Showing posts with label Architecture. Show all posts
Showing posts with label Architecture. Show all posts

Sunday, 20 September 2015

OBIEE 11g Architecture & Security

OBIEE 11g Architecture & Security
2.JPG
Domains in OBIEE
  • Web Logic Server Domain
      J2EE App Server used across the board for all 11g BI applications
      Contains :
       Managed Server : Set of J2EE Applications used for “functioning” the BIEE system
     Admin Server : Set of J2EE Applications used for “administering” of BI EE system
         Oracle Process Manager and Notification Server (OPMN) domain
      Used to start/Stop system components (BI Svr, BI Pres Svr, BI Schdlr, BI ClustrCntrl)
      Can be accessed from CMD or from EM page(GUI)
 Admin Server Components
     WLS Admin Console
      Admin GUI for WLS,Security and J2EE Components
     Fusion Middleware-EM Control (FMW EM)
      Admin GUI to Manage the BI Domain
      JMX Beans
      Java components that provide programmatic access for managing a BI domain.
Managed Server Components
      BI Plugin : Sends web http requests to BI Presentation Services
      BI Security :Integrates BI Server and FMW sec platform(using webservice calls)
      BI Action Services: Dedicated web services for Action framework
      BI Web Service SOA: Provides Web services for objects in the BIEE Presentation Catalog, to invoke analysis, agents, and conditions.
      BI Office: Provides the integration between Oracle Business Intelligence and Microsoft Office products
BIEE Domain System Components
      BI Server
     Provides capabilities to query and access data as well as services for accessing and managing the RPD file (BIEE Metadata).
     BI Presentation Services
     Provides the framework and interface for the presentation of business intelligence data to Web clients. It maintains an Oracle BI Presentation Catalog service on the file system for the customization of this presentation framework.
     BI Scheduler     
      Provides framework for scheduling and delivering reports to users (used by delivers)
     BI Javahost
     Enables BI Presentation Services to support various components: Java tasks for BI Scheduler, BI Publisher, and Graph generation.
     BI Cluster Controller
     Used for distributing requests to BI server and ensure load balancing
     Files
     Repository file (e.g. SampleSales.rpd)
     Config Files (nQconfig.ini,instanceconfig.xml,)
     Log Files (nqserver.log,nqquery.log, nqscheduler.log, sawlog0.log etc)
     Presentation catalog (<MW_HOME>\OracleBIPresentationServicesComponent\coreapplication_obips1\catalog)
OBIEE 11G Security
What’s Security ?
      Authentication – checking passwords and other tokens against user lists, to “authenticate” a user and check that they are who they say they are
      Authorization – once we know who they are, what are we going to “authorize” them to do on our system. (Object Security and data Security, both done from rpd)
      Administration – how do we administer these lists of users, groups and permissions(app policy), plus connections to external directories and applications
9.JPG
10.JPG
Security Providers
      Authentication provider
o   OBIEE delegates authentication to the first authentication provider configured for the domain.
o   Defined and managed from WLS Console
      Policy store provider
o               Provides access to :
      Application Roles (to create functional group)
      Application Policies (to define Oracle BI Server, BIP and RTD functionality permissions)
o   Forms a core part of security policy ,used for Object security and Data security
o   Defined and managed from FMW Enterprise Manager
o   Policy stored in system-jazn-data.xml file
      Credential store provider
o   Responsible for securely storing /providing access to credentials reqd. by OBIEE components internally
o   Credentials are stored in the file cwallet.sso file
Tools for security Management (In a nutshell)
      Users and Groups are managed in Oracle WLS Admin console (by default). If WLS is integrated with other LDAP products, then Users and Groups needs to managed using the interface provide by the respective LDAP vendor – New in OBIEE 11g
      Application Roles and Application Policies are managed in Oracle Enterprise Manager - Fusion Middleware Control – New in OBIEE 11g
      RPD object permissions are managed in OBIEE Admin tool – Same as 10g but the assignment is to Application Roles instead of Groups
Webcat Permissions and Privileges are managed in OBI Application administration page - Same as 10g but the assignment is to Application Roles instead of groups
13.JPG
Directory Structure
MW_HOME    : MiddleWare directory e.g. D:\OBIEE11G
WL_HOME    : MW_HOME\wlserver_10.3\
DOMAIN_HOME: MW_HOME\user_projects\domains\bifoundation_domain\
ORACLE_INSTANCE : MW_HOME\instance\instance1
15.JPG

