The SSL Everywhere feature of Oracle Business Intelligence allows communications that occur between the different BI components to be made secure. This chapter describes how to configure Oracle BI components to communicate over the Secure Socket Layer.

SSL (Secure Socket Layer) is a secured communication protocol mainly used in communications over the TCP/IP network protocol suite. By default, components of Oracle BI communicate with each other using TCP/IP. To support secured network communication, the Oracle BI components need to be configured for SSL.

Oracle BI components can communicate only through one protocol at a time. To enable SSL, you must configure each of the Oracle Business Intelligence components listed below to communicate over SSL. You must configure all instances of these components that occur in your Oracle BI deployment.

The Oracle BI components that are enabled for communication over SSL are:

• Oracle BI Server
• Oracle BI Presentation Services
• Oracle BI JavaHost
• Oracle BI Presentation Services Plug-in (Java Servlet or ISAPI)
• Oracle BI Scheduler
• Oracle BI Job Manager
• Oracle BI Cluster Controller
• Oracle BI Server Clients (For example, Oracle BI ODBC Client)

SSL requires the server to possess a public key and a private key for session negotiation. The public key is made available through a server certificate. The certificate also contains information that identifies the server. The private key is protected by the server.

The SSL Everywhere feature supports mutually-authenticated SSL and server-only authentication. Mutual authentication requires the two BI components involved in communications to both posses certificates that identify the entities. Server-only authentication mode requires only the BI component acting as the server to possess a certificate.

NOTE:  It is assumed that readers are familiar with Public Key Cryptography mechanisms and the use of certificates and keys for data encryption and authentication. This guide does not explain these concepts.