Applying P4FA using FASPOT on Fusion Release 12

Introduction Patches for Fusion Applications (P4FA) are collections of one-off fixes and tech stack updates (e.g. Fusion MiddleWare, Database, Weblogic Server, etc.) compiled and certified for Fusion Applications where an installation of them improves system stability and performance substantially. Every Fusion Application release has its own set of P4FA patches and it is mandatory to apply […]

Getting Credentials in Fusion Applications

Introduction Oracle Fusion Applications is configured to save normal user names and credentials in Oracle Internet Directory (OID) and used for authentication purposes. Many of the applications store connection usernames and credentials they need in the credential store and retrieve these from the store when required. This article shows how Fusion Applications Administrators can retrieve […]

Adding New Fusion Applications Product Offerings using Incremental Provisioning

Introduction A product offering is a logical grouping of features and functionality of Oracle Fusion Applications. Customers who have excluded certain product offerings during their base installation and would like to add these or would like to add newly released product offerings can only do so during upgrade using Incremental Provisioning (IP) IP provides the ability to […]

Discover Utility : A Tool to Collect Comprehensive Configuration Details of a Fusion Applications Instance

Introduction Oracle Fusion Applications is a large collection of artifacts at various levels – from Application Modules,URLs and Web services at the top levels to storage, hostnames and IPs at the lower layers with numerous connection and configuration settings and tunable parameters within and across the various products in different layers.  Often administrators need values […]

Migrating your Fusion Applications Auth OHS to a DMZ server

Introduction There maybe a need to expose your application to non-employees outside of your organization such as suppliers who make use of supplier portal. This article is intended to describe how you can do this after you have already provisioned your Fusion Applications environment. Main Article In this article we will describe the steps needed […]

Load Balancer Configuration for Fusion Applications

Background The Fusion Applications installation guide describes how load balancers are used and which features are required when planning a highly available Fusion Applications environment. The Oracle documentation does not contain supplier specific configuration settings for the load balancers. The purpose of this post is to help facilitate the discussion between the networking teams and […]

How to change the nodemanager password on a machine with no AdminServer installed in a Fusion Applications environment

Introduction   In a Fusion Applications environment where a machine has been provisioned with no AdminServer it is not possible to change the node manager password using the console. For security and during cloning you may need to change this password and this article describes how to do that.     Description of environment   […]

Fusion Applications : Priming the Server Startup

Introduction After restart of the Fusion Applications (FA), the very first clicks can at times get slow responses compared to subsequent clicks to the same pages, as a result of cache’s not being populated yet. As with any Java application, this is normal as a large number of objects (classes, ADF objects, Profiles etc.) need […]

Best practice for Inventory Management with Oracle Fusion Applications

Introduction The Oracle Inventory stores information about all Oracle software products installed in all the Oracle homes on a host provided the product was installed using Oracle Universal Installer (OUI). How many Oracle Inventories are needed on a host and where to put those inventories are two common questions we get from the customers installing […]

Accelerating Fusion Applications (FA) Bundle Patching for Human Capital Management (HCM)

Introduction Applying functional bundle patches to your Fusion Applications (FA) environment is a normal part of the FA life cycle. Typically these bundle patches are released on a monthly basis, an although they are cumulative, it is still considered to be a best practice to apply these bundles as often as possible within the constraints […]

WebLogic Server: Saving Disk Space in /tmp

Introduction Many WebLogic Server (WLS) implementations use JRockit 28 as the JVM implementation. JRockit 28 comes with the very useful JRockit Flight Recorder which helps in many troubleshooting situations. Problem In high volume WLS implementations with many domains and many managed servers the Flight Recorder could fill up the disk of the temporary file storage […]

Disaster Recovery for On-Premise Fusion Applications

Introduction Disaster Recovery and Business Continuity are key requirements with most business critical on-premise Fusion Applications environments. Disaster Recovery for FA can be broken down into two layers that have to be syncronised to achieve full recoverability: Shared storage & databases. The solution described here supports simple full site switchover / failover and will satisfy […]

Using a Gold Environment as a Part of Your Production to Test Content Movement Toolkit

Introduction Introducing a straight forward, easily repeatable methodology for performing frequent content movement/environment refreshes in your Fusion Applications (FA) system is essential to managing your ecosystem successfully. In this article we will introduce the concept of using a static or Gold environment into your Production to Test Content Movement (P2T) regimen. An Overview of P2T […]

