Search This Blog

Thursday, March 19, 2015

SAP BASIS Admin - Important Transaction Codes


I strongly believe, "When you stop learning, you stop growing.."

Alvin Toffler once said “The illiterate of the 21st century will not be those who cannot read and write, but those who cannot learn, unlearn, and relearn.."

I have started to learn SAP now!

In this blog, I have listed few important SAP Transaction Codes, a SAP BASIS Admin must know.


Tuesday, February 3, 2015

What it takes to manage Virtual Datacenter?

Today, just though of putting together, what it takes to build and manage Virtual Data-center?
One thing I want to stress is that, you still need to manage Classic Data-center, however there are several things you need to understand, build and manage on top of Classic DC to make it Virtual DC.

Following diagram gives overall picture, as what you have to manage in IT Operations in case of Classic DC and Virtual DC, apart from the various apps and websites.



Also check out fundamentals of Cloud Computing. 

Wednesday, January 28, 2015

Cloud Computing Fundamentals

Writing a blog post after a long time.. This time on Cloud Computing fundamentals..

Why Cloud Computing?

The IT challenges listed below have made organizations think about the Cloud Computing model to provide better service to their customers

  1. Globalization: IT must meet the business needs to serve customers world-wide, round the clock - 24x7x365.
  2. Aging Data Centers: Migration, upgrading technology to replace old technology.
  3. Storage Growth: Explosion of storage consumption and usage.
  4. Application Explosion: New applications need to be deployed and their usage may scale rapidly, The current data center infrastructures are not planned to  accommodate for such rapid growth.
  5. Cost of ownership: Due to increasing business demand, the cost of buying new equipment's, power, cooling, support, licenses, etc., increases the Total Cost of Ownership(TCO.)
  6. Acquisitions: When companies are acquired, the IT infrastructures of the acquired company and the acquiring company are often different. These differences in the IT infrastructures demand significant effort to make them inter-operable.

What is Cloud computing? (Definition): According to NIST, Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

What are the Essential Characteristics?
Cloud computing should have all of the following characteristics 
  1. On-Demand Self-Service
  2. Resource Pooling
  3. Rapid Elasticity 
  4. Measured Service
  5. Broad Network Access 
What are the building blocks of Cloud Computing?


What are the Service Models in Cloud Computing?
  1. Infrastructure as a service
  2. Platform as a service
  3. Software as a service 

What are the Deployment Models in Cloud Computing?
  1. Public Cloud: Infrastructure Shared across multiple end users which may include companies
  2. Private Cloud : Exclusive for one company, it can be on-premise / exclusively hosted at cloud service provider 
  3. Hybrid Cloud : Combination of Public and Private cloud
  4. Community Cloud : Set of similar types of customer, comes together and share infrastructure, example multiple universities contribute and use one cloud infrastructure.
What is the difference between public and private cloud?



Finally, what are the befits and challenges ? 

Benefit
  • Cost 
  • Speed
Consumer Challenges
  • Security and Regulations
  • Quality of service
  • Network Latency
  • Supportability
  • Long term cost
  • Lock-in 
Providers Challenges
  • Service Warranty and service cost
  • Huge number of s/w to manage
  • No standard cloud access interface


Tuesday, June 19, 2012

Starting with Fusion Applications

Developer > DBA > Apps 11i DBA > R12 DBA and now you want to become Fusion Apps DBA, then you are on correct page.

Here I shall try to provide some info you should be knowing before you start hands on.

OTN has all the Fusion Apps doc's . Latest version as of today (while writing this blog) is11g  Release 1, Update 3 (11.1.4) 

It involves lot of Oracle technology such as Database , Identity Management , WebLogic , SOA Suite , Oracle Data Integrator , ApplCore (ATG) , WebCenter , Secure Enterprise Search , Enterprise Content Management , Oracle Forms Recognition & Business Intelligence 

Currently supported platforms are Linux x86-64 (64 bit), Oracle Solaris SPARC (64 bit), Oracle Solaris x86-64 (64 bit), IBM AIX on POWER Systems (64 bit), Microsoft Windows x64 (64 bit)\

2 types of Installation types, one bare metal install, other is OVM templates

I think cloning and platform migration is currently not available

So lets start with Fusion Apps

Wednesday, June 13, 2012

Oracle Apps Security


Purpose:The purpose of this blog article is to cover security aspects of Oracle Apps and how to handle this. We need to look at all the layers, from the top to bottom, like Applications, DB, OS etc.

