Loading ...
Sorry, an error occurred while loading the content.

RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

Expand Messages
  • the dragon
    First questions: 1) how many PIAs do you have? 2) what persistence are you using? 3) how many report repositories are you using, and where are they located?
    Message 1 of 10 , May 14, 2010
    • 0 Attachment
      First questions:

      1) how many PIAs do you have?
      2) what persistence are you using?
      3) how many report repositories are you using, and where are they located?

      Then suggestions if they aren't implemented:
      1) use ftp rather than HTTP; ftp relies on OS level processes and the PIA needs a functioning PIA to work - if the PIA is down, no report distribution and if you're using ftp you don't have to bounce the PIAs when distribution gets honked up.
      2) It doesn't matter what ports you use, as long as SSL and non-SSL are on different unused ports; I prefer >10000 for PIA ports
      3) use a single NFS mounted directory for the report repository, so you don't have to tr7y and keep multiple psreport directories in sync.

      peace.
      clark 'the dragon' willis






      To: psftdba@yahoogroups.com
      From: J.Wynne@...
      Date: Fri, 14 May 2010 12:01:48 +0100
      Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

       

      Hi

      Sorry, I didn’t make this clear.   The F5 box is terminating the SSL – it hands its traffic off to the web server box as http.   Hence we have a virtual directory (reverse proxy) set up that maps to a http address on the web server.  The web server only knows about http.  We don’t need to post reports with https.  However, I’m thinking that I must have misconfigured the Report node as it keeps asking me to log in again when I try to view the report output.  

       

      Thanks

      Julie

       

      From: psftdba@yahoogroups .com [mailto:psftdba@ yahoogroups. com] On Behalf Of David Kurtz
      Sent: 14 May 2010 11:29
      To: psftdba@yahoogroups .com
      Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

       

       

      You have to put a certificate into the distribution server. 

       

      I had to do this one on one of my customers.  You have to put certificates on everything, web servers, distribution servers (if you want to post with HTTPS) and the ren server (that never quite worked properly afterwards), and we went through all sorts of problem with the format of the certificate - certificate hell - I have managed to suppress most of my memories of that unhappy time.

       

      One of my customers went live without SSL and now wants to introduce it.  I have persuaded them that SSL termination should occur on the load balancer, so I don't have to put it into PeopleSoft.  All their PeopleSoft infrastructure in on segregated VLANs.  This approach has a number of advantages.

      * SSL encryption costs CPU, putting it onto the load balancer moves that load

      * Terminating SSL on the load balancer gives you a single point of certificate administration.  It means the security people can refresh the certificate without having to go through all the places in PeopleSoft that will involvement of PeopleSoft administrators.

      regards
      ____________ _________ ____
      David Kurtz
      Go-Faster Consultancy Ltd.
      tel: +44 (0)7771 760660
      fax: +44 (0)7092 348865
      mailto:david. kurtz@go- faster.co. uk
      web: www.go-faster. co.uk
      Book: PeopleSoft for the Oracle DBA: http://www.psftdba. com
      DBA Blogs: PeopleSoft: http://blog. psftdba.com, Oracle: http://blog. go-faster. co.uk
      PeopleSoft DBA Forum: http://groups. yahoo.com/ group/psftdba

       

       


      From: psftdba@yahoogroups .com [mailto:psftdba@ yahoogroups. com] On Behalf Of Wynne, Julie
      Sent: Friday, May 14, 2010 10:57 AM
      To: psftdba@yahoogroups .com
      Subject: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

      Hi

      We have configured SSL on our pt8.49/CS9.0 environments.  All works fine, except when retrieving reports

       

      We access the environment using

       

      https://ourvirtuals erver.domain: 1743/psp/ CSCRP3/?cmd= login

       

      In my report node definition, I currently have

       

      URL: http://ourserver. domain:webport/ psreports/ CSCRP3

      URI Host :   http:  ourserver.domain

                         Port:  8600 

       

      The 8600 is the port I used during the PIA setup.

       

      Reports post OK, but when I try to View log/trace, I am prompted to log in to the domain again

       

      If I change the URL to the https URL we use to access the application, I get an error when posting – it can’t find a certificate.

       

      Can anyone advise what is the normal practice when using SSL ?

       

       

      Thanks

      Julie




      The New Busy is not the old busy. Search, chat and e-mail from your inbox. Get started.
    • David Kurtz
      The distribution server has to post to the public facing URL becase the same URL will be used by the users to retrieve from their reports from the repository.
      Message 2 of 10 , May 14, 2010
      • 0 Attachment
        The distribution server has to post to the public facing URL becase the same URL will be used by the users to retrieve from their reports from the repository.
        Sometimes load balancers can have problems handling packets from the servers on the same VLAN as the web servers across which they balance. 
        This can cause problems with the return route for these IP packets.
         

