On one of the Oracle JD Edwards EnterpriseOne installations that I manage, we have a few Windows 2003 Servers. Yeah, I know, it’s no longer supported but the Tools Release is 18.104.22.168 and there are a couple third-party applications that are not able to be upgraded. It’s crazy how messy, real-life situations cannot be duplicated in the squeaky-clean confines of the Oracle lab.
Since Windows 2003 Server is no longer supported by Microsoft, our IT Security Team has tried locking down these servers using several different methods. One of them has been to try and implement a software firewall on the server itself. Unfortunately, any third-party solution that we tried had such a negative impact on the performance of EnterpriseOne that we had to remove it. So, they asked that we turn on the Windows Firewall. While not as robust as they would have liked, it would provide another layer of security.
The good thing about the Windows Firewall, other than how simple it is, is that it shuts down all communication and only allows what you specify. That means, for EnterpriseOne to function, you need to make sure that all the applications and ports are allowed through the firewall. There were a few different documents that I used to come up with the correct recipe for successfully securing Oracle JD Edwards EnterpriseOne with Windows Firewall:
- JD Edwards EnterpriseOne Tools Server Manager Guide – Best Practices
- JD Edwards EnterpriseOne Oracle VM Templates Express Installation Guide – Default Port Listing Used Within the VMs for JD Edwards EnterpriseOne
- Firewall problems, enablepredefinedports to the rescue!
The following is a breakdown of what I came up with but since everyone’s configuration is different (CNC = Configurable Network Computing) your mileage may vary.
- Made the following change to the jde.ini of the affected Windows Server:
- Specified the following applications
- E:\JDE_HOME\jdk\jre\bin\java.exe – Used by the JDE Server Manager
- E:\JDEdwards\E900\DDP\system\bin32\jdenet_k.exe – Part of JDE Services
- E:\JDEdwards\E900\DDP\system\bin32\jdenet_n.exe – Part of JDE Services
- E:\JDE_HOME\bin\scfagent_64.exe – Used by the JDE Server Manager
- E:\JDEdwards\E900\DDP\system\bin32\jdesnet.exe – Part of JDE Services
- Specified the following ports
- Oracle_Database_Port – Oracle DB communication port 1521
- Server_Manager_Port – Oracle JDE Server Manager port 14501
- Server_Manager_Port – Oracle JDE Server Manager port 14502
- Server_Manager_Port – Oracle JDE Server Manager port 14503
- Specified the following ports that correspond to the enablePredfinedPorts setting above:
- Oracle_E1_Port_6015 – 6015
- Oracle_E1_Port_6016 – 6016
- Oracle_E1_Port_6017 – 6017
- Oracle_E1_Port_6018 – 6018
- Allowed PING for monitoring server availability by using the [Advanced] tab
There were a few more settings that I added to allow for our third-party applications but those are not related to EnterpriseOne.