| Oracle® Health Sciences Clinical Development Analytics Secure Installation and Configuration Guide Release 2.2 for Standard Configuration E25025-04 |
|
|
PDF · Mobi · ePub |
| Oracle® Health Sciences Clinical Development Analytics Secure Installation and Configuration Guide Release 2.2 for Standard Configuration E25025-04 |
|
|
PDF · Mobi · ePub |
This section presents an overview of the Oracle Health Sciences Clinical Development Analytics (OHSCDA) requirements. It also describes the tasks that you must complete before you can install the application.
This chapter includes the following section:
Security Guidelines for Oracle Business Intelligence Data Warehouse Administration Console
Security Guidelines for Oracle Healthcare Master Person Index
Security Guidelines for Oracle Business Intelligence Enterprise Edition
The requisite technology stack for OHSCDA configuration is provided in the media pack, with the exception of Informatica. It consists of the following products:
Oracle Database 11.2.0.3
Oracle WebLogic Server 10.3.5
Oracle Business Intelligence Enterprise Edition (OBIEE) 11.1.1.6 and patches 14538078, 14538128, 14285344, 14538164, 14415773, 14405222, and 14409674.
Oracle Business Intelligence Data Warehouse Administration Console 10.1.3.4.1 and patch 14306642.
Informatica PowerCenter 9.0.1 HotFix 2
Note:
Informatica is not part of the media pack. You need to acquire its license separately.All references to media pack server in this document refer to the computer onto which you download the media pack for Oracle Health Sciences Clinical Development Analytics (Standard Configuration).
Make sure that the domain information of the Informatica repository, where you plan to import OHSCDA related Informatica mappings, is added to domains.infa file of the Informatica client.
Oracle Healthcare Master Person Index (OHMPI) 1.1.2 with patch 12735093 (Optional)
Table 1-1 System Requirements References
| Product | Reference |
|---|---|
|
Oracle Database 11.2.0.3 |
Database Installation Guide for <platform> |
|
Oracle WebLogic Server 10.3.5 |
Oracle WebLogic Server Documentation Library |
|
Oracle Business Intelligence Enterprise Edition (OBIEE) 11.1.1.6 and patches 14538078, 14538128, 14285344, 14538164, 14415773, 14405222, and 14409674. |
System Requirements and Supported Platforms for Oracle Business Intelligence Suite Enterprise Edition Oracle Business Intelligence Infrastructure Installation and Configuration Guide |
|
Oracle Business Intelligence Data Warehouse Administration Console 10.1.3.4.1 and patch 14306642 |
Oracle Business Intelligence Data Warehouse Administration Console Installation, Configuration, and Upgrade Guide Data Warehouse Administration Console User's Guide |
|
Informatica PowerCenter 9.0.1 HotFix 2 |
Informatica PowerCenter Installation Guide |
|
Oracle Healthcare Master Person Index 1.1.2 patch 12735093 |
Oracle Healthcare Master Person Index Documentation Library |
|
Other Technology Stack Components |
My Oracle Support / Certifications |
Note:
It is important to get the technology stack products from the OHSCDA media pack because newer versions of the technology stack products may have become available but may not be compatible with OHSCDA.Determine the computer on which you will install each component of OHSCDA (Standard Configuration).
You may select to install each product on a different server, if required. The OHSCDA (Standard Configuration) media pack server does not have to act as server for any of the products, though it may. You may consult Figure 1-1, and the documentation listed in Table 1-1 for information on installing each product.
Determine the databases you need to create.
You must create a database schema to serve as the warehouse for OHSCDA.
If you have already installed OHSCDA for Plus Configuration, you may not create the OHSCDA schema for Standard Configuration in the same database that has Oracle LSH; doing so would create a name collision.
It is a good practice to create the schema for the OHSCDA Standard Configuration warehouse in a new database.
You may select to create schemas for repositories for the other OHSCDA components in the same database that will be used for the OHSCDA warehouse. It minimizes the number of databases that you need to maintain for OHSCDA. However, if you will be using the component applications for purposes other than OHSCDA, Oracle recommends that you create their repositories in instances other than the one holding the OHSCDA warehouse.
