APPS Blogs

Creditcard and Bank Account Decryption No Longer Possible in Oracle E-Business Suite

In January 2014 Integrigy published extensive research and recommendations on how best to secure credit cards and bank accounts within the Oracle E-Business Suite. This research is available here Oracle E-Business Suite: Credit Cards and PCI Compliance

With Release 12 of the Oracle E-Business Suite, Oracle consolidated into the new Payments module, new functionality to encrypt credit cards and external bank accounts. Integrigy’s recommendation in January 2014 was that if encryption was enabled, that the concurrent programs to optionally decrypt credit cards and external bank accounts also be disabled. Integrigy's rationale for this recommendation was that decryption should only be allowed in a carefully controlled and managed process. End-dating the decryption request set and concurrent programs would prevent the decryption programs from being run accidently or run for nefarious purposes – in production but certainly in non-production databases.

Evidently, Oracle is now once again taking a security recommendation from Integrigy by permanently disabling the decryption programs. Per Oracle’s security team, the decryption programs have been disabled. For more information refer to Oracle Support Note 2209450.1, posted December 1, 2016 - "Is It Possible To Decrypt the Bank Accounts Data After Enabling The Encryption Feature."

If you have questions about protecting credit cards and/or external bank accounts in the Oracle E-Business Suite or have questions about this blog post, please contact us at info@integrigy.com

-Michael Miller, CISSP-ISSMP, CCSP, CCSK

References
 
 
 
Encryption, PCI, Oracle E-Business Suite
Categories: APPS Blogs, Security Blogs

Deploying Oracle E-Business Suite 12.2 SOAP Web Services

This is the fifth posting in a blog series summarizing the new Oracle E-Business Suite 12.2 Mobile and web services functionality and recommendations for securing them.

Physically deploying SOAP-based web services for the Oracle E-Business Suite is more complicated than for REST. SOAP interfaces are best used to support heavy-duty solutions such as Business-to-Business (B2B) interfaces. To deploy SOAP services for the Oracle E-Business Suite, the Oracle SOA Suite must be licensed and configured. Once the SOA Suite is installed and configured, two (2) WebLogic servers will exist. The first WebLogic server is the initial WebLogic server supporting the Oracle E-Business Suite and the second WebLogic Server is the WebLogic server supporting the SOA Suite. Integration between the two WebLogic Servers is done through both through HTTP and the ISG client. The ISG client is installed on the SOA Suite’s WebLogic server and uses Oracle’s proprietary T3 protocol to do the majority of the heavy lifting for communication with the E-Business Suite.

When a SOAP service is deployed within the Integrated SOA Gateway forms in the Oracle E-Business Suite, the SOAP Web Services Description Language (WDSL) file defining the web service is generated on the second WebLogic Server, the SOA Suite WebLogic Server, not the E-Business Suite’s WebLogic server. The interaction with B2B business partners using the web service then occurs between the Oracle SOA Suite and the business partner’s servers. Ultimately the Oracle E-Business Suite generates or receives the information, but the Oracle E-Business Suite does not directly communicate with the B2B partners.

SOAP Needs a Separate SOA Suite WebLogic Server

Only the SOA Suite communicates with B2B clients

If you have any questions, please contact us at info@integrigy.com

-Michael Miller, CISSP-ISSMP, CCSP, CCSK

References
 
 
 
 
 
 
 
 
 
Web Services, DMZ/External, Oracle E-Business Suite
Categories: APPS Blogs, Security Blogs

Reminder: Upgrade BPEL 11.1.1.7 to 11.1.1.9 Before December 2018

Steven Chan - Thu, 2017-03-23 10:48

Oracle Fusion Middleware products get new Patch Set updates.  When a new Patch Set has been released, a 12 month Grace Period for the previous Patch Set begins.  Once that Grace Period ends, no new patches for the previous Patch Set will be released.

For more details, see:

Oracle BPEL Process Manager is part of Oracle SOA Suite 11.1.1.x.  Note 1290894.1 does not have a separate listing for Oracle SOA Suite; it refers to "Oracle Fusion Middleware" (FWM) instead. The references in that document to "FMW" implicitly include SOA Suite.

