2012 04 - lifecycle management and security changes
TRANSCRIPT
<Insert Picture Here>
Lifecycle Management and Security - New Features
Release 11.1.2.2.00
Agenda
• New features and changes in EPM Lifecycle
Management
• New features and behavior changes in EPM
security
• Demos
EPM Lifecycle Management – New
features • Simplified User Interface
• Simplified Migration Definition File
• Improved Migration Status Report
• ERPI support for LCM
• New FR artifacts – Annotations, User POV and batch jobs
• New planning artifact – Report Scripts
• New R&A LCM option to replace all artifacts or just the newer
ones
• Application Shell Creation for Classic Applications
• LCM Designer Role
• List Structure Command
• Shared Disk Location
EPM LIFECYCLE
MANAGEMENT
ENHANCEMENTS
Simplified User Interface
• 1 click export and import once artifacts are chosen
• Removed the migration wizard for export and import
• Moved all migration options to migration options UI
Simplified User Interface - Export
Step 1: Select
artifacts to export
Step 2: Click on
Export
Simplified User Interface - Export
Step 3: Provide a
file system folder
name
Step 4: Click
Export. Done
Simplified User Interface - Export
Migration Status Report
displayed to track status
File system
with exported
artifacts
Simplified User Interface - Import
• One click import
• Enable LCM administrators to view all exports and not
just my exports
• Enable repeat exports
• Enable full application migrations
• For example a planning full application migration involves
LCM import of the following artifacts
• Shared Services
• Planning
• Essbase
• Calculation Manager
• R&A
• Essbase data of planning application
Simplified User Interface - Import
• To begin the import process
choose the file system folder
that contains the artifacts
and right click
• Choose Import
Simplified User Interface - Import
• To begin the import process
choose the file system folder
that contains the artifacts
and right click
• Choose Import
• Confirm the import by
clicking on OK button.
• That is it.
• Migration Status Report is
shown to track status
Simplified User Interface – How did we
do this • Removed migration wizard.
• Removed migration options and moved it to the global migration
options UI. All exports refer to these options during runtime
• Create and store the MDF file for repeat export and import during
export
• Assume that the application group and the target application name will
be the same as the source
• Create and store MDF files at the main folder level as well as for the
individual application exports
MDF created
during export
for repeat export
MDF created
during export
for import
Simplified User Interface – How did we
do this • When Repeat Export is chosen LCM code automatically refers to
the MDF file already stored in the chosen folder and perform export
• Repeat export is a process that would be done by the user to dump all changes
that was done since the prior export. This could be a daily uptake or a week
uptake of artifact changes done by the users in the source environment
• Repeat export will dump the artifacts into a new folder and will not overwrite the
existing folder.
• When import is chosen LCM code automatically refers to the MDF
file already stored in the chosen folder and perform the import
• Import is performed according to he order defined in the order.xml when
multiple applications are imported in one migration
• The source application application definition and properties are automatically
carried over
Simplified User Interface – Filesystem
node management • Rename a folder
• User has the capability to rename a folder
under the File System node from the HSS GUI
without any access to the filesystem
• The business user could do mulitple Repeat
Export operations and wants to maintain a
master folder for the week. Once the user has
validated a particular folder, they could rename
the folder as the master folder to be used for
import
• To empower the business user without having
to involve IT for cleanup operations
• Delete a folder
• User has the capability to delete a folder under
the File System node from the HSS GUI for
cleanup without any access to the filesystem
Full Application Migration
• Support for Planning Full Application Migration –
Workshop on Day 3
• Support for Profitability Full Application Migration –
Workshop on Day 3
• White paper published in OTN.
• What is Planning Full application migration
• Shared Services artifacts
• Planning artifacts
• Calculation Manager artifacts
• Essbase global subsititution artifacts
• R&A artifacts for planning application
• Essbase data (Done outside LCM)
Full Application Migration – What does
it take • Export the following artifacts in 1 step from source
• Shared Services artifacts
• Planning artifacts
• Calculation Manager artifacts
• Essbase global subsititution artifacts
• R&A artifacts for planning application
• Essbase data (Done outside LCM)
Full Application Migration – What does
it take • Zip the entire export folder and copy from source to target
enviroment
• Import the entire exported content to the target in 1 step
• 3 simple steps and you are exporting the entire planning
application content and not individual product content
LCM Migration options UI
• A new UI to set the export and the import options for
all LCM operations.
• In Shared Services go to Administration menu and
choose Migration Options
LCM Migration options UI
• These were shown as Destination
Options in the LCM wizard in older
releases
• Organized by Import and Export
operations
• Global for all LCM runs within
HSS
• Options changes take effect as
soon as they are saved. No reboot
required
• Advanced – Manual edit of
exported MDF file needed if need
to change options for a particular
LCM run
ERPI support for LCM
• LCM support for ERPI new in this release
New FR artifacts
• Annotations, User POV and batch jobs
New planning artifact
• Report Scripts
New R&A LCM option
• Found in the Migration Options
UI
• Replace all artifacts or just the
newer ones
• Default is No which is to import
all artifacts contained in the
exported content
• Certain system artifacts should
not be migrated in R&A if the
target environment was
modified after the initial LCM
import was done
• In such cases it is
recommended to switch this
flag to Yes to avoid corruption
of system data in R&A
Improved Migration Status Report
• Easier to read UI when failures occur during
migration.
