Thursday Oct 17, 2013

EPM Infrastructure Tuning Guide v11.1.2.2 / 11.1.2.3

Applies To: This edition applies to only 11.1.2.2, 11.1.2.3.

One of the most challenging aspects of performance tuning is knowing where to begin. To maximize Oracle EPM System performance, all components need to be monitored, analyzed, and tuned. This guide describe the techniques used to monitor performance and the techniques for optimizing the performance of EPM components.

TOP TUNING RECOMMENDATIONS FOR EPM SYSTEM:

Performance tuning Oracle Hyperion EPM system is a complex and iterative process. To get you started, we have created a list of recommendations to help you optimize your Oracle Hyperion EPM system performance.

This chapter includes the following sections that provide a quick start for performance tuning Oracle EPM products. Note these performance tuning techniques are applicable to nearly all Oracle EPM products such as Financial PM Applications, Essbase, Reporting and Foundation services.

1. Tune Operating Systems parameters.
2. Tune Oracle WebLogic Server (WLS) parameters.
3. Tune 64bit Java Virtual Machines (JVM).
4. Tune 32bit Java Virtual Machines (JVM).
5. Tune HTTP Server parameters.
6. Tune HTTP Server Compression / Caching.
7. Tune Oracle Database Parameters.
8. Tune Reporting And Analysis Framework (RAF) Services.
9. Tune Oracle ADF parameters.

Click to Download the EPM 11.1.2.3 Infrastructure Tuning Whitepaper (Right click or option-click the link and choose "Save As..." to download this pdf file)

Thursday Sep 26, 2013

EPM Client cert authentication

If you are planning to use client cert authentication against EPM (http://docs.oracle.com/cd/E17236_01/epm.1112/epm_security_11121/frameset.htm?ch02s13s04.html), there are a few additional elements to consider on top of the documentation[Read More]

Wednesday Dec 12, 2012

EPM 11.1.2.2 Architecture: Financial Performance Management Applications

This is the third post on Oracle EPM System Architecture. It will cover all Financial Performance Management Applications, namely Financial Management, Essbase Analytics Link, Planning, Profitability and Cost Management, Strategic Finance and Disclosure Management. Please be aware of the fact that I also updated the previous posts on Foundation and Reporting and Analysis based on the feedback I got so far.

[Read More]

Friday Nov 16, 2012

EPM 11.1.2.2 Architecture: Reporting and Analysis

This is a revised post on Reporting and Analysis. Beside the discussion of the Reporting and Analysis core component, which was part of the original post, the reporting tools WebAnalysis, Financial Reporting and Interactive Reporting, have been added to this article. 

[Read More]

Tuesday Nov 13, 2012

EPM 11.1.2.2 Architecture: Foundation

This post is the first of a series that is going to describe the EPM System architecture per component. During the following weeks a couple of follow up posts will describe each component. Shared Services, EPMA and Calculation Manager architecture are covered by this post.

[Read More]

Thursday May 17, 2012

EPM 11.1.2.2 - Enhance support for LDAP/MSAD connection timeouts

Applies to EPM 11.1.2.2 release.

  • Connection timeout (after inactivity in the system) by Firewall or Load Balancer in front of the LDAP/MSAD servers is handled better by recreating the master context every 15 minutes (as needed basis).
  • Can be tuned from the css.xml file by setting the parameter <masterContextTimeToLive>. Oracle recommends to set this value to slightly lower than the timeout on the Firewall or Load Balancer in front of the LDAP/MSAD servers.

Friday Mar 30, 2012

EPM 11.1.2 - EPM Infrastructure Tuning Guide v11.1.2.1

Applies To: This edition applies to only 11.1.2, 11.1.2 (PS1).

One of the most challenging aspects of performance tuning is knowing where to begin. To maximize Oracle EPM System performance, all components need to be monitored, analyzed, and tuned. This guide describe the techniques used to monitor performance and the techniques for optimizing the performance of EPM components.

TOP TUNING RECOMMENDATIONS FOR EPM SYSTEM:

Performance tuning Oracle Hyperion EPM system is a complex and iterative process. To get you started, we have created a list of recommendations to help you optimize your Oracle Hyperion EPM system performance.

This chapter includes the following sections that provide a quick start for performance tuning Oracle EPM products. Note these performance tuning techniques are applicable to nearly all Oracle EPM products such as Financial PM Applications, Essbase, Reporting and Foundation services.

