1. Essbase Stack Deployment on Oracle Cloud Infrastructure
  2. Set Up Oracle Essbase
  3. Complete Post-Deployment Tasks
  4. Complete System and Security Hardening and Cleanup Tasks

Complete System and Security Hardening and Cleanup Tasks

After you deploy Oracle Essbase on Oracle Cloud Infrastructure using Marketplace, complete the following tasks for security.

Change Database Administrator Password

If you created an Autonomous Transaction Processing database or Oracle Cloud Infrastructure database during creation of the Essbase stack, Oracle highly recommends that you update the database administrator password, using the Oracle Cloud Infrastructure console. This password isn't used during the normal run time of the Essbase stack, but it may need to be provided for maintenance tasks. Afterward, delete the stack without running the destroy action.

Secure Your Database Access

If you want secure database access, through the VCN you configure or through a private endpoint, using a new database and VCN, see the options in the Configure Database section in Deploy Essbase.

Harden Network and Autonomous Database Security Rules

When you deploy a secured autonomous database. additional database details are displayed - in Oracle Cloud > Overview > Autonomous Database / Autonomous Database Details. Under the Autonomous database Information tab for the database, under the Network heading, Subnet: application indicates that the autonomous database is allocated to an application. The private endpoint configuration displays the Private Endpoint IP and URL, and the Network Security Groups link. Security Groups link opens the collection of Security Rules, for ingress and egress traffic rules, which you can view and customize. Here you can add and specify CIDR values for your deployment for specific IP addresses, to further harden security - click the menu link in the right column for a security rule, and then click Edit. When you associate an autonomous database to a network security group, it is considered as secure, as defined by the security rules.

Secure Your Network

See Ways to Secure Your Network.

Plan for RCU Password Expiry

Essbase RCU passwords expire in one year unless you set them to never expire. See Fix Expired RCU Passwords that Use Autonomous Database as Repository for more information.

Remove Vault

For 19c versions up to 19.3.0.4.5 only, delete any vault or key (formerly prefixed by KMS) that you created during Essbase stack provisioning, in Encrypt Values Using Vault.

Destroy Stack

(Optional) Once the Essbase stack is created, you can destroy the stack without running the destroy action. This helps to declutter the Oracle Resource Manager interface.

See Destroy the Stack.