May 20, 2014

Essbase Clustering Part 2: (Active/Passive Clusters)

If you read my earlier post on Essbase clustering, you have realized that Essbase offers a couple of ways to cluster a server:

  1. Active/Passive, which is best for BSO clusters as it supports write back
  2. Active/Active, which is best for ASO clusters as it allows for load balancing as well
On this post, I will outline how to configure an Essbase active/passive cluster. 

What will you need:

If you want to create your own cluster you will need:
  1. Two servers
  2. A load balancer (where you can configure a VIP, aka Virtual IP) and where it can "sense" when one node is not available to failover to the passive node.
  3. A high speed shared disk (your cluster would not be much of a cluster if Essbase cannot access the database files)
  4. Knowledge on how to install Hyperion

My Setup

I'm using the latest version of Oracle EPM 11.1.2.3 and I'm installing it in two virtual machines using CentOS 6.5 Linux which is a RedHat variant and this way I don't have to mess around with Microsoft cluster services. Now, for this demonstration, I'm using an NFS share for my shared repository in one of the servers and I'm not using a load balancer but in real life this would not be an ideal scenario.

Configuration Process on First Node

You need to install your first Essbase node normally, as you would any other Essbase server. On the Essbase configuration step you need to specify the shared disk as the ARBORPATH and you can change the name of the cluster as you see fit:


















As you can see from the screenshot above, I have called my cluster "EssbaseCluster-LAB" and changed the ARBORPATH to "/u01/SHARED/EssbaseServer/essbaseserver1".

After you have configured your first node you can move on to installing and configuring your second node.

Configuration Process on Second Node

You need to install your second node normally but when it comes to configuring the Essbase part you will need to make a change. When you enter the configure Essbase task you will see the all the default values:



















You will have to click on the "Assign To Existing Cluster" button on the top right corner so you can select the cluster that was previously configured and assign this node to it:

You can select the cluster from the drop down. Then when you click OK you will see that you cannot change the cluster name or the ARBORPATH as these need to be the same on both nodes.




















Now you can continue with the configuration process and finish all tasks.

Post-configuration Tasks

After you installed and configured both Essbase nodes you are still not ready to use the cluster. You first need to make some changes to the opmn.xml file in order for opmn to sense when Essbase crashes on one server so it can bring up the Essbase process on the passive node. I followed the steps from the following Oracle Deployment Options Guide

You need to make the following changes in the opmn.xml on both nodes:

Add the topology:














Make sure that the port you use is the OPMN remote port (6712) and not the Essbase port (1423). This tells opmn the OPMN nodes in this cluster.

Add the service failover and weight directives. Now, make sure that the node you want to be primary has a higher value (101) than your passive node (100):

Active Node:






Passive Node:






You also need to make sure that the name of the cluster is in the ias-component ID directive as so:






Lastly, you have to set the "restart on death" to true. Now, this directive will tell OPMN to attempt to restart the active node's Essbase process on death before attempting to pass the baton to the passive node. If this directive is set to false, it will immediately attempt to activate the passive node's Essbase process and not attempt to restart it on the active node. I have set mine to 'false' as I want it to die immediately for test purposes and not attempt to restart Essbase.











Also, as you can see from the "restart" directive you can specify other parameters such as the number of retries and the timeout.

We are now finally ready to test our configuration and start Essbase on both nodes. As you start essbase, you will see that one node will have the opmn processes only and the other should have the opmn process as well as the ESSBASE process running:

Passive Node:










Active Node:






You can also perform opmnctl commands to see the status or to start processes. For example, opmnctl status will tell you the status of the cluster:













Failover Test

So now that it's all configured, you can test that the failover configuration works. To simulate, you can kill the ESSBASE process form the active node and you should see how it automagically starts the ESSBASE process on the passive node. This is where having a separate shared filesystem and a load balancer comes in handy. You would configure your Planning data source using the VIP from the load balancer instead either node. 

At the end, you should end up with something like the following depiction:



Hope this helps explaining how Essbase clusters work and are configured

Pablo



Apr 8, 2014

Lost in the cloud?

Do you know where you are in the cloud spectrum or are you lost? Do you know where your Hyperion infrastructure really is or is your head in the clouds. On this post, I will try to clarify what the three main "cloud" deployment terms are and hopefully you can locate yourself and understand where you are.

