Mark Rittman, Technical Director, Rittman Mead OUG Ireland Conference, Dublin March 2013
T : +44 (0) 8446 697 995 E : enquiries@rittmanmead.com W: www.rittmanmead.com
Mark Rittman, Co-Founder of Rittman Mead Oracle ACE Director, specialising in Oracle BI&DW 14 Years Experience with Oracle Technology Regular columnist for Oracle Magazine Author of two Oracle Press Oracle BI books Oracle Business Intelligence Developers Guide Oracle Exalytics Revealed Writer for Rittman Mead Blog : http://www.rittmanmead.com/blog Email : mark.rittman@rittmanmead.com Twitter : @markrittman
Oracle BI and DW platinum partner World leading specialist partner for technical excellence, solutions delivery and innovation in Oracle BI Approximately 50 consultants worldwide All expert in Oracle BI and DW Offices in US (Atlanta), Europe, Australia and India Skills in broad range of supporting Oracle tools:
OBIEE OBIA ODIEE Essbase, Oracle OLAP GoldenGate Exadata Endeca
Oracles business intelligence platform, now at version 11.1.1.6.x Provides dashboards, reporting, ad-hoc analysis, KPIs, mapping and other visualizations Runs standalone, or embedded in applications, called from business processes Built around an enterprise semantic model Based on Siebel Analytics technology,
extended by Oracle since 1997
Oracle BI Applications
Packaged version of OBIEE that includes a data warehouse, and ETL mappings, from E-Business Suite, Siebel, SAP and Peoplesoft Covers areas such as Financial Analytics, HR Analytics, Sales Analytics etc Built on the same technology as OBIEE 11g, plus ETL and administration tools
Oracle complete set of middleware servers and technologies Based around Java, SOA, Oracle WebLogic Server and non-Java technologies Foundation for Oracles applications and platforms such as Oracle Fusion Applications
Larger, enterprise customers may have additional requirements beyond the basic install
Integrating with an external identity store such as Active Directory, and implementing single sign-on Making parts of the BI system available externally Configuring the BI system for high-availability and/or failover Integrating with external monitoring and diagnostic tools, or with Oracle Enterprise Manager The ability to manage an estate of BI systems from a central control panel, apply patching etc
OBIEE has a pluggable security system based around Oracle Fusion Middleware security Out of the box configuration stores users and groups in an embedded LDAP server Not designed for full production use, more to get started Usual strategy for enterprise customers is to connect OBIEE (via Fusion Middleware Security)
to a corporate LDAP server such as Microsoft Active Directory Oracle Internet Directory External directory can be in addition to the embedded LDAP server, or completely replace it Multiple directories can be connected to OBIEE + FMW for federated identity Often used in conjunction with SSO, SSL and other tools Oracle Access Manager Oracle Entitlements Server etc
T : +44 (0) 8446 697 995 E : enquiries@rittmanmead.com W: www.rittmanmead.com
Many Oracle and third-party security providers and directories are supported for OBIEE 11g
See System Requirements and Supported Platforms for Oracle BI EE 11g on OTN Note - not all directories supported by FMW11g are supported by OBIEE - check the list Recommended approach is to use WebLogic + OPSS to connect to the directory Init Blocks are deprecated and are a fall-back if WLS not possible - Unsupported directory - Requirement to support legacy ID management i.e. EBS Configured through WebLogic Administration Console, with AD & OID well documented
SSO and SSL are both configured through Enterprise Manager Fusion Middleware Control
Or can be scripted through WLST + Oracle BI Systems Management API A number of Oracle and third-party SSO systems are supported Configures the BI Presentation Server to accept pre-authorised creds. from the SSO provider
Most organizations deploy on their internal network, for internal users behind the firewall But some may wish to deploy OBIEE 11g for external users
Make the BI system available for internal users, but on the road (via Web, via VPN etc) Make parts of it available to customers, or other external users Embed parts of it in other applications, e.g. Oracle WebCenter Portal Provide access via Oracle BI Mobile using Apple iPads, iPhones Security has to be a consideration though, in these scenarios
