 1.6.0_03 and later updates on the JRE 6 codeline
  • From JRE 1.7.0_10 and later updates on the JRE 7 codeline 
  • From JRE 1.8.0_25 and later updates on the JRE 8 codeline
We test all new JRE releases in parallel with the JRE development process, so all new JRE releases are considered certified with the E-Business Suite on the same day that they're released by our Java team. 

You do not need to wait for a certification announcement before applying new JRE 6, 7, or 8 releases to your EBS users' desktops.

Effects of new support dates on Java upgrades for EBS environments

Support dates for the E-Business Suite and Java have changed.  Please review the sections below for more details:

  • What does this mean for Oracle E-Business Suite users?
  • Will EBS users be forced to upgrade to JRE 7 for Windows desktop clients?
  • Will EBS users be forced to upgrade to JDK 7 for EBS application tier servers?

New EBS installation scripts

This JRE release is the first with a 3-digit Java version. Installing this in your EBS 11i and 12.x environments will require new installation scripts.  See the documentation listed in the 'References' section for more detail.

32-bit and 64-bit versions certified

This certification includes both the 32-bit and 64-bit JRE versions for various Windows operating systems. See the respective Deploying JRE documentation for your EBS release for details.

Implications of Java 6 End of Public Updates for EBS Users

The Support Roadmap for Oracle Java is published here:

The latest updates to that page (as of Sept. 19, 2012) state:

Java SE 6 End of Public Updates Notice

After February 2013, Oracle will no longer post updates of Java SE 6 to its public download sites. Existing Java SE 6 downloads already posted as of February 2013 will remain accessible in the Java Archive on Oracle Technology Network. Developers and end-users are encouraged to update to more recent Java SE versions that remain available for public download. For enterprise customers, who need continued access to critical bug fixes and security fixes as well as general maintenance for Java SE 6 or older versions, long term support is available through Oracle Java SE Support .

What does this mean for Oracle E-Business Suite users?

EBS users fall under the category of "enterprise users" above.  Java is an integral part of the Oracle E-Business Suite technology stack, so EBS users will continue to receive Java SE 6 updates from February 2013 to the end of Java SE 6 Extended Support in June 2017.

In other words, nothing changes for EBS users after February 2013. 

EBS users will continue to receive critical bug fixes and security fixes as well as general maintenance for Java SE 6 until the end of Java SE 6 Extended Support in June 2017. 

How can EBS customers obtain Java 6 updates after the public end-of-life?

Java 6 is now available only via My Oracle Support for E-Business Suite users.  You can find links to this release, including Release Notes, documentation, and the actual Java downloads here: Both JDK and JRE packages are contained in a single combined download after 6u45.  Download the "JDK" package for both the desktop client JRE and the server-side JDK package.

Coexistence of multiple JRE releases Windows desktops

The upgrade to JRE 8 is recommended for EBS users, but some users may need to run older versions of JRE 6 or 7 on their Windows desktops for reasons unrelated to the E-Business Suite.

Most EBS configurations with IE and Firefox use non-static versioning by default. JRE 8 will be invoked instead of earlier JRE releases if both are installed on a Windows desktop. For more details, see "Appendix B: Static vs. Non-static Versioning and Set Up Options" in Notes 290807.1 and 393931.1.

What do Mac users need?

Mac users running Mac OS X 10.10 (Yosemite) can run JRE 7 or 8 plug-ins.  See:

Will EBS users be forced to upgrade to JDK 7 for EBS application tier servers?

JRE is used for desktop clients.  JDK is used for application tier servers

JDK upgrades for E-Business Suite application tier servers are highly recommended but currently remain optional while Java 6 is covered by Extended Support. Updates will be delivered via My Oracle Support, where you can continue to receive critical bug fixes and security fixes as well as general maintenance for JDK 6 for application tier servers. 

Java SE 6 is covered by Extended Support until June 2017.  All EBS customers with application tier servers on Windows, Solaris, and Linux must upgrade to JDK 7 by June 2017. EBS customers running their application tier servers on other operating systems should check with their respective vendors for the support dates for those platforms.