With the advent of the cloud and services like Amazon Web Services, Rackspace, Gmail and, of course, salesforce.com, there has been a lot of confusion on what people are calling the cloud. In reality, the cloud has been with us always, we just didn't call it that.


Private Cloud:
This term is usually used when software is installed by either internal IT staff or consulting firm on infrastructure that is owned by the client. The client owns the infrastructure and also owns the licenses to the software. This is typically what an "on premise" installation means. You have full visibility on the hardware, software, installation and configuration of the app being installed.

If you have Oracle EPM  installed on infrastructure that you own, you are here.

IaaS (hosted solution):
Infrastructure as a Service is used when a client installs (either by an IT staff or consultant) a piece of software on hardware infrastrcture that is leased. The hardware and o/s maintenance and management is typically handled by the firm leasing the hardware while management of the application can be either handled by the client's IT, the leasing firm or a third party. You may or may not have visibility to the hardware being used to provide this service. Examples of this are Amazon Web Services, Rackspace, etc.

If you own Oracle EPM licenses but do not host it internally, you are here.

SaaS (subscription based):
Software as a Service is used when the client pays a subscription fee to use software that is owned and managed by the company selling the subscription. Salesforce.com, iCloud, Office 365 are perfect examples of this type of deployment. The client does not own the license nor the hardware in this type of deployment. Also management of the application (up time, redundancy, disaster recovery, etc) is managed by the firm providing the subscription service.

If you have purchased PBCS, you are here.

Currently, for Oracle EPM there is one service that was released earlier in 2014 called Planning and Budgeting Cloud Services (PBCS).  However, Oracle has chosen a few select partners (Infratects is one of them) to test out what they are calling project "Kepler". Kepler is the PBCS release that Oracle uses but for partners to be able to provide the same service to clients. Kepler is still in Beta but it will allow partners like Infratects who provide IaaS type of services with managed services and support the ability to sell subscription based Hyperion Planning to clients. 

Hope this clarifies a bit on the "cloud" terminology and the differences between types ofdeployment. 

Infratects can offer any of these types of solutions with datacenters in Europe and the US. Also, soon we should be able to provide SaaS services as project Kepler matures. 

Hyperion Planning Mobile Features (11.1.2.3.500)

Oracle's latest release of version 11.1.2.3 comes with a very nice new feature... access and support for mobile devices (tables and smart phones). The readme for patch .500 defines that it includes support for the following browsers and mobile O/S'es:

- iOS 7
- Android 4.1, 4.2 and 4.3

To enable mobile access to your Planning application, you will need to make sure that it isn't a Workforce or Capex app as this is not supported yet, however, it supports classic or EPMA applications.

FIrst you will have to obviously download and install the patch, which is about 1.7GB download which can be accessed via Oracle support website or via Oracle's eDelivery cloud service. You can also download the client installers and other patches from the eDelivery service:


After you install the patch (which is fairly straight forward). You will have to enable access to your forms, tasks lists and rules from within the app. You will have to use a standard computer (not a tablet) and log in to your app; go to Administration -> Manage -> Tablet Access:


On the following screen you can select which artifacts you want to expose to a tablet. Be aware that forms that display nicely on a regular PC may not show correctly on an tablet due to screen size, etc so you may want to create forms specific for mobile devices.




After enabling artifacts you will be able to access them via a tablet. To access the app via a tablet you need to point your tablet to the old planning URL (not the Workspace URL) like so: http(s)://hyperion.yourserver.com:19000/HyperionPlanning and you will see the login screen for tablet:

Then you will see the artifacts that you exposed to the tablet.

Forms:

Tasks Lists:


Rules:



As you can see, you can also access approvals and report snapshots. Don't confuse these reports with FR mobile access which is a different module/URL and not integrated within this interface. You cannot run FR reports only launch report snapshots you have defined previously via the full front end.

If you need help upgrading to 11.1.2.3 or installing the patch you can contact me for details.









Jan 30, 2014

Top 5 Reasons to Upgrade to 11.1.2.3

With the release of new third party software and new features in the latest EPM version, we have been receiving questions from clients on why should they consider upgrading to the latest version of Oracle EPM which is 11.1.2.3

First of all, you may have heard from Oracle that the latest patch set update for Oracle EPM is due out in Q1 of this year which will be 11.1.2.3.500. It is said that this patch will introduce the long awaited support for IE10 among other things and perhaps support for Windows 2012.