1. Tune Operating Systems parameters.
2. Tune Oracle WebLogic Server (WLS) parameters.
3. Tune 64bit Java Virtual Machines (JVM).
4. Tune 32bit Java Virtual Machines (JVM).
5. Tune HTTP Server parameters.
6. Tune HTTP Server Compression / Caching.
7. Tune Oracle Database Parameters.
8. Tune Reporting And Analysis Framework (RAF) Services.

Click to Download the EPM 11.1.2.1 Infrastructure Tuning Whitepaper (Right click or option-click the link and choose "Save As..." to download this pdf file)


Wednesday Mar 28, 2012

EPM 11.1.1 - EPM Infrastructure Tuning Guide v11.1.1.3

This edition applies to EPM 9.3.1, 11.1.1.1, 11.1.1.2 & 11.1.1.3 only.

INTRODUCTION:One of the most challenging aspects of performance tuning is knowing where to begin. To maximize Oracle EPM System performance, all components need to be monitored, analyzed, and tuned. This guide describe the techniques used to monitor performance and the techniques for optimizing the performance of EPM components.

Click to Download the EPM 11.1.1.3 Infrastructure Tuning Whitepaper (Right click or option-click the link and choose "Save As..." to download this file)


Wednesday Mar 07, 2012

EPM 11.1.2 - Service unavailable errors using EPM System

Users experience intermittent Service Unavailable errors using different components of the Oracle EPM System. A blank page with the following error message shows up:

                The service is unavailable.

Reviewing the application specific log files and testing the WebLogic application servers in the back end does not show any issues. As the client can still connect to the web server and the Java Application Server is working fine in the back end, it is clear that there is some issue in between web and application server. To track this down, logging for the WebLogic web server plug-in needs to be enabled. Setting up logging depends on the web server, so we need to distinguish between Internet Information Services (IIS) and Oracle HTTP Server (OHS).

[Read More]

Wednesday Feb 22, 2012

EPM 11.1.2 - Setting the Dynamic Calc property in Planning when using ERPI

The current release of ERPI has a limitation when dimension hierarchies are pulled in from Oracle EBS.  This limitation hard codes the storage property as a stored member and prevents defining the storage property as dynamic calc.  Planning applications typically set the Account and Period dimensions as dense, and parent members are typically set as dynamic calc members to reduce the block size and improve overall performance.  Therefore, it is typically best practice to set all upper level dense members as dynamic calc.

Beginning with the 11.1.2.2 release, ERPI will be enhanced to allow member storage properties to be user defined.  For earlier releases, a workaround is available to prevent ERPI from setting member storage properties and use Planning to maintain the member storage properties instead.  The following is the trigger code for ERPI to enable this workaround:

CREATE OR REPLACE TRIGGER AIF_HS_DIM_HIER_PROP_INS

BEFORE INSERT ON AIF_HS_DIM_HIERARCHY FOR EACH ROW BEGIN

     :NEW.DATASTORAGE := NULL ;

END AIF_HS_DIM_HIER_PROP_INS ;

 

CREATE OR REPLACE TRIGGER AIF_HS_DIM_HIER_PROP_UPD

BEFORE UPDATE ON AIF_HS_DIM_HIERARCHY FOR EACH ROW BEGIN

     :NEW.DATASTORAGE := NULL ;

END AIF_HS_DIM_HIER_PROP_UPD ;

Monday Dec 05, 2011

EPM 11.1.2 - How-to monitor the EPM data source connections from WebLogic Server 10.3.x console

Monitor the EPM data source connections from Console (Deployments->Monitoring->JDBC) i.e. “Active Connections Count” and if “wait for connections” has a greater than 0 value then increase the pool size.

Wednesday Nov 30, 2011

EPM 11.1.2 - R&A DATABASE CONNECTIONS DISAPPEAR FROM THE "DATABASE CONNECTION MANAGER

When accessing the database connection panel through Reporting and Analysis all previously entered database connection do not appear.

[Read More]

Tuesday Jul 26, 2011

EPM 11.1.2 - Externalize EPM permissions to Oracle Entitlements Server / OES

Centralizing security administration is currently the grail of a number of large organizations. It encompasses topics like authentication, single sign on, role based access control, discretionary access control/access control lists, auditing, and so on.

EPM 11.1.2.1 provides centralization for all those aspects, apart from fine grained permissions on specific products artifacts.

