GRC-Application Access Controls Governor 8.6.5 Installation with Weblogic

GRC-APPLICATION ACCESS CONTROLS GOVERNOR 8.6.5 INSTALLATION WITH WEBLOGIC

 

Oracle Governance, Risk & Compliance

GRC-Application Access Controls Governor 8.6.5 Installation

Contents

  • Installation Contacts (Customer)
  • Pre-Installation Checks
  • Installation Check-list
  • Server Information Worksheet
    • Data Sources (Datasource tns Information)
    • Software Staging Location
    • Critical Patch Information
  • Technical Validation
    • Edit .profile
    • Confirm ORACLE_HOME and TNSPING
    • Confirm SCHEMA and GRANTS
    • Confirm language
    • Confirm os settings
    • Confirm db parameters
    • Create directories and set permissions
    • Confirm Environment Variable (JAVA,Middleware)
  • Installing Pre- Requsites
    • Install Weblogic 12.0.2
    • Install ADR 12.1.2 (Application Development Run Time)
    • Install RCU
  • Install GRC
    • GRC Domain Creation
    • Modify setDomainEnv.sh
    • Modifying Java Settings
    • AACG Application Deployment
  • Post Installation Activities
    • Application Configuration
    • Security Configuration
    • Notification Configuration (prevent option)
  • Operational Procedures & Recommendations
    • Application Access
    • Startup & Shutdown
  • GRC Application Environment Validation Scripts(EVS) [ID 1286446.1]
    • sh
    • sh
  • References

 

Installation Check-list

  1. Provision Server operating System
  2. Provision Server database
  3. Complete Server Information worksheet
  4. Create or confirm software staging location and create all directories
  5. Download all software and patches
  6. Run md5sum to verify each download
  7. Setup environment and perform technical validation
  8. Provision JDK
  9. Provision Weblogic
  10. Confirm Application reachable (tomcat or weblogic page)
  11. Application Installation/ Patching
  12. Datasource Setup / Sync
  13. Install Summary Updates

 Software Staging Location

Edit environment file .bash_profile (Technical Valdation)

 

##Added per GRC Installation

export JAVA_HOME=/apps/grc/jdk1.7.0_11

export PATH=$JAVA_HOME/bin:$PATH

export MW_HOME=/apps/grc/Middleware

Specification

Step 1 – Confirm OS settings

GRC runs on a 64-bit Linux server. Be sure the following lines exist in the /etc/security/limits.conf file:

Please set this value.

* Soft nproc 8192

* Hard nproc 32768

* Soft nofile 65536

* Hard nofile 131072

Step 2 – Creating GRC and DA Schemas (Installation guide Page 1-3)

Create user LF_GRC identified by Leapfrog2014% default tablespace GRCC quota unlimited on GRCC quota 0k on system;

grant connect, resource to GRCUSER;

grant create any view to GRCUSER;

grant create any table to GRCUSER;

grant drop any table to GRCUSER;

grant create synonym  to GRCUSER;

Step 3 – Creating GRC Repositories (Installation Guide 2-3)

Create the following repositories in a directory/mount point that is large. This will be home to logs and large reports.

mkdir –m 777 tcg_etl grc_rpt bk_logs

Step 4 – Oracle Database settings (Installation Guide 1-4)

ALTER SYSTEM SET open_cursors=5000 scope=spfile;

ALTER SYSTEM SET processes=3000 scope=spfile;

ALTER SYSTEM SET deferred_segment_creation=FALSE scope=spfile;

SELECT name, VALUE  FROM v$parameter

WHERE name IN (‘open_cursors’,   ‘processes’,  ‘sessions’,  ‘deferred_segment_creation’);

Install Java

Installing java in /apps/grc

pwd

/apps/grc

tar xvzf jdk-7u11-linux-x64.tar.gz

export JAVA_HOME=/apps/grc/jdk1.7.0_11;

export PATH=$JAVA_HOME/bin:$PATH;

which java

java -version

Step 5.1 – Edit environment file .bash_profile

export JAVA_HOME=/apps/grc/jdk1.7.0_11

export PATH=$JAVA_HOME/bin:$PATH

export MW_HOME=/apps/grc/Middleware

 Step 5.2 – Confirm Environment (Java, Oracle, Path

ALTER SYSTEM SET open_cursors=5000 scope=spfile;

ALTER SYSTEM SET processes=3000 scope=spfile;

ALTER SYSTEM SET deferred_segment_creation=FALSE scope=spfile;

SELECT name, VALUE  FROM v$parameter WHERE name IN (‘open_cursors’,   ‘processes’,  ‘sessions’,  ‘deferred_segment_creation’);

Step 6.1 – Confirming Data_Pump_Directory

CREATE SMALLFILE TABLESPACE “LF_GRCBACKUP”DATAFILE ‘/u01/app/oracle/data_pump_dir’ SIZE 2G AUTOEXTEND ON NEXT 20M MAXSIZE UNLIMITED LOGGING EXTENT MANAGEMENT LOCAL SEGMENT SPACE MANAGEMENT AUTO;

