1. Security Configuration Guide
  2. SSL-Enabling EPM System Components
  3. Full SSL Deployment of EPM System
  4. Assumptions

Assumptions

Databases

The database servers and clients are SSL-enabled. See your database documentation for information on SSL-enabling the database server and client.

EPM System

Oracle Enterprise Performance Management System components, including Oracle WebLogic Server and Oracle HTTP Server, are installed and deployed. Further, your EPM System environment has been tested to ensure that everything is working in non-SSL mode. See the following information sources:

  • Oracle Enterprise Performance Management System Installation and Configuration Guide

  • Oracle Enterprise Performance Management System Installation Start Here

  • Oracle Enterprise Performance Management System Installation and Configuration Troubleshooting Guide

If you plan to SSL-enable the database connections, during the configuration process, you must select the Advanced Options link on each database configuration screen, and then specify the required settings, which include the following:

  • Select Use secure connection to the database (SSL) and enter a secure database URL; for example, jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=myDBhost)(PORT=1529)(CONNECT_DATA=(SERVICE NAME=myDBhost.myCompany.com)))

  • Trusted Keystore

  • Trusted Keystore Password

See the Oracle Enterprise Performance Management System Installation and Configuration Guide for details.

SSL Offloader and Load Balancer

A fully configured SSL offloader with a load balancer must be present in the deployment environment.

Full SSL configuration uses two server aliases, for example, epm.myCompany.com and empinternal.myCompany.com, on the SSL offloader. One is for for external communication between the offloader and browsers, and the other is for internal communication among EPM System servers. Ensure that the server aliases point to the IP address of the machine and that they are resolvable through DNS.

The load balancer must be configured to forward all requests received by the virtual hosts to Oracle HTTP Servers.

The two signed certificates—one to support external communication between the offloader and browsers (through epm.myCompany.com), and the other to support internal communication (through empinternal.myCompany.com) among applications—must be installed on the offloader/load balancer. Oracle recommends that these certificates be tied to server aliases to prevent the exposure of server names and to enhance security.