        regards
        _________________________
        David Kurtz
        Go-Faster Consultancy Ltd.
        tel: +44 (0)7771 760660
        fax: +44 (0)7092 348865
        mailto:david.kurtz@...
        web: www.go-faster.co.uk
        Book: PeopleSoft for the Oracle DBA: http://www.psftdba.com
        DBA Blogs: PeopleSoft: http://blog.psftdba.com, Oracle: http://blog.go-faster.co.uk
        PeopleSoft DBA Forum: http://groups.yahoo.com/group/psftdba

         


        From: psftdba@yahoogroups.com [mailto:psftdba@yahoogroups.com] On Behalf Of Wynne, Julie
        Sent: Friday, May 14, 2010 12:02 PM
        To: psftdba@yahoogroups.com
        Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

        Hi

        Sorry, I didn’t make this clear.   The F5 box is terminating the SSL – it hands its traffic off to the web server box as http.   Hence we have a virtual directory (reverse proxy) set up that maps to a http address on the web server.  The web server only knows about http.  We don’t need to post reports with https.  However, I’m thinking that I must have misconfigured the Report node as it keeps asking me to log in again when I try to view the report output.  

         

        Thanks

        Julie

         

        From: psftdba@yahoogroups.com [mailto:psftdba@yahoogroups.com] On Behalf Of David Kurtz
        Sent: 14 May 2010 11:29
        To: psftdba@yahoogroups.com
        Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

         

         

        You have to put a certificate into the distribution server. 

         

        I had to do this one on one of my customers.  You have to put certificates on everything, web servers, distribution servers (if you want to post with HTTPS) and the ren server (that never quite worked properly afterwards), and we went through all sorts of problem with the format of the certificate - certificate hell - I have managed to suppress most of my memories of that unhappy time.

         

        One of my customers went live without SSL and now wants to introduce it.  I have persuaded them that SSL termination should occur on the load balancer, so I don't have to put it into PeopleSoft.  All their PeopleSoft infrastructure in on segregated VLANs.  This approach has a number of advantages.

        * SSL encryption costs CPU, putting it onto the load balancer moves that load

        * Terminating SSL on the load balancer gives you a single point of certificate administration.  It means the security people can refresh the certificate without having to go through all the places in PeopleSoft that will involvement of PeopleSoft administrators.

        regards
        _________________________
        David Kurtz
        Go-Faster Consultancy Ltd.
        tel: +44 (0)7771 760660
        fax: +44 (0)7092 348865
        mailto:david.kurtz@...
        web: www.go-faster.co.uk
        Book: PeopleSoft for the Oracle DBA: http://www.psftdba.com
        DBA Blogs: PeopleSoft: http://blog.psftdba.com, Oracle: http://blog.go-faster.co.uk
        PeopleSoft DBA Forum: http://groups.yahoo.com/group/psftdba

         

         


        From: psftdba@yahoogroups.com [mailto:psftdba@yahoogroups.com] On Behalf Of Wynne, Julie
        Sent: Friday, May 14, 2010 10:57 AM
        To: psftdba@yahoogroups.com
        Subject: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

        Hi

        We have configured SSL on our pt8.49/CS9.0 environments.  All works fine, except when retrieving reports

         

        We access the environment using

         

        https://ourvirtualserver.domain:1743/psp/CSCRP3/?cmd=login

         

        In my report node definition, I currently have

         

        URL: http://ourserver.domain:webport/psreports/CSCRP3

        URI Host :   http:  ourserver.domain

                           Port:  8600 

         

        The 8600 is the port I used during the PIA setup.

         

        Reports post OK, but when I try to View log/trace, I am prompted to log in to the domain again

         

        If I change the URL to the https URL we use to access the application, I get an error when posting – it can’t find a certificate.

         

        Can anyone advise what is the normal practice when using SSL ?

         

         

        Thanks

        Julie

      • Wynne, Julie
        I m sorry - I don t really understand how the load balancer works. I just tell our network team to configure the reverse proxy and then follow the
        Message 3 of 10 , May 14, 2010
        • 0 Attachment

          I’m sorry – I don’t really understand how the load balancer works.  I just tell our network team to configure the reverse proxy and then follow the instructions in Peoplebooks to configure my web profile.   If I put the public facing URL (ie the https: address) in the URL box, it complains about certificates.  If I put the http: address in, it posts OK, but requires a login.  Perhaps I will try the ftp solution instead as suggested by Clark (the dragon).  

           

          Clark – do I need to do anything on the web server (ie at OS level) to make the FTP work ?

           

          Or just configure it on the Report Node settings?

           

          Thanks guys !

          Julie

           

          From: psftdba@yahoogroups.com [mailto:psftdba@yahoogroups.com] On Behalf Of David Kurtz
          Sent: 14 May 2010 12:20
          To: psftdba@yahoogroups.com
          Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

           

           

          The distribution server has to post to the public facing URL becase the same URL will be used by the users to retrieve from their reports from the repository.

          Sometimes load balancers can have problems handling packets from the servers on the same VLAN as the web servers across which they balance. 

          This can cause problems with the return route for these IP packets.

