10 Creating the Initial BI Domain for an Enterprise Deployment

This chapter describes how to install and configure an Oracle Business Intelligence (BI) domain, which can be used as the starting point for an enterprise deployment.

This chapter contains information on variables used when creating the BI domain, creating database schemas and configuring the BI domain.

• Variables Used When Creating the BI Domain
  As you perform the tasks in this chapter, you will be referencing the directory variables listed in this section.
• Understanding the Initial BI Domain
  Before you being creating the initial Business Intelligence (BI) domain, be sure to review the following key concepts.
• Installing the Oracle Fusion Middleware Infrastructure in Preparation for an Enterprise Deployment
  Use this section to install the Oracle Fusion Middleware Infrastructure software in preparation for configuring a new domain for an enterprise deployment.
• Installing Oracle Business Intelligence in Preparation for an Enterprise Deployment
  Use this section to install the Oracle Business Intelligence software in preparation for configuring a new domain for an enterprise deployment.
• Creating the Database Schemas
  Before you can configure a BI domain, you must install the schemas listed in this section on a certified database for use with this release of Oracle Fusion Middleware.
• Configuring the BI Domain
  This section provides instructions for creating a WebLogic domain using the configuration wizard.
• Creating the System Components on BIHOST1
  Perform the steps in this section to create the BI Cluster Controller, BI Scheduler, BI Presentation Services, and BI JavaHost system components on BIHOST1.
• Creating a BI Service Instance
  Perform the steps in this section to create a new BI Service instance.
• Configuring the Singleton Data Directory (SDD)
  Oracle Business Intelligence metadata is stored in a Singleton Data Directory (SDD). Metadata is managed in an Oracle Business Intelligence archive (BAR) file containing information about the Presentation Catalog, the metadata repository, and security authentication.
• Configuring Security for Essbase in Oracle Business Intelligence
  Essbase components installed using the Oracle Business Intelligence installer cannot use Native Essbase or Hyperion Shared Services (HSS) security.
• Configuring the Domain Directories and Starting the Servers on BIHOST1
  After the domain is created, you must perform a series of additional configuration tasks on BIHOST1. For example, you start the Node Manager and Administration Server. You then create a separate domain directory for the Managed Server. In this new and separate Managed Server directory, you start a second Node Manager instance and start the Managed Server and the Business Intelligence system components.
• Setting Up the Global Cache
  The global cache is a query cache that is shared by all Oracle BI servers participating in a cluster. It is recommended that you configure the global cache so that cache seeding and purging events can be shared by all Oracle BI servers participating in a cluster.
• Verifying Oracle Business Intelligence URLs on BIHOST1
  After starting the components in the domain on BIHOST1, access these URLs to verify the configuration of Oracle Business Intelligence.
• Creating a New LDAP Authenticator and Provisioning Enterprise Deployment Users and Group
  When you configure an Oracle Fusion Middleware domain, the domain is configured by default to use the WebLogic Server authentication provider (DefaultAuthenticator). However, for an enterprise deployment, Oracle recommends that you use a dedicated, centralized LDAP-compliant authentication provider.
• Backing Up the Oracle Business Intelligence Configuration
  It is an Oracle best practices recommendation to create a backup after successfully configuring a domain or at another logical point. Create a backup after verifying that the installation so far is successful. This is a quick backup for the express purpose of immediate restoration in case of problems in later steps.

10.1 Variables Used When Creating the BI Domain

As you perform the tasks in this chapter, you will be referencing the directory variables listed in this section.

The directory variables are defined in File System and Directory Variables Used in This Guide.

• ORACLE_HOME

• ASERVER_HOME

• MSERVER_HOME

• APPLICATION_HOME

• JAVA_HOME

In addition, you'll be referencing the following virtual IP (VIP) addresses and host names defined in Physical and Virtual IP Addresses Required by the Enterprise Topology:

• ADMINVHN

• BIHOST1VHN1

• BIHOST1

• SCAN Address for the Oracle RAC Database (DB-SCAN.example.com)

10.2 Understanding the Initial BI Domain

Before you being creating the initial Business Intelligence (BI) domain, be sure to review the following key concepts.

• About the Infrastructure Distribution
  
• Characteristics of the Initial BI Domain
  

10.2.1 About the Infrastructure Distribution

You create the initial Business Intelligence domain for an enterprise deployment, using the Oracle Fusion Middleware Infrastructure distribution. This distribution contains both the Oracle WebLogic Server software and the Oracle JRF software in one distribution.

The Oracle JRF software consists of Oracle Web Services Manager, Oracle Application Development Framework (Oracle ADF), Oracle Enterprise Manager Fusion Middleware Control, the Repository Creation Utility (RCU), and other libraries and technologies required to support the Oracle Fusion Middleware products.

For more information, see "Understanding Oracle Fusion Middleware Infrastructure" in Understanding Oracle Fusion Middleware.

10.2.2 Characteristics of the Initial BI Domain

Review these key characteristics of the initial BI domain. By reviewing and understanding these characteristics, you can better understand the purpose and context of the procedures used to configure the domain.

Many of these characteristics are described in more detail in Understanding a Typical Enterprise Deployment.

Table 10-1 Characteristics of the Initial BI domain

Characteristic of the Domain	More Information
Uses a separate virtual IP (VIP) address for the Administration Server.	Configuration of the Administration Server and Managed Servers Domain Directories
Uses separate domain directories for the Administration Server and the Managed Servers in the domain.	Configuration of the Administration Server and Managed Servers Domain Directories
Uses Per Domain Node Manager and separate Node Manager processes for the Administration Server and Managed Servers on each host.	About the Node Manager Configuration in a Typical Enterprise Deployment
Requires a separately installed LDAP-based authentication provider.	Understanding OPSS and Requests to the Authentication and Authorization Stores

10.3 Installing the Oracle Fusion Middleware Infrastructure in Preparation for an Enterprise Deployment

Use this section to install the Oracle Fusion Middleware Infrastructure software in preparation for configuring a new domain for an enterprise deployment.

• Installing a Supported JDK
  
• Starting the Infrastructure Installer on BIHOST1
  
• Navigating the Infrastructure Installation Screens
  
• Checking the Directory Structure
  

10.3.1 Installing a Supported JDK

Oracle Fusion Middleware requires that a certified Java Development Kit (JDK) is installed on your system. See the following sections for more information:

• Locating and Downloading the JDK Software
  
• Installing the JDK Software
  

10.3.1.1 Locating and Downloading the JDK Software

To find a certified JDK, see the certification document for your release on the Oracle Fusion Middleware Supported System Configurations page.

After you identify the Oracle JDK for the current Oracle Fusion Middleware release, you can download an Oracle JDK from the following location on Oracle Technology Network:

http://www.oracle.com/technetwork/java/index.html

Be sure to navigate to the download for the Java SE JDK.

10.3.1.2 Installing the JDK Software

Install the JDK in the following locations:

• On the shared storage device, where it will be accessible from each of the application tier host computers.

• On the local storage device for each of the Web tier host computers.

  The Web tier host computers, which reside in the DMZ, do not necessarily have access to the shared storage on the application tier.

For more information about the recommended location for the JDK software, see the Understanding the Recommended Directory Structure for an Enterprise Deployment.

The following example describes how to install a recent version of JDK 1.8:

1. Change directory to the location where you downloaded the JDK archive file.
2. Unpack the archive into the JDK home directory, and then run these commands:

   cd download_dir
   tar -xzvf jdk-8u51-linux-x64.tar.gz
   

   Note that the JDK version listed here was accurate at the time this document was published. For the latest supported JDK, see the Oracle Fusion Middleware System Requirements and Specifications for the current Oracle Fusion Middleware release.

3. Move the JDK directory to the recommended location in the directory structure.

   For example:

   mv ./jdk1.8.0_51 /u01/oracle/products/jdk
   

   For more information, see File System and Directory Variables Used in This Guide.

4. Define the JAVA_HOME and PATH environment variables for running Java on the host computer.

   For example:

   export JAVA_HOME=/u01/oracle/products/jdk
   export PATH=$JAVA_HOME/bin:$PATH
   

5. Run the following command to verify that the appropriate java executable is in the path and your environment variables are set correctly:

   java -version
     java version "1.8.0_51" 
     Java(TM) SE Runtime Environment (build 1.8.0_51-b16)
     Java HotSpot(TM) 64-Bit Server VM (build 25.51-b03, mixed mode)
   

10.3.2 Starting the Infrastructure Installer on BIHOST1

To start the installation program, perform the following steps.

1. Log in to BIHOST1.
2. Go to the directory where you downloaded the installation program.
3. Launch the installation program by invoking the java executable from the JDK directory on your system, as shown in the example below.

   JAVA_HOME/bin/java -d64 -jar distribution_file_name.jar
   

   In this example:

   • Replace JAVA_HOME with the environment variable or actual JDK location on your system.

   • Replace distribution_file_name with the actual name of the distribution JAR file.

     Note that if you download the distribution from the Oracle Technology Network (OTN), then the JAR file is typically packaged inside a downloadable ZIP file.

     To install the software required for the initial Infrastructure domain, the distribution you want to install is fmw_12.2.1.0.0_infrastructure.jar.

     For more information about the actual file names of each distribution, see Identifying and Obtaining Software Downloads for an Enterprise Deployment.

When the installation program appears, you are ready to begin the installation. See Navigating the Installation Screens for a description of each installation program screen.

10.3.3 Navigating the Infrastructure Installation Screens

The installation program displays a series of screens, in the order listed in the following table.

If you need additional help with any of the installation screens, click the screen name.