Mostly from a technical perspective the top 5 reasons to upgrade are:

Reason 1: Support for IE10 and Windows 8.x

In the last few months, I have seen many IT departments starting to upgrade all client desktops to Windows 7 (sometimes Windows 8), IE10 and Office 2013. Although support for IE10 and Windows 8.x is still yet to be released, Oracle has mentioned in several places that the upcoming 11.1.2.3.500 patch will introduce this support. When? It’s anybody’s guess but they said they expect to release it by Q1 2014. With IE10 and Windows 8.x support comes support for FireFox 24 as well.  And could this also mean support for Windows 2012? We will just have to wait and see.

Reason 2: Support for Office 2013

The good news is that if you want to support Office 2013 you don’t have to upgrade your entire EPM environment, you only need to upgrade Smart View. The latest Smart View version is 11.1.2.5 and this is the version that supports all 11.1.2.x versions (11.1.2.1, 11.1.2.2 and 11.1.2.3). So if your IT department is upgrading all desktops to Office 2013, you want to include Smart View 11.1.2.5 as part of this upgrade. Again, this does not require you upgrade your EPM server environment, just the desktops.

Reason 3: Transform your legacy FDQM and ERPi apps to FDMEE

Probably one of the biggest reasons to upgrade for clients that use FDQM or ERPi is the ability to upgrade to FDMEE. Or maybe you use some archaic method for loading data into your planning applications (report scripts via batch scripts, etc.) you may still want to upgrade to take advantage of the new features introduced in FDMEE. If you want to read about FDMEE and integration with other new modules you can read Francisco's blog which has a wealth of information on this matter at http://akafdmee.blogspot.com

Reason 4: Introduce new modules

Starting with 11.1.2.2 and now with 11.1.2.3, Oracle has been introducing new modules like Account Reconciliation Manager that integrates with FDMEE. Other new modules include Project Based Planning and Tax provisioning. See below for a link to a complete list of new modules and features in EPM 11.1.2.3

Reason 5: Introduce new features on existing applications

EPM 11.1.2.3 introduced a lot of new features from Planning’s ability to use ASO cubes and HFM unlimited dimensionality to a myriad of enhancements to the LCM that allows for a much easier maintenance and migration of application artifacts between environments (and presumably versions). Other features like Smart View’s ability to update metadata, can be a little scarier but these need to be weighed and depending on your needs they will make a strong argument for upgrading to 11.1.2.3

For a complete list of features introduced in EPM 11.1.2.3 you can read the documents included in the following URL: http://docs.oracle.com/cd/E40248_01/index.htm


Jan 16, 2014

Essbase Clustering Part 1

Essbase clustering can be used in order to mitigate the risk of an Essbase server going down and affecting your Planning or Reporting application with it. When it comes to Essbase clustering, however, there is one commonly used method which is to use the Essbase clusters that can be configured via the main installation program.

These Essbase clusters are more like a “hot spare” configuration or active/passive. The problem with this approach is that you need to have two identical servers (ideally) but can only use one at a time not using any of the horsepower from the “passive” server.




In order to have a cluster of this type you will need to configure a Microsoft Cluster to monitor both servers, services and DNS entries. Configure a cluster disk (outside of the Essbase cluster) to store the Essbase data files (ARBORPATH) and configure opmn to monitor Essbase process running on both servers. Ideally, MCS will detect a down server and point the cluster name to the other server and switch the shared disk. Then OPMN will detect that Essbase is not running on the downed server and start it on the server that is still available.

Does this sound like a lot? There’s another option…

Another method of clustering is an active/active cluster, which can mitigate the risk of having only one Essbase server and also serve as a load balancer.The main “gotcha” for an active/active cluster is that you can not write back to it which is required for Planning applications. This is the reason this type of clusters is not as popular and is almost exclusively used with ASO reporting applications. Another gotcha of active/active clusters is that you have to build your cubes and load data on both servers. These need to be maintained in-sync in order to make sure that users being sent to one server see exactly the same as other servers in the cluster.

This method uses APS and the JAPI to establish server pools like so:




The main advantage for this setup is that you don’t have to configure any MS Clustering and you can treat each server individually with its own ARBORPATH’s. In EAS, each will show as an individual server with their own set of applications. On the downside, you will have to build each application on each server.

