Using the PeopleSoft VirtualBox Images
Contents
1. ccceee ccc ee cece e tence eee nee ee tennaeee teen eeee 51 Resetting PeopleSoft Virtual Appliances cece cece eee cece eee enna eee tenes eee eeneee teen en nenn 52 Using PeopleSoft Services cect tupeetin cane aah op ier E EE EEEE E E 53 Running Multiple Virtual Machines sssueeesnnnesenrnrrnrrrrerrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr nnn nn 54 vi Copyright 2013 Oracle and or its affiliates All rights reserved Contents Copyright 2013 Oracle and or its affiliates All rights reserved vii Contents viii Copyright 2013 Oracle and or its affiliates All rights reserved About this Documentation This preface discusses e Understanding this Documentation e Audience e Typographical Conventions e Products e Related Information e Comments and Suggestions Understanding this Documentation This documentation is designed to guide you through the deployment of the Oracle VM VirtualBox appliances for Oracle s PeopleSoft applications It is not a substitute for the documentation provided for Oracle VM VirtualBox Audience This documentation is intended for individuals responsible for deploying templates for Oracle s PeopleSoft applications with Oracle VM VirtualBox The documentation does not include introductory information on virtualization technology or virtual machines You should have a basic understanding of virtual machines You should have a basic understanding of the2. Each of these accounts has different activities or roles that can be associated with them This partitioning of roles with different authentication mechanisms provides scope for a more secure deployment of the VM similar to a typical environment management strategy used in your data center For example it is possible to manage the environment such that the owner of the VM is unable to log in to the virtual machine This allows the system and database administrators of the virtual machine to be divided into separate groups The following table lists four fictitious users their roles and sample activities Copyright 2013 Oracle and or its affiliates All rights reserved Chapter 3 Planning Security Administration Sample Activities and Permissions Amanda Network administrator e Administers network addresses and names e Sys Admin Manages the host on which VMs run and creates the VM e After initial configuration cannot log in to guest OS Bob System administrator e Applies security to the guest OS and PeopleSoft runtime environment e Shuts down non essential services and configures firewall e Cannot log in to host OS on which VM runs Charlie Database administrator DBA e Manages the PeopleSoft application databases availability and performance e Participates in creating new databases during upgrade Denise PeopleSoft administrator Signs on to PeopleSoft Application PIA and Application Designer and manages users
3. 26 Copyright 2013 Oracle and or its affiliates All rights reserved Chapter 4 Deploying the PeopleSoft VirtualBox Appliances e You have imported the virtual appliance as described in the section Importing the PeopleSoft VirtualBox Appliance e You have fulfilled the host machine requirements discussed in the Prerequisites chapter e The virtual machine will be used in a machine bound deployment This means that the virtual machine will only be used for single user or demonstration purposes and will be accessed only by users logged on to the host OS Task 4 2 1 Setting a Host Only Network Configuration These instructions apply to the default host only configuration See the following sections for other configurations See Using Alternative Network Configurations This section assumes e The virtual machine does not need access to networked resources outside the host e Everything required of the runtime environment is contained within the virtual appliance To set the network configuration 1 In the Oracle VM VirtualBox Manager highlight the virtual appliance and click Settings in the menu bar 2 On the Settings window select Network in the left hand frame 3 Select Host only Adapter from the Attached to drop down list as shown in this example lt 2 HCMDB SES 85302d Settings ea E General Network System J E Display Adapter 1 Adapter 2 Adapter 3 Adapter
4. For more information see PeopleTools PeopleSoft Update Manager To install the Oracle Database Client tools on a Microsoft Windows machine 1 Access the virtual appliance file system from your Microsoft Windows host as described in the section Accessing the Shared Drive Folders on the Virtual Appliance File System 2 Locate the oracle client share directory 3 Copy the Oracle Database Client installation program oracle client mswin x86 32 zip to the location known as TEMP_DIR above and extract the contents This will extract the installation program for the Oracle Database client 4 Review the instructions for Install the Oracle Database Client Software in the installation documentation that accompanies the installation program Access the documentation from TEMP_DIR client doc index htm 5 Start the installation program TEMP_DIR client setup exe and follow the onscreen instructions to install the Oracle Database Client Install to a directory on the Microsoft Windows client This will be referred to as ORACLE_HOME for the remainder of this section Select Installation Type Administrator 6 Locate the tnsnames ora file in the oracle client share directory The entries in the tnsnames ora file provide the Oracle Database Client with database identification and connectivity information The file in the oracle client share directory is configured with the information for the virtual appliance 7 Locate the tnsnames o
5. This will allow the virtual machine to function within your network in the same way as any other physical or virtual host This topic is described in detail in the Oracle VM VirtualBox User Manual Topics such as bridging virtual LANs dynamic and static IP address assignment are not described in this document These concepts correlate to general network administrator activities and therefore are not discussed here Some of the scenarios with which you may wish to extend your virtual appliance are described here Allowing Your VM to Access the External Network This is possible if your virtual machine has a network configuration that allows it to participate in the wider network The default instructions in the previous section Setting a Host Only Network Configuration permit the virtual machine to only run within the host machine In order for the VM to operate in the wider network it is necessary to use one of the other network configuration options offered by VirtualBox The most common choice is to use a bridged network adapter To use a bridged adapter rather than a host only adapter access the Network page in the Settings dialog box as described in Setting a Host Only Network Configuration and select Bridged Adapter from the Attached to drop down list Copyright 2013 Oracle and or its affiliates All rights reserved Chapter 4 Deploying the PeopleSoft VirtualBox Appliances a HCMDB 85303d Settings
6. for example VP1 VP1 PS PS or PTDMO PTDMO Task 4 5 Using the PeopleSoft Installation This section discusses Reviewing the PeopleSoft Environment Understanding Samba and File System Access Reviewing the File System and Users Accessing the Shared Drive Folders on the Virtual Appliance File System Installing and Starting Oracle Database Client Tools Installing the PeopleTools Client Tools and Using Application Designer Installing PeopleSoft Change Assistant Managing PeopleTools Domains with PSADMIN e Changing the Access for PIHOME Reviewing the PeopleSoft Environment After you complete the initialization of the virtual machine the PeopleSoft installation will be available This section includes brief information to help you work with the PeopleSoft environment For detailed definitions and information on working with the components in a PeopleSoft installation see the PeopleSoft documentation referenced earlier The specific components that comprise your environment such as the database platform that your target database runs on and the release patch level of your database client will impact the way you set up your installation Remember to review PeopleTools PeopleSoft Update Manager for information on configuring the PeopleSoft installation when carrying out a PeopleSoft application update before you carry out the procedures in this chapter See About this Documentation Related Information Understanding Sam
7. Check the connectivity to the Oracle database Try the following solutions e Verify that the virtual machine is responsive using the ping command and the IP address before proceeding Copyright 2013 Oracle and or its affiliates All rights reserved 49 Deploying the PeopleSoft VirtualBox Appliances Chapter 4 e Verify that the tnsnames ora file contains the correct host entry See Installing and Starting Oracle Database Client Tools Task 4 8 Managing the Virtual Environment Lifecycle This section discusses e Understanding Virtual Machine Management Customizing and Cloning Virtual Appliances U sing the PeopleSoft Configuration Script Resetting PeopleSoft Virtual Appliances U sing PeopleSoft Services Running Multiple Virtual Machines Understanding Virtual Machine Management After you create and initialize your PeopleSoft virtual machine environment you may want to customize it and save the customized environment as a template to share within your company Keep in mind that the template will be large and you should plan for the necessary storage In general the steps to follow in creating a template from a customized environment are 1 2 50 Set up the virtual machine Customize the environment See Customizing and Cloning Virtual Appliances Take a snapshot of the working environment Edit the configuration plug in script See Using the PeopleSoft Configuration Script Issue commands to c
8. E General Network E System E Display Adapter 1 Adapter 2 Adapter 3 Adapter 4 Storage iv Enable Network Adapter gt Audio Attached to Bridged Adapter x e Network Name Intel R 82579LM Gigabit Network Connection v Serial Ports gt Advanced USB E Shared Folders Select a settings category from the list on the left hand side and move the mouse over a settings item to get more information Cancel Help Setting the network configuration for Bridged Adapter After you choose the Bridged Adapter option you will select the correct adapter with which to connect to the network On a single user system such as a laptop this will typically correspond to the wireless network card If multiple adapters are listed you should consult Windows Control Panel to identify which network adapter to use Accessing VirtualBox and Your VM from Another Host VirtualBox is not intended for use as a server product or for multi user access However it is in fact possible to access the virtual machine from outside the host on which it runs In such a case the network configuration of the virtual machine will need to be initialized with settings that are understood by the network in which it will run The virtual machine will be subject to any rules imposed upon conventional hosts residing on the network This means that a valid hostname and IP address if using static IP will be required To allow multiple
9. IP configuration and hostname in the previous steps enter y when asked if you are happy with your answers and continue with the next step 9 Ifyou want to change the database name enter the new name at the following prompt Enter the name of the database Please ensure that the database name includes gt only alphanumeric characters and is no more than 8 characters in length gt lt default dbnames The prompt displays the name of the database provided with the virtual appliance for lt default dbname gt for example HCM92 If you do not want to change the database name press ENTER and the system uses the default name to set up the database If you enter a database name that does not fulfill the stated requirements the system repeats the prompt until you supply a correct name 10 Enter the Connect ID name and password at the following prompt Note If this image is intended to be a PUM source for applying maintenance gt the Connect ID and Password need to match your Target database environment Enter the name of PeopleSoft Connect ID people Enter PeopleSoft Connect ID password Re Enter PeopleSoft Connect ID password Copyright 2013 Oracle and or its affiliates All rights reserved 35 Deploying the PeopleSoft VirtualBox Appliances Chapter 4 36 11 12 13 The connect ID user name must be no greater than 8 characters The connect ID password must be between 6 8 characters If you enter va
10. Release 6 Oracle Technology Network http www oracle com technetwork indexes documentation ol 1 1861776 html Checking for Critical Patch Updates Critical Patch Updates CPUs are made available according to a published schedule If CPUs have been released subsequent to the availability of the virtual appliance you may want to install these CPUs if your VM is available to an untrusted user population See Critical Patch Updates Security Alerts and Third Party Bulletin Oracle Technology Networks http www oracle com technetwork topics security alerts 086861 html You can also search for critical patches in My Oracle Support Patches amp Updates See My Oracle Support Patches and Updates for PeopleSoft Products My Oracle Support Document 1465172 1 Disabling Unnecessary Services At initialization the VM starts a number of services These frequently run as background or daemon processes and they may be owned by either root or regular users These services are responsible for runtime management of the system Some of these services may be deemed non essential for the running of your VM You may wish to review the services that are running for example with the Linux command service status all and decide from those running services which ones are non essential and whether the essential ones are properly configured Consult your organization security authorities to determine which services are either mandatory or prohibited Cons
11. See Preparing to Deploy Understanding Oracle VM VirtualBox You should have already downloaded and extracted the VirtualBox appliance from My Oracle Support as described in the previous chapter and saved the OVA file in a directory referred to in this documentation as APPLIANCE_TEMP_DIR The OVA is imported directly into VirtualBox at this point See Preparing to Deploy Obtaining Oracle VM VirtualBox for PeopleSoft Appliances To import the virtual appliance into VirtualBox 1 Start VirtualBox The Oracle VM VirtualBox Manager appears This example shows the Oracle VM VirtualBox Manager with a previously imported appliance If you start Oracle VM VirtualBox Manager with no existing appliances you see a Welcome page Copyright 2013 Oracle and or its affiliates All rights reserved 21 Deploying the PeopleSoft VirtualBox Appliances Chapter 4 la 8 Oracle VM VirtualBox Manager B J File Machine Help 2 D gt E Snapshots New Settings Show Discard EA FSCMDB 85303d E General E Preview x Running Name FSCMDB 85303d Operating System Oracle 64 bit System Base Memory 2048 MB Processors 2 Boot Order Floppy CD DYD ROM Hard Disk Acceleration T x AMD Nested Paging PAE Nx m Display video Memory 12 MB Remote Desktop Server Disabled Q Storage gt Audio Host Driver Null Audio Driver a Controller ICH AC97 EP Network Adapter 1 PCnet FAST III Bridg
12. applies to VM s running gt on VirtualBox or some other network issue It is not recommended to continue the installation with static IP configuration gt without basic network functionality Some of components will not initialize gt properly Do you want to stop the initialization process to correct this condition y n If you enter Y yes the system shows the following message and shuts down Please refer to the Install document for further instructions regarding Network gt Adapter Configuration The Virtual Machine will be shutdown now If you enter n no the initialization continues Use the following in understanding this prompt e If the entered static IP address and the DNS server IP address are valid the DNS is reachable and you selected Bridged Adapter when importing the virtual appliance the system displays the DNS host name and prompts for confirmation If the entered static IP address and the DNS server IP address are valid but you selected the Host only networking option when importing the virtual appliance the system cannot reach the DNS to deduce the hostname and prompts the user to enter the hostname manually This can be problematic Rather than entering the hostname manually in the next step shut down the virtual machine and start again at the beginning of this procedure e If either the static IP address or the DNS server IP address is invalid the system cannot deduce the hostname and prompts th