Screen	Description
Installation Inventory Setup	On UNIX operating systems, this screen will appear if this is the first time you are installing any Oracle product on this host. Specify the location where you want to create your central inventory. Make sure that the operating system group name selected on this screen has write permissions to the central inventory location. For more information about the central inventory, see "Understanding the Oracle Central Inventory" in Installing Software with the Oracle Universal Installer.
Welcome	This screen introduces you to the product installer.
Auto Updates	Use this screen to automatically search My Oracle Support for available patches or automatically search a local directory for patches that you’ve already downloaded for your organization.
Installation Location	Use this screen to specify the location of your Oracle home directory. For the purposes of an enterprise deployment, enter the value of the ORACLE_HOME variable listed in Table 7-2 .
Installation Type	Use this screen to select the type of installation and consequently, the products and feature sets you want to install. For this topology, select Fusion Middleware Infrastructure. Note: The topology in this document does not include server examples. Oracle strongly recommends that you do not install the examples into a production environment.
Prerequisite Checks	This screen verifies that your system meets the minimum necessary requirements. If there are any warning or error messages, refer to the Oracle Fusion Middleware System Requirements and Specifications document on the Oracle Technology Network (OTN).
Security Updates	If you already have an Oracle Support account, use this screen to indicate how you would like to receive security updates. If you do not have one and are sure you want to skip this step, clear the check box and verify your selection in the follow-up dialog box.
Auto Updates - Patch Selection	This screen appears if both of the following statements are true: You searched for available patches earlier in the installation session, using the Auto Updates screen. The Auto Updates feature located one or more application patches that must be applied to the Oracle home you are creating in this installation session. This screen lists the patches that were found by the Auto Updates feature. Select one or more patches and click Next to apply the selected patches to the Oracle home.
Installation Summary	Use this screen to verify the installation options you selected. If you want to save these options to a response file, click Save Response File and provide the location and name of the response file. Response files can be used later in a silent installation situation. For more information about silent or command-line installation, see "Using the Oracle Universal Installer in Silent Mode" in Installing Software with the Oracle Universal Installer.
Installation Progress	This screen allows you to see the progress of the installation.
Installation Complete	This screen appears when the installation is complete. Review the information on this screen, then click Finish to dismiss the installer.

10.3.4 Checking the Directory Structure

After you install the Oracle Fusion Middleware Infrastructure and create the Oracle home, you should see the following directory and sub-directories. The contents of your installation vary based on the options you selected during the installation.

To check the directory structure:

1. Change directory to the ORACLE_HOMEdirectory.
2. Enter the following command:
   ls -l
   The directory structure on your system should match the structure shown in the following example:

   /u01/oracle/products/fmw/
   
   cfgtoollogs
   coherence
   em
   install
   inventory
   OPatch
   oracle_common
   oraInst.loc
   oui
   root.sh
   wlserver
   

   For more information about the directory structure after the installation complete, see "What are the Key Oracle Fusion Middleware Directories?" in Understanding Oracle Fusion Middleware.

10.4 Installing Oracle Business Intelligence in Preparation for an Enterprise Deployment

Use this section to install the Oracle Business Intelligence software in preparation for configuring a new domain for an enterprise deployment.

• Starting the Installation Program
  
• Navigating the Installation Screens
  
• Checking the Directory Structure
  

10.4.1 Starting the Installation Program

Use these steps to start the BI Installer.

1. Log in to BIHOST1.
2. Go to the directory where you downloaded the installation program.
3. Launch the installation program by invoking the executable, as shown in the example below.

   ./bi_platform-12.2.1.0.0_linux64.bin
   

For more information about the actual file names for each distribution, see Identifying and Obtaining Software Downloads for an Enterprise Deployment.

When the installation program appears, you are ready to begin the installation. See Navigating the Installation Screens for a description of each installation program screen.

10.4.2 Navigating the Installation Screens

The installation program displays a series of screens, in the order listed in Table 10-2 .

If you need additional help with any of the installation screens, click the screen name.

Table 10-2 Oracle Business Intelligence Install Screens

Screen	Description
Installation Inventory Setup	On UNIX operating systems, this screen will appear if this is the first time you are installing any Oracle product on this host. Specify the location where you want to create your central inventory. Make sure that the operating system group name selected on this screen has write permissions to the central inventory location. For more information about the central inventory, see "Understanding the Oracle Central Inventory" in Installing Software with the Oracle Universal Installer.
Welcome	This screen introduces you to the product installer.
Auto Updates	Use this screen to automatically search My Oracle Support for available patches or automatically search a local directory for patches that you’ve already downloaded for your organization
Installation Location	Use this screen to specify the location of your Oracle home directory. For the purposes of an enterprise deployment, enter the value of the ORACLE_HOME variable listed in Table 7-2 .
Installation Type	Use this screen to select the type of installation and consequently, the products and feature sets you want to install. For this topology, select BI Platform Distribution with Samples.
Prerequisite Checks	This screen verifies that your system meets the minimum necessary requirements. If there are any warning or error messages, refer to the Oracle Fusion Middleware System Requirements and Specifications document on the Oracle Technology Network (OTN).
Auto Updates - Patch Selection	This screen appears if the both of the following statements are true: You searched for available patches earlier in the installation session, using the Auto Updates screen. The Auto Updates feature located one or more application patches that must be applied to the Oracle home you are creating in this installation session. This screen lists the patches that were found by the Auto Updates feature. Select one or more patches and click Next to apply the selected patches to the Oracle home.
Installation Summary	Use this screen to verify the installation options you selected. If you want to save these options to a response file, click Save Response File and provide the location and name of the response file. Response files can be used later in a silent installation situation. For more information about silent or command line installation, see "Using the Oracle Universal Installer in Silent Mode" in Installing Software with the Oracle Universal Installer.
Installation Progress	This screen allows you to see the progress of the installation.
Installation Complete	This screen appears when the installation is complete. Review the information on this screen, then click Finish to dismiss the installer.

10.4.3 Checking the Directory Structure

The contents of your installation vary based on the options you selected during the installation.

After you install Oracle Business Intelligence, you should see the following directory and sub-directories.

/u01/oracle/products/fmw1221/bi

bi-epm-registry
bifoundation
bin
clients
common
endpointmanager
file_templates
jlib
lib
migration-tool
modules
nls
oracore
plugins
products
schema
vcredist_x64.exe
vcredist_x86.exe
xsd

10.5 Creating the Database Schemas

Before you can configure a BI domain, you must install the schemas listed in this section on a certified database for use with this release of Oracle Fusion Middleware.

• Metadata Services (MDS)

• Audit Services (IAU)

• Audit Services Append (IAU_APPEND)

• Audit Services Viewer (IAU_VIEWER)

• Oracle Platform Security Services (OPSS)

• User Messaging Service (UMS)

• WebLogic Services (WLS)

• WebLogic Runtime Services (WLS_RUNTIME)

• Common Infrastructure Services (STB)

• Business Intelligence Platform (BIPLATFORM)

You use the Repository Creation Utility (RCU) to create the schemas. This utility is installed in the Oracle home for each Oracle Fusion Middleware product. For more information about RCU and how the schemas are created and stored in the database, see "Preparing for Schema Creation" in Creating Schemas with the Repository Creation Utility.

• Installing and Configuring a Certified Database
  
• Starting the Repository Creation Utility (RCU)
  
• Navigating the RCU Screens to Create the Schemas
  

10.5.1 Installing and Configuring a Certified Database

Make sure you have installed and configured a certified database, and that the database is up and running.

For more information, see the following resources:

• Preparing the Database for an Enterprise Deployment, which includes information about creating database services, using SecureFiles for Large Objects (LOBs), and other topics important in an enterprise deployment.

• Understanding Database Requirements for an Oracle Fusion Middleware Installation in Planning an Installation of Oracle Fusion Middleware.

10.5.2 Starting the Repository Creation Utility (RCU)

To start the Repository Creation Utility (RCU):

1. Set the JAVA_HOME environment variable so it references the location where you installed a supported JDK.

   For more information, see File System and Directory Variables Used in This Guide.

2. Navigate to the following directory on BIHOST1:

   ORACLE_HOME/oracle_common/bin
   

3. Start RCU:

   ./rcu
   

10.5.3 Navigating the RCU Screens to Create the Schemas

Follow the instructions in this section to create the schemas for the Oracle Business Intelligence domain.

Task 1    Introducing RCU

Review the Welcome screen and verify the version number for RCU. Click Next to begin.

Task 2    Selecting a Method of Schema Creation

If you have the necessary permission and privileges to perform DBA activities on your database, select System Load and Product Load on the Create Repository screen. The procedure in this document assumes that you have the necessary privileges.

If you do not have the necessary permission or privileges to perform DBA activities in the database, you must select Prepare Scripts for System Load on this screen. This option will generate a SQL script, which can be provided to your database administrator. See "Understanding System Load and Product Load" in Creating Schemas with the Repository Creation Utility.

Tip:

For more information about the options on this screen, see "Create Repository" in Creating Schemas with the Repository Creation Utility.

Task 3    Providing Database Credentials

On the Database Connection Details screen, provide the database connection details for RCU to connect to your database.

In the Host Name field, enter the SCAN address of the Oracle RAC Database.

Click Next to proceed, then click OK on the dialog window confirming that connection to the database was successful.

Tip:

For more information about the options on this screen, see "Database Connection Details" in Creating Schemas with the Repository Creation Utility.

Task 4    Specifying a Custom Prefix and Selecting Schemas

1. Specify the custom prefix you want to use to identify the Oracle Fusion Middleware schemas.

   The custom prefix is used to logically group these schemas together for use in this domain. For the purposes of this guide, use the prefix FMW1221.

   Tip:

   Make a note of the custom prefix you choose to enter here; you will need this later during the domain creation process.

2. Select AS Common Schemas.

   When you select AS Common Schemas, all of the schemas in this section are automatically selected.

   A schema called Common Infrastructure Services is also automatically created; this schema is grayed out and cannot be selected or deselected. This schema (the STB schema) enables you to retrieve information from RCU during domain configuration. For more information, see "Understanding the Service Table Schema" in Creating Schemas with the Repository Creation Utility.

3. Select Business Intelligence Platform.

Tip:

For more information about custom prefixes, see "Understanding Custom Prefixes" in Creating Schemas with the Repository Creation Utility.

For more information about how to organize your schemas in a multi-domain environment, see "Planning Your Schema Creation" in Creating Schemas with the Repository Creation Utility.