JDK 7 is certified with E-Business Suite 12.  See:

References

Related Articles

Categories: APPS Blogs

Critical Patch Update for July 2016 Now Available

Steven Chan - Tue, 2016-07-19 14:45

The Critical Patch Update (CPU) for July 2016 was released on July 19, 2016. Oracle strongly recommends applying the patches as soon as possible.

The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

Supported products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

The Critical Patch Update Advisory is available at the following location:

It is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches.

The next four Critical Patch Update release dates are:

  • October 18, 2016
  • January 17, 2017
  • April 18, 2017
  • July 18, 2017
References Related Articles

Categories: APPS Blogs

PeopleSoft Security User Authorization Audits

When performing a PeopleSoft security audit, reviewing what rights and privileges individual users have been granted for system and application security privileges (authorization) is one of the key deliverables. The following are several of the topics that Integrigy investigates during our PeopleSoft security configuration assessments - take a look today at your settings:

Review users with access to

  • PeopleTools
  • The SQR folder
  • Process scheduler
  • Security and other sensitive administration menus
  • Security and other sensitive administration roles
  • Web profiles
  • PeopleSoft Administrator Role
  • Correction mode

To check access to PeopleTools, use the following. If you need assistance with the other topics, let us know –

-- Access to PeopleTools

SELECT UNIQUE  A.OPRID, A.OPRDEFNDESC, A.ACCTLOCK, B.ROLENAME
FROM SYSADM.PSOPRDEFN A, SYSADM.PSROLEUSER B
WHERE A.OPRID = B.ROLEUSER
AND upper(B.ROLENAME) ='PEOPLETOOLS'
ORDER BY A.OPRID,B.ROLENAME;

 

If you have questions, please contact us at info@integrigy.com

Michael A. Miller, CISSP-ISSMP, CCSP

References

PeopleSoft Database Security

PeopleSoft Security Quick Reference

Auditing, Oracle PeopleSoft
Categories: APPS Blogs, Security Blogs

BPEL 12.2.1 Certified for Prebuilt EBS 12.2 SOA Integrations

Steven Chan - Thu, 2016-07-14 12:47

Service Oriented Architecture (SOA) integrations with Oracle E-Business Suite can either be custom integrations that you build yourself or prebuilt integrations from Oracle.  For more information about the differences between the two options for SOA integrations, see this previously-published certification announcement.

The prebuilt BPEL business processes in Oracle E-Business Suite Release 12.2 are:

  • Oracle Price Protection (DPP)
  • Advanced Supply Chain Planning (MSC)
  • Oracle Transportation Management: Oracle Warehouse Management (WMS)
  • Oracle Transportation Management: Oracle Shipping Execution (WSH)
  • Oracle Transportation Management: Oracle Purchasing (PO)
  • Complex Maintenance, Repair & Overhaul (CMRO/AHL)

BPEL integration architecture diagram example

These prebuilt BPEL processes have now been certified with Oracle BPEL Process Manager 12c version 12.2.1 (in Oracle Fusion Middleware SOA Suite 12c) for Oracle E-Business Suite Release 12.2.

References

Certified Platforms

Oracle SOA Suite Release 12g 12.2.1 is certified to run on any operating system upon which Oracle WebLogic Server 12c is certified. Check the following for more details:

For information on operating systems supported by Oracle SOA Suite, refer to this document:

Integration with Oracle SOA Suite involves components spanning several different suites of Oracle products. There are no restrictions on which platform any particular component may be installed so long as the platform is supported for that component.

Pending Certifications 

The certification for BPEL 12.2.1 with prebuilt EBS 12.1 SOA integrations is underway now. Oracle's Revenue Recognition rules prohibit us from discussing certification and release dates, but you're welcome to monitor or subscribe to this blog. I'll post updates here as soon as soon as they're available.   

Getting Support

If you need support for the prebuilt EBS BPEL business processes, you can log Service Requests against the Applications Technology Group product family.

Related Articles

Categories: APPS Blogs

Application Management Pack 13.1.1.1 for EM 13c Now Available

Steven Chan - Mon, 2016-07-11 15:24

Application Management Pack (AMP) 13.1.1.1 for Oracle E-Business Suite is now available.  This E-Business Suite plug-in for Oracle Enterprise Manager Cloud Control 13c can be used to manage Oracle E-Business Suite 11.5.10.2, 12.0, 12.1, and 12.2 environments.

