1. Configuring Oracle Analytics Cloud
  2. Configure Your Service
  3. Manage Publishing Options
  4. Set Up Delivery Destinations

Set Up Delivery Destinations

This topic describes the setup required to deliver reports. It also describes how to set up the HTTP notification server.

Note:

The email, FTP, printer, fax, and content management hosts must be accessible from the public internet.

Topics:

Configure Delivery Options

You can define the SSL certicate file and set the general properties for e-mail deliveries and notifications.

  1. From the Administration page, select Delivery Configuration.
  2. If you want to use a self-signed certificate, select a file from SSL Certificate File.
  3. Enter the From address to appear on e-mail report deliveries. The default value is bipublisher-report@oracle.com.
  4. Enter the From address to appear on notifications deliveries. The default value is bipublisher-notification@oracle.com.
  5. Enter the subject text for notification e-mails when the report status is Success, Warning, Failed, or Skipped.
  6. In the Allowed Email Recipient Domains field, enter the domains you want to allow email delivery. Separate the email domains by a comma. By default, * allows all domains.
    Note that if you want to ignore email delivery restrictions for a report delivery, select the Ignore Email domain Restrictions property of that report.
  7. Select Email Output as URL, if you want the jobs to email the URL to access the job output instead of attaching the job output to the email.
    The email recipient can view the job output only after logging in with the valid credentials required to access the Publisher report. The recipient must have access to Publisher. If the output of a private job is sent to a user without administrator access, the job succeeds and the recipient receives the email with the URL, but the recipient can't view the job output.
  8. Select Use System Proxy Settings if the Delivery Manager must look up the proxy server settings from the Java runtime environment.

    • Printer, Fax, WebDAV, HTTP and CUPS servers use proxy settings for HTTP protocol when SSL is not used. When SSL is used, the HTTPS proxy setting is used.

    • FTP and SFTP use proxy settings for FTP.

    • Contents servers and email servers don't support connection over a proxy, regardless of this setting.

    You can override the proxy settings per delivery server, using proxy configuration fields on the individual server setup page. If a proxy server and ports are configured for a delivery server, the Delivery Manager uses the proxy server and port configured for the server instead of the one defined in the Java Runtime environment. In Cloud installations, Use System Proxy Settings is always selected, and cannot be turned off or overridden by individual server settings.

If Publisher encounters an issue connecting to the email server, it attempts to send the email again for three times, with a 30-second interval between each attempt.

Understand Printer and Fax Server Configuration

Understand your printer type before you set up the printer or fax server.

Regardless of the operating system, the printer destination can be any IPP server. The IPP server can be the printer itself, but if the printer doesn't natively support IPP, you can set up a print server that does support IPP (such as CUPS), and then connect to the print server to the printer.

To send a fax, you must set up Common Unix Printing Service (CUPS) and the fax4CUPS extension. For information on setting up CUPS or Windows IPP print servers and how to connect network printers to them, refer to the CUPS or Windows IPP software vendor documentation.

PDF is a popular output format for business reports. However, some reports require printing directly from the report server. For example, paychecks and invoices are usually printed as scheduled batch jobs. Some printers with PostScript Level 3 compliant Raster Image Processing can natively support PDF documents, but there're still many printers in business use that only support PostScript Level 2 that can't print PDF documents directly.

To print PDF documents directly, if your printer or print server doesn't support printing PDF:

  • Select a filter - PDF to PostScript or PDF to PCL.

  • Configure a custom, or third-party filter.

A filter enables you to call a conversion utility to convert the PDF to a file format supported by your specific printer type. You can use the PDF to PCL conversion only for font selection requirements for check printing. For generic printing requirements, use the PDF to PostScript level 2 filter.

Selection of PDF to PCL filter automatically populates the Filter Command field. You can embed PCL commands into RTF templates to invoke the PCL commands at a specific position on the PCL page; for example, to use a font installed on the printer for routing and account numbers on a check.

You can also call a custom filter using operating system commands.