Description of the illustration GUID-79155536-2749-4F2F-A206-FF44CB0D3770-default.png

Click Next to proceed, then click OK on the dialog window confirming that prerequisite checking for schema creation was successful.

Task 5    Specifying Schema Passwords

Specify how you want to set the schema passwords on your database, then specify and confirm your passwords.

Tip:

You must make a note of the passwords you set on this screen; you will need them later on during the domain creation process.

Task 6    Completing Schema Creation

Navigate through the remainder of the RCU screens to complete schema creation.

For the purposes of this guide, you can accept the default settings on the remaining screens, or you can customize how RCU creates and uses the required tablespaces for the Oracle Fusion Middleware schemas.

For more information about RCU and its features and concepts, see Creating Schemas with the Repository Creation Utility.

When you reach the Completion Summary screen, click Close to dismiss RCU.

10.6 Configuring the BI Domain

This section provides instructions for creating a WebLogic domain using the configuration wizard.

For more information on other methods available for domain creation, see "Additional Tools for Creating, Extending, and Managing WebLogic Domains" in Creating WebLogic Domains Using the Configuration Wizard.

The following tasks are covered in this section.

• Starting the Configuration Wizard
  
• Navigating the Configuration Wizard Screens to Configure the BI Domain
  

10.6.1 Starting the Configuration Wizard

To begin domain configuration, run the following command in the Oracle Fusion Middleware Oracle home.

ORACLE_HOME/oracle_common/common/bin/config.sh

10.6.2 Navigating the Configuration Wizard Screens to Configure the BI Domain

Follow the instructions in this section to create and configure the domain for the topology.

Task 1    Selecting the Domain Type and Domain Home Location

On the Configuration Type screen, select Create a new domain.

In the Domain Location field, specify the value of the ASERVER_HOME variable, as defined in File System and Directory Variables Used in This Guide.

Tip:

More information about the other options on this screen can be found in "Configuration Type" in Creating WebLogic Domains Using the Configuration Wizard.

Task 2    Selecting the Configuration Templates

On the Templates screen, make sure Create Domain Using Product Templates is selected, then select the following templates:

• Oracle BIEE Suite – 12.2.1.0 [bi]

  Selecting this template automatically selects the following dependencies:

  • Oracle MapViewer –12.2.1 [oracle_common]

  • Oracle Enterprise Manager – 12.2.1 [em]

  • Oracle WSM Policy Manager – 12.2.1.0 [oracle_common]

  • Oracle JRF - 12.2.1 [oracle_common]

  • WebLogic Coherence Cluster Extension - 12.2.1 [wlserver]

• Oracle BI Publisher Suite – 12.2.1.0 [bi]

• Oracle BI Essbase Suite – 12.2.1 [bi]

In addition, the Basic WebLogic Server Domain – 12.2.1 [wlserver] template should already be selected and grayed out.

Description of the illustration GUID-5714A32D-F644-4F2E-9564-9E57C2D54446-default.png

Tip:

More information about the options on this screen can be found in Templates in Creating WebLogic Domains Using the Configuration Wizard.

Task 3    Selecting the Application Home Location

On the Application Location screen, specify the value of the APPLICATION_HOME variable, as defined in File System and Directory Variables Used in This Guide.

Tip:

More information about the options on this screen can be found in Application Location in Creating WebLogic Domains Using the Configuration Wizard.

Task 4    Configuring the Administrator Account

On the Administrator Account screen, specify the user name and password for the default WebLogic Administrator account for the domain.

Make a note of the user name and password specified on this screen; you will need these credentials later to boot and connect to the domain's Administration Server.

Task 5    Specifying the Domain Mode and JDK

On the Domain Mode and JDK screen:

• Select Production in the Domain Mode field.

• Select the Oracle Hotspot JDK in the JDK field.

Selecting Production Mode on this screen gives your environment a higher degree of security, requiring a user name and password to deploy applications and to start the Administration Server.

Tip:

More information about the options on this screen, including the differences between development mode and production mode, can be found in Domain Mode and JDK in Creating WebLogic Domains Using the Configuration Wizard.

In production mode, a boot identity file can be created to bypass the need to provide a user name and password when starting the Administration Server. For more information, see Creating the boot.properties File.

Task 6    Specifying the Database Configuration Type

Select RCU Data to activate the fields on this screen.

The RCU Data option instructs the Configuration Wizard to connect to the database and Service Table (STB) schema to automatically retrieve schema information for the schemas needed to configure the domain.

Note:

If you choose to select Manual Configuration on this screen, you will have to manually fill in the parameters for your schema on the JDBC Component Schema screen.

After selecting RCU Data, fill in the fields as shown in the following table. Refer to Figure 10-1 for a partial screen shot of a sample Database Configuration Type screen.

Field	Description
DBMS/Service	Enter the service name for the Oracle RAC database where you will install the product schemas. For example: orcl.example.com Be sure this is the common service name that is used to identify all the instances in the Oracle RAC database; do not use the host-specific service name. For more information, see Preparing the Database for an Enterprise Deployment.
Host Name	Enter the Single Client Access Name (SCAN) Address for the Oracle RAC database, which you entered in the Enterprise Deployment Workbook.
Port	Enter the port number on which the database listens. For example, 1521.
Schema Owner Schema Password	Enter the user name and password for connecting to the database's Service Table schema. This is the schema user name and password that was specified for the Service Table component on the Schema Passwords screen in RCU. The default user name is prefix_STB, where prefix is the custom prefix that you defined in RCU.

Figure 10-1 Setting the Database Configuration Type for an Enterprise Deployment

Description of "Figure 10-1 Setting the Database Configuration Type for an Enterprise Deployment"

Click Get RCU Configuration when you are finished specifying the database connection information. The following output in the Connection Result Log indicates that the operation succeeded:

Connecting to the database server...OK
Retrieving schema data from database server...OK
Binding local schema components with retrieved data...OK

Successfully Done.

Click Next if the connection to the database is successful.

Tip:

More information about the RCU Data option can be found in "Understanding the Service Table Schema" in Creating Schemas with the Repository Creation Utility.

More information about the other options on this screen can be found in Datasource Defaults in Creating WebLogic Domains Using the Configuration Wizard

Task 7    Specifying JDBC Component Schema Information

Verify that the values on the JDBC Component Schema screen are correct for all schemas.

The schema table should be populated because you selected Get RCU Data on the previous screen. As a result, the Configuration Wizard locates the database connection values for all the schemas required for this domain.

At this point, the values are configured to connect to a single-instance database. However, for an enterprise deployment, you should use a highly available Real Application Clusters (RAC) database, as described in Preparing the Database for an Enterprise Deployment.

In addition, Oracle recommends that you use an Active GridLink datasource for each of the component schemas. For more information about the advantages of using GridLink data sources to connect to a RAC database, see "Database Considerations" in the High Availability Guide.

To convert the data sources to GridLink:

1. Select all the schemas by selecting the check box in the first header row of the schema table.

2. Click Convert to GridLink and click Next.

Task 8    Providing the GridLink Oracle RAC Database Connection Details

On the GridLink Oracle RAC Component Schema screen, provide the information required to connect to the RAC database and component schemas, as shown in Table 10-3 and in Figure 10-2 .

Table 10-3 Recommended Values for Selected Fields on the GridLink Oracle RAC Component Schema Screen

Element	Description and Recommended Value
SCAN, Host Name, and Port	Select the SCAN check box. In the Host Name field, enter the Single Client Access Name (SCAN) Address for the Oracle RAC database. In the Port field, enter the SCAN listening port for the database (for example, 1521)
ONS Host and Port	In the ONS Port field, enter the SCAN address for the Oracle RAC database. In the Port field, enter the ONS Remote port (typically, 6200).
Enable Fan	Select the Enable Fan check box to receive and process FAN events,

Figure 10-2 Sample Values for the GridLink Oracle RAC Component Schema Screen

Description of "Figure 10-2 Sample Values for the GridLink Oracle RAC Component Schema Screen"

For more information about specifying the information on this screen, as well as information about how to identify the correct SCAN address, see "Configuring Active GridLink Data Sources with Oracle RAC" in the High Availability Guide.

You can also click Help to display a brief description of each field on the screen.

Task 9    Testing the JDBC Connections

Use the JDBC Component Schema Test screen to test the data source connections you have just configured.

A green check mark in the Status column indicates a successful test. If you encounter any issues, see the error message in the Connection Result Log section of the screen, fix the problem, then try to test the connection again.

Tip:

More information about the other options on this screen can be found in Test Component Schema in Creating WebLogic Domains Using the Configuration Wizard

Task 10    Specifying Credentials

Enter a unique user name and password for the Business Intelligence system.user account. Note that the system.user account is not an actual user. It is used for internal authentication between the different Business Intelligence components. You must provide a unique, random user name and password that are not used by an actual system user to log in and use BI applications with.

Enter a user name and password for the jms.queue.auth user account. This user must be a user in the WebLogic Administrator group.

Description of the illustration GUID-2A449525-BB34-4005-9416-2081C4FD8166-default.png

Task 11    Selecting Advanced Configuration

To complete domain configuration for the topology, select the following options on the Advanced Configuration screen:

• Administration Server

  This is required to properly configure the listen address of the Administration Server.

• Node Manager

  This is required to configure Node Manager.

• Managed Servers, Clusters and Coherence

  This is required to configure the Managed Server and cluster, and also for configuring the machine and targeting the Managed Server to the machine.

• JMS File Store

  This is required to configure the appropriate shared storage for JMS persistent stores.

Note:

When using the Advanced Configuration screen in the Configuration Wizard:

• If any of the above options are not available on the screen, then return to the Templates screen, and be sure you selected the required templates for this topology.

• Do not select the Domain Frontend Host Capture advanced configuration option. You will later configure the frontend host property for specific clusters, rather than for the domain.

