Deploy and Manage Legacy Instances of Oracle Content Management for Government on OCI Classic

If you have Oracle Content Management for Government on Oracle Cloud Infrastructure Classic (OCI Classic), there are some differences in how you deploy and manage Oracle Content Management.

If you have Oracle Content Management Cloud Service for Oracle CX, you must create new instances, as well as manage and monitor those instances, in the Oracle Cloud Console. Don't follow the instructions below.

If you have Oracle Content Management for Government on Oracle Cloud Infrastructure Classic (OCI Classic), you perform the following tasks differently:

All other tasks are performed as described in previous chapters:

Create an Instance of Oracle Content Management for Government

To create an Oracle Content Management for Government instance, follow these steps.

  1. Verify that the cloud account Administrator is part of the OCI_Administrators Group
  2. Get region, user, and tenancy values
  3. Create a compartment for OCI object storage
  4. Generate a private key
  5. Generate a public key, and add it to OCI
  6. Create your Oracle Content Management instance

Verify That the Cloud Account Administrator Is Part of the OCI_Administrators Group

To create an instance, you must be part of the OCI_Administrators group. This group is created automatically when you have an Oracle Cloud account with Oracle Cloud Infrastructure (OCI). If you are the primary account administrator, you're automatically part of this group and can skip this step. If you're not the primary account administrator, follow these steps to confirm you're in the group.

  1. Sign in to Oracle Cloud as the cloud account administrator. You can find your account name and login information in your welcome email.
  2. In the Oracle Cloud Console, click Navigation menu icon on the top left to open the navigation menu, click Identity & Security, then, under Identity, click Federation.
  3. On the Federation page, click OracleIdentityCloudService, then, on the identity provider details page, click the link to the Oracle Identity Cloud Service Console. The IDCS Console opens in a new window.
  4. In the IDCS Console, click Navigation menu icon, and then click Groups.
  5. Click OCI_Administrators.
  6. Click Users to list the group members.
  7. Verify that the cloud account administrator user is listed.

If you're not a member of OCI_Administrators, you need to add yourself to the group. See Assign Users to Groups.

Get Region, User, and Tenancy Values

When you create your Oracle Content Management instance, you’ll be asked for values from Oracle Cloud Infrastructure for setting up object storage. To get these values, perform the following steps:

  1. Return to the Oracle Cloud Console window.
  2. In the data center drop-down list in the top right, select the data center that’s closest to the region in which your company is based. Note the name of the region. This will be your Region and your Storage Infrastructure Region Name.
  3. Click Navigation menu icon, expand Identity, and click Users.
  4. Under Users, look for the cloud account administrator user and note the OCID value. You can use this value as your Storage User OCID. Several users might be listed here, so be sure to use the OCID of a user who has administrator privileges.

    Or you can create another user for storage service, assign that user to the Administrators group, and use the OCID of the user you created. To create a user in the Oracle Cloud Console:

    1. Click Navigation menu icon, expand Identity, click Users, and then click Create User.
    2. Enter a user name, and then click Create.
    3. Click Navigation menu icon, expand Identity, and click Groups.
    4. Click the Administrators link.
    5. Click Add User to Group, select the new user in the drop-down list, and then click Add.
    6. Get the User OCID of the new user from Group Members. You can use this value as your Storage User OCID.
    Creating a user in the Oracle Cloud Console is not going to add or create the user account in IDCS. The cloud account administrator should use the IDCS Admin Console to create the user and assign the application roles for the user to sign into and access the Oracle Content Management service.
  5. Click Navigation menu icon, click Administration, and then click Tenancy Details. Under Tenancy Information, note the OCID value. You can use this value as your tenancy OCID.

Create a Compartment for OCI Object Storage

  1. In the Oracle Cloud Console, click Navigation menu icon, under Governance and Administration, expand Identity, and click Compartments.

    Two compartments are created by default, the root compartment of the Tenancy (RC) and the ManagedCompartmentforPaaS (C). Do not use these default compartments. You need to create a new compartment for object storage.

