OOW15 - managing oracle e-business suite auditing and security

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |

Managing Oracle E-Business Suite Auditing and Security

Eric Bing, Senior Director, Applications Product Security Elke Phelps, Senior Principal Product Manager, Applications Technology Group Oracle E-Business Suite Development Oracle


Safe Harbor Statement

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.


Program Agenda

Follow Secure Deployment & Configuration Guidelines

Understand and Setup Auditing and Logging

Overview of New Security Features

Review Security Roadmap

1

2

3

4


Program Agenda





1

2

3

4


Stay current with patching

Follow secure deployment recommendations

Configure SSL/TLS


A

B

C




Configure SSL/TLS


A

B

C


How to Deploy Oracle E-Business Suite Securely

• Apply Critical Patch Updates (CPUs) + Security Alerts

– Critical Patch Advisory Page

http://www.oracle.com/technetwork/topics/security/alerts-086861.htm

– Patch Setup Update (PSUs) are an option for the database • PSUs include CPUs + other database recommended patches

• EBS customers may apply either CPUs or PSUs for the DB

• As of 12c only PSUs will be released

• Apply latest maintenance pack or release update pack

– Yes, Oracle E-Business Suite maintenance packs release update packs improve security as well

Stay Current with Patching




Configure SSL/TLS


A

B

C


How to Deploy Oracle E-Business Suite Securely

• Secure Configuration Guide for Oracle E-Business Suite – Previously known as “Best Practice” documents

– Release 11i, MOS Doc ID 189367.1

– Release 12.1, MOS Doc ID 403537.1

– Release 12.2, Security Administration Guide, Secure Configuration Chapter

• Oracle E-Business Suite Configuration in a DMZ – Follow this guide if your Oracle E-Business environment is internet accessible

– Release 11i, MOS Note 287176.1

– Release 12.1., MOS Note 380490.1

– Release 12.2., MOS Note 1375670.1

Follow Secure Deployment Recommendations

New


Secure Configuration Scripts

• Scripts are packaged as SQL and Shell scripts – Check for updated scripts on a periodic basis

– EBSSecConfigChecks.sql – runs all (12) other SQL scripts • Results are compiled into a single report

• Comments in the scripts often contain hints for resolution

– EBSCheckModSecurity.sh

– EBSCheckFormsBlockChar.sh

• You should perform routine configuration “Health Checks” – Create a baseline for your environment

– Run scripts often and compare against your baseline…check for differences

MOS Note 2069190.1, Security Configuration and Auditing Scripts for Oracle E-Business Suite

New


Secure Configuration Scripts

• New MOS Note with secure configuration scripts

• Key Updates

– General scripting updates for editioning views in EBS 12.2

– New script to check ALLOWED_REDIRECTS, ALLOWED_JSPS, Domain Cookie Scoping

– BNE_ALLOW_NO_SECURITY_RULE – must be set to “N”

– Debug Logging recommendations added

– Warning (but not error) if 'FND_DIAGNOSTICS‘ and related profiles are set at the USER level

– New shell script to check that the Forms character blocking filter is on

Major updates


New


Out-of-box security compliance checks for Oracle E-Business Suite

Integration with Enterprise Manager compliance framework

Security compliance violations and trends are generated

Real-time observations of security compliance in your environment

Compliance Rules

Oracle Enterprise Manager: Oracle E-Business Suite Plug-In




Configure SSL/TLS


A

B

C


• Inbound Connections from a client to the Oracle HTTP Server

• Loopback connections from Oracle E-Business Suite to itself

• Outbound connections from Oracle E-Business Suite to External Site(s)

TLS Connections in Oracle E-Business Suite

Intranet User

Internet User

External Site

External Application Node

Internal Application Node

EBS Database

DMZ VPN

16 Oracle Confidential – Internal/Restricted/Highly Restricted


• Inbound Connections – Browser access – Forms access – Incoming XML Gateway

message – Mobile access via a

REST service

• Loopback Connections – Workflow notification

emails from Concurrent Manager tier

– Payment call back from database tier

– OAM log viewer

17

• Outbound Connections – Punchout in iProcurement – XML Gateway connection

to a partner application – Payments credit card

processing

Examples of TLS Connections in Oracle E-Business Suite


• Changing Protocol from SSL to TLS 1.0

– EBS 11i, 12.1, 12.2 certified

– Recent vulnerabilities addressed • SSL related vulnerabilities

– POODLE, FREAK

• Planning for the SHA-1 to SHA-2 change

– Most Certificate Authorities are no longer issuing SHA-1 certificates

– EBS 11i, 12.1, 12.2 certified

Oracle E-Business Suite Oracle HTTP Server (OHS) Changes Customers are Making to OHS for Inbound Connections

