New On-Premise Essbase – Essbase 21c

  • Date: December 23, 2020
  • Article by: Jeff Henkel

This will be the first part in a series of blogs aimed at discussing both the new on premise Essbase 21c, and the 19c corollary available for installation in OCI via the Marketplace.

The new Essbase platform is available and with it comes a number of changes long discussed and anticipated.  For a complete listing of the differences between 11g and 19/21c, I’d recommend you look here.

Some high-level differences that are readily apparent are as follows:

  • Essbase is now relationally driven and uses the RCU for repository creation and configuration of metadata storage.
    • Note, this is metadata storage only.  Essbase Cubes and data are still stored in their Application Folder directories.  The RCU/relational storage is used to manage the content required for the Fusion stack and other metadata objects.
  • Essbase is now firmly tied to the Oracle Fusion Middleware stack, and can be deployed with WebLogic Server as the primary engine for both the end-user experience via the new Administrative Web Interface (or via EAS Lite) and also for security externalization.  The latter was a function previously performed by Shared Services.
  • In Essbase 21c only, failover is baked-in as part of the Oracle Middleware/Fusion stack and no longer uses OPMN
  • In Essbase 21c all data is encrypted in transit (though not necessarily at rest) using TLS 1.2.

The above are just a highlight of what these new versions offer.  It is my intent to discuss the Architecture of Essbase 12c/21c in the next article, and then to provide some highlights on Installation/Configuration.  Let me know if there’s interest in the community and I can also do a Webinar on installation, configuration and the challenges encountered therein.

Share me

Oracle Security Alert for CVE-2021-44228: Part Four

  • Date: Dec 16, 2021
  • Article by: Mike Turner
Read More

Oracle Security Alert for CVE-2021-44228: Part Three

  • Date: Dec 15, 2021
  • Article by: Jeff Henkel
Read More

Webinar Series – EPM Cloud Wars: AWS vs. OCI

  • Date: December 8, 2020
  • Article by: Elysha Daly
Please join us for the next session in our series of “EPM Cloud Wars” webinars in which we’ll discuss the latest trends in adoption of Oracle Hyperion EPM System deployments on the industry’s leading Cloud Infrastructure providers.

 During this informative session we will discuss and compare our own real world experiences with:
  • Technical update for the latest Oracle EPM release.
  • Installing and configuring the latest releases of Oracle Hyperion EPM System 11.2.x on Amazon Web Services and Oracle Cloud Infrastructure (OCI).
  • Leveraging the AWS and OCI cloud infrastructure provider’s native resources for your deployments.
  • Some technical and procedural gotchas we encountered during some of our recent builds on the IaaS platforms.
  • Comparing the cost of Amazon Web Services against deployments on Oracle Cloud Infrastructure (OCI).

Share me

Oracle Security Alert for CVE-2021-44228: Part Four

  • Date: Dec 16, 2021
  • Article by: Mike Turner
Read More

Oracle Security Alert for CVE-2021-44228: Part Three

  • Date: Dec 15, 2021
  • Article by: Jeff Henkel
Read More

October Patch Updates Breaks Shared Services. 11.1.2.4.x

  • Date: October 28, 2020
  • Article by: Jeff Henkel

Well it’s always fun with EPM, and October’s latest patch updates brings an issue with Shared Services.  If you apply the October updates, be aware that Shared Services will stop working in your EPM 11.1.2.4.x environment.  The following patch for oracle_common is needed to bring things back to working:  

Unable To Access Shared Service Console After Weblogic October Patch Is Applied Error “The required application module ‘cas.containers.tadpole’ is not configured” (Doc ID 2613736.1)

The cause of this issue is a change in the ODI logging parsing mechanism, as explained here:

This issue is only noticed on Oracle Fusion Middleware deployments where the underlying Oracle Diagnostic Logging (ODL) component is based on 11.1.1.7.

The ODL 11.1.1.7.0 LoggingConfigurationImpl method uses an older parsing mechanism when reading the logging.xml configuration file rather than the one used in the FMW 11.1.1.9 ODL implementation.

The WLS PSU aligns with the newer implementation.


The application of the patch should probably be done on all EPM servers in the environment, though technically only Foundation Services requires it.

Also, if you’re on the 11.2.x version, then this shouldn’t apply, since that code-line should already be using newer ODL code.

If you should have any questions or concerns with patching your EPM environment, let us know, we’re here to assist as always!