  2. On the Compartments page, click Create Compartment.
  3. Enter a name and description for the compartment.
  4. Click Create Compartment.
  5. After the compartment is created, next to OCID, click Show, and note the value. This will be your Storage Compartment ID.

    You need to create a new compartment the first time you create an Oracle Content Management instance, but you do not need to create a new compartment for every instance,. You can use the same compartment for multiple instances.

Generate a Private Key

Use the following OpenSSL commands to generate an API signing key/key pair in the required PEM format.

Note:

  • If you’re using Windows, you need to run the commands with Git for Windows. If you don't’ have Git for Windows, you can download it from https://git-scm.com/download/win.
  • If you’re using Linux, OpenSSL is installed by default.
  1. If you haven't already, create an .oci directory to store the credentials:

    mkdir ~/.oci

  2. Generate the private key with no passphrase:

    openssl genrsa -out ~/.oci/oci_api_key.pem 2048

  3. Ensure that only you can read the private key file:

    chmod go-rwx ~/.oci/oci_api_key.pem

You’ll upload this private key file when you create your Oracle Content Management instance.

Generate a Public Key and Add it to OCI

  1. Generate a public key:

    openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem

  2. Show the public key:

    cat ~/.oci/oci_api_key_public.pem

  3. Copy the full text of the public key.
  4. Add the public key to the Oracle Cloud Console:
    1. From the menu, click Identity and then Users.
    2. Select the user.
    3. Click Add Public Key.
    4. In the dialog, paste the public key, and then click Add.
    5. After you add the public key, note the Fingerprint value. If you've added more than one public key, make sure to note the correct fingerprint value based on the time stamp. This will be your Storage Public Key Fingerprint.

Create Your Oracle Content Management Instance

  1. Return to the Oracle Cloud Console, click Navigation menu icon on the top left to open the navigation menu, expand Platform Services, then click Content and Experience.
  2. Click Create Instance.

    Note:

    For successful creation of the instance, be sure to follow the instructions on the Create Instance page exactly as indicated in the Description column for every field. Do not leave any default values prior to committing your information.
  3. Enter the following information, and then click Next.
    Field Description
    Instance Name Specify a unique name for your service instance. If you specify a name that already exists, the system displays an error and the instance is not created.
    Description Optionally, enter a description of the instance.
    Notification Email Enter the email address to which you want provisioning status updates to be sent.
    Region Select the region name you noted when getting region, user, and tenancy values.
    Tags Leave this field blank.
    Storage User OCID Enter the storage user OCID you noted when getting region, user, and tenancy values.
    Storage Tenancy OCID Enter the tenancy OCID you noted when getting region, user, and tenancy values.
    Storage Infrastructure Region Name Enter the region name you noted when getting region, user, and tenancy values.
    Storage Compartment ID Enter the compartment OCID you noted after creating a compartment for OCI object storage.
    Storage Public Key Fingerprint Enter the public key fingerprint you noted after adding the public key to Oracle Cloud Infrastructure.
    Storage Private Key Upload the private key file you generated.

What to Do Next

After your service instance is successfully created, you get an email to confirm it. The email includes a link to your instance. To access the Oracle Content Management web client, click Action Menu icon next to your Oracle Content Management service instance, and select Access Content Cloud Service Instance.

Next, set up users and groups.

Important:

  • When you create your instance, a user named CEC_INTERNAL_APPID_USER is automatically created. It’s an internal user that can’t be used to sign in. This user enables communication between Oracle Content Management components. Do not delete this user or some functionality in Oracle Content Management will no longer work.
  • After your instance is created, you'll be billed based on active users per hour and visitor sessions.

Manage Oracle Content Management for Government

If you have Oracle Content Management for Government, there are some differences in how manage your instances.