13. has been set up using host only networking See Resetting PeopleSoft Virtual Appliances Before resetting the virtual appliance it is important to preserve the current state of the virtual appliance This allows you to return to a last known good state For this reason you should use the Snapshot capability of Oracle VM VirtualBox before making any significant changes to the virtual appliance In fact it is good practice to use snapshots as a way of versioning your virtual appliance When cloning a virtual appliance you may want to install software into the virtual appliance from which you will create clones If you do so you must make sure that the software that you have installed is virtualization safe This means that the installation is not bound to the IP address or hostname through any configuration files database entries and so on When you save a virtual appliance the installed components must be host neutral so that they will be able to run without any problems in new instances that have different hostnames or IP addresses If the software that you have installed requires licensing on a per host or per processor basis you should ensure that you have the adequate number of licenses for your site The terms surrounding licensing will vary from application to application When cloning a PeopleSoft virtual appliance you may wish to add customized first boot configuration steps This means that you should edit the first boot configuration
14. script as described in the following section See Using the PeopleSoft Configuration Script Task 4 8 2 Using the PeopleSoft Configuration Script To add configuration steps to the PeopleSoft virtual appliance use the delivered configuration script opt oracle psft vm oraclevm template ext sh You can find this script in any PeopleSoft virtual appliance If you wish to extend the virtual appliance you can overwrite or add to this script The oraclevm template ext sh script includes the four functions described in this table ovm_configure_pre This function is run before the PeopleSoft PeopleTools configuration scripts This function can perform any custom setup steps prior to the running of the PeopleSoft PeopleTools setup ovm_configure_post This function is run after the PeopleSoft PeopleTools configuration scripts This function can perform any custom steps required after the PeopleSoft PeopleTools setup has completed Copyright 2013 Oracle and or its affiliates All rights reserved 51 Deploying the PeopleSoft VirtualBox Appliances Chapter 4 52 ovm_cleanup_pre This function is run when a virtual machine is being cleaned up This function is called before the PeopleSoft PeopleTools cleanup ovm_cleanup_post This function is run when a virtual machine is being cleaned up This function is called after the PeopleSoft PeopleTools cleanup When the virtual appliance is being initialized the first boot configurati
15. users to access the VM you must change the network adapter from Host Only to Bridged Adapter The procedure that you follow depends upon where you are in the deployment process If you have just imported the VirtualBox appliance carry out these steps 1 In the Oracle VM Virtual Box Manager highlight the virtual appliance and click Settings in the menu bar 2 On the Settings window select Network in the left hand frame The Network page includes four tabs in the right hand frame one for each of the network adapters On the Adapter 1 tab select Bridged Adapter in the Attached to drop down list 4 Verify that the Name drop down list is populated with the correct network adapter Copyright 2013 Oracle and or its affiliates All rights reserved 29 Deploying the PeopleSoft VirtualBox Appliances Chapter 4 30 This will typically be the wireless or wired network adapter that is on the host computer This can be found for example by examining the network configuration in Microsoft Windows Control Panel 5 Click OK and start the VM See Starting the PeopleSoft VirtualBox Appliance If you have already started the VM with the setting Host Only Adapter carry out these steps See Starting the PeopleSoft VirtualBox Appliance 1 Open the VM console window and select the following command to stop the VM Machine ACPI Shutdown 2 Inthe Oracle VM Virtual Box Manager highlight the virtual appliance and click Settings in the menu bar 3 On th
16. warranted to be error free If you find any errors please report them to us in writing Restricted Rights Notice If this is software or related documentation that is delivered to the U S Government or anyone licensing it on behalf of the U S Government the following notice is applicable U S GOVERNMENT RIGHTS Programs software databases and related documentation and technical data delivered to U S Government customers are commercial computer software or commercial technical data pursuant to the applicable Federal Acquisition Regulation and agency specific supplemental regulations As such the use duplication disclosure modification and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract and to the extent applicable by the terms of the Government contract the additional rights set forth in FAR 52 227 19 Commercial Computer Software License December 2007 Oracle America Inc 500 Oracle Parkway Redwood City CA 94065 Hazardous Applications Notice This software or hardware is developed for general use in a variety of information management applications It is not developed or intended for use in any inherently dangerous applications including applications that may create a risk of personal injury If you use this software or hardware in dangerous applications then you shall be responsible to take all appropriate fail safe backup redundancy and other measur
17. xii Your comments are important to us We encourage you to tell us what you like or what you would like changed about PeopleSoft documentation and other Oracle reference and training materials Please send your suggestions to PSOFT Infodev_US oracle com While we cannot guarantee to answer every email message we will pay careful attention to your comments and suggestions We are always improving our product communications for you Copyright 2013 Oracle and or its affiliates All rights reserved CHAPTER 1 Prerequisites This chapter discusses e Reviewing Hardware Requirements e Reviewing Software Requirements Task 1 1 Reviewing Hardware Requirements This section describes the hardware requirements for deploying Oracle VM VirtualBox PeopleSoft Appliances Keep in mind that individual performance is expected to vary depending upon the specific hardware CPU speed disk type and speed and disk fragmentation in your setup Note This documentation uses virtual appliance or image to refer to the archive that is imported into the VirtualBox Manager The term virtual machine VM is used in this documentation to refer to the environment that VirtualBox creates from the virtual appliance The requirements listed below apply to the machine used to host the Oracle VM VirtualBox appliances Keep in mind that a PeopleSoft installation also requires a Microsoft Windows machine on which you install the PeopleTo
18. 4 Storage V Enable Network Adapter Audio Attached to oP Network Name VirtualBox Host Only Ethernet Adapter X Serial Ports gt Advanced USB Shared Folders Select a settings category from the list on the left hand side and move the mouse over a settings item to get more information Cancel Help Setting the network configuration for Host only Adapter Copyright 2013 Oracle and or its affiliates All rights reserved 27 Deploying the PeopleSoft VirtualBox Appliances Chapter 4 28 Note Setting the adapter to being Host only means that the virtual machine will be unable to access the network outside the host on which it will run The IP and hostname of the virtual machine will be known only within the host and virtual machine OS During the time that the virtual machine is connected to the Host only network consider performing any security configuration you need Task 4 2 2 Using Alternative Network Configurations This section discusses e Understanding Alternative Network Configurations e Allowing Your VM to Access the External Network e Accessing VirtualBox and Your VM from Another Host e Resetting the Network Stack of Your Virtual Appliance e Using the Virtual Machine with VPN e Using the Virtual Machine Hostname from the Host OS Understanding Alternative Network Configurations Oracle VM VirtualBox provides a rich set of network configuration options for your virtual machines VMs
19. Ethernet HWaddr 88 frame 8 carrie ct ueue len 1888 xX byte 12491 12 1 KiB TX byte Interrupt 177 Base addre 8xd828 ink encap Local Loopback 7 6 8 1 Mask 255 17128 Scope t K RUNNING MTU 16436 Metri 41191 errors 8 dropped 8 41191 errors 8 dropped ove Sesso Basic options for your PuTTY session txqueuelen 8 e Specty your connection by host name or IP address 11882574 18 4 MiB Host Name ce IP address Pon 152 158 56 101 yirbr i rnet HWaddr 86 66 868 686 8 98 122 1 Beast 192 168 12 Protocol t F NING MULTICAST MTU 1588 Raw Tehet Rogn SSH 8 overrun 24 8 overrun Load save or delete a stored session Saved Sessions Defaut Settings Goose window on ent Aways Never Only on clean ot Co Cowes Connecting to the virtual appliance with PUTTY Client Establishing a connection to the virtual machine verifies its accessibility from the host OS You may continue to verify that the individual logical tiers within the PeopleSoft environment are available by using utilities such as PeopleSoft PeopleTools PSADMIN and SQL Plus Before performing any administrative activities consult the section Reviewing the File System See the next section for instructions on signing in to the PeopleSoft application See Setting the Authentication Domain in the WebProfile See Also Managing the Virtual Environment Lifecycle Copyright 2013 Oracle and or its affiliates All rights reserved 37 Depl
20. ORACLE PEOPLESOFT Using the PeopleSoft VirtualBox Images June 2013 ORACLE Using the PeopleSoft VirtualBox Images SKU ivbox_PUMpt853PS92_062013 Copyright 2013 Oracle and or its affiliates All rights reserved Trademark Notice Oracle and Java are registered trademarks of Oracle and or its affiliates Other names may be trademarks of their respective owners Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International Inc AMD Opteron the AMD logo and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices UNIX isa registered trademark of The Open Group License Restrictions Warranty Consequential Damages Disclaimer This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws Except as expressly permitted in your license agreement or allowed by law you may not use copy reproduce translate broadcast modify license transmit distribute exhibit perform publish or display any part in any form or by any means Reverse engineering disassembly or decompilation of this software unless required by law for interoperability is prohibited Warranty Disclaimer The information contained herein is subject to change without notice and is not
21. PeopleSoft system Typographical Conventions To help you locate and understand information easily the following conventions are used in this documentation Monospace Indicates a PeopleCode program or other code such as scripts that you run during the install Monospace is also used for messages that you may receive during the install process Copyright 2013 Oracle and or its affiliates All rights reserved ix Preface Italics Indicates field values emphasis and book length publication titles Italics is also used to refer to words as words or letters as letters as in the following example Enter the letter O Italics are also used to indicate user supplied information For example the term domain is used as a placeholder for the actual domain name in the user s environment When two such placeholders are used together they may be set apart with angle brackets For example the path lt PS_CFG_HOME gt appserv lt domain gt includes two placeholders that require user supplied information Initial Caps Field names commands and processes are represented as they appear on the window menu or page lower case File or directory names are represented in lower case unless they appear otherwise on the interface Menu Page A comma between menu and page references indicates that the page exists on the menu For example Select Use Process Definitions indicates that you can select the Process Definitions pag
22. S on your machine e RAM Memory Each PeopleSoft VirtualBox appliance requires a minimum of 4 GB available RAM to run in addition to the requirements of the host OS and the applications previously running on it Note that the memory used by the VirtualBox appliance will not be available to the host OS while the appliance is running The available RAM refers to memory not used by other processes on the host OS e Disk space 100 GB free disk space is required to download the necessary files and initialize each virtual appliance Note The size will vary depending upon the specific virtual appliance Access the information on the PeopleSoft Update Manager Home Page My Oracle Support Document 1464619 1 for the requirements specific to the PeopleSoft VirtualBox appliance that you downloaded VirtualBox supports the ability to take snapshots of a running appliance and use them to return to a previous state if your virtual appliance becomes corrupted in any way You should plan for the space needed for snapshots when allocating storage for your virtual appliance See the information on snapshots in Oracle VM VirtualBox User Manual First Steps The disk space requirement includes e 15 25 GB for the downloaded zip files You may remove these files after you have successfully initialized your virtual machine e 15 25 GB for the virtual appliance archive OVA after extraction You may remove the OVA file after you have successfully
23. Security eeenneernnrrnrrrrrrrrorrrrrrrrrrrerrrrrrrrrrrrrrrrrrrrrrrrerrrrr rnrn actin mtu 12 Considering the Virtual Machine Guest Operating System Security 0 eceeeee teen eens eens 14 Understanding the Virtual Machine Guest Operating System Security ccceeeeeeee teen eee 14 Applying Operating System Patches and Updates 2 00 ccceeee eee eee ee eee eet ee eet eeee eens 14 Checking for Critical Patch Updates ic i s ccc sacs eee eed eben eedeiia mei eane eve bees pane eae ee eee uae 15 Copyright 2013 Oracle and or its affiliates All rights reserved v Contents Disabling Unnecessary SSWiICSS iss ciec casi cteles deeded jican te dad cid dita bnde Yo daedde aabn dd ge eaeded rrrrr nnmnnn 15 Considering PeopleSoft Application Security and Client ACCeSS 00 00 ccc eeeeeeeeeeeeeeeeeeeee teeeeaes 15 Understanding PeopleSoft Application Security and Client ACC SS cc ccc ee cece cece eee rnrn 16 Considering PeopleSoft Pure Internet Architecture SeCurity 00 cece eee ee eee eeeeeeeeeee rnrn nne 16 Considering Security for Client TOONS v 50 cccvsesscatcotantcadentendounes Dedaehabe ceamcnadentanecatcntanadnann 16 Considering SQL Plus SOCunilys s aweeckici caves seca yeue Ra siis cn Seet xe shee ade Seed eas Ried Rieel eet een ehanien 17 Considering Security for Samba and the VM File System nnesnnnnnnnrerrerrrrrrnrrerrerrrr rnrn nn 18 Considering the VM O
24. acle Support Certifications Copyright 2013 Oracle and or its affiliates All rights reserved 3 Prerequisites Chapter 1 4 Copyright 2013 Oracle and or its affiliates All rights reserved CHAPTER 2 Preparing to Deploy This chapter discusses e Understanding Oracle VM VirtualBox and the PeopleSoft Deployment e Understanding Oracle VM VirtualBox e Completing the PeopleSoft Application Specific Installation e Obtaining Oracle VM VirtualBox for PeopleSoft Appliances Understanding Oracle VM VirtualBox and the PeopleSoft Deployment This documentation explains how to deploy the Oracle VM VirtualBox appliance for a PeopleSoft application The PeopleSoft application is deployed as a single virtual machine VM in VirtualBox The VirtualBox appliance for PeopleSoft applications includes the following features Note Access the links on the PeopleSoft Update Manager Home Page My Oracle Support Document 1464619 1 for version information e PeopleSoft application HCM 9 2 FSCM 9 2 ELM 9 2 or CRM 9 2 depending on the appliance chosen demo database built on Oracle RDBMS database software The PeopleSoft application database is a demo database with current patches applied Note While the virtual appliances are built on an Oracle RDBMS platform target environments used with PeopleSoft Update Manager can be any RDBMS platform supported for a PeopleSoft installation e PeopleSoft PeopleTools Install directory this wil
25. acle Technology Network http docs oracle com cd E29604_01 psft html docset html Applying Operating System Patches and Updates The virtual appliances that are downloaded from My Oracle Support contain the most recent versions of PeopleSoft PeopleTools and additional component third party products for example Oracle Tuxedo required by the PeopleSoft application The operating system Oracle Linux is also reasonably current but you may need to apply updates to ensure that it has all the required patches and fixes to function correctly and securely Copyright 2013 Oracle and or its affiliates All rights reserved Chapter 3 Planning Security Administration Fixes and updates for Oracle Linux are available from the Oracle Yum Public Repository http public yum oracle com These fixes can be accessed directly from your VM by configuring yum on your VM to connect directly to the repository You will connect to the yum repository through a secure channel If traffic to the public yum repository is required to flow through a corporate proxy the yum process can be configured to honor those settings An alternative to using the remote public repository is to create your own yum repository The approach you take will derive from pre existing security processes in place within your organization for patching operating systems See the information on Yum in the Oracle Linux documentation See Oracle Linux Administrator s Solutions Guide for
26. al users that are required to do so Considering SQL Plus Security Oracle SQL Plus is a client tool that allows direct access to the database tables It can be used by a super user to manipulate application data and a database administrator can use it manipulate the database itself Obviously this level of access should only be afforded to the most trusted users and DBAs The connectivity information for the PeopleSoft application database is available in the VM file system when it is started This connectivity information is available in the form of a tnsnames ora file that provides the service name and listening port for the database This can be seen by any user that can access the shared folders of the VM through the Samba share With this information it is necessary to supply the required credentials to connect to the database with SQL Plus At minimum access to the database should be disabled for user accounts that do not require direct database access Passwords for legitimate users should be changed from the default values that are contained in the delivered virtual appliance Most importantly the administrator must change the password for the SYSADM user immediately after VM startup The DBA will be familiar with which parts of the PeopleSoft database tablespace must be secured including user accounts and passwords Network security can also be employed to turn off remote access in the database service As noted earlier in this section t
27. an be used if you have made changes to the virtual appliance such as installing new software and you wish to make a clone of the virtual appliance It is also applicable if you simply want to change the way that your virtual appliance works on the network If you reset the network stack of your virtual appliance PeopleSoft components will stop functioning correctly This is because Oracle WebLogic and Tuxedo on which PeopleSoft relies communicate through the network stack The process of resetting the network stack therefore conducts an orderly shutdown and cleanup of these components It removes the PIA Application Server and Process Scheduler domains This means that any changes that you have made to these configurations will be lost by following these instructions To reset a virtual appliance Note Resetting the network stack on the virtual appliance will not remove content from the database This means that information about report nodes the Integration Gateway and other host name specific entries may be inaccurate if the virtual appliance is re initialized with new networking information 1 Invoke the following command to shut down and remove the PeopleSoft domains usr sbin oraclevm template cleanup 2 Invoke the following command to ensure that when the virtual appliance is restarted it will re prompt for network configuration information Copyright 2013 Oracle and or its affiliates All rights reserved Chapter 4 Depl
28. anager EEA S ee co 3 wep gt Q Snapshots New Settings Start Discard 641 FSCMDB 85303d General Preview Running 3 Name HCMDB 85303d A HCMDB 85303d Operating System Oracle 64 bit red O Ay O Powered Off System Base Memory 4096 MB a Processors 2 HCMDB 5303d Boot Order Floppy CD DYD ROM Hard Disk Acceleration T x AMD Nested Paging PAE NX Display video Memory 12 MB Remote Desktop Server Disabled Q Storage gt Audio Host Driver Null Audio Driver Controller ICH AC97 ue Network Adapter 1 PCnet FAST III Host only Adapter virtualbox Host Only Ethernet Adapter USB Oracle VM VirtualBox Manager after importing PeopleSoft appliance 7 Perform disk maintenance To address possible performance issues caused by fragmentation occurring when writing the large virtual machine disk files consider defragmenting the host operating system s hard drive at this point Depending on the condition of the drive this make take from a few minutes to a few hours Task 4 2 Setting the Network Configuration for the Virtual Appliance This section discusses e Understanding Network Configuration Settings e Setting a Host Only Network Configuration e Using Alternative Network Configurations Understanding Network Configuration Settings This section includes procedures for setting the network configuration for the VM This section assumes that
29. ange Package creation e Change Assistant in Initial Pass mode requires connectivity to both the source and target databases to apply a Change Package e Change Assistant must be able to connect to the Environment Management Hub that is running on the target database when change packages have been created See PeopleTools PeopleSoft Update Manager PeopleSoft Update Manager Home Page My Oracle Support Document 1464619 1 Network access for Change Assistant would not be required only in the specific scenario in which both Change Assistant and the PeopleTools client tools are installed on the Microsoft Windows machine that is hosting the PeopleSoft virtual machine In addition the target database for the PeopleSoft Update Manager update would need to be installed on the same machine as Change Assistant must upload information about the target from the Environment Management Hub In the more likely scenario in which Change Assistant is installed on a separate Microsoft Windows client machine and needs connectivity to the virtual machine s PeopleSoft database across the network its security considerations depend upon that applied to the client machine To a large extent this is no different from the way Change Assistant was used in previous releases with the Update Gateway The administrator would follow organizational standards for security to ensure that Change Assistant can only access specific resources and can only be accessed by the minim
30. artup SSH uses public private key pairs to authenticate users and restrict access to the machine The approaches provided in the virtual machine are the same as those used for conventional Linux systems See the documentation for your SSH client for more information Summarizing Security Considerations This section includes samples of questions related to security considerations Use these questions to help you decide the level of security to be applied to your virtual machine 1 Question Do you have the required hardware available to run the virtual machine Implication You may have to procure new hardware that is an exception to the current hardware in place 2 Question Does the hardware on which you will run the virtual machine require an exception to the existing organizational standards Implication You will have to work with your security and network administration team 3 Question Do you have organizational processes and standards in place for assessment or auditing of new hosts on the network Implication You will have to work with your security and network administration team to verify that the VM is permitted to join the corporate network 4 Question Will multiple users require access to the VM Implication If multiple users require access to the VM it will be necessary to apply network host VM and application security as discussed earlier in this chapter 5 Question Will the VM be hosted in a LAN sub doma
31. ba and File System Access The file system location in the virtual machine is made available using Samba This makes files residing in the virtual machine accessible on the host OS This also allows files on the host or even on an external network to be shared with the virtual machine Note Samba is Open Source software under the GNU General Public licence that allows for interoperability between Linux UNIX servers and Microsoft Windows based clients By default Samba will make some of the installation directories under the opt oracle psft pt tools setup directory of the virtual machine available to the host as shared drives You can map to these shared drives from Microsoft Windows machines The following table describes the local directories on the virtual machine and the shared drive folders that are made available Copyright 2013 Oracle and or its affiliates All rights reserved 39 Deploying the PeopleSoft VirtualBox Appliances Chapter 4 40 Local Directory Shared Drive Folder PeopleTools client tools opt oracle psft pt tools setup Client Oracle RDBMS client for Microsoft opt oracle psft pt oracle client oracle client Windows installation file Note The Oracle RDBMS client installation executable in this table refers to the 32 bit client This is required on Microsoft Windows operating systems for connectivity to the PeopleTools Client features Change Assistant file repository opt oracle psft ptdb pi_home As
32. can make the VM available to users on the network See Deploying the PeopleSoft VirtualBox Appliances Setting the Network Configuration for the Virtual Appliance Copyright 2013 Oracle and or its affiliates All rights reserved 11 Planning Security Administration Chapter 3 VirtualBox supports up to four network adapters per virtual machine There are a range of choices of network adapter type When changing from the default host only network adapter you will select the most appropriate choice for your network Oracle tests the deployment of the virtual machine with the Bridged network adapter This network adapter is tested with both static and dynamic IP addresses to allow remote clients to access the virtual machine and conduct pre release testing of the virtual appliance See the Oracle VM VirtualBox User Manual for details about the various network configuration options for VirtualBox All network access to the virtual machine is achieved by proxy through the host s network adapter This means that the host OS should be located on a network sub domain or segment that restricts access both to and from the virtual machine This is the same principle as restricting access to and from any machine within your network The OS of the VM that you are using is Oracle Linux Oracle Linux contains the iptables firewall The iptables utility is turned off by default in the delivered PeopleSoft virtual appliance You may choose to enable the f
33. cates with the delivered VM and all traffic is HTTP by default If needed HTTPS must be configured after initial deployment if secure HTTP access is required These default characteristics mean that access to the virtual appliance is quite open by default PIA access can be locked down in a number of ways The following are examples of steps that can be taken e Configuring SSL and disabling HTTP access e Changing the default PIA HTTP or HTTPS ports e Disabling non essential user accounts in the database to prevent unauthorized user login e Changing default passwords for user accounts in the database e Configuring the firewall to allow only clients within a specific sub domain range to access the PIA host Considering Security for Client Tools Understanding Client Tools PeopleSoft PeopleTools including Application Designer PSIDE and PeopleSoft Change Assistant are client tools that can run on only a Microsoft Windows machine which can be the host OS or a remote workstation that has network access to the virtual machine Alternatively the PeopleTools client installation can be placed on a shared or mapped drive that multiple users can access in read execute mode The installer for these Microsoft Windows based client tools is contained within the virtual appliance and is exposed through a Samba share See the section on Samba shares later in this documentation for more information about how to manage access to the shared folders After the
34. client installation has been copied from the virtual appliance it is no longer necessary to expose the VM file system to clients See Deploying the PeopleSoft VirtualBox Appliances Understanding Samba and File System Access Considering Application Designer Security Application Designer is not needed for feature demonstration or evaluation purposes it is used for development or debugging purposes The virtual appliance is delivered with an open Workstation Listener WSL port 7000 on the Application Server domain for Application Designer connectivity This port should be disabled if Application Designer is not needed and the administrator needs to secure the virtual appliance See the information on Workstation Listener options in the PeopleTools System and Server Administration product documentation Copyright 2013 Oracle and or its affiliates All rights reserved Chapter 3 Planning Security Administration Considering Change Assistant Security Change Assistant works with the Environment Management Framework in performing PeopleSoft application updates as well as upgrades This function requires a variety of access at several points during the update process including the following e The update process requires two tier connection to both the source and target databases e In the case of PeopleSoft Update Manager updates Change Assistant needs to connect to the virtual machine PeopleSoft Image database at the time of Ch
35. date Manager See Oracle PeopleSoft Hosted PeopleBooks site for PeopleSoft PeopleTools http www oracle com pls psfthomepage homepage PeopleTools PeopleSoft Update Manager See PeopleSoft Update Manager Home Page My Oracle Support Document 1464619 1 My Oracle Support This support platform requires a user account to log in Contact your PeopleSoft representative for information Copyright 2013 Oracle and or its affiliates All rights reserved xi Preface To locate documentation on My Oracle Support search for the title and select PeopleSoft Enterprise to refine the search results See My Oracle Support https support oracle com e PeopleTools Installation for Oracle for the current release This documentation provides instructions for installing PeopleSoft PeopleTools on an Oracle RDBMS using the traditional method See My Oracle Support search for title e PeopleSoft Application Installation guides Application specific installation instructions are required in addition to the installation instructions for PeopleSoft PeopleTools See My Oracle Support search for title e User manual for Oracle VM VirtualBox This is an extensive document that helps understand how to create and manage virtual machines using Oracle VM VirtualBox See Oracle VM VirtualBox User Manual Oracle Technology Network http www oracle com technetwork server storage virtualbox documentation index html Comments and Suggestions
36. delivered the Samba shared drive folders are configured as read only which is sufficient for installing software to the Microsoft Windows client machine This is sufficient for accessing installation programs such as the PeopleTools Client installation setup You may modify the Samba configuration file in etc samba smb conf to change which content is accessed from outside the guest OS See the samba man page in the virtual machine and the web site www samba org for more information about configuration options for Samba Reviewing the File System and Users The PeopleSoft installation deployed by the PeopleSoft VirtualBox appliance sets up an environment comprised of several directories This table lists the directories with a description and the owner C irao Description mees PS_HOME The binary installation files are placed This directory can only be written into a secure PS_HOME directory at to by the PeopleSoft administrator opt oracle psft pt tools psadm1 PS_CFG_HOME The Application Server and Process This directory is owned by psadm2 Scheduler server configuration files are placed into PS_CFG_HOME The PS_CFG_HOME path is home psadm2 psft pt lt peopletools_ version gt PS_APP_HOME The application installation files are This directory can only be written to placed into a mounted directory at by psadm3 opt oracle psft pt apptools PS_CUST_HOME The directory is created at This directory is owned by psadm2 opt oracl
37. e The Microsoft Windows based program Application Designer is an important tool that is used to perform a variety of administrative tasks in a PeopleSoft environment Copyright 2013 Oracle and or its affiliates All rights reserved Chapter 4 Deploying the PeopleSoft VirtualBox Appliances The PeopleSoft installation deployed by the Oracle VM VirtualBox virtual appliance includes the PeopleTools Client installer that packages Application Designer and other client tools for example Change Assistant Configuration Manager and the PeopleSoft Test Framework The installer is provided in the virtual machine in the following directory opt oracle psft pt tools setup Client Oracle strongly recommends that you dedicate a Microsoft Windows machine for the PeopleTools client for each PeopleSoft Image This should be a machine that is not used for other PeopleSoft purposes You should install or upgrade the PeopleTools client tools each time the PeopleTools patch release increments as noted in the PeopleSoft Image PI manifest Note Compare the release patch level from the installation executable on the PeopleSoft Image and in your target environment installation Install the PeopleTools Client with the highest release patch level See your PeopleSoft Image home page for release patch information for the PeopleTools Client The link for your PeopleSoft Image home page can be found on PeopleSoft Update Manager Home Page My Oracle Support Docume
38. e Settings window select Network in the left hand frame The Network page includes four tabs in the right hand frame one for each of the network adapters 4 On the Adapter 1 tab select Bridged Adapter in the Attached to drop down list Verify that the Name drop down list is populated with the correct network adapter This will typically be the wireless or wired network adapter that is on the host computer This can be found for example by examining the network configuration in Microsoft Windows Control Panel 6 Click OK and start the VM See Starting the PeopleSoft VirtualBox Appliance 7 Update the hosts file on the host Microsoft Windows machine to reflect the new IP address of the VM See Using the Virtual Appliance Hostname from the Host OS Resetting the Network Stack of Your Virtual Appliance If you made errors while initializing your virtual appliance and wish to reset it to the pre initialization state use the technique described in the section Resetting PeopleSoft Virtual Appliances It is also applicable if you simply want to change the way that your virtual appliance works on the network See Resetting PeopleSoft Virtual Appliances Using the Virtual Machine with VPN Your virtual machine may not work as expected if your host OS is connected to a private network using a Virtual Private Network VPN In particular Application Designer PuTTY or browser connections to PIA may fail This is because communication to and from th
39. e following command service psft abw status e If all the mid tier components are running you see the following message Application Server Domain is Up Process Scheduler Domain is Up PIA Domain is Up e If the mid tier components are not running you see the following message Application Server Domain is Down Process Scheduler Domain is Down PIA Domain is Down e To start the mid tier components run the following command service psft abw start e To stop the mid tier components run the following command Copyright 2013 Oracle and or its affiliates All rights reserved 53 Deploying the PeopleSoft VirtualBox Appliances Chapter 4 54 service psft abw stop Task 4 8 5 Running Multiple Virtual Machines This documentation discusses the deployment of a single virtual appliance You can however install and run multiple virtual machines Keep the following points in mind when planning to deploy multiple VMs Verify that the available disk space and memory is sufficient for the total number of VMs For example if you plan to deploy three VMs that each require 4 GB RAM and 40 GB disk space you will need at least 12 GB RAM and 120 GB available disk space on the host machine See Prerequisites Reviewing Hardware Requirements Consult the VirtualBox documentation as well as this documentation for network configuration options For information on networking options see the section Setting the Network Configuration for t
40. e from the Use menu Cross references Cross references that begin with See refer you to additional documentation that will help you implement the task at hand We highly recommend that you reference this documentation Cross references under the heading See Also refer you to additional documentation that has more information regarding the subject quotation marks Indicate chapter titles in cross references and words that are used differently from their intended meaning Note Note text Text that begins with Note indicates information that you should pay particular attention to as you work with your PeopleSoft system Important Important note text A note that begins with Important is crucial and includes information about what you need to do for the system to function properly Warning Warning text A note that begins with Warning contains critical configuration information or implementation considerations for example if there is a chance of losing or corrupting data Pay close attention to warning messages Products This documentation may refer to these products and product families e Oracle Database e Oracle Enterprise Manager x Copyright 2013 Oracle and or its affiliates All rights reserved Preface Oracle Linux Oracle Tuxedo Oracle VM Oracle VM VirtualBox Oracle WebLogic Server Oracle s PeopleSoft Application Designer Oracle s PeopleSoft Customer Relationship Manageme
41. e psft ptdb custhome For information on using PS_CUST_HOME see the information on working with PS_CUST_HOME in the PeopleTools System and Server Administration product documentation Copyright 2013 Oracle and or its affiliates All rights reserved Chapter 4 Deploying the PeopleSoft VirtualBox Appliances Directory pesonn J aooe PI HOME This is the file repository that Change This directory requires read access for Assistant uses when you define Change Packages and read and write a Change Package in PeopleSoft access to apply PeopleSoft Release Update Manager The location is Patchsets PRPs opt oracle psft ptdb pi_home To apply PeopleSoft Release Patchsets Note The directory contents will be PRPs use the instructions in the accessed by Change Assistant Manual section Changing the Access for changes are not recommended PI_LHOME to change the access to read write and disable guest login ORACLE_HOME Oracle RDBMS The Oracle RDBMS database server This directory is owned by user oracle software and client connectivity software including the SQL Plus program is located in u01 app oracle product 11 2 0 x db_1 The Oracle RDBMS client installation for Linux is the 64 bit client used by PeopleSoft PeopleTools to connect from the PeopleSoft Application Server and Process Scheduler domains to the PeopleTools Database Note The database listener for the RDBMS hosting the PeopleSoft PeopleTools
42. e user to enter the hostname manually This can be problematic Rather than entering the hostname manually in the next step shut down the virtual machine and start again at the beginning of this procedure Choose a hostname Use the following considerations in specifying the hostname e If you want the virtual machine to access an external network you must use a legitimate hostname and fully qualified domain name for that network See Using Alternative Network Configurations Copyright 2013 Oracle and or its affiliates All rights reserved 33 Deploying the PeopleSoft VirtualBox Appliances Chapter 4 If you do not need to access an external network you can manually configure the hostname In this case specify a hostname that is comprised of any alphanumeric name of your choosing plus a fully qualified domain name that is lt hostname gt lt domainname gt For example hcm example com This should not be a hostname that is currently in use on your network e If you do not enter a hostname the default hostname localhost lt domainname gt will be assigned 6 Specify the hostname e If you chose to enable dynamic IP configuration DHCP in the earlier step you see the following prompt Shutting down interface etho OK Shutting down loopback interface OK Configuring network settings IP configuration DHCP Bringing up loopback interface OK Bringing up interface etho OK Determining IP information for
43. e virtual machine takes place through the VirtualBox Network Adapter When a VPN connection is active the host OS will route all network communication through the VPN network adapter The reason that communications to and from the virtual machine will not work is that the VPN adapter does not recognize the private network that VirtualBox is using Therefore communications from the browser Application Designer and so forth get stopped at the VPN adapter and do not get propagated to the virtual machine For information on working with VPN consult the VirtualBox documentation See VirtualBox https www virtualbox org Copyright 2013 Oracle and or its affiliates All rights reserved Chapter 4 Deploying the PeopleSoft VirtualBox Appliances Using the Virtual Machine Hostname from the Host OS If the hostname of your virtual machine is not known to the network on which your host OS is running you will not be able to use it to access the virtual machine Client connections such as those made by the browser to PIA will not be able to resolve the hostname To overcome this issue it is necessary to update the hosts file on the host OS This file will be located in SystemRoot System32 drivers etc SystemRoot by default maps to C Windows The hosts file must be updated to contain a mapping from the virtual machine IP address to the hostname that it has been assigned This will allow the network adapter on the host OS to route any network traff
44. ececceeee eee e eee tena eee eee eeeaee teen ee rnnr 39 Reviewing the File System and USEIrS ccccce cece eee ence teen etna ee enna ee ete ceeeee eee neee 40 Accessing the Shared Drive Folders on the Virtual Appliance File System 0 eeeeeee ee eee es 42 Installing and Starting Oracle Database Client Tools cccccc eee e cece eee ee eee eee eeee teen eeennnaes 43 Installing the PeopleTools Client Tools and Using Application Designer cceee cence ee eee ee 44 Installing PeopleSoft Change Assistant 0 0 ccc cece eee teen eee eee eee eee neee eet enaee seen nnne nn 46 Managing PeopleTools Domains with PSADMIN 0 eeeeee tence eee ee etna eeeeaee ee eneee nena 47 Changing the Access for PLA OME e222 ccnsee se cey tee Bese ee Exe Rie Se Nie Pade ie ees 47 Using COBOL with the PeopleSoft VirtualBox Appliance 2 0 cece eee eee eee eeeeeee teens tee eeae 48 Resolving Problems with the PeopleSoft Runtime Environment 0cceeeeeeeeeeeeeeeee eee teenies 48 Managing the Virtual Environment Lifecycle ccc cece cece eect eee eee enact encase neaeee ee seen eee 50 Understanding Virtual Machine Management 0 ccceeee eee e eee eee ee ee ee eee tee eteeeeeee en nenn 50 Customizing and Cloning Virtual APpllanGeS ic ie cacctcesae ioatecs ce dex deate Wh te tane Dis denehe es Codans Pte monde 51 Using the PeopleSoft Configuration Script
45. ed Adapter Intel R 82579LM Gigabit Network Connection uss lt Oracle VM VirtualBox Manager with existing appliance 2 Select File Import Appliance 22 Copyright 2013 Oracle and or its affiliates All rights reserved Chapter 4 Deploying the PeopleSoft VirtualBox Appliances p 8 Oracle VM VirtualBox Manager Machine Help Virtual Media Manager Ctrl D A Import Appliance Ctrl I Export Appliance Ctrl E Q Preferences Ctrl G FSCMDB 85303d F Exit Ctrl Q em Oracle 64 bit System Base Memory 2048 MB Processors 2 Boot Order Floppy CD D D ROM Hard Disk Acceleration T x AMD Nested Paging PAE NX Display video Memory 12 MB Remote Desktop Server Disabled Q Storage gt Audio Host Driver Null Audio Driver Controller ICH AC97 EP Network Adapter 1 Connection uss Snapshots m Preview m PCnet FAST III Bridged Adapter Intel R 82579LM Gigabit Network Oracle VM VirtualBox Manager window with File menu 3 Click Open Appliance and browse to APPLIANCE_TEMP_DIR Select the OVA installation file and click Next The appliance in this example is HCMDB 85303d ova Copyright 2013 Oracle and or its affiliates All rights reserved 23 Deploying the PeopleSoft VirtualBox Appliances Chapter 4 24 Ww Import Virtual Applicance Appliance to import VirtualBox currently supports importing appliances saved in t
46. er to access the PI_LHOME share you will be required to provide the user name psadm3 and the password for that user configured in the preceding steps Task 4 6 Using COBOL with the PeopleSoft VirtualBox Appliance If you plan to use any PeopleSoft applications that require COBOL see the information on obtaining installing compiling and running Micro Focus Server Express COBOL in the PeopleTools installation documentation Note that you must use a properly licensed Micro Focus COBOL compiler as discussed in the following references Contact your Micro Focus account representative or licensed supplier for details on obtaining a license See Also PeopleTools Installation for Oracle for the current release Installing and Compiling COBOL on UNIX PeopleSoft Enterprise Frequently Asked Questions About PeopleSoft and COBOL Compilers My Oracle Support Document 747059 1 Task 4 7 Resolving Problems with the PeopleSoft Runtime Environment 48 Use the information in this section to guide you in resolving problems with your PeopleSoft virtual machine e You are unable to start the virtual machine See Prerequisites Reviewing Hardware Requirements e Check that hardware virtualization is supported and enabled in BIOS Copyright 2013 Oracle and or its affiliates All rights reserved Chapter 4 Deploying the PeopleSoft VirtualBox Appliances Verify that you are using the supported version of the host platform 64 bit M
47. es to ensure its safe use Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications Third Party Content Products and Services Disclaimer This software or hardware and documentation may provide access to or information on content products and services from third parties Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third party content products and services Oracle Corporation and its affiliates will not be responsible for any loss costs or damages incurred due to your access to or use of third party content products or services Contents Preface About this Documentation isis ctucncccewncaxencnnnnineentiannnwtaswisakenbeesnatnke tank aaecakenaxannraete ix Understanding this Documentation saens i cottivns cheeerwedae Crccdeaeerdhan assent uhteamunnnedaneeedengthtiasatnee inn ix FU Nello E Sumner E E kee A Mee ere eee Rae eer are eee Ren eee eae ix Typographical CONVENTIONS lt ceva ee era oueeea bee Seas tee ew a eas ee eats ta end Sieew Eee aa ae ix PIOGUCIS ocaeie Gare orate Wena ns E ba beadie aiaeeana hea dnede ae saeeaeeatendcoeaemna ad aoe eee x PIS Ate CsI MIOR eMetrics erate ad se ara am aed acter uaehe atte meets Beale S anes ard Salty xi Comments and SUGGESTIONS Amie eee eean ol avs eines ee ne ee taal a aware oR hea eee xii Chapter 1 Prer q isShesS
48. ethO done Do you want to manually configure the hostname y N y Enter hostname e g host domain com hostname example com Network configuration changed successfully IP configuration DHCP IP address 92 168 L 103 Netmask 255 255 255 0 Gateway DNS Server Hostname hostname example com 34 Copyright 2013 Oracle and or its affiliates All rights reserved Chapter 4 Deploying the PeopleSoft VirtualBox Appliances e Optional If you chose not to enable dynamic IP configuration that is you are using a static IP address you see this prompt Shutting down interface etho OK Shutting down loopback interface OK Configuring network settings IP configuration Static IP address Bringing up loopback interface OK Bringing up interface etho OK Enter hostname e g host domain com static _hostname example com Network configuration changed successfully IP configuration Static IP address IP address 192 168 1 103 Netmask 255725525950 Gateway 10 147 68 1 DNS Server 192 168 190 70 Hostname static_hostname example com 7 Ifyou want to change any of the values you supplied for the IP configuration and hostname in the previous steps enter n no to the following prompt Are you happy with your answers Y n n The system repeats the prompts in the previous steps beginning with Configuring network interface 8 If you are satisfied with the values you supplied for the
49. ger highlight your virtual appliance and click Start green arrow This example shows both a previously imported appliance which is running and the newly imported appliance HCMDB 85303d which is powered off Copyright 2013 Oracle and or its affiliates All rights reserved 31 Deploying the PeopleSoft VirtualBox Appliances Chapter 4 32 E 8 Oracle VM VirtualBox Manager co amp 3 ep gt Q Snapshots New Settings Start Discard 6s FSCMDB 85303d General E Preview Running f 3 Name HCMDB 85303d A HCMDB 85303d Operating System Oracle 64 bit Ax O Powered Off System Base Memory 4096 MB a Processors 2 HCMDB 5303d Boot Order Floppy CD DYD ROM Hard Disk Acceleration T x AMD Nested Paging PAE NX w Display video Memory 12 MB Remote Desktop Server Disabled Q Storage gt Audio Host Driver Null Audio Driver Controller ICH AC97 EP Network Adapter 1 PCnet FAST III Host only Adapter virtualbox Host Only Ethernet Adapter USB 4 Oracle VM VirtualBox Manager with imported PeopleSoft virtual appliance A command window appears displaying system initialization messages for the virtual machine similar to those shown below Note A portion of the messages has been omitted for the sake of brevity Starting crond OK Starting SMB services OK Starting sshd OK Specify a password fo
50. groups and authorization Here is a possible scenario for the security administration provided by these four administrators 1 Amanda downloads the latest PeopleSoft virtual appliance to the physical machine on which the virtual machine will run Amanda imports the PeopleSoft virtual appliance using VirtualBox Manager Amanda creates a virtual machine from the imported virtual appliance Amanda selects the network adapter for the virtual appliance Amanda obtains the PeopleSoft database connect ID and password from Charlie NA BN ae eS Amanda starts the VM The startup procedure includes prompts for the VM network configuration information default root password and the connect ID and password Amanda provides this information to Bob See Deploying the PeopleSoft VirtualBox Appliance Starting the PeopleSoft VirtualBox Appliance 7 Bob logs in to the virtual machine using Secure Shell SSH as VM user root 8 Bob changes the root password and the passwords for each of user accounts in the virtual machine See Deploying the PeopleSoft VirtualBox Appliance Using the PeopleSoft Installation 9 Bob applies security to the guest OS for example e Firewall configuration Copyright 2013 Oracle and or its affiliates All rights reserved 13 Planning Security Administration Chapter 3 e Disabling unnecessary services e Installing Critical Patch Updates CPUs 10 Bob copies the PeopleTools client installation program t
51. he Open Virtualization Format OVF To continue select the file to import below Open appliance C APPLIGNCE_TEMP_DIR HCMDB 85303d ova Hide Description Cancel Import Virtual Appliance window 4 Review the configuration details for the virtual appliance The details for your appliance will be different from those shown in this example The configuration details listed include appliance name version and the location of the Virtual Disk Images To change the Virtual Disk Image location to a preferred file system location double click the entry This may be necessary if the file system onto which you will place the disk images does not have sufficient free space Note It is recommended that you do not decrease the values for CPU and RAM The virtual appliance requires these minimum resources in order to run effectively and efficiently If the host OS on which the virtual machine will run does not have adequate resources to direct to the virtual machine you will experience problems when using the virtual machine Copyright 2013 Oracle and or its affiliates All rights reserved Chapter 4 Deploying the PeopleSoft VirtualBox Appliances GO Import Virtual Applicance Appliance settings These are the virtual machines contained in the appliance and the suggested settings of the imported VirtualBox machines You can change many of the properties shown by double clicking on the items and disable others using
52. he Virtual Appliance in this documentation For details about networking configuration on VirtualBox see the Oracle VM VirtualBox User Manual If you plan to deploy more than one VM and you intend to assign static IP addresses you should plan for multiple addresses However keep in mind that since each VM is a separate machine the ports configured on each VM can be the same You have a range of choices in setting up Change Assistant the Oracle database client and PeopleTools client tools discussed earlier in this chapter in the section Using the PeopleSoft Installation As with any PeopleSoft installation you will need to carry out specific steps depending upon your target environment s RDBMS platform Details about using the VMs with PeopleSoft Update Manager as well as information about setting up Change Assistant and the Environment Management Framework in different configurations can be found in the PeopleTools PeopleSoft Update Manager product documentation Copyright 2013 Oracle and or its affiliates All rights reserved Index Application Designer access 15 running 44 security considerations 16 Authentication Domain setting 38 Change Assistant security considerations 16 Change Assistant installing 46 cloning VirtualBox appliances 51 COBOL 48 command to reset the virtual appliance 52 configuration script 51 critical patch updates finding schedule 15 customization 51 customizing virtual appliances 50 di
53. he firewall can be configured to only allow connections to the database service listener port from specific clients See Also SQL Plus User s Guide and Reference Oracle Technology Network Oracle Database Documentation Library Copyright 2013 Oracle and or its affiliates All rights reserved 17 Planning Security Administration Chapter 3 Considering Security for Samba and the VM File System The Samba configuration allows users outside the guest OS to access the file system that is internal to the VM Only a limited part of the file system is exposed mostly for access to the client installation programs required for PeopleSoft application development and customization Samba is not required for ongoing use of the virtual machine after initial setup The client installations programs can be relocated Unless continued access to the VM file system is required the Samba service should be disabled This will further prevent unauthorized users accessing the VM file system Use this command to disable the Samba service chkconfig smb off See Deploying the PeopleSoft VirtualBox Appliances Understanding Samba and File System Access Considering the VM Operating System and Secure Shell Access Remote users that is users outside the host OS can only sign on to the virtual machine using Secure Shell SSH All of the default users in the virtual machine must therefore have their passwords changed or invalidated immediately after initial st
54. ic directly to the virtual appliance Add an entry such as the following in order to use the virtual machine hostname rather than the IP address to establish connections 192 168 1 103 hostname example com Task 4 3 Starting the PeopleSoft VirtualBox Appliance This section describes the initial startup of the virtual machine This section assumes that you have imported the PeopleSoft VirtualBox appliance as described in the previous section This section also assumes that you have chosen to use host only networking As you use Oracle VM VirtualBox Manager you may see messages concerning keyboard and mouse control See the VirtualBox documentation for details about these messages See Oracle VM VirtualBox User Manual First Steps Note If you plan to use a static IP address you will need to provide a valid IP address as well as addresses for the Domain Name System DNS server gateway and netmask in this procedure A static setup works best with the Bridged Adapter network configuration If you enter the values for a static networking setup in this procedure but you have chosen to use host only networking when importing the virtual appliance the system will not be able to contact the DNS and validate the hostname See the information in Setting the Network Configuration for the Virtual Appliance to configure the Bridged Adapter before beginning this procedure To start the virtual machine 1 Open Oracle VM VirtualBox Mana
55. icrosoft Windows Verify that you have sufficient physical resources on the host machine RAM CPU and disk space Check the system information in Oracle VM VirtualBox Manager for warnings about memory usage Open Oracle VM VirtualBox Manager and select your virtual appliance Select Settings System Check for warnings at the bottom of the System page Verify that you are using a supported version of Oracle VM VirtualBox Access the links from the PeopleSoft Update Manager home page My Oracle Support Document 1464619 1 for the supported version of Oracle VM VirtualBox for your PeopleSoft appliance You are unable to connect to the VM from the host OS Although the VM appears to successfully start you are unable to connect to the virtual machine through PIA or other clients such as Application Designer or SQL Plus This is frequently because the virtual machine cannot be accessed from the host OS Identify the IP address of the virtual machine using this Linux Bash shell command ifconfig more The output of this command is the IP address associated with the ethO network adapter for the virtual machine In a command prompt on the host OS or Microsoft Windows client machine use the ping command to verify that you can access the IP address See Setting the Network Configuration for the Virtual Appliance You notice poor performance If you feel the virtual machine exhibits noticeably poor performance you may need to increa
56. idering PeopleSoft Application Security and Client Access This section discusses e Understanding PeopleSoft Application Security and Client Access e Considering PeopleSoft Pure Internet Architecture Security e Considering Security for Client Tools e Considering SQL Plus Security e Considering Security for Samba and the VM File System e Considering the VM Operating System and Secure Shell Access Copyright 2013 Oracle and or its affiliates All rights reserved 15 Planning Security Administration Chapter 3 Understanding PeopleSoft Application Security and Client Access To effectively use the virtual machine you will need to make it available to users In the most secure deployment the only user that needs to access the VM is the logged in user on the host OS This is not expected to be sufficient in most cases and therefore access to the VM will need to be made available to the user population The VM should be made only as accessible as it needs to be for the users to perform the required tasks Each of the VM access channels is discussed below Considering PeopleSoft Pure Internet Architecture Security By default any user that can reach the VM over TCP IP can access the PIA login page The URL for accessing PIA is well known and can be constructed if the hostname of the VM is known Furthermore the user accounts that are in the PeopleSoft database in your virtual appliance contain default passwords There are no security certifi
57. ile using a standard zip tool The first zip file you extract includes several relatively small files such as a README a text file with checksum values and two scripts Use the MD 5 or SHA 1 checksum values to verify all of the downloaded zip files The scripts ova_gen bat for Microsoft Windows operating systems and ova_gen sh for UNIX or Linux operating systems are used in the next step to combine the individual parts into a single OVA file 4 Combine the individual files into a single file with a ova extension Copyright 2013 Oracle and or its affiliates All rights reserved 7 Preparing to Deploy Chapter 2 Based on your operating system run ova_gen bat or ova_gen sh which you extracted from the first downloaded zip file to extract the remaining files and generate the combined OVA file On Microsoft Windows run the ova_gen bat script The script uses a copy b command to combine the separate parts into a single OVA file Note You can also open the script with a text editor and copy the command from the script if you prefer to run it manually On UNIX or Linux run the ova_gen sh script The script uses a cat command to combine the separate parts into a single OVA file Note You can also open the script with a text editor and copy the command from the script if you prefer to run it manually 5 After you combine the individual files you have a single file with a ova extension such as lt TEMPLATE_NAME g
58. in that can only be accessed by the authorized domain users Implication Tf not and if the unauthorized users have a network path to the VM additional on host security will need to be applied to prevent access to the VM 6 Question Will you retain the VM beyond the availability of a refresh on My Oracle Support Copyright 2013 Oracle and or its affiliates All rights reserved Chapter 3 Planning Security Administration Implication You must consider activities associated with ongoing maintenance of the VM such as OS and PeopleSoft application software patching password expiration and so on Copyright 2013 Oracle and or its affiliates All rights reserved 19 Planning Security Administration 20 Chapter 3 Copyright 2013 Oracle and or its affiliates All rights reserved CHAPTER 4 Deploying the PeopleSoft VirtualBox Appliances This chapter discusses Importing the PeopleSoft VirtualBox Appliance Setting the Network Configuration for the Virtual Appliance Starting the PeopleSoft VirtualBox Appliance Setting the Authentication Domain in the Web Profile Using the PeopleSoft Installation Using COBOL with the PeopleSoft VirtualBox Appliance Resolving Problems with the PeopleSoft Runtime Environment Managing the Virtual Environment Lifecycle Task 4 1 Importing the PeopleSoft VirtualBox Appliance This section assumes that you have a running VirtualBox installation on your Microsoft Windows machine
59. initialized your virtual machine The downloaded virtual appliance archive is required only to set up the virtual machine 40 50 GB for the virtual machine when initialized e Network The default installation of the PeopleSoft VirtualBox appliance sets up a host only network configuration If you wish the VM to join the network you will need to make sure that you are able to configure the network stack within the VM in such a way that it will be able to join the local area network LAN on which it will reside This documentation includes brief information on alternative network configurations See Using Alternative Network Configurations 2 Copyright 2013 Oracle and or its affiliates All rights reserved Chapter 1 Prerequisites Task 1 2 Reviewing Software Requirements Here are the software requirements for deploying Oracle VM VirtualBox PeopleSoft Appliances e Oracle VM VirtualBox Before deploying the Oracle VM VirtualBox PeopleSoft Appliances you must install Oracle VM VirtualBox See Understanding Oracle VM VirtualBox Download the current version of VirtualBox from the Oracle VM VirtualBox web site See Oracle VM VirtualBox https www virtualbox org e Secure shell client You will need a secure shell SSH client for example PuTTY to log in to the virtual machine after initialization e Web Browser You need a version certified for the current PeopleSoft PeopleTools release for end users See My Or
60. ion program for Microsoft Windows discussed in this section and can be used from the host machine or another Microsoft Windows machine In addition in a traditional PeopleSoft installation on Oracle Database the SQL Plus utility is installed with an Oracle Database Server installation To connect to the database use the following command sqlplus SYSADM SYSADM DB_SERVICE_NAME Note Change the password above SYSADM immediately after the installation See the SQL Plus documentation for information on changing passwords For information on changing the PeopleSoft installation user IDs see the product documentation for PeopleTools Data Management Working with Oracle 11g Security Features At this point you may issue SQL statements against the database that is running on the virtual appliance You may need to connect using different user password combinations depending upon the activity that you wish to perform See Also Reviewing the File System and Users SQL Plus User s Guide and Reference Oracle Database Documentation Library Oracle Technology Network http www oracle com technetwork indexes documentation index html Task 4 5 3 Installing the PeopleTools Client Tools and Using Application Designer This section discusses e Understanding Application Designer and the Oracle VM VirtualBox Appliance e Installing and Starting Application Designer Understanding Application Designer and the Oracle VM VirtualBox Applianc
61. irewall in order to restrict access to the VM This allows you to control which resources ports and so on are available to users based on the host credentials from which they reach the VM The steps required to enable the iptables firewall and limit network access to the VM are documented in the Oracle Linux security documentation See Oracle Linux Security Guide Configuring and Using Packet Filtering Firewalls Oracle Technology Network http docs oracle com cd E37670_01 index html Considering User Security 12 A number of distinct and separate user accounts are used when interacting with the VM These user accounts are as follows e Host OS user account User that logs in to the host OS imports the virtual appliance and creates the virtual machine e Network users Network users that access the virtual machine after it is started by using PIA Application Designer and so on e Application user accounts User accounts contained in the PeopleSoft application database that are used to sign on to the PeopleSoft application e Guest OS user accounts User accounts for signing on to the guest virtual machine There are a number of default users in the virtual machine as described in a later section See Deploying the PeopleSoft VirtualBox Appliances Reviewing the File System and Users e Samba user accounts User accounts for accessing a limited part of the file system of the VM from outside the virtual machine
62. iss canwcawixcawacen swab neeiawnanitiGs ENEEK Saan EAEn enean Otu kaoat n a eine 1 Reviewing Hardware Requirements 0 ccceee eee cece eee eee eee eee ee esse seen teen eeneeeeeeee tarnrn 1 Reviewing Software Requirement c cc cece cece eee eee ee eee e ee enna eee eens eee ee nneee eee ca eeeeae 3 Chapter 2 Preparing 10 Deploy extiicceticceaucida vewosantunwenwiguvnicensanauubnebkanniutneestaeweusbecussanednteoeende 5 Understanding Oracle VM VirtualBox and the PeopleSoft Deployment ccceeeeeeee eee cee eee 5 Understanding Oracle VM VirtualBOX ccc cece eee eee eee ee encase enna eet neeeennaeee ee terrnino 6 Completing the PeopleSoft Application Specific Installation cccc ccc ccee cece eeeeeeeeeeeeee errena 7 Obtaining Oracle VM VirtualBox for PeopleSoft Appliances 2 0 ceceeeee cece eee eee eee eneee neat 7 Chapter 3 Planning Security Administration asssunsnnnununnnnnnnnnnnnnnnnnnnnnnnnnnnnnunnnnnnnnnn alee 9 Understanding Security Administration for the PeopleSoft Virtual Machines c0ceeee mannna 9 Considering Physical Security recnck tare tie cide te neste ne eeaue inate nad okynau ca seeonsae meeaamace secs ae cawaleihs 10 Considering Host Operating System SeCurity 0 c cece eee eee eee eee een e en eeee ee eee es 11 Considering Network Security cessere rianne doe EE aE EEE EEEO EERE EO ERRONEA ne swe 11 Considering User
63. istrator before being made available to the user population Furthermore a PeopleSoft deployment typically makes considerations for scalability and fault tolerance The PeopleSoft VirtualBox appliances have not been constructed to meet these requirements as delivered If the decision is made to make the virtual appliance available to a larger user population the administrator should take steps to implement the necessary security requirements See Oracle VM VirtualBox web site https www virtualbox org See Oracle VM VirtualBox User Manual Oracle Technology Network http www oracle com technetwork server storage virtualbox documentation index html 6 Copyright 2013 Oracle and or its affiliates All rights reserved Chapter 2 Preparing to Deploy Completing the PeopleSoft Application Specific Installation After you complete the installation tasks for the PeopleSoft VirtualBox appliance covered in this documentation there may be additional installation and configuration steps that are specific to the PeopleSoft Application you are installing Be sure to obtain the installation documentation for your PeopleSoft Application and complete any necessary tasks covered there You can find the PeopleSoft Application specific installation guides by searching on My Oracle Support Task 2 1 Obtaining Oracle VM VirtualBox for PeopleSoft Appliances Use this information to obtain and extract the VirtualBox appliances for a PeopleSoft applica
64. ity 14 VirtualBox appliance importing 21 starting 31 VirtualBox appliances cloning 51 describing 5 downloading 7 VPN 30 Windows Client installing 44 yum repository 14 Copyright 2013 Oracle and or its affiliates All rights reserved
65. l be found in opt oracle psft pt tools after deployment e PeopleSoft Client Installer e PeopleSoft Pure Internet Architecture PIA built with Oracle WebLogic web server e Application Server configured using a PeopleSoft small domain configuration e Process Scheduler with a default UNIX configuration e Oracle Tuxedo e Oracle Linux operating system e Samba Open Source software for file system access included Copyright 2013 Oracle and or its affiliates All rights reserved 5 Preparing to Deploy Chapter 2 The section Using the PeopleSoft Installation later in this document details the components of a PeopleSoft environment deployed by the PeopleSoft VirtualBox Appliance and gives information on how to work with the environment See Deploying the PeopleSoft VirtualBox Appliances Using the PeopleSoft Installation Before you carry out the procedures in this document to deploy the PeopleSoft VirtualBox appliance for use with a PeopleSoft application update it is a good idea to review the various installation setups in the PeopleSoft Update Manager documentation available on the PeopleSoft Update Manager Home Page on My Oracle Support The way that you carry out these procedures will be impacted by your specific environment See PeopleTools PeopleSoft Update Manager Setting Up the PeopleSoft Image See Also Understanding Oracle VM VirtualBox Prerequisites Obtaining Oracle VM VirtualBox for PeopleSoft Appliances Unde
66. lean up and restart the virtual machine using the modified configuration script See Resetting PeopleSoft Virtual Appliances Create clones and export the virtual machine to be used on other hosts See the VirtualBox documentation for more information on handling VMs See Oracle VM VirtualBox User Manual Oracle Technology Network http www oracle com technetwork server storage virtualbox documentation index html Copyright 2013 Oracle and or its affiliates All rights reserved Chapter 4 Deploying the PeopleSoft VirtualBox Appliances Task 4 8 1 Customizing and Cloning Virtual Appliances The virtual appliances delivered by Oracle for PeopleSoft installation can actually be used as a basis for a customized environment For example you may change some of the domain configuration settings and clone the virtual appliance using Oracle VM VirtualBox Manager This snapshot can be cloned and used on other host OSs This means that you don t need to repeat the same customization steps each time you initialize a virtual appliance Instead it is possible to install software into a virtual appliance or add specific configuration preferences and then clone the virtual appliance There are a few things to keep in mind when cloning a virtual appliance Before cloning a virtual appliance it is typically necessary to clean the network stack and remove host specific configuration settings Note This may not be necessary if the virtual appliance
67. lication Security PIA See Also PeopleTools Security Administration Securing Your PeopleSoft Application Environment Oracle Technology Network http download oracle com peopletools documents Securing_PSFT_App_Environment_May2010 20v4 pdf Considering Physical Security The virtual appliances are required to run as a guest VM on a physical machine This physical machine may be any 64 bit machine with an AMD or Intel chip with virtualization extensions enabled This is discussed in greater detail in the hardware requirements of this documentation The virtual appliances can therefore be placed on a server grade machine or a machine as modest as a desktop or laptop that fits the hardware requirements In most cases however the physical machine on which the guest VM runs will be managed by the system administrator and will reside in the data center or a secured server room This machine will need to be physically secured in the same way any other machine on your corporate network would be secured See Prerequisites Reviewing Hardware Requirements 10 Copyright 2013 Oracle and or its affiliates All rights reserved Chapter 3 Planning Security Administration Considering Host Operating System Security Virtual Machines run in user space on a virtualization platform User space is a system administrator term that should be understood by a security consultant This means that processes within the virtual machine will not ha
68. lists security considerations Identify the scenario which best matches your use case Environment Desorption Considerations Local e Single user system e The VM does not need to be secured because it is only used by that is a host only network setup e Runs on laptop or desktop he same user that owns thehost n e No network access required which it runs e No additional steps required Copyright 2013 Oracle and or its affiliates All rights reserved 9 Planning Security Administration Chapter 3 Environment Description Considerations Network trusted users e Small user population fewer e Network security is required to than 10 users restrict access to the Guest OS via e User access can be restricted the LAN to a domain of trust that can be e The security setup uses existing implemented as authorization network administration utilities to group limit access to the virtual appliance e VM does not access external e Security administration should network prevent outbound connectivity from the virtual appliance Network untrusted users e The user population is not trusted Implement the same security or known considerations as for the network trusted users scenario e VM access cannot be restricted to small user group e The network security should follow that used for other machines on the network e Disable unnecessary services such as Samba and tighten ports e Implement PeopleSoft App
69. lues that do not match these criteria the system prompts you to enter the correct values If you are using this VM to apply PeopleSoft Update Manager enabled maintenance the connect ID and password must match the values on your target database Note If you do not see this prompt the default value for the connect ID user is people and that for the connect ID password is people with the letter I replaced by the number one 1 Review the status of the setup steps The system displays messages indicating the steps in the setup process The success or failure of the step is indicated by OK or FAILURE See the log file mentioned at the end of this section for information on failed steps This example shows portions of the configuration messages e The creation of the database Setting up PeopleSoft Database lt default dbname gt on this VM Starting PeopleSoft Database lt default dbname gt OK e The creation and startup of the PeopleSoft Application Server and Process Scheduler Setting up PeopleSoft Application Server on this VM Setting up Oracle TNS Names Entry OK Creating PeopleSoft Application Domain APPDOM OK Starting PeopleSoft Process Scheduler Domain PRCSDOM OK e The installation and startup of PeopleSoft Pure Internet Architecture PIA Setting Up Peoplesoft Pure Internet Architecture on this VM Starting PIA Domain peoplesoft OK e The configuration of Process Scheduler report n
70. net resource and Windows will open it for you Microsoft Windows Run dialog box with IP address This is the IP address used for your virtual machine in the section Starting the PeopleSoft VirtualBox Appliance Copyright 2013 Oracle and or its affiliates All rights reserved Chapter 4 Deploying the PeopleSoft VirtualBox Appliances Windows Explorer opens displaying a file system location within the virtual machine with several share drives Task 4 5 2 Installing and Starting Oracle Database Client Tools The PeopleSoft installation deployed by the Oracle VM VirtualBox virtual appliance includes an installation executable for the 32 bit Oracle Database Client for Microsoft Windows You can install the Oracle Database Client on the Microsoft Windows machine hosting your virtual appliance or another Microsoft Windows machine See the PeopleTools installation guide for information on configuring sqInet ora See PeopleTools Installation for Oracle Preparing for Installation Installing Oracle Net on the Server Note Compare the release patch level from the installation executable on the PeopleSoft Image and in your target environment installation Install the Oracle Database Client with the highest release patch level See your PeopleSoft Image home page for release patch information The link for your PeopleSoft Image home page can be found on PeopleSoft Update Manager Home Page My Oracle Support Document 1464619 1
71. nt CRM Oracle s PeopleSoft Enterprise Learning Management ELM Oracle s PeopleSoft Financial Management FIN Oracle s PeopleSoft Human Capital Management HCM Oracle s PeopleSoft PeopleTools Oracle s PeopleSoft Process Scheduler Oracle s PeopleSoft Supply Chain Management SCM Oracle Secure Enterprise Search See http www oracle com applications peoplesoft enterprise html for a list of Oracle s PeopleSoft products Related Information You can find several sources of reference information about PeopleSoft PeopleTools and your particular PeopleSoft application You can access PeopleSoft documentation for the current release of PeopleSoft PeopleTools and PeopleSoft applications at the Hosted PeopleBooks site You can also find installation guides and other information by searching for the product name and release number on My Oracle Support Oracle PeopleSoft Hosted PeopleBooks This page includes links to the most recent documentation for PeopleSoft PeopleTools and PeopleSoft applications See Oracle PeopleSoft Hosted PeopleBooks http www oracle com pls psfthomepage homepage PeopleTools Getting Started with PeopleTools for your release This documentation provides a high level introduction to PeopleTools technology and usage See PeopleTools PeopleBooks for the current release on the Oracle PeopleSoft Hosted PeopleBooks site http www oracle com pls psfthomepage homepage PeopleTools Change Assistant and Up
72. nt 1464619 1 See the PeopleTools installation guide for Oracle for the current release Preparing for Installation Planning Your Initial Configuration Application Designer runs only on Microsoft Windows operating systems You can install and run Application Designer on the host OS or another Microsoft Windows machine The section Installing and Starting Application Designer describes how to use Application Designer to verify that you can connect directly to the database that is using two tier mode For information on using Application Designer in three tier mode connection through the Application Server and for more information on the PeopleTools client tools see the PeopleSoft documentation See the PeopleTools installation guide for Oracle for the current release Setting Up the Install Workstation See the PeopleTools installation guide for Oracle for the current release Configuring the Application Server on UNIX Creating Configuring and Starting an Initial Application Server Domain See PeopleTools Change Assistant and Update Manager See PeopleTools PeopleSoft Update Manager See PeopleTools System and Server Administration Using PeopleSoft Configuration Manager See PeopleTools PeopleSoft Test Framework Installing and Starting Application Designer To install the PeopleTools Client tools and start Application Designer on a Microsoft Windows machine use the following steps See the PeopleTool
73. o a shared read only file system location outside the VM for Application Designer users to access 11 Bob provides Charlie connectivity information for the PeopleSoft application and PeopleSoft database 12 Charlie makes any necessary configuration or security changes to the DBMS 13 Denise makes any necessary configuration or security changes to the application through PIA or other PeopleTools utilities 14 Denise confirms operation of the application 15 Denise announces the availability of the VM to the broader end user population 16 The end users access the PeopleSoft Application through the normal mechanisms of using PIA or Application Designer Considering the Virtual Machine Guest Operating System Security This section discusses e Understanding the Virtual Machine Guest Operating System Security e Applying Operating System Patches and Updates e Checking for Critical Patch Updates e Disabling Unnecessary Services Understanding the Virtual Machine Guest Operating System Security The OS of the virtual appliance is delivered with limited security The PeopleSoft installation is secure in terms of file system permissions The OS users that are used to administer the PeopleSoft system are consistent with published best practices As noted elsewhere those users are local to the virtual machine and must have their passwords immediately changed upon initial deployment See PeopleTools Mid Tier Deployment Best Practices Or
74. odes and Integration Broker Configuring Process Scheduler Report Node OK Starting PeopleSoft Process Scheduler Domain PRCSDOM OK When you see a message indicating the completion of the initialization the PeopleSoft runtime environment is available for use For example The setup of the PeopleSoft Virtual Environment is completed Please review the gt activity output in var log oraclevm template log Review the var log oraclevm template log file for information on the initialization process To confirm external shell access to the virtual machine log in to the virtual machine from your host OS using Secure Shell SSH with a telnet client Copyright 2013 Oracle and or its affiliates All rights reserved Chapter 4 Deploying the PeopleSoft VirtualBox Appliances PuTTY is the SSH client used in the example below In order to connect with SSH you will need the IP address of the virtual machine The IP address can be identified using the Linux command ifconfig After the SSH client connects to the host before you can access the virtual machine you will need to supply the root user and the password that you provided earlier in this procedure Note You can also log in to the VM on the console using one of the default accounts described in the task Using the PeopleSoft Installation This example shows the results of the Linux ifconfig command in the console and the PuTTY client dialog box ink encap
75. ols client utilities While it is possible to use the same machine as the VirtualBox appliance host and the PeopleSoft Microsoft Windows client it is not required To review the certification information for the PeopleSoft Microsoft Windows client see My Oracle Support Certifications Oracle strongly recommends that you dedicate a Microsoft Windows machine for the PeopleTools client used with the PeopleSoft Update Manager This should be a machine that is not used for other PeopleSoft purposes See Deploying the PeopleSoft VirtualBox Appliances Using the PeopleSoft Installation for information on installing the PeopleTools client utilities e Host computer You need a physical host computer to install VirtualBox and deploy the PeopleSoft Image PI This host computer can be located remotely and accessed by network based desktop visualization methods such as RemotePC or Microsoft Remote Desktop Connection However because the PeopleSoft VirtualBox appliances are 64 bit the VirtualBox instance that runs them cannot be run in another virtual machine Also VirtualBox cannot be used in a cloud or Amazon Machine Image AMI environment Host operating system The host operating system must be one of the following e 64 bit Microsoft Windows that is supported by the PeopleSoft PeopleTools client utilities See My Oracle Support Certifications See PeopleSoft PeopleTools Certifications My Oracle Support Document 747587 1 for help sea
76. on calls the four functions in the order presented in the table The first boot configuration calls the function ovm_configure_pre before any of the PeopleSoft PeopleTools setup functions begin and ovm_configure_post after the PeopleSoft PeopleTools setup functions have completed This script does not just play a role when initializing When the virtual appliance is being cleaned the PeopleSoft PeopleTools cleanup script calls the ovm_cleanup_pre function before any of the PeopleSoft PeopleTools setup functions begin and ovm_cleanup_post function after the PeopleSoft PeopleTools setup functions have completed As described in the above table these functions are located in opt oracle psft vm oraclevm template ext sh Any of these functions may be empty These functions may call any of the functions in the PeopleSoft PeopleTools scripts This allows them to manipulate and override the functions delivered in the PeopleSoft PeopleTools scripts After you have modified the opt oracle psft vm oraclevm template ext sh configuration script to include your preferred code it is necessary to reset the virtual appliance to get it ready to be cloned as described in the following section See Resetting PeopleSoft Virtual Machines Task 4 8 3 Resetting PeopleSoft Virtual Appliances It is possible to reset your virtual appliance such that the next time it is started it will appear as a clean newly started virtual appliance This technique c
77. or does this ability suggest fitness to a given application since Oracle tests and verifies correct functioning of these virtual machines only on the Oracle VM VirtualBox virtualization platform The steps for securing the host OS will naturally vary depending upon the virtualization platform This results from the fact that some virtualization platforms are host bound and others are enterprise multi user solutions that have security models built into the virtualization management platform that contain different roles with varying authorization levels Considering Network Security The VMs are delivered with the network adapter in host only network configuration This means that only users logged into the host OS can access resources within the guest OS For example logging into PIA can only be achieved from a browser running on the desktop of the host OS Furthermore the VM can only access resources within its own virtual machine This means that steps need to be taken explicitly to make the VM accessible to and from the network It is understood that a host only configuration is impractical for any real usage of the virtual machine The delivery of the virtual appliance with a host only adapter by default is a security precaution to prevent unexpected introduction of a new virtual host on the local area network LAN when switching on the virtual machine for the first time By changing the network adapter settings in VirtualBox Manager you
78. oying the PeopleSoft VirtualBox Appliances usr sbin oraclevm template enable 3 Shut down the virtual appliance by selecting the option ACPI Shutdown in the virtual appliance console Task 4 8 4 Using PeopleSoft Services After you initialize the PeopleSoft virtual machine you can use the following Linux Bash shell commands to start and stop services for the database and mid tier application server Process Scheduler and PIA components e To find the status of the PeopleSoft database run the following command service psft db status If the database called DBNAME in this example and the TNS Listener for the database are running you see the following message PeopleSoft Database DBNAME is Up PeopleSoft Listener is Up Note For more information on the TNS listener see the Oracle Database Net Services Administrator s Guide Oracle Database Documentation Library http www oracle com pls db112 homepage e If the database and the PeopleSoft TNS Listener are not running you see the following message PeopleSoft Database DBNAME is Down PeopleSoft Listener is Down e To start the PeopleSoft database and PeopleSoft TNS listener run the following command service psft db start e To stop the PeopleSoft database and PeopleSoft TNS listener run the following command service psft db stop e To find the status of the mid tier components that is the Application Server Process Scheduler batch server and PIA run th
79. oying the PeopleSoft VirtualBox Appliances Chapter 4 Task 4 4 Setting the Authentication Domain in the Web Profile 38 In one of the steps in the previous section Starting the PeopleSoft VirtualBox Appliance you chose whether to configure the virtual machine with dynamic IP configuration DHCP or a static IP address If you configured the virtual machine using the static networking option the authentication domain is configured automatically and you can skip this section To access the sign in window when you have configured the virtual machine with the static networking option use the URL http hostname example com 8000 ps signon html If you configured the virtual machine to use DHCP use one of these options to sign in to the PeopleSoft application from a browser on the host OS e Use the virtual machine IP address in the URL http VM_IP_ADDRESS 8000 ps signon html e If you want to use a host name rather than an IP address in the URL that you use to access the PeopleSoft application you must carry out the procedure in this section to set the authentication domain for PIA manually See PeopleTools Installation Guide for Oracle for the current release Setting Up the PeopleSoft Pure Internet Architecture In all cases after accessing the PeopleSoft application sign in window enter the appropriate user name and password for the PeopleSoft application for example VP1 VP1 PS PS or PTDMO PTDMO The user IDs and passwords u
80. perating System and Secure Shell ACCESS ccceee cece eee eeeeeeee rnrn 18 Summarizing Security Considerations tenes does cus Eady eheed bis eed wav esee fidet Mie dvaesSied diet ie gt see nn 18 Chapter 4 Deploying the PeopleSoft VirtualBox Appliances cccceeeeee eee ee eee ee eeeeeeeeeee mennene 21 Importing the PeopleSoft VirtualBox Appliance 0 0 cc cece eect eee ene seen nneee beens 21 Setting the Network Configuration for the Virtual Appliance 0 0 cece cece eee eee eee tenet eee renner 26 Understanding Network Configuration SettingS 20 c cece cece ee eee eee reenter eeeeaeee eee en eee 26 setting a Host Only Network Configuration scisc ccc cau snndnaee Siciegs bhdndnaee oi denen Poadenee ba deda ed ntemandnatel 27 Using Alternative Network Configurations 2 00 ce eceee eee eee eee eee eee eee ee tenant et nneeeeeeneneae 28 Starting the PeopleSoft VirtualBox Appliance 0 00 cc cece cece eect ee enact etna seen tee eee ee ce eeaee 31 Setting the Authentication Domain in the Web Profile 0 0 cc cece cece eee eee eee eee eeee eee seen eee 38 Using the PeopleSoft Installationsisescsczeestiavetnedides Sect xee heed deta eied ae odied dies Peedi ete deet eee weed ae 39 Reviewing the PeopleSoft Environment cceccee eee ce cee eee c eee tenes eee ee eaee ete teaeee teen nenn 39 Understanding Samba and File System ACCESS
81. r Signon Information Below Connection Type Oracle z Database Name FSCMDB User ID FSCMDB Password m oneei Copyright 1988 2013 Oracle and or its affiliates All rights reserved PeopleSoft Signon box for Application Designer in two tier mode 5 Select Oracle from the Connection Type drop down list as shown in the example above 6 Enter the database name 7 Enter the User ID and Password for the PeopleSoft application for example PS PS VP1 VP1 or PTDMO PTDMO 8 Click OK to start Application Designer Task 4 5 4 Installing PeopleSoft Change Assistant To install the PeopleSoft Change Assistant on a Microsoft Windows machine See the PeopleTools Installation guide for Oracle for the current release Installing Change Assistant Note Compare the release patch level from the installation executable on the PeopleSoft Image and in your target environment installation Install the Change Assistant with the highest release patch level See your PeopleSoft Image home page for release patch information The link for your PeopleSoft Image home page can be found on PeopleSoft Update Manager Home Page My Oracle Support Document 1464619 1 Copyright 2013 Oracle and or its affiliates All rights reserved Chapter 4 Deploying the PeopleSoft VirtualBox Appliances 1 Follow the instructions to install the PeopleTools client tools See Installing the PeopleTools Client Tools and Using Applica
82. r the root user at the following prompt Take note of the value that you provide as it is essential for performing administrative operations on the virtual machine Changing password for user root New UNIX password Retype new UNIX password passwd all authentication tokens updated successfully Copyright 2013 Oracle and or its affiliates All rights reserved Chapter 4 Deploying the PeopleSoft VirtualBox Appliances Choose whether to use dynamic IP configuration for this virtual machine at the following prompt Configuring network interface Network device etho Hardware address 00 11 22 33 AA BB Do you want to enable dynamic IP configuration DHCP Y n Y These instructions assume that you are using Host only networking as discussed earlier in this document and therefore you enter Y yes This will result in a dynamic IP address being assigned by the VirtualBox network adapter this configuration is referred to as Dynamic Host Configuration Protocol or DHCP Optional If you wish to assign a static IP address enter n no to the prompt in the preceding step You must provide a valid IP address to ensure that the virtual host can join the network You will also need the DNS server IP address gateway and netmask If you do not satisfy these criteria you see the following prompt The DNS server entered is not reachable This is due to either the Virtual gt Machine s network is attached to a Host only Adapter
83. ra file in the ORACLE_HOME installation directory The default location should be ORACLE_HOME network admin The directory containing the tnsnames ora file is referred to as TNS_ADMIN_DIR in this section Copy the contents of the tnsnames ora file from the oracle client share directory and paste it into the ORACLE_HOME network admin tnsnames ora file 8 Set environment variables using the following commands set PATH ORACLE_ HOMES 3PATHS set TNS ADMIN TNS ADMIN DIR Copyright 2013 Oracle and or its affiliates All rights reserved 43 Deploying the PeopleSoft VirtualBox Appliances Chapter 4 44 For example on Microsoft Windows a Open the Control Panel and select System and Security System Advanced system settings b On the System Properties dialog box select Advanced and click Environment Variables c Add or modify the environment variables After the Oracle Database Client installation is complete it is possible to connect to the database running in your virtual appliance In order to do this you will connect using the SQL Plus program also referred to as sqlplus The sqlplus program will be located in ORACLE_HOME Oracle SQL Plus is used to issue Structured Query Language SQL statements against a relational database The database must be running before any commands can be issued The database can be shut down and restarted by using SQL Plus SQL Plus can be accessed by using the Oracle Database Client installat
84. rching PeopleSoft Certifications Copyright 2013 Oracle and or its affiliates All rights reserved 1 Prerequisites Chapter 1 e 64 bit Linux If you use a machine with a Linux operating system to host the VirtualBox appliance note that you will also need a Microsoft Windows machine for the PeopleTools client e CPU capabilities The process must be a 64 bit process with hardware virtualization capabilities These features must be enabled in the BIOS before the machine is booted The host computer on which the PeopleSoft VirtualBox appliances will run must have a 64 bit processor that can support hardware virtualization PeopleSoft VirtualBox appliance relies on 64 bit Oracle Linux guest operating systems OSs VirtualBox does not support software virtualization for 64 bit OSs So the host system should support hardware virtualization Your host system must have 64 bit CPUs that support Intel Virtualization Technology Intel VT first released in 2005 or AMD Virtualization AMD V Technology first released in 2006 hardware virtualization features Most newer CPUs from Intel and AMD contain the required virtualization extensions These virtualization extensions are not normally enabled by default in a new machine It is necessary to enter BIOS in your system and enable virtualization extensions before attempting to run any virtual machines Consult the documentation provided with your computer for information on accessing the BIO
85. rstanding Oracle VM VirtualBox Oracle VM VirtualBox is a virtualization product from Oracle that allows one or more guest operating systems OSs to be run on and in a single host OS Oracle VM VirtualBox has the following advantages e A guest OS can run any number of applications completely in isolation from the host OS VirtualBox virtualizes the physical resources of the host OS e Memory CPU network cards and so on are presented to the guest OS such that the guest is unaware that it is running in a virtualized environment e Most applications do not require any special modifications in order to run in a guest OS in VirtualBox Pre configured guest OSs also known as virtual appliances can be downloaded from My Oracle Support Virtual appliances can also be created manually on any machine on which VirtualBox is installed This typically involves running the conventional installation program for the OS that you wish to run as your guest Once you have created a virtual machine in this manner it can be redistributed to any number of users VirtualBox is intended to host applications with only a very small number of users VirtualBox is a machine bound solution it runs on a single host Therefore PeopleSoft VirtualBox appliances as delivered are intended for demonstration or evaluation purposes They are not intended to be used for a large number of users or for remote access A typical PeopleSoft application will be secured by the admin
