6 Business Operations Center Postinstallation Tasks

Learn how to perform postinstallation tasks, such as enabling encryption and logging, after installing the Oracle Communications Billing and Revenue Management (BRM) Business Operations Center software.

After installing Business Operations Center, do the following on each domain host where Business Operations Center is deployed:

1. Enable logging. See "Enabling Logging".

2. Adjust your BRM connection pool settings and configure logging for your Business Operations Center environment. See "Configuring Additional Settings in Infranet.properties".

3. Create an Oracle WebLogic Server data source for use with Business Operations Center. See "Creating the Business Operations Center WebLogic Server Data Source".

4. If you are setting up a test installation, also do the following:

   1. Create the following Business Operations Center groups in Oracle WebLogic Server and add Business Operations Center users to these groups:

      • BOC_ADMIN

      • BOC_FINANCE

      For more information about creating groups and adding the users in Oracle WebLogic Server, see "Manage users and groups" in Oracle Fusion Middleware Oracle WebLogic Server Administration Console Online Help.

   2. If you want to enable pin_virtual_time in BRM and use virtual time when running Business Operations Center jobs, set the ENABLE_PVT_TEST property to true in the Domain_home/lib/bocws-config.properties file. Then, restart your domain for the configuration change to take effect.

5. If you are setting up a production installation, also do the following:

   • Import the Business Operations Center Oracle Platform Security Services (OPSS) Administration Server policy configuration. See "Importing the Business Operations Center Security Policies into OPSS".

   • If you are using Security Assertion Markup Language (SAML) for single sign-on (SSO), configure SAML. See "Configuring SAML for SSO".

Enabling Logging

Business Operations Center writes log messages using the Log4j library. See Oracle Fusion Middleware Configuring Log Files and Filtering Log Messages for Oracle WebLogic Server for more information on enabling Business Operations Center logging.

Configuring Additional Settings in Infranet.properties

Business Operations Center uses the default connection pool settings for your BRM instance. You can customize the connection pool settings or configure logging by adding entries to the application's Infranet.properties file.

Note:

You can update the connection details in the Infranet.properties file or in the Business Operations Center wallet. It is recommended to update sensitive information (such as the BRM user password) only by using the Business Operations Center wallet.

To customize the connection pool and logging settings, do the following:

1. Open the Business Operations Center Infranet.properties file in a text editor.

   Note:

   • During installation, the Infranet.properties file is copied to the Oracle_home/setup directory, and this path will be added to the INFRANET_PROPERTIES_FILE_LOCATION property in the Domain_home/lib/bocws-config.properties file. You can update the Infranet.properties file in this location.

   • The Infranet.properties file is copied to the Domain_home directory, and this path will be added to the INFRANET_PROPERTIES_FILE_LOCATION property in the Domain_home/lib/bocws-config.properties file.

2. Edit the connection pool entries in Table 6-1.

   Table 6-1 Configurable Connection Pool Properties

   Parameter	Description
   infranet.connectionpool.maxsize	The maximum number of connections the connection pool maintains.
   infranet.connectionpool.minsize	The minimum number of connections the connection pool maintains. Note: When you first start the connection pool, it may have fewer connections than the minsize value. When the minsize number of connections is reached, the number of connections will not fall below this count.
   infranet.connectionpool.timeout	The time in milliseconds that a connection request will wait in the pending request queue for a free connection before it times out. If a pending request doesn't receive a connection during this time, an exception is thrown.
   infranet.connectionpool.maxidletime	The time in milliseconds that an idle (unused) connection remains in the connection pool before it is removed. Important: If the value is set too low, connections might be removed and restored too frequently. This can degrade system performance.

3. Configure the logging entries in Table 6-2.

   Table 6-2 Optional Entries in Infranet.properties

   Entry	Description
   Infranet.log.file	The file path. The default is javapcm.log.
   Infranet.log.logallebuf	Boolean. If true, forces all EbufException exceptions to be logged automatically.
   Infranet.log.level	Specifies how much information the application should log: 0: No logging 1: Log ERROR messages 2: Log ERROR and WARNING messages 3: Log ERROR, WARNING, and DEBUG messages
   Infranet.pcp.debug.enabled	Boolean. If true, enables debug mode.
   Infranet.pcp.debug.flags	Specifies what to log: 0: Log nothing 1: Log errors only 0x1fff: Log all messages
   Infranet.log.opcodes.enabled	Boolean. If true, enables a log that records the input and output flist for every opcode called by all client applications that support this feature.
   Infranet.log.opcodes.file	The file path.

4. Save and close the file.

Creating the Business Operations Center WebLogic Server Data Source

Configure a JDBC data source in the Business Operations Center WebLogic Server domain. The deployed Business Operations Center application uses this data source to connect to the database schema created by the installer.

