What Does "DMZ Certification" Mean?

Depending on whom you ask, the E-Business Suite has somewhere around 200 functional applications products, clustered into larger product families such as Oracle Financials. A subset of those products are specifically certified for deployment in an externally-facing configuration via demilitarized zones (DMZ). For example, products certified for these types of "external" deployments include iRecruitment, iStore, and iSupplier Portal.

The diagram above shows a common DMZ configuration for the E-Business Suite Release 11i. All of the points I'll make in this article apply equally to Release 11i and 12.

Loopbacks are Incompatible with DMZs

Some E-Business Suite products use loopbacks, which I've discussed in a previous article. Apps products certified for external use in demilitarized zone configurations are tested to ensure that they don't use loopbacks.

In fact, we turn off loopback support completely as part of the DMZ certification process for externally-facing products. If a particular product breaks during testing in these environments, this means that their code must be upgraded to eliminate the use of loopbacks.

Which Products are Certified for DMZs?

Products certified for external deployment are listed in:

• Metalink Note 287176.1 for Release 11i
  
• Metalink Note 380490.1 for Release 12
  

Not all Apps products are appropriate for use in demilitarized zones, so product testing in these configurations isn't comprehensive across all product families. For example, regardless of security measures, no sane Apps architect would consider allowing their Chart of Accounts to be modified via the Internet. So, there's no point in certifying that particular product with in a DMZ configuration.

If a product isn't in listed in the appendices of the Notes listed above, it could mean one of two things:

1. It uses loopbacks and is not certified for external use in a DMZ configuration
   
2. It hasn't been tested in a DMZ configuration, and may or may not use loopbacks
   

What If a Product Isn't Certified?

Here's a hypothetical situation:

You'd like to deploy a particular application externally in a DMZ configuration. It's not listed in either of the referenced Metalink Notes. What do you do?

The answer: log a Service Request against the specific application via Metalink stating your requirement. It always helps to include a network diagram of your proposed topology, by the way. If all goes as planned, the Development team for the product will be notified of your requirement and will respond with an update on their plans for that certification.

Related

• Oracle E-Business Suite 11i Configuration in a DMZ (Metalink Note 287176.1)
• Oracle E-Business Suite Release 12 Configuration in a DMZ (Metalink Note 380490.1)
  
• In-Depth: Demilitarized Zones and the E-Business Suite
• Loopbacks, Virtual IPs & the E-Business Suite