Tuesday, May 27, 2014

Certified - Exalytics In-Memory Machine X3-4 Implementation Essentials

Hurrey!!


Today I got the result of the Exam I gave back in Dec. 

I have cleared the "Exalytics In-Memory Machine X3-4 Implementation Essentials" exam!, earning a OPN Certified Specialist designation in this field.

Together with the  "Exalogic Elastic Cloud X2-2 Certified Implementation Specialist" certification, it helps me differentiate myself as a proven expert in the field of Oracle Engineered Systems implementations.

Getting ready to crack the Exadata certification next!

Sachin
Architect - Oracle Engineered Systems
Exalytics/Exalogic/Exadata
BuzzClan LLC

BuzzClan is a business consulting company collaborating to provide Oracle software advisory services & implementation services. BuzzClan LLC is committed to providing substantive business value on each and every client engagement. We do this through a combination of industry-specific business expertise, technical skills, proven project management methods and our “onsite - off site - offshore” delivery model. We strive to work in partnership with our customers to build high-performance teams and create business solutions that will last.

Friday, May 16, 2014

OBIEE - Multi-tenancy User Authentication and Authorization

To facilitate Multi-Tenancy in OBIEE, a few new roles have been introduced in OBIEE. A new layer has been added which allows for administration at a tenant level, and another one to define users/authors at the tenant.
  • BI Global Administrator
  • Tenant Administrator
  • Tenant User
Earlier posts in this series:
 OBIEE - Multi-Tenancy implementations - What is it
 OBIEE - Multi-Tenancy - Presentation Catalog

When OBIEE is configured for Multi-tenancy, there are two administration are available to configure the application. BI Global Administrator role (BIGlobalAdministrator) is used for overall global administration. This administrator controls privileges for all tenants and can access the Presentation Services Administration page, Oracle BI Administration Tool, Job Manager, Catalog Manager, and all content. This administrator is not associated with a specific tenant.

The new role, BITenantAdministrator have specific privileges that are granted in the Oracle BI Presentation Catalog for administering a tenant. Users in this role can perform. 

This role enables users to perform self-service administration tasks on one tenant. These administrators cannot access overall Presentation Services Administration page or the Privileges page. These administrators organize content for tenant users within the catalog by granting access to, creating, moving, and copying objects and folders.

Another User role, Tenant User, are equivalent to the BIAuthor and BIConsumer roles, but gives access to the artifacts within a particular tenant. 

Each Tenant in the system is assigned a GUID, and the users assigned to the tenant are also assigned GUID's to ensure that OBIEE sees them as distinct users and is shielded from name clashes and name changes. The user is based on the Tenant GUID. This GUID is also available as a session variable.

This way the user maintenance tasks are delegated to Administrators within each Tenant. Persons taking on this role should understand the OBIEE artifacts and the authorizations available 

Not all the features are Currently - multi-tenant - enabled. Here are a few:
  • Catalog groups
  • KPIs, scorecards, 
  • BI Mobile, 
  • BI Composer, 
  • Oracle BI for Microsoft Office, 
  • Act As functionality, 
  • Direct database requests.
  • Oracle RTD, BI Publisher, and Marketing Segmentation.
  • Full-text catalog search with Oracle SES and Oracle Endeca Server. The basic catalog search is available.
  • Oracle Essbase Components (including Financial Reporting, Calculation Manager, and Workspace).
These features are not available for BIGlobalAdminstrator for administration:
  • Oracle BI Administration Tool
  • Catalog Manager
  • Job Manager.
  • Usage tracking 
  • MapViewer
Other limitations:
  • Application Roles are defined system wide, and not tenant specific. Any roles defined will be available to all the tenants for selection through the dialogues.
  • There are no 'Tenant' Specific configurations in the instanceconfig.xml file. These changes include privileges in the catalog, skins, and front-end customization.

Multi-Tenancy is disabled by default. A few entries needs to be added to the configuration files and domain configuration files.

A detailed documentation can be found at: Configuring for Multiple Tenants


Sachin
Architect - Oracle Engineered Systems
Exalytics/Exalogic/Exadata
BuzzClan LLC

BuzzClan is a business consulting company collaborating to provide Oracle software advisory services & implementation services. BuzzClan LLC is committed to providing substantive business value on each and every client engagement. We do this through a combination of industry-specific business expertise, technical skills, proven project management methods and our “onsite - off site - offshore” delivery model. We strive to work in partnership with our customers to build high-performance teams and create business solutions that will last.

Friday, May 9, 2014

SSO - how does your Driver's License stand up to the challenge

As a frequent traveler, I can't imagine my life without one piece of plastic in my wallet- my Texas Driver's License.

