The New release (19.1.1) of Oracle E-Business Suite Cloud Manager is now available, that brings new security features for EBS (R12) on Cloud
In this post, I will cover:
- What is this new Security Feature?
- What is EBS Cloud Manager & How to Deploy it on Oracle’s Gen 2 Cloud
- How to Update Existing EBS Cloud Manager VM
- What is Compartment & Policy in IAM
- How to Design your compartment & Policy in this new Security feature.
One of the most important features which I found useful from the Security point of view is the Separation of Duties. Before I explain What is Separation of Duties & how it implemented using Compartment, lets first have a look at What is EBS Cloud Manager & how it is important for an Apps DBA & Architect to know.
What is EBS Cloud Manager?
As an Oracle Apps DBA, EBS Architect it is important for you to know about EBS Cloud Manager.
EBS Cloud Manager is a Virtual Machine that centrally manages all your EBS Environments on the cloud.
Note: To know more on EBS Cloud Manager Overview, click here
Using EBS Cloud Manager you can do:
- One-Click & Advanced Provisioning using HA
- Fast Clone
- Backup & Recovery
- Lift & Shift (Migration)
Where to Get EBS Cloud Manager?
1) Log in to the Oracle Cloud account, go to the OCI Console.
Note: If you haven’t registered for the Oracle Cloud Free Trial account yet, then, please Download Step by Step Activity Guide to Register for Oracle Cloud Trial Account
2) From the navigation menu, click on Marketplace
3) In this Marketplace, you will get the EBS CM image as well as all the Oracle provided Images & partners
4) Simply click on launch instance & it will create a Linux Machine inside your OCI Console using which you can then create or provision other EBS environment, also manage EBS.
Roles & Tasks
When you deploy or build your EBS Environment:
First, you define the Network, this task was done by the Network Administrator, then you define or set up the EBS Cloud Manager & this is done by the EBS CM Administrators. Once you have the network set up then you build your production, Test, QA or Dev environment & these are done by EBS Administrators (Apps DBAs)
Till now all these 3 tasks were done by a single team because there was no separation of Duties possible in EBS Cloud Manager.
With the latest release (19.1.1) Oracle has introduced a Separation of Duties, which means you have 3 different roles, you will define the appropriate privileges & permissions & then the responsible team will pick the task accordingly
In order to understand this, you will have to understand Compartments, Groups, how to apply a security Policy on a compartment & attach to a group
Let’s discuss these basic concepts first
What is Compartment?
A compartment is a logical container to organize & secure Oracle Cloud Infrastructure (OCI) Resources (such as compute, storage, network, load balancer, etc) and you apply IAM policies to that compartment, which restricts who can use the resources created within that compartment
To know more about the Compartment, check here
What is Policy?
A policy specifies who can access which Oracle Cloud Infrastructure Resources (Compute, VCN, Object Storage, Database, etc). A policy allows a group to work in certain ways with specific types of resources under a particular compartment
- Policies are comprised of one or more statements.
- It specifies which groups can access what resources. Also, it plays a role in the level of access users have in a particular group.
- Policy, attached to a group defines who can access what under a Tenancy or Compartment.
Policies are written in human-readable format:
- Allow group <group_name> to <verb> <resource-type> in tenancy.
- Allow group <group_name> to <verb> <resource-type> in compartment <compartment_name> [where <conditions>]
When you create a policy you must attach it to a compartment (or the tenancy, which is the root compartment). Where you attach it controls who can then modify it or delete it.
3 Different Roles for Managing E-Bussiness Suite
- Network Administrators: Design the Network(VCN, Subnet, Load Balancer, etc)
- EBS Cloud Manager Administrators: Group of Users who will manage the EBS Cloud Manager
- EBS/Application DBA’s: Create & manage the Production, Dev, QA environment
So according to this, you need to have 3 set Groups & Compartments so that the policy which you will create can be applied on specific Compartments
Now whatever I have covered today, We build this using step by step guide as part of Hands-On Lab in my training program “Build, Managed & Migrate EBS (R12) on Oracle Cloud” other step by step activity guides include-
- Setting Up Network for EBS Cloud Manager & EBS Environments
- Deploying EBS Cloud Manager
- Building EBS Environments on Cloud
- Cloning EBS on CLoud using FastClone
- Configuring Load Balancer
- Securing using SSL / TLS with Load Balancer
- Lift & Shift (Migration) from On-Premise To Cloud
- [Video] Oracle EBS R12 on Cloud For Beginners: 7 Things You Must Know
- April 2019 EBS Cloud Manager Updates
- 2434500.1 Deploying Oracle E-Business Suite Cloud Manager on Oracle Cloud Infrastructure
- 2434008.1 Managing the Oracle E-Business Suite Cloud Manager Virtual Machine
- Oracle EBS (R12) on Cloud (OCI) Beginners: 15 Things Apps DBAs Must Know
- [Video] Role of Oracle Apps DBA (EBS) R12 On Cloud
Next Task For You
If you are an Oracle Apps DBA and just starting out your journey to Oracle public Cloud then we highly recommend you to download our FREE Guide that contains 7 Things Every Oracle Apps DBA & Architect Must Know To Build & Manage EBS (R12) On Cloud in order to Manage & Migrate Oracle EBS R12 on Oracle Cloud.
Click on below image to get the FREE Guide.