1. Set up the infrastructure to deploy Oracle Enterprise Performance Management
  2. Verify the Topology

Verify the Topology

Verify that the resources that you defined in the Terraform configuration are created, test SSH access to the bastion host, and verify access to the private compute instances.

Verify the Resources Deployed

Check whether all the resources you specified in the Terraform configuration were created.

  1. Sign in to the Oracle Cloud Infrastructure web console.
  2. In the regions menu near the upper right corner, select the region name corresponding to the region ID that you specified in terraform.tfvars.
    For example, if you specified the region ID us-ashburn-1 in terraform.tfvars, then select US East (Ashburn).
  3. From the services menu, select Compute.
  4. In the COMPARTMENT field in the navigation pane on the left, select the compartment name corresponding to the compartment ID that you specified in terraform.tfvars.
  5. Review the instances that have names starting with the epm_env_prefix (environment prefix) that you specified in terraform.tfvars.
    The unique name of each compute instance is a concatenation of the following values:
    • The environment prefix
    • An abbreviation representing the Oracle Enterprise Performance Management application that the instance is for
    • The first three characters of the region name

      For example, ash for US East (Ashburn)

    • The availability-domain number
    • A serial number

    For example, if the environment prefix is epm, and if you opted to create two compute instances for Oracle Hyperion Financial Management in the second availability domain in the US East (Ashburn) region, then the names of the instances would be: epmhfmash21 and epmhfmash22.

    Assuming that the environment prefix is epm, the following instances should exist:

    • An instance with a name that starts with epmbas.
    • One or more instances with names that start with epmfnd
    • One or more instances with names that start with epmweb
    • One or more instances for each of the Oracle Enterprise Performance Management applications that you opted to create infrastructure for.
      Application Compute Instance Names
      Oracle Hyperion Planning epmpln...
      Oracle Essbase epmess...
      Oracle Hyperion Financial Management epmhfm...
      Oracle Hyperion Tax Provision epmhtp
      Oracle Hyperion Financial Data Quality Management, Enterprise Edition epmfdm
      Oracle Hyperion Profitability and Cost Management epmprof
      Oracle Hyperion Strategic Finance epmsf
  6. Click the name of each instance and, on the Instance Details page, verify that the shape matches the setting that you had specified in terraform.tfvars.
    All the compute instances for a given Oracle Enterprise Performance Management application use the same shape.
  7. On the Instance Details page of any instance, under Instance Information, locate the Virtual Cloud Network field, and click the VCN name.
  8. On the Virtual Cloud Network Details page, verify that the CIDR block matches the address that you specified in terraform.tfvars.
  9. In the left navigation pane, under Resources, verify that the VCN contains the following resources.
    • Subnets: bassubnet, lbsubnet, websubnet, appsubnet, and dbsubnet
    • Route tables: The default route table, labelpubrt, labelpvtrt, where label is the DNS label that you specified for the VCN.
    • An internet gateway
    • A NAT gateway
    • A service gateway
    • Security lists: The default security list, BastionSecList, DBSecList, AppSecList, WebSecList, LBSecList
  10. From the services menu, select Networking and then Load Balancers.
    1. Verify that a load balancer with a name that starts with environment prefix you specified exists.
    2. Verify that the backend set of the load balancer shows the private IP addresses of the web servers.
  11. If you opted to create databases for Oracle Hyperion Foundation Services or for the Oracle Enterprise Performance Management applications, then verify that the databases exist.
    From the services menu, select Bare Metal, VM, and Exadata.
  12. From the services menu, select File Storage.
    Verify that a file system with a name that starts with prefixfss exists, where prefix is the environment prefix.
    Click the name of the file system, and verify that an export exists.
  13. From the services menu, select Block Volumes.
    Verify that block volumes with names that start with prefixfnd and prefixweb exist.
    Depending on the applications that you created compute instances for, you should see one or more block volume for each application.

Verify SSH Access to the Bastion Host from a UNIX-Like System

Run the following command:
ssh -i privateKeyPath opc@bastionPublicIPaddress
  • privateKeyPath: The full path and name of the file containing the private SSH key corresponding to the public SSH key that you specified for the bastion host.
  • bastionPublicIP: The public IP address of the bastion host.
Example:
ssh -i /home/joe/.ssh/id_rsa_bastion opc@203.0.113.51

When prompted, confirm that you want to connect to the host. The IP address is added to the list of known hosts and a secure connection is established.

Verify SSH Access to the Bastion Host from a Microsoft Windows Client

Complete the following steps:
  1. Start PuTTY.
  2. In Host Name (or IP address) field, enter the public IP address of the bastion host.
  3. Confirm that the Connection type option is set to SSH.
  4. In the Category tree, expand Connection, and then click Data.
  5. In the Auto-login username field, enter opc.
  6. In the Category navigation pane on the left, expand SSH and then click Auth.
  7. Click the Browse button near Private key file for authentication, and select the file that contains the private key corresponding to the public SSH key that you specified for the bastion host.
  8. In the Category navigation pane on the left, click Session.
  9. Click Open.
  10. At the prompt to confirm the public key, click Yes.
A secure connection to the bastion host is established.

Verify Connectivity to the Private Microsoft Windows Server Instances

The private compute instances in the topology can't be accessed from the public internet. You can connect to them through the bastion host, as the opc user.

To test the connectivity to the private Microsoft Windows Server instances through the bastion host, you need the following information:
  • The public IP address of the bastion host.
  • The private IP address and initial password for the private compute instance that you want to connect to.
If you didn't note this information earlier when you applied the Terraform configuration, run the following command from the directory that contains the Terraform code:
terraform output

Then, complete the following steps:

  1. Set up SSH local port forwarding through the bastion host to the Microsoft Windows servers by using the following command:
    ssh -L 127.0.0.1:localPortNumber:windowsPrivateIPaddress:3389 opc@bastionPublicIPaddress -i privateKeyFile
    • localPortNumber: A port number of your choice on your local computer.
    • windowsPrivateIPaddress: The private IP address of the Microsoft Windows server in the cloud that you want to connect to.
    • bastionPublicIPaddress: The public IP address of the bastion host.
    • privateKeyFile: The full path and name of the file containing the private key that corresponds to the public SSH key you provided for the bastion host.
    Example:
    ssh -L 127.0.0.1:9833:172.16.3.5:3389 opc@@203.0.113.51 -i /home/joe/.ssh/id_rsa_bastion
    An encrypted tunnel to the private compute instance through the bastion host is established.
  2. Use a Remote Desktop (RDP) client to connect to 127.0.0.1 on localPortNumber that you specified in the previous step.
    Accept the certificate if you are prompted to do so.
  3. When prompted, enter the initial password for the Microsoft Windows Server compute instance.
    After you log in, you'll be prompted to change the password.