           

          regards
          _________________________
          David Kurtz
          Go-Faster Consultancy Ltd.
          tel: +44 (0)7771 760660
          fax: +44 (0)7092 348865
          mailto:david.kurtz@...
          web: www.go-faster.co.uk
          Book: PeopleSoft for the Oracle DBA: http://www.psftdba.com
          DBA Blogs: PeopleSoft: http://blog.psftdba.com, Oracle: http://blog.go-faster.co.uk
          PeopleSoft DBA Forum: http://groups.yahoo.com/group/psftdba

           

           


          From: psftdba@yahoogroups.com [mailto:psftdba@yahoogroups.com] On Behalf Of Wynne, Julie
          Sent: Friday, May 14, 2010 12:02 PM
          To: psftdba@yahoogroups.com
          Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

          Hi

          Sorry, I didn’t make this clear.   The F5 box is terminating the SSL – it hands its traffic off to the web server box as http.   Hence we have a virtual directory (reverse proxy) set up that maps to a http address on the web server.  The web server only knows about http.  We don’t need to post reports with https.  However, I’m thinking that I must have misconfigured the Report node as it keeps asking me to log in again when I try to view the report output.  

           

          Thanks

          Julie

           

          From: psftdba@yahoogroups.com [mailto:psftdba@yahoogroups.com] On Behalf Of David Kurtz
          Sent: 14 May 2010 11:29
          To: psftdba@yahoogroups.com
          Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

           

           

          You have to put a certificate into the distribution server. 

           

          I had to do this one on one of my customers.  You have to put certificates on everything, web servers, distribution servers (if you want to post with HTTPS) and the ren server (that never quite worked properly afterwards), and we went through all sorts of problem with the format of the certificate - certificate hell - I have managed to suppress most of my memories of that unhappy time.

           

          One of my customers went live without SSL and now wants to introduce it.  I have persuaded them that SSL termination should occur on the load balancer, so I don't have to put it into PeopleSoft.  All their PeopleSoft infrastructure in on segregated VLANs.  This approach has a number of advantages.

          * SSL encryption costs CPU, putting it onto the load balancer moves that load

          * Terminating SSL on the load balancer gives you a single point of certificate administration.  It means the security people can refresh the certificate without having to go through all the places in PeopleSoft that will involvement of PeopleSoft administrators.

          regards
          _________________________
          David Kurtz
          Go-Faster Consultancy Ltd.
          tel: +44 (0)7771 760660
          fax: +44 (0)7092 348865
          mailto:david.kurtz@...
          web: www.go-faster.co.uk
          Book: PeopleSoft for the Oracle DBA: http://www.psftdba.com
          DBA Blogs: PeopleSoft: http://blog.psftdba.com, Oracle: http://blog.go-faster.co.uk
          PeopleSoft DBA Forum: http://groups.yahoo.com/group/psftdba

           

           


          From: psftdba@yahoogroups.com [mailto:psftdba@yahoogroups.com] On Behalf Of Wynne, Julie
          Sent: Friday, May 14, 2010 10:57 AM
          To: psftdba@yahoogroups.com
          Subject: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

          Hi

          We have configured SSL on our pt8.49/CS9.0 environments.  All works fine, except when retrieving reports

           

          We access the environment using

           

          https://ourvirtualserver.domain:1743/psp/CSCRP3/?cmd=login

           

          In my report node definition, I currently have

           

          URL: http://ourserver.domain:webport/psreports/CSCRP3

          URI Host :   http:  ourserver.domain

                             Port:  8600 

           

          The 8600 is the port I used during the PIA setup.

           

          Reports post OK, but when I try to View log/trace, I am prompted to log in to the domain again

           

          If I change the URL to the https URL we use to access the application, I get an error when posting – it can’t find a certificate.

           

          Can anyone advise what is the normal practice when using SSL ?

           

           

          Thanks

          Julie

        • the dragon
          From what I recall, as long as you have the service account user name and password, which you would have as the owner of PS_HOME/domain and the IP, and the
          Message 4 of 10 , May 14, 2010
          • 0 Attachment
            From what I recall, as long as you have the service account user name and password, which you would have as the owner of PS_HOME/domain and the IP, and the port is open, that's all you need.

            Working off memory from the last time I set it up in 2007, and I don't have a system in front of me right now.

            peace,
            clark 'the dragon' willis






            To: psftdba@yahoogroups.com
            From: J.Wynne@...
            Date: Fri, 14 May 2010 12:25:44 +0100
            Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

             

            I’m sorry – I don’t really understand how the load balancer works.  I just tell our network team to configure the reverse proxy and then follow the instructions in Peoplebooks to configure my web profile.   If I put the public facing URL (ie the https: address) in the URL box, it complains about certificates.  If I put the http: address in, it posts OK, but requires a login.  Perhaps I will try the ftp solution instead as suggested by Clark (the dragon).  

             

            Clark – do I need to do anything on the web server (ie at OS level) to make the FTP work ?

             

            Or just configure it on the Report Node settings?

             

            Thanks guys !