SOA Suite 11.1.1.7 was released in April 2013.  SOA Suite 11.1.1.9 was released in May 2015, which means that the Grace Period for SOA Suite 11.1.1.7 will end after December 2018. 

All E-Business Suite users running BPEL Process Manager in SOA Suite 11.1.1.7 should upgrade to BPEL Process Manager in SOA Suite 11.1.1.9 to remain under Error Correction Support. SOA Suite 11.1.1.x is covered by Premier Support to December 2018, and covered by Extended Support to December 2021.

Related Articles

Categories: APPS Blogs

Reminder: Upgrade BPEL 11.1.1.7 to 11.1.1.9 Before December 2018

Steven Chan - Thu, 2017-03-23 10:48

Oracle Fusion Middleware products get new Patch Set updates.  When a
new Patch Set has been released, a 12 month Grace Period for the
previous Patch Set begins.  Once that Grace Period ends, no new patches
for the previous Patch Set will be released.

For more details, see:

Oracle BPEL Process Manager is part of Oracle SOA Suite 11.1.1.x.  Note 1290894.1 does not have a separate listing for Oracle SOA Suite; it refers to "Oracle Fusion Middleware" (FWM) instead. The references in that document to "FMW" implicitly include SOA Suite.

SOA Suite 11.1.1.7 was released in
April 2013.  SOA Suite 11.1.1.9 was released in May 2015, which means that
the Grace Period for SOA Suite 11.1.1.7 will end after December 2018. 


All E-Business Suite users running BPEL Process Manager in SOA Suite 11.1.1.7 should
upgrade to BPEL Process Manager in SOA Suite 11.1.1.9 to remain under Error Correction
Support. SOA Suite 11.1.1.x is
covered by Premier Support to December 2018, and covered by Extended
Support to December 2021.

Related Articles

Categories: APPS Blogs

Webcast: "Installation, Cloning and Configuration of EBS 12.2"

Steven Chan - Wed, 2017-03-22 10:51

Install EBS 12.2Oracle University has a wealth of free webcasts for Oracle E-Business Suite.  If you're looking for an overview of how to install, clone, and configure EBS 12.2, see:

Max Arderius, Senior Principal Product Manager covers the technology stack for Oracle E-Business Suite 12.2, including the use of Oracle WebLogic Server (Oracle Fusion Middleware 11g) and Oracle Database functionality. Topics include an architectural overview of the latest updates, installation options, configuration options, and new tools for automated cloning. Also learn how Online Patching (based on the Oracle Database Edition-Based Redefinition feature) will reduce your database patching downtimes. This material was presented at OOW 2015.

Categories: APPS Blogs

Webcast: "Installation, Cloning and Configuration of EBS 12.2"

Steven Chan - Wed, 2017-03-22 10:51

Install EBS 12.2Oracle
University has a wealth of free webcasts for Oracle E-Business Suite. 
If you're looking for an overview of how to install, clone, and configure EBS 12.2, see:

Max Arderius, Senior Principal Product Manager covers the technology stack for Oracle E-Business Suite 12.2, including the use of Oracle WebLogic Server (Oracle Fusion Middleware 11g) and Oracle Database functionality. Topics include an architectural overview of the latest updates, installation options, configuration options, and new tools for automated cloning. Also learn how Online Patching (based on the Oracle Database Edition-Based Redefinition feature) will reduce your database patching downtimes. This material was presented at OOW 2015.

 

Categories: APPS Blogs

Webcast: "Personalizing EBS: The Next Generation"

Steven Chan - Wed, 2017-03-22 02:06

Personalize EBS Oracle
University has a wealth of free webcasts for Oracle E-Business Suite. 
If you're looking for an overview of how to personalize EBS 12.2, see:

Senthilkumar Ramalingam, Group Manager Product Development, discusses the new Release 12.2 Administrator Personalization Workbench that allows you to quickly and easily personalize Oracle Aramework Framework (OAF) applications. The new Personalization Workbench provides an intuitive, WYSIWYG personalization experience and offers rich interactivity like select-and-edit and drag-and-drop to perform a wide range of personalizations on a page. Learn about new OAF end user personalization capabilities for optimizing the experience on iOS or Android tablets. Leverage new gesture support and tablet-optimized components in your customizations and extensions. See how to use the Oracle E-Business Suite Developer VM on Oracle Cloud to develop personalizations and extensions. This material was presented at Oracle OpenWorld 2016.