What's new in this release?

  • Enterprise Manager 13c Compatibility
EM 13c includes several enhancements including a new Fusion Middleware technology stack, Alta skin user interface and (EBR) Edition Based Redefinition support.


  • Hybrid Cloud Management
Monitor and manage E-Business Suite environments on Oracle Cloud and On-premise. These capabilities are delivered as Enterprise Manager command line interface (EMCLI) to manage, provision, migrate, backup, restore, clone, patch, and lift-and-shift E-Business Suite on Oracle Cloud. 
  • System Management
    • Real User Experience Insight (RUEI)  regions integrated within E-Business Suite Summary Dashboard
    • Automated host aliasing

  • Change Management
    • Patch Recommendations: Deploy recommended E-Business Suite technology stack patches, including Database and WebLogic Server patches, using EM patch plans. 
    • Customization Management: View the inventory of customizations in an Oracle E-Business Suite environment. View or download a spreadsheet of discovered customizations by customization type. Customization Discovery & Reporting process now includes discovery of database objects. 
    • Cloning: Save cloning interview process as templates that can be used for future purposes for Smart Clone for R12, 12.2.x procedure, and add custom parameters to the cloning procedure. 

References

Downloads
The Oracle Application Management Suite for Oracle E-Business Suite can be downloaded and installed by using the Self Update feature of Oracle Enterprise Manager.

Related Articles

Categories: APPS Blogs

PeopleSoft Integration Broker (IB) Security

Securing the PeopleSoft Integration Broker (IB) ensures the security of messaging both within PeopleSoft applications and among third-party systems. The following are several of the key tasks that Integrigy performs during our PeopleSoft security configuration assessments - take a look today at your settings:

  • Ensure all inbound requests are required to use Secure Socket Layer security/Transport Layer Security (SSL/TLS)
  • Ensure that the default the PSKEY  password has been changed - The PSKEY is keystore contains all root and node certificates used by the Integration Gateway and PIA. Using the default or weak password is not best practice.
  • Ensure the IB node ANONYMOUS is appropriately privileged.  If IB connections do not specify a node name and credentials, IB will try to use the ANONYMOUS node and the “default user ID” tied to that node. This default user must not be a highly privileged user and should be granted the least number of privilege possible.
  • Review all other nodes for permissions appropriate for the business services supported by the node. Best practice is to use a unique UserID for each node that only has appropriate permissions to only to the required objects or related sets of operations.

The following attributes are also reviewed that govern IB activity :

Integration Broker Profile Values

Field

Description

Recommendation

IB_PROFILESTATUS

IB Profile Status. If enabled, IB will show performance information.

For production or Internet facing set to off.

IB_ENABLELOG

Enables logging

 

For production or Internet facing set to off.

IB_LOGLEVEL

Log Level  (if logging is enabled)

1= Standard gateway exception errors.

  1. 2 = All errors and warnings (Default.)
  • 3 = Errors, warnings and important information.
  • 4 = Errors, warnings, important and standard information.
  • 5= Errors, warnings important, standard and low importance information

Default: 2

IB_DEPTHLIMIT

Checks for recursion within messages (number of levels) to ensure that messages do not reference themselves.

Value between 3 and 50

Default: 20

IB_MASTER_OVERRIDE

Determines if Master processing returns statistics in the Output Information section after a Post.

For production or Internet facing set to off.

IB_PRE_848

Pre-848 Tools Release

Default is N

IB_MULTIACT_DOMAIN

By default, only one domain may be active in the Integration Broker system. However, PeopleSoft provides the option to enable the activation of multiple domains.

Off unless required.

IB_USEIPADDRESS

Determines if the application server URL for a synchronous slave template uses the application server IP address:  e.g. URL format from <machine name>:<jolt port> to IP address

On

 

If you have questions, please contact us at info@integrigy.com

Michael A. Miller, CISSP-ISSMP, CCSP

References

PeopleSoft Database Security

PeopleSoft Security Quick Reference

Oracle PeopleSoft
Categories: APPS Blogs, Security Blogs

Pages

Subscribe to Oracle FAQ aggregator - APPS Blogs