            Julie

             

            From: psftdba@yahoogroups .com [mailto:psftdba@ yahoogroups. com] On Behalf Of David Kurtz
            Sent: 14 May 2010 12:20
            To: psftdba@yahoogroups .com
            Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

             

             

            The distribution server has to post to the public facing URL becase the same URL will be used by the users to retrieve from their reports from the repository.

            Sometimes load balancers can have problems handling packets from the servers on the same VLAN as the web servers across which they balance. 

            This can cause problems with the return route for these IP packets.

             

            regards
            ____________ _________ ____
            David Kurtz
            Go-Faster Consultancy Ltd.
            tel: +44 (0)7771 760660
            fax: +44 (0)7092 348865
            mailto:david. kurtz@go- faster.co. uk
            web: www.go-faster. co.uk
            Book: PeopleSoft for the Oracle DBA: http://www.psftdba. com
            DBA Blogs: PeopleSoft: http://blog. psftdba.com, Oracle: http://blog. go-faster. co.uk
            PeopleSoft DBA Forum: http://groups. yahoo.com/ group/psftdba

             

             


            From: psftdba@yahoogroups .com [mailto:psftdba@ yahoogroups. com] On Behalf Of Wynne, Julie
            Sent: Friday, May 14, 2010 12:02 PM
            To: psftdba@yahoogroups .com
            Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

            Hi

            Sorry, I didn’t make this clear.   The F5 box is terminating the SSL – it hands its traffic off to the web server box as http.   Hence we have a virtual directory (reverse proxy) set up that maps to a http address on the web server.  The web server only knows about http.  We don’t need to post reports with https.  However, I’m thinking that I must have misconfigured the Report node as it keeps asking me to log in again when I try to view the report output.  

             

            Thanks

            Julie

             

            From: psftdba@yahoogroups .com [mailto:psftdba@ yahoogroups. com] On Behalf Of David Kurtz
            Sent: 14 May 2010 11:29
            To: psftdba@yahoogroups .com
            Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

             

             

            You have to put a certificate into the distribution server. 

             

            I had to do this one on one of my customers.  You have to put certificates on everything, web servers, distribution servers (if you want to post with HTTPS) and the ren server (that never quite worked properly afterwards), and we went through all sorts of problem with the format of the certificate - certificate hell - I have managed to suppress most of my memories of that unhappy time.

             

            One of my customers went live without SSL and now wants to introduce it.  I have persuaded them that SSL termination should occur on the load balancer, so I don't have to put it into PeopleSoft.  All their PeopleSoft infrastructure in on segregated VLANs.  This approach has a number of advantages.

            * SSL encryption costs CPU, putting it onto the load balancer moves that load

            * Terminating SSL on the load balancer gives you a single point of certificate administration.  It means the security people can refresh the certificate without having to go through all the places in PeopleSoft that will involvement of PeopleSoft administrators.

            regards
            ____________ _________ ____
            David Kurtz
            Go-Faster Consultancy Ltd.
            tel: +44 (0)7771 760660
            fax: +44 (0)7092 348865
            mailto:david. kurtz@go- faster.co. uk
            web: www.go-faster. co.uk
            Book: PeopleSoft for the Oracle DBA: http://www.psftdba. com
            DBA Blogs: PeopleSoft: http://blog. psftdba.com, Oracle: http://blog. go-faster. co.uk
            PeopleSoft DBA Forum: http://groups. yahoo.com/ group/psftdba

             

             


            From: psftdba@yahoogroups .com [mailto:psftdba@ yahoogroups. com] On Behalf Of Wynne, Julie
            Sent: Friday, May 14, 2010 10:57 AM
            To: psftdba@yahoogroups .com
            Subject: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

            Hi

            We have configured SSL on our pt8.49/CS9.0 environments.  All works fine, except when retrieving reports

             

            We access the environment using

             

            https://ourvirtuals erver.domain: 1743/psp/ CSCRP3/?cmd= login

             

            In my report node definition, I currently have

             

            URL: http://ourserver. domain:webport/ psreports/ CSCRP3

            URI Host :   http:  ourserver.domain

                               Port:  8600 

             

            The 8600 is the port I used during the PIA setup.

             

            Reports post OK, but when I try to View log/trace, I am prompted to log in to the domain again

             

            If I change the URL to the https URL we use to access the application, I get an error when posting – it can’t find a certificate.

             

            Can anyone advise what is the normal practice when using SSL ?

             

             

            Thanks

            Julie




            The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. Get busy.
          • Wynne, Julie
            Ok, now I have a different problem I set up an FTP report node and assigned it to my PSUNX scheduler. Restarted the scheduler. When I run a request, the log
            Message 5 of 10 , May 14, 2010
            • 0 Attachment

              Ok, now I have a different problem

              I set up an FTP report node and assigned it to my PSUNX scheduler.  Restarted the scheduler. 

              When I run a request, the log files indicate that the FTP worked, and indeed, the file has arrived in the psreports folder, but process monitor is showing ‘not posted’.

              I therefore cannot access the file from within the PIA interface.   What can I do ?