Again, this is most suitable for ASO applications or BSO apps that do not require write back (which rules out Planning) and can take advantage of the horse power of both servers at all times (unless a server goes down)

I will be writing two follow up posts on how to configure each type of cluster identified here.

That’s all folks!


Jan 14, 2014

Securing your EPM Installation with SSL (OHS terminated configuration)

You have many options to secure your EPM installation with SSL. One of which is to enable SSL terminated at the OHS layer. The graphic below shows how one can secure an OHS server surrounded by firewalls. Even though the purpose of this post is not to discuss security design, I felt it would be important to explain the difference between securing your environment with OHS terminated SSL and an SSL off-loader which are the two most commons methods for securing EPM.




The graphic above depicts how OHS can be enabled to communicate securely between end user and the web server. In this case all users would be directed to a secure URL (i.e. https://servername.host.com:19443/workspace/index.jsp)


The graphic above depicts how one can use a load balancer off-loader to secure your entire EPM environment. Just as with OHS terminated SSL configuration, you would be directed to a URL using HTTPS, the main difference is that you do not have to configure SSL within the EPM environment, just in the SSL off-loader.

Steps for enabling SSL

Wallet configuration


Open Wallet Manager and create a new Wallet specifying a password


Once you create the wallet it will prompt you if you want to create a CSR. You can either answer yes or generate your CSR at a later time if you answered no.



When creating the CSR make sure you use the FQDN of the server as the common name


At this point the request has been generated, so we want to save the wallet. By default, I always save my wallets outside of the Oracle EPM directory structure to make sure it doesn’t disappear after an upgrade or a patch. So I will save my wallet on E:\SSL. After saving your wallet, you will need to export the request and have it signed by either a private CA (your company would need to sign this) or pay someone to sign it (like VeriSign, Comodo, GoDaddy, etc). To export the CSR you can right click the Certificate and select “Export Certificate Request”



I saved the exported CSR on E:\SSL\epmlabapp.csr I will not cover the process of sending the CSR to a CA but I’m sure you understand what the process is, if not, you can ask a security admin to sign the certificate for you from an internal CA.

After the certificate has been signed you need to import it on the wallet. Right click the request and select “Import User Certificate”


If the CSR was correctly signed you will see the Certificate in the wallet look like the below screenshot (In my case, I used a bogus CA to sign my certificate request)



Note about certificates: If a self signed certificate is used or an internal certificate authority signed the certificate, you will need to ensure that the root CA that signed the certificate is trusted by all computers accessing the EPM URL’s. Otherwise, you will either get a warning message that the URL you are trying to open is not trusted or components just won’t work (i.e. Smart View, Reporting Studio, etc.)  A “wild card” certificate can also be used. This is a certificate where a CA has signed *.yourcompanyname.com so as long as your server resolves to something with that ending domain name you will be ok.

The last thing you need to do to the wallet is to enable the auto-login feature so you don’t have to enter a password every time you try to start OHS.


You can save and close the wallet.

OHS Configuration Steps


After you have configured the OHS wallet, it’s time to configure OHS to use this wallet to encrypt all communications. You will have to edit the following file (always remember to make backups):
E:\Oracle\Middleware\user_projects\FOUNDATION\httpConfig\ohs\config\OHS\ohs_component\ssl.conf. Change the path to the wallet on the following line:



to point to the location where the wallet you created lives, in my case:



Also, you need to include the ssl.conf file in the main httpd.conf file. The httpd.conf file is located in the same directory where ssl.conf is. You can edit it with your favorite editor and look for the following line:


and uncomment the include as follows:




After this things should’ve worked. However, in EPM 11.1.2.3 for some reason Oracle left out the other conf’s from the ssl VirtualHost directive, so you will need to add those to the ssl.conf file like so:


You can go to the end of the VirtualHost directive in the ssl.conf file and add the same four includes that are in the VirtualHost directive from the httpd.conf (at the end of the file)

Save both files and restart OHS and you should be able to access the EPM URL’s with SSL enabled.


If you get a red address bar, it’s because the certificate you installed is not trusted or not signed by a trusted CA and will have to be signed by a trusted CA or add the CA (if you trust it) to the computer’s certificate trusted CA’s.

That’s all folks