Task 12    Configuring the Administration Server Listen Address

On the Administration Server screen:

1. In the Server Name field, retain the default value - AdminServer.

2. In the Listen Address field, enter the virtual host name that corresponds to the VIP of the ADMINVHN that you procured in Procuring Resources for an Enterprise Deployment and enabled in Preparing the Host Computers for an Enterprise Deployment.

   For more information on the reasons for using the ADMINVHN virtual host, see Reserving the Required IP Addresses for an Enterprise Deployment.

3. Leave the other fields at their default values.

   In particular, be sure that no server groups are assigned to the Administration Server.

Task 13    Configuring Node Manager

Select Per Domain Default Location as the Node Manager type, then specify the Node Manager credentials you will use to connect to the Node Manager.

Tip:

For more information about the options on this screen, see "Node Manager" in Creating WebLogic Domains Using the Configuration Wizard.

For more information about per domain and per host Node Manager implementations, see About the Node Manager Configuration in a Typical Enterprise Deployment.

For additional information, see “Configuring Node Manager on Multiple Machines” in Administering Node Manager for Oracle WebLogic Server.

Task 14    Configuring the Managed Server

On the Managed Servers screen, a new Managed Server for Oracle Business Intelligence appears in the list of servers. This server was created automatically by the Oracle BIEE Suite configuration template you selected on the Templates screen. Perform the following tasks to modify the default Oracle Business Intelligence Managed Server (bi_server1).

1. Rename the default Managed Server to WLS_BI1.

   Tip:

   The server name recommended here will be used throughout this document; if you choose a different name, be sure to replace it as needed.

2. Use the information in the following table to fill in the rest of the columns for the Oracle Business Intelligence Managed Server.

Tip:

More information about the options on the Managed Server screen can be found in Managed Servers in Creating WebLogic Domains Using the Configuration Wizard.

Table 10-4 Values Required for Oracle Business Intelligence Managed Server

Server Name	Listen Address	Listen Port	Enable SSL	SSL Listen Port	Server Groups
WLS_BI1	BIHOST1	7003	No	Disabled	BISUITE_MAN-SVR

Task 15    Configuring a Cluster

In this task, you create a cluster to which you can target the Oracle BI software.

You will also set the Frontend Host property for the cluster, which ensures that, when necessary, WebLogic Server will redirect Web services callbacks and other redirects to bi.example.com on the load balancer rather than the address in the HOST header of each request.

For more information about the bi.example.com virtual server address, see Configuring Virtual Hosts on the Hardware Load Balancer.

On the Clusters screen, a new cluster (bi_cluster) for Oracle Business Intelligence appears in the list of clusters. Perform the following tasks to modify the default Oracle Business Intelligence cluster:

1. Specify bi.example.com in the Frontend Host field.

2. Specify 80 as the Frontend HTTP Port and 443 as the Frontend HTTPS port.

Note:

By default, server instances in a cluster communicate with one another using unicast. If you want to change your cluster communications to use multicast, refer to "Considerations for Choosing Unicast or Multicast" in Administering Clusters for Oracle WebLogic Server.

Tip:

More information about the options on this screen can be found in Clusters in Creating WebLogic Domains Using the Configuration Wizard.

Task 16    Assigning the Managed Server to the Cluster

Use the Assign Servers to Clusters screen to assign WLS_BI1 to the new cluster bi_cluster:

1. In the Clusters pane, select the cluster to which you want to assign the servers; in this case, bi_cluster.

2. In the Servers pane, assign WLS_BI1 to bi_cluster by doing one of the following:

   • Click once on WLS_BI1 Managed Server to select it, then click on the right arrow to move it beneath the selected cluster in the Clusters pane.

   • Double-click on WLS_BI1 to move it beneath the selected cluster in the clusters pane.

Tip:

More information about the options on this screen can be found in Assign Servers to Clusters in Creating WebLogic Domains Using the Configuration Wizard.

Task 17    Configuring Coherence Clusters

Use the Coherence Clusters screen to configure the Coherence cluster that is automatically added to the domain.

In the Cluster Listen Port, enter 9991.

Note:

For Coherence licensing information, refer to "Oracle Coherence" in Oracle Fusion Middleware Licensing Information.

Task 18    Creating Machines

Use the Machines screen to create a new machine in the domain. A machine is required in order for the Node Manager to be able to start and stop the servers.

1. Select the Unix Machine tab.

2. Click the Add button to create the new UNIX machine.

   Use the values in the following table to define the Name and Node Manager Listen Address of each machine.

3. Verify the port in the Node Manager Listen Port field.

   The port number 5556, shown in this example, may be referenced by other examples in the documentation. Replace this port number with your own port number as needed.

Table 10-5 Values to Use When Creating Unix Machines

Name	Node Manager Listen Address	Node Manager Listen Port
BIHOST1	The value of the BIHOST1 host name variable. For example, BIHOST1.example.com.	5556
ADMINHOST	Enter the value of the ADMINVHN variable.	5556

Figure 10-3 Example Values for the Configuration Wizard Unix Machines Screen

Description of "Figure 10-3 Example Values for the Configuration Wizard Unix Machines Screen"

Tip:

More information about the options on this screen can be found in Machines in Creating WebLogic Domains Using the Configuration Wizard.

Task 19    Assigning Servers to Machines

Use the Assign Servers to Machines screen to assign the Administration Server and the Oracle BI EE Suite Managed Server to the appropriate machine.

The Assign Servers to Machines screen is similar to the Assign Managed Servers to Clusters screen. Select the target machine in the Machines column, select the Managed Server in the left column, and click the right arrow to assign the server to the appropriate machine.

Assign the servers as follows:

• Assign the AdminServer to the ADMINHOST machine.

• Assign the WLS_BI1 Managed Server to the BIHOST1 machine.

Description of the illustration GUID-1E5A239D-30B8-4B95-BB3B-0374FAA89C6F-default.png

Tip:

More information about the options on this screen can be found in Assign Servers to Machines in Creating WebLogic Domains Using the Configuration Wizard.

Task 20    Configuring the JMS File Store

When you configure a domain using the Oracle WSM Policy Manager configuration template, you should select the proper location of the Metadata Services (MDS) JMS File Store, especially when you are configuring an enterprise deployment.

In the JMS File Stores screen, assign the following directory for each of the BI Persistence stores:

ASERVER_HOME/bi_cluster

In this example, replace ASERVER_HOME with the actual value of the ASERVER_HOME variable, as defined in File System and Directory Variables Used in This Guide. Replace bi_cluster with the name you assigned to the Oracle BI cluster.

Task 21    Reviewing Your Configuration Specifications and Configuring the Domain

The Configuration Summary screen contains the detailed configuration information for the domain you are about to create. Review the details of each item on the screen and verify that the information is correct.

You can go back to any previous screen if you need to make any changes, either by using the Back button or by selecting the screen in the navigation pane.

Domain creation will not begin until you click Create.

Tip:

More information about the options on this screen can be found in Configuration Summary in Creating WebLogic Domains Using the Configuration Wizard.

Task 22    Writing Down Your Domain Home and Administration Server URL

The Configuration Success screen will show the following items about the domain you just configured:

• Domain Location

• Administration Server URL

You must make a note of both items as you will need them later; the domain location is needed to access the scripts used to start the Node Manager and Administration Server, and the URL is needed to access the Administration Server.

Click Finish to dismiss the configuration wizard.

10.7 Creating the System Components on BIHOST1

Perform the steps in this section to create the BI Cluster Controller, BI Scheduler, BI Presentation Services, and BI JavaHost system components on BIHOST1.

Note:

Replace ASERVER_HOME with the actual path to the domain directory you created on the shared storage device.

1. Start WLST:

   cd ORACLE_HOME/oracle_common/common/bin/
   
   ./wlst.sh
   

2. Open the BI Administration Server domain for updating:

   wls:/offline>readDomain(‘ASERVER_HOME’)
   

3. Create a new BI Cluster Controller system component:

   wls:/offline/bi_domain>createOBICCSComponent('ASERVER_HOME','BIHOST1',port='OBICCS__port',portMonitor='OBICCS_monitor_port')
   

   For example:

   wls:/offline/bi_domain>createOBICCSComponent('/u01/oracle/config/domains/bi_domain','BIHOST1',port='10006',portMonitor='10007')
   

4. Create a new BI Scheduler system component:

   wls:/offline/bi_domain>createOBISCHComponent(‘ASERVER_HOME’,'BIHOST1’,port='OBISCH_port',portMonitor='OBISCH_monitor_port')
   

   For example:

   wls:/offline/bi_domain>createOBISCHComponent(‘/u01/oracle/config/domains/bi_domain','BIHOST1’,port='10008',portMonitor='10009')
   

5. Create a new BI Presentation Services system component:

   wls:/offline/bi_domain>createOBIPSComponent('ASERVER_HOME’,'BIHOST1',port='OBIPS_port') 
   

   For example:

   wls:/offline/bi_domain>createOBIPSComponent('/u01/oracle/config/domains/bi_domain’,'BIHOST1',port='10010') 
   

6. Create a new BI JavaHost system component:

   wls:/offline/bi_domain>createOBIJHComponent('ASERVER_HOME','BIHOST1',port='OBIJH_port') 
   

   For example:

   wls:/offline/bi_domain>createOBIJHComponent('/u01/oracle/config/domains/bi_domain','BIHOST1',port='10011') 
   

7. Update and save the domain:

   wls:/offline/bi_domain/SystemComponent/obijh1>updateDomain()
   

8. Close the domain:

   wls:/offline/bi_domain/SystemComponent/obijh1>closeDomain()
   

9. Synchronize the changes with the WebLogic Server JDBC connection pools. This updates the midtier schema endpoints stored outside of WebLogic Server (for example, odbc.ini).

   wls:/offline>syncMidtierDb(‘ASERVER_HOME’)
   

10. Exit WLST:

    wls:/offline>exit()
    

10.8 Creating a BI Service Instance

Perform the steps in this section to create a new BI Service instance.

Note:

Replace ASERVER_HOME with the actual path to the domain directory you created on the shared storage device.