               

              Thanks

              Julie

               

               

               

              From: psftdba@yahoogroups.com [mailto:psftdba@yahoogroups.com] On Behalf Of the dragon
              Sent: 14 May 2010 13:06
              To: psftdba@yahoogroups.com
              Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

               

               

              From what I recall, as long as you have the service account user name and password, which you would have as the owner of PS_HOME/domain and the IP, and the port is open, that's all you need.

              Working off memory from the last time I set it up in 2007, and I don't have a system in front of me right now.

              peace,
              clark 'the dragon' willis





              To: psftdba@yahoogroups.com
              From: J.Wynne@...
              Date: Fri, 14 May 2010 12:25:44 +0100
              Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

               

               

              I’m sorry – I don’t really understand how the load balancer works.  I just tell our network team to configure the reverse proxy and then follow the instructions in Peoplebooks to configure my web profile.   If I put the public facing URL (ie the https: address) in the URL box, it complains about certificates.  If I put the http: address in, it posts OK, but requires a login.  Perhaps I will try the ftp solution instead as suggested by Clark (the dragon).  

               

              Clark – do I need to do anything on the web server (ie at OS level) to make the FTP work ?

               

              Or just configure it on the Report Node settings?

               

              Thanks guys !

              Julie

               

              From: psftdba@yahoogroups.com [mailto:psftdba@yahoogroups.com] On Behalf Of David Kurtz
              Sent: 14 May 2010 12:20
              To: psftdba@yahoogroups.com
              Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

               

               

              The distribution server has to post to the public facing URL becase the same URL will be used by the users to retrieve from their reports from the repository.

              Sometimes load balancers can have problems handling packets from the servers on the same VLAN as the web servers across which they balance. 

              This can cause problems with the return route for these IP packets.

               

              regards
              _________________________
              David Kurtz
              Go-Faster Consultancy Ltd.
              tel: +44 (0)7771 760660
              fax: +44 (0)7092 348865
              mailto:david.kurtz@...
              web: www.go-faster.co.uk
              Book: PeopleSoft for the Oracle DBA: http://www.psftdba.com
              DBA Blogs: PeopleSoft: http://blog.psftdba.com, Oracle: http://blog.go-faster.co.uk
              PeopleSoft DBA Forum: http://groups.yahoo.com/group/psftdba

               

               


              From: psftdba@yahoogroups.com [mailto:psftdba@yahoogroups.com] On Behalf Of Wynne, Julie
              Sent: Friday, May 14, 2010 12:02 PM
              To: psftdba@yahoogroups.com
              Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

              Hi

              Sorry, I didn’t make this clear.   The F5 box is terminating the SSL – it hands its traffic off to the web server box as http.   Hence we have a virtual directory (reverse proxy) set up that maps to a http address on the web server.  The web server only knows about http.  We don’t need to post reports with https.  However, I’m thinking that I must have misconfigured the Report node as it keeps asking me to log in again when I try to view the report output.  

               

              Thanks

              Julie

               

              From: psftdba@yahoogroups.com [mailto:psftdba@yahoogroups.com] On Behalf Of David Kurtz
              Sent: 14 May 2010 11:29
              To: psftdba@yahoogroups.com
              Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

               

               

              You have to put a certificate into the distribution server. 

               

              I had to do this one on one of my customers.  You have to put certificates on everything, web servers, distribution servers (if you want to post with HTTPS) and the ren server (that never quite worked properly afterwards), and we went through all sorts of problem with the format of the certificate - certificate hell - I have managed to suppress most of my memories of that unhappy time.

               

              One of my customers went live without SSL and now wants to introduce it.  I have persuaded them that SSL termination should occur on the load balancer, so I don't have to put it into PeopleSoft.  All their PeopleSoft infrastructure in on segregated VLANs.  This approach has a number of advantages.

              * SSL encryption costs CPU, putting it onto the load balancer moves that load

              * Terminating SSL on the load balancer gives you a single point of certificate administration.  It means the security people can refresh the certificate without having to go through all the places in PeopleSoft that will involvement of PeopleSoft administrators.

              regards
              _________________________
              David Kurtz
              Go-Faster Consultancy Ltd.
              tel: +44 (0)7771 760660
              fax: +44 (0)7092 348865
              mailto:david.kurtz@...
              web: www.go-faster.co.uk
              Book: PeopleSoft for the Oracle DBA: http://www.psftdba.com
              DBA Blogs: PeopleSoft: http://blog.psftdba.com, Oracle: http://blog.go-faster.co.uk
              PeopleSoft DBA Forum: http://groups.yahoo.com/group/psftdba

               

               


              From: psftdba@yahoogroups.com [mailto:psftdba@yahoogroups.com] On Behalf Of Wynne, Julie
              Sent: Friday, May 14, 2010 10:57 AM
              To: psftdba@yahoogroups.com
              Subject: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

              Hi

              We have configured SSL on our pt8.49/CS9.0 environments.  All works fine, except when retrieving reports

               

              We access the environment using

               

              https://ourvirtualserver.domain:1743/psp/CSCRP3/?cmd=login

               

              In my report node definition, I currently have

               

              URL: http://ourserver.domain:webport/psreports/CSCRP3

              URI Host :   http:  ourserver.domain

                                 Port:  8600 

               

              The 8600 is the port I used during the PIA setup.

