Deploying OBIEE11g in the Enterprise (UKOUG 2012)

download Deploying OBIEE11g in the Enterprise (UKOUG 2012)

of 24

  • date post

  • Category


  • view

  • download


Embed Size (px)


In this presentation, we provide tips, techniques and guidance on how to integrate OBIEE 11g into your enterprise's security, application server, management and diagnostics arrangements, and how OBIEE should be deployed for high availability, resilience and easy backup/recovery/cloning in an enterprise environment.

Transcript of Deploying OBIEE11g in the Enterprise (UKOUG 2012)

  • 1. Deploying OBIEE 11g in the EnterpriseMark Rittman, Technical Director, Rittman MeadUKOUG Conference & Exhibition, Birmingham December 2012T : +44 (0) 8446 697 995 E : W:

2. About the Speaker Mark Rittman, Co-Founder of Rittman Mead Oracle ACE Director, specialising in Oracle BI&DW 14 Years Experience with Oracle Technology Regular columnist for Oracle Magazine Author of two Oracle Press Oracle BI books Oracle Business Intelligence Developers Guide Oracle Exalytics Revealed Writer for Rittman Mead Blog : Email : Twitter : @markrittman T : +44 (0) 8446 697 995 E : W: 3. About Rittman Mead Oracle BI and DW platinum partner World leading specialist partner for technical excellence, solutions delivery and innovation in Oracle BI Approximately 50 consultants worldwide All expert in Oracle BI and DW Offices in US (Atlanta), Europe, Australia and India Skills in broad range of supporting Oracle tools: OBIEE OBIA ODIEE Essbase, Oracle OLAP GoldenGate Exadata Endeca T : +44 (0) 8446 697 995 E : W: 4. Oracle Business Intelligence 11g Oracles business intelligence platform, now at version Provides dashboards, reporting, ad-hoc analysis,KPIs, mapping and other visualizations Runs standalone, or embedded inapplications, called from business processes Built around an enterprise semantic model Based on Siebel Analytics technology, extended by Oracle since 1997 T : +44 (0) 8446 697 995 E : W: 5. Oracle BI Applications Packaged version of OBIEE that includes a data warehouse, and ETL mappings,from E-Business Suite, Siebel, SAP and Peoplesoft Covers areas such as Financial Analytics, HR Analytics, Sales Analytics etc Built on the same technology as OBIEE 11g, plus ETL and administration tools T : +44 (0) 8446 697 995 E : W: 6. Basic OBIEE 11g Product Architecture (Single Node Enterprise Install) A single install is a called an Oracle BI Domain Made up of Java components hosted in a WebLogic domain,and Non-Java components in an Oracle Instance Initial install places all components on a single server,with the system managed by Enterprise Manager Users access the system via a web browser (thin-client) Developers access via a browser (EM) and viaWindows desktop tools (BI Administrator) Typically one BI domain for DEV, one for TEST, one for PROD etc Used in conjunction with a database (for repository schemas) T : +44 (0) 8446 697 995 E : W: 7. Part of Oracle Fusion Middleware 11g Oracle complete set of middleware servers and technologies Based around Java, SOA, Oracle WebLogic Server and non-Java technologies Foundation for Oracles applications and platforms such as Oracle Business Intelligence 11g T : +44 (0) 8446 697 995 E : W: 8. Deploying OBIEE 11g in the Enterprise Larger, enterprise customers may have additional requirements beyond the basic install Integrating with an external identity store such as Active Directory Implementing single sign-on, SSL or making parts of the BI system available externally Configuring the BI system for high-availability and/or failover Integrating with external monitoring and diagnostic tools, or with Oracle Enterprise Manager The ability to manage an estate of BI systems from a central control panel, apply patching etc They may also want to integrate BI with theirexisting engineered systems strategy T : +44 (0) 8446 697 995 E : W: 9. Integrating with External Identity Stores (OID, AD etc) OBIEE has a pluggable security system based around Oracle Fusion Middleware security Out of the box configuration stores users and groups in an embedded LDAP server Not designed for full production use, more to get started Usual strategy for enterprise customers is to connect OBIEE (via Fusion Middleware Security)to a corporate LDAP server such as Microsoft Active Directory Oracle Internet Directory External directory can be in addition to the embeddedLDAP server, or completely replace it Multiple directories can be connected to OBIEE + FMWfor federated identity Often used in conjunction with SSO, SSL and other tools Oracle Access Manager Oracle Entitlements Server etcT : +44 (0) 8446 697 995 E : W: 10. How Does OBIEE 11g Connect to Active Directory, OID etc? Many Oracle and third-party security providers and directories are supported for OBIEE 11g See System