P2T vs Cloning : Choosing the Right Fusion Applications Tool for Your Project

Introduction Oracle Fusion Applications (FA) comes with two very useful tools –  Fusion Applications Production to Test (P2T) and Fusion Applications Cloning (Cloning).  These help customers implement multiple FA environments for different purposes like production, testing and  development on Enterprise level projects. These tools come under the topic of Content Movement and are detailed in […]

Cloning of Fusion Applications using Oracle Enterprise Manager Cloud Control 12c

Introduction Cloning is a recurring requirement in almost every Oracle Fusion Applications environment. Oracle Enterprise Manager 12c (OEM) is an effective tool to create and automate the repeatable parts of the cloning process. Additionally to the cloning process itself OEM is very useful, when e.g. automating the scale-down of the environment or other actions that may be required to clone the particular […]

Introduction to FA tech stack patching with FASPOT

Introduction Fusion Applications (FA) patching is a regular administrative task during a Fusion Apps release life-cycle. Patches for Fusion Applications (P4FA) are special collections of one-off fixes and tech stack updates (i.e. for Fusion Middleware, Database, Weblogic Server etc) compiled and certified for Fusion Applications where an installation of them improves system stability and performance […]

The Importance of a Run Book for your Fusion Applications Upgrade

The Importance of a Run Book to your FA Upgrade Proper planning for you Fusion Applications (FA) Upgrade is probably the most important factor in determining the success of your upgrade. Several factors go into the planning for your upgrade; these include but are not limited to: Your current release level (e.g., release 9) JDeveloper […]

Patching Fusion Applications – What Types of Patches Exist and How Often Should They Be Applied

Introduction When deploying Fusion Applications, or any suite of software for that matter, careful thought and planning must go into understanding the life cycle management of that product, and in particular, choosing the right cadence for patching.  In this article we will discuss the types of patching required for Fusion Applications, as well as the […]

Using the Post Upgrade Reports in Release 7

Introduction A new and often overlooked new feature in the upgrade path to release 7 is the introduction of a html based report/log, the PostRUPInstaller Report, related to the timings and success of the upgrade itself.  This can be very useful when data is needed to compile management reports, compare one upgrade to another, plan […]

Expiration Checklist for Fusion Applications

Two main things when expired will significantly affect the operations of Fusion Applications. These are database passwords and certificates. As such these expiration dates need to be checked and maintained properly.

Check for expiring database account passwords

Fusion Applications have many schema users in the Fusion Application database.  Many of these schema users by default have no expiry date, however some do.  You can check the expiration date for these passwords using sqlplus and connecting to the FA database as sys.  Use the following command to check the expiry_date:
 
select username, account_status, expiry_date, sysdate from dba_users where expiry_date is not null;
 
TODO:  Keep track of when database accounts will expire.  When the database accounts will soon expire, update the accounts and reset the expiry_date according to your established corporate security policy requirements.  Note: You can reuse the existing password when resetting these schema accounts.
 

Check for expiring certificates

Fusion Application will fail when certificates expire.  It’s important to check all certificate stores (JKS for WebLogic and PKCS#12 for OHS) for expiring keys and certificates so that they can be renewed in a controlled and timely manner.

 

For Fusion JKS Certificates Stores

You should maintain a list of all certificate stores so that they can be located easily.  
The fusion jks stores are fusion_trust.jksand <hostname>_fusion_identity.jks in APPLICATIONS_BASE/fusionapps/wlserver_10.3/server/lib
 
For each JKS store, use keytool to examine the contents, noting the expiration date for each key and certificate:
 
$JAVA_HOME/bin/keytool -list -v -keystore <keystore filename>

 

 
Note:  fusion_trust.jks contains the keys and certificates in each of the <hostname>_fusion_identity.jks.  When replacing the key and certificates, you must replace each <hostname>_fusion_identity.jks and fusion_trust.jks separately.
 

For Webgate Certificate

You should note down the expiration date of the webgate certificate and replace them as appropriate.  The webgate certificate is in APPLICATIONS_CONFIG/CommonDomain_webtier/config/OHS/ohs1/webgate/config/simple. To check the certificate expiration date, use keytool to examine the contents:

$JAVA_HOME/bin/keytool -printcert -v -file aaa_cert.pem

 

 

For PKCS#12 Certificates Stores

The location of the certificate stores used by FA OHS instances can be found in the OHS configuration files. The following example shows how to determine this:
cd APPLICATIONS_CONFIG/CommonDomain_webtier/config/OHS/ohs1

 

cat *.conf ./moduleconf/*.conf | grep SSLWallet filename
 
Each of these should be opened with the orapki utility to examine the content and verify the certificate expiration. The orapki utility is described in detail here: