Primary Note: Best Practices for Agile Product Lifecycle Management (PLM) 9.3.4 and Above on SSL (Doc ID 2138971.1)

Last updated on MARCH 09, 2023

Applies to:

Oracle Agile PLM Framework - Version 9.3.4.0 and later
Information in this document applies to any platform.

Purpose

The purpose of this document is to familiarize the reader with the process of securing Agile PLM and Authentication. It offers best practices for securing and authenticating Agile PLM as it relates to the technology stack including the SSL,LDAP,SSO, and the Agile PLM application. It is intended for System and Database Administrators (DBA) who are responsible for implementing and maintaining an Agile PLM system.

Scope:

The implementation and maintenance of an Agile PLM system can become very complex. It is beyond the scope of this document to provide guidelines on all possible configuration scenarios. The scope of this document is limited to core technology used in implementing an Agile PLM system.

Details:

SSL: SSL is an acronym for Secure Sockets Layer. SSL creates an encrypted connection between your web server and your visitors' web browser allowing for private information to be transmitted without the problems of eavesdropping, data tampering, or message forgery.

Why SSL: The primary reason why SSL is used is to keep sensitive information sent across the Internet encrypted so that only the intended recipient can understand it. When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to. This protects it from hackers and identity thieves. SSL achieves the following 1. Data Integrity 2. Data Privacy and 3. Client and Server Authentication

Proxy: It stands between an external network (such as Internet) and an organization's internal (private) networks and serves as a firewall. It prevents external users from directly accessing the internal information resources, or even knowing their location. All external requests for information are intercepted by the proxy server and checked for their validity, and only authorized requests are passed on to the internal server.

Why Proxy: To hide the IP address of the client computer so that it can surf anonymous, this is mostly for security reasons. A proxy server can act as an intermediary between the user's computer and the Internet to prevent from attack and unexpected access. Proxy also used for Load Balancing, SSL offloading.

Load Balancer: A load balancer is a device that acts as a reverse proxy and distributes network or application traffic across a number of servers. Load balancers are used to increase capacity (concurrent users) and reliability of applications.

Why Load Balancer: Load balancer will simply distribute the traffic evenly between all servers, regardless of existing load and performance. New connections will be sent to the server in the pool with the least connections. Servers in the pool are observed over time and trends are analyzed. The load balancer will assign traffic to the node that it believes will soon have the best performance. Load Balancer will be used for SSL offloading in addition to load balancing and failover.

Cluster: Group of independent servers (usually in close proximity to one another) interconnected through a dedicated network to work as one centralized data processing resource.

Why Cluster: Clusters are capable of performing multiple complex instructions by distributing workload across all connected servers. Clustering improves the system's availability to users, its aggregate performance, and overall tolerance to faults and component failures. A failed server is automatically shut down and its users are switched instantly to the other servers.

Disclaimer:

This document should be considered as a supplement to Oracle documentation and used for educational purposes only. Please refer to the official Oracle documentation for capacity planning and N-tier implementation guidelines.