Step 6.2 – Create GRC_BACKUP Folder

  1. CREATE USER LF_GRCBACKUP IDENTIFIED BY integra2014 DEFAULT TABLESPACE LF_GRCBACKUP_TBS QUOTA UNLIMITED ON GRCBACKUP_TBS;
  2. GRANT READ,WRITE ON DIRECTORY DATA_PUMP_DIR TO LF_GRCBACKUP;
  3. GRANT EXP_FULL_DATABASE,IMP_FULL_DATABASE TO LF_GRCBACKUP;
  4. GRANT CREATE SESSION TO LF_GRCBACKUP;
  5. GRANT CREATE TABLE TO LF_GRCBACKUP;
  6. GRANT UNLIMITED TABLESPACE TO LF_GRCBACKUP;
  7. GRANT EXECUTE ON UTL_FILE TO LF_GRCBACKUP;

Step 7 – Install Weblogic

Step 7.1

Start the Oracle Fusion Middleware 12c Weblogic Installer

Step 7.2

Click Next.

 

Step 7.3

Enter Oracle Home Directory location.

/oracle/Middleware

Click Next.

Step 7.4

Click Weblogic Server Installation and Click Next to proceed.

Step 7.5

Now installer checks for Prerequisite Checks. Once it has been completed, you can view log by clicking View Log or Click Next to proceed.

Step 7.6

Once all the process has been completed the setup finally enters to installation panel in this you can view “Installation Location”, “Disk Space” and “Feature Sets to Install”. You can also save the response file. Click Install to Proceed.

Step 7.7

Installation Process will be completed once all the operation has been completed.

 Step 7.8

Once the installation has been completed you will see the message at bottom like “Oralce WebLogic installation completed successfully”. Click Finish.

Step 8 – Install ADR (Advanced Runtime)

Step 8.1

Execute the fusion middleware jar file using the below command.

java -jar fmw_infra_12100.jar

Step 8.2

Installer process will be started.

Step 8.3

Installation wizard will continue. Click Next to Proceed.

Step 8.4

Enter Oracle Home Directory location.

/oracle/Middleware

Click Next.

Step 8.5

Select “Fusion Middleware Infrastructure” and “Fusion Middleware Infrastructure with Examples” according to your requirements

Step 8.6

Installation Summary will be displayed to ensure the requirements. Click Install to continue.

Step 8.7

Installation progress will proceed

Step 8.8

Installation progress will be completed. Click Finish to complete.

Step 9 – Install RCU

Step 9.1

Navigate to

/oracle/Middleware/oracle_common/bin

Step 9.2

Repository Creation Utility wizard will be initiated.

Step 9.3

Select Create Repository and select the appropriate operation that need to be performed.

Three operations can be performed as below

  • System Load and Product Load
  • Prepare Scripts for System Load
  • Perform Product Load

You can even drop the repository by selecting the option “Drop Repository”.

Click Next.

Step 9.4

Enter the Database Connection details like Database Type , Hostname, Port number, Service Name, Username, Password and Role. Click Next to proceed.

Step 9.5

Select components and services you need to install. You can use the existing Prefix  or Create a new Prefix by selecting the required option

Click Next.

Step 9.6

Enter the Schema password and even you can create same password for all schemas by clicking the options below.

Step 9.7

Review the summary whether all the details have been entered correctly.

Click Create to start the repository creation process.

Step 9.8

You can view the complete summary of the Database Details, Components installed, Status, Time and Log fine crated for each component. Click Close the finish the process.

Step 10 – Creating Weblogic Domain

Step 10.1

Execute the config script using the below command.

./config.sh

Step 10.2

Fusion Middleware Configuration wizard opens to create a new weblogic domain

Step 10.3

Setup will continue each one by one process. The first process is to create a Domain using preloaded product templates or using custom template. Click Next to proceed.

Step 10.4

Select the application location and the process will be moved to next step in that you can create an Administrator Account Credentials like Username and Password.

Click Next.

Step 10.5

Select the domain mode which suites best according to the requirements

You can select Development or Production. Select the Oracle Hotspot preloaded location or select other JDK Location.

Step 10.6

Select the database configuration type .In two ways it can be performed

  • By using RCU Data
  • Manual Configuration

Click Get RCU Configuration button to get the schema details from the database server.

Click Next to proceed.

Step 10.7

You can choose the appropriate settings from the loaded one for the JDBC Component Schema. Click Next.

10.8

JDBC component schema test will run a set of operation to verify the components installed. This process can be done by click Test Selected Connections. Click Next to continue.

10.9

In the Advanced Configuration option you can manage Administration Server, Node Manager, Managed Servers, Clusters and Coherence.

Click Next

10.10

The next process will move according to option selected in the Advanced Configuration. For example I have choosed “Administration Server”. So I have to enter the settings for that module.

Once all the details have been entered like server name, Listen Address, Listen Port and Etc.

Click Next to Proceed.

10.11

The setup now moves to Configuration Summary block in this you can view which all the modules you have created in the above steps will be mentioned. You can also view the class under each subdivision and location where it’s going be installed.

Click Create.