If you plan to implement deduplication, you may create the schemas for the OHMPI Master Indexes either in the OHSCDA warehouse database, or in a separate database specific to OHMPI Master Indexes. If you are using OHMPI for purposes in addition to OHSCDA, Oracle recommends that the Master Index schemas be created in a database specific to OHMPI.
OHMPI Projects need to be deployed on Oracle WebLogic Server. You may select to deploy the OHMPI projects on the same Oracle WebLogic Server used for OBIEE by creating a new WebLogic domain running on different port (which is not used by any other domains) or you may choose to deploy the projects on a different Oracle WebLogic Server instance.
Figure 1-1 Oracle Health Sciences Clinical Development Analytics Technology for Standard Configuration
For more information about certifications, refer to Finding Certification Information.
OHSCDA supports those Internet browsers supported by OBIEE. For a list of the browsers supported by OBIEE, refer to Oracle Fusion Middleware System Administrator's Guide for Oracle Business Intelligence Enterprise Edition11g Release 1 (11.1.1).
The following principles are fundamental to using any application securely.
One of the principles of good security practice is to keep all software versions and patches up to date.
Oracle continually improves its software and documentation. Critical Patch Updates are the primary means of releasing security fixes for Oracle products to customers with valid support contracts. They are released on the Tuesday closest to the 17th day of January, April, July and October. We highly recommend customers apply these patches as soon as they are released.
Although the importance of passwords is well known, the following basic rule of security management is worth repeating:
Ensure all passwords are strong passwords.
You can strengthen passwords by creating and using password policies for your organization. For guidelines on securing passwords and for additional ways to protect passwords, refer to the Oracle® Database Security Guide specific to the database release you are using.
You should modify the following passwords to use your policy-compliant strings:
Passwords for the database default accounts, such as SYS and SYSTEM.
Passwords for the database application-specific schema accounts, such as RXI.
The password for the database listener. Oracle recommends that you do not configure a password for the database listener as that will enable remote administration. For more information, refer to Oracle® Database Net Services Reference 11g Release 2 (11.2)
The principle of least privilege states that users should be given the least amount of privilege to perform their jobs. Overly ambitious granting of responsibilities, roles, grants — especially early on in an organization's life cycle when people are few and work needs to be done quickly — often leaves a system wide open for abuse. User privileges should be reviewed periodically to determine relevance to current job responsibilities.
Keep only the minimum number of ports open. You should close all ports not in use.
Oracle Health Sciences Clinical Development Analytics Standard Configuration does not use the Telnet service.
Telnet listens on port 23 by default.
If the Telnet service is available on any computer, Oracle recommends that you disable Telnet in favor of Secure Shell (SSH). Telnet, which sends clear-text passwords and user names through a log-in, is a security risk to your servers. Disabling Telnet tightens and protects your system security.
In addition to not using Telnet, the Oracle Health Sciences Clinical Development Analytics Standard Configuration does not use the following services or information for any functionality:
Simple Mail Transfer Protocol (SMTP): This protocol is an Internet standard for E-mail transmission across Internet Protocol (IP) networks.
Identification Protocol (identd): This protocol is generally used to identify the owner of a TCP connection on UNIX.
Simple Network Management Protocol (SNMP): This protocol is a method for managing and reporting information about different systems.
Restricting these services or information does not affect the use of Oracle Health Sciences Clinical Development Analytics Standard Configuration. If you are not using these services for other applications, Oracle recommends that you disable these services to minimize your security exposure. If you need SMTP, identd, or SNMP for other applications, be sure to upgrade to the latest version of the protocol to provide the most up-to-date security for your system.
When designing a secure deployment, design multiple layers of protection. If a hacker should gain access to one layer, such as the application server, that should not automatically give them easy access to other layers, such as the database server.
Providing multiple layers of protection may include:
Enable only those ports required for communication between different tiers, for example, only allowing communication to the database tier on the port used for SQL*NET communications (1521 by default).
Place firewalls between servers so that only expected traffic can move between servers.
While installing and configuring the DAC Server, follow the guidelines documented in Oracle Business Intelligence Data Warehouse Administration Console Installation, Configuration, and Upgrade Guide.
The OHSCDA DAC metadata consists of DAC Repository which must be deployed on the DAC Server.
After deploying the DAC Repository, make sure all connection configurations are altered as described in the DAC Installation Guide to point to the customer database connection parameters.