The example below demonstrates how to leverage Oracle Entitlement Server to centralize and externalize specific EPM permissions. It is using Essbase filters as example.

Important note: this post does not cover the customization step by step. This is a general guideline, quite some work is required for an effective custom integration.


What is OES?

See http://www.oracle.com/technetwork/middleware/oes/overview/index.html

As a simplification for our example, OES is providing authorizations for any type of resource for a specific user/group, under a constraint.

OES overview

How can it be used with EPM, and specifically Essbase?

If you define an Essbase filter as an OES resource, both the permission on the filter, and the filter definition itself can be retrieved by Essbase through java code. The principle is to query OES at Essbase login time to get the filters, and then set the filters in Essbase dynamically.

Main steps:

- in OES admin ui: create an Essbase filter in OES resource hierarchy, as well as attribute "read", "write", "metaread", "none" matching Essbase filter definition

- in OES admin ui: create an action "GetEssbaseFilterForUser" in OES

- in OES admin ui: create the authorization policy for the filter for a specific user.

- Setup Essbase to use CSS authentication, and implement a custom authentication module.

- Configure OES  policy decision points

- In the CSS custom authentication module, add OES api code to query OES to get the filter granted to the user, as well as filter definition

- In the CSS custom authentication module, add the filter dynamically to Essbase through APS java api.

Setting the resources and authorizations in OES

An Essbase filter could look like this in OES 10g (same concept applies for OES 11g):

As part of a resource hierarchy, the filters are created below the App/cube:

OES resource hierarchy with Essbase filter

The resource attribute contains the filter definition:

OES resource attribute - key value pairs

You can set the authorization policy for this resource, for a given action/permission you have created ("GetEssbaseFilterForUser" for instance). Make sure you set the report_as entries in the constraints, this will allow OES to provide the resource attribute as part of the response to an authorization request;

OES constraint report_as to provide resource attribute

Note you can also add day and time constraints, ldap attributes constraints and other dynamic ones. This is very interesting for generation and granting of filters based on dynamic attributes.

Retrieving the permissions and resources in Essbase

Essbase can rely on CSS custom authentication module to defer authentication to your custom java code. In this code, you can call OES to authenticate user, as well as retrieve permissions.

Custom authentication whitepaper available here: http://www.oracle.com/technetwork/middleware/bi-foundation/epm-custom-authentication-wp-129437.pdf

OES api to retrieve the list of granted resources (the filter assigned to user/group)

 Create an oesess.properties containing your oes action and other properties:

RootResource=Essbase-Cluster1
ListFiltersAction=GetEssbaseFilterForUser
Server=youressbaseserver
App=Demo
Cube=Basic
Techuser=anadminuser     (this user is updating the security filter in Essbase after user has logged in)
Techpass=anadminpassword  


// For OES authentication code, please see OES java ssm samples

                    // you can reuse part of the samples provided in /Oracle/Middleware/ales32-ssm/java-ssm/examples/QueryResources in OES 10g

          // Authentication complete - now call isAccessAllowed() (for query access and query resources)

            HashMapContext appContext = new HashMapContext();
            //request query resources
            AppContextElement qrElement = new SimpleContextElement(ASI_NAMESPACE_AUTHORIZATION, ASI_UNQUALIFIED_QUERY_RESOURCES, "");
            appContext.addElement(qrElement);
            //request response contexts
            AppContextElement collectorElement =SimpleResponseContextCollector.makeContextElement();
            appContext.addElement(collectorElement);
            SimpleResponseContextCollector collector =(SimpleResponseContextCollector) collectorElement.getValue();

              collector.clear();           
              ResourceBundle oesres = ResourceBundle.getBundle("oesess");
              String clippingResource= oesres.getString("RootResource");
              RuntimeResource resource = new RuntimeResource(clippingResource, "exampleResource");
              String actionStr= oesres.getString("ListFiltersAction");
              RuntimeAction action = new RuntimeAction(actionStr, "exampleAction");              
              AccessResult accessResult = null;
              try {
                accessResult = atzSvc.isAccessAllowed(ident,
                  resource,
                  action,
                  appContext,
                  AuthorizationService.ONCE);

                AppContext responseContext = collector.getMergedContexts();
                Collection gvalues=null;
                // Get all the granted resources
                AppContextElement granted = responseContext.getElement(ASI_QUERY_RESOURCE_GRANTED);
                if (granted != null && granted.getValue() != null) {
                 gvalues = (Collection) granted.getValue();