When deploying OBIEE 11g content outside the organization, the key is to place all externally-facing
servers into firewall DMZs (firewall web tier, firewall app tier) Relies on adding an additional HTTP server (typically OHS, with WebGate and mod_wl_ohs) Typically deployed as a load-balancing pair (or more) with a hardware load balancer If HTTP server is then compromised (hacked) it doesnt provide access to data, other systems etc OBIEE components then optionally placed into a firewall App Tier Separates them from the databases Or can just be located in the regular internal network, with everything else
Oracle BI Mobile supports SSL for connections, VPN via IOS settings However some enterprises will still now allow applications such as these Need the applications to be sandboxed, secured separate from the mobile device Now supported with OBIEE 11.1.1.6.2 and the Oracle BI Mobile Security Toolkit
Sample code available on OTN for Apple iPad Lightweight SDK for integrating with MDM vendor of choice Prebuilt solutions from Good Technologies, Bitzer etc Makes it possible to deploy BI Mobile even with very strict mobile app security rules
Vertical scaleout (adding components to the existing server) for BI Server etc redundancy Horizontal scaleout to add additional servers to the WebLogic cluster (requires additional WLS EE license) Adding secondary BI Scheduler and BI Cluster Controller components Adding failover and filesystem clustering to protect WLS Administration Server and install/config files Can also extend to the underlying databases (repository schemas) Dataguard (log shipping) and RAC (more scale-out than HA, but can allow rolling DB patching) How much HA do you need though, what sort of trade-off?
Can protect by adding more components to the same server, or to a separate server (active/active failover) BI Scheduler and BI Cluster Controller components are active/passive, need to add secondary instances WebLogic managed servers can fail If horizontally scaled-out, WLS clustering should take care of the fail, restarting if possible Java components within a managed server can fail Again, WLS should take care of these WebLogic administration server can fail Users can still log in if LDAP virtualization enabled, as virtualization replicates LDAP entries to managed servers - may be enough service until Admin Server restored
Adds additional redundancy and failover for mission-critical BI systems Deploys HTTP servers in a DMZ for security Multiple redundant installs of WLS administration server WLS installation and configuration files on a cluster filesystem Use of VIPs, VHosts and other standard abstraction / virtualization techniques Ultimate in resilience, but complex to set up and
configure (though possible, and documented)
OBIEE 11g by default comes with two web-based consoles Oracle WebLogic Administration Console manages WebLogic, including the LDAP server and WLS servers Oracle Enterprise Manager Fusion Middleware Control manages Fusion Middleware, including
Oracle Business Intelligence 11g Some overlap in functionality Only manages a single BI domain No advanced alerting or other EM features
Oracle Enterprise Manager Cloud Control 12cR2 is the full deployment of EM Monitors databases, application servers, many other infrastructure components Plug-ins for non-Oracle tools Now supports OBIEE, Essbase and BI Apps through the BI Management Pack (extra license cost) Set alerts, monitor service levels, monitor usage tracking etc Perform wider WLS / FMW activities such as cloning domains, patching etc Also covers OBIA ETL elements, and
some Essbase metrics
Free and/or open-source tools such as Nagios can be configured to monitor OBIEE functions Enterprise monitoring tools such as those by BMC can parse OBIEEs ODL-format log files and raise alerts Other tools can monitor WebLogic servers, restart them if needed Open-format logs plus standard
hooks into WLS and OPMN functionality make most monitoring possible with a bit of work
More Information
Thank you for attending this presentation, and more information can be found at http://www.rittmanmead.com Contact us at info@rittmanmead.com or mark.rittman@rittmanmead.com Look out for our book, Oracle Business Intelligence Developers Guide out now! Follow-us on Twitter (@rittmanmead) or Facebook (facebook.com/rittmanmead)