Description MOS Doc ID

Enabling TLS in EBS 11i 123718.1

Enabling TLS in EBS 12 376700.1

Enabling TLS in EBS 12.2 1367293.1

POODLE (& FREAK) 1937646.1

HAProxy for EBS 12.1.3 2012639.1

TLS FAQ 2063486.1


New


HAProxy Certification with Oracle E-Business Suite 12.1.3

• HAProxy may be deployed as a TLS termination point

• TLS 1.2 can be used with HAProxy

• Additional cypher suites can be used with HAProxy

Oracle HTTP Server listener configuration

After deploying HAProxy as a reverse proxy



Program Agenda





1

2

3

4


Auditing and Logging

• Detect suspicious activity and attacks

• Investigate incidents after an attack

• Adhere to compliance standards (SOX, HIPAA, PCI-DSS)

• Implement business process monitoring and controls

• Debug application problems

• Performance monitoring



• Recent and current activity (monitoring) – Information about what is happening currently in the system – Information about the last activity performed on a specific record or by a specific

session

• Historical activity – Information is similar to recent and current activity that is captured – Information is retained (historical records of activity)

• Unexpected events – Unexpected Errors reported by the application or technology stack – Unexpected errors can include security related activity

Categories



• External auditors and forensics require “nonrepudiation”

– Need to prevent tampering with records

• Most information is stored in the database or on the local file system

– Recommendation is to move auditing information to a central repository

• Variety of technologies – Oracle Audit Vault and Database Firewall

– Read only DB links / CRON jobs

Securing the Auditing and Logging Records


Auditing Scripts

• Download EBSAuditScripts.zip (contains multiple SQL scripts)

– Validate audit configuration

– Query audit tables

– Configure database auditing

• Check periodically for updates to EBSAuditScripts.zip

• Refer to the sample scripts in the zip file when you see the following in this presentation: “Audit script: script_name.sql”



Oracle E-Business Suite Application

Oracle E-Business Suite Technology Stack

Optional Oracle Technology Integrations

Auditing and Logging Features

A

B

C





Auditing and Logging Features

A

B

C


Unsuccessful Logins

Debug Logging

Sign-on Audit

Session Auditing

Oracle E-Business Suite Applications Auditing & Logging Features

Oracle E-Business Suite Release 12.2, Security Administration Guide

i

ii

iii

iv

Page Access Tracking

Who Columns

AuditTrail

Database Connection Tagging

v

vi

vii

viii


Unsuccessful Login Attempts

• Detection of brute forcing of passwords

• Information recorded in APPLSYS.FND_UNSUCCESSFUL_LOGINS

– Date

– User (only if corresponding to a valid username)

– Issue: IP address not captured

• Several options for examining the data

– Report: Signon Audit Unsuccessful Logins

– Auditing script - UnsuccessfulLogins.sql

28

Local login only


Unsuccessful Login Attempts SQL> select u.user_name,ful.user_id,

to_char(attempt_time,'DD-MON-RRRR HH24:MI:SS') attempt_time

from fnd_unsuccessful_logins ful, fnd_user u

where ful.user_id = u.user_id (+)

order by attempt_time;

USER_NAME USER_ID ATTEMPT_TIME

---------- ---------- -----------------------------

ANONYMOUS -1 01-JUL-2015 02:49:00

SYSADMIN 0 14-SEP-2015 15:31:56

SYSADMIN 0 15-SEP-2015 15:33:16

JFROST 1324 16-SEP-2015 13:25:03

Audit script: UnsuccessfulLogins.sql

29


Debug Logging

• Often used to diagnose problems in Oracle E-Business Suite

• Profile configuration – FND: Debug Log Enabled "Y“, AFLOG_ENABLED

– FND: Debug Log Level “UNEXPECTED" , AFLOG_LEVEL • Default value is UNEXPECTED

• Minimum level of UNEXPECTED is key for security auditing

• Information is logged to the database by default – Database logging is easier to maintain in a multi-tier environment

– File logging provides protection against logs being modified

Audit script: EBSCheckAuditingSettings.sql

30


Debug Logging

• Log files should be examined to understand normal production activity

– Important to understand what errors are common

• Some errors are expected even at UNEXPECTED level

• A few examples for Oracle E-Business Suite Debug Log (12.1) include:

– com.evermind.server.http.HttpIOException: Broken pipe

– Parameter 'requestUrl' was null, defaulted to 'APPSHOMEPAGE‘

– Could not load application module 'oracle.apps.fnd.sso.login.server.MainLoginPageAM‘

31

Determining your baseline


Sign-On Audit

• Track what your users are doing and when they do it

• View quickly online what your users are doing

• Choose who to audit and what type of information to audit

• Set Profile Sign-On:Audit Level (Internal code: SIGNONAUDIT:LEVEL )

– Recommended and default value is “Form” (Internal code - “D”)

• Run Sign-On Audit reports to review logged information

Note: Many of the Sign-On Audit reports are specific to Oracle Forms interfaces

32


Sign-On Audit - Responsibility Audit Report

User Name Responsibility Name Start Active Time End Active Time

--------- ------------------- ----------------- ---------------

OPERATIONS System Administrator 15-SEP-15 16:01 16-SEP-15 12:23

SYSADMIN System Administrator 20-AUG-15 12:37 20-AUG-15 12:38

33

Forms Only

Report executed as a standard Concurrent Processing Report


Sign-On Audit - Form Audit Report

User Name Responsibility Name Start Active Time End Active Time Form Name

---------- ------------------- ----------------- --------------- ------------------------------