'If you found this article useful, please rate the same"
Posted by at No comments:
Labels: ,

BIEE 11g Architecture

In this article we will briefly explain the new OBIEE 11g architecture and its components. At first glance it seems complex to understand all the new pieces in OBIEE 11g, but let us take a look at the following picture:
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQKnHeKdR9nmxBCD87UYMHBvoaub8tCozgzyLWZZbm9RX6RpmIjnsADE0EUVdr-KgIAduEm76jUhFPfzmxziDJeDZE3yMiDE-wEoU1nTgDmVum-224uS5QOq169QUL-0rS-Q4Bv-FjTFc/s400/BIEE11gArchitecture.jpg
We can identify two main component types the OBIEE 11g: The A) Java Components and the B) System Components.
A) Java Components: These are basically J2EE applications running in Weblogic Server. There are two subcomponents here: 1. Admin Server and 2. Managed Server. Each of them running in a dedicated Java virtual machine (JVM).
  1. Admin Server: This is nothing more than a set of J2EE applications that will help us Administering the system:
  • Admin Console (WLS) — An adminstrative user interface that provides advanced management for Weblogic, JEE components, and security
  • Fusion Middleware Control — An administrative user interface that is used to manage the BI domain.
  • JMX MBeans — Java components that provide programmatic access for managing a BI domain.
  1. Managed Server: These are J2EE applications which will help the functioning of the BIEE System (highlighted in RED):
  • BI Plugin — It routes HTTP and SOAP requests to BI Presentation Services.
  • BI Security — It enables the integration of BIEE Server and Fusion Middleware security platform through webservices calls.
  • BI Action Services — It provides the dedicated Web services that are required by the Action Framework (a nice introduction can be found here, another example of use is here and here) and that enable an administrator to manually configure which Web service directories can be browsed by users when they create actions.
  • Webservices SOA — This component provides Web services for objects in the BIEE Presentation Catalog, to invoke analysis, agents, and conditions.
  • BI Office — This component provides the integration between Oracle Business Intelligence and Microsoft Office products.
and finally
  • Two particular applications: BI Publisher (Reporting System) and RTD (technology platform which enable the analysis of data and provides insight by using data mining algorithms and techniques in real time).
B) System Components: These are non-J2EE components, such as processes and services written in C++ and java.
  • BI Server — It provides capabilities to query and access data as well as services for accessing and managing the RPD file (BIEE Metadata).
  • BI Presentation Services — It provides the framework and interface for the presentation of business intelligence data to Web clients. It maintains an Oracle BI Presentation Catalog service on the file system for the customization of this presentation framework.
  • BI Scheduler — Provides extensible scheduling for analyses to be delivered to users at specified times. (BI Publisher has its own scheduler.)
  • BI JavaHost — It enables BI Presentation Services to support various components: Java tasks for BI Scheduler, BI Publisher, and Graph generation.
  • BI Cluster Controller — It distributes requests to the BI Server, ensuring requests are evenly load-balanced across all BI Server process instances in the BI domain.

In addition, the BI Domain requires a set of configuration files, the repository (RPD) file, the Presentation Catalog files, etc. Likewise, BIEE System uses a set of metadata tables stored in a relational database like Oracle.

How to Start BIEE System: There are multiple ways to start the BIEE System, but it must follow certain order. Based on the description given above we need to :

1. Start NodeManager : By default in Windows it runs when the OS starts (Reference about NodeManager can be found here)
2. Start Admin Server : Initiate Weblogic Server.
3. Start Managed Server : Initiate the main applications. Based on the picture above, these are highlighted in Red : BI Plugin, BI Security, BI Action Service, BI Webservices SOA. If you are planning to use BI Publisher or RTD then it must also be started.
4. Start BIEE Services : These are the main BIEE processes which are controlled by OPMN: BI Server, BI Presentation Server, BI JavaHost. If you are planning to use BI Scheduler then also start it. Or if your instance is a clustered environment then also start the BI Cluster Controller.

In our next post, we will describe how to actually perform this operation and we will describe how to troubleshoot issues by looking at the log files.

References:
1. Introduction to BIEE Administration (here).
2. Rittman Mead posts on Action Services (here).

Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)