By default, Business Operations Center uses a value of bocdb for the WebLogic Server data source. If you did not specify a custom name for your Business Operations Center database when launching the installer, create a data source named bocdb using the WebLogic Server Administration Console. See "Configuring WebLogic JDBC Resources" in Oracle Fusion Middleware Administering JDBC Data Sources for Oracle WebLogic Server for information on creating the required data source for Business Operations Center.

If you specified a custom name for your Business Operations Center database schema during installation, create the WebLogic Server data source using this name. Additionally, you must edit the quartz.properties file with your data source's name.

To edit the quartz.properties file data source name:

1. Open the Domain_home/lib/quartz.properties file where Domain_home is the WebLogic Server domain home directory of the domain in which Business Operations Center is deployed.

2. In the DS_NAME parameter, change the value to your custom data source name.

3. Save the file.

4. Restart the domain.

Configuring the SSL-Enabled Business Operations Center Data Source

You can configure a Secure Sockets Layer (SSL)-enabled JDBC data source in the Business Operations Center WebLogic Server domain for secured communications.

To configure the SSL-enabled Business Operations Center data source in WebLogic Server:

1. Create a truststore and then add the root certificate (which you created while configuring SSL for the Oracle database) as a trusted certificate to the truststore.

2. Log in to WebLogic Server Administration Console.

3. In the Domain Structure panel, click Services and Data Sources.

   The available data sources are displayed.

4. Select the Business Operations Center WebLogic Server Data Source for which you want to enable SSL. The default data source is bocdb.

5. In the Configuration tab, select Connection Pool.

6. Modify the connection URL:

   jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST = hostname)(PORT = ssl-port))(CONNECT_DATA=(SERVICE_NAME=SID)))

   Where:

   • hostname is the name of the machine on which the Oracle database is installed.

   • ssl-port is the SSL-enabled port used for connecting to the Oracle database.

   • SID is the unique name of the Oracle database.

7. Add the following properties:

   If you require client authentication (two way authentication):

   javax.net.ssl.keyStore=keystore location
   javax.net.ssl.keyStoreType=JKS
   javax.net.ssl.keyStorePassword=keystore password
   javax.net.ssl.trustStoreType=truststore location
   javax.net.ssl.trustStoreType=JKS
   javax.net.ssl.trustStorePassword=truststore password

   where:

   • keystore location is the path to the client-side KeyStore file generated from the exported public certificate using the keytool utility.

   • keystore password is the password of the KeyStore.

   • truststore location is the path to the directory in which the truststore created in step 1 is stored.

   • truststore password is the password of the truststore.

   If you do not require client authentication:

   javax.net.ssl.trustStoreType=truststore location
   javax.net.ssl.trustStoreType=JKS
   javax.net.ssl.trustStorePassword=truststore password

8. Restart the WebLogic Server domain.

   Your data source is now configured to use SSL.

9. Test and verify the connection.

See "SSL-Enabling a Data Source" in Oracle Administering Oracle Fusion Middleware for detailed information.

Importing the Business Operations Center Security Policies into OPSS

Business Operations Center includes the system-jazn-data.xml file, which contains default OPSS policies, resource-types, resource, and actions. You must import this file into your OPSS Administration Server to set up the initial Business Operations Center OPSS configuration. Complete this procedure once for each OPSS Administration Server.

The system-jazn-data.xml file is located in the Domain_home/lib/oes_config directory, where Domain_home is the WebLogic domain home directory location of the OPSS JRF-enabled domain in which Business Operations Center is deployed.

To import the system-jazn-data.xml file into your OPSS Administration Server:

1. Open a secure shell or terminal session on the server where you installed Business Operations Center.

2. Change to the Domain_home/lib/oes_config directory.

3. Open the jps-config.xml file and modify the following parameters:

   • sourceContext. Specify the location of the system-jazn-data.xml file, which contains the policies to be migrated to the database. The system-jazn-data.xml file is in the same location as the jps-config.xml file.

     <serviceInstance name="src.xml" provider="policystore.xml.provider" location="location of the system-jazn-data.xml file">
         <description>File Based Policy Store Service Instance</description>
     </serviceInstance>

   • destinationContext. Enter the credentials for Oracle Platform Security Services (OPSS) schema.

     Note:

     Add the last five property name entries (shown in bold) if you enabled one-way or two-way SSL authentication in Business Operations Center.