OPERATIONS System Administrator 16-SEP-15 12:23 16-SEP-15 12:23 Define Application User

OPERATIONS System Administrator 15-SEP-15 16:01 15-SEP-15 16:26 Run Reports

SYSADMIN System Administrator 14-SEP-15 14:42 14-SEP-15 14:42 Update System Profile Values

SYSADMIN System Administrator 16-SEP-15 13:00 Monitor Application Users

34

Forms Only



Sign-On Audit - Monitor User Form

35

Forms Only


Sign-On Audit – Sign-on User Audit Report

• Reports on Forms, JTF and OAF

• Information displayed on report includes the following: –User

–Dates and times

–Oracle Process

36



E-Business Suite Session Auditing

• FND_LOGINS

– All technologies record information here per login / concurrent request

– Login information includes: • User, dates and times

• DB process information

• ICX_SESSIONS – OAF and JTF pages record information here per web context (cookie)

– Session information includes: • User, dates and times

• Last responsibility and function accessed from Home Page

37

Looking beneath the covers


E-Business Suite Session Auditing

USER_NAME SESSION_ID COUNTER D START_TIME END_TIME

---------- ---------- ------- - ------------------- -------------------

SYSADMIN 849439764 7 N 2015/08/16 23:50:49 2015/08/17 02:02:42

SYSADMIN 613794284 13 N 2015/08/17 01:53:16 2015/08/17 02:02:42

RESPONSIBILITY_NAME USER_FUNCTION_NAME

------------------------------ ------------------------------

Applications Default Login Page

System Administrator Profile Options

Audit script: SessLoginResponsibilites.sql, LoginSessResponsibilites.sql

38

Session Queries


Page Access Tracking (PAT)

• Page and Session based information

– Brings together much of the information previously discussed

• Forms, OAF and JTF based applications data is aggregated

• Flows and historical data for users is captured

– Allows drill down to individual page flows

• By default the features is turned off

– Can be turned on for specific applications, responsibilities or users

– Configure via OAM PAT configuration UI Note: This setting is a profile, read the documentation for more information

39

Bringing it all together


Page Access Tracking (PAT)

• Monitor and Store historical data for power users (Admins)

• Monitor access for sensitive pages

– Security sensitive pages

– Sensitive data access

• Monitor performance problems

• Monitor overall site usage

40

Uses



41

View by User

http://whitehat/dokuwiki/_media/pat/122-users.png?cache=



42

View by Date

http://whitehat/dokuwiki/_detail/pat/122-date.png?id=notes:pat_research



43

View by Responsibility

http://whitehat/dokuwiki/_detail/pat/122-resp.png?id=notes:pat_research



44

Drill down into a session

http://whitehat/dokuwiki/_detail/pat/122-jfrostflow1.png?id=notes:pat_research



46

Graph view of session



47

Graph view of session (continued)

…..


Query the Page Access Tracking Data

DAY SESSIONID USER_NAME TECH_STACKS PAGES_ALL

------------------ ---------- --------------- -------------- ----------

22-OCT-15 682273278 SYSADMIN OAF, FORM 303

18-OCT-15 1304068967 SYSADMIN FORM 1468

18-OCT-15 2109872838 SYSADMIN OAF, FORM 597

Audit script: PAT_sessions_by_user.sql , PAT_sessions_by_date.sql

48

Summary


Query the Page Access Tracking Data

SESSIONID USERNAME PAGENAME TECH_STACK

---------- --------------- -------------------------------------------------- ----------

682273278 SYSADMIN Home>page:.../framework/navigate/webui/NewHomePG OAF

682273278 SYSADMIN RESP_CHANGE AUDIT

682273278 SYSADMIN FNDRSRUN FORM

RESPNAME DAY

----------------------- -----------

System Administration 22-OCT-2015



Audit script: PAT_session_flow.sql

49

Session Detail


Data Changes Tracked with Who Columns

• Data changes are tracked within a record

• Changes are logged to the following columns in most tables:

– CREATION_DATE, Date and Time row was created

– CREATED_BY, Oracle Applications user ID from FND_USER

– LAST_UPDATE_LOGIN, Login ID from FND_LOGINS

– LAST_UPDATE_DATE, Date and Time row as last updated

– LAST_UPDATED_BY, Oracle Applications user ID from FND_USERS

Audit script: ProfileWhoColumnExample.sql

50


Oracle E-Business Suite AuditTrail

• AuditTrail tracks data changes in Oracle E-Business Suite tables using shadow tables

– Leverages database triggers

– Implement through Oracle E-Business Suite Forms user interface

– Simple to report on audit data joined with reference data

• Oracle Database Auditing overlaps older AuditTrail functionality

– Oracle Database Auditing has better performance

– Integrates with Oracle Audit Vault

– Audit records are more easily secured

51



• Oracle E-Business Suite session information is populated in V$SESSION

– Leveraged in database auditing

– Leveraged in Oracle Audit Vault and Database Firewall

• Information in V$SESSION – CLIENT_IDENTIFIER – FND User currently associated with the connection

– For context-insensitive standalone modules such as FNDLOAD or FNDCPASS, the value of CLIENT_IDENTIFIER is set to ‘SYSADMIN’.