                 System.out.println("Granted filters are: ");
                  for (Iterator i = gvalues.iterator(); i.hasNext();) {
                    System.out.println("\t" + i.next());
                  }
                }
                else {
                  System.out.println("No Granted filters.");
                }


                for(Iterator i = gvalues.iterator(); i.hasNext();) {

                        String filter=(String) i.next();
                        int ifil=filter.lastIndexOf(clippingResource);
                        String shortfilter=filter.substring(ifil);

                        System.out.println("Querying attributes for filter:"+shortfilter);
                        RuntimeResource filterres=new RuntimeResource(shortfilter,"exampleResource");
                        //check access t  resource directly
                         appContext = new HashMapContext();
                        String appAttrName  = actionStr;

                         AppContextElement transContext = new SimpleContextElement(appAttrName, "");
                        appContext.addElement(transContext);
                        EssFilter essf=null;
                        String[] fnametoks = shortfilter.toString().split("/");
                        shortfilter=fnametoks[fnametoks.length-1];
                        essf = getFilterFromResourceAttr(atzSvc, ident,filterres,shortfilter, action, appContext);


                         if (essf != null) {
                            String app=oesres.getString("App");
                            String cube=oesres.getString("Cube");
                            String read=essf.getRead();
                            String write=essf.getWrite();
                            String metaread=essf.getMetaRead();
                            String none=essf.getNone();
                            //create essbase filter

                            boolean ess=false;
                            String[] tokens = ident.toString().split(",");

                            String username=tokens[1];
                            username=username.substring(1,username.length()-1);
                            ess=essCreateFilter(username,shortfilter, app, cube, read, write, metaread, none);
                     }

                } //end iterating over granted filters

OES api to retrieve the attributes of the resource (the filter definition):

static EssFilter getFilterFromResourceAttr(AuthorizationService atzSvc, AuthenticIdentity ident,RuntimeResource resource,
    String filter, RuntimeAction action, HashMapContext appContext) {

       EssFilter essfilter=new EssFilter();   
       ExtendedAccessResult accessResult = null;

       try {
         AppContextElement collectorElement = SimpleResponseContextCollector.makeContextElement();
         appContext.addElement(collectorElement); 
         SimpleResponseContextCollector collector = (SimpleResponseContextCollector) collectorElement.getValue();

         // request response contexts

         ResourceAction ra=new ResourceAction(resource,action);
         accessResult = atzSvc.isAccessAllowed(
             ident,
             ra,
             appContext,
             true);

        List arlist=accessResult.getResponses();
        for (Iterator it=arlist.iterator(); it.hasNext();) {
           SimpleContextElement sce = (SimpleContextElement)it.next();
           String scename=sce.getName();
           String scevalue=sce.getValue().toString();

           scevalue=scevalue.substring(1,scevalue.length()-1);
            System.out.println(scename+":"+scevalue);

           if (scename.equals("Read")) essfilter.setRead(scevalue);
           if (scename.equals("MetaRead")) essfilter.setMetaRead(scevalue);
           if (scename.equals("None")) essfilter.setNone(scevalue);
           if (scename.equals("Write")) essfilter.setWrite(scevalue);
        }
        collector.clear();

       } catch (Exception e) {
         System.out.println(e.getLocalizedMessage());
       }

       return essfilter;
     }
}

static class EssFilter {
            private String read="";
            private String write="";
            private String metaread="";
            private String none="";

            String getRead() {
            return read;
            }
            String getWrite() {
            return write;
            }
            String getNone() {
            return none;
            }
            String getMetaRead() {
            return metaread;
            }
            boolean setRead(String readfilter) {
            read=readfilter;
            return true;
            }
            boolean setWrite(String writefilter) {
            write=writefilter;
            return true;
            }
            boolean setNone(String nonefilter) {
            none=nonefilter;
            return true;
            }
            boolean setMetaRead(String metareadfilter) {
            metaread=metareadfilter;
            return true;
            }
    }

Applying the permissions in Essbase

Use APS java api to set the filter on the fly. An api is provided with APS:

 

IEssCube.IEssSecurityFilter setSecurityFilter(java.lang.String filterName,boolean Active,IEssCube.EEssCubeAccess Access) throws com.essbase.api.base.EssException

Creates or replaces a filter, and starts setting the contents of the filter. If the filter does not already exist, it will first be created by this call. This call must be followed by successive calls to IEssCube.IEssSecurityFilter.setFilterRow() to set all the rows for the filter. To avoid overwriting a filter that already exists, use IEssCube.createSecurityFilter. IEssCube.createSecurityFilter creates only a uniquely named filter for a particular database, but will not overwrite an existing filter of the same name on the same database.

