Sunday, June 22, 2014

Engineered Systems VS. NIST Definition of Cloud Computing

According to the NIST,
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.(http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf)

In this blog, I will examine how each of the five essential characteristics defined by NIST (in bold/italics) applies to the engineered systems - Exalogic, Exadata, and Exalytics.

On-Demand Self-Service:  

A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.
This refers to the ability of cloud services consumers to configure and maintain the landscape presented to them. This allows for distributed administration capabilities. While the centralized team concentrates on managing the infrastructure tasks like initial setup, capacity planning and resource quota allocation, backup, disaster recovery, patching, libraries of Virtual Machine (VM) templates, middleware code, etc., the application-level administration is delegated to the consumers. They can create VMs from the template library and extend them according to their needs.

To enable the consumers to do this, several administration consoles are provided by the Cloud Infrastructure to allow for GUI, Command Line Interface (CLI) or scripted interaction with the system.

Oracle’s engineered systems provide the following self-service capabilities:
 •  Cloud admin account access
Enterprise Manager Operations Center (EMOC) access 
Virtual Data Center (vDC) Management tab with access to pre-built Virtual Machine templates for frequently used functions
Base VM templates to build upon
Command Line Interfaces (CLI and dCLI) access to most of these tasks for automation and one-touch unilateral provisioning

Broad Network Access:  

Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations).
Oracle’s engineered systems are generally used for private cloud offerings within secured corporate or public sector settings. Therefore, access to these is not required on a mobile device. The systems provide the access over SSL/SSH using the following: 

  • Browser-based interfaces (EMOC/VM Manager/ZFSManager)
  • CLI interface over SSH


Resource Pooling:  
The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage,  processing, memory, and network bandwidth.
This, I believe, is the most important characteristic of a cloud offering. With commodity servers running independently, we have seen that there is often a heterogeneous usage of resources. Most of the servers are underutilized while some can never have enough resources to service the load, creating a bottleneck referred to as 'underutilized server sprawl'. With an IaaS scenario, this can be fixed by dynamically rearranging the load on a particular resource. The engineered systems allow for resource quota for the users/accounts (Account Resource Limit).
  • Oracle Virtual Machine Server - Virtualizer
  • Virtual CPU/CPU oversubscription
  • Common memory pool
  • Common storage
  • Shared network access  

Rapid Elasticity: 

Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.
We currently follow these steps in order to change the memory, vCPU, and/or the Network resource allocation for an existing guest vServer (Reference - Exalogic: Changing the Memory, vCPU and Network Resources for an existing guest vServer (Doc ID 1586296.1)):
  1. Stop the vServer
  2. Create a template
  3. Create a vServer type with the required memory and vCPU resources
  4. Delete the old server
  5. Create a new vServer by using the template in step #2 and the vServer type created in step #3
I am hopeful that upcoming releases will make this process more streamlined and easier to manage.
Ideally, to ensure elasticity, the virtual servers should have memory, vCPU, network bandwidth, and storage quotas within a range. The servers should also have a priority definition which will help mitigate resource contention issue in case multiple vServers are trying. The vServer should be able to negotiate the resources based on its priority among other servers, the current load on the vServer, and the Virtual Server as a whole.
The disk space is shared among all the compute nodes and virtual machines.  Shares and projects can be created by the cloud admins to be mounted on the VMs. These shares can also be shared among multiple VMs.
Resource quotas are established at a cloud-account level. Any VM created within the account has access to the resources allocated to the account.
What’s missing?
  • Networking quota
  • Prioritization (if a resource is oversubscribed, which account/VM/process gets access to the resource if the physical limit is reached)
  • Time slot-based allocation   

Measured service:
Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.
Enterprise Manager 12c provides the capability to meter the usage and calculate chargeback of different resources (targets).  A universal charge plan contains rates for CPU, Memory and storage. Extended charge plans can be used across various target types. Details can be found in the OEM - Chargeback Administration.

What’s missing? 

  • This functionality is not available for Exalytics servers yet. However, in an OBIEE implementation, certain Usage Tracking reports can be configured to provide this functionality.

Tech Term of the Day 

NIST - National Institute of Standards and Technology


Sachin
Architect - Oracle Engineered Systems
Exalytics/Exalogic/Exadata
BuzzClan LLC

BuzzClan is a business consulting company collaborating to provide Oracle software advisory services & implementation services. BuzzClan LLC is committed to providing substantive business value on each and every client engagement. We do this through a combination of industry-specific business expertise, technical skills, proven project management methods and our “onsite - off site - offshore” delivery model. We strive to work in partnership with our customers to build high-performance teams and create business solutions that will last.

Tuesday, May 27, 2014

Certified - Exalytics In-Memory Machine X3-4 Implementation Essentials

Hurrey!!


Today I got the result of the Exam I gave back in Dec. 

I have cleared the "Exalytics In-Memory Machine X3-4 Implementation Essentials" exam!, earning a OPN Certified Specialist designation in this field.

Together with the  "Exalogic Elastic Cloud X2-2 Certified Implementation Specialist" certification, it helps me differentiate myself as a proven expert in the field of Oracle Engineered Systems implementations.

Getting ready to crack the Exadata certification next!

Sachin
Architect - Oracle Engineered Systems
Exalytics/Exalogic/Exadata
BuzzClan LLC

BuzzClan is a business consulting company collaborating to provide Oracle software advisory services & implementation services. BuzzClan LLC is committed to providing substantive business value on each and every client engagement. We do this through a combination of industry-specific business expertise, technical skills, proven project management methods and our “onsite - off site - offshore” delivery model. We strive to work in partnership with our customers to build high-performance teams and create business solutions that will last.

Friday, May 16, 2014

OBIEE - Multi-tenancy User Authentication and Authorization

To facilitate Multi-Tenancy in OBIEE, a few new roles have been introduced in OBIEE. A new layer has been added which allows for administration at a tenant level, and another one to define users/authors at the tenant.
  • BI Global Administrator
  • Tenant Administrator
  • Tenant User
Earlier posts in this series:
 OBIEE - Multi-Tenancy implementations - What is it
 OBIEE - Multi-Tenancy - Presentation Catalog

When OBIEE is configured for Multi-tenancy, there are two administration are available to configure the application. BI Global Administrator role (BIGlobalAdministrator) is used for overall global administration. This administrator controls privileges for all tenants and can access the Presentation Services Administration page, Oracle BI Administration Tool, Job Manager, Catalog Manager, and all content. This administrator is not associated with a specific tenant.

The new role, BITenantAdministrator have specific privileges that are granted in the Oracle BI Presentation Catalog for administering a tenant. Users in this role can perform. 

This role enables users to perform self-service administration tasks on one tenant. These administrators cannot access overall Presentation Services Administration page or the Privileges page. These administrators organize content for tenant users within the catalog by granting access to, creating, moving, and copying objects and folders.

Another User role, Tenant User, are equivalent to the BIAuthor and BIConsumer roles, but gives access to the artifacts within a particular tenant. 

Each Tenant in the system is assigned a GUID, and the users assigned to the tenant are also assigned GUID's to ensure that OBIEE sees them as distinct users and is shielded from name clashes and name changes. The user is based on the Tenant GUID. This GUID is also available as a session variable.

This way the user maintenance tasks are delegated to Administrators within each Tenant. Persons taking on this role should understand the OBIEE artifacts and the authorizations available 

Not all the features are Currently - multi-tenant - enabled. Here are a few:
  • Catalog groups
  • KPIs, scorecards, 
  • BI Mobile, 
  • BI Composer, 
  • Oracle BI for Microsoft Office, 
  • Act As functionality, 
  • Direct database requests.
  • Oracle RTD, BI Publisher, and Marketing Segmentation.
  • Full-text catalog search with Oracle SES and Oracle Endeca Server. The basic catalog search is available.
  • Oracle Essbase Components (including Financial Reporting, Calculation Manager, and Workspace).
These features are not available for BIGlobalAdminstrator for administration:
  • Oracle BI Administration Tool
  • Catalog Manager
  • Job Manager.
  • Usage tracking 
  • MapViewer
Other limitations:
  • Application Roles are defined system wide, and not tenant specific. Any roles defined will be available to all the tenants for selection through the dialogues.
  • There are no 'Tenant' Specific configurations in the instanceconfig.xml file. These changes include privileges in the catalog, skins, and front-end customization.

Multi-Tenancy is disabled by default. A few entries needs to be added to the configuration files and domain configuration files.

A detailed documentation can be found at: Configuring for Multiple Tenants


Sachin
Architect - Oracle Engineered Systems
Exalytics/Exalogic/Exadata
BuzzClan LLC

BuzzClan is a business consulting company collaborating to provide Oracle software advisory services & implementation services. BuzzClan LLC is committed to providing substantive business value on each and every client engagement. We do this through a combination of industry-specific business expertise, technical skills, proven project management methods and our “onsite - off site - offshore” delivery model. We strive to work in partnership with our customers to build high-performance teams and create business solutions that will last.

Friday, May 9, 2014

SSO - how does your Driver's License stand up to the challenge

As a frequent traveler, I can't imagine my life without one piece of plastic in my wallet- my Texas Driver's License.

On the day of travel, I use it to get past the airport security, get into my rental car, check into the hotel, get cash from my bank (I do not carry any debit cards as a safety measure), get past the paranoid girl at the check out counter who insist on seeing my id before she can swipe the credit card for that bottle of water, and prove that I am of legal drinking age as I sit down at the hotel bar after a long day.

In all of these transactions, I whip out my trusted Texas DL and authenticate myself as Mr. Sachin Jain. Some people look at the id, some run it under devices that pop up the various security features embedded within the card, and almost all of them look up to match the photo on the card with my face and confirm that I am who I am saying I am.

I was authenticated by the system using a token(my Texas Driver's License) issued by a central/trusted token provider (Texas Department of Motor Vehicles).

Once the authentication is done, my identification is confirmed. There is almost always a second piece of token which then authorizes my access to the service I am seeking- my boarding pass, notations on the boarding pass giving me premium access, TSA pre-check privileges, my reservation confirmation to a particular car for certain period of time, a hotel booking, my credit card, or my date of birth on the DL itself, .

Imagine if I had to carry a separate piece of identification for each of these interaction! My wallet would be bursting at the seams. I would have to go through the hassle of bringing the right id that will work for a particular encounter. i would have missed opportunities because I don't have  the ID for the most popular joint that yelp suggested, or for that hotel I bid for on Priceline as I am walking out of the office on Monday afternoon.

Driver License - SSO
Driver License - SSO

Similarly in computer security, SSO  is a way of authenticating a user based on a Central Directory. When a user requests access to a resource, a certain web site, their HR records, email, etc. the provider redirects the user to a login page hosted by the SSO authority which presents a challenge-response, mostly in the form of a id/password combination or additional mechanisms.  Once the user gets past this screen, the SSO authority confirms the user authentication and passes a token identifying the user to the servicing application. The application can then bounce this token against its provisioning store and give access to the user to the appropriate resources based on the authorization.

Several applications can subscribe to the SSO server, thus eliminating the need for the user to maintain multiple authentication tokens (id/password) to get access. Most of the time, if the user has already been authenticated once to an application, the SSO provider can leave a token on the browser session user tries to access another application with the same SSO provider, no log-in is necessary. This provides seamless access to multiple applications

This is a very simplistic, 10,000-mile high description of how an SSO echo-system works, I hope this helps you grasp the basic concept and find similarities/differences between a real-life and virtual SSO implementations.

Tech Term of the Day
SSO:- Single Sign On

Further Reading




Sachin
Architect - Oracle Engineered Systems
Exalytics/Exalogic/Exadata
BuzzClan LLC

BuzzClan is a business consulting company collaborating to provide Oracle software advisory services & implementation services. BuzzClan LLC is committed to providing substantive business value on each and every client engagement. We do this through a combination of industry-specific business expertise, technical skills, proven project management methods and our “onsite - off site - offshore” delivery model. We strive to work in partnership with our customers to build high-performance teams and create business solutions that will last.

Thursday, May 8, 2014

OBIEE - Multitenancy - Presentation Catalog

As discussed in the previous post, OBIEE: Multitenancy Implementations generally involve a varied user base with different needs from the underlying data warehouse. Furthermore, the users are also able to expand the presentation catalog on their own during the lifetime of this implementation.

So, ideally, the provider will present the users with a basic set of reports and dashboards which will be deemed universal for the subject areas being covered. These will be designed after consulting with various user groups from different target audience (tenant groups). The provider should also generate basic templates which can be extended for ad hoc analysis to ensure that the users are utilizing the power of the underlying BI platform.

As this blog is focused primarily around OBIEE and supporting Oracle echo system, I will say that this should be given to the users so they can benefit from the ad hoc capabilities provided by OBIEE. With proper training, the users can form a 'power user' group within their rank-and-file. These power users can create custom reports for specific tenants or groups within them. In addition, the provider can offer custom consulting for a fee and come up with reports and dashboards for specific tenants.

To summarize:
  • Global reports and dashboards for all
  • Global templates for everyone to use as the starting point for ad hoc analysis
  • Personal space for each users where they can save
    • frequently used ad-hoc analysis
    • work-in-progress before the artifacts are released for use with others within the tenancy
  • Directories for each tenant to share
    • Custom reports among themselves
    • Proof-of-concept reports for validation (access may be restricted to certain auditors only)
    • Custom development done by the provider - often for a fee - available only to users of the particular tenant. Artifacts from this section may eventually find its way into the global area, depending on popularity, maturity of the offering, etc.
Of course, all of these need to be properly secured. There will be sub-directories/sections which will have appropriate authorization considerations based on the user’s role within the tenancy.


Sachin
Architect - Oracle Engineered Systems
Exalytics/Exalogic/Exadata
BuzzClan LLC

BuzzClan is a business consulting company collaborating to provide Oracle software advisory services & implementation services. BuzzClan LLC is committed to providing substantive business value on each and every client engagement. We do this through a combination of industry-specific business expertise, technical skills, proven project management methods and our “onsite - off site - offshore” delivery model. We strive to work in partnership with our customers to build high-performance teams and create business solutions that will last.

Tuesday, May 6, 2014

OBIEE - Multi-Tenancy Implementations - What is it

What is a multi-tenancy:

Lets take a few use cases:

A large organization has multiple units, each maintaining a separate business application and underlying transactional database. Each one has a different user base, and security considerations when it comes to data access. Data can be collected in individual data marts and a BI solution can be built on top of these data marts. This way the different departments have independent control on the development, release and usage of these BI solutions. This is not an ideal solution, and eventually these data marts should be converged into a central data warehouse, but until than...

A product offering decides to offer a self service BI add-on. The product runs on a distributed database mode where each client has its own physical database/schema running off a common data model. This can be implemented two ways, one by bringing all the data into a central Data Warehouse, or by creating parallel data marts for each clients. In the second scenario, the BI implementation can have a common RPD and Presentation catalog, connecting to the individual data marts, with provision for custom reports in the catalog.

BI on the cloud. Many states are centralizing their IT functions into a 'technology' agency. The rule of thumb is that if any two or more agencies use a platform, that platform should be handed over to this central agency for hosting, management etc to conserve costs. In this scenario, the agency can host various BI servers and allow the agencies to buy time, space and bandwidth in these servers.

A large financial institution manages retirement and benefits plans for various companies. The data warehouse is central, but the BI dashboards are customized for each client. The security implementation is also different and there are various level of support and custom/self-service solutions that the clients can buy into. The clients can negotiate a different upgrade timeline for their dashboards which may result in different micro release cycles effecting development/testing and other SDLC lifecycle.

Each of these use cases presents a Multi-tenant implementation scenario. The site(s) needs to be envisioned, designed, developed, deployed and managed in sync with each other.

Oracle's OBIEE documentation defines 'Multitenancy' as:

Multitenancy refers to a principle in software architecture where a single installation of the software runs on one server or clustered servers, serving multiple client organizations. With a multitenant architecture, each client organization operates independently of other organizations that share the same infrastructure. Multitenancy offers the ability to host multiple companies (even competitors) in one deployment without them knowing of each other..


Issues: Code Management

One of the major issues comes wrt code management. To run a successful multi-tenant implementation, the central administration should be able to cope up with multiple release schedules, dependencies during the deployments and coordinating rollbacks and out of schedule/emergency deployment requests. 

One installation/implementation of an OBIEE server can only support one RPD - the model against which the users can create reports and dashboards. 

RPD is a piece of monolithic code, which is deployed as a single item. Internally for the ease of multi user development, the code can be structured as project. A project can be worked upon as a smaller rpd to shorten and simplify development effort and unit testing.

The RPD is a three layer model consisting of a physical,  business and presentation layer. A project consists of Presentation layer subset areas and their associated Business and physical layer. A project can be defined in a way that it serves a particular 'Tenant' in an implementation, thus isolating the deployable unit of code.
Ideally, multiple deployments will have common Dimension tables and some fact tables, and that can throw a spanner in this while design, but then that may also gravitate towards consolidating things into a single Data Warehouse. That is a topic for another blog.

That said, experience tells that RPD is still a monolithic piece of code when it comes to deployment, and on the other hand the presentation catalog is very fragmented. The deployable artifacts are
  • Folders
  • Reports
  • Prompts
  • Filters
  • Dashboards
  • Security
  • ...
With one deployable file for each of these and their corresponding security metadata. To add to the mix, the Presentation catalog has an organic growth pattern. Users can create new artifacts, and modify existing ones in production.

it is a challenge to simultaneously manage a deployment with two code units, one monolithic and the other fragmented.  

Next I will discuss the Presentation Catalog implementaion- OBIEE - Multi-Tenancy - Presentation Catalog


Sachin
Architect - Oracle Engineered Systems
Exalytics/Exalogic/Exadata
BuzzClan LLC

BuzzClan is a business consulting company collaborating to provide Oracle software advisory services & implementation services. BuzzClan LLC is committed to providing substantive business value on each and every client engagement. We do this through a combination of industry-specific business expertise, technical skills, proven project management methods and our “onsite - off site - offshore” delivery model. We strive to work in partnership with our customers to build high-performance teams and create business solutions that will last.

