Bookshelf Home | Contents | Index | PDF     

Oracle® Business Intelligence Enterprise Edition Deployment Guide > Enabling Secure Communication in Oracle Business Intelligence > Configuring Oracle Business Intelligence to Communicate Over SSL >

Configuring Oracle BI Scheduler

The following section contains information about configuring the Oracle BI Scheduler for minimum or near-maximum security deployment.

Configuring Oracle BI Scheduler on Windows in a Minimum Security Scenario

This topic describes the process to configure Oracle BI Scheduler installed on Windows in a minimum security deployment to communicate over SSL.

On Windows, Oracle BI Scheduler may be configured to communicate over SSL using either Oracle BI Job Manager or the schconfig command line utility.

Use this procedure to configure Oracle BI Scheduler using Oracle BI Job_Manager.

To configure Oracle BI Scheduler on Windows in a minimum security deployment

  1. Launch Oracle BI Job Manager.
  2. Navigate to File > Configuration Options to open the Scheduler Configuration dialog box.
  3. Select Scheduler tab > Advanced tab
  4. Check the Use Secure Socket Layer check box.

You may use the schconfig utility to configure Oracle BI Scheduler. The schconfig.exe executable is located in the OracleBI_HOME\server\Bin directory. Refer to the topic Configuring Oracle BI Scheduler on UNIX in a near-Maximum Security Scenario for instructions on how to use this utility to configure Oracle BI Scheduler for communication over SSL.

Configuring Oracle BI Scheduler on Windows in a near-Maximum Security Scenario

This topic describes the process to configure Oracle BI Scheduler installed on Windows in a maximum security deployment for communication over SSL.

On Windows, Oracle BI Scheduler may be configured to communicate over SSL using either Oracle BI JobManager or the schconfig command line utility.

Use this procedure to configure Oracle BI Scheduler using Oracle BI Job_Manager.

To configure Oracle BI Scheduler on Windows in a near-maximum security scenario

  1. Launch Oracle BI Job Manager.
  2. Navigate to File > Configuration Options to open the Scheduler Configuration dialog box.
  3. Select Scheduler tab > Advanced tab
  4. Check the Use Secure Socket Layer check box.
  5. In the SSL section of the dialog box, make the following changes:
    • In the SSL Certificate File Path text box, enter the path and file name of the Server Certificate file.

      For example:

    SSL Certificate File Path = OracleBI_HOME\ssl\server-cert.pem

    • In the SSL Certificate Private Key File text box, enter the path and file name of the Server Private Key file.

      For example,

    SSL Certificate Private Key File = OracleBI_HOME\ssl\server-key.pem

    • If you are using a passphrase file, select the SSL File Containing Passphrase radio button and enter the path and file name of the passphrase file for the Server Key.

      For example,

    SSL File Containing Passphrase = OracleBI_HOME\ssl\serverpwd.txt

    • If you are using a passphrase program, select the SSL Program Producing Passphrase radio button and enter the name of the passphrase producing program.

      For example,

    SSL Program Producing Passphrase = passphrase.exe

    The entries made above are required when either Oracle BI Cluster Controller or Oracle BI servers have been configured to require peer verification.

    • Check the SSL Require Client check box.
    • Specify a value for SSL Certificate Verification Depth.
    • If you are using the hashed version of the CA certificate, select the CA Certificate Directory radio button and enter the directory where the hashed file is located in the corresponding text box.

      For example,

    CA Certificate Directory = OracleBI_HOME\ssl

    • If you are using the CA certificate, select the CA Certificate File radio button and enter the path and file name of the CA Certificate file in the text box.

      For example,

    CA Certificate File = <OracleBI>\ssl\cacert.pem

    • In the SSL Trusted Peer Distinguished Names text box, enter the DNs of clients that will be allowed to connect.

      For example,

    Trusted Peer Distinguished Names = C=US/ST=CA/L=Redwood Shores/O=Oracle/OU=BI/CN=clientcertificate

    • In the SSL Cipher List text box, enter the list of ciphers to be used.

      For example,

    SSL Cipher List = EXP-DES-56-SHA

  6. Copy the server certificate, server private key and passphrase file or program to the directory specified in the parameters.

    In the examples, the directory is OracleBI_HOME\ssl.

  7. If you have set the CA Certificate File parameter, copy the CA certificate file to the directory specified.
  8. If you have set the CA Certificate Directory parameter, copy the hash version of the CA certificate to the directory specified.

You may use the schconfig utility to configure Oracle BI Scheduler. The schconfig.exe executable is located in the OracleBI_HOME\server\Bin directory. Refer to topic Configuring Oracle BI Scheduler on UNIX in a Minimum Security Scenario for instructions on how to use this utility to configure Oracle BI Scheduler for communication over SSL.