1. Start WLST:

   cd ORACLE_HOME/oracle_common/common/bin/
   
   ./wlst.sh
   

2. Open the BI Administration Server domain for updating:

   wls:/offline>readDomain(‘ASERVER_HOME’)
   

3. Run the following command to create a new BI Service instance:

   wls:/offline/bi_domain>createBIServiceInstance(‘ASERVER_HOME’,‘service1’,owner='weblogic',
   description=’Default Service’, bar=’ORACLE_HOME/bi/bifoundation/samples/sampleapplite/SampleAppLite.bar’,
   port='OBIS_port', portMonitor='OBIS_monitor_port',machine='BIHOST1')
   

   For example:

   wls:/offline/bi_domain>createBIServiceInstance(‘/u01/oracle/config/domains/bi_domain’,‘service1’,owner='weblogic',
   description=’Default Service’, bar=’/u01/oracle/products/fmw/bi/bifoundation/samples/sampleapplite/SampleAppLite.bar’,
   port='10020', portMonitor='10021',machine='BIHOST1')
   

4. Update and save the domain:

   wls:/offline/bi_domain/SystemComponent/obis1>updateDomain()
   

5. Close the domain for editing:

   wls:/offline/bi_domain/SystemComponent/obis1>closeDomain()
   

6. Optional: Configure the default key to allow standard URLs to be used for the BI Service instance:

   wls:/offline>f = open('ASERVER_HOME/config/fmwconfig/biconfig/bi-security/config.properties', 'a')
   wls:/offline>f.write ("defaultServiceInstanceKey=" + 'service1')
   wls:/offline>f.close()
   

7. SampleAppLite uses XML data, which needs to be unzipped to the correct location.

   import os
   import zipfile
   def unzip(srcZip, destDir):
       # no native unzip-to-dest in jython 2.2 :-(
       z = zipfile.ZipFile(srcZip)
       if not destDir.endswith('/'):
           destDir += '/'
       if not os.path.exists(destDir):
           os.makedirs(destDir)
       for f in z.namelist():
           outpath = destDir + f
           if f.endswith('/'):
               os.makedirs(outpath)
           else:
               outfile = open(outpath, 'wb')
               outfile.write(z.read(f))
               outfile.close()
   

   wls:/offline>srcZip='ORACLE_HOME/bi/bifoundation/samples/sampleapplite/SampleAppLite-datafiles.zip'
   wls:/offline>destDir='ASERVER_HOME/bidata/service_instances/service1/data'
   wls:/offline>unzip(srcZip,destDir)
   

8. Exit WLST:

   exit()
   

10.9 Configuring the Singleton Data Directory (SDD)

Oracle Business Intelligence metadata is stored in a Singleton Data Directory (SDD). Metadata is managed in an Oracle Business Intelligence archive (BAR) file containing information about the Presentation Catalog, the metadata repository, and security authentication.

Perform the following steps to set up a shared directory for the Singleton Data Directory:

Note:

The path to the Singleton Data Directory (SDD) is defined in the ASERVER_HOME/config/fmwconfig/bienv/core/bi-environment.xml file.

1. Create a shared directory for the Singleton Data Directory (SDD):

   For example:

   mkdir Shared_Storage_Location/biconfig
   

2. Move the data in the ASERVER_HOME/bidata directory to the shared directory you just created:

   mv ASERVER_HOME/bidata Shared_Storage_Location/biconfig
   

3. Update the Singleton Data Directory location in the bi-environment.xml file by doing the following:
   1. Open the ASERVER_HOME/config/fmwconfig/bienv/core/bi-environment.xml file for editing.
   2. Edit the file to change the Singleton Data Directory location from the default $DOMAIN_HOME/bidata directory to the absolute path of the shared bidata directory.

   For example:

   <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
   <bi:environment xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:bi="http://bi.oracle.com/lcm">
        <bi:logoff-url></bi:logoff-url>
        <bi:singleton-data-directory>Shared_Storage_Location/biconfig/bidata</bi:singleton-data-directory>   
        <bi:services-domain-name-suffix>bi.outsourcing.com</bi:services-domain-name-suffix>
   </bi:environment>         
   

4. Save and close the file.

10.10 Configuring Security for Essbase in Oracle Business Intelligence

Essbase components installed using the Oracle Business Intelligence installer cannot use Native Essbase or Hyperion Shared Services (HSS) security.

However, when you install Essbase with Oracle Business Intelligence, the Common Security Service (CSS) token-based identity assertion continues to be available and enables Oracle Business Intelligence to connect to Essbase data sources (both Essbase installed with Oracle Business Intelligence and Essbase installed with Enterprise Performance Management (EPM)) with the credentials of the end user. For this mechanism to work with an Essbase data source external to the Oracle Business Intelligence installation, you must follow the documentation. Also note that if multiple Essbase data sources are being used by Oracle Business Intelligence and there is a requirement to use this mechanism, all Essbase data sources must use the same shared secret for producing CSS tokens.

For more information, see Configuring Oracle Business Intelligence to Use Hyperion SSO Tokens when Communicating with Essbase, Hyperion Financial Management, Hyperion Planning in the System Administrator's Guide for Oracle Business Intelligence Enterprise Edition.

To configure Common Security Services (CSS) security for Essbase components, you must run the following after creating the initial BI domain and before starting the domain:

cd ASERVER_HOME/bitools/bin
./generate_css_secrets.sh

10.11 Configuring the Domain Directories and Starting the Servers on BIHOST1

After the domain is created, you must perform a series of additional configuration tasks on BIHOST1. For example, you start the Node Manager and Administration Server. You then create a separate domain directory for the Managed Server. In this new and separate Managed Server directory, you start a second Node Manager instance and start the Managed Server and the Business Intelligence system components.

• Starting the Node Manager in the Administration Server Domain Home on BIHOST1
  Use these steps to start the per-domain Node Manager for the ASERVER_HOME domain directory.
• Creating the boot.properties File
  You must create a boot.properties if you want start the Node Manager without being prompted for the Node Manager credentials. This step is required in an enterprise deployment. The credentials you enter in this file are encrypted when you start the Administration Server.
• Starting the Administration Server
  Use these steps to start the Administration Server using the Node Manager.
• Validating the Administration Server
  Before proceeding with the configuration steps, validate that the Administration Server has started successfully by making sure you have access to the Oracle WebLogic Server Administration Console and Oracle Enterprise Manager Fusion Middleware Control, which both are installed and configured on the Administration Serverls.
• Disabling the Derby Database
  
• Creating a Separate Domain Directory for Managed Servers on BIHOST1
  When you initially create the domain for enterprise deployment, the domain directory resides on a shared disk. This default domain directory will be used to run the Administration Server. You can now create a copy of the domain on the local storage for both BIHOST1 and BIHOST2. The domain directory on the local (or private) storage will be used to run the Managed Servers.
• Starting the Node Manager in the Managed Server Domain Directory on BIHOST1
  
• Starting the WLS_BI1 Managed Server on BIHOST1
  Use Oracle Enterprise Manager Fusion Middleware Control to start the Managed Server on BIHOST1.
• Starting the System Components
  Use Oracle Enterprise Manager Fusion Middleware Control to start the system components for Oracle Business Intelligence.

10.11.1 Starting the Node Manager in the Administration Server Domain Home on BIHOST1

Use these steps to start the per-domain Node Manager for the ASERVER_HOME domain directory.

1. Verify that the listen address in the nodemanager.properties file is set correctly:
   1. Open the following file, using a text editor:

      ASERVER_HOME/nodemanager/nodemanager.properties
      

   2. Make sure the ListenAddress property is set to the value of the ADMINVHN virtual IP address.
2. Navigate to the following directory:

   ASERVER_HOME/bin
   

3. Use the following command to start the Node Manager:

   nohup ./startNodeManager.sh > ASERVER_HOME/nodemanager/nodemanager.out 2>&1 &
   

   For more information about additional Node Manager configuration options, see Administering Node Manager for Oracle WebLogic Server.

10.11.2 Creating the boot.properties File

You must create a boot.properties if you want start the Node Manager without being prompted for the Node Manager credentials. This step is required in an enterprise deployment. The credentials you enter in this file are encrypted when you start the Administration Server.

To create a boot.properties file for the Administration Server:

1. Create the following directory structure:

   mkdir -p ASERVER_HOME/servers/AdminServer/security
   

2. In a text editor, create a file called boot.properties in the security directory created in the previous step, and enter the Administration Server credentials that you defined when you ran the Configuration Wizard to create the domain:

   username=adminuser
   password=password
   

   Note:

   When you start the Administration Server, the username and password entries in the file get encrypted.

   For security reasons, minimize the amount of time the entries in the file are left unencrypted; after you edit the file, you should start the server as soon as possible so that the entries get encrypted.

3. Save the file and close the editor.

10.11.3 Starting the Administration Server

Use these steps to start the Administration Server using the Node Manager.

1. Start WLST:

   cd ORACLE_COMMON_HOME/common/bin
   ./wlst.sh
   

2. Connect to Node Manager using the Node Manager credentials you defined in when you created the domain in the Configuration Wizard:

   wls:/offline>nmConnect('nodemanager_username','nodemanager_password',
               'ADMINVHN','5556','domain_name',
               'ASERVER_HOME')
   

   Note:

   This username and password are used only to authenticate connections between Node Manager and clients. They are independent of the server admin ID and password and are stored in the nm_password.properties file located in the following directory:

   ASERVER_HOME/config/nodemanager
   

3. Start the Administration Server:

   nmStart('AdminServer')
   

4. Exit WLST:

   exit()
   

10.11.4 Validating the Administration Server

Before proceeding with the configuration steps, validate that the Administration Server has started successfully by making sure you have access to the Oracle WebLogic Server Administration Console and Oracle Enterprise Manager Fusion Middleware Control, which both are installed and configured on the Administration Serverls.