To view your instances:

  1. Sign in to Oracle Cloud as the cloud account administrator. You can find your account name and login information in your welcome email.
  2. In the Oracle Cloud Console, click Navigation menu icon, under More Oracle Cloud Services, expand Platform Services, then click Content and Experience. You might need to use the scroll bar on the left to scroll down to see the menu option.

From the list of instances you can perform the following actions:

  • You can perform some management tasks from the list of instances. Next to the instance you want to manage, click Action Menu icon. You can access the Oracle Content Management web client for the instance, add tags, or delete the instance.
  • To view general information about an instance, click its name. You see information such as storage OCIDs, version, and account name. To view additional information, click Instance Details icon.
  • To manage an instance, click its name, then click Manage this instance icon. You can access the Oracle Content Management web client for the instance, add an association, update instance credentials, add tags, or view activity.

Understand Active Users per Hour

If you have an Oracle Content Management instance built on Oracle Cloud Infrastructure (OCI) and managed with the Infrastructure Classic Console, you’ll be billed based on active users per hour.

An active user per hour is defined as a unique user that interacts with the service during a one-hour session. Active users are tracked through a cookie, user ID, token, device ID, IP, or session ID. Authenticated users and visitors are tracked based on the role given to the user (standard, enterprise, or visitor) in that service instance. Anonymous users are tracked as visitors.

Visitors and anonymous users that access the service from multiple channels (website, mobile app, desktop client, custom app via APls, email, etc.) count as multiple active users sessions. An authenticated user that accesses the service from multiple channels counts as one active user session. For example, if one visitor in a one-hour period accesses the same Oracle Content Management instance from a Firefox desktop web browser, a Chrome desktop web browser, and a mobile web browser, that would count as a total of three active user sessions. Whereas, if one authenticated user performs the same actions, that would count as one active user session.

Depending on whether the user is a standard user, an enterprise user, or a visitor, the user is allowed a certain number of API calls, a certain amount of outbound data transfer, and, for enterprise users, a certain number of new published content assets. Therefore, for billing purposes, the following metrics are also tracked during each one-hour active user session:

  • Number of API calls made to the service by custom third-party applications (non-Oracle) — If the number of API calls exceeds the API calls that are entitled per active user in a one-hour period, a new active user is added to the hourly count.
  • Outbound data transfer — This includes the data a user downloads from the Oracle Cloud Service and any transfer of data from the Oracle Cloud Service over the internet, including responses to client requests. If the outbound data transfer exceeds the data transfer that is entitled per active user in a one-hour period, a new active user is added to the hourly count.
  • Number of newly published assets (enterprise users only) — A published asset is either a file based asset (for example, a document, an image, or a video) or a content item that has been published. A content item is a block of information created using a content type. If the number of newly published assets exceeds the published assets that are entitled per active user in a one-hour period, a new active user is added to the hourly count. This count doesn’t include previously published assets, only assets published during the one hour active user session.

Note:

For information on Universal Credits pricing and usage limits (for example, the number of API calls, amount of outbound data transfer, and number published assets allowed per user), see Oracle Universal Credits Pricing and Oracle Cloud Services (view “Oracle PaaS and IaaS Universal Credits - Service Descriptions” near the bottom of the list).

Frequently Asked Questions

Does a user visiting a second site count as a second active user session?

Only a visitor or anonymous user accessing a different resource (such as a different site) will be counted as a separate active user session. An authenticated user accessing the service from multiple channels will be counted as one active user session. For example, the same visitor accessing two different sites within the one-hour session window will be counted as two active user sessions. Essentially the count is per visitor or anonymous user, per resource, per channel, per one-hour session window for a given service instance.

Will visits to a site by bots or crawlers count as active user sessions?

Repeated visits from bots or crawlers will not be counted as active user sessions.

Will a user accessing a public download link be counted as an active user session?

A user accessing a public download link to download a document will not be counted as an active user session. Even if the user is brought to the Oracle Content Management user interface, showing the Download button, it won’t count as an active user session. However, the outbound data transfer per hour will be tracked.