 

Categories: APPS Blogs

Using Job Role Separation with ASM and EBS 12.2

Steven Chan - Tue, 2017-03-21 10:45

A job role separation configuration of Oracle Database and Oracle Automatic Storage Management (ASM) is a configuration with groups and users to provide separate groups for operating system authentication.

This is now a certified option for E-Business Suite 12.2 environments. The EBS Rapid Install now supports the use of job role separation to manage operating system permissions for ASM, Oracle Grid Infrastructure, and Oracle software installations.

Job Role separation table for ASM in EBS environments

The following guides have been updated to reflect this newly-certified configuration option:

Related Articles


Categories: APPS Blogs

Using Job Role Separation with ASM and EBS 12.2

Steven Chan - Tue, 2017-03-21 10:45

A job role separation configuration of Oracle Database and Oracle Automatic Storage Management (ASM) is a configuration with groups and users to provide separate groups for operating system authentication.

This is now a certified option for E-Business Suite 12.2 environments. The EBS Rapid Install now supports the use of job role separation to manage operating system permissions for ASM, Oracle Grid Infrastructure, and Oracle software installations.

Job Role separation table for ASM in EBS environments

The following guides have been updated to reflect this newly-certified configuration option:

Related Articles

 

Categories: APPS Blogs

EBS Support Implications for Discoverer 11gR1 in June 2017

Steven Chan - Fri, 2017-03-17 10:57

What happens to Discoverer support in June 2017?

The Oracle Lifetime Support Policy: Oracle Fusion Middleware Products document states:

  • Premier Support for Discoverer 11gR1 ended on June 30, 2014. 
  • Extended Support for Discoverer 11gR1 ends on June 30, 2017. 

No new patches for Discoverer 11gR1 or its E-Business Suite (EBS) Discoverer-based content will be created after June 30, 2017.  EBS customers will continue to have access to existing released patches and other published resources.

Which EBS releases are affected?

E-Business Suite 12.1 and 12.2 included workbooks, business areas, and folders built for Discoverer 11gR1.  Both EBS 12.1 and 12.2 are affected by this.

What should EBS users use for analytics now?

This document was published in March 2014:

That Note recommends that Discoverer users migrate to Oracle Business Intelligence Enterprise Edition (OBIEE), Oracle Business Intelligence for Applications (OBIA), or Oracle Endeca Information Discovery.

Are there automated tools for migrating from Discoverer to other Oracle analytics tools?

No, there are no automated tools for migrating Discoverer content to OBIEE, OBIA, or Oracle Endeca Information Discovery.

Can EBS customers request new patches after June 2017?

No, Oracle will not produce new patches or documentation for Discoverer, EBS content for Discoverer, or Discoverer certifications with EBS 12.1 or 12.2 after June 30, 2017. 

Can EBS customers access existing Discoverer-related resources after June 2017?

Yes, EBS customers will still be able to download existing Discoverer patches.  For example, Discoverer 11.1.1.7 was certified in June 2013 and is certified for EBS 12.1 and 12.2.  Customers will continue to be able to download Discoverer 11.1.1.7 and Discoverer-related documentation for EBS environments (Note 1380591.1 for EBS 12.2, Note 1074326.1 for EBS 12.1).

Can EBS customers continue to use Discoverer after June 2017?

Yes, but Oracle's ability to assist with questions will be increasingly-limited as environments with Discoverer are retired.  Customers should minimize changes to their Discoverer-related infrastructure with the goal of keeping Discoverer environments stable: e.g. limiting changes that might affect load, hardware infrastructure, or business processes.

Will Discoverer work with new desktop client updates after June 2017?

This is unknown.  No new certifications for Discoverer will be performed after June 2017.  Desktop client updates such as new JRE releases, new Windows updates, and new browsers may have unpredictable effects on Discoverer.  Oracle will not issue new compatibility patches for these types of issues after June 2017.