To navigate to Fusion Middleware Control, enter the following URL, and log in with the Oracle WebLogic Server administrator credentials:

ADMINVHN:7001/em

To navigate to the Oracle WebLogic Server Administration Console, enter the following URL, and log in with the same administration credentials:

ADMINVHN:7001/console

10.11.5 Disabling the Derby Database

Before you create the Managed Server directory and start the Managed Servers, disable the embedded Derby database, which is a file-based database, packaged with Oracle WebLogic Server. The Derby database is used primarily for development environments. As a result, you must disable it when you are configuring a production-ready enterprise deployment environment; otherwise, the Derby database process will start automatically when you start the Managed Servers.

To disable the Derby database:

1. Navigate to the following directory in the Oracle home.
   WL_HOME/common/derby/lib
2. Rename the Derber library jar file:
   mv derby.jar disable_derby.jar

10.11.6 Creating a Separate Domain Directory for Managed Servers on BIHOST1

When you initially create the domain for enterprise deployment, the domain directory resides on a shared disk. This default domain directory will be used to run the Administration Server. You can now create a copy of the domain on the local storage for both BIHOST1 and BIHOST2. The domain directory on the local (or private) storage will be used to run the Managed Servers.

Placing the MSERVER_HOME on local storage is recommended to eliminate the potential contention and overhead cause by servers writing logs to shared storage. It is also faster to load classes and jars need from the domain directory, so any tmp or cache data that Managed Servers use from the domain directory is processed quicker.

As described in Preparing the File System for an Enterprise Deployment, the path to the Administration Server domain home is represented by the ASERVER_HOME variable, and the path to the Managed Server domain home is represented by the MSERVER_HOME variable.

To create the Managed Server domain directory:

1. Log in to BIHOST1 and run the pack command to create a template as follows:

   cd ORACLE_COMMON_HOME/common/bin
    
   ./pack.sh -managed=true 
             -domain=ASERVER_HOME 
             -template=complete_path/bidomaintemplate.jar 
             -template_name=bi_domain_template
   

   In this example:

   • Replace ASERVER_HOME with the actual path to the domain directory you created on the shared storage device.

   • Replace complete_path with the complete path to the location where you want to create the domain template jar file. You will need to reference this location when you copy or unpack the domain template jar file.

   • bidomaintemplate.jar is a sample name for the jar file you are creating, which will contain the domain configuration files.

   • bi_domain_template is the name assigned to the domain template file.

2. Make a note of the location of the bidomaintemplate.jar file you just created with the pack command.

   You must specify a full path for the template jar file as part of the -template argument to the pack command:

   ORACLE_COMMON_HOME/common/bin/
   

   Tip:

   For more information about the pack and unpack commands, see "Overview of the Pack and Unpack Commands" in Creating Templates and Domains Using the Pack and Unpack Commands.

3. If you haven't already, create the recommended directory structure for the Managed Server domain on the BIHOST1 local storage device.

   Use the examples in File System and Directory Variables Used in This Guide as a guide.

4. Run the unpack command to unpack the template in the domain directory onto the local storage, as follows:

   cd ORACLE_COMMON_HOME/common/bin
   
   ./unpack.sh -domain=MSERVER_HOME \
               -overwrite_domain=true \
               -template=complete_path/bidomaintemplate.jar \ 
               -log_priority=DEBUG \
               -log=/tmp/unpack.log \
               -app_dir=APPLICATION_HOME \
   

   Note:

   The -overwrite_domain option in the unpack command allows unpacking a managed server template into an existing domain and existing applications directories. For any file that is overwritten, a backup copy of the original is created. If any modifications had been applied to the start scripts and ear files in the managed server domain directory, they must be restored after this unpack operation.

   Additionally, to customize server startup parameters that apply to all servers in a domain, you can create a file called setUserOverrides.sh and configure it to, for example, add custom libraries to the WebLogic Server classpath, specify additional java command line options for running the servers, or specify additional environment variables. Any customizations you add to this file are preserved during domain upgrade operations, and are carried over to remote servers when using the pack and unpack commands.

   In this example:

   • Replace MSERVER_HOME with the complete path to the domain home to be created on the local storage disk. This is the location where the copy of the domain will be unpacked.

   • Replace complete_path with the complete path to the location where you created or copied the template jar file.

   • bidomaintemplate.jar is the name of the template jar file you created when you ran the pack command to pack up the domain on the shared storage device.

   Tip:

   For more information about the pack and unpack commands, see "Overview of the Pack and Unpack Commands" in Creating Templates and Domains Using the Pack and Unpack Commands.

5. Change directory to the newly created Managed Server directory and verify that the domain configuration files were copied to the correct location on the BIHOST1 local storage device.

10.11.7 Starting the Node Manager in the Managed Server Domain Directory on BIHOST1

After you create the Managed Server domain directory, there are two domain home directories and two corresponding Node Manager instances on BIHOST1. You use one Node Manager to control the Administration Server, running from Administration Server domain home, and you use the other Node Manager to control the Managed Servers, running from the Managed Server domain home.

You must start the two Node Managers independently.

Follow these steps to start the Node Manager from the Managed Server home:

1. Navigate to the following directory:
   MSERVER_HOME/bin
2. Use the following command to start the Node Manager:

   nohup ./startNodeManager.sh > ./nodemanager.out 2>&1 &
   

For information about additional Node Manager configuration options, see Administering Node Manager for Oracle WebLogic Server.

10.11.8 Starting the WLS_BI1 Managed Server on BIHOST1

Use Oracle Enterprise Manager Fusion Middleware Control to start the Managed Server on BIHOST1.

Fusion Middleware Control is available because you already started the Node Manager and Administration Server in a previous step:

1. Enter the following URL into a browser to display the Fusion Middleware Control login screen:

   http://ADMINVHN:7001/em
   

   In this example:

   • Replace ADMINVHN with the host name assigned to the ADMINVHN Virtual IP address.

   • Port 7001 is the typical port used for the Administration Server console and Fusion Middleware Control. However, you should use the actual URL that was displayed at the end of the Configuration Wizard session when you created the domain.

     Tip:

     For more information about managing Oracle Fusion Middleware using Oracle Enterprise Manager Fusion Middleware Control, see "Getting Started Using Oracle Enterprise Manager Fusion Middleware Control" in Administering Oracle Fusion Middleware.

2. Log in to Fusion Middleware Control using the Administration Server credentials.
3. Select the Servers pane to view the Managed Servers in the domain.
   
   Description of the illustration GUID-3887C2F6-F122-4531-970E-118B75645A3D-default.png
4. Select only the WLS_BI1 Managed Server and click Control on the tool bar. Then, under Control, select Start.

10.11.9 Starting the System Components

Use Oracle Enterprise Manager Fusion Middleware Control to start the system components for Oracle Business Intelligence.

Fusion Middleware Control is already available because you already started the Node Manager and the Administration Server in a previous step.

1. Enter the following URL into a browser to display the Fusion Middleware Control login screen:

   http://ADMINVHN:7001/em
   

2. Log into Fusion Middleware Control using the Administration Server credentials.
3. If not already displayed, click the Target Navigation icon in the top left corner of the page to display the Target Navigation pane.
4. In the Target Navigation pane, expand the Business Intelligence folder and select biinstance.
   
   Description of the illustration GUID-CDDE1429-FC90-4D62-8B46-2890A34DF492-default.png
   The Business Intelligence Overview page appears.
5. Click Availability and then Processes to display the Processes tab on the Availability page.
6. Click Start All to start all the components.
   
   Description of the illustration GUID-D47E0182-9056-4F64-BE2F-F8295B93890B-default.png

10.12 Setting Up the Global Cache

The global cache is a query cache that is shared by all Oracle BI servers participating in a cluster. It is recommended that you configure the global cache so that cache seeding and purging events can be shared by all Oracle BI servers participating in a cluster.

For more information about the global cache, see About the Global Cache in the System Administrator's Guide for Oracle Business Intelligence Enterprise Edition.

To set up the global cache:

1. Create a shared directory for the global cache.

   mkdir Shared_Storage_Location/global_cache
   

   All Oracle BI servers must have read and write access to this directory.
2. Use the Performance tab of the Configuration page in Fusion Middleware Control to set the Global cache path and Global cache size.
   1. Enter the following URL into a browser to display the Fusion Middleware Control login screen:

      http://ADMINVHN:7001/em
      

   2. Log in to Fusion Middleware Control using the Administration Server credentials.
   3. If not already displayed, click the Target Navigation icon in the top left corner of the page to display the Target Navigation pane.
   4. In the Target Navigation pane, expand the Business Intelligence folder and select biinstance.
      
      Description of the illustration GUID-CDDE1429-FC90-4D62-8B46-2890A34DF492-default.png
      The Business Intelligence Overview page appears.
   5. Click Configuration and then Performance to display the Performance tab of the Configuration page.
   6. Click Lock & Edit in the Change Center menu at the top right corner of the page.
   7. Specify the shared directory you created for storing purging and seeding cache entries in the Global cache path field. Enter a value for the Global cache size to specify the maximum size of the global cache (for example, 250 MB).
   8. Click Apply.
   9. Click Activate Changes in the Change Center menu at the top right corner of the page.

10.13 Verifying Oracle Business Intelligence URLs on BIHOST1

After starting the components in the domain on BIHOST1, access these URLs to verify the configuration of Oracle Business Intelligence.

• Access the following URL to verify the status of WLS_BI1:

  http://BIHOST1VHN1:7003/analytics
  

  You will be redirected to:

  http://bi.example.com/analytics
  

• Access the following URL to verify the status of the BI Publisher application:

  http://BIHOST1VHN1:7003/xmlpserver
  

  You will be redirected to:

  http://bi.example.com/xmlpserver
  

• Access the following URL to verify the status of the Oracle Essbase application:

  http://BIHOST1VHN1:7003/aps/Essbase
  

10.14 Creating a New LDAP Authenticator and Provisioning Enterprise Deployment Users and Group

When you configure an Oracle Fusion Middleware domain, the domain is configured by default to use the WebLogic Server authentication provider (DefaultAuthenticator). However, for an enterprise deployment, Oracle recommends that you use a dedicated, centralized LDAP-compliant authentication provider.