What if the public download link is accessed via a site created with Oracle Content Management? Will using the link be counted as an active user session?

Visiting the site created with Oracle Content Management triggers an active user session, so it will count as an active user for that hour, but not due to using the public download link. Again, the outbound data transfer will be tracked.

For a browser session, how are active user sessions tracked?

The active user sessions for a browser are tracked by placing a cookie that expires after the one-hour session window ends in the browser session.

What happens if a user clears cookies in the browser or closes an incognito browser session?

If the user clears the cookie (by clearing in browser or closing an incognito window), the next request will be treated as a new user and count as a new active user session.

Are AppLinks and API calls tracked for billing purposes?

AppLinks and API calls from third-party applications and from other Oracle Cloud applications are charged according to the user identity (Standard or Enterprise) used to establish the API connection. Every 100 API calls in a given hour count as an additional active user for that hour.

How are AppLink calls tracked as visitor sessions?

The assignedUser parameter in the AppLink request body is used to track the client-side invocations associated to unique users. See Integrating Folder and File Selection and Applinks Resource in Integrating and Extending Oracle Content Management.

How is a user of the Oracle Content Management desktop client tracked?

A desktop client user is tracked as an active user (either as a standard or enterprise user as appropriate) if they create, edit, or update files or folders from their desktop. Downward syncing actions from the cloud server caused by other user updates to files or folders are not counted as active user sessions. However, syncing does count toward the outbound data transfer metric. For example, if a user syncs more than 1 GB of data per hour, each additional GB synced will count as an additional active user session for that hour (either standard or enterprise as appropriate).

Understand Visitor Sessions

A visitor session is metric used by Oracle Content Management to track usage during a specified session window (one hour for hourly visitor sessions and 24 hours for daily visitor sessions). A visitor session is triggered when a unique unauthenticated user or an authenticated user who has the site visitor role accesses the service using a specific channel (for example, via a browser, mobile browser or applink, etc.). Access from multiple channels counts as multiple visitor sessions. For example, if one user in a 24 hour period accesses the same Oracle Content Management instance from a Firefox desktop web browser, a Chrome desktop web browser, and a mobile web browser, that would count as a total of three daily visitor sessions.

Unauthenticated users can access certain sites, use public links, and view Oracle Content Management content embedded in apps or websites.

Frequently Asked Questions

If a user accesses multiple pages within the same Oracle Content Management instance, does that count as multiple visitor sessions?

No. Visitor sessions are only counted at the instance (site) level.

When is a visitor session triggered?

A visitor session is initiated by any user (anonymous or authenticated guest) who accesses an Oracle Content Management resource such an Oracle Content Management instance, a site created with Oracle Content Management, or via an API (for example, using applinks) at least once during the session window.

How long does a visitor session last?

The duration of an hourly visitor session is one hour; a daily visitor session is 24 hours. It starts the first time the user accesses a specific Oracle Content Management resource via a unique channel. After one hour, subsequent visits by the same user to the same resource triggers another hourly visitor session. After 24 hours, subsequent visits by the same user to the same resource triggers another daily visitor session.

Will an Oracle Content Management standard or enterprise user be counted in visitor session counts?

No. An authenticated (signed-in) standard or enterprise user that visits an Oracle Content Management resource isn’t included in visitor session counts.

Does the visitor session apply to authenticated (signed-in) users visiting an Oracle Content Management resource?

As stated above an authenticated Oracle Content Management standard or enterprise user that visits an Oracle Content Management resource will not be counted in visitor session counts. However, an authenticated user with the site visitor role will be counted in the visitor session counts.

How often is the visitor session calculated?

The visitor might access the same resource (site, API or applink) multiple times in the visitor session window (one hour for hourly visitor sessions and 24 hours for daily visitor sessions), but will be counted as one/single visit. If the user accesses the same resource again after the visitor session window, it will be counted as new visit.

Does a user visiting a second site count as a second visitor session?

