AllExperts > Oracle 
Search      
Oracle
Volunteer
Answers to thousands of questions
 Home · More Oracle Questions · Answer Library  · Encyclopedia ·
More Oracle Answers
Question Library

Ask a question about Oracle
Volunteer
Experts of the Month
Expert Login

Awards

About Us
Tell friends
Link to Us
Disclaimer

 
 
 
 
About Peter Choi
Expertise
I am a senior Oracle DBA, PeopleSoft Administrator and Project Manager with 10+ years experience. I have been working with PeopleSoft (HRMS 5, 7, 7.x and 8.9), Oracle RDBMS (7.3 - 11gR1) on various Unix and Windows platforms, and some Oracle Application Server (9i/10gR2). I also have experience with the configuration and administration of BEA`s Tuxedo and WebLogic for PeopleSoft 8.x.

 
   

You are here:  Experts > Computing/Technology > Oracle > Oracle > Peoplesoft Tuxedo traffic

Oracle - Peoplesoft Tuxedo traffic

Expert: Peter Choi - 4/21/2009

Question
Peoplesoft 8 and 9 utilizes Tuxedo as the underlying technology)it handles traffic from the application servers to database servers, I am concerned by my data as it traverses the tuxedo ports(specifically the traffic from the extranet to the intranet hardened servers). What risk if any does the BEA Tuxedo middleware pose;How do I know my tuxedo traffic is safe?  Is there any documentation that speaks to this you can point me to.

Answer
Hi Diane,


From a networking / infrastrcuture perspective
----------------------------------------------
In the PeopleSoft Internet Architecture (PIA) defined by PeopleSoft, there should be a level of security between the Internet/Extranet and the Web Server. That level of security could be in the form of a firewall or reverse proxy server.

It is optional to have another level of security between the web server and the Tuxedo application server (AS).

If your application server is exposed to the Internet/Extranet, there is some degree of risk and vulnerability. If the server where the AS reside is compromised, then it may be used to access your harden servers behind it.

From a data perspective
-----------------------
In terms of the data, it depends on the type of security that you've chosen to implement in Tuxedo. Tuxedo has the capability of encrypting the traffic between the client workstation and the application server. Encryption can be set at 0 (No encryption), 40 (40 bit encryption) or 128 (128 bit encryption). If you enable this option, the client workstation would need to be configured accordingly.

Traffic that is unencrypted and on an unsecured network could be a vulnerability. The risk is in the low - medium range, depending on the content of your information.

You may wish to consult Oracle|PeopleSoft document:    
Securing Your PeopleSoft Application Environment (Doc ID 747524.1) available on Metalink3.oracle.com.

Hope this helps.

Peter

Add to this Answer   Ask a Question


 
User Agreement | Privacy Policy | Kids' Privacy Policy | Help
Copyright  © 2008 About, Inc. AllExperts, AllExperts.com, and About.com are registered trademarks of About, Inc. All rights reserved.