Categories: APPS Blogs

EBS Support Implications for Discoverer 11gR1 in June 2017

Steven Chan - Fri, 2017-03-17 10:57

What happens to Discoverer support in June 2017?

The Oracle Lifetime Support Policy: Oracle Fusion Middleware Products document states:

  • Premier Support for Discoverer 11gR1 ended on June 30, 2014. 
  • Extended Support for Discoverer 11gR1 ends on June 30, 2017. 

No new patches for Discoverer 11gR1 or its E-Business Suite (EBS) Discoverer-based content will be created after June 30, 2017.  EBS customers will continue to have access to existing released patches and other published resources.

Which EBS releases are affected?

E-Business Suite 12.1 and 12.2 included workbooks, business areas, and folders built for Discoverer 11gR1.  Both EBS 12.1 and 12.2 are affected by this.

What should EBS users use for analytics now?

This document was published in March 2014:

That Note recommends that Discoverer users migrate to Oracle Business Intelligence Enterprise Edition (OBIEE), Oracle Business Intelligence for Applications (OBIA), or Oracle Endeca Information Discovery.

Are there automated tools for migrating from Discoverer to other Oracle analytics tools?

No, there are no automated tools for migrating Discoverer content to OBIEE, OBIA, or Oracle Endeca Information Discovery.

Can EBS customers request new patches after June 2017?

No, Oracle will not produce new patches or documentation for Discoverer, EBS content for Discoverer, or Discoverer certifications with EBS 12.1 or 12.2 after June 30, 2017. 

Can EBS customers access existing Discoverer-related resources after June 2017?

Yes, EBS customers will still be able to download existing Discoverer patches.  For example, Discoverer 11.1.1.7 was certified in June 2013 and is certified for EBS 12.1 and 12.2.  Customers will continue to be able to download Discoverer 11.1.1.7 and Discoverer-related documentation for EBS environments (Note 1380591.1 for EBS 12.2, Note 1074326.1 for EBS 12.1).

Can EBS customers continue to use Discoverer after June 2017?

Yes, but Oracle's ability to assist with questions will be increasingly-limited as environments with Discoverer are retired.  Customers should minimize changes to their Discoverer-related infrastructure with the goal of keeping Discoverer environments stable: e.g. limiting changes that might affect load, hardware infrastructure, or business processes.

Will Discoverer work with new desktop client updates after June 2017?

This is unknown.  No new certifications for Discoverer will be performed after June 2017.  Desktop client updates such as new JRE releases, new Windows updates, and new browsers may have unpredictable effects on Discoverer.  Oracle will not issue new compatibility patches for these types of issues after June 2017.

 

Categories: APPS Blogs

Integrigy COLLABORATE 17 Sessions - Presentations on Oracle Database, Oracle E-Business Suite, and PeopleSoft Security

Integrigy is presenting nine papers this year at COLLABORATE 17 (https://collaborate.oaug.org/). The COLLABORATE 17 conference is a joint conference for the Oracle Applications User Group (OAUG), Independent Oracle Users Group (IOUG), and Quest International Users Group.

Here is our schedule. If you have questions or would like to meet with us while at COLLABORTE 17, please conact us at info@integrigy.com.

Sunday Apr 02, 2017

1:45 PM - 2:45 PM

Oracle E-Business Suite 12.2 Security Enhancements

https://app.attendcollaborate.com/event/member?item_id=5621519

Banyan E

Speaker: Stephen Kost

1:45 PM - 2:45 PM

How to Control and Secure Your DBAs and Developers in Oracle E- Business Suite

https://app.attendcollaborate.com/event/member?item_id=5740411

South Seas F

Speaker: Michael Miller

Monday Apr 03, 2017

9:45 AM - 10:45 AM

The Thrifty DBA Does Database Security

https://app.attendcollaborate.com/event/member?item_id=5660960

Jasmine D

Speaker: Stephen Kost

1:00 PM - 4:30 PM

Integrigy team available for meetings and discussions Contacts us at info@integrigy.com to arrange

 

 