• More details on what happened and what action
needs to be taken.
• More work on improving error logs in PS3.
Application Shell Creation for Classic
Applications
• During import LCM get the application group and the application names
from the MDF file and check if it exists in the target environment.
• If application exists the LCM import will be performed on that app
• If application does not exist a new application and application group
will be created and the content imported into the newly created app.
• In the case of planning a datasource with the same name as in the
source should be created via the Planning UI.
• This applies to Planning, HFM and Essbase. EPMA and Profitability
is not supported.
• Creating the application during LCM is highly recommended
• Helps preserve the application settings as set in the source env.
• The planning options and HFM per file settings are carried over
automatically without having the need for the user to remember the
source application settings.
Application Shell Creation for Classic
Applications
• The configuration
folder contains the
application properties
in Planning, HFM and
Essbase.
LCM command line option to compare
source and target content
• Often the person performing the import wants to perform a diff of the
export content vs. the content in the target application.
• Use the –ls option in the command line utility
• Utility.bat (.sh) myimportMDF.xml –ls
• This produces 2 files for the user to compare
• A text document with a listing of all the content in filesystem exported content
• A text document with a listing of the related content in the target application
(for example Planning application)
• A simple compare tool such as WinMerge can highlight the difference
between the export content vs. what is currently available in the target
application
• Based on the compare the user can determine what artifacts will get
created/updated with the LCM import operation. Also useful to
determine when artifacts should be deleted in the target
LCM command line option to compare
source and target content
Run the command
Produces 2 files in the same
folder. Compare the 2 files.
LCM command line option to compare
source and target content
A simple compare reveals
that 5 new menu artifacts
will be imported into the
target application
EPMA Deployment Options
• The deployment options in EPMA were removed in
11.1.2.2 patchset.
• The change in behavior
• Perform a LCM migration of all EPMA artifacts
• Login to EPMA UI (or use the epma batch client utility) to
create the EPMA application (Planning, HFM or Profitability)
• Perform a LCM migration of target application (Planning, HFM
or Profitability) application.
• This can be automated in one script by calling the LCM and
the epma batch client utilities.
Simplified MDF file structure
• Modified the structure of the migration definition
(MDF) file for LCM.
• MDF from earlier version is not compatible with PS2.
Need to regenerate the MDF files in PS2
Simplified MDF file structure - Old <Package name="web-migration" description="Migrating File System to Product">
<LOCALE>en_US</LOCALE>
<Connections>
<ConnectionInfo name="MyHSS-Connection1" type="HSS" description="Hyperion Shared Service
connection" user="admin" password="password1"/>
<ConnectionInfo name="AppConnection1" type="Application" product="HFM"
description="Destination Application" HSSConnection="MyHSS-Connection1" project="Default
Application Group" application="MOTOROLA"/>
<ConnectionInfo name="FileSystem-Connection2" type="FileSystem" HSSConnection="MyHSS-
Connection1" filePath="/hfmmotorolafs" description="Source Application"/>
</Connections>
<Tasks>
<Task seqID="-1">
<Source connection="FileSystem-Connection2">
<Options/>
<Artifact recursive="true" parentPath="/Phased Submission" pattern="*"/>
<Artifact recursive="true" parentPath="/Configuration" pattern="*"/>
</Source>
<Target connection="AppConnection1">
<Options>
<optionInfo name="ImportDimensionMode" value="replace"/>
<optionInfo name="ImportPhaseSubmissionAssignmentMode" value="merge"/>
</Options>
</Target>
</Task>
</Tasks>
</Package>
Simplified MDF file structure - New
<?xml version="1.0" encoding="UTF-8"?>
<Package>
<LOCALE>en_US</LOCALE>
<User name="" password=""/>
<Task>
<Source type="FileSystem" filePath="/hpmtrfs"/>
<Target type="Application" product="HP" project="Default Application
Group" application="MTRApp2"/>
<Artifact recursive="true" parentPath="/Configuration" pattern="*"/>
<Artifact recursive="true" parentPath="/Relational Data" pattern="*"/>
<Artifact recursive="true" parentPath="/Plan Type" pattern="*"/>
<Artifact recursive="true" parentPath="/Security" pattern="*"/>
<Artifact recursive="true" parentPath="/Global Artifacts" pattern="*"/>
</Task>
</Package>
LCM Designer Role
• Added new LCM Designer role for granular access to
LCM functionality.
