This will be the first part in a series of blogs aimed at discussing both the new on premise Essbase 21c, and the 19c corollary available for installation in OCI via the Marketplace.
The new Essbase platform is available and with it comes a number of changes long discussed and anticipated. For a complete listing of the differences between 11g and 19/21c, I’d recommend you look here.
Some high-level differences that are readily apparent are as follows:
Essbase is now relationally driven and uses the RCU for repository creation and configuration of metadata storage.
Note, this is metadata storage only. Essbase Cubes and data are still stored in their Application Folder directories. The RCU/relational storage is used to manage the content required for the Fusion stack and other metadata objects.
Essbase is now firmly tied to the Oracle Fusion Middleware stack, and can be deployed with WebLogic Server as the primary engine for both the end-user experience via the new Administrative Web Interface (or via EAS Lite) and also for security externalization. The latter was a function previously performed by Shared Services.
In Essbase 21c only, failover is baked-in as part of the Oracle Middleware/Fusion stack and no longer uses OPMN
In Essbase 21c all data is encrypted in transit (though not necessarily at rest) using TLS 1.2.
The above are just a highlight of what these new versions offer. It is my intent to discuss the Architecture of Essbase 12c/21c in the next article, and then to provide some highlights on Installation/Configuration. Let me know if there’s interest in the community and I can also do a Webinar on installation, configuration and the challenges encountered therein.
Oracle Security Alert for CVE-2021-44228: Part Four
I would like to walk you through Enabling SSL in your EPM environment. This involves a number of steps. For this post we will focus on folder structure and generating a Certificate request (CSR). If possible please configure your new environment in a normal NON-SSL manner. Or if this is an existing environment, validate that all products are functioning as expected while not SSL enabled. This will reduce some headaches if you need to trouble shoot down the road. It will be good to know that the EPM products were functioning before you enabled SSL.
After validating EPM, the next course of action is to start by setting up your folder structure. The consistency of this folder structure will help to keep things straight in your head as you move forward.
In this example, Oracle has been installed on the F Drive. You will need to create the folder structure as seen below. CompanyName can be whatever your company name is or whatever you choose that works for you. We use “iArchSol” for the start of this folder structure. The next folder is self explanatory as an SSL location. As you will need to do this for all servers in your environment please use the server name that you are working on.
Under your ServerName folder please create 2 folders. The first is “Requested” and the second is “Signed.”
You will also need to create a location for your Certificate Authorities (CA). At the same level as your Server Name please create a folder called “CA” as seen below:
The next folder to create will be under your Oracle_Home. In this example the location is F:\oracle\Middleware\EPMSystem11R1. Please create a folder called “SSL.”
With your folder structure now in place the next step is to create a CACERTS Java KeyStore(JKS) and private server key. You will need to obtain the following information from your client’s network team. This is an example of the info needed.
CN=Servername (Fully Qualified)
With this information and our folder structure we will be able to create a CACERT Java KeyStore. Open an Administrative Command Prompt and enter the following command.
Please move your directory location to the F drive for this example.
Type: F: <Press enter>
Then move to F:\Oracle\Middleware\EPMSystem11R1\SSL.
Type: cd \Oracle\Middleware\EPMSystem11R1\SSL <Press enter>
This is not required for our command to work but is does help to keep things clear in your head.
Now we can run our command to create the CACERT Java KeyStore.
This output text will be created under your new folder structure F:\Oracle\Middleware\EPMSystem11R1\ssl\cacerts-output.txt based on the command you ran.
I have hidden some of the specific information here but the structure is the same. You should see the Alias name of your keystore “epm_ssl”. You should note that the Entry type should be “PrivateKeyEntry”. Also, your Certificate Owner and Issuer on lines 11 and 12 will be filled out.
Now that you have created your JKS using the client provided information you will be able to generate your Certificate signing request.
This command as shown will create a CSR and place it under F:\CompanyName\SSL\ServerName\Requested. It will be called as shown in the command above “FDQN servername.csr”. You would put in whatever the fully qualified domain name of the server you are working on instead of this example of “FDQN servername”. Please keep the “.csr”
The next step here is to send a copy of your newly generated CSR to the appropriate Certificate signing authority for your organization. Once they return the signed Certificate, you can look for my next blog about importing your Signed certificates and the steps involved.
Oracle Security Alert for CVE-2021-44228: Part Four
Blog > Webinar Series – EPM Cloud Wars: AWS vs. OCI
Date: December 8, 2020
Article by: Elysha Daly
Please join us for the next session in our series of “EPM Cloud Wars” webinars in which we’ll discuss the latest trends in adoption of Oracle Hyperion EPM System deployments on the industry’s leading Cloud Infrastructure providers.
During this informative session we will discuss and compare our own real world experiences with:
Technical update for the latest Oracle EPM release.
Installing and configuring the latest releases of Oracle Hyperion EPM System 11.2.x on Amazon Web Services and Oracle Cloud Infrastructure (OCI).
Leveraging the AWS and OCI cloud infrastructure provider’s native resources for your deployments.
Some technical and procedural gotchas we encountered during some of our recent builds on the IaaS platforms.
Comparing the cost of Amazon Web Services against deployments on Oracle Cloud Infrastructure (OCI).