1. Deploy and configure Oracle Essbase to use a DB system in the cloud
  2. Prepare for Your Deployment as an Essbase Administrator

Prepare for Your Deployment as an Essbase Administrator

Before you deploy Oracle Essbase to the cloud, complete a few pre-deployment tasks as an Essbase administrator. After you complete these tasks, proceed to deploy Essbase from the Oracle Cloud Marketplace.

Use a Wizard to Create VCN and Subnets

You can use a predefined workflow to quickly create a virtual cloud network (VCN) with internet connectivity for deploying your Essbase components. You can also create public subnet for both load balancer and bastion hosts and also a private subnet for your database.

The wizard creates a virtual cloud network with the following elements:

  • An internet gateway, a NAT gateway, and a service gateway for the VCN.
  • A regional public subnet with routing to the internet gateway.

    Instances in a public subnet may optionally have public IP addresses.

  • A regional private subnet with routing to the NAT gateway and service gateway (and therefore the Oracle Services Network).

    Instances in a private subnet can't have public IP addresses.

  • Basic security list rules for the two subnets, including SSH access.

To use the wizard to create a virtual cloud network:

  1. Sign in as an Essbase administrator. In the Console, click the Oracle Cloud icon at the top of the page to go to the Console home page.
  2. Click the quick action for Networking: Set up a network with a wizard.
  3. Select VCN with Internet Connectivity, and then click Start Workflow.
  4. Specify a friendly name for the VCN. It doesn't have to be unique, however it can't be changed later in the Console (but you can change it with the API). Avoid entering confidential information.
  5. Use the default Compartment or select a different compartment.
  6. Use the default CIDR blocks listed for the VCN and subnets, or specify a different range.
    For example, in Configure VCN and Subnets, you can set:
    • VCN CIDR BLOCK - 10.0.0.0/16
    • Public Subnet CIDR BLOCK - 10.0.0.0/24
    • Private Subnet CIDR BLOCK - 10.0.1.0/24
  7. Create additional private subnet ingress rules for Essbase and database.
    • Essbase: Provide the destination port range as 443. Make sure that you use the same source as the 22 SSH Remote Login Protocol.

      Source Type = CIDR, Source CIDR = <CIDR block of application subnet>, IP Protocol = TCP, Source Port Range = All, Destination port range = 443

    • Database: Provide the subnet address and set the destination port range to 1521 for DB connectivity.

      Source Type = CIDR, Source CIDR = <CIDR block of application subnet>, IP Protocol = TCP, Source Port Range = All, Destination port range =1521

  8. Create an additional public subent ingress rule for load balancer. For the public load balancer ingress rule, provide the destination port range as 443. This will allow HTTPS connection for communication.

    Source Type = CIDR, Source CIDR = 0.0.0.0/0, IP Protocol = TCP, Source Port Range = All, Destination port range = 443

  9. Review the information and click Previous to make changes or click Create to create the VCN.

Create an Oracle Autonomous Database

Create an Autonomous Database in the private subnet.

  1. On the Oracle Cloud Infrastructure Console, open the navigation menu in the upper left corner, then click Oracle Database.
  2. Under Autonomous Databases, select Autonomous Data Warehouse.
  3. Click Create Autonomous Databases.
  4. Select the compartment in which you created the VCN in the previous step. In this example, EssbDBP.
  5. Provide a display name and a database name.
  6. Choose workload type Data Warehouse.
  7. Choose deployment type Serverless.
  8. Under configure the database choose the defaults.
  9. Select a Backup retention of your choice.
  10. Provide administrator credentials.
    Remember the password, as you'll need it when deploying Essbase using the marketplace listing.
  11. Select the following under Choose network access:
    1. Select Private endpoint access only.
    2. Select the VCN created in the previous step. In this example, EssbDBP_VCN.
    3. Select the Subnet which is the private subnet created in the previous step. In this example, Private Subnet-EssbDBP_VCN.
  12. Select the database license type.
  13. Provide contacts for operational notifications and announcements.
  14. Click Create Autonomous Database.
    Essbase uses this Autonomous Data Warehouse as a repository schema.

Create Vault, Secrets, and Encrypt Values

Oracle Cloud Infrastructure Vault enables you to manage sensitive information when creating a server domain.

Note:

Prior to version 19.3.0.3.4, Vault encryption was known as Key Management, and Vault metadata was named KMS.

When you use Vault to encrypt credentials during provisioning, you need to create a key. Passwords chosen for the Oracle Essbase administrator and Autonomous Data Warehouse must meet the Resource Manager password requirements.

Keys need to be encrypted for the following fields:
  • Essbase Administrator Password
  • IDCS application client secret
  • Autonomous Data Warehouse ADMIN password

Create a New Vault

These steps explain how to create a virtual Vault, which is a lower-cost option than a private vault. New entities are needed only if they have not already been created.

  1. Sign in to the Oracle Cloud Infrastructure Console.
  2. In the navigation menu, select Security, and click Vault.
  3. Select your Compartment, if not already selected.
  4. Click Create Vault.
  5. For Name, enter OracleEssbaseVault.
  6. For the lower-cost option, leave unchecked the option to make it a private vault.
  7. Click Create.

    Note:

    You can retrieve the Vault Crypto Endpoint value for any future use by clicking on the newly created vault, as listed on the Vaults page.

Create a New Encryption Key

Create a new encryption key on the Oracle Cloud Infrastructure Vaults page.

  1. Select the newly created vault, for example, OracleEssbaseVault from the previous section.
  2. Select Master Encryption Keys in the left panel.
  3. Select Create Key and provide a name for the key, such as OracleEssbaseEncryptionKey.
  4. Click Create Key.
    This key is used during secret creation.

Encrypt your Oracle Essbase Administrator Password

To encrypt your Oracle Essbase Administrator password (for older versions), perform the following steps.

  1. Convert the administrator password that you want to use for the Essbase domain to a base64 encoding. For example, from a Linux terminal, use the following command:
    echo -n 'OracleEssbase_Password' | base64
  2. Run the command encrypt oci using the Oracle Cloud Infrastructure command-line interface. Provide the following parameters:
    • Vault Encryption Key OCID
    • Vault Crypto Endpoint
    • base64-encoded password
    oci kms crypto encrypt --key-id Key_OCID --endpoint Cryptographic_Endpoint_URL --plaintext Base64_OracleEssbase_Password
  3. From the output, copy the encrypted password value for use in the deploy process, as shown here: 
    "ciphertext": "Encrypted_Password"

    You also use vault encryption to encrypt your Database Password and your Client Secret.