On the day of travel, I use it to get past the airport security, get into my rental car, check into the hotel, get cash from my bank (I do not carry any debit cards as a safety measure), get past the paranoid girl at the check out counter who insist on seeing my id before she can swipe the credit card for that bottle of water, and prove that I am of legal drinking age as I sit down at the hotel bar after a long day.

In all of these transactions, I whip out my trusted Texas DL and authenticate myself as Mr. Sachin Jain. Some people look at the id, some run it under devices that pop up the various security features embedded within the card, and almost all of them look up to match the photo on the card with my face and confirm that I am who I am saying I am.

I was authenticated by the system using a token(my Texas Driver's License) issued by a central/trusted token provider (Texas Department of Motor Vehicles).

Once the authentication is done, my identification is confirmed. There is almost always a second piece of token which then authorizes my access to the service I am seeking- my boarding pass, notations on the boarding pass giving me premium access, TSA pre-check privileges, my reservation confirmation to a particular car for certain period of time, a hotel booking, my credit card, or my date of birth on the DL itself, .

Imagine if I had to carry a separate piece of identification for each of these interaction! My wallet would be bursting at the seams. I would have to go through the hassle of bringing the right id that will work for a particular encounter. i would have missed opportunities because I don't have  the ID for the most popular joint that yelp suggested, or for that hotel I bid for on Priceline as I am walking out of the office on Monday afternoon.

Driver License - SSO
Driver License - SSO

Similarly in computer security, SSO  is a way of authenticating a user based on a Central Directory. When a user requests access to a resource, a certain web site, their HR records, email, etc. the provider redirects the user to a login page hosted by the SSO authority which presents a challenge-response, mostly in the form of a id/password combination or additional mechanisms.  Once the user gets past this screen, the SSO authority confirms the user authentication and passes a token identifying the user to the servicing application. The application can then bounce this token against its provisioning store and give access to the user to the appropriate resources based on the authorization.

Several applications can subscribe to the SSO server, thus eliminating the need for the user to maintain multiple authentication tokens (id/password) to get access. Most of the time, if the user has already been authenticated once to an application, the SSO provider can leave a token on the browser session user tries to access another application with the same SSO provider, no log-in is necessary. This provides seamless access to multiple applications

This is a very simplistic, 10,000-mile high description of how an SSO echo-system works, I hope this helps you grasp the basic concept and find similarities/differences between a real-life and virtual SSO implementations.

Tech Term of the Day
SSO:- Single Sign On

Further Reading




Sachin
Architect - Oracle Engineered Systems
Exalytics/Exalogic/Exadata
BuzzClan LLC

BuzzClan is a business consulting company collaborating to provide Oracle software advisory services & implementation services. BuzzClan LLC is committed to providing substantive business value on each and every client engagement. We do this through a combination of industry-specific business expertise, technical skills, proven project management methods and our “onsite - off site - offshore” delivery model. We strive to work in partnership with our customers to build high-performance teams and create business solutions that will last.

Thursday, May 8, 2014

OBIEE - Multitenancy - Presentation Catalog

As discussed in the previous post, OBIEE: Multitenancy Implementations generally involve a varied user base with different needs from the underlying data warehouse. Furthermore, the users are also able to expand the presentation catalog on their own during the lifetime of this implementation.

So, ideally, the provider will present the users with a basic set of reports and dashboards which will be deemed universal for the subject areas being covered. These will be designed after consulting with various user groups from different target audience (tenant groups). The provider should also generate basic templates which can be extended for ad hoc analysis to ensure that the users are utilizing the power of the underlying BI platform.

As this blog is focused primarily around OBIEE and supporting Oracle echo system, I will say that this should be given to the users so they can benefit from the ad hoc capabilities provided by OBIEE. With proper training, the users can form a 'power user' group within their rank-and-file. These power users can create custom reports for specific tenants or groups within them. In addition, the provider can offer custom consulting for a fee and come up with reports and dashboards for specific tenants.

To summarize:
  • Global reports and dashboards for all
  • Global templates for everyone to use as the starting point for ad hoc analysis
  • Personal space for each users where they can save
    • frequently used ad-hoc analysis
    • work-in-progress before the artifacts are released for use with others within the tenancy
  • Directories for each tenant to share
    • Custom reports among themselves
    • Proof-of-concept reports for validation (access may be restricted to certain auditors only)
    • Custom development done by the provider - often for a fee - available only to users of the particular tenant. Artifacts from this section may eventually find its way into the global area, depending on popularity, maturity of the offering, etc.
Of course, all of these need to be properly secured. There will be sub-directories/sections which will have appropriate authorization considerations based on the user’s role within the tenancy.