The following topics describe how to use the Oracle WebLogic Server Administration Console to create a new authentication provider for the enterprise deployment domain. This procedure assumes you have already installed and configured a supported LDAP directory, such as Oracle Unified Directory or Oracle Internet Directory.

• About the Supported Authentication Providers
  
• About the Enterprise Deployment Users and Groups
  
• Prerequisites for Creating a New Authentication Provider and Provisioning Users and Groups
  
• Provisioning a Domain Connector User in the LDAP Directory
  
• Creating the New Authentication Provider
  
• Provisioning an Enterprise Deployment Administration User and Group
  
• Adding the New Administration User to the Administration Group
  
• Updating the boot.properties File and Restarting the System
  

10.14.1 About the Supported Authentication Providers

Oracle Fusion Middleware supports a variety of LDAP authentication providers. For more information, see "Identity Store Types and WebLogic Authenticators" in Securing Applications with Oracle Platform Security Services.

The instructions in this guide assume you will be using one of the following providers:

• Oracle Unified Directory

• Oracle Internet Directory

• Oracle Virtual Directory

Note:

By default, the instructions here describe how to configure the identity service instance to support querying against a single LDAP identity store.

However, you can configure the service to support a virtualized identity store, which queries multiple LDAP identity stores, using LibOVD.

For more information about configuring a Multi-LDAP lookup, refer to "Configuring the Identity Store Service" in Securing Applications with Oracle Platform Security Services.

10.14.2 About the Enterprise Deployment Users and Groups

The following topics provide important information on the purpose and characteristics of the enterprise deployment administration users and groups.

• About Using Unique Administration Users for Each Domain
  
• About the Domain Connector User
  
• About Adding Users to the Central LDAP Directory
  
• About Product-Specific Roles and Groups for Oracle Business Intelligence
  
• Example Users and Roles Used in This Guide
  

10.14.2.1 About Using Unique Administration Users for Each Domain

When you use a central LDAP user store, you can provision users and groups for use with multiple Oracle WebLogic Server domains. As a result, there is a possibility that one WebLogic administration user can have access to all the domains within an enterprise.

Such an approach is not recommended. Instead, it is a best practice to assign a unique distinguished name (DN) within the directory tree for the users and groups you provision for the administration of your Oracle Fusion Middleware domains.

For example, if you plan to install and configure an Oracle Business Intelligence enterprise deployment domain, then create a user called weblogic_bi and an administration group called BI Administrators.

10.14.2.2 About the Domain Connector User

Oracle recommends that you create a separate domain connector user (for example, biLDAP) in your LDAP directory. This user allows the domain to connect to the LDAP directory for the purposes of user authentication. It is recommended that this user be a non-administrative user.

In a typical Oracle Identity and Access Management deployment, you create this user in the systemids container. This container is used for system users that are not normally visible to users. Placing the user into the systemids container ensures that customers who have Oracle Identity Manager do not reconcile this user.

10.14.2.3 About Adding Users to the Central LDAP Directory

After you configure a central LDAP directory to be the authenticator for the enterprise domain, then you should add all new users to the new authenticator and not to the default WebLogic Server authenticator.

To add new users to the central LDAP directory, you cannot use the WebLogic Administration Console. Instead, you must use the appropriate LDAP modification tools, such as ldapbrowser or JXplorer.

When you are using multiple authenticators (a requirement for an enterprise deployment), login and authentication will work, but role retrieval will not. The role is retrieved from the first authenticator only. If you want to retrieve roles using any other authenticator, then you must enable virtualization for the domain.

Enabling virtualization involves the following steps:

1. Locate and open the following configuration file with a text editor:

   DOMAIN_HOME/config/fmwconfig/jps-config.xml
   

2. Add or update the following property, as follows:

   <property name="virtualize" value="true"/>
   

   For more information about the virtualize property, see “OPSS System and Configuration Properties” in Securing Applications with Oracle Platform Security Services.

10.14.2.4 About Product-Specific Roles and Groups for Oracle Business Intelligence

Each Oracle Fusion Middleware product implements its own predefined roles and groups for administration and monitoring.

As a result, as you extend the domain to add additional products, you can add these product-specific roles to the BI Administrators group. After they are added to the BI Administrators group, each product administrator user can administer the domain with the same set of privileges for performing administration tasks.

Instructions for adding additional roles to the BI Administrators group are provided in Common Configuration and Management Tasks for an Enterprise Deployment.

10.14.2.5 Example Users and Roles Used in This Guide

In this guide, the examples assume that you provision the following administration user and group with the DNs shown below:

• Admin User DN:

  cn=weblogic_bi,cn=users,dc=example,dc=com
  

• Admin Group DN:

  cn=BI Administrators,cn=groups,dc=example,dc=com
  

• Product-specific LDAP Connector User:

  cn=biLDAP,cn=systemids,dc=example,dc=com
  

  This is the user you will use to connect WebLogic Managed Servers to the LDAP authentication provider. This user must have permissions to read and write to the Directory Trees:

  cn=users,dc=example,dc=com
  cn=groups,dc=example,dc=com
  

Note:

When using Oracle Unified Directory, this user will need to be granted membership in the following groups to provide read and write access:

cn=orclFAUserReadPrivilegeGroup,cn=groups,dc=example,dc=com
cn=orclFAUserWritePrivilegeGroup,cn=groups,dc=example,dc=com
cn=orclFAGroupReadPrivilegeGroup,cn=groups,dc=example,dc=com
cn=orclFAGroupWritePrivilegeGroup,cn=groups,dc=example,dc=com

10.14.3 Prerequisites for Creating a New Authentication Provider and Provisioning Users and Groups

Before you create a new LDAP authentication provider, back up the relevant configuration files:

ASERVER_HOME/config/config.xml
ASERVER_HOME/config/fmwconfig/jps-config.xml
ASERVER_HOME/config/fmwconfig/system-jazn-data.xml

In addition, back up the boot.properties file for the Administration Server in the following directory:

DOMAIN_HOME/servers/AdminServer/security

10.14.4 Provisioning a Domain Connector User in the LDAP Directory

This example shows how to create a user called biLDAP in the central LDAP directory.

To provision the user in the LDAP provider:

1. Create an ldif file named domain_user.ldif with the contents shown below and then save the file:

   dn: cn=biLDAP,cn=systemids,dc=example,dc=com
   changetype: add
   orclsamaccountname: biLDAP
   userpassword: password
   objectclass: top
   objectclass: person
   objectclass: organizationalPerson
   objectclass: inetorgperson
   objectclass: orcluser
   objectclass: orcluserV2
   mail: biLDAP@example.com
   givenname: biLDAP
   sn: biLDAP
   cn: biLDAP
   uid: biLDAP
   

   Note:

   If you are using Oracle Unified Directory, then add the following four group memberships to the end of the LDIF file to grant the appropriate read/write privileges:

   dn:
   cn=orclFAUserReadPrivilegeGroup,cn=groups,dc=us,dc=oracle,dc=com
   changetype: modify
   add: uniquemember
   uniquemember: cn=biLDAP,cn=systemids,dc=us,dc=oracle,dc=com
   
   dn: cn=orclFAGroupReadPrivilegeGroup,cn=groups,dc=us,dc=oracle,dc=com
   changetype: modify
   add: uniquemember
   uniquemember: cn=biLDAP,cn=systemids,dc=us,dc=oracle,dc=com
   
   dn: cn=orclFAUserWritePrivilegeGroup,cn=groups,dc=example,dc=com
   changetype: modify
   add: uniquemember
   uniquemember: cn=biLDAP,cn=systemids,dc=example,dc=com
   
   dn: cn=orclFAGroupWritePrivilegeGroup,cn=groups,dc=example,dc=com
   changetype: modify
   add: uniquemember
   uniquemember: cn=biLDAP,cn=systemids,dc=example,dc=com
   

2. Provision the user in the LDAP directory.

   For example, for an Oracle Unified Directory LDAP provider:

   OUD_INSTANCE_HOME/bin/ldapmodify -a \
                                    -h oudhost.example.com
                                    -D "cn=oudadmin" \
                                    -w password \
                                    -p 1389 \
                                    -f domain_user.ldif
   

   For Oracle Internet Directory:

   OID_ORACLE_HOME/bin/ldapadd -h oidhost.example.com \
                                -p 3060 \
                                -D cn="orcladmin" \
                                -w password \
                                -c \
                                -v \
                                -f domain_user.ldif
   

10.14.5 Creating the New Authentication Provider

To configure a new LDAP-based authentication provider:

1. Log in to the WebLogic Server Administration Console.

2. Click Security Realms in the left navigational bar.

3. Click the myrealm default realm entry.

4. Click the Providers tab.

   Note that there is a DefaultAuthenticator provider configured for the realm. This is the default WebLogic Server authentication provider.

   
   Description of the illustration GUID-1E1C5049-4817-4FF7-9195-7C22C48BCEC5-default.gif

5. Click Lock & Edit in the Change Center.

6. Click the New button below the Authentication Providers table.

7. Enter a name for the provider.

   Use one of the following names, based on the LDAP directory service you are planning to use as your credential store:

   • OUDAuthenticator for Oracle Unified Directory

   • OIDAuthenticator for Oracle Internet Directory

   • OVDAuthenticator for Oracle Virtual Directory

8. Select the authenticator type from the Type drop-down list.

   Select one of the following types, based on the LDAP directory service you are planning to use as your credential store:

   • OracleUnifiedDirectoryAuthenticator for Oracle Unified Directory

   • OracleInternetDirectoryAuthenticator for Oracle Internet Directory

   • OracleVirtualDirectoryAuthenticator for Oracle Virtual Directory

9. Click OK to return to the Providers screen.

10. On the Providers screen, click the newly created authenticator in the table.

11. Select SUFFICIENT from the Control Flag drop-down menu.

    
    Description of the illustration GUID-4D2D6A99-F897-4D0D-B74A-050A6ABF4C8F-default.gif

    Setting the control flag to SUFFICIENT indicates that if the authenticator can successfully authenticate a user, then the authenticator should accept that authentication and should not continue to invoke any additional authenticators.

