Best practices/tools/technologies to expose AIS server from outside the network ?

jdecoder

Well Known Member
Hi,
Best practices/tools/technologies to expose AIS server from outside the network for 3rd party integration. Esp when JDE is on OMCS/OCI ?
JDE AIS Servers on OCI/OMCS is not accessible outside Oracle/Company Network.
AIS - 'Application Integration Server' is used for integration via REST APIs to JD Edwards Enterprise One.
Integration is to be done with third parties sitting outside the Oracle/Company Network.
We cannot let all our suppliers and customers to connect to our vpn
How can we use AIS for integration if it can never expose a provider API over the Internet and also consume a public services over in the Internet in an orchestration ?
Can we find out on how to expose AIS APIs over the internet ?


Regards,
jdecoder
Apps 9.2 Update2
Tools 9.2.0.3
JDE on Cloud with OMCS
 
Last edited:

RussellCodlin

Reputable Poster
Best practice is don't. You should never expose an open API solution like the AIS server to the internet as the security risk is significant. On top of that you're also exposed in terms of licensing.

You need to design and deploy only the services that your suppliers and customers need and make sure you have suitable access controls. From there you can use the AIS server to integrate back in to JDE if appropriate. In terms of solutions for this, you can either deploy your own solution within OMCS, make use of the Oracle Cloud API platform or there are a number of other vendors that provide cloud API solutions which could be integrated back in with OMCS.
 

jdecoder

Well Known Member
That's sounds like a good direction. I know exposing AIS is a bad idea. I'll look up API gateways that we can use. Thanks !!

Regards,
Suraj
 

shearerj

Reputable Poster
Russell, I understand the Rinami customers should never be Internet facing since they do not receive security patches. Do you have a source for the best practice outside of Rinami regarding how to make AIS Internet facing.
 

RussellCodlin

Reputable Poster
Russell, I understand the Rinami customers should never be Internet facing since they do not receive security patches. Do you have a source for the best practice outside of Rinami regarding how to make AIS Internet facing.

I think you're confusing us with Rimini Street... completely different organisation ;)

As far as exposing AIS to the internet, the issue is not security patches, the issue is that once a client has access to the AIS server, it is the client that gets to decide which services they wish to run and how they want to run them.

This is why there should be something in front of the AIS server. Using single factor authentication to control who gets access to your ERP from the internet is asking for trouble. On top of that, if you're going to expose an API, your only real option is to use the orchestrator as the AIS server alone breaks most of the rules with regards to REST API's which means anyone developing a client to consume the service is going to have major headaches if they're not intimately familiar with JDE.

For example, we provide a cloud based integration platform for JDE but the user gets to decide which services they wish to expose and we also enforce two-factor authentication both between the client and our system and between our systems and the customer's JDE system (we don't require AIS to be deployed).
 
Top