               

              Reports post OK, but when I try to View log/trace, I am prompted to log in to the domain again

               

              If I change the URL to the https URL we use to access the application, I get an error when posting – it can’t find a certificate.

               

              Can anyone advise what is the normal practice when using SSL ?

               

               

              Thanks

              Julie

               

               


              The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. Get busy.

            • the dragon
              When you make report repository changes, you need to bounce both the PS services as well as the PIA. Also, check your distribution log in
              Message 6 of 10 , May 14, 2010
              • 0 Attachment
                When you make report repository changes, you need to bounce both the PS services as well as the PIA.  Also, check your distribution log in PS_HOME/prcs/[domain]/LOGS
                 
                peace,
                clark 'the dragon' willis
                 

                To: psftdba@yahoogroups.com
                From: J.Wynne@...
                Date: Fri, 14 May 2010 15:33:22 +0100
                Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

                 

                Ok, now I have a different problem

                I set up an FTP report node and assigned it to my PSUNX scheduler.  Restarted the scheduler. 

                When I run a request, the log files indicate that the FTP worked, and indeed, the file has arrived in the psreports folder, but process monitor is showing ‘not posted’.

                I therefore cannot access the file from within the PIA interface.   What can I do ?

                 

                Thanks

                Julie

                 

                 

                 

                From: psftdba@yahoogroups .com [mailto:psftdba@ yahoogroups. com] On Behalf Of the dragon
                Sent: 14 May 2010 13:06
                To: psftdba@yahoogroups .com
                Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

                 

                 

                From what I recall, as long as you have the service account user name and password, which you would have as the owner of PS_HOME/domain and the IP, and the port is open, that's all you need.

                Working off memory from the last time I set it up in 2007, and I don't have a system in front of me right now.

                peace,
                clark 'the dragon' willis






                To: psftdba@yahoogroups .com
                From: J.Wynne@ljmu. ac.uk
                Date: Fri, 14 May 2010 12:25:44 +0100
                Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

                 

                 

                I’m sorry – I don’t really understand how the load balancer works.  I just tell our network team to configure the reverse proxy and then follow the instructions in Peoplebooks to configure my web profile.   If I put the public facing URL (ie the https: address) in the URL box, it complains about certificates.  If I put the http: address in, it posts OK, but requires a login.  Perhaps I will try the ftp solution instead as suggested by Clark (the dragon).  

                 

                Clark – do I need to do anything on the web server (ie at OS level) to make the FTP work ?

                 

                Or just configure it on the Report Node settings?

                 

                Thanks guys !

                Julie

                 

                From: psftdba@yahoogroups .com [mailto:psftdba@ yahoogroups. com] On Behalf Of David Kurtz
                Sent: 14 May 2010 12:20
                To: psftdba@yahoogroups .com
                Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

                 

                 

                The distribution server has to post to the public facing URL becase the same URL will be used by the users to retrieve from their reports from the repository.

                Sometimes load balancers can have problems handling packets from the servers on the same VLAN as the web servers across which they balance. 

                This can cause problems with the return route for these IP packets.

                 

                regards
                ____________ _________ ____
                David Kurtz
                Go-Faster Consultancy Ltd.
                tel: +44 (0)7771 760660
                fax: +44 (0)7092 348865
                mailto:david. kurtz@go- faster.co. uk
                web: www.go-faster. co.uk
                Book: PeopleSoft for the Oracle DBA: http://www.psftdba. com
                DBA Blogs: PeopleSoft: http://blog. psftdba.com, Oracle: http://blog. go-faster. co.uk
                PeopleSoft DBA Forum: http://groups. yahoo.com/ group/psftdba

                 

                 


                From: psftdba@yahoogroups .com [mailto:psftdba@ yahoogroups. com] On Behalf Of Wynne, Julie
                Sent: Friday, May 14, 2010 12:02 PM
                To: psftdba@yahoogroups .com
                Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

                Hi

                Sorry, I didn’t make this clear.   The F5 box is terminating the SSL – it hands its traffic off to the web server box as http.   Hence we have a virtual directory (reverse proxy) set up that maps to a http address on the web server.  The web server only knows about http.  We don’t need to post reports with https.  However, I’m thinking that I must have misconfigured the Report node as it keeps asking me to log in again when I try to view the report output.  

                 

                Thanks

                Julie

                 

                From: psftdba@yahoogroups .com [mailto:psftdba@ yahoogroups. com] On Behalf Of David Kurtz
                Sent: 14 May 2010 11:29
                To: psftdba@yahoogroups .com
                Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

                 

                 

                You have to put a certificate into the distribution server. 

