A quick review of OBIEE11g Architecture & Security

Rate this item

1 2 3 4 5
(11 votes)

OBIEE 11g Architecture & Security

Domains in OBIEE

Web Logic Server Domain J2EE App Server used across the board for all 11g BI applications Contains : Managed Server : Set of J2EE Applications used for functioning the BIEE system Admin Server : Set of J2EE Applications used for administering of BI EE system Oracle Process Manager and Notification Server (OPMN) domain Used to start/Stop system components (BI Svr, BI Pres Svr, BI Schdlr, BI ClustrCntrl) Can be accessed from CMD or from EM page(GUI)

Admin Server Components

WLS Admin Console
Admin GUI for WLS,Security and J2EE Components

Fusion Middleware-EM Control (FMW EM)

Admin GUI to Manage the BI Domain JMX Beans Java components that provide programmatic access for managing a BI domain.

Managed Server Components

BI Plugin : Sends web http requests to BI Presentation Services BI Security :Integrates BI Server and FMW sec platform(using webservice calls) BI Action Services: Dedicated web services for Action framework BI Web Service SOA: Provides Web services for objects in the BIEE
Presentation Catalog, to invoke analysis, agents, and conditions.

BI Office: Provides the integration between Oracle Business Intelligence and

Microsoft Office products

BIEE Domain System Components

BI Server
Provides capabilities to query and access data as well as services for accessing and managing the RPD file (BIEE Metadata).

BI Presentation Services
Provides the framework and interface for the presentation of business intelligence data to Web clients. It maintains an Oracle BI Presentation Catalog service on the file system for the customization of this presentation framework.

BI Scheduler
Provides framework for scheduling and delivering reports to users (used by delivers)

BI Javahost
Enables BI Presentation Services to support various components: Java tasks for BI Scheduler, BI Publisher, and Graph generation.

BI Cluster Controller
Used for distributing requests to BI server and ensure load balancing

Files
Repository file (e.g. SampleSales.rpd) Config Files (nQconfig.ini,instanceconfig.xml,) Log Files (nqserver.log,nqquery.log, nqscheduler.log, sawlog0.log etc) Presentation catalog(<MW_HOME>\OracleBIPresentationServicesComponent\cor eapplication_obips1\catalog)

OBIEE 11G Security

Whats Security ?
Authentication checking passwords and other tokens against user lists, to authenticate a user and check that they are who they say they are Authorization once we know who they are, what are we going to authorize them to do on our system. (Object Security and data Security, both done from rpd) Administration how do we administer these lists of users, groups and permissions(app policy), plus connections to external directories and applications

Security Providers
Authentication provider o OBIEE delegates authentication to the first authentication provider configured for the domain. o Defined and managed from WLS Console Policy store provider o Provides access to : Application Roles (to create functional group) Application Policies (to define Oracle BI Server, BIP and RTD functionality permissions)

o Forms a core part of security policy ,used for Object security and Data security o Defined and managed from FMW Enterprise Manager o Policy stored in system-jazn-data.xml file Credential store provider o Responsible for securely storing /providing access to credentials reqd. by OBIEE components internally o Credentials are stored in the file cwallet.sso file

Tools for security Management (In a nutshell)

Users and Groups are managed in Oracle WLS Admin console (by default). If WLS is integrated with other LDAP products, then Users and Groups needs to managed using the interface provide by the respective LDAP vendor New in OBIEE 11g Application Roles and Application Policies are managed in Oracle Enterprise Manager Fusion Middleware Control New in OBIEE 11g RPD object permissions are managed in OBIEE Admin tool Same as 10g but the assignment is to Application Roles instead of Groups Webcat Permissions and Privileges are managed in OBI Application administration page - Same as 10g but the assignment is to Application Roles instead of groups

Directory Structure
MW_HOME : MiddleWare directory e.g. D:\OBIEE11G WL_HOME : MW_HOME\wlserver_10.3\ DOMAIN_HOME: MW_HOME\user_projects\domains\bifoundation_domain\ ORACLE_INSTANCE : MW_HOME\instance\instance1