What Constitutes an Exalytics Implementation

This is part 2 of a series of articles discussing Exalytics components:
Part I - Exalytics In Memory - Software Features
After defining Exalytics In-Memory Software in a previous post, let's continue the discussion by identifying the Exalytics machine's hardware and software components.


Side-by-Side Comparison of the Various Exalytics Systems (i.e. X2-4, X3-4 and T5-8)?
Feature
Exalytics X2-4
Exalytics X3-4
Exalytics T5-8
Processors
4 Intel XEON E7-4870
40 Cores
4 Intel XEON E7-4800
40 Cores
8 SPARC T5
128 Cores
Dynamic Random-Access Memory
1 TB
2 TB *
4 TB
Hard Disk Drive
3.6 TB
5.4 TB *
7.2 TB
PCI Flash Storage
None
2.4 TB *
3.2 TB
Networking
40 Gbps InfinBand - 2 Ports
10 Gbps Ethernet - 2 Ports
8 GbpsFibre channel - 2 Ports
1 Gbps Ethernet - 4 Ports
40 Gbps InfinBand - 2 Ports
10 Gbps Ethernet - 2 Ports
8 GbpsFibre channel - 2 Ports
1 Gbps Ethernet - 4 Ports
40 Gbps InfinBand - 4 Ports
10 Gbps Ethernet - 4 Ports
8 GbpsFibre channel - 4 Ports
 *upgrade kits available for additional memory and flash storage

Software Certification Matrix: (Certification Matrix)


Exalytics X2-4
Exalytics X3-4
-OR- Exalytics X3-4 with Upgrade Kits

Exalytics T5-8
Server Operating System
Exalytics Base Image on Linux x86-64 1.0.0.6

Exalytics  -Oracle Solaris 11.1 SRU11.4 (64 bit)
OS Kernel Version
Exalytics  -Oracle Linux 5.8 (UL5)  with UEK
Linux Kernel Version Number:
2.6.32-400.11.1.el5uek

N/A
Exalytics Base Image for Oracle VM

2.0.1.3

N/A
Exalytics Base Image Kernel for OVM

 Oracle Linux UL5  with UEK - Oracle Linux Server release 5.6
Kernel 2.6.39-300.32.6.el5uek on an x86_64

N/A
 Exalytics Oracle VM Template (Guest)
2.0.1.3

N/A
 Exalytics Oracle VM Template (Guest) Kernel
 Oracle Linux UL5  with UEK - Oracle Linux Server release 5.6
Kernel 2.6.32-200.21.2.el5uek on an x86_64

N/A
BI Foundation
OBIEE 11.1.1.7.x,  
TimesTen 11.2.2.5.x, 11.2.2.6.x
Essbase 11.1.2.2.200+/11.1.2.3.001+


TimesTen
 TimesTen 11.2.2.5.x, 11.2.2.6.x


BI Application
11.1.1.7.1
7.9.6.3
7.9.6.4


EPM
11.1.2.2 or 11.1.2.3 (depends on module/component)


OVM Manager
3.2.4 (X2-4),  3.2..7(X3-4)


EM
Agent - 12.0.1.3+


Endeca
3.0/3.1



We can use Exalytics to perform the following:

1.       BI Apps Implementation: The Enterprise Data Warehouse connected to the ERP system in use (PeopleSoft, EBS, JDE, SAP, etc.). Oracle has pre-built analytics comprised of a DW Schema, ETL/ELT for bringing the data from the ERP Database to the Data warehouse, OBIEE Model (RPD), and the Reports and Dashboards.

2.       Custom BI Applications: Many organizations have custom BI implementations over their applications. This is comprised of a Data Warehouse/Data Mart, the ETL/ELT process, the OBIEE Model, and the Reports and Dashboards.

3.       EPM Implementation: Oracle's Financial Planning, Budgeting and Forecasting tool for the enterprise. This includes Essbase, OBIEE, and Hyperian Financials.


4.       Endeca
I will discuss the OBIEE/BI Apps (#1/#2) implementations in the next blog.


Sachin
Architect - Oracle Engineered Systems
Exalytics/Exalogic/Exadata
BuzzClan LLC

BuzzClan is a business consulting company collaborating to provide Oracle software advisory services & implementation services. BuzzClan LLC is committed to providing substantive business value on each and every client engagement. We do this through a combination of industry-specific business expertise, technical skills, proven project management methods and our “onsite - off site - offshore” delivery model. We strive to work in partnership with our customers to build high-performance teams and create business solutions that will last.