Here is the code example.

    static boolean essCreateFilter(String ident,String filtername,String app,String cube,String read,String write,String metaread,String none) {

            ResourceBundle oesres = ResourceBundle.getBundle("oesess");
            String techuser=oesres.getString("Techuser");
            String techpassword=oesres.getString("Techpass");
            String esssrv=oesres.getString("Server");
            String provider="Embedded";

            IEssbase ess = null;
            try {
            ess=IEssbase.Home.create(IEssbase.JAPI_VERSION);
            IEssDomain dom = ess.signOn(techuser, techpassword, false, null,provider);
            if( dom==null) System.out.println("signon failed");

            IEssOlapServer olapSvr=null;
            if (dom !=null) {
             olapSvr = dom.getOlapServer(esssrv);
            }
            olapSvr.connect();

            IEssOlapApplication essapp = olapSvr.getApplication(app);
            IEssCube esscube = essapp.getCube(cube);
            IEssCube.IEssSecurityFilter filter1=null;
            System.out.println("Creating or updating sec filter with japi:"+filtername);
            filter1=  esscube.setSecurityFilter(filtername,true,IEssCube.EEssCubeAccess.READ_WRITE_CUBE_DATA);

            if(filter1!=null && read!=null && !("".equals(read))) {
                System.out.println("Setting filter rows: read:"+read);
                filter1.setFilterRow(read, (short)EssGlobalStrings.ESS_ACCESS_READ);
//do the same for other write, none metaread        
            }
            filter1.setFilterRow("",(short)0);

            //adding group access for user
            esscube.setUserOrGroupAccess(ident, IEssCube.EEssCubeAccess.FILTER_ACCESS);

            } catch (EssException err) {
                System.err.println("Error: " + err.getMessage());
            } finally {
                // Sign off
                try {
                    if (ess != null && ess.isSignedOn() == true)
                        ess.signOff();
                } catch (EssException x) {
                    System.err.println("Error: " + x.getMessage());
                }
            }
    return true;
    }


Results

Granted filter retrieval

Friday Jul 01, 2011

EPM 11.1.2 - In Foundation Services, binder exception causing login and lockout issues with MSAD provider

Possible symptoms and errors:

  1. EPMCSS-00301: FAILED TO AUTHENICATE USER INVALID CREDENTIALS error thrown upon login into workspace even with correct credentials
  2. MSAD account gets locked after successive login failure attempts
  3. Unable to login with native "admin" and MSAD admin user

SharedServices_Security.log file shows the following,

[FoundationServices0] [ERROR] [EPMCSS-07047] [oracle.EPMCSS.CSS] [tid: 18] [userId: <anonymous>] [ecid: 0000J2MAfXF6QPP6yf7i6G1DyLC900000p,0] [SRC_CLASS: com.hyperion.css.spi.util.jndi.pool.JNDIConnectionPool] [APP: WORKSPACE#11.1.2.0] [SRC_METHOD: init] Failed to get connection [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 775, v1db0] from connection pool for user directory <directory_name>. Error executing query. {2}. Verify user directory configuration.

Causes:

AcceptSecurityContext error, data 775, v1db0” means the bind userid or the bind password for MSAD is not set correctly. This could be the reason that the account is getting locked out. The MSAD provider code is trying to initialize the msad provider with the provided user/password. After three attempts of a bad login, MSAD locks out the account.

If “admin” user is not able to login, that could be because there could be duplicate “admin” user both in MSAD and Native Directory. First it goes to MSAD and authentication fails as it is not able to get the JDNI connection and then it goes to Native Directory. It fails with Native Directory because of password mismatch.

Solution:

  1. validate the MSAD bind userid and password in the MSAD configuration screen in HSS.
  2. change the password for MSAD provider and restart foundation services
  3. By: Ruben V



About

A blog focused on Tips & Tricks about Oracle Business Intelligence (OBI), Oracle Exalytics and Oracle Enterprise Performance Management (EPM) products.
[Blog Admin: ahmed awan]

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
24
25
26
27
28
29
30
   
       
Today