Tuesday Apr 04, 2017

9:45 AM - 10:45 AM

Solving Application Security Challenges with Database Vault

https://app.attendcollaborate.com/event/member?item_id=5660961

Jasmine D

Speaker: Stephen Kost

1:00 PM - 4:30 PM

Integrigy team available for meetings and discussions Contacts us at info@integrigy.com to arrange

 

 

Wednesday Apr 05, 2017

9:45 AM - 10:45 AM

When You Can't Apply Database Security Patches

https://app.attendcollaborate.com/event/member?item_id=5660962

Jasmine D

Speaker: Stephen Kost

11:00 AM - 12:00 PM

Common Mistakes When Deploying Oracle E-Business Suite to the Internet

https://app.attendcollaborate.com/event/member?item_id=5621520

South Seas B

Speaker: Stephen Kost

1:30 PM - 2:30 PM

Securing Oracle 12c Multitenant Pluggable Databases

https://app.attendcollaborate.com/event/member?item_id=5660950

Palm A

 

Speaker: Michael Miller

2:45 PM - 3:45 PM

How to Control and Secure Your DBAs and Developers in PeopleSoft

https://app.attendcollaborate.com/event/member?item_id=5617942

Ballroom  J

Speaker: Michael Miller

Thursday Apr 06, 2017

8:30 AM - 9:30 AM

Oracle E-Business Suite Mobile and Web Services Security

https://app.attendcollaborate.com/event/member?item_id=5621407

South Seas B

Speaker: Michael Miller

 

You can download a complete listing of Integrigy's sessions at Integrigy COLLABORATE 17 Sessions.

Oracle Database, Oracle E-Business Suite, Oracle PeopleSoft
Categories: APPS Blogs, Security Blogs

PeopleSoft Security

This is a quick summary of Integrigy’s latest research on PeopleSoft. Was sending this to a client and decided it was a good posting:

Guide to PeopleSoft Logging and Auditing

How to Control and Secure PeopleSoft DBAs and Developers

PeopleSoft Database Security

PeopleSoft Database Secure Baseline Configuration

PeopleSoft Security Quick Reference

If you have any questions, please contact us at info@integrigy.com

 

 
 
Oracle PeopleSoft, Whitepaper
Categories: APPS Blogs, Security Blogs

Deploying Oracle E-Business Suite 12.2 REST Web Services

This is the forth posting in a blog series summarizing the new Oracle E-Business Suite 12.2 Mobile and web services functionality and recommendations for securing them.

Physically deploying REST services with 12.2 is straightforward. REST is an architectural style and not a protocol and is best used to support lightweight and “chatty” interfaces such as Mobile applications.  With 12.2, REST Web Application Description Language (WADL) interface definition files are generated within the E-Business Suite's WebLogic server and run through the OAFM Application. The OAFM application created with the installation of the Oracle E-Business Suite.

If you have any questions, please contact us at info@integrigy.com

-Michael Miller, CISSP-ISSMP, CCSP, CCSK

References
 

 

     
     
     
     
     
     
    Web Services, DMZ/External, Oracle E-Business Suite
    Categories: APPS Blogs, Security Blogs

    Webcast: "Secure Configuration for EBS in Oracle Cloud"

    Steven Chan - Thu, 2017-03-16 02:06

    EBS security on cloudOracle
    University has a wealth of free webcasts for Oracle E-Business Suite. 
    If you're looking for an overview of how to secure an EBS environment running in Oracle Cloud, see:

    Elke Phelps, Senior Principal Product Manager, provides an overview of Oracle E-Business Suite secure configuration guidelines and security features available when deploying Oracle E-Business Suite in Oracle Cloud.  Knowledge of Oracle's Cloud Services, including IaaS and PaaS, is assumed. This material was presenterd at Oracle OpenWorld 2016.

     

    Categories: APPS Blogs

    Webcast: "Secure Configuration for EBS in Oracle Cloud"

    Steven Chan - Thu, 2017-03-16 02:06

    EBS security on cloudOracle University has a wealth of free webcasts for Oracle E-Business Suite.  If you're looking for an overview of how to secure an EBS environment running in Oracle Cloud, see:

    Elke Phelps, Senior Principal Product Manager, provides an overview of Oracle E-Business Suite secure configuration guidelines and security features available when deploying Oracle E-Business Suite in Oracle Cloud.  Knowledge of Oracle's Cloud Services, including IaaS and PaaS, is assumed. This material was presenterd at Oracle OpenWorld 2016.