To specify a custom filter, pass the native OS command string with the two placeholders for the input and output filename, {infile} and {outfile}.

This is useful especially if you're trying to call IPP printers directly or IPP printers on Microsoft Internet Information Service (IIS). Unlike CUPS, those print servers don't translate the print file to a format the printer can understand. With the filter functionality, you can call any of the native OS commands to transform the document to the format that the target printer can understand.

For example, to transform a PDF document to a PostScript format, enter the following PDF to PS command in the Filter Command field:

pdftops {infile} {outfile}

To call an HP LaserJet printer setup on a Microsoft IIS from Linux, you can set Ghostscript as a filter to transform the PDF document into the format that the HP LaserJet can understand. To do this, enter the following Ghostscript command in the Filter Command field: 

gs -q -dNOPAUSE -dBATCH -sDEVICE=laserjet -sOutputFile={outfile} {infile}

For fax servers, you can use the filter to transform the file to Tag Image File Format (TIFF).

Add a Printer

You can set up a printer to print reports.

The printer server must be accessible from the public internet.

  1. From the Administration page, under Delivery, select Printer, and then click Add Server.
  2. Enter the server name and URI of the printer.
  3. Optional: If your printer or print server doesn't support printing PDF, enter a filter to call a conversion utility to convert the PDF to a file format supported by your specific printer type.

    • PDF to PostScript

    • PDF to PCL

    Use the PDF to PCL filter only if you have a requirement to select fonts for printing check using embedded PCL command. For generic printing requirements, use the PDF to PostScript filter.
  4. Optional: Enter the user name, password, authentication type (None, Basic, Digest), and encryption Type (None, SSL).
  5. Optional: Enter the host, port, user name, password, and authentication type (None, Basic, Digest) of the proxy server.
  6. Optional: In the Access Control section, deselect Public.
  7. From the Available Roles list, select one or more roles you want to provide access to the delivery channel, and click Move to add them to the Allowed Roles list.
  8. Click Apply.

Add a Fax Server

You must set up Common Unix Printing Service (CUPS) and the fax4CUPS extension, if you want to send fax.

The fax server must be accessible from the public internet.

  1. From the Administration page, under Delivery, select Fax, and then click Add Server.
  2. Enter the server name and the URI (Uniform Resource Identifier) of the fax server.
  3. Optional: If your fax server doesn't support printing PDF, enter a filter to call a conversion utility to convert the PDF to a file format supported by your specific fax server.
  4. Optional: Enter the user name, password, authentication type (None, Basic, Digest), and encryption Type (None, SSL) of the fax server.
  5. Optional: Enter the host, port, user name, password, and authentication type (None, Basic, Digest) of the proxy server.
  6. Optional: In the Access Control section, deselect Public.
  7. From the Available Roles list, select one or more roles you want to provide access to the delivery channel, and click Move to add them to the Allowed Roles list.
  8. Click Apply.

Add an Email Server

You can add an email server to deliver reports by email.

The mail server must be accessible from the public internet.

  1. From the Administration page, under Delivery, select Email, and then click Add Server.
  2. Enter the Server Name and Host of the email server.
  3. Optional: Select a Secure Connection method to use for connections with the email server.
    Use TLS when the server supports the protocol; SSL is accepted in the response.
  4. Optional: Enter the port number, user name, and password.
  5. In the Access Control section, deselect Public.
  6. From the Available Roles list, select one or more roles you want to provide access to the delivery channel, and click Move to add them to the Allowed Roles list.
  7. Click Test Connection.
  8. Click Apply.

Deliver Reports Using Email Delivery Service on Oracle Cloud Infrastructure

You can use the Email Delivery service on Oracle Cloud Infrastructure to deliver reports.

If you don't have access to Oracle Cloud Infrastructure Console, ask your Oracle Cloud Infrastructure administrator to provide you access.