     <serviceInstance name="policystore.db.destination" provider="policystore.provider">
        <description>DB Based Policy Store Service Instance</description>
        <property name="policystore.type" value="DB_ORACLE"/>
        <property name="jdbc.url" value="jdbc:oracle:thin:@dbhost:dbport:SID"/>
        <property name="jdbc.driver" value="oracle.jdbc.driver.OracleDriver"/>
        <property name="security.principal" value="OPSS Schema Name(Ex:CC_OPSS)"/>
        <property name="security.credential" value="OPSS Schema Password"/>
        <property name="oracle.security.jps.ldap.root.name" value="cn=opssroot"/>
        <property name="oracle.security.jps.farm.name" value="cn=opssSecurityStore"/>
        <property name="jdk.tls.client.protocols" value="TLSv1.2"/>
        <property name="javax.net.ssl.trustStore" value="/scratch/ri-user-1/wallet/cwallet.sso"/>
        <property name="javax.net.ssl.trustStoreType" value="SSO"/>
        <property name="javax.net.ssl.keyStore" value="/scratch/ri-user-1/wallet/cwallet.sso"/>
        <property name="javax.net.ssl.keyStoreType" value="SSO"/>
     </serviceInstance>

   • jpsContext. Specify the source context and the destination context.

     <jpsContext name="sourceContext">
         <serviceInstanceRef ref="src.xml"/>
     </jpsContext>
     <jpsContext name="destinationContext">
         <serviceInstanceRef ref="policystore.db.destination"/>
     </jpsContext> 

4. Save the file.

5. Run the migrateSecurityStore utility to import the Business Operations Center policy into your OPSS Administration Server.

See Oracle Fusion Middleware Administrator's Guide for detailed information on how to import files into your OPSS Administration Server.

Configuring SAML for SSO

You can use SAML 2.0 for enabling single sign-on (SSO) in Business Operations Center. SSO allows users to log in to applications using a single user name and password combination.

You can configure SAML authentication in a Business Operations Center domain using an Oracle Access Manager service provider or an Oracle Identity Cloud Service (IDCS) service provider.

To configure SAML for SSO:

1. Create a SAML2 assertion provider. See "Creating a SAML2 Assertion Provider".

2. Create a SAML2 authenticator. See "Creating a SAML2 Authenticator".

3. Configure the SAML2 general information. See "Configuring SAML2 General Information".

4. Configure your SAML2 service provider. See "Configuring the SAML2 Service Provider".

5. Create a SAML2 application in IDCS or Oracle Access Management.

6. Update your deployment plan to define the cookie name and path. See "Updating the Deployment Plans for Business Operations Center".

7. (IDCS only) In your Domain_home/lib/bocws-config.properties file, set the LOGOUT_URL parameter:

   LOGOUT_URL=https://hostname:port/sso/v1/user/logout

   where hostname:port is the hostname and port for the IDCS logout URL.

Creating a SAML2 Assertion Provider

To create a SAML2 assertion provider:

1. Log in to WebLogic Server Administration Console.

2. In the Domain Structure section, click the Security Realms link.

   The Summary of Security Realms page appears.

3. Click the myrealm link.

   The Settings for myrealm page appears.

4. Click the Providers tab, the Authentication subtab, and then New.

   The Create a New Authentication Provider page appears.

5. In the Name field, enter samlBOCAsserter.

6. From the Type list, select SAML2IdentityAsserter.

7. Click OK.

8. Restart WebLogic Server.

9. In the Authentication subtab, click the samlBOCAsserter link.

   The Settings for samlBOCAsserter page appears.

10. Click the Management tab.

11. Click New and then click New Web Single Sign-On Identity Provider Partner.

    The Create a SAML 2.0 Web Single Sign-On Identity Provider Partner page appears.

12. In the Name field, enter WebSSO-IdP-Partner.

13. In the Path field, enter the path to the XML file that contains the identity provider's metadata, such as metadata.xml.

14. Click OK.

15. In the Settings for samlBOCAsserter page, click the Management tab and then click the WebSSO-IdP-Partner link.

16. In the General tab, select the Enabled, Virtual User, and Process Attributes check boxes.

17. In the Redirect URIs field, enter /opsdashboard/*.

18. Click Save.

Creating a SAML2 Authenticator

To create a SAML2 authenticator:

1. Log in to WebLogic Server Administration Console.

2. In the Domain Structure section, click the Security Realms link.

   The Summary of Security Realms page appears.

3. Click the myrealm link.

   The Settings for myrealm page appears.

4. Click the Providers tab, the Authentication subtab, and then New.

   The Create a New Authentication Provider page appears.

5. In the Name field, enter samlBOCAuthenticator.

6. From the Type list, select SAMLAuthenticator.

7. Click OK.

8. In the Authentication Providers table, click the samlBOCAuthenticator link and change the Control Flag to SUFFICIENT.

9. Click Save.

10. In the Authentication Providers table, click the DefaultAuthenticator link and change the Control Flag to SUFFICIENT.

11. Click Save.

12. In the Authentication Providers table, click Reorder.

    The Reorder Authentication Providers page appears.

13. Reorder the providers in the following order:

    • samlBOCAuthenticator

    • samlBOCAsserter

    • DefaultAuthenticator

    • DefaultIdentityAsserter

14. Click OK.

Configuring SAML2 General Information

To configure SAML 2.0 general information:

1. Log in to WebLogic Server Administration Console.

2. In the Domain Structure section, expand Environment and then click Servers.

   The Summary of Servers page appears.