Share me

Oracle Security Alert for CVE-2021-44228: Part Four

  • Date: Dec 16, 2021
  • Article by: Mike Turner
Read More

Oracle Security Alert for CVE-2021-44228: Part Three

  • Date: Dec 15, 2021
  • Article by: Jeff Henkel
Read More

More Fun With Patching: Oracle Critical Patch Update for October 2020

  • Date: October 21, 2020
  • Article by: Jeff Henkel

It’s the end of another quarter, and with it comes Oracle’s latest security patch updates.  In particular, there appear to be a number of items for Hyperion in this month’s rendition.

Looking at the above, of particular concern is the Hyperion Essbase component which has an exploit with a base score of 9.8.  This signifies a risk to the server since it can be exploited fairly easily, based upon the attack complexity rating.  Digging further, the recommendation is to patch the Essbase side of the components to at least Essbase 11.1.2.4.040, and Essbase Administration Server to 11.1.2.4.037. 

The second item on the list UI and Visualization addresses an issue with the Workspace, and the recommended patch is 11.1.2.4.825.  

While the other items may be a concern, their lower scores make them less of an immediate issue for customers and can most likely be addressed at a later patching time. 

Of course an Oracle Security release wouldn’t be complete without WebLogic patching as well.  The current version has updates for both 11.1.2.x customers and 11.2.x customers.  In the case of 11.2.x customers this is the customary CPU patch for WebLogic, and for 11.1.2.x customers it is both a full WebLogic Server patch and a CPU patch.

As always, if you need assistance applying Oracle patching, let iArch Solutions assist, we’re here to help!

Share me

Oracle Security Alert for CVE-2021-44228: Part Four

  • Date: Dec 16, 2021
  • Article by: Mike Turner
Read More

Oracle Security Alert for CVE-2021-44228: Part Three

  • Date: Dec 15, 2021
  • Article by: Jeff Henkel
Read More

UAC Is a Luxury EPM Can’t Afford

  • Date: October 9, 2020
  • Article by: Jeff Henkel

There are times when the realities of product design meet the harsh world of security requirements.  This seems to happen more and more often, and one of the more glaring culprits is UAC.  

We here at iArch Solutions are great proponents of security, and take the role of securing environments very seriously.  We are also specialists in EPM and this product suite presents challenges with UAC.  One of those challanges is the pesky need to run a lot of processes with elevated security.  This is something that Microsoft’s UAC is designed to prevent.

So, what exactly is UAC?

UAC is an access control that aims to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorizes an increase or elevation. In this way, only applications trusted by the user may receive administrative privileges, and malware should be kept from compromising the operating system. In other words, a user account may have administrator privileges assigned to it, but applications that the user runs do not inherit those privileges unless they are approved beforehand or the user explicitly authorizes it.

Why, does EPM not like it?

Well, as noted in the definition above, the UAC code is designed to keep processes (and the service level accounts running them) from acting as administrators without confirmation.  For server-side software, perhaps running behind-the-scenes processes at 2 AM, this confirmation can be an issue.  Some of the items that UAC might flag are:

·         Running an Application as an Administrator

·         Changes to files in folders that standard users don’t have permissions for (such as %SystemRoot% or %ProgramFiles% in most cases)

·         Running Task Scheduler

·         Backing up and restoring folders and files

All of the above are components and/or items that EPM software frequently activate.  With the end result that Oracle has plastered their EPM documentation with explicit statements requiring that it be disabled:

In EPM 11.2.2, it is worded here:

In EPM 11.1.2.4, you can find it here, and here:

In both the of above instance, this verbiage is not limited to simply installing and configuring the code-line.  These are vendor stated requirements to ‘install, configure and run’ the EPM System products.

How does one disable it?

So, with the above stated, how does one disable it?  Oracle has been helpful in the EPM 11.1.2.4 install guide and offered directions here.  Those steps used to work pretty regularly in Windows Server 2008 R2, and sometimes in Windows Server 2012.

In newer versions, the above might not be enough.  You may also find a need to edit the registry at the following key by setting the EnableLUA value 0:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA

In closing, I feel I’d be remiss if I didn’t touch on the security ramifications of all of this.  Essentially, the UAC process is good security.  It is designed to prompt users (and this concept of user is important here) to confirm when changes to important system items are made.  This prevents things from happening to their PCs without their knowledge.  All client based operating systems do this…Mac, Windows, etc.  

The concept of UAC becomes more problematic in a server based architecture.  This is because most server based processes are not actively monitored, and administrators are not manning data centers, hands hovering over mouse buttons, ready to engage and resolve UAC prompts.