  1. In Oracle Cloud Infrastructure Console, configure Email delivery.
    1. Sign-in to your Oracle Cloud account with permissions to configure Email Delivery.
    2. In Oracle Cloud Infrastructure Console, click Navigation menu in the top left corner.
    3. Click Developer Services. Under Application Integration, click Email Delivery.
    4. Optional: Set up the email domain you plan to use.

      This is the domain you plan to use for the approved sender email address, and can’t be a public mailbox provider domain such as gmail.com or hotmail.com.

    5. Click Approved Senders.
    6. On the Create Approved Senders page, set up an approved sender for the From email address that you want to use to send emails through the mail server.

      Create Approved Sender dialog

      Refer to Oracle Cloud Infrastructure documentation for details. See Managing Approved Senders.

    7. Click Configuration, then make a note of the Public Endpoint, Port (587), and that Transport Layer Security (TLS) is used on the connection.

      Email Configuration page

      Refer to Oracle Cloud Infrastructure documentation for details. See Configure the SMTP connection.

    8. If you've not already done so, click the Identity Interface link to navigate to your Identity pages and then click Generate SMTP Credentials to generate SMTP credentials for yourself or another user with permissions to manage email.

      Enter a Description, such as Oracle Analytics Cloud credentials, and click Generate SMTP Credentials.

      Generate SMTP Credentials

      Copy the Username and Password for your records.

      Username and password for SMTP mail server user

      Refer to Oracle Cloud Infrastructure documentation for details. See Generate SMTP credentials for a user.

  2. In Oracle Analytics Cloud, add a connection to the email server.
    1. From the Administration page, under Delivery, select Email, and then click Add Server.
    2. Enter the name of the email server (Email Delivery service hostname).
    3. Enter the port number and SMTP credentials (user name and password).
    4. Select the secure connection method.
    5. In the Access Control section, deselect Public.
    6. From the Available Roles list, select one or more roles you want to provide access to the delivery channel, and click Move to add them to the Allowed Roles list.
    7. Click Test Connection.
    8. Click Apply.
  3. Set up delivery notification.
    1. From the Administration page, under Delivery, select Delivery Configuration.
    2. Enter values for Email From Address and Delivery Notification Email From Address.
    3. Optional: Enter values for Success Notification Subject, Warning Notification Subject, Failure Notification Subject, and Skipped Notification Subject.
      The completed jobs use the appropriate notification subject depending on the status of the job.
    4. Deselect Use System Proxy Settings.
  4. Configure the bursting jobs to deliver reports using the email server.
    Update bursting queries to specify Email as the delivery channel in DEL_CHANNEL and provide the "From" address in PARAMETER3.
  5. Test report delivery.
    1. Schedule a job to email a report using the email server.
    2. In the Job History Details page, check the status of the job.

Add an HTTP or HTTPS Server

The administrator can add an HTTP or HTTPS sever to send a notification request to after the report completes.

You can register an application URL or postprocess HTTP or HTTPS URL as an HTTP server.

The HTTP notification sent by Publisher posts a form data for Job ID, report URL and Job Status to the HTTP Server URL page.

  1. From the Administration page, under Delivery, select HTTP, and then click Add Server.
  2. Enter the server name and the URL of the server.
  3. Optional: Enter the host, port, user name, password, authentication type (None, Basic, Digest), and and encryption type (None, SSL) of the server.
  4. Optional: If the notification is to be sent through a proxy server, enter the user name, password,and the authentication type (None, Basic, Digest).
  5. In the Access Control section, deselect Public.
  6. From the Available Roles list, select one or more roles you want to provide access to the delivery channel, and click Move to add them to the Allowed Roles list.
  7. Click Apply.

Add an FTP or SFTP Server

You can add an FTP server or SFTP server as a delivery channel for Publisher.

If the destination file name supplied to the scheduler contains non-ascii characters, UTF-8 encoding is used to specify the file name to the destination FTP server. Your FTP server must support UTF-8 encoding or the job delivery will fail with "Delivery Failed" error message.

The FTP server or SFTP server must be accessible from the public internet.