– MODULE – Application Module being used

– ACTION – Page or Form

52



select to_char(logon_time,'DD-MON-RRRR HH:MI:SS') Logon_date,sid, client_identifier

fnd_user, module,action from v$session where client_identifier = '&fnd_user';

LOGON_DATE SID FND_USER MODULE

------------------- ----- ---------- --------------------------------------------------

16-OCT-2015 05:49:39 50 JFROST e:PER:fwk:per.selfservice.common.server.CommonAM

16-OCT-2015 05:48:41 180 JFROST e::fwk:fnd.framework.service.lookups.server.Look

ACTION

-----------------------------------

PER/EMPLOYEE_DIRECT_ACCESS_V4.0

/

Audit script: v$sesssion_by_Fnd_User.sql

53

Query V$SESSION by FND User



SELECT SID, replace(sql.sql_text,chr(10),'') stmt

FROM v$session SES,

V$SQLtext_with_newlines SQL

where SES.SQL_ADDRESS = SQL.ADDRESS (+)

and SES.SQL_HASH_VALUE = SQL.HASH_VALUE (+)

and SES.client_identifier = '&fnd_user'

order by SID, sql.piece asc;

Audit script: v$sesssion_last_sql_by_Fnd_User.sql

54

Retrieve the last SQL run by a specific Oracle E-Business Suite User





Options for Analyzing Security Related Actions

A

B


C


Applications Technology Stack Auditing & Logging

Oracle HTTP Server Access Log

Oracle HTTP Server Error Log

Oracle HTTPS Log

i

ii

iii



Oracle HTTP Server Access Log

• All requests processed by OHS

• Location and content are controlled by CustomLog directive in http.conf

• Example from access_log (EBS 12.2):

172.17.122.44 - - [10/Aug/2015:17:53:52 -0400] "GET

/page.jsp?p1=search HTTP/1.0" 200 1197

58

Oracle E-Business Suite 12.2, 12.1


Oracle HTTP Server Error Log

• Key log file for the Oracle HTTP Server (OHS) • Apache httpd, including ModSecurity, will send diagnostic information

and record any errors that it encounters in processing requests here • Default log file name: – 12.2 - EBS_web_<SID>.log – 12.1 error_log.<timestamp>

• ModSecurity will log whenever it denies a request • Example of a blocked request: [Tue May 12 00:11:45 2015] [error] [cli ent 172.17.121.2] mod_security: Access denied with code 400. Pattern match "\\.\\./" at THE_REQUEST.

[hostname "apps.example.com"] [uri "/P?path=../"] [unique_id VVF9gawReR8AAAVDA2M]

59

Oracle E-Business Suite 12.2 and 12.1


Oracle HTTPS Logging

• Additional logging occurs when HTTPS is enabled

• Logging directives are defined in ssl.conf

• Default log file name: ssl_request.log

• Sample from log file:

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

[10/Aug/2015:17:53:52 -0400] 172.17.122.44 TLSv1.2

SSL_RSA_WITH_AES_256_GCM_SHA384 "GET / HTTP/1.0" 1197

60


Database Technology Stack Auditing & Logging

Database listener log

Database alert log

Database auditing

i

ii

iii



Database Listener Log

• All successful and unsuccessful connection attempts are logged here

• All RELOAD, START, STOP, STATUS, or SERVICES command issued by the Listener Control utility

• Logging is turned on by default in Oracle E-Business Suite 12.1 and 12.2

• Configuration file= LISTENER.ORA – LOG_STATUS = ON

– LOG_DIRECTORY_$ORACLE_SID = $TNS_ADMIN

– LOG_FILE_$ORACLE_SID = $ORACLE_SID

63


Database Alert Log

• The alert log is an XML file that is a chronological log of messages and errors.

• The alert log includes messages about the following:

– Critical errors (incidents)

– Administrative operations, such as starting up or shutting down the database, recovering the database, creating or dropping a tablespace, and others.

– Errors during automatic refresh of a materialized view

– Other database events

– The values of all initialization parameters that had nondefault values at the time the database and instance start

64


Database Auditing

• Monitor and record configured database actions

• Configuration file: init.ora –Turn on traditional auditing • AUDIT_TRAIL=DB or OS

• AUDIT_FILE_DEST=[directory]

–Monitor administrative user sessions • SYS_OPERATIONS=true

65


Database Auditing

• Can alert you to password guessing attacks

• Can alert you to suspicious connections to highly privileged schemas

• Turn on by executing the following statement: SQL> audit create session whenever not successful;

66

Monitor Unsuccessful Database Logins


Database Auditing

• Audit any changes to the standard Oracle E-Business Suite database schemas or creation of new schemas.