                 

                I had to do this one on one of my customers.  You have to put certificates on everything, web servers, distribution servers (if you want to post with HTTPS) and the ren server (that never quite worked properly afterwards), and we went through all sorts of problem with the format of the certificate - certificate hell - I have managed to suppress most of my memories of that unhappy time.

                 

                One of my customers went live without SSL and now wants to introduce it.  I have persuaded them that SSL termination should occur on the load balancer, so I don't have to put it into PeopleSoft.  All their PeopleSoft infrastructure in on segregated VLANs.  This approach has a number of advantages.

                * SSL encryption costs CPU, putting it onto the load balancer moves that load

                * Terminating SSL on the load balancer gives you a single point of certificate administration.  It means the security people can refresh the certificate without having to go through all the places in PeopleSoft that will involvement of PeopleSoft administrators.

                regards
                ____________ _________ ____
                David Kurtz
                Go-Faster Consultancy Ltd.
                tel: +44 (0)7771 760660
                fax: +44 (0)7092 348865
                mailto:david. kurtz@go- faster.co. uk
                web: www.go-faster. co.uk
                Book: PeopleSoft for the Oracle DBA: http://www.psftdba. com
                DBA Blogs: PeopleSoft: http://blog. psftdba.com, Oracle: http://blog. go-faster. co.uk
                PeopleSoft DBA Forum: http://groups. yahoo.com/ group/psftdba

                 

                 


                From: psftdba@yahoogroups .com [mailto:psftdba@ yahoogroups. com] On Behalf Of Wynne, Julie
                Sent: Friday, May 14, 2010 10:57 AM
                To: psftdba@yahoogroups .com
                Subject: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

                Hi

                We have configured SSL on our pt8.49/CS9.0 environments.  All works fine, except when retrieving reports

                 

                We access the environment using

                 

                https://ourvirtuals erver.domain: 1743/psp/ CSCRP3/?cmd= login

                 

                In my report node definition, I currently have

                 

                URL: http://ourserver. domain:webport/ psreports/ CSCRP3

                URI Host :   http:  ourserver.domain

                                   Port:  8600 

                 

                The 8600 is the port I used during the PIA setup.

                 

                Reports post OK, but when I try to View log/trace, I am prompted to log in to the domain again

                 

                If I change the URL to the https URL we use to access the application, I get an error when posting – it can’t find a certificate.

                 

                Can anyone advise what is the normal practice when using SSL ?

                 

                 

                Thanks

                Julie

                 

                 


                The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. Get busy.




                Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox. Learn more.
              • Wynne, Julie
                OK thanks - I did bounce the PS services but didn t bounce the PIA so maybe that s why it s not yet working. I ll do that later. Rgds Julie From:
                Message 7 of 10 , May 14, 2010
                • 0 Attachment

                  OK thanks – I did bounce the PS services but didn’t bounce the PIA so maybe that’s why it’s not yet working.  I’ll do that later.  

                  Rgds

                  Julie

                   

                  From: psftdba@yahoogroups.com [mailto:psftdba@yahoogroups.com] On Behalf Of the dragon
                  Sent: 14 May 2010 15:36
                  To: psftdba@yahoogroups.com
                  Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

                   

                   

                  When you make report repository changes, you need to bounce both the PS services as well as the PIA.  Also, check your distribution log in PS_HOME/prcs/[domain]/LOGS
                   
                  peace,
                  clark 'the dragon' willis
                   


                  To: psftdba@yahoogroups.com
                  From: J.Wynne@...
                  Date: Fri, 14 May 2010 15:33:22 +0100
                  Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

                   

                  Ok, now I have a different problem

                  I set up an FTP report node and assigned it to my PSUNX scheduler.  Restarted the scheduler. 

                  When I run a request, the log files indicate that the FTP worked, and indeed, the file has arrived in the psreports folder, but process monitor is showing ‘not posted’.

                  I therefore cannot access the file from within the PIA interface.   What can I do ?

                   

                  Thanks

                  Julie

                   

                   

                   

                  From: psftdba@yahoogroups.com [mailto:psftdba@yahoogroups.com] On Behalf Of the dragon
                  Sent: 14 May 2010 13:06
                  To: psftdba@yahoogroups.com
                  Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

                   

                   

                  From what I recall, as long as you have the service account user name and password, which you would have as the owner of PS_HOME/domain and the IP, and the port is open, that's all you need.

                  Working off memory from the last time I set it up in 2007, and I don't have a system in front of me right now.

                  peace,
                  clark 'the dragon' willis





                  To: psftdba@yahoogroups.com
                  From: J.Wynne@...
                  Date: Fri, 14 May 2010 12:25:44 +0100
                  Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

                   

                   

                  I’m sorry – I don’t really understand how the load balancer works.  I just tell our network team to configure the reverse proxy and then follow the instructions in Peoplebooks to configure my web profile.   If I put the public facing URL (ie the https: address) in the URL box, it complains about certificates.  If I put the http: address in, it posts OK, but requires a login.  Perhaps I will try the ftp solution instead as suggested by Clark (the dragon).  