Publisher doesn't support FTP over TLS / SSL (FTPS). You can't use FTP over TLS or SSL for delivery. Use SFTP for secure file transfer.

  1. From the Administration page, under Delivery, select FTP, and then click Add Server.
  2. Enter the server name, host name, and port number for the FTP or SFTP server.
    The default port for FTP is 21. The default port for Secure FTP (SFTP) is 22.
  3. To enable Secure FTP (SFTP), select Use Secure FTP.
  4. If the FTP server is behind a firewall, select Use Passive Mode .
  5. Optional: In the Filter Command field, specify a custom filter to apply a file conversion such as encryption.
    To specify a custom filter, pass the native Operating System command string with the two placeholders for the input and output file name, {infile} and {outfile}.

    For example, to set up encryption of the file using a Filter Command, enter the following:

    gpg -e -r myKey -o {outfile} {infile}

    where

    myKey is the ID to gpg key (such as real name, email address, or fingerprint).

    The Filter command field doesn’t support quotes. Therefore you cannot use certain valid gpg formats that include spaces, for example: "myname <myemail@example.com>"). You must specify the ID in a single string with no spaces.

  6. Select Create files with Part extension when copy is in process to create a file on the FTP server with a .part extension while the file is transferring.
    When the file transfer is complete, the file is renamed without the .part extension. If the file transfer doesn't complete, the file with the .part extension remains on the server.
  7. Optional: Enter the security information.
    1. If your server is password protected, enter the User name and Password.
    2. Select the Authentication Type: Private Key or Password
    3. Depending on the authentication type selection, select the private key file or specify the private password.
      If you selected Private Key as the authentication type, make sure you upload the SSH Private Key file in the Upload Center.
  8. Optional: Enter the host, port, user name, password, and authentication type (None, Basic, Digest) of the proxy server.
  9. Optional: To deliver PGP encrypted documents to the FTP server:
    1. From the PGP Key list, select the PGP keys you uploaded in Security Center.
      This step updates the filter command in the Filter Command field.
    2. To sign the encrypted document, select Sign Output.
      This step adds a -s parameter to the existing filter command in the Filter Command field.
    3. If you want to deliver PGP encrypted document in ASCII armored format, select ASCII Armored Output.
      This step adds a -a parameter to the existing filter command in the Filter Command field.
  10. In the Access Control section, deselect Public.
  11. From the Available Roles list, select one or more roles you want to provide access to the delivery channel, and click Move to add them to the Allowed Roles list.
  12. Click Test Connection.

    If the connection test is successful, the Host Key Fingerprint field is populated. You can't save the server configuration if theHost Key Fingerprint field isn't populated.

    When Publisher delivers jobs to the SFTP server, the Host Key Fingerprint value saved with the server configuration is compared with the fingerprint of the host key returned by the SFTP server. If the SFTP server host key's fingerprint doesn't match the fingerprint saved in the server connection configuration, the connection will be rejected.

  13. Click Apply.

SSH Options For SFTP

Secure File Transfer Protocol (SFTP) is based on the Secure Shell technology (SSH). Publisher supports the following SSH options for SFTP delivery.

Key Exchange Method (Diffie-Hellman) Server Public Key Encryption (Cipher Suites) Message Authentication Code (MAC)

  • diffie-hellman-group14-sha1

  • diffie-hellman-group-exchange-sha256

  • diffie-hellman-group-exchange-sha1

  • diffie-hellman-group1-sha1

  • diffie-hellman-group14-sha256

  • diffie-hellman-group16-sha512

  • diffie-hellman-group18-sha512

  • ssh-rsa (up to 2048 bit)

  • ssh-dss (1024 bit)

  • rsa-sha2-256

  • rsa-sha2-512

  • aes128-ctr

  • aes192-ctr

  • aes256-ctr

  • aes128-cbc

  • 3des-cbc

  • blowfish-cbc

  • hmac-sha1

  • hmac-sha2-256

  • hmac-sha2-512

The following algorithms are available only when Publisher is running on a JVM on which the Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files are installed:

  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group14-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • rsa-sha2-256
  • rsa-sha2-512
  • aes192-ctr
  • aes256-ctr
  • hmac-sha2-256
  • hmac-sha2-512

Add a Content Server

You can deliver documents to Oracle WebCenter Content.