Configuring Oracle BI Scheduler on UNIX in a Minimum Security Scenario

This topic describes the process to configure Oracle BI Scheduler installed on UNIX in a minimum security deployment for communication over SSL. Use this procedure to configure Oracle BI Scheduler.

Configuring Oracle BI Scheduler on UNIX in a Minimum Security Scenarios

  1. Execute schconfig located in OracleBI_HOME/OracleBI/server/bin.
  2. Choose the following option:

    1 - Configure Scheduler

  3. Choose the following option:

    3 - Advanced

  4. Choose option 5 and set Use SSL to "y".

Configuring Oracle BI Scheduler on UNIX in a near-Maximum Security Scenario

This topic describes the process to configure Oracle BI Scheduler installed on UNIX in a maximum security deployment for communication over SSL.

Use this procedure to configure Oracle BI Scheduler.

To configure Oracle BI Scheduler on UNIX in near-maximum security scenario

  1. Execute schconfig located in OracleBI_HOME/setup.
  2. Choose the following option:

    1 - Configure Scheduler

  3. Choose the following option:

    3 - Advanced

  4. Options 5 to 13 are SSL-related. Set them as shown in the following table.
    Scheduler Advanced Configuration Option
    Value

    5 - Use SSL

    True

    6 - SSL Certificate File Path

    <Directory and file name of Server Certificate file>

    For example, OracleBI_HOME/ssl/server-cert.pem

    7 - SSL Certificate Private Key File

    <Directory and file name of Server Private Key file>

    For example, OracleBI_HOME/ssl/server-key.pem

    8 - SSL File Containing Passphrase

    <Directory and filename of passphrase file for Server key>

    For example, OracleBI_HOME/ssl/serverpwd.txt

    9 - SSL Require Client Certificate

    True

    10 - SSL Certificate Verification Depth

    <Depth of chain>

    11- CA Certificate Directory

    <Directory containing the hashed CA Certificate>

    For example, OracleBI_HOME/ssl

    <Distinguished Names of trusted peers>

    For example, C=US/ST=CA/L=Redwood Shores/O=Oracle/OU=BI/CN=servercertificate

    12 - SSL Trusted Peers DNs

     

    13 - SSL Cipher List

    <Cipher List, if any>

    For example, EXP-DES-56-SHA
  5. Copy the server certificate, server private key and passphrase file to the directory specified in the parameters.

    In the examples specified, the directory is OracleBI_HOME/ssl.

  6. If you have set the CA Certificate File parameter, copy the CA certificate file to the directory specified.
  7. If you have set the CA Certificate Directory parameter, copy the hash version of the CA certificate to the directory specified.

Securing Communication Between Oracle BI Scheduler and SMTP Server

The communication between BI Scheduler and the SMTP server can be secured. The server certificate from the SMTP server must be obtained. This file can either be copied to a directory on the BI Scheduler machine, or the hash version of this file, named <hashvalue>.0 copied to a directory of trusted CAs on the BI Scheduler machine.

Use this procedure to enable the communication between BI Scheduler and the SMTP server.

To secure communication between Oracle BI Scheduler and SMTP Server

  1. Launch Job Manager and connect to the Scheduler instance. Navigate to Mail > Advanced tab.
  2. Check the "Use Secure Socket Layer" check box.
  3. Select either the CA Certificate Directory radio button and specify the path and file name of the SMTP server certificate or the CA Certificate File radio button and specify the directory containing the hash version of the SMTP certificate.
  4. Set the SSL Certificate Verification Depth.
  5. Specify an SSL Cipher List, if required.

Using SASchInvoke and SchShutdown When BI Scheduler is SSL-Enabled

To use SASchInvoke command line utility when BI Scheduler is enabled for communication to occur over SSL, you must specify SSL-related options as shown below:

SASchInvoke -u <Admin Name>/<Admin Password> (-j <job id> | -i <iBot path>) [-m <machine name>[:<port>]] [(-r <replace parameter filename> | -a <append parameter filename>)] [-l [ -c SSL certificate filename> -k <SSL certificate private key filename> [ -w <SSL passphrase> | -q <passphrase file> | -y ]] [-h <SSL cipher list>] [-v [-e <SSL verification depth>] [-d <CA certificate directory>] [-f <CA certificate file>] [-t <SSL trusted peer DNs>] ] ]

To use the SchShutdown command line option when BI Scheduler is enabled for communication to occur over SSl, you must specify the SSL-related options as shown below:

SchShutdown -s <machine:port> -u <username> -p <password> [ -l [-c <ssl certificate file path>-k <ssl private key file path> [-q <ssl private key passphrase file path> | -w <ssl private key passphrase> | -y ] [-h <ssl cipher list> ]-v [ -e <ssl verification depth> ] -d <CA Certificate Directory path> | [-f <CA Certificate File path>][-t <SSL Trusted Peer DNs ]]

  
Oracle® Business Intelligence Enterprise Edition Deployment Guide Copyright © 2006, Oracle. All rights reserved.