1. Security Configuration Guide
  2. SSL-Enabling EPM System Components
  3. Terminating SSL at the Web Server

Terminating SSL at the Web Server

Deployment Architecture

In this scenario, SSL is used to secure the communication link between Oracle Enterprise Performance Management System clients (for example, a browser) and Oracle HTTP Server. The illustrated concept:


A typical deployment of EPM System products with terminated at the web server.

Assumptions

This configuration uses two server aliases; for example, epm.myCompany.com and empinternal.myCompany.com, on the web server, one for external communication between the web server and browsers, and the other for internal communication among EPM System servers. Ensure that the server aliases point to the IP address of the machine, and that they are resolvable through DNS.

A signed certificate to support external communication with browsers (for example, through epm.myCompany.com) must be installed on the web server (where the virtual host that supports secure external communication is defined). This virtual host should terminate SSL and forward HTTP requests to the Oracle HTTP Server.

When SSL is being terminated at Oracle HTTP Server (OHS) or load balancer, you must:

  • Set every Logical Web Application to non-ssl virtual host of load balancer or Oracle HTTP Server (for example, empinternal.myCompany.com:80 where 80 is the non-SSL port). Open Configuration screen, complete these steps:
    1. Expand Hyperion Foundation configuration task.
    2. Select Configure Logical Address for Web Applications.
    3. Specify the Host name, non-SSL port number and SSL port number.
  • Set external URL to SSL-enabled virtual host of load balancer or Oracle HTTP Server (for example, empexternal.myCompany.com:443 where 443 is the SSL port). Open Configuration screen, complete these steps:
    1. Expand Hyperion Foundation configuration task.
    2. Select Configure Common Settings.
    3. Select Enable SSL offloading under External URL Details.
    4. Specify the External URL Host and External URL Port.

    Note:

    Redeploying web applications or reconfiguring the web server using configtool will replace the settings for Logical Web Application and external URLs.

Configuring EPM System

The default deployment of EPM System components supports SSL termination at the web server. No additional action is required.

While configuring EPM System, ensure that the logical web applications point to the virtual host (for example, empinternal.myCompany.com) that was created for internal communication. See the following information sources to install and configure EPM System:

  • Oracle Enterprise Performance Management System Installation and Configuration Guide

  • Oracle Enterprise Performance Management System Installation Start Here

Testing the Deployment

After completing the deployment process, verify that everything works by connecting to the secure Oracle Hyperion Enterprise Performance Management Workspace URL: 

https://virtual_host_external:SSL_PORT/workspace/index.jsp

For example, https://epm.myCompany.com:443/workspace/index.jsp where 443 is the SSL port.