So, as architects we must understand that server-based architectures are different, and we are responsible for designing the surrounding security architecture (network, OS, physical, virus, malware, etc.) in such a fashion that UAC is a non-issue.  If there’s already a hacker in your datacenter, on your server, executing code, and UAC is your last line of defense…well, you’ve got bigger problems.

In the meantime, Oracle EPM doesn’t really care about your security stance around UAC.  It’s going to need to be turned off to work properly.

Share me

Oracle Security Alert for CVE-2021-44228: Part Four

  • Date: Dec 16, 2021
  • Article by: Mike Turner
Read More

Oracle Security Alert for CVE-2021-44228: Part Three

  • Date: Dec 15, 2021
  • Article by: Jeff Henkel
Read More

Oracle Cloud Infrastructure Foundations 2020 Certified Associate Issued to Joe Malewicki, Jr.

  • Date: July 7, 2020
  • Article by: Elysha Daly

iArch Solutions President, Joe Malewicki, Jr., has become an Oracle Cloud Infrastructure Foundations 2020 Certified Associate. This certification is given to individuals by Oracle with a knowledge of public cloud services provided by OCI. iArch Solutions is a leader in cloud services with expertise in Oracle Cloud Infrastructure, Azure and AWS cloud solutions. Contact us today to discuss your migration to cloud infrastructure.

Share me

Oracle Security Alert for CVE-2021-44228: Part Four

  • Date: Dec 16, 2021
  • Article by: Mike Turner
Read More

Oracle Security Alert for CVE-2021-44228: Part Three

  • Date: Dec 15, 2021
  • Article by: Jeff Henkel
Read More

Should you back up your EPM Development environment?

  • Date: May 8, 2020
  • Article by: Joe Malewicki

Taking regular backups of a Development Oracle EPM environment is a task many companies neglect to perform, yet is a critical step towards insuring the investment in time and money an EPM implementation requires. In a new Hyperion environment, we assume server and relational database backups are being taken, however we do find businesses in which Development servers are not regularly backed up, as they are deemed to be non-essential by the IT portion of the business. Failure of these servers would mean losing not just the Development data, but the Oracle EPM infrastructure would have to be re-built as well! At later stages of the Oracle EPM application creation and deployment process, the assumption that Development is not critical may be true – you have copies of applications, data and objects in Production, QA or Stage you may recover from. However, the early development stages of Oracle EPM applications can be the most costly in terms of consultant time and dollars. Perhaps Production is not yet built, or there may be a new application that is not yet ready for promotion to the Stage environment.  A loss of Development data in this case would mean a substantial set-back for the team. 

There will be two types of backups discussed in this article: external storage and local storage. External storage is defined as a backup that is taken by a 3rd party such as a NetBackup group, that is stored outside of the Oracle EPM server environment. Often, operating system backups are regularly scheduled but exclude the application disk drives. Generally, the Oracle EPM application/infrastructure groups are not in control of these backups directly, but may give directions regarding what to include and exclude from these regularly-scheduled backups.

Local storage is defined as those stored backups that the Oracle EPM application/infrastructure teams create themselves, and are normally located on one or more servers within the Oracle EPM environment. The Oracle EPM team is able to schedule or run these backups at will, and has control over what is backed up and where those backups will be moved to within the Oracle EPM server environment. These backups include exports of Reports, Level0 exports of Essbase, LCM extracts of security, among others. 

iArch Solutions strongly recommends both external and local storage backups be implemented in all environments, including the Development environment, as a critical safety net to keep your investment in Oracle EPM applications safe.

The most common backup sequence looks like this:

  1. Local storage backups are taken by the Hyperion apps/infrastructure team – Essbase Level0 backups are taken while the apps are running, and stored in another local folder. Essbase is then taken down and the remainder of the Essbase-specific files are copied to the same local folder as the Level0 backups. Essbase is then restarted.
  2. Essbase backup files are zipped and moved to a location on another server for safekeeping. This location may be in the same environment or in a different datacenter, depending on the needs of the business.
  3. A weekly full backup, or a daily incremental/differential backup is taken of the Essbase local backup directory, as well as the Essbase /app/epm/Oracle filesystem, with the exclusion of the Essbase /app and /bin directories.

After this procedure completes, there will be three locations from which to retrieve Essbase application backups (local storage, the remote server, and external storage) that are no older than 24 hours. With the current scripts we would have yesterday’s backup, as well as the backup taken the day before that. Should one need Essbase application files from a date prior to those stored by local storage backups, they are available via the external storage backups.