    If the authentication fails, it will fall through to the next authenticator in the chain. Make sure all subsequent authenticators also have their control flags set to SUFFICIENT; in particular, check the DefaultAuthenticator and make sure that its control flag is set to SUFFICIENT.

12. Click Save to save the control flag settings.

13. Click the Provider Specific tab and enter the details specific to your LDAP server, as shown in the following table.

    Note that only the required fields are discussed in this procedure. For information about all the fields on this page, consider the following resources:

    • To display a description of each field, click Help on the Provider Specific tab.

    • For more information on setting the User Base DN, User From Name Filter, and User Attribute fields, see "Configuring Users and Groups in the Oracle Internet Directory and Oracle Virtual Directory Authentication Providers" in Administering Security for Oracle WebLogic Server.

    Parameter	Sample Value	Value Description
    Host	For example: oud.example.com	The LDAP server's server ID.
    Port	For example: 1689	The LDAP server's port number.
    Principal	For example: cn=biLDAP, cn=systemids,dc=example,dc=com	The LDAP user DN used to connect to the LDAP server.
    Credential	Enter LDAP password.	The password used to connect to the LDAP server.
    SSL Enabled	Unchecked (clear)	Specifies whether SSL protocol is used when connecting to the LDAP server.
    User Base DN	For example: cn=users,dc=example,dc=com	Specify the DN under which your users start.
    All Users Filter	(&(uid=*)(objectclass=person))	Instead of a default search criteria for All Users Filter, search all users based on the uid value. If the User Name Attribute for the user object class in the LDAP directory structure is a type other than uid, then change that type in the User From Name Filter field. For example, if the User Name Attribute type is cn, then this field should be set to: (&(cn=*)(objectclass=person)))
    User From Name Filter	For example: (&(uid=%u)(objectclass=person))	If the User Name Attribute for the user object class in the LDAP directory structure is a type other than uid, then change that type in the settings for the User From Name Filter. For example, if the User Name Attribute type is cn, then this field should be set to: (&(cn=%u)(objectclass=person))).
    User Name Attribute	For example: uid	The attribute of an LDAP user object that specifies the name of the user.
    Group Base DN	For example: cn=groups,dc=example,dc=com	Specify the DN that points to your Groups node.
    Use Retrieved User Name as Principal	Checked	Must be turned on.
    GUID Attribute	entryuuid	This value is prepopulated with entryuuid when OracleUnifiedDirectoryAuthenticator is used for OUD. Check this value if you are using Oracle Unified Directory as your authentication provider.

14. Click Save to save the changes.

15. Return to the Providers page by clicking Security Realms in the right navigation pane, clicking the default realm name (myrealm), and then Providers.

16. Click Reorder, and then use the resulting page to make the Provider you just created first in the list of authentication providers.

    
    Description of the illustration GUID-C97DBDDA-B14C-472C-BB10-31BCA17B75DC-default.gif

17. Click OK.

18. In the Change Center, click Activate Changes .

19. Restart the Administration Server and all managed servers.

    To stop the Managed Servers, log in to Fusion Middleware Control, select the Managed Servers in the Target Navigator and click Shut Down in the toolbar.

    To stop and start the Administration Server using the Node Manager:

    1. Start WLST:

       cd ORACLE_COMMON_HOME/common/bin
       ./wlst.sh
       

    2. Connect to Node Manager using the Node Manager credentials you defined in when you created the domain in the Configuration Wizard:

       wls:/offline>nmConnect('nodemanager_username','nodemanager_password',
                   'ADMINVHN','5556','domain_name',
                   'ASERVER_HOME')
       

    3. Stop the Administration Server:

       nmKill('AdminServer')
       

    4. Start the Administration Server:

       nmStart('AdminServer')
       

    5. Exit WLST:

       exit()
       

    To start the Managed Servers, log in to Fusion Middleware Control, select the Managed Servers, and click Start Up in the toolbar.

20. After the restart, review the contents of the following log file:

    ASERVER_HOME/servers/AdminServer/logs/AdminServer.log
    

    Verify that no LDAP connection errors occurred. For example, look for errors such as the following:

    The LDAP authentication provider named "OUDAuthenticator" failed to make connection to ldap server at ...
    

    If you see such errors in the log file, then check the authorization provider connection details to verify they are correct and try saving and restarting the Administration Server again.

21. After you restart and verify that no LDAP connection errors are in the log file, try browsing the users and groups that exist in the LDAP provider:

    In the Administration Console, navigate to the Security Realms > myrealm > Users and Groups page. You should be able to see all users and groups that exist in the LDAP provider structure.

10.14.6 Provisioning an Enterprise Deployment Administration User and Group

This example shows how to create a user called weblogic_bi and a group called BI Administrators.

To provision the administration user and group in LDAP provider:

1. Create an ldif file named admin_user.ldif with the contents shown below and then save the file:

   dn: cn=weblogic_bi,cn=users,dc=example,dc=com
   changetype: add
   orclsamaccountname: weblogic_bi
   userpassword: password
   objectclass: top
   objectclass: person
   objectclass: organizationalPerson
   objectclass: inetorgperson
   objectclass: orcluser
   objectclass: orcluserV2
   mail: weblogic_bi@example.com
   givenname: weblogic_bi
   sn: weblogic_bi
   cn: weblogic_bi
   uid: weblogic_bi
   

2. Provision the user in the LDAP directory.

   For example, for an Oracle Unified Directory LDAP provider:

   OUD_INSTANCE_HOME/bin/ldapmodify -a \
                                    -h oudhost.example.com
                                    -D "cn=oudadmin" \
                                    -w password \
                                    -p 1389 \
                                    -f admin_user.ldif
   

   For Oracle Internet Directory:

   OID_ORACLE_HOME/bin/ldapadd -h oidhost.example.com \
                                -p 3060 \
                                -D cn="orcladmin" \
                                -w password \
                                -c \
                                -v \
                                -f admin_user.ldif
   

3. Create an ldif file named admin_group.ldif with the contents shown below and then save the file:

   dn: cn=WCCAdministrators,cn=Groups,dc=example,dc=com
   displayname: WCCAdministrators
   objectclass: top
   objectclass: WCCAdministrators
   objectclass: orclGroup
   uniquemember: cn=weblogic_wcc,cn=users,dc=example,dc=com
   cn: WCCAdministrators
   description: Administrators Group for the Oracle WebCenter Content Domain
   

4. Provision the group in the LDAP Directory.

   For Oracle Unified Directory:

   OUD_INSTANCE_HOME/bin/ldapmodify -a \
                                    -D "cn=oudadmin" \
                                    -h oudhost.example.com \
                                    -w password \
                                    -p 3060 \
                                    -f admin_group.ldif
   

   For Oracle Internet Directory:

   OID_ORACLE_HOME/bin/ldapadd -h oid.example.com \
                               -p 3060 \
                               -D cn="orcladmin" \
                               -w password \
                               -c \
                               -v \
                               -f admin_group.ldif
   

5. Verify that the changes were made successfully:

   1. Log in to the Oracle WebLogic Server Administration Console.

   2. In the left pane of the console, click Security Realms.

   3. Click the default security realm (myrealm).

   4. Click the Users and Groups tab.

   5. Verify that the administrator user and group you provisioned are listed on the page.

10.14.7 Adding the New Administration User to the Administration Group

After adding the users and groups to Oracle Internet Directory, the group must be assigned the Administration role within the WebLogic domain security realm. This enables all users that belong to the group to be administrators for the domain.

To assign the Administration role to the new enterprise deployment administration group:

1. Log in to the WebLogic Administration Server Console using the administration credentials that you provided in the Configuration Wizard.

   Do not use the credentials for the administration user you created and provided for the new authentication provider.

2. In the left pane of the Administration Console, click Security Realms.
3. Click the default security realm (myrealm).
4. Click the Roles and Policies tab.
5. Expand the Global Roles entry in the table and click Roles.
   
   Description of the illustration GUID-ACD10298-8167-4E09-8C24-91A5DACC091B-default.gif
6. Click the Admin role.
   
   Description of the illustration GUID-DA55366E-ABE6-442D-B137-081295E9EAEE-default.gif
7. Click Add Conditions button.
8. Select Group from the Predicate List drop-down menu, and then click Next.
9. Enter BI Administrators in the Group Argument Name field, and then click Add.

   BI Administrators is added to the list box of arguments.

10. Click Finish to return to the Edit Global Role page.

    The BI Administrators group is now listed.

11. Click Save to finish adding the Admin Role to the BI Administrators group.
12. Validate that the changes were made by logging in to the WebLogic Administration Server Console using the new weblogic_bi user credentials.

    If you can log in to the Oracle WebLogic Server Administration Console and Fusion Middleware Control with the credentials of the new administration user you just provisioned in the new authentication provider, then you have configured the provider successfully.

10.14.8 Updating the boot.properties File and Restarting the System

After you create the new administration user and group, you must update the Administration Server boot.properties file with the administration user credentials that you created in the LDAP directory:

1. On BIHOST1, go the following directory:

   ASERVER_HOME/servers/AdminServer/security
   

2. Rename the existing boot.properties file:

   mv boot.properties boot.properties.backup
   

3. Use a text editor to create a file called boot.properties under the security directory.
4. Enter the following lines in the file:

   username=weblogic_bi
   password=password
   

5. Save the file.
6. Restart the Administration Server.

10.15 Backing Up the Oracle Business Intelligence Configuration

It is an Oracle best practices recommendation to create a backup after successfully configuring a domain or at another logical point. Create a backup after verifying that the installation so far is successful. This is a quick backup for the express purpose of immediate restoration in case of problems in later steps.

The backup destination is the local disk. You can discard this backup when the enterprise deployment setup is complete. After the enterprise deployment setup is complete, you can initiate the regular deployment-specific Backup and Recovery process.

For information about backing up your configuration, see Performing Backups and Recoveries for an Enterprise Deployment.