Outsourcing your E-Business Suite environment - Part III

In this third article about outsourcing E-Business environments I will cover the supporting Services that you may need for your environment.
Read the first and second article in this series on Outsourcing your E-Business Suite

Supporting Services
Oracle E-Business Suite is a large application suite with many functionalities. These functionalities sometimes depend on external services that it needs in order to provide functionality to a user or an organization. The Oracle E-Business Suite has a three tier model, i.e. a database, an application and a client tier. The connectivity between the tiers is of essential importance. Therefore, a number of measures need to be taken in order to provide services to enable connectivity according to requirements one is setting for their E-Business Suite.

DNS
Domain Name System - DNS is of great importance if you want your hostname resolution taking place centrally. However, your hosting provider can give you two options: to use their general DNS Servers, or to establish a “local” or customer dedicated DNS service. The latter will mean that a server (preferably more) in your infrastructure needs to be designated as a DNS server, and this DNS server needs to be maintained. One of the key questions here is whether you want your application servers to be able to resolve addresses within the companies own network. Your companies network will be – in a way – extended to the hosting partner, by means of a VPN or WAN connection. The question is whether your application servers need to be able to resolve host names in your own network. If that is the case, you will probably need your own DNS servers. You can dedicate specific servers for this task, but usually a shared server will suffice.

SMTP
Simple Mail Transfer Protocol - Oracle E-Business Suite is often used with Oracle Workflow. One of the major advantages of Oracle Workflow is that tasks can be assigned to people, and they can automatically be notified that specific tasks are waiting to be completed. Usually, this notification is done through the Workflow Mailer. As the name says, this service uses e-mail functionality for notification. If you are using Workflow Mailer, you will require a SMTP server to be available to the application server, in order to be able to send e-mails.Again, it is possible to have dedicated servers for this, but the SMTP service can be established on a server that for example also provides DNS Service.

DHCP
Dynamic Host Configuration Protocol - Usually DHCP is not in use for an Oracle E-Business Suite. The reason for me to mention the DHCP service is because when you are discussing the options with your possible partner of choice, they will ask you whether you need it. In my opinion, the answer should be no. The database servers will not use DHCP, neither the Application servers. Any other server should have a fixed IP Address, otherwise it would be a workstation, in my humble opinion.

SSL
Secure Sockets Layer - Unless you have a dedicated VPN or WAN connection, you should demand a kind of secure connection for your E-Business Suite. This can be done through SSL Accelerators, or by setting up SSL in the E-Business Suite. When you have a VPN connection, the connection is secured already, as is the case with a WAN connection, because both of them are extensions on your current network. Still, having SSL implemented for your production E-Business Suite is never a bad idea. With hackers around almost every corner these days, you can never be sure enough that the information that is exchanged between your clients and application servers is secured and encrypted.

AD
Active Directory – This supporting service can be used in two ways. One way is to configure Active Directory Services to control who can log on to the operating systems, the other way is to control access to the database and applications. AD services can provide access control to many users in your environment, and can even be used in a centralized, i.e. shared service configuration. This means that your hosting provider could use AD to control access for all of its customers, including you. By configuring the users in AD, the provider can grant and deny access to certain servers or parts of its infrastructure. The question whether you as a customer want this, is a whole different issue, but I will come back to this in my next article.

NTP
Network Time Protocol – Especially when you have a multi-node environment or cluster technology like Real Application Clusters, it can be of great importance that all of your servers have exactly synchronized time. In order to provide this, one of the servers in your infrastructure, or again a shared server in the hosting center of your partner should be configured as a NTP server. All of the servers in your infrastructure should be synchronizing their system clocks to this server via a small piece of software. It is also possible to use Time Servers on the Internet, but then your servers need to have external internet access (see outbound web services)

Inbound Web Services
This service enables accessibility from the outside internet. In many cases, your E-Business Suite will be used from within your own company infrastructure. There is a number of cases where you would have parties from outside your company needing access to your environment, for example iProcurement, Oracle Time and Labor, iStore, etc. may require your E-Business Suite to be available from the Internet, if the parties accessing your E-Business Suite don’t have access to your own network. Usually, the server providing this service is placed in a so-called Demilitarized Zone (DMZ) about which later in this article.

Outbound Web Services
If your servers providing the E-Business Suite application need access to internet, you will need Outbound Web Service. For example, you have need to configure your application server to access Metalink services for updates, or to upload configuration data which is used for the Oracle Configuration Manager. In these case your servers need access to Internet.

DMZ
Demilitarized Zone – This is an area in the network that has a lower level of security, in order to facilitate access from the Internet. In a normal situation the servers of your infrastructure are only available to your own organization and not to the outside world. If your requirements are such that access from the Internet should be possible, you would need a zone that is accessible from the internet (usually via a SSL port: 443), which holds the servers and applications that provide the necessary services. Usually these servers are a bit more hardened than the other servers, which are located behind one or more additional firewalls, i.e. a safer zone.

Most of the above supporting services will be needed to provide an Oracle E-Business Suite environment, regardless whether you outsource or not. However, when you consider outsourcing, you should have a very clear view on these aspects, all in one. Everything needs to be clear before you start an outsourcing project. Adding a service to your environment should never be a problem with any outsourcing partner, but it may be defined as a change to the project/contract, which will end up in additional (read: more) costs. Covering these at the beginning of the contract will save you money at the end of the day.
I know the above list is not yet complete. Aspects like availability, load balancing, disaster recovery and, last but not least, security have not yet been covered, though they may be even more important to your environment. I will cover these in my next article.