• Subset of the LCM Administor role
• Use case
• Susan is responsible for developing content in the
development planning environment such as forms, menus
and reports.
• When the development process is complete, Susan does a
export of all the modified content and makes it available to the
Bob for import into the target environment.
• Susan should not have the capability to import the content
into the dev environment.
• In this scenario Susan will be given LCM Designer role and
Bob will be given the LCM Administrator role.
Shared Disk Location
• In a clustered environment it is required to have a
shared disk for LCM filesystem
• Shared disk can be configured from the configuration
tool in the common properties configuration screen
• LCM supports UNC paths
• \\hostname\shared or \\hostname\share for Windows
environments
• /mount_point/folder for Unix environment
Clustered Environment Support
• Support for LCM when planning is deployed in a
clustered environment
• Support for LCM when HFM LCM webservice is
deployed in a clustered environment
EPM SECURITY
ENHANCEMENTS
EPM Security – New features and
Enhancements
• Enhancements to EPM System Administrator Account
• Add External users to Multiple Native Directory Groups
• On-demand Cache Refresh
• Using EBS to Manage EPM Functional Security
• Optimize memory for Compact Deployment
• Support SSO between OBIE into Essbase and HFM
• Oracle Single Sign-On (OSSO) with Oracle WebLogic
Server
• Removed SAP Provider
• WAS EPM Asserter support for Financial Close Manager
Enhancements to EPM System
Administrator Account
• Customize admin native directory userid to any name
specified by the user
• Activate/Deactivate native directory admin user
account
• Ensure another external/native account is setup as Shared
Services administrator prior to deactivating admin user
account
• Customer would choose to do this if
• Corporate security demands turning off native directory
• Another userid called admin exists in any of the corporate
directories
Customize EPM admin username
• The EPM configuration tool
provides an input for
customized admin user name
during HSS configuration
• Default is admin and user can
change this to any
customized name such as
epm_admin and provide a
password.
Activate/Deactivate admin user
Add External users to Multiple
Native Directory Groups • New Member
Of tab in the
external users
properties
screen to
easily add the
user to
multiple native
groups.
On-demand Cache Refresh
• New button in Configure User Directories – Security
Options tab called Refresh Now
• This refreshes the entire CSS cache in the Foundation
Services and all webapps in the case of compact server
deployment
• Inserts a mark in the CSS delta refresh process for all
other CSS cache instances to refresh upon next login.
• This is useful when a customer makes a change to the
group membership in the external directory and wants
to take effect right away instead of waiting for the auto
cache refresh.
• Does not affect the cache refresh interval setting. All
automatic full cache refreshes still take place
On-demand Cache Refresh
Using EBS to Manage EPM Functional
Security
• When an existing EBS customer purchases EPM they
would want to enforce the security already
provisioned in EBS for EPM products.
• Published a white paper on how to enable EBS to
manage EPM functional (not data level) security
• http://www.oracle.com/technetwork/middleware/bi-
foundation/epm-functional-security-using-ebs-
168736.ppt
Optimize memory for Compact
Deployment
• EPM security caches the external directory group
hierarchy for faster login performance in each JVM
that it lives in.
• PS2 deployments out of the box is a compact
deployment which is a single JVM for all EPM
webapps. There will exist only one CSS cache in the
JVM which is shared by all webapps.
• Reduces the number of hits to external directories
and reduces the memory footprint needed.
• In PS1 there would a CSS cache within each one of
the webapps within the compact server.
Support SSO between OBIEE into
Essbase and HFM
• Enhance support of SSO between OBIEE and EPM when OPSS
is enabled for directory virtualization
• OBI Weblogic authentication providers and the EPM security
providers (LDAP/AD) must the identically configured and in the
same order or search.
• When virtualization is enabled to true in OBIEE config the token
generated by OBI with the identity format
• fusion://fusionguid=<user identity attribute value>?USER
• Where user identity attribute value is the orclguid or nsuniqueid or
objectguid or similar
• This is passed to EPM product where EPM security will consume
the token and determine the user
SSO Agent Changes
• Oracle Single Sign-On (OSSO) with Oracle WebLogic
Server
• Removed SAP Provider
• Customer to configure SAP approved asserters for support
• Configure SAP to use external corporate directories and
configure CSS for the same and enable a SSO agent such as
OAM for SSO between SAP and EPM
• WAS EPM Asserter support for Financial Close
Manager
• Supported WLS asserter in PS1 and now support for
Websphere asserter.
Enhance support for LDAP/MSAD
connection timeouts • Connection timeout (after inactivity in the system) by
Firewall or Load Balancer in front of the LDAP/MSAD
servers is handled better by recreating the master
context every 15 minutes (as needed basis)
• Can be tuned from the css.xml file by setting the
parameter <masterContextTimeToLive>. Oracle
recommends to set this value to slightly lower than
the timeout on the Firewall or Load Balancer in front
of the LDAP/MSAD servers.