    Categories: APPS Blogs

    Building Custom EBS Mobile Apps with REST

    Steven Chan - Wed, 2017-03-15 02:04

    EBS Approval mobile app screenshotOver 20 EBS mobile apps are available today for E-Business Suite 12.1 and 12.2.  These apps are available for iOS and Android and cover functional areas such as Approvals, Expenses, Timecards, iProcurement, Sales Orders, Inventory, and much more.  These apps are documented here:

    What's New

    Our mobile apps have just gone through a refresh cycle (a.k.a. "Release 6.1") along with updates to all of the server-side libraries.  These updates are transparent to end-users and backwards-compatible with previous mobile app releases (e.g. "Release 6.0"). 

    The latest versions of all of these apps use APIs that are documented in our Oracle Integration Repository.  These APIs are newly-published as REST services.  This means that you can now use these APIs to build your own custom mobile apps for EBS.

    New guidelines for building your own mobile apps for the E-Business Suite are published here:

     

    Categories: APPS Blogs

    Building Custom EBS Mobile Apps with REST

    Steven Chan - Wed, 2017-03-15 02:04

    EBS Approval mobile app screenshotOver 20 EBS mobile apps are available today for E-Business Suite 12.1 and 12.2.  These apps are available for iOS and Android and cover functional areas such as Approvals, Expenses, Timecards, iProcurement, Sales Orders, Inventory, and much more.  These apps are documented here:

    What's New

    Our mobile apps have just gone through a refresh cycle (a.k.a. "Release 6.1") along with updates to all of the server-side libraries.  These updates are transparent to end-users and backwards-compatible with previous mobile app releases (e.g. "Release 6.0"). 

    The latest versions of all of these apps use APIs that are documented in our Oracle Integration Repository.  These APIs are newly-published as REST services.  This means that you can now use these APIs to build your own custom mobile apps for EBS.

    New guidelines for building your own mobile apps for the E-Business Suite are published here:


    Categories: APPS Blogs

    Webcast: "Build, Deploy and Manage Smartphone Apps for EBS"

    Steven Chan - Tue, 2017-03-14 02:05

    Build EBS smartphone appsOracle
    University has a wealth of free webcasts for Oracle E-Business Suite. 
    If you're looking for a primer on how to build your own mobile apps for EBS, see:

    Vijay Shanmugam, Director Product Development, explains the
    technologies and approach used to build Oracle's smartphone applications
    for Oracle E-Business Suite. You will learn how to deploy and manage
    iOS and Android mobile applications from application stores, how to use
    enterprise deployment to distribute controlled versions of the mobile
    applications within your organization and how to use a combination of
    Oracle E-Business Suite Mobile Foundation, Oracle E-Business Suite REST
    services and Oracle Mobile Application Framework (MAF) to develop custom
    smartphone applications for Oracle E-Business Suite to meet your needs.
    This material was presented at Oracle OpenWorld 2016.

     

    Categories: APPS Blogs

    Webcast: "Build, Deploy and Manage Smartphone Apps for EBS"

    Steven Chan - Tue, 2017-03-14 02:05

    Build EBS smartphone appsOracle University has a wealth of free webcasts for Oracle E-Business Suite.  If you're looking for a primer on how to build your own mobile apps for EBS, see:

    Vijay Shanmugam, Director Product Development, explains the technologies and approach used to build Oracle's smartphone applications for Oracle E-Business Suite. You will learn how to deploy and manage iOS and Android mobile applications from application stores, how to use enterprise deployment to distribute controlled versions of the mobile applications within your organization and how to use a combination of Oracle E-Business Suite Mobile Foundation, Oracle E-Business Suite REST services and Oracle Mobile Application Framework (MAF) to develop custom smartphone applications for Oracle E-Business Suite to meet your needs. This material was presented at Oracle OpenWorld 2016.

    Categories: APPS Blogs

    Pages

    Subscribe to Oracle FAQ aggregator - APPS Blogs