<Insert Picture Here>

Oracle Managed Cloud Services

SFTP Infrastructure
2nd December 2013

Oracle On Demand Transition

Objectives
Audience: Oracle On Demand customers
Intended On Demand presenter: Transition Manager, Technical
Advisor, Architect, or Service Delivery Manager
Objective: To give an overview of the Oracle On Demand SFTP
infrastructure

SFTP (Secure FTP) with Oracle On Demand

Oracle On Demand provides a customer with a dedicated SFTP (Secure FTP)
infrastructure at the Oracle data centre.
SFTP is the primary method of supporting batch interfaces into & out of Oracle On
Demand.
SFTP technology uses port 22 - SSH or SFTP.
SFTP connectivity to the Oracle Data Centre can be via:
VPN
Or, leased Line
This SFTP infrastructure is passive, and requires the customer to push and pull
files to their SFTP servers in the Oracle Data Centre. The customer can write
scripts to initiate push/pull from the customer site.

Note: Other interface methods are supported such as SOA/BPEL messaging.

Prerequisites for Using SFTP

Network connectivity your VPN or leased line
connectivity needs to be in place to connect to the
OMCS environment
SFTP servers provisioned
SFTP client installed
For Unix servers you can use the native sftp command line
For Windows you will need to use an SFTP client tool

SFTP (Secure FTP) Approach

SFTP (Secure FTP)

For a customer, the SFTP service runs on one production mid-tier and on one non-production
mid-tier (first provisioned non-prod environment).
A public / private certificate mechanism is employed which enables SFTP without the need for
passwords.
Dedicated SFTP storage is provided for each customer this forms part of the customers
storage allocation.
If required a clean-up script can be installed which runs weekly to delete files older than 30
days in the SFTP directory structure. Please contact your OTM/SDM if you need this to be setup.
Special FTP requirements should be discussed with On Demand (e.g. multiple accounts,
FTPS(FTP over SSL), and non encrypted FTP).
For any customer specific questions or issues regarding the architecture, please submit an SR
to the System Administration team.

SFTP Example Architecture

PROD

NON-PROD

MT &
SFTP

MT &
SFTP

MT

DB

DB

DB

TEST

DEV

SFTP server is installed on one PROD MT and one NON-PROD MT

Interface directories are cross mounted so that
they are visible across all MTs
7

SFTP (Secure FTP) to Customer MTs

Leased Line

VPN

Internet
Customer Premises,
or third party using
FileZilla, WinSCP,
psftp putty or
CoreFTP

VPN Secure FTP

Secure FTP

Network
Router

Customer Application Mid Tiers

Secure FTP

SFTP (Secure FTP) Service

SFTP Server for DEV &
TEST, DEV2, TEST2 etc
SFTP connection
request

Port 22
Server name examples :
auohsXXXXnn.oracleoutsourcing.com OR

Customer Premises

vmohsXXXX0nn.oracleoutsourcing.com

VPN Connection
Port22

FileZilla, psftp putty

or CoreFTP

XXXX = customer 4 character identifier

nn = is the current manager middle tier

Port 22

SFTP Server
for PROD

NOTE:
1) Customer Network must open port 22 to each specified middle tier, Oracle network has port 22
open by default
2) For DR, the DR PROD server will have the format rmohsXXXXnn.oracleoutsourcing.com OR
vmohsXXXX5nn.oracleoutsourcing.com if the appropriate DR service is purchased

SFTP Login Accounts

As standard, one account will be provided for production (i_<CUST ID>) and another
account for non-production (j_<CUST ID>) SFTP environments, where <CUST ID> =
4 digit customer identifier.
OMCS will provide 2 alias URLs that will point to the Production SFTP MT and to the
Non-Production SFTP MT.
In ADC/RMDC:

Data ftpprod<CUST
Prod SFTP Alias
Non-Prod
Alias
ID>.oracleoutsourcing.com will
point toSFTP
the production
MT.
Centre
ftpnonprod<CUST ID>.oracleoutsourcing.com will point to the non-production MT.
In LLG/TVP:
ftpprod<CUSTID>.oracleoutsourcing.com
ftpnonprod<CUSTID>.oracleoutsourcing.com
ADC
ftpprod<CUST ID>llg2.oracleoutsourcing.com will point to the Prod MT.
ftpprod<CUSTID>rmdc.oracleoutsourcing.com
ftpnonprod<CUSTID>rmdc.oracleoutsourcing.com
RMDC
ftpnonprod<CUST
ID>llg2.oracleoutsourcing.com
will point to the non-production MT.
LLG

ftpprod<CUSTID>llg2.oracleoutsourcing.com

ftpnonprod<CUSTID>llg2.oracleoutsourcing.com

On request separate accounts can be setup for each environment, if a business

ftpprod<CUSTID>sldc.oracleoutsourcing.com
ftpnonprod<CUSTID>sldc.oracleoutsourcing.com
SLDC
justification
is provided.

10

Client Setup
To connect to the On Demand SFTP server you will need to
install an SFTP client
Example Windows clients:
WinSCP
Filezilla (Use WinSCP over Filezilla if you need more functionality
and customizability such as setting the permissions of the files being
uploaded so that your application user can modify, move or delete
them manually in the incoming directory)

Unix - the native sftp command line will work

Authentication is via SSH key which you will need to generate
and send to the OMCS team to install.

11

Instructions to Generate SSH Key

Click on the "Save public key" button,
Download puTTYgen from
email this file that you've just saved
http://winscp.net/eng/download.php#k
to your SDM.
eytools
Now click on the "Save private key"
Open the puTTYgen application and
button, and select "Yes" when it asks
then click on the "Generate" button.
about a passphrase:
Follow the screen instruction to move
your cursor in the blank area.