• May alert you to inappropriate or malicious activity.

• Turn on by executing the following statement: SQL> AUDIT USER;

67

Monitor Schema Changes


• Create, alter, drop database links

• Create alter, drop public database links

• Create, alter, drop roles

• Create, alter, drop profiles

• Access public synonyms

• Create, alter directory

• Alter system statements

• Alter database statements

• Audit, noaudit sql statements

• Grant, revoke system privileges

68

Database Auditing Statement and Privilege Auditing

Audit script: SystemPrivAuditing.sql


Database Auditing

• Recommendations for auditing the following categories of tables:

– User

– Responsibilities, roles and privileges

– Security configuration

– Flexfield configuration

– Concurrent manager configuration

69

Object Level Auditing

Audit script: EBSObjectAuditing.sql


Database Auditing

• Allows detailed conditions to trigger auditing

• Monitors data access based on content

• Audits records based upon specific column conditions or actions

– Accessing a table between 9 p.m. and 6 a.m. or on Saturday and Sunday

– Using an IP address from outside the corporate network

– Selecting or updating a table column

– Modifying a value in a table column

• Creates a more meaningful audit trail

• Excludes unnecessary information that occurs if each table access were recorded

70

Fine-Grained Auditing

Database Security Guide: About Fine-Grained Auditing

http://docs.oracle.com/database/121/DBSEG/audit_config.htm




• Data Changes Tracked with Row Who Columns

• Sign-On Audit

• Session Auditing

• Database connection tagging

• Page Access Tracking

• Oracle E-Business Suite AuditTrail

• Proxy User Auditing

• Apache Access Logs

• Database listener log

• Database alert log

• Database auditing

• Fine-grained auditing

• Unsuccessful logon attempts

• Debug logging

• OHS Apache error logs

• Database listener log

• Database alert log

Auditing and Logging Recent or Current Activity Historical Activity Unexpected Events





Options for Analyzing Security Related Actions

A

B


C


• Consolidate database audit trail into secure centralized repository

• Detect and alert on suspicious activities, including privileged users

• Out-of-the box compliance reports for SOX, PCI, and other regulations – For example; privileged user audit,

entitlements, failed logins, regulated data changes

• Integrates with Oracle E-Business Suite security system

Oracle Audit Vault and Database Firewall


• Monitor inbound SQL activity in passive mode

• Alert security operations of unexpected activity

• Execute standard or develop custom reports

Oracle Audit Vault and Database Firewall


Oracle Governance, Risk and Compliance Manager

• Access Governor: Enforce Separation of Duties

– Changes to users' functional abilities

– E-Business Suite integration

• Transaction Governor: Monitor financial transactions executed

• Configuration Governor: Monitor critical configuration changes

• Preventive Governor: Proactively enforces policies

http://www.oracle.com/us/solutions/corporate-governance/overview/index.html

75

Manage financial and regulatory impacts in EBS





Program Agenda





1

2

3

4


• Cookie Domain Scoping

– Provide additional protection for communication between the browser and the Oracle E-Business Suite web tier

– Define the scope for cookie sharing to avoid unnecessary exposure

• Allowed JSPs

– Defines whitelist of allowed JSPs for Oracle E-Business Suite Release 12.2

– Prevents access to JSPs which are not used

– Enables configuration of actively allowed JSPs to avoid unnecessary exposure

77

• Proxy User

– Users can delegate by responsibility or workflow notification type some or all of their access to other users, who can then act on the delegator’s behalf.

– Functionality works seamlessly across all Forms and OA Framework-based Oracle E-Business Suite modules

• Allowed Redirects

– Defines whitelist of allowed redirects for Oracle E-Business Suite 12.2

– Prevents redirects that are not listed as allowed

– Enables configuration of allowed redirects to avoid unnecessary exposure

New Security Features in Oracle E-Business Suite 12.2


Program Agenda





1

2

3

4


Security and Auditing Roadmap

• EBS 12.2 New Security Features turned on by default

• Documentation and Scripts

– EBS 12.2 Auditing and Logging Section of Security Administration Guide

– Additional Auditing and Security Configuration Scripts

• Tracking of IP addresses at E-Business Suite session and PAT level

• Database 12c Unified Auditing with Oracle E-Business Suite 12.2

• Certification of TLS 1.2 with Oracle E-Business Suite 12.2

• Oracle E-Business Suite 12.2 Data Masking Template

79

Roadmap


E-Business Suite Technology Stack Blog

• Direct from EBS Development

• Latest news

• Certification announcements

• Primers, FAQs, tips

• Desupport reminders

• Latest upgrade recommendations

• Statements of Direction

• Subscribe by email or RSS

blogs.oracle.com/stevenchan

80


E-Business Suite: System Management

Join us on Facebook

facebook.com/groups/EBS.SysAdmin

81


Questions and Answers


Safe Harbor Statement

The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

Oracle Confidential – Internal/Restricted/Highly Restricted 83


Chronological Order

84


Related Sessions

Monday, October 26, 2015

11:00 a.m. CON8140 - Planning Your Upgrade to Oracle E-Business Suite 12.2 J. Anne Carlson, Senior Director, Product Strategy, Oracle E-Business Suite, Oracle

