Secure web delivery .....Is it possible???

[CNC Traveler]

Here is our basic issue. When we went to 8.12 it was decided to deliver the web E1 application via a published application using Citrix. We also are delivering via the web for some users via IIS servers in the DMZ. We then use an OC4J connecter to our backend OAS application servers. With going to the 9.1 tools release we need to re-evaluate the method we provide access to the JD Edwards systems since we need to use WebLogic now.

My IT infrastructure group wants us to move all users to the Citrix solution because it provides one place they need to provide security along with the inherent issues we would face with users running different browsers along with the plugin issues (Not to mention the different flavors of web applications we have). This makes a bunch of sense if we look at this from only a support/security issue. I know the users do not like using Citrix when they do imports/exports just because of the extra steps to get the files to and from the Citrix server. Then you throw into the mix the direction of Oracle with web functionality and mobile devices and Citrix becomes a limiting factor or at least an unknown. Using gestures becomes a concern and the need for the application to interact with the browser, expecting it to be local to the machine they are running.

My infrastructure guys are discussing options of delivering JD Edwards via web architecture but we need some guidance on best approaches. Some of the options they are playing with right now are; authenticated SSL Proxy, SSL Proxy and the least desirable being straight HTML pass thru which they will not agree to put in place.

I'm looking for some best practice suggestions for secure/reliable web delivery. We want to keep the hackers out! As we know, vulnerabilities are identified every day.!

 

[altquark]

This is a big topic.

First of all, Citrix is still a good method of securely delivering the E1 web experience to end-users. It provides a single place to manage and control the browser and at the same time provides fantastic security and pretty darn reliable performance.

The import/export - the "extra steps" help with security - our users only have MS Office delivered via citrix - so there aren't any "extra steps" - but I'm sure you're referring to getting it from your local MS Excel into E1.

As for the direction of Oracle Web Functionality and Mobile Devices - I checked with the latest version of the Citrix Receiver, and it absolutely works with gestures. Not sure of the "application needing to interact with the browser" - usually that application should ALSO be running through citrix too.

But - for those people who don't want citrix, then you are going to have to look at an SSL solution - OR a VPN solution that works from your Ipad directly into your corporate network. But then you'll then raise the issues with browser support - and in many of my customers with literally thousands of browsers on various platforms, that is a nightmare I certainly don't want to be involved with !

Citrix solves more than 90% of the problem for you. Its going to be unlikely theres another solution that comes close - and certainly nothing I know of that provides a 100% solution right now....

 

[daveschultz]

Sorry to bring back an old post, but I have some questions about this. We have just upgraded to Tools 9.1, and we are looking to deploy some iPads for Work Orders. This seems straight forward while people are connected to our corporate wireless network, but when they are in the field is where I have questions. Are most people using an SSL connection in the DMZ, or using some type of VPN? We use the citrix receiver but only currently for Xen Desktop. I would assume that if we connect through that to our desktop, then access JDE through the desktop's web browser, that the gestures wouldn't work. What are other people doing for mobile connections with the iPad?

Thanks
Dave
E 9.0, Tools 9.1.0.4, WLS

 

[cncjunior1]

We are using the SSL connection through DMZ option you mentioned. Simple to setup and maintain.