Sachin
Architect - Oracle Engineered Systems
Exalytics/Exalogic/Exadata
BuzzClan LLC

BuzzClan is a business consulting company collaborating to provide Oracle software advisory services & implementation services. BuzzClan LLC is committed to providing substantive business value on each and every client engagement. We do this through a combination of industry-specific business expertise, technical skills, proven project management methods and our “onsite - off site - offshore” delivery model. We strive to work in partnership with our customers to build high-performance teams and create business solutions that will last.

Tuesday, May 6, 2014

OBIEE - Multi-Tenancy Implementations - What is it

What is a multi-tenancy:

Lets take a few use cases:

A large organization has multiple units, each maintaining a separate business application and underlying transactional database. Each one has a different user base, and security considerations when it comes to data access. Data can be collected in individual data marts and a BI solution can be built on top of these data marts. This way the different departments have independent control on the development, release and usage of these BI solutions. This is not an ideal solution, and eventually these data marts should be converged into a central data warehouse, but until than...

A product offering decides to offer a self service BI add-on. The product runs on a distributed database mode where each client has its own physical database/schema running off a common data model. This can be implemented two ways, one by bringing all the data into a central Data Warehouse, or by creating parallel data marts for each clients. In the second scenario, the BI implementation can have a common RPD and Presentation catalog, connecting to the individual data marts, with provision for custom reports in the catalog.

BI on the cloud. Many states are centralizing their IT functions into a 'technology' agency. The rule of thumb is that if any two or more agencies use a platform, that platform should be handed over to this central agency for hosting, management etc to conserve costs. In this scenario, the agency can host various BI servers and allow the agencies to buy time, space and bandwidth in these servers.

A large financial institution manages retirement and benefits plans for various companies. The data warehouse is central, but the BI dashboards are customized for each client. The security implementation is also different and there are various level of support and custom/self-service solutions that the clients can buy into. The clients can negotiate a different upgrade timeline for their dashboards which may result in different micro release cycles effecting development/testing and other SDLC lifecycle.

Each of these use cases presents a Multi-tenant implementation scenario. The site(s) needs to be envisioned, designed, developed, deployed and managed in sync with each other.

Oracle's OBIEE documentation defines 'Multitenancy' as:

Multitenancy refers to a principle in software architecture where a single installation of the software runs on one server or clustered servers, serving multiple client organizations. With a multitenant architecture, each client organization operates independently of other organizations that share the same infrastructure. Multitenancy offers the ability to host multiple companies (even competitors) in one deployment without them knowing of each other..


Issues: Code Management

One of the major issues comes wrt code management. To run a successful multi-tenant implementation, the central administration should be able to cope up with multiple release schedules, dependencies during the deployments and coordinating rollbacks and out of schedule/emergency deployment requests. 

One installation/implementation of an OBIEE server can only support one RPD - the model against which the users can create reports and dashboards. 

RPD is a piece of monolithic code, which is deployed as a single item. Internally for the ease of multi user development, the code can be structured as project. A project can be worked upon as a smaller rpd to shorten and simplify development effort and unit testing.

The RPD is a three layer model consisting of a physical,  business and presentation layer. A project consists of Presentation layer subset areas and their associated Business and physical layer. A project can be defined in a way that it serves a particular 'Tenant' in an implementation, thus isolating the deployable unit of code.
Ideally, multiple deployments will have common Dimension tables and some fact tables, and that can throw a spanner in this while design, but then that may also gravitate towards consolidating things into a single Data Warehouse. That is a topic for another blog.

That said, experience tells that RPD is still a monolithic piece of code when it comes to deployment, and on the other hand the presentation catalog is very fragmented. The deployable artifacts are
  • Folders
  • Reports
  • Prompts
  • Filters
  • Dashboards
  • Security
  • ...
With one deployable file for each of these and their corresponding security metadata. To add to the mix, the Presentation catalog has an organic growth pattern. Users can create new artifacts, and modify existing ones in production.

it is a challenge to simultaneously manage a deployment with two code units, one monolithic and the other fragmented.  

Next I will discuss the Presentation Catalog implementaion- OBIEE - Multi-Tenancy - Presentation Catalog


Sachin
Architect - Oracle Engineered Systems
Exalytics/Exalogic/Exadata
BuzzClan LLC

BuzzClan is a business consulting company collaborating to provide Oracle software advisory services & implementation services. BuzzClan LLC is committed to providing substantive business value on each and every client engagement. We do this through a combination of industry-specific business expertise, technical skills, proven project management methods and our “onsite - off site - offshore” delivery model. We strive to work in partnership with our customers to build high-performance teams and create business solutions that will last.