Moscone West—3022

2:45 p.m. CON8146 - Simplified and Touch-Friendly User Interface in Oracle E-Business Suite Padmaprabodh Ambale, Director, ATG Development, Oracle

Moscone West—3024

4:00 p.m. CON6413 - Oracle E-Business Suite Technology: Latest Features and Roadmap Lisa Parekh, Vice President, Oracle

Moscone West—3002

5:15 p.m. CON8138 - Testing Oracle E-Business Suite Best Practices Prasanti Madireddi, Senior Director, Oracle Jake Westphal, Senior IT Manager - Enterprise Applications, First American

Moscone West—3022

85


Related Sessions

Tuesday, October 27, 2015

11:00 a.m. GEN6409 - General Session: Oracle E-Business Suite Update, Strategy, and Roadmap Clifford Godwin, Senior Vice President, Oracle

Moscone West—2008

12:15 p.m. CON8128 - Installation, Cloning, and Configuration of Oracle E-Business Suite 12.2 Max Arderius, Senior Principal Product Manager, Oracle

Moscone West—3014

4:00 p.m. CON8133 - Online Patching with Oracle E-Business Suite 12.2 Kevin Hudson, Senior Director, Oracle

Moscone West—3022

5:15 p.m. CON8130 - Migrating and Managing Customizations for Oracle E-Business Suite 12.2 Santiago Bastidas, Senior Principal Product Manager, Oracle

Moscone West—3014

5:15 p.m. CON6410 - Oracle E-Business Suite: Mobile Update, Strategy, and Roadmap Jeanne Lowell, Vice President, EBS Product Strategy, Oracle

Moscone West—3022

86


Related Sessions

Wednesday, October 28, 2015

11:00 a.m. CON8132 - Oracle E-Business Suite Integration Best Practices Veshaal Singh, Vice President, Oracle

Moscone West—3004

11:00 a.m. CON8127 - Oracle Enterprise Manager 12c Cloud Control for Managing Oracle E-Business Suite 12.2 Angelo Rosado, Senior Principal Product Manager, Oracle

Moscone West—3022

12:15 p.m.

CON8142 - Customer Success Stories: Upgrading to Oracle E-Business Suite 12.2 Andrew McVeagh, Oracle CoE Leader, GE Transportation Terri Noyes, Senior Director, Oracle Musa Ramadhani, Lead Oracle Apps DBA, Gentex Corporation

Moscone West—3004

12:15 p.m. CON8135 - Getting Optimal Performance from Oracle E-Business Suite Samer Barakat, Director, Applications Performance, Oracle

Moscone West—3022

87


Related Sessions

Wednesday, October 28, 2015

1:45 p.m. CON8143 - Standards-Based Desktop Integration in Oracle E-Business Suite Padmaprabodh Ambale, Director, ATG Development, Oracle

Moscone West—3022

3:00 p.m. CON8134 - Maintenance Strategies for Oracle E-Business Suite Elke Phelps, Senior Principal Product Manager, Oracle

Moscone West—3022

4:15 p.m. CON8145 - Building, Deploying, and Managing Smartphone Apps for Oracle E-Business Suite Vijay Shanmugam, Director, Oracle

Moscone West—3004

88


Related Sessions

Thursday, October 29, 2015

10:45 a.m. CON8129 - Advanced Architectures for Oracle E-Business Suite Noby Joseph, Architect ATG Development, Oracle Elke Phelps, Senior Principal Product Manager, Oracle

Moscone West—3022

10:45 a.m.

CON8147 - Oracle E-Business Suite 12.2: Customer Panel Steven Chan, Senior Director, Oracle Ravi Ravikoti, Senior Manager, On Semiconductor Corporation Tom Robinette, Executive Director of Business Systems, Exterran Martha Wiegman, Senior Manager - Business Solutions at GE

Moscone West—3004

12:00 p.m. CON8131 - Enabling Oracle E-Business Suite for SOA, Cloud, and Mobile Rekha Ayothi, Principal Product Manager, Oracle

Moscone West—3004

12:00 p.m. CON8136 - Oracle E-Business Suite Technology Certification Primer and Roadmap Steven Chan, Senior Director, Oracle

Moscone West—3022

89


Related Sessions

Thursday, October 29, 2015

1:15 p.m.