The content server must be accessible from the public internet.

When you use a content server as a delivery destination:

  • At runtime, the report consumer can tag the report with Security Group and Account metadata (if applicable) to ensure that the appropriate access rights are applied to the document when delivered.

  • For documents that require specific custom metadata fields (such as invoice number, customer name, order date), the report author can map the custom metadata fields defined in Content Profile Rule Sets to data fields in the data model.

Publisher communicates with Oracle WebCenter Content Server using the Remote Intradoc Client (RIDC). The connection protocols therefore follow the standards required by the RIDC. The protocols supported are:

  • Intradoc: The Intradoc protocol communicates to the Content Server over the over the Intradoc socket port (typically 4444). This protocol requires a trusted connection between the client and Content Server and will not perform any password validation. Clients that use this protocol are expected to perform any required authentication themselves before making RIDC calls. The Intradoc communication can also be configured to run over SSL.

  • HTTP and HTTPS: The HTTP protocol connection requires valid user name and password authentication credentials for each request. You supply the credentials to use for requests in the Publisher Administration page.

  • JAX-WS: The JAX-WS protocol is supported only in Oracle WebCenter Content 11g with a properly configured Content Server instance and the RIDC client installed. JAX-WS is not supported outside this environment.

To set up a content server as a delivery destination:

  1. From the Administration page, under Delivery, select Content Server, and then click Add Server.
  2. Enter the Server Name, for example: contentserver01.
  3. Enter the connection URI for your content server. The URI can take any of the following supported protocols:

    • HTTP/HTTPS — Specifies the URL to the Content Server CGI path.

      For example:

      • http://localhost:16200/cs/idcplg
      • https://localhost:16200/cs/idcplg

    • Intradoc — The Intradoc protocol communicates to the content server over the Intradoc socket port (typically 4444). The IDC protocol also supports communication over SSL. For example:

      • idc://host:4444

      • idcs://host:4443

    • JAX-WS — Uses the JAX-WS protocol to connect to the content server.

      For example:

      • http://wlsserver:16200/idcnativews
  4. Optional: Enter the user name and password of the content server.
  5. Optional: To enable the inclusion of custom metadata with your report documents delivered to the content server, select Enable Custom Metadata.
  6. Optional: To deliver PGP encrypted documents to the content server:
    1. From the PGP Key list, select the PGP keys you uploaded in Security Center.
      This step updates the filter command in the Filter Command field.
    2. To sign the encrypted document, select Sign Output.
      This step adds a -s parameter to the existing filter command in the Filter Command field.
    3. If you want to deliver PGP encrypted document in ASCII armored format, select ASCII Armored Output.
      This step adds a -a parameter to the existing filter command in the Filter Command field.
  7. In the Access Control section, deselect Public.
  8. From the Available Roles list, select one or more roles you want to provide access to the delivery channel, and click Move to add them to the Allowed Roles list.
  9. Click Test Connection.
  10. Click Apply.

Add an Object Storage

You can use one or more Object Storages to deliver and store reports.

You can configure an Object Storage as a delivery channel, and schedule jobs to deliver reports to the Object Storage.

Make sure you have the permissions to access a compartment in Oracle Cloud Infrastructure Object Storage where you can create a bucket to organize your reports.

Even if you have administrator access to the Object Storage, you should have the permissions to configure the connection and to deliver reports to Object storage. An administrator in your organization must set up the permissions in Oracle Cloud Infrastructure using IAM policies to enable you to deliver files from Publisher to Object Storages. See Getting Started with Policies and Policy Reference.