Share me

Oracle Security Alert for CVE-2021-44228: Part Four

  • Date: Dec 16, 2021
  • Article by: Mike Turner
Read More

Oracle Security Alert for CVE-2021-44228: Part Three

  • Date: Dec 15, 2021
  • Article by: Jeff Henkel
Read More

Free Critical Support Assistance for Oracle EPM/Hyperion

  • Date: April 7, 2020
  • Article by: Joe Malewicki

There are a lot of unknowns in the world right now. For most company’s day to day operations have completely changed and priorities have shifted. To help relieve some stress iArch Solutions would like to offer free* critical Production Support to any Oracle EPM/Hyperion companies in need during these uncertain times. 

Our experienced managed services practice is skilled at providing support services remotely. Obviously, we cannot anticipate demand, but we can guarantee we will assist as quickly as possible. As part of this support you can open a support ticket with iArch Solutions and our team of experts will assist with your production needs. 

Areas we specialize and can offer assistance in:

  • Infrastructure
    • SQL Server
    • AWS
    • OCI
    • Azure
  • Oracle Hyperion On Premise Applications
    • Essbase
    • Planning 
    • HFM 
    • FDMEE
    • DRM
  • Oracle EPM Cloud Applications
    • PBCS
    • FCCS
    • OAC

In these trying times we are all in this together as part of a global community. This is our way of letting you know that we at iArch are here for you. We look forward to hearing from you and seeing you on the other side. 

Contact us at 203.880.4268 x100 or email us at support@iarchsolutions.com

Looking for superb integrated IT support? Ready to accelerate to the cloud? iArch Solutions is ready to make the most of your existing systems and guide you into tomorrow’s infrastructure.

*Priority will be given to existing Managed Services and Production Support customers. We have 24×7 on-shore staff to assist on a first come, first serve basis. Any hands on/remote work will require an approved client employee to be present. All liability and risk to be assumed by the client requesting service and or assistance. Free support assistance program does not include any guaranteed SLA or resolution timeframe. Offer expires on June 30th, 2020.

Share me

Oracle Security Alert for CVE-2021-44228: Part Four

  • Date: Dec 16, 2021
  • Article by: Mike Turner
Read More

Oracle Security Alert for CVE-2021-44228: Part Three

  • Date: Dec 15, 2021
  • Article by: Jeff Henkel
Read More

EPM 11.2.1 Arrives

  • Date: April 6, 2020
  • Article by: Joe Malewicki

The new Oracle EPM 11.2 update has officially dropped and with it, a new support matrix.  The newest update, dubbed 11.2.1, covers support for some items that were points of concern for a lot of people in the initial December 2019 release.

Among the items addressed are:

  • Windows 2016 support is now included for the 11.2.1 update only 
  • Increased browser support: Microsoft Edge and Google Chrome are now supported

So, while it is good to see a patch/update already in the 11.2 code-line, the update still does not address a lot of ‘needs’ in the Oracle EPM suite.  The chief component lacking is support for a LINUX/UNIX OS and expanded SQL DB support.

Also, if this is your first time installing the suite, you may not even realize anything might have changed.  The online Oracle documentation references the following:

Note that files are listed on Oracle Software Delivery Cloud as 11.2.0.0.0 (for example Oracle Enterprise Performance Management System – Part 1 11.2.0.0.0) but the downloaded ZIP files contain Release 11.2.1 files.

So, nothing seems to have changed with the installation/configuration process, and the Oracle EPM suite now has some expanded coverage for Windows OS and end-user browser configuration. 

Watch here closely for anything else we find on the new version, and for those folks awaiting a new UNIX/LINUX release, sit tight.

Share me

Oracle Security Alert for CVE-2021-44228: Part Four

  • Date: Dec 16, 2021
  • Article by: Mike Turner
Read More

Oracle Security Alert for CVE-2021-44228: Part Three

  • Date: Dec 15, 2021
  • Article by: Jeff Henkel
Read More

Brad Spelman Joins iArch Solutions

  • Date: February 12, 2020
  • Article by: Elysha Daly

iArch Solutions is excited to welcome Brad Spelman as the newest member of the iArch Solutions team! Brad is an Indiana native that joins us with a strong background in Oracle EPM and Hyperion infrastructure. He began his career at UNISYS, where he specialized in UNIX Production Support. He then moved into consulting, focusing on installations, configurations and support for Oracle EPM and Hyperion. When away from the computer, you’ll find Brad working on his collection of antique arcade games.

Share me

Oracle Security Alert for CVE-2021-44228: Part Four

  • Date: Dec 16, 2021
  • Article by: Mike Turner
Read More

Oracle Security Alert for CVE-2021-44228: Part Three

  • Date: Dec 15, 2021
  • Article by: Jeff Henkel
Read More