CON8126 - Case Study: Oracle Application Management Suite for Oracle E-Business Suite Sue Gill, Senior Database Administrator, GE Corporate Angelo Rosado, Senior Principal Product Manager, Oracle

Moscone West—3004

1:15 p.m. CON8141 - Technical Upgrade Best Practices for Oracle E-Business Suite 12.2 Samer Barakat, Director, Applications Performance, Oracle Udayan Parvate, Senior Director, EBS Release Engineering, Oracle

Moscone West—3022

2:30 p.m. CON8137 - Managing Oracle E-Business Suite Auditing and Security Eric Bing, Senior Director, Oracle Elke Phelps, Senior Principal Product Manager, Oracle

Moscone West—3004

2:30 p.m. CON8144 - Personalize and Extend Oracle E-Business Suite for Desktops and Tablets Padmaprabodh Ambale, Director, ATG Development, Oracle

Moscone West—3022

90


Ordered by Theme

91


Related Sessions

Strategy & Roadmap

Monday Oct 26

4:00 p.m.

CON6413 - Oracle E-Business Suite Technology: Latest Features and Roadmap Lisa Parekh, Vice President, Oracle

Moscone West—3002

Tuesday Oct 27

11:00 a.m.

GEN6409 - General Session: Oracle E-Business Suite Update, Strategy, and Roadmap Clifford Godwin, Senior Vice President, Oracle

Moscone West—2008

Tuesday Oct 27

5:15 p.m.

CON6410 - Oracle E-Business Suite: Mobile Update, Strategy, and Roadmap Jeanne Lowell, Vice President, EBS Product Strategy, Oracle

Moscone West—3022

Thursday Oct 29

12:00 p.m.

CON8136 - Oracle E-Business Suite Technology Certification Primer and Roadmap Steven Chan, Senior Director, Oracle

Moscone West—3022

92


Related Sessions

Installation & Architecture

Tuesday Oct 27

12:15 p.m.

CON8128 - Installation, Cloning, and Configuration of Oracle E-Business Suite 12.2 Max Arderius, Senior Principal Product Manager, Oracle

Moscone West—3014

Thursday Oct 29

10:45 a.m.

CON8129 - Advanced Architectures for Oracle E-Business Suite Noby Joseph, Architect ATG Development, Oracle Elke Phelps, Senior Principal Product Manager, Oracle

Moscone West—3022

93


Related Sessions

12.2 Customer Panels

Wednesday Oct 28

12:15 p.m.

CON8142 - Customer Success Stories: Upgrading to Oracle E-Business Suite 12.2 Andrew McVeagh, Oracle CoE Leader, GE Transportation Terri Noyes, Senior Director, Oracle Musa Ramadhani, Lead Oracle Apps DBA, Gentex Corporation

Moscone West—3004

Thursday Oct 29

10:45 a.m.

CON8147 - Oracle E-Business Suite 12.2: Customer Panel Steven Chan, Senior Director, Oracle Ravi Ravikoti, Senior Manager, On Semiconductor Corporation Tom Robinette, Executive Director of Business Systems, Exterran Martha Wiegman, Senior Manager - Business Solutions at GE

Moscone West—3004

94


Related Sessions

Upgrade

Monday Oct 26

11:00 a.m.

CON8140 - Planning Your Upgrade to Oracle E-Business Suite 12.2 J. Anne Carlson, Senior Director, Product Strategy, Oracle E-Business Suite, Oracle

Moscone West—3022

Thursday Oct 29

1:15 p.m.

CON8141 - Technical Upgrade Best Practices for Oracle E-Business Suite 12.2 Samer Barakat, Director, Applications Performance, Oracle Udayan Parvate, Senior Director, EBS Release Engineering, Oracle

Moscone West—3022

95


Related Sessions

Patching

Tuesday Oct 27

4:00 p.m.

CON8133 - Online Patching with Oracle E-Business Suite 12.2 Kevin Hudson, Senior Director, Oracle

Moscone West—3022

Wednesday Oct 28

3:00 p.m.

CON8134 - Maintenance Strategies for Oracle E-Business Suite Elke Phelps, Senior Principal Product Manager, Oracle

Moscone West—3022

96


Related Sessions

Customizations

Tuesday Oct 27

5:15 p.m.

CON8130 - Migrating and Managing Customizations for Oracle E-Business Suite 12.2 Santiago Bastidas, Senior Principal Product Manager, Oracle

Moscone West—3014

97


Related Sessions

System Management

Wednesday Oct 28

11:00 a.m.

CON8127 - Oracle Enterprise Manager 12c Cloud Control for Managing Oracle E-Business Suite 12.2 Angelo Rosado, Senior Principal Product Manager, Oracle

Moscone West—3022

Thursday Oct 29

1:15 p.m.

CON8126 - Case Study: Oracle Application Management Suite for Oracle E-Business Suite Sue Gill, Senior Database Administrator, GE Corporate Angelo Rosado, Senior Principal Product Manager, Oracle

Moscone West—3004

98


Related Sessions

Testing

Monday Oct 26

5:15 p.m.

CON8138 - Testing Oracle E-Business Suite Best Practices Prasanti Madireddi, Senior Director, Oracle Jake Westphal, Senior IT Manager - Enterprise Applications, First American

Moscone West—3022

99


Related Sessions

Usability & Mobility

Monday Oct 26

2:45 p.m.