  • Permissions required for tenancy:

    • COMPARTMENT_INSPECT
    • OBJECTSTORAGE_NAMESPACE_READ

  • Permissions required for compartment mangement:

    • BUCKET_READ
    • BUCKET_INSPECT
    • OBJECT_READ OBJECT_OVERWRITE
    • OBJECT_CREATE
    • OBJECT_DELETE
    • OBJECT_INSPECT
  1. Use the Oracle Cloud Infrastructure console to create a Bucket in the Object Storage, and then set up the API key for authentication.
    Make sure you gather the user details, tenancy details, and the Public Key Fingerprint value of the SSH key so that you can configure the Object Storage in Publisher. See the Oracle Cloud Infrastructure documentation for detailed steps.
  2. In Publisher, upload the private key file for the Object Storage to the server, and add the Object Storage as a delivery channel.
    1. On the Administration page, under System Maintenance, select Upload Center, choose the private key file, select SSH Private Key as the File Type, and then click Upload.
    2. From the Administration page, under Delivery, select Object Storage, and then click Add Server.
      1. In the Server Name field, type a name for the server. For example, objectstorage1.
      2. In the URI field, type the URL of the Object Storage. For example, https://objectstorage.us-ashburn-1.oraclecloud.com.
      3. In the Tenancy OCID and User OCID fields, provide the credentials for accessing the Object Storage.
      4. Copy the public key fingerprint value of the Object Storage from the Oracle Cloud Infrastructure console, and paste it in the Public Key Fingerprint field.
      5. Specify the private key file and enter the private key password.
      6. Specify the compartment provisioned for your tenancy and the Bucket associated with your compartment where you want to deliver the reports.
      7. In the Access Control section, deselect Public.
      8. From the Available Roles list, select one or more roles you want to provide access to the delivery channel, and click Move to add them to the Allowed Roles list.
      9. Click Test Connection.
      10. Click Apply.

Example 6-1 Policy Configuration

Sample policy configuration to allow group g to inspect the compartments in tenancy:

Allow group <g> to inspect compartments in tenancy

Sample policy configuration to allow group g to manage the Object Storage in tenancy:

Allow group <g> to manage objectstorage-namespaces in tenancy

Sample policy configuration to allow group g to manage compartment c and perform the requested operations in the compartment: 

Allow group <g> to manage object-family in compartment <c> where any {
request.operation=‘ListBuckets’,
request.operation=‘ListObjects’,
request.operation=‘PutObject’,
request.operation=‘GetObject’,
request.operation=‘CreateMultipartUpload’,
request.operation=‘UploadPart’,
request.operation=‘CommitMultipartUpload’,
request.operation=‘AbortMultipartUpload’,
request.operation=‘ListMultipartUploads’,
request.operation=‘ListMultipartUploadParts’,
request.operation=‘HeadObject’,
request.operation=‘DeleteObject’}

Add a Common UNIX Printing System (CUPS) Server

You add CUPS servers from the Administration page.

You can configure Common Unix Printing Service (CUPS) for sending fax and to enable printing using a printer that doesn’t natively support IPP.

To add a CUPS server:

  1. From the Administration page, select CUPS to display the list of servers that have been added.
  2. Select Add Server.
  3. Enter the Server Name and Host and Port for the CUPS server.

Add an Oracle Content and Experience Server

You can deliver reports to an Oracle Content and Experience server to enable easy access and share reports on the cloud.

To add an Oracle Content and Experience server:
  1. From the Administration page, under Delivery, select Content and Experience, and then click Add Server.
  2. In the Server Name field, type the name of the server through which you want to deliver the reports to the cloud-based content hub.
  3. In the URI field, type the URI of the Oracle Content and Experience server. For example, https://host.oraclecloud.com.
  4. In the Username and Password fields, provide the credentials for accessing the Oracle Content and Experience server.
  5. In the Access Control section, deselect Public.
  6. From the Available Roles list, select one or more roles you want to provide access to the delivery channel, and click Move to add them to the Allowed Roles list.
  7. Click Test Connection.
  8. Click Apply.