Requirements and Supported Platforms for Oracle BI EE 11g on OTN Note - not all directories supported by FMW11g are supported by OBIEE - check the list Recommended approach is to use WebLogic+ OPSS to connect to the directory Init Blocks are deprecated and are a fall-backif WLS not possible- Unsupported directory- Requirement to support legacyID management i.e. EBS Configured through WebLogic Administration Console,with AD & OID well documentedT : +44 (0) 8446 697 995 E : W: 11. Configuring Single Sign-On and SSL for OBIEE 11g SSO and SSL are both configured through Enterprise Manager Fusion Middleware Control Or can be scripted through WLST + Oracle BI Systems Management API A number of Oracle and third-party SSO systems are supported Configures the BI Presentation Server to accept pre-authorised creds. from the SSO provider T : +44 (0) 8446 697 995 E : W: 12. Externalizing OBIEE 11g Content Outside the Organization Most organizations deploy on their internal network, for internal users behind the firewall But some may wish to deploy OBIEE 11g for external users Make the BI system available for internal users, but on the road (via Web, via VPN etc) Make parts of it available to customers, or other external users Embed parts of it in other applications, e.g. Oracle WebCenter Portal Provide access via Oracle BI Mobile using Apple iPads, iPhones Security has to be a consideration though, in these scenariosT : +44 (0) 8446 697 995 E : W: 13. Deploying Compromisable Web Components in the Firewall DMZ When deploying OBIEE 11g content outside the organization, the key is to place all externally-facingservers into firewall DMZs (firewall web tier, firewall app tier) Relies on adding an additional HTTP server (typically OHS, with WebGate and mod_wl_ohs) Typically deployed as a load-balancing pair (or more) with a hardware load balancer If HTTP server is then compromised (hacked) it doesnt provide access to data, other systems etc OBIEE components then optionally placed intoa firewall App Tier Separates them from the databases Or can just be located in the regularinternal network, with everything elseT : +44 (0) 8446 697 995 E : W: 14. Securing Oracle BI Mobile Oracle BI Mobile supports SSL for connections, VPN via IOS settings However some enterprises will still now allow applications such as these Need the applications to be sandboxed, secured separate from the mobile device Now supported with OBIEE and the Oracle BI Mobile Security Toolkit Sample code available on OTN for Apple iPad Lightweight SDK for integrating with MDM vendor of choice Prebuilt solutions from Good Technologies, Bitzer etc Makes it possible to deploy BI Mobile even withvery strict mobile app security rulesT : +44 (0) 8446 697 995 E : W: 15. Configuring OBIEE 11g for High-Availability and Failover OBIEE 11g can be configured for HA and failover in several ways Vertical scaleout (adding components to the existing server) for BI Server etc redundancy Horizontal scaleout to add additional servers to theWebLogic cluster (requires additional WLS EE license) Adding secondary BI Scheduler andBI Cluster Controller components Adding failover and filesystem clustering toprotect WLS Administration Server and install/config files Can also extend to the underlyingdatabases (repository schemas) Dataguard (log shipping) and RAC(more scale-out than HA, but can allowrolling DB patching) How much HA do you need though, what sort of trade-off?T : +44 (0) 8446 697 995 E : W: 16. What Can Go Wrong within an OBIEE 11g Infrastructure? System components can fail on a single server Can protect by adding more components to the sameserver, or to a separate server (active/active failover) BI Scheduler and BI Cluster Controller componentsare active/passive, need to add secondary instances WebLogic managed servers can fail If horizontally scaled-out, WLS clustering shouldtake care of the fail, restarting if possible Java components within a managed server can fail Again, WLS should take care of these WebLogic administration server can fail Users can still log in if LDAP virtualization enabled,and an external LDAP provider is configuredT : +44 (0) 8446 697 995 E : W: 17. OBIEE 11g Enterprise Deployment Guide Infrastructure Adds additional redundancy and failover formission-critical BI systems Deploys HTTP servers in a DMZ for security Multiple redundant installs ofWLS administration server WLS installation and configuration fileson a cluster filesystem Use of VIPs, VHosts and other standardabstraction / virtualization techniques Ultimate in resilience, but complex to set up and configure (though possible, and documented) T : +44 (0) 8446 697 995 E : W: 18. Monitoring and Systems Maintenance OBIEE 11g by default comes with two web-based consoles Oracle WebLogic Administration Console manages WebLog