The same user accessing a different resource (such as a different site) will be counted as a separate visitor session visit. For example, the same user accessing two different sites within the session window will be counted as two visits. Essentially the count is per user, per resource, per channel, per visitor session window for a given service instance.

Will visits to a site by bots or crawlers count as visitor sessions?

Repeated visits from bots or crawlers will not be counted as visitor sessions.

Will a user accessing a public download link be counted as visitor session?

A user accessing a public download link to download a document will not be counted as a visitor session. Even if the user is brought to the Oracle Content Management user interface, showing the Download button, it won’t count as a visitor session.

What if the public download link is accessed via a site created with Oracle Content Management? Will using the link be counted as visitor session?

Visiting the site created with Oracle Content Management triggers a visitor session, so it will count as a visitor session, but not due to using the public download link.

For a browser session, how are the visitor sessions tracked?

The visitor sessions for a browser are tracked by placing a cookie that expires after the session window ends in the browser session.

What happens if a user clears his cookies in his browser or closes an incognito browser session?

If the user clears the cookie (by clearing in browser or closing an incognito window), the next request will be treated as a new user and count as a new visitor session.

What metrics are reported to administrators?

Oracle Content Management Analytics provides the following metrics:

  • Break down of visitor session counts on hourly basis
  • Aggregation of visitor session counts per month
  • Ability to drill down on each day of the month (to get to visitor counts)

What metrics are not currently supported or captured?

  • Cookie disabling: Some customers can disable cookie tracking on the browser side as an end user policy. In such cases, Oracle Content Management can’t track the visitor based cookies since they are turned off, meaning the count will be lower than the actual number of visitors.
  • Tracking visitors via the Oracle Content Management desktop application (the desktop application currently supports counting only named users).
  • Tracking visits via the Oracle Content Management mobile applications (the mobile applications currently support counting only named users).

What about opt-out or privacy support with regards to cookie tracking?

Oracle Content Management sites will provide a standard option of letting the user know that a Oracle Content Management resource (site) is using cookies and users can opt-out by disabling the cookie. To support this, the following two items are added consistently across all the Oracle Content Management site resources:

  • Opt-out summary message: This message appears on each site to indicate that a cookie is being used for tracking. It includes a link to the privacy page.
  • Privacy site page: A standard sites page explaining the usage of a cookie as well the steps to disable the cookie. You can customize this page like any other sites page.

Are AppLinks and API calls tracked as visitor sessions?

AppLinks and REST API calls from third-party applications are included in the visitor sessions counts.

How are AppLink calls tracked as visitor sessions?

The assignedUser parameter in the AppLink request body is used to track the client-side invocations associated to unique users. See Integrating Folder and File Selection and Applinks Resource in Integrating and Extending Oracle Content Management.

Examples

Here are some examples of visitor session counts. Let’s assume ACME Corporation has an Oracle Content Management service instance and has created three sites: SiteA, SiteB, and SiteC. Following are examples of how the visitor sessions would be counted during a session window.

Visitor Resource (Site) Daily Visitor Session Counts
User1 https://docs-acme.sites.us2.oracecloud/authsite/SiteA Count increases to 1 (cookie1, user visits a site—SiteA, using Firefox)
User1 https://docs-acme.sites.us2.oracecloud/authsite/SiteB Count increases to 2 (cookie2, same user but different site—SiteB, using Firefox)
User2 https://mysite.acme.example.com (vanity URL for SiteC) Count increases to 3 (cookie3, different user, different site—SiteC, using Firefox)
User3 https://mysite.acme.example.com (vanity URL for SiteC) Count increases to 4 (cookie4, different user, same site—SiteC, using Firefox)
User2 https://mysite.acme.example.com (vanity URL for SiteC) Count stays at 4 (no change, cookie3, same user—User2, same site—SiteC, using Firefox, same session window)
User2 https://mysite.acme.example.com (vanity URL for SiteC) Count increases to 5 (cookie5, same user—User2, same site—SiteC, same session window, but using Chrome)