CON8146 - Simplified and Touch-Friendly User Interface in Oracle E-Business Suite Padmaprabodh Ambale, Director, ATG Development, Oracle

Moscone West—3024

Tuesday Oct 27

5:15 p.m.

CON6410 - Oracle E-Business Suite: Mobile Update, Strategy, and Roadmap Jeanne Lowell, Vice President, EBS Product Strategy, Oracle

Moscone West—3022

Wednesday Oct 28

4:15 p.m.

CON8145 - Building, Deploying, and Managing Smartphone Apps for Oracle E-Business Suite Vijay Shanmugam, Director, Oracle

Moscone West—3004

Thursday Oct 29

2:30 p.m.

CON8144 - Personalize and Extend Oracle E-Business Suite for Desktops and Tablets Padmaprabodh Ambale, Director, ATG Development, Oracle

Moscone West—3022

100


Related Sessions

Integration

Wednesday Oct 28

11:00 a.m.

CON8132 - Oracle E-Business Suite Integration Best Practices Veshaal Singh, Vice President, Oracle

Moscone West—3004

Thursday Oct 29

12:00 p.m.

CON8131 - Enabling Oracle E-Business Suite for SOA, Cloud, and Mobile Rekha Ayothi, Principal Product Manager, Oracle

Moscone West—3004

101


Related Sessions

Desktop Integration

Wednesday Oct 28

1:45 p.m.

CON8143 - Standards-Based Desktop Integration in Oracle E-Business Suite Padmaprabodh Ambale, Director, ATG Development, Oracle

Moscone West—3022

102


Related Sessions

Performance

Wednesday Oct 28

12:15 p.m.

CON8135 - Getting Optimal Performance from Oracle E-Business Suite Samer Barakat, Director, Applications Performance, Oracle

Moscone West—3022

103


Related Sessions

Security

Thursday Oct 29

2:30 p.m.

CON8137 - Managing Oracle E-Business Suite Auditing and Security Eric Bing, Senior Director, Oracle Elke Phelps, Senior Principal Product Manager, Oracle

Moscone West—3004

104


Meet the Experts, Demos

105


Meet the Experts – Technology Stack

106

• Max Arderius, Senior Principal Product Manager

• Samer Barakat, Director, Applications Performance

• George Buzsaki, VP, Application Architecture

• Steven Chan, Senior Director

• Kevin Hudson, Senior Director

• Lisa Parekh, Vice President

• Elke Phelps, Senior Principal Product Manager

• Veshaal Singh, Vice President MTE10252 – Monday, Oct 26, 2015 12:15 p.m.

Moscone West – 3001A


Meet the Experts – Upgrades Best Practices

107

• John Abraham, Director, Product Management

• Max Arderius, Senior Principal Product Manager

• Samer Barakat, Director, Applications Performance

• Nadia Bendjedou, Senior Director - Product Strategy

• George Buzsaki, VP, Application Architecture

• J. Anne Carlson, Senior Director, Product Strategy

• Kevin Hudson, Senior Director

• Udayan Parvate, Senior Director, EBS Release Engineering

• Elke Phelps, Senior Principal Product Manager

MTE10254 – Tuesday, Oct 27, 2015 5:15 p.m.



Meet the Experts – Extensions for Endeca

108

• Ahmed Ali, Software Development Director

• Anurag Malik, Director, Product Management

• Muhannad Obeidat, Senior Director, Development

MTE10255 – Monday, Oct 26, 2015 4:00 p.m.



Demos

109

• WUL-003– Advanced Architecture and Technology Stack for Oracle E-Business Suite

• WCL-014 - Advanced Architecture and Technology Stack for Oracle E-Business Suite

• WCL-002 - Automated Oracle E-Business Suite Tests Using Oracle Flow Builder

• WCL-015 - End-to-End Management of Oracle E-Business Suite

• WCL-016 - New User Interface Capabilities in Oracle E-Business Suite

• WCL-003 - Oracle E-Business Suite: Technical Upgrade Best Practices

Moscone West – Exhibition Hall Mon, Oct 26: 10:15 a.m. – 6:00 p.m. Tue, Oct 27: 10:15 a.m. – 6:00 p.m. Wed, Oct 28: 10:15 a.m. – 4:15 p.m.


Executive Keynote Cliff Godwin – Senior Vice President Applications Development, Oracle E-Business Suite

“GEN6409 - Oracle E-Business Suite: Update, Strategy and Roadmap”

In this session, hear from Oracle E-Business Suite General Manager Cliff Godwin as he delivers an update on the Oracle E-Business Suite product line. The session covers the value delivered by the current release of Oracle E-Business Suite applications, the momentum, and how Oracle E-Business Suite applications integrate into Oracle’s overall applications strategy. You will come away with an understanding of the value Oracle E-Business Suite applications deliver now and in the future.

110

Day: Tuesday, October 27, 2015 Time: 11:00 AM – 11:45 AM Location: Moscone West—2008