10.12

When the configuration process is completed it will show the Configuration success windows with the message “Oracle Weblogic Server Configuration Succeeded” and “New Domain base_domain creation Successful”.

Click Finish to complete the process.

STEP 11- Modify Java Settings:

1). Create a folder called like GRC_865 under $MW_HOME.

2). From 865_stage/dist folder copy grc.ear file to $MW_HOME/GRC_865

3). Extract (unzip) grc.ear  (ex: unzip grc.ear)

4). Go to $MW_HOME/user_projects/domains/grcdomain/bin/Vi setDomainEnv.sh

Search for USER_MEM and add the following tags.

5). In SetDomainEnv.sh file itself

Locate the extra_java_properties section of the file. In it, remove the following string:

‑Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger

6).search for # ADD EXTENSIONS TO CLASSPATHS tag

if [ “${PRE_CLASSPATH}” != “” ] ; then
CLASSPATH=”${PRE_CLASSPATH}${CLASSPATHSEP}${CLASSPATH}”
export CLASSPATH
fi

Add the following before those lines:

# ADD EXTENSIONS TO CLASSPATHS

PRE_CLASSPATH=”/u01/GRC865_MW/grc_865/grc/WEB-INF/lib/jython-2.5.1.jar:${PRE_CLASSPATH}”

export PRE_CLASSPATH

Note: /u01/app/wls12c/user_projects/domains/<grc_domain>/servers/ AdminServer/stage/grc865/grc865/grc is where you have WLS host the source. If you “copy to all targets”, then the source is under “stage.”

12 – GRC 865 Deployment

Step-12.1

1). Start Adminserver

2). Go to weblogic console ( URL: http://hostname:port/console  login with weblogic uid).

3). Enter the Credentials and Click Login.

Step-12.2

Click Lock & Edit in Change Centre and Click Deployment under “Domain Structure”.

Click Install and Select the GRC_865 location and click Next.

 Step – 12.3

Select “Install this deployment as an application” in the “Install Application Assistant” panel and Click Next.

Step-12.4

Enter the Deployment name and select “DD Only: Use only roles and policies that are defined in the deployment descriptors. Scroll down to see more options to enter.

 Step – 12.5

Manually select “I will make the deployment accessible from the following location” and enter the location.

Select “Use the same accessibility as the application” and Click Next.

Step-12.6

Under the Additional Configuration, select Yes, take me to the deployment’s configuration screen and  Click Finish.

Step-12.7

Click “Deployment” and select “GRC_865” to start the application. The state will be “Prepared”.

Step-12.8

“Start Application Assistant” will be prompted and will show the application which needs to be started.

Click Yes and Proceed.

Step-12.9

Now you can see the state has been changed to “Active”.

Step-12.10

Select “GRC_865” under deployments. You can view the detailed configuration and other things in that window.

Step-12.11

Login to GRC application and Click Navigator and select “Setup and Administration”.

Step 13 – Post-Installation Configuration

Step 13.1

Under “Setup and Administration” tasks click “Manage Application Configurations”

Step 13.2

Now verify that the installation configuration was configured properly.

Step 13.3

Use the details below for the Application Configuration process.

User T_GRC
Password
Port
Service Identifier DEV_GRC
Server Name
Report Repository Path /d02/grc_rpt
Log Threshold DEBUG
Transaction ETL Path /d02/tcg_etl
App Server Library Path /Oracle/Middleware/user_projects/domains/base_domain/lib/
Optimize Distributed Operation Enabled
Optimize Appliance-Based Operation No
ORACLE_HOME Path No
Enable ERA ETL Optimization No
Maximum Login Attempts 6
Elapsed days before password expiration 90
# of Cores Available (min 2) 2
Maximum MB or Ram for processing(Total Ram – 8GB) 326768

 

Step 14-Operational Procedures and Recommendations

Login to the Application. Under “Setup and Administration” tasks click “Manage Application Configurations”.

Click “Notification” Tab.

You can also configure “Notification Schedule” and “Notification Content” according to the client requirements.

Click “Security” Tab

Enter the following details like “Maximum Login Attempts”, “Elapsed Days Before Password Expires” and “Use Basic Authentication for Web Service”.

Step – 14 

Step -14.1 – Operational Procedures and Recommendations

Application Server Login to the Server http://hostname:port/grc
Login as As applgrc
Navigate to /oracle/Middleware/user_projects/domains/base_domain/bin
Start WebLogic nohup ./startWebLogic.sh &
Stop WebLogic stopweblogic
Log file (grc.log) located at/oracle/Middleware/GRC_865/grc/log/grc.log tail -f grc.log
Log Rotation start_aacgstop_aacgPrior to startup it is recommended to delete the log file. The file will be regenerated upon startup.

If the application is experiencing issues the log will indicate such.

The amount of detail is controlled via the application configuration and should be set to show ERRORs in normal running capacity to keep the logs smaller./oracle/Middleware/user_projects/domains/base_domain/bin/start_aacgView Image1 for more details.

Image1

Open GRC Application and Click   to view the Application Name and Version of the GRC installed.

You can also view the current patch installed.

 

Leave a Reply

Your email address will not be published.