Configuring and Deploying EPM System

During configuration, you can select the settings that force EPM System components to use SSL communication with the following SSL-enabled components:

Selecting SSL settings in EPM System Configurator screens does not SSL-enable your deployment; it only sets a Shared Services Registry flag that forces the use of the secure protocol while communicating with the components for which you specified SSL settings. You must complete manual procedures to ensure that SSL communication is enabled between the components and EPM System.

Note:

You must enter or select information on all the configuration screens that EPM System Configurator displays. The following procedure discusses the screens on which SSL settings are specified. See the Oracle Hyperion Enterprise Performance Management System Installation and Configuration Guide.

  To specify SSL settings for a full SSL deployment of EPM System:

  1. Launch EPM System Configurator.

  2. Select deployment tasks for all the EPM System components to be deployed on this machine.

  3. Click Next.

  4. Enter database information for Shared Services database and Shared Services Registry:

  5. Select the Advanced Options link.

    The Advanced Options screen where you set secure connection parameters for the Foundation Services database.

  6. In the Advanced Options screen, specify the required database SSL configuration parameters through the JDBC URL that EPM System Configurator uses to communicate with the database. EPM System Configurator writes the URL into the Shared Services Registry for use during runtime.

    Caution!

    Before specifying SSL settings for the database, ensure that the database server is configured for SSL.

    1. Select Use secure connection to the database.

    2. In Trusted Keystore, select the keystore into which you imported the root certificate of the CA that signed the database certificate.

    3. If you changed the default keystore password, enter the password in Trusted Keystore Password.

    4. Click OK.

  7. Click Next.

    EPM System common settings screen where you select options to enable SSL for application server, web server, and e-mail server

  8. In the EPM System common settings screen, select settings:

    Caution!

    Before selecting the settings to use SSL to communicate with the e-mail server, ensure that the e-mail server is configured for SSL.

    1. Select Use SSL for Web application server communication (Requires manual configuration) to specify that EPM System should use SSL for communication.

    2. Optional: Enter information in Mail Server Host and Port. To support SSL communication, you must specify the secure port used by the SMTP mail server.

    3. Optional: To support SSL communication with the SMTP mail server, select Use SSL to communicate with mail server.

    4. Enter or select settings in the remaining fields.

  9. Click Next.

    The Database configuration screen for the other components you selected for deployment opens. Select an option:

    • Connect to a previously configured database to use the Shared Services database.

    • Perform 1st-time configuration of the database to use a new database for the components that you are deploying.

  10. Optional: If you chose Perform 1st-time configuration of the database, enter database connection settings.

  11. Select Advanced Options, and then select the required options. See step 6.

  12. Click Next until the Application Server Deployment: Oracle WebLogic screen opens.

    Note:

    Ensure that you specify settings on each screen you encounter.

    The Application Server Deployment: Oracle WebLogic screen lists the components that you selected to deploy, and the default WebLogic Server deployment settings. To support a full-SSL deployment, you must update the SSL port and host that the components use for server-to-server (internal) communication.

  13. Perform this step for each component listed in Application Server Deployment: Oracle WebLogic screen.

    1. From Advanced, select Set up.

      The Advanced Setup screen where you create logical web addresses to support SSL

    2. Modify the information in the following fields. See “Advanced Setup” in the Oracle Hyperion Enterprise Performance Management System Installation and Configuration Guide for a description of all the fields on this screen.

      Table 10. Fields to Modify to Define Logical Addresses

      FieldDescription
      HostThe common name (a unique virtual host name, for example, epminternal.mycompany.com) that you used while generating the certificate request for obtaining the certificate for internal communication. This host name must be added as server aliases in the hosts file. See Adding Server Aliases.
      PortSpecify the web server port, for example, 19000, that you plan to use for internal communication.
      SSL PortThe web server SSL port, for example, 19443, that you plan to use for internal communication.

    3. Click OK.

  14. Repeat step 13 to create the logical address for each component listed in the screen.

  15. Click Next until the screen for configuring web server for EPM System components that use IIS (for example, Financial Management) is displayed.

    1. Click Setup logical address for the web server.

    2. In Set up Logical address screen, modify the information as needed. See Table 10 for the information that you should change.

    3. Click OK.

  16. Click Next until the deployment process is complete.