Deploying OBIEE 11g in the Enterprise

Mark Rittman, Technical Director, Rittman Mead OUG Ireland Conference, Dublin March 2013
T : +44 (0) 8446 697 995 E : enquiries@rittmanmead.com W: www.rittmanmead.com

About the Speaker

Mark Rittman, Co-Founder of Rittman Mead Oracle ACE Director, specialising in Oracle BI&DW 14 Years Experience with Oracle Technology Regular columnist for Oracle Magazine Author of two Oracle Press Oracle BI books Oracle Business Intelligence Developers Guide Oracle Exalytics Revealed Writer for Rittman Mead Blog : http://www.rittmanmead.com/blog Email : mark.rittman@rittmanmead.com Twitter : @markrittman

T : +44 (0) 8446 697 995 E : enquiries@rittmanmead.com W: www.rittmanmead.com

About Rittman Mead

Oracle BI and DW platinum partner World leading specialist partner for technical excellence, solutions delivery and innovation in Oracle BI Approximately 50 consultants worldwide All expert in Oracle BI and DW Offices in US (Atlanta), Europe, Australia and India Skills in broad range of supporting Oracle tools:
OBIEE OBIA ODIEE Essbase, Oracle OLAP GoldenGate Exadata Endeca

T : +44 (0) 8446 697 995 E : enquiries@rittmanmead.com W: www.rittmanmead.com

Oracle Business Intelligence 11g

Oracles business intelligence platform, now at version 11.1.1.6.x Provides dashboards, reporting, ad-hoc analysis, KPIs, mapping and other visualizations Runs standalone, or embedded in applications, called from business processes Built around an enterprise semantic model Based on Siebel Analytics technology,
extended by Oracle since 1997

T : +44 (0) 8446 697 995 E : enquiries@rittmanmead.com W: www.rittmanmead.com

Oracle BI Applications

Packaged version of OBIEE that includes a data warehouse, and ETL mappings, from E-Business Suite, Siebel, SAP and Peoplesoft Covers areas such as Financial Analytics, HR Analytics, Sales Analytics etc Built on the same technology as OBIEE 11g, plus ETL and administration tools

T : +44 (0) 8446 697 995 E : enquiries@rittmanmead.com W: www.rittmanmead.com

Part of Oracle Fusion Middleware 11g

Oracle complete set of middleware servers and technologies Based around Java, SOA, Oracle WebLogic Server and non-Java technologies Foundation for Oracles applications and platforms such as Oracle Fusion Applications

T : +44 (0) 8446 697 995 E : enquiries@rittmanmead.com W: www.rittmanmead.com

Deploying OBIEE 11g in the Enterprise

Larger, enterprise customers may have additional requirements beyond the basic install
Integrating with an external identity store such as Active Directory, and implementing single sign-on Making parts of the BI system available externally Configuring the BI system for high-availability and/or failover Integrating with external monitoring and diagnostic tools, or with Oracle Enterprise Manager The ability to manage an estate of BI systems from a central control panel, apply patching etc

T : +44 (0) 8446 697 995 E : enquiries@rittmanmead.com W: www.rittmanmead.com

Integrating with External Identity Stores (OID, AD etc)

OBIEE has a pluggable security system based around Oracle Fusion Middleware security Out of the box configuration stores users and groups in an embedded LDAP server Not designed for full production use, more to get started Usual strategy for enterprise customers is to connect OBIEE (via Fusion Middleware Security)
to a corporate LDAP server such as Microsoft Active Directory Oracle Internet Directory External directory can be in addition to the embedded LDAP server, or completely replace it Multiple directories can be connected to OBIEE + FMW for federated identity Often used in conjunction with SSO, SSL and other tools Oracle Access Manager Oracle Entitlements Server etc
T : +44 (0) 8446 697 995 E : enquiries@rittmanmead.com W: www.rittmanmead.com

How Does OBIEE 11g Connect to Active Directory, OID etc?

Many Oracle and third-party security providers and directories are supported for OBIEE 11g
See System Requirements and Supported Platforms for Oracle BI EE 11g on OTN Note - not all directories supported by FMW11g are supported by OBIEE - check the list Recommended approach is to use WebLogic + OPSS to connect to the directory Init Blocks are deprecated and are a fall-back if WLS not possible - Unsupported directory - Requirement to support legacy ID management i.e. EBS Configured through WebLogic Administration Console, with AD & OID well documented

T : +44 (0) 8446 697 995 E : enquiries@rittmanmead.com W: www.rittmanmead.com

Configuring Single Sign-On and SSL for OBIEE 11g

SSO and SSL are both configured through Enterprise Manager Fusion Middleware Control
Or can be scripted through WLST + Oracle BI Systems Management API A number of Oracle and third-party SSO systems are supported Configures the BI Presentation Server to accept pre-authorised creds. from the SSO provider

T : +44 (0) 8446 697 995 E : enquiries@rittmanmead.com W: www.rittmanmead.com

Externalizing OBIEE 11g Content Outside the Organization

Most organizations deploy on their internal network, for internal users behind the firewall But some may wish to deploy OBIEE 11g for external users

Make the BI system available for internal users, but on the road (via Web, via VPN etc) Make parts of it available to customers, or other external users Embed parts of it in other applications, e.g. Oracle WebCenter Portal Provide access via Oracle BI Mobile using Apple iPads, iPhones Security has to be a consideration though, in these scenarios