3. In the Servers table, click the AdminServer link.

   The Settings for AdminServer page appears.

4. Select the Configuration tab, the Federation Services subtab, and then the SAML 2.0 General subtab.

5. In the Published Site URL field, enter http://BusinessOperationsCenter_hostname:port/saml2.

   where:

   • BusinessOperationsCenter_hostname is the Business Operations Center application host.

   • port is the port on which Business Operations Center is listening on.

6. In the Entity ID field, enter samlBOCAsserter.

7. Click Save.

Configuring the SAML2 Service Provider

To configure the SAML2 service provider:

1. Log in to WebLogic Server Administration Console.

2. In the Domain Structure section, expand Environment and then click Servers.

   The Summary of Servers page appears.

3. In the Servers table, click the AdminServer link.

   The Settings for AdminServer page appears.

4. Select the Configuration tab, the Federation Services subtab, and then the SAML 2.0 Service Provider subtab.

5. Select the Enabled check box.

6. From the Preferred Binding list, select POST.

7. In the Default URL field, enter http://BusinessOperationsCenter_hostname:port/opsdashboard.

   where:

   • BusinessOperationsCenter_hostname is the Business Operations Center application host.

   • port is the port on which Business Operations Center is listening on.

8. Restart WebLogic Server.

Updating the Deployment Plans for Business Operations Center

To update the deployment plans for Business Operations Center:

1. Merge the following contents with your existing Business Operations Center service deployment plan:

   <?xml version='1.0' encoding='UTF-8'?>
   <deployment-plan xmlns="http://xmlns.oracle.com/weblogic/deployment-plan" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/deployment-plan http://xmlns.oracle.com/weblogic/deployment-plan/1.0/deployment-plan.xsd" global-variables="false">
      <application-name>BusinessOperationCenter_Service</application-name>
      <variable-definition>
         <variable>
            <name>cookie-name</name>
            <value>JSESSIONID</value>
         </variable>
      </variable-definition>
      <module-override>
         <module-name>BOCServices.ear</module-name>
         <module-type>ear</module-type>
         <module-descriptor external="true">
            <root-element>weblogic-web-app</root-element>
            <uri>WEB-INF/weblogic.xml</uri>
            <variable-assignment>
               <name>cookie-name</name>
               <xpath>/weblogic-web-app/session-descriptor/cookie-name</xpath>
               <operation>replace</operation>
            </variable-assignment>
         </module-descriptor>
      </module-override>
      <module-override>
         <module-name>boc-service.war</module-name>
         <module-type>ear</module-type>
         <module-descriptor external="true">
            <root-element>weblogic-web-app</root-element>
            <uri>WEB-INF/weblogic.xml</uri>
            <variable-assignment>
               <name>cookie-name</name>
               <xpath>/weblogic-web-app/session-descriptor/cookie-name</xpath>
               <operation>replace</operation>
            </variable-assignment>
         </module-descriptor>
      </module-override>
   </deployment-plan>

2. Merge the following contents with your existing Business Operations Center deployment plan:

   <?xml version='1.0' encoding='UTF-8'?>
   <deployment-plan xmlns="http://xmlns.oracle.com/weblogic/deployment-plan" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/deployment-plan http://xmlns.oracle.com/weblogic/deployment-plan/1.0/deployment-plan.xsd" global-variables="false">
      <application-name>BusinessOperationCenter_UI</application-name>
      <variable-definition>
         <variable>
            <name>cookie-name</name>
            <value>JSESSIONID</value>
         </variable>
      </variable-definition>
      <module-override>
         <module-name>boc-ui.war</module-name>
         <module-type>war</module-type>
         <module-descriptor external="true">
            <root-element>weblogic-web-app</root-element>
            <uri>WEB-INF/weblogic.xml</uri>
            <variable-assignment>
               <name>cookie-name</name>
               <xpath>/weblogic-web-app/session-descriptor/cookie-name</xpath>
               <operation>replace</operation>
            </variable-assignment>
         </module-descriptor>
      </module-override>
   </deployment-plan>

3. Log in to the Oracle WebLogic Server Administration Console.

4. In the Domain Structure section, click Deployments.

5. In the Configuration tab, select the BusinessOperationsCenter_Service check box and then click Update.

   The Update Application Assistant window appears.

6. In Deployment plan path, click Change Path and enter the path to your Business Operations Center service deployment file.

7. Click Finish.

8. In the Deployments table, select the BusinessOperationsCenter_UI check box and then click Update.

   The Update Application Assistant window appears.

9. In Deployment plan path, click Change Path and enter the path to your Business Operations Center UI deployment file.

10. Click Finish.