What Constitutes an Exalytics Implementation

This is part 2 of a series of articles discussing Exalytics components:
Part I - Exalytics In Memory - Software Features
After defining Exalytics In-Memory Software in a previous post, let's continue the discussion by identifying the Exalytics machine's hardware and software components.


Side-by-Side Comparison of the Various Exalytics Systems (i.e. X2-4, X3-4 and T5-8)?
Feature
Exalytics X2-4
Exalytics X3-4
Exalytics T5-8
Processors
4 Intel XEON E7-4870
40 Cores
4 Intel XEON E7-4800
40 Cores
8 SPARC T5
128 Cores
Dynamic Random-Access Memory
1 TB
2 TB *
4 TB
Hard Disk Drive
3.6 TB
5.4 TB *
7.2 TB
PCI Flash Storage
None
2.4 TB *
3.2 TB
Networking
40 Gbps InfinBand - 2 Ports
10 Gbps Ethernet - 2 Ports
8 GbpsFibre channel - 2 Ports
1 Gbps Ethernet - 4 Ports
40 Gbps InfinBand - 2 Ports
10 Gbps Ethernet - 2 Ports
8 GbpsFibre channel - 2 Ports
1 Gbps Ethernet - 4 Ports
40 Gbps InfinBand - 4 Ports
10 Gbps Ethernet - 4 Ports
8 GbpsFibre channel - 4 Ports
 *upgrade kits available for additional memory and flash storage

Software Certification Matrix: (Certification Matrix)


Exalytics X2-4
Exalytics X3-4
-OR- Exalytics X3-4 with Upgrade Kits

Exalytics T5-8
Server Operating System
Exalytics Base Image on Linux x86-64 1.0.0.6

Exalytics  -Oracle Solaris 11.1 SRU11.4 (64 bit)
OS Kernel Version
Exalytics  -Oracle Linux 5.8 (UL5)  with UEK
Linux Kernel Version Number:
2.6.32-400.11.1.el5uek

N/A
Exalytics Base Image for Oracle VM

2.0.1.3

N/A
Exalytics Base Image Kernel for OVM

 Oracle Linux UL5  with UEK - Oracle Linux Server release 5.6
Kernel 2.6.39-300.32.6.el5uek on an x86_64

N/A
 Exalytics Oracle VM Template (Guest)
2.0.1.3

N/A
 Exalytics Oracle VM Template (Guest) Kernel
 Oracle Linux UL5  with UEK - Oracle Linux Server release 5.6
Kernel 2.6.32-200.21.2.el5uek on an x86_64

N/A
BI Foundation
OBIEE 11.1.1.7.x,  
TimesTen 11.2.2.5.x, 11.2.2.6.x
Essbase 11.1.2.2.200+/11.1.2.3.001+


TimesTen
 TimesTen 11.2.2.5.x, 11.2.2.6.x


BI Application
11.1.1.7.1
7.9.6.3
7.9.6.4


EPM
11.1.2.2 or 11.1.2.3 (depends on module/component)


OVM Manager
3.2.4 (X2-4),  3.2..7(X3-4)


EM
Agent - 12.0.1.3+


Endeca
3.0/3.1



We can use Exalytics to perform the following:

1.       BI Apps Implementation: The Enterprise Data Warehouse connected to the ERP system in use (PeopleSoft, EBS, JDE, SAP, etc.). Oracle has pre-built analytics comprised of a DW Schema, ETL/ELT for bringing the data from the ERP Database to the Data warehouse, OBIEE Model (RPD), and the Reports and Dashboards.

2.       Custom BI Applications: Many organizations have custom BI implementations over their applications. This is comprised of a Data Warehouse/Data Mart, the ETL/ELT process, the OBIEE Model, and the Reports and Dashboards.

3.       EPM Implementation: Oracle's Financial Planning, Budgeting and Forecasting tool for the enterprise. This includes Essbase, OBIEE, and Hyperian Financials.


4.       Endeca
I will discuss the OBIEE/BI Apps (#1/#2) implementations in the next blog.


Sachin
Architect - Oracle Engineered Systems
Exalytics/Exalogic/Exadata
BuzzClan LLC

BuzzClan is a business consulting company collaborating to provide Oracle software advisory services & implementation services. BuzzClan LLC is committed to providing substantive business value on each and every client engagement. We do this through a combination of industry-specific business expertise, technical skills, proven project management methods and our “onsite - off site - offshore” delivery model. We strive to work in partnership with our customers to build high-performance teams and create business solutions that will last.

What is Zero Trust Architecture?