                   

                  Clark – do I need to do anything on the web server (ie at OS level) to make the FTP work ?

                   

                  Or just configure it on the Report Node settings?

                   

                  Thanks guys !

                  Julie

                   

                  From: psftdba@yahoogroups.com [mailto:psftdba@yahoogroups.com] On Behalf Of David Kurtz
                  Sent: 14 May 2010 12:20
                  To: psftdba@yahoogroups.com
                  Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

                   

                   

                  The distribution server has to post to the public facing URL becase the same URL will be used by the users to retrieve from their reports from the repository.

                  Sometimes load balancers can have problems handling packets from the servers on the same VLAN as the web servers across which they balance. 

                  This can cause problems with the return route for these IP packets.

                   

                  regards
                  _________________________
                  David Kurtz
                  Go-Faster Consultancy Ltd.
                  tel: +44 (0)7771 760660
                  fax: +44 (0)7092 348865
                  mailto:david.kurtz@...
                  web: www.go-faster.co.uk
                  Book: PeopleSoft for the Oracle DBA: http://www.psftdba.com
                  DBA Blogs: PeopleSoft: http://blog.psftdba.com, Oracle: http://blog.go-faster.co.uk
                  PeopleSoft DBA Forum: http://groups.yahoo.com/group/psftdba

                   

                   


                  From: psftdba@yahoogroups.com [mailto:psftdba@yahoogroups.com] On Behalf Of Wynne, Julie
                  Sent: Friday, May 14, 2010 12:02 PM
                  To: psftdba@yahoogroups.com
                  Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

                  Hi

                  Sorry, I didn’t make this clear.   The F5 box is terminating the SSL – it hands its traffic off to the web server box as http.   Hence we have a virtual directory (reverse proxy) set up that maps to a http address on the web server.  The web server only knows about http.  We don’t need to post reports with https.  However, I’m thinking that I must have misconfigured the Report node as it keeps asking me to log in again when I try to view the report output.  

                   

                  Thanks

                  Julie

                   

                  From: psftdba@yahoogroups.com [mailto:psftdba@yahoogroups.com] On Behalf Of David Kurtz
                  Sent: 14 May 2010 11:29
                  To: psftdba@yahoogroups.com
                  Subject: RE: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

                   

                   

                  You have to put a certificate into the distribution server. 

                   

                  I had to do this one on one of my customers.  You have to put certificates on everything, web servers, distribution servers (if you want to post with HTTPS) and the ren server (that never quite worked properly afterwards), and we went through all sorts of problem with the format of the certificate - certificate hell - I have managed to suppress most of my memories of that unhappy time.

                   

                  One of my customers went live without SSL and now wants to introduce it.  I have persuaded them that SSL termination should occur on the load balancer, so I don't have to put it into PeopleSoft.  All their PeopleSoft infrastructure in on segregated VLANs.  This approach has a number of advantages.

                  * SSL encryption costs CPU, putting it onto the load balancer moves that load

                  * Terminating SSL on the load balancer gives you a single point of certificate administration.  It means the security people can refresh the certificate without having to go through all the places in PeopleSoft that will involvement of PeopleSoft administrators.

                  regards
                  _________________________
                  David Kurtz
                  Go-Faster Consultancy Ltd.
                  tel: +44 (0)7771 760660
                  fax: +44 (0)7092 348865
                  mailto:david.kurtz@...
                  web: www.go-faster.co.uk
                  Book: PeopleSoft for the Oracle DBA: http://www.psftdba.com
                  DBA Blogs: PeopleSoft: http://blog.psftdba.com, Oracle: http://blog.go-faster.co.uk
                  PeopleSoft DBA Forum: http://groups.yahoo.com/group/psftdba

                   

                   


                  From: psftdba@yahoogroups.com [mailto:psftdba@yahoogroups.com] On Behalf Of Wynne, Julie
                  Sent: Friday, May 14, 2010 10:57 AM
                  To: psftdba@yahoogroups.com
                  Subject: PeopleSoft DBA Forum Report node configuration with SSL/F5 load balancer

                  Hi

                  We have configured SSL on our pt8.49/CS9.0 environments.  All works fine, except when retrieving reports

                   

                  We access the environment using

                   

                  https://ourvirtualserver.domain:1743/psp/CSCRP3/?cmd=login

                   

                  In my report node definition, I currently have

                   

                  URL: http://ourserver.domain:webport/psreports/CSCRP3

                  URI Host :   http:  ourserver.domain

                                     Port:  8600 

                   

                  The 8600 is the port I used during the PIA setup.

                   

                  Reports post OK, but when I try to View log/trace, I am prompted to log in to the domain again

                   

                  If I change the URL to the https URL we use to access the application, I get an error when posting – it can’t find a certificate.

                   

                  Can anyone advise what is the normal practice when using SSL ?

                   

                   

                  Thanks

                  Julie

                   

                   


                  The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. Get busy.

                   

                   


                  Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox. Learn more.

                Your message has been successfully submitted and would be delivered to recipients shortly.