The DAC Repository contains only metadata for OHSCDA Informatica ETLs. The metadata is used within the context of the DAC Server. Follow the security guidelines applicable to the DAC Server while importing the metadata.
While installing and configuring OHMPI, follow the guidelines documented in Oracle Healthcare Master Person Index Installation Guide.
OHSCDA need to store the OHMPI username and password that is needed to set Context and call the OHMPI EJB during incremental dedup ETL execution. This user name and password is encrypted and stored in secret store wallet files. Key management is built in using a Java program, eliminating the complex task of creating, managing, and securing information.
Java program code in Informatica Java transformation is used to retrieve the password during incremental OHMPI program executions which are then used for setting context and executing the OHMPI EJB. These programs are executed with the privileges of Informatica OS user which works implicitly granting access to restricted folders and wallet files in them.
Note:
During the installation, the folder and Wallet files within are given restricted access at Operating System privileges; this is key technique by which OHSCDA secures the user_id and password.While importing and setting up OHSCDA's OHMPI projects, follow the guidelines documented in OHMPI documents.
The OHSCDA's OHMPI metadata consists of 15 OHMPI projects which are zipped into individual files. Ensure that only an Administrator is given access to these files.
After importing the projects, make sure that the data source connection, JMS Servers, and JMS Topics are created in Oracle WebLogic Server console and the user created in Oracle WebLogic Server is assigned to MasterIndex.Admin group.
While installing and configuring the OBIEE Server, you should follow guidelines in the document Oracle® Fusion Middleware Security Guide for Oracle Business Intelligence Enterprise Edition 11g Release 1 (11.1.1)Part Number E10543-02.
It is possible to add customized links to web applications that are deployed in a web server. Through this mechanism, any information that can be made available through a URL can be made accessible to OHSCDA users. In addition, your customized links may support passing session parameters, such as the log-in user ID, and currently selected Product, Program, Study and Site to a URL. By passing these session parameters, you can access Web pages specific to you current selections on these attributes. However, you should be aware that in links that access external Web sites, passing account data and session information may pose a security risk.
Following is a sample topology of technology components for OHSCDA:
Before you can install the OHSCDA application, you must complete the following pre-installation tasks:
Install Oracle Database 11.2.0.3
Note:
You must set the init parameter processes for the database to a minimum of 500.Follow the instructions in Database Installation Guide for <platform>.
Install Oracle WebLogic Server 10.3.5
Follow the instructions in Oracle WebLogic Server Documentation Library.
Note:
If you plan to implement deduplication, you may choose to use the same instance of Oracle WebLogic for deploying OHMPI Projects by creating a new WebLogic domain running on different port (which is not used by any other domains) or create a fresh instance of Oracle WebLogic.You must set the MaxPermSize to 2 GB.
Install Oracle Business Intelligence Enterprise Edition (OBIEE) 11.1.1.6.4 with the following components:
Oracle Business Intelligence Server (Supported only on Windows and Unix)
Oracle Business Intelligence Presentation Services (Supported on Windows and Unix)
Oracle Business Intelligence Client Tools (Supported only on Windows)
Follow the instructions in Oracle Business Intelligence Infrastructure Installation and Configuration Guide.
Install Oracle Business Intelligence Data Warehouse Administration Console (DAC) 10.1.3.4.1
Install Oracle Business Intelligence Data Warehouse Administration Console (DAC)
Follow the instructions in Oracle Business Intelligence Data Warehouse Administration Console Installation, Configuration, and Upgrade Guide.
Install patch number 14306642
The patch is available in OHSCDA_HOME/software. Follow the instructions in the patch readme to install it.
Important:
If DAC and Informatica Servers are on different systems, do not copy infa_command.xml from 14306642 patch.Install Informatica PowerCenter 9.0.1 HotFix 2
Follow the instructions in Informatica PowerCenter Installation Guide.
If you plan to implement deduplication, install Oracle Healthcare Master Person Index (OHMPI) 1.1.2 patch 12735093.
Note:
Oracle recommends that you enable HTTPS on middle-tier computers that are hosting the Web services, since otherwise the trusted user name and password that are passed can be intercepted.
|
 Copyright © 2010, 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