T : +44 (0) 8446 697 995 E : enquiries@rittmanmead.com W: www.rittmanmead.com

Deploying Compromisable Web Components in the Firewall DMZ

When deploying OBIEE 11g content outside the organization, the key is to place all externally-facing
servers into firewall DMZs (firewall web tier, firewall app tier) Relies on adding an additional HTTP server (typically OHS, with WebGate and mod_wl_ohs) Typically deployed as a load-balancing pair (or more) with a hardware load balancer If HTTP server is then compromised (hacked) it doesnt provide access to data, other systems etc OBIEE components then optionally placed into a firewall App Tier Separates them from the databases Or can just be located in the regular internal network, with everything else

T : +44 (0) 8446 697 995 E : enquiries@rittmanmead.com W: www.rittmanmead.com

Securing Oracle BI Mobile

Oracle BI Mobile supports SSL for connections, VPN via IOS settings However some enterprises will still now allow applications such as these Need the applications to be sandboxed, secured separate from the mobile device Now supported with OBIEE 11.1.1.6.2 and the Oracle BI Mobile Security Toolkit
Sample code available on OTN for Apple iPad Lightweight SDK for integrating with MDM vendor of choice Prebuilt solutions from Good Technologies, Bitzer etc Makes it possible to deploy BI Mobile even with very strict mobile app security rules

T : +44 (0) 8446 697 995 E : enquiries@rittmanmead.com W: www.rittmanmead.com

Configuring OBIEE 11g for High-Availability and Failover

OBIEE 11g can be configured for HA and failover in several ways

Vertical scaleout (adding components to the existing server) for BI Server etc redundancy Horizontal scaleout to add additional servers to the WebLogic cluster (requires additional WLS EE license) Adding secondary BI Scheduler and BI Cluster Controller components Adding failover and filesystem clustering to protect WLS Administration Server and install/config files Can also extend to the underlying databases (repository schemas) Dataguard (log shipping) and RAC (more scale-out than HA, but can allow rolling DB patching) How much HA do you need though, what sort of trade-off?

T : +44 (0) 8446 697 995 E : enquiries@rittmanmead.com W: www.rittmanmead.com

What Can Go Wrong within an OBIEE 11g Infrastructure?

System components can fail on a single server

Can protect by adding more components to the same server, or to a separate server (active/active failover) BI Scheduler and BI Cluster Controller components are active/passive, need to add secondary instances WebLogic managed servers can fail If horizontally scaled-out, WLS clustering should take care of the fail, restarting if possible Java components within a managed server can fail Again, WLS should take care of these WebLogic administration server can fail Users can still log in if LDAP virtualization enabled, as virtualization replicates LDAP entries to managed servers - may be enough service until Admin Server restored

T : +44 (0) 8446 697 995 E : enquiries@rittmanmead.com W: www.rittmanmead.com

OBIEE 11g Enterprise Deployment Guide Infrastructure

Adds additional redundancy and failover for mission-critical BI systems Deploys HTTP servers in a DMZ for security Multiple redundant installs of WLS administration server WLS installation and configuration files on a cluster filesystem Use of VIPs, VHosts and other standard abstraction / virtualization techniques Ultimate in resilience, but complex to set up and
configure (though possible, and documented)

T : +44 (0) 8446 697 995 E : enquiries@rittmanmead.com W: www.rittmanmead.com

Monitoring and Systems Maintenance

OBIEE 11g by default comes with two web-based consoles Oracle WebLogic Administration Console manages WebLogic, including the LDAP server and WLS servers Oracle Enterprise Manager Fusion Middleware Control manages Fusion Middleware, including
Oracle Business Intelligence 11g Some overlap in functionality Only manages a single BI domain No advanced alerting or other EM features

T : +44 (0) 8446 697 995 E : enquiries@rittmanmead.com W: www.rittmanmead.com

Oracle Enterprise Manager Cloud Control 12cR2 BI Management Pack

Oracle Enterprise Manager Cloud Control 12cR2 is the full deployment of EM Monitors databases, application servers, many other infrastructure components Plug-ins for non-Oracle tools Now supports OBIEE, Essbase and BI Apps through the BI Management Pack (extra license cost) Set alerts, monitor service levels, monitor usage tracking etc Perform wider WLS / FMW activities such as cloning domains, patching etc Also covers OBIA ETL elements, and
some Essbase metrics

T : +44 (0) 8446 697 995 E : enquiries@rittmanmead.com W: www.rittmanmead.com

Open-Source / Home-Grown Solutions : Nagios

Free and/or open-source tools such as Nagios can be configured to monitor OBIEE functions Enterprise monitoring tools such as those by BMC can parse OBIEEs ODL-format log files and raise alerts Other tools can monitor WebLogic servers, restart them if needed Open-format logs plus standard
hooks into WLS and OPMN functionality make most monitoring possible with a bit of work

T : +44 (0) 8446 697 995 E : enquiries@rittmanmead.com W: www.rittmanmead.com

More Information

Thank you for attending this presentation, and more information can be found at http://www.rittmanmead.com Contact us at info@rittmanmead.com or mark.rittman@rittmanmead.com Look out for our book, Oracle Business Intelligence Developers Guide out now! Follow-us on Twitter (@rittmanmead) or Facebook (facebook.com/rittmanmead)

T : +44 (0) 8446 697 995 E : enquiries@rittmanmead.com W: www.rittmanmead.com

Deploying OBIEE 11g in the Enterprise

Mark Rittman, Technical Director, Rittman Mead OUG Ireland Conference, Dublin March 2013
T : +44 (0) 8446 697 995 E : enquiries@rittmanmead.com W: www.rittmanmead.com