86. s Installation guide for Oracle for the current release Using the PeopleSoft Installer Note If necessary you can obtain license codes for PeopleSoft products at http www oracle com us support licensecodes index html 1 Access the virtual machine file system from your Microsoft Windows host as described in the section Accessing the Shared Drive Folders on the Virtual Appliance File System 2 Locate the client share directory which contains the PeopleSoft Client Installer 3 Run Client Disk1 setup bat to launch the Client installer Copyright 2013 Oracle and or its affiliates All rights reserved 45 Deploying the PeopleSoft VirtualBox Appliances Chapter 4 46 Specify the installation location for the PeopleSoft Client tools referred to here as INSTALL_DIR If you are installing the PeopleSoft Client tools when using a PeopleSoft Image as a source database for a PeopleSoft application update select Oracle as the Database Platform and the Unicode option during this installation For other possible installation configurations see PeopleTools PeopleSoft Update Manager Note If you choose you may also copy the client directory contents to another convenient directory on the Microsoft Windows machine and install from there 4 Run JNSTALL_DIR bin client winx86 pside exe to start Application Designer The PeopleSoft Signon dialog box opens Signon x ORAC Le PeopleT ools 8 53 Ente
87. sabling unnecessary services 15 hardware requirements 1 host operating system security 11 hosts file updating 31 importing VirtualBox appliance 21 Micro Focus Server Express COBOL 48 network configuration setting 26 using Bridged Adapter configuration 28 using host only adapter 27 network security 11 Oracle Database Client installing 43 Oracle Linux updates 14 Copyright 2013 Oracle and or its affiliates All rights reserved Oracle RDBMS client installing 43 Oracle VM VirtualBox See VirtualBox oracle client 43 ORACLE_HOME accessing 40 oraclevm template ext sh using for configuration changes 51 PeopleSoft application security 15 PeopleTools client installation 44 PeopleTools client security 15 physical computer security 10 PI_LHOME changing to read write 47 PIA security 16 PS_CFG_HOME accessing 40 PS_HOME accessing 40 PSADMIN managing domains 47 resetting virtual machines 50 Samba accessing virtual appliance file system 39 security considerations 18 Secure Shell security considerations 18 security scenarios 9 services disabling unnecessary 15 services using 53 settings for network configuration 26 shared drive folders accessing 42 software requirements 3 SQL Plus security considerations 17 troubleshooting 48 user accounts 12 user security 12 users default 40 55 Index 56 virtual appliance file system accessing folders 42 Samba 39 virtual machine operating system secur
88. se the memory depending upon your environment Use the Linux Bash shell command free If the output of this command shows significant use of the swap file system try increasing the memory of the virtual machine to improve performance If your VM host machine OS is Microsoft Windows a common issue is the fragmentation that naturally occurs when files are stored on disk This can be remedied by running a defragmenting utility such as comes with the Microsoft Windows OS or provided by several external vendors To improve speed of this defragmenting quiesce the processes running on the host OS including stopping the PeopleSoft virtual machines The process will take from a few minutes to several hours depending on the condition of the hard disk Application Server and Process Scheduler fail to start The main reason that the Application Server or Process Scheduler domains fail to start is because they cannot connect to the database This can occur because the database or database listener is not started You should verify that the database is in fact started using the SQL Plus utility before proceeding If you are unable to connect to the database you may need to start the database This can be done with SQL Plus The second most observed reason why these domains fail to start is because there are insufficient resources available to support the hardware requirements of the virtual machine You are unable to connect with SQL Plus from the host OS
89. sed to sign in to the PeopleSoft application VP1 VP1 and so on are delivered with the virtual appliance For information on modifying the user ID passwords see the information on working with passwords in the PeopleTools Security Administration product documentation To set the authentication domain 1 Sign in to the PeopleSoft application in a browser using the virtual machine IP address http VM_IP_ADDRESS 8000 ps signon html 2 Select PeopleTools Web Profile Web Profile Configuration Click Search and select PROD from the results list 4 On the General tab enter the authentication domain for your host For example if your virtual machine host name is hostname example com enter example com in the Authentication Domain field Click Save and sign out On the Microsoft Windows machine hosting the virtual machine open the C Windows System32 drivers etc hosts file for editing 7 On anew line enter the virtual machine IP address and the full host name with the authentication domain for example 192 168 1 103 hostname example com 8 Save the file 9 Shut down and restart the VM 10 To sign in to the PeopleSoft application use this URL Copyright 2013 Oracle and or its affiliates All rights reserved Chapter 4 Deploying the PeopleSoft VirtualBox Appliances http hostname example com 8000 ps signon html 11 On the sign in window enter the appropriate user name and password for the PeopleSoft application
90. t lt TOOLS_VERSION gt lt PIxxx gt OVA Use the MD 5 or SHA 1 checksum file extracted from the first zip file to verify the checksum values of this OVA file This is the virtual appliance archive that can be imported into Oracle VM VirtualBox See Deploying the PeopleSoft VirtualBox Appliances Importing the PeopleSoft VirtualBox Appliance 8 Copyright 2013 Oracle and or its affiliates All rights reserved CHAPTER 3 Planning Security Administration This chapter discusses Understanding Security Administration for the PeopleSoft Virtual Machines Considering Physical Security Considering Host Operating System Security Considering Network Security Considering User Security Considering the Virtual Machine Guest Operating System Security Considering PeopleSoft Application Security and Client Access Summarizing Security Considerations Understanding Security Administration for the PeopleSoft Virtual Machines This chapter presents topics for you to consider when planning to secure your PeopleSoft virtual machine VM This chapter is not intended to replace or supersede any of the concepts covered in the PeopleSoft PeopleTools Security Red Papers or other sources of corporate infrastructure hardening The extent to which your VM must be secured is decided by the way in which it will be used and by whom The more exposure the VM receives the more secure it must be The following table describes three scenarios and
91. tables is 1522 Oracle database tables PeopleSoft The database tables for The owner of the database tables is PeopleTools PeopleSoft PeopleTools oracle and its group is oinstall are located in the directory oes opt oracle psft ptdb oradata lt SID gt Note This is different from the users where lt SID gt is the database name for the PeopleSoft installation and configuration Other directories The rest of the environment outside These directories are owned by root PS_HOME and PS_CFG_HOME The file system ownership and permissions are similar to typical Oracle Linux installations The deployed configuration includes the default users and default passwords described in this table Important All default non root passwords are set to expire immediately On the first login of one of the non root users the system will prompt you to provide new passwords This applies to the passwords in the following table except SYSADM and root In the case of the passwords that expire immediately such as those for psadm1 and so on if you do not log in as the user specified in this table and change the password the default password documented here remains in effect For more information see Planning Security Administration Considering User Security Copyright 2013 Oracle and or its affiliates All rights reserved 41 Deploying the PeopleSoft VirtualBox Appliances Chapter 4 42 User Name Default Password Role Defini
92. the check boxes below Description Configuration a Virtual System 1 Be Name HCMDB 85303d Product PeopleTools HCMDB VBox Applaince Vendor Oracle P version 35303d s B Guest OS Type W Oracle 54 bit f cpu 2 RAM 4095 MB USB Controller a Sound Card WICH AC37 EP Network Adapter V PCnet FAST M Am79C973 i gt Hard Disk Controller IDE PIIX4 4 Hard Disk Controller IDE PIIX4 Virtual Disk Image C A Users admin VirtualBox VMs HCMDB 35303d HCMDB 35303d disk lt Reinitialize the MAC address of all network cards Restore Defaults Cancel Appliance settings window 5 Select the option Reinitialize the MAC address of all network cards Important This option is required for proper operation of the virtual network interface on the network whether local or external 6 Click Import The import process takes a few minutes as shown in this example of a progress indicator Importing virtual disk image HCMDB 85303d disk1 vmdk 2 5 pa 12 X 3 minutes remaining Importing Appliance progress indicator When the import is complete the imported appliance is shown with the status Powered Off The steps in the next section begin with this window Copyright 2013 Oracle and or its affiliates All rights reserved 25 Deploying the PeopleSoft VirtualBox Appliances Chapter 4 F 8 Oracle VM VirtualBox M
93. tion 1 Go to the PeopleSoft Update Manager home page My Oracle Support Document 1464619 1 to find the information on locating and downloading the image for your PeopleSoft application This page includes links to PeopleSoft Update Manager documentation as well as links to the individual images Download the virtual appliance files from My Oracle Support into a single directory This can be any directory that has adequate available space This directory location referred to in this documentation as APPLIANCE_TEMP_DIR will be accessed in the next chapter when importing the file into Oracle VM VirtualBox Manager When you download there will probably be multiple zip files The multiple files are needed due to size limitations You must extract parts for the virtual appliance from these individual zip files and recombine them into a single file before importing into Oracle VM VirtualBox Manager The zip file names have the following format where lt TEMPLATE_NAME gt normally represents the PeopleSoft application name lt TOOLS_VERSION gt represents the PeopleSoft PeopleTools version and patch number such as 8 53 04 lt Plxxx gt is the image number such as PIOO1 and n represents the total number of files lt TEMPLATE_NAME gt lt TOOLS_VERSION gt lt PIxxx gt _OVA_ ofn zip For example FSCMDB 85304 P1I001_OVA_1of6 zip FSCMDB 85304 PI001_OVA_2of6 zip FSCMDB 85304 P1I001_OVA_6o0f6 zip Extract the contents of the first zip f
94. tion Oradmin the first character is the The PeopleSoft installation number zero administrator who owns PS_HOME This user cannot write into PS_CFG_HOME Oradmin the first character is the The PeopleTools domain user who number zero creates and configures the Application Server domain Process Scheduler batch server domain and the PIA This user cannot write to PS_HOME but has read execute access Oradmin the first character is the The PeopleSoft installation number zero administrator who owns PS_APP_HOME SYSADM SYSADM The Oracle access ID and password Use this to log in to the database in 2 tier mode oracle oracle The Oracle Database Server user name There is no default password for root The root user for the virtual machine The password is specified during the startup procedure See Also PeopleTools System and Server Administration Securing PS_HOME and PS_CFG_HOME Task 4 5 1 Accessing the Shared Drive Folders on the Virtual Appliance File System Use these instructions to access the shared drive folders in the file system made available on the virtual machine See Understanding Samba and File System Access From Windows Explorer access the virtual appliance file system from your Microsoft Windows host by selecting Start Run and entering the Microsoft Windows UNC path containing your virtual machine IP address as shown in this example Typethe name of a program folder document or Inter
95. tion Designer 2 Locate the INSTALL_DIR setup PsCA directory and run setup exe to launch the installer for PeopleSoft Change Assistant 3 Follow the instructions in the PeopleTools Installation guide for Oracle for the current release Installing Change Assistant to complete the installation Task 4 5 5 Managing PeopleTools Domains with PSADMIN Use the PSADMIN utility to manage any of the PIA Application Server or Process Scheduler domains You must first sign in with the PeopleTools domain user psadm2 described in the section Reviewing the File System and Users When you sign in as the PeopleTools domain user the psconfig sh script is automatically invoked through the user s profile This is referred to as sourcing the psconfig sh script This ensures that all of the required environment variables are set prior to working with PSADMIN You can perform all the usual administrative options for PIA Application Server and Process Scheduler domains using PSADMIN You may reconfigure the existing domains shut them down restart them and create additional domains if necessary The environment as delivered has however been sufficiently configured to perform many of the activities for which this virtual machine has been created See Also PeopleTools System and Server Administration Using the PSPADMIN Utility Task 4 5 6 Changing the Access for Pl HOME If you are applying PeopleSoft Release Patchsets PRPs use these instructions
96. to enable user password login and to change the access level to read and write 1 Using Secure Shell SSH log in to the virtual appliance as the root user 2 Stop the Samba server by running the command etc init d smb stop 3 Inthe command prompt window run the command smbpasswd a psadm3 4 Enter the psadm3 user s UNIX password at this prompt New SMB password Retype new SMB password Note Upon successful completion you should see the message Added user psadm3 5 Change directory to etc samba by running the command cd etc samba 6 Back up the file etc samba smb conf for example cp etc samba smb conf etc samba conf orig 7 Open the file etc samba smb conf file in an editor 8 Go to the section pi_home and make the following changes e Change from writeable no to writeable yes e Add the line guest ok no e Add the line valid users psadm3 Copyright 2013 Oracle and or its affiliates All rights reserved 47 Deploying the PeopleSoft VirtualBox Appliances Chapter 4 9 Review the changes in these examples Before pi_home path opt oracle psft ptdb pi_home writeable no available yes After pi_home path opt oracle psft ptdb pi_home writeable yes available yes guest ok no valid users psadm3 10 Save the file 11 Restart the Samba server by running the command etc init d smb start 12 After you complete these steps in ord
97. ve access to host resources Allowing the guest to access host resources would require additional steps to be taken by the administrator Therefore the virtual machine can be thought of as a secure container The steps required to allow the guest OS to see the host OS are not required by the PeopleSoft VMs and are therefore not documented here Virtual machines are created in the context of a logged in user on the VirtualBox manager desktop application The user under whom the VM is created should be a normal non administrator or non root user This is consistent with the least privilege security principle that is advocated for PeopleSoft installation homes and domain configurations See Deploying the PeopleSoft VirtualBox Appliances Importing the PeopleSoft VirtualBox Appliance The virtualization platform for which these virtual machines were built is Oracle VM VirtualBox The steps regarding host security assume that the VM runs in a host bound manner and in the context of a single user Because the VM runs in the context of a specific user other OS users do not have access to the virtual machine file system when logged on to the host OS If possible logon access to the host OS should be restricted to the user that will import create and manage the lifecycle of the virtual machine With minor modifications it is possible that these virtual machines would work on different virtualization platforms These modifications are not documented here n
Download Pdf Manuals
Related Search