12

Instructions to Generate SSH Key

Once your SDM has confirmed that
the Public Key has been uploaded on
the SFTP server(s), connect to the
SFTP server using the private key
that you generated.

13

SFTP Directories
SFTP Directory is a file system on NAS storage
Navigate to the instance name subdirectories that you want to
upload files
The incoming directory can be used to put files you want on the
OMCS server
The outgoing directory can be used to download files that have
been output by concurrent requests.

14

SFTP Directory Structure

FTP Customer Visible Directory Structure

Root is /interface/<sftp_account>/
Then subdirectories Varies by Instance SID
Then incoming & outgoing
/interface/ < j_<CUST ID>/<ORACLE_SID>
/(DEV SID)
/incoming

/outgoing

/incoming

/outgoing

/incoming

/outgoing

/(TEST SID)

/(DEV2 SID)

15

SFTP Directory Structure

/interface/< i_<CUST ID>/<ORACLE_SID>

/(PROD SID)
/incoming

/outgoing

16

Sftp exceptions
Business justification needed to use older ftp/ftps
protocols and/or multiple accounts.
If push is required to external sites from Oracle this
needs to be developed by customer
Integration with 3rd Party Sites
Option 1 2steps: pull files from Oracle then send to 3 rd party
through customers own network (preferred)
Option 2: Get exception to open firewall and sftp connectivity
to 3rd party site. (Private MT cannot route to public internet
without an approved security exception.)

17

SFTP In/Outbound Processing of Data Files

Interface CEMLI processes are able to pickup/drop data files
directly from/to FTP directory structure via the use of the logical
$INTERFACE_HOME.
Each instance has an environment variable $INTERFACE_HOME
which points to the root of the ftp directory for that instance - ie for
EBS dev it would be /interface/j_(4 char custid)/d(4 char custid)i.
$INTERFACE_HOME = /interface/<sftp_account>/<ORACLE_SID>

Example:

Test & Dev

*.dat /interface/j_(4 char custid)/<SID>/incoming
*.csv /interface/j_(4 char custid)/<SID>/incoming

Prod

*.dat /interface/i_(4 char custid)/<SID>/incoming

*.csv /interface/i_(4 char custid)/<SID>/incoming

18

SFTP Inbound Process For Data Files

Interface CEMLI processes are able to pickup inbound data files
directly from SFTP directory structure via the use of the logical
$INTERFACE_HOME.
Each instance has an environment variable $INTERFACE_HOME
which points to the root of the ftp directory for that instance.

Scripts/code should use the following logic to read these files:

$INTERFACE_HOME/incoming.

19

SFTP Outbound Options

1.

Direct the output straight to the FTP file system using the logical
$INTERFACE_HOME/SID/outgoing. To use this process you need to
add this directory to UTL_FILE_DIR variable.

2.

Develop a process that runs after the program executes that produces the
file to copy it over to the FTP file system (again, using the logical
$INTERFACE_HOME/SID/outgoing).

3.

Create a dummy printer driver and assign it to the concurrent request, and
set copies to print = 1. The dummy printer driver command line defined in
the application instead of being a print command becomes a copy
command to copy the output file to the SFTP server.

20

SFTP Inbound Process Options for CEMLIs

For CEMLI development there are two mechanisms that can be
used to transfer CEMLIs into On Demand environments:

1.

During implementation use SFTP direct to a middle tier (via the VPN)
server. Using your PowerBroker server account (c_xxxxx) you can
then move these files to the appropriate location in the system.

2.

Raise an On Demand RFC to load the CEMLI, providing the code,

MD120 and install script to On Demand.

21

Instructions to setup SFTP client PuTTy/WinSCP

1. Save the private key that you have generated to the desktop that
will be running PuTTy
2. From WinSCP (or other ftp client) create a new session.
3. Under host, type in
ftpnonprod<custID><datacentre>.oracleoutsourcing.com or
ftpprod<custID><datacentre>.oracleoutsourcing.com
4. Username will be j_<CustID> for nonprod (i_<custID> for prod)
5. Leave password field blank
6. Browse to private key file and open it
7. Logon

Micros oft Office

Word 97 - 2003 Document

22

Instructions to setup SFTP client - Filezilla

The FTP client FileZilla can be downloaded from
http://sourceforge.net/project/showfiles.php?group_id=21558&package_id=15149

1.
2.
3.
4.
5.
6.
7.
8.

Save the private key you generated to the desktop that will be running Filezilla
Go to Edit on main menu bar of Filezilla. Then select Settings
From Settings go to Connection then SFTP
Use Add keyfile... to upload the private key into filezilla
Fill in the fields for QuickConnect? :
Under host, type in ftpnonprod<cust><datacentre>.oracleoutsourcing.com or
ftpprod<cust><datacentre>.oracleoutsourcing.com
Username will be i_<cust> for prod and j_<cust> for nonprod
Leave password field blank, type in 22 for Port

Microsoft Office
Word 97 - 2003 Document

23

Additional Material
Customer user guide:
http://globaldc.oracle.com/perl/twiki/view/Operations/CustomerSftpTwiki
CEMLI interface guide:
https://support.us.oracle.com/oip/faces/secure/km/DocumentDisplay.jspx?id=784666.1
If you are implementing SFTP on a DMZ please go here for the latest process details (note on 04-Dec-2013 this is still WIP, so check back regularly for updates)
http://globaldc.oracle.com/perl/twiki/view/Operations/SftpDMZSummary

24

Q&
A

25

<Insert Picture Here>

Oracle On Demand
SFTP Infrastructure
2nd December 2013

Oracle On Demand Transition