Changing database password (like APPS, SYSTEM, SYS etc)
Important Note: Please do not use special characters like @ / # / $ / % etc in any database passwords.

Changing password of SYS, SYSTEM, DBSNMP


Login to database server and issue following commands

Sqlplus “/as sysdba”
Alter user system identified by <new_password>;
Alter user sys identified by <new_password>;
Alter user dbsnmp identified by <new_password>;

Once the passwords are changed, these needs to be changed in EM (if its installed and used). For this, login to EM using sysman account. Then navigate to Preferences > Proffered Credentials > Database Instances > click on set credentials, then against appropriate Database change the passwords. Also change password of dbsnmp user in DB config form.


Document all the steps to perform the password change of DB users
General Guide lines regarding the Schema password.
1)    APPS password should be different than other Applications base schemas like AP, GL, AR etc.
2)    User called ROAPPS (Read Only APPS) should be created who need read access to APPS schema.
3)    Regarding base schemas (like AP, AR, GL) they can have same pattern like AP/AP2008, GL/GL2008 or they can have different passwords. This depends on, if some schema passwords are shared to others.
4)    Password change procedure should be tested in TEST instance first, documented and then only should be executed on PROD.
5)    Please don’t keep same password in TEST and PROD.
6)    Use relevant tools to change password, like FNDCPASS for APPS, GL etc.

Important: Also its is recommended to implement Oracle Applications Auditing feature, to track the changes in important tables.




Changing OS (Operating system passwords)

Document all the steps to be followed for changing OS Passwords
For those who need access to check log fines and stuff like that user called “viewer” in-group “viewer” and password as “viewer” should be created and given to the required user. Also we need to change the vncserver password if it’s started from root or normal unix user. And lastly, its recommended to have a separate username for each DBA, so that first he has to login to server using his own username and then su - <application / database owner user>. In this case the direct access to root, application / database user should be restricted.

Procedure to change Applications User Passwords (Like SYSADMIN)

Document the steps to change Applications passwords of SYSADMIN user.
SYSADMIN password should not be shared with any other user. This password should be with only DBA’s.

There are quite a few profile options available in Applications, which can be used to tighten the front-end security, such as,
a.    Signon Password Hard to Guess => Yes
The password contains at least one letter and at least one number.
The password does not contain the username.
The password does not contain repeating characters.

b.    Signon Password Length => 8 to 10
Signon Password Length sets the minimum length of an Applications signon password. If no value is entered the minimum length defaults to 5.

c.    Signon Password No Reuse  => 10000
This profile option specifies the number of days that a user must wait before being allowed to reuse a password.

d.    Signon Password Failure Limit =>3
The maximum number of login attempts before the user's account is disabled.

e.    ICX:Session Timeout => 20 Min / 60 min
Will prevent the misuse of unlocked desktop.
This profile option determines the length of time (in minutes) of inactivity in a user's session before the session is disabled. If the user does not perform any operation in Oracle Applications for longer than this value, the session is disabled. The user is provided the opportunity to re-authenticate and re-enable a timed-out session. If re-authentication is successful, the session is re-enabled and no work is lost. Otherwise, Oracle Applications exit without saving pendingwork.

f.     Sign-On:Notification => Yes
Displays a message at login that indicates:
If any concurrent requests failed since your last session,
How many times someone tried to log on to Oracle Applications with your username but an incorrect password, and
When the default printer identified in your user profile is unregistered or not specified.

Apart from this, Customer should monitor the list of users who has powerful responsibilities like GL super user, System Administrator etc and reduce such users as far as possible.
Lastly the inactive users should be locked from in the system if they don’t login in last 3-6 months.


Other guidelines for DBA’s:

  • Do Not Allow Shared Accounts
  • Do Not Use Generic Passwords
  • Treat All Non-Production Instances With The Security As Production
  • Restrict Network Access - Set Password on Database Listener
  • Minimize Passwords Contained In OS Files
  • Secure Default Database Accounts
  • Be Proactive!
  • Apply all prior, and plan in advance to apply any new Oracle Security Patches
  • Limit Access To Forms Allowing SQL Entry
  • Stop isqlplus process on server side (if started)
  • Restrict Network Access - Limit Direct Access To The Database
  • Change the passwords at least once in 3 months