Download - obiee architecher
-
7/29/2019 obiee architecher
1/8
A quick review of OBIEE11g Architecture &SecurityRate this item
1
2
3
4
5
(11 votes)
OBIEE 11g Architecture & Security
http://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.htmlhttp://www.adivaconsulting.com/blog-obiee/item/35-obiee-11g-architecture-security-architecture.html -
7/29/2019 obiee architecher
2/8
Domains in OBIEE Web Logic Server Domain
J2EE App Server used across the board for all 11g BI applications
Contains :
Managed Server: Set of J2EE Applications used for functioning
the BIEE system
Admin Server: Set of J2EE Applications used for administering
of BI EE system
Oracle Process Manager and Notification Server (OPMN) domain Used to start/Stop system components (BI Svr, BI Pres Svr,
BI Schdlr, BI ClustrCntrl)
Can be accessed from CMD or from EM page(GUI)
Admin Server Components WLS Admin Console
Admin GUI for WLS,Security and J2EE
Components
Fusion Middleware-EM Control (FMW EM) Admin GUI to Manage the BI Domain
JMX Beans
Java components that provide programmatic
access for managing a BI domain.
Managed Server Components BI Plugin : Sends web http requests to BI Presentation Services
BI Security :Integrates BI Server and FMW sec platform(using webservice calls)
BI Action Services: Dedicated web services for Action framework
BI Web Service SOA: Provides Web services for objects in the BIEEPresentation Catalog, to invoke analysis, agents, and conditions.
-
7/29/2019 obiee architecher
3/8
BI Office: Provides the integration between Oracle Business Intelligence andMicrosoft Office products
BIEE Domain System Components
BI Server Provides capabilities to query and access data as well as services for
accessing and managing the RPD file (BIEE Metadata).
BI Presentation Services Provides the framework and interface for the presentation of business
intelligence data to Web clients. It maintains an Oracle BI Presentation
Catalog service on the file system for the customization of this
presentation framework.
BI Scheduler Provides framework for scheduling and delivering reports to users
(used by delivers)
BI Javahost Enables BI Presentation Services to support various components: Java
tasks for BI Scheduler, BI Publisher, and Graph generation.
BI Cluster Controller Used for distributing requests to BI server and ensure load balancing
Files Repository file (e.g. SampleSales.rpd)
Config Files (nQconfig.ini,instanceconfig.xml,)
Log Files (nqserver.log,nqquery.log, nqscheduler.log, sawlog0.log etc)
Presentation
catalog(\OracleBIPresentationServicesComponent\cor
eapplication_obips1\catalog)
OBIEE 11G SecurityWhats Security ? Authenticationchecking passwords and other tokens against user lists, to
authenticate a user and check that they are who they say they are
Authorizationonce we know who they are, what are we going to authorize them to
do on our system. (Object Security and data Security, both done from rpd)
Administrationhow do we administer these lists of users, groups and permissions(app
policy), plus connections to external directories and applications
-
7/29/2019 obiee architecher
4/8
-
7/29/2019 obiee architecher
5/8
Security Providers Authentication provider
o OBIEE delegates authentication to the first authentication provider configured for
the domain.
o Defined and managed from WLS Console
Policy store provider
o Provides access to :
Application Roles (to create functional group)
Application Policies (to define Oracle BI Server, BIP and RTD
functionality permissions)
-
7/29/2019 obiee architecher
6/8
o Forms a core part of security policy ,used for Object security and Data security
o Defined and managed from FMW Enterprise Manager
o Policy stored in system-jazn-data.xml file
Credential store provider
o Responsible for securely storing /providing access to credentials reqd. by OBIEE
components internallyo Credentials are stored in the file cwallet.sso file
Tools for security Management (In a nutshell) Users and Groups are managed in Oracle WLS Admin console (by default). If WLS is
integrated with other LDAP products, then Users and Groups needs to managed using the
interface provide by the respective LDAP vendor New in OBIEE 11g
Application Roles and Application Policies are managed in Oracle Enterprise Manager -
Fusion Middleware Control New in OBIEE 11g
RPD object permissions are managed in OBIEE Admin tool Same as 10g but the
assignment is to Application Roles instead of Groups
Webcat Permissions and Privileges are managed in OBI Application administration page - Same
as 10g but the assignment is to Application Roles instead of groups
-
7/29/2019 obiee architecher
7/8
Directory StructureMW_HOME : MiddleWare directory e.g. D:\OBIEE11G
WL_HOME : MW_HOME\wlserver_10.3\
DOMAIN_HOME: MW_HOME\user_projects\domains\bifoundation_domain\
ORACLE_INSTANCE : MW_HOME\instance\instance1
-
7/29/2019 obiee architecher
8/8