Tuesday 20 October 2020

EPM 11.2.3: Downloads, Verification and Unzipping

So Oracle Hyperion EPM 11.2.3 has been released! For more information on that read here:
https://blogs.oracle.com/proactivesupportepm/enterprise-performance-management-epm-1123-is-available

To download the files needed for the release you need to head over to Oracle eDelivery: https://edelivery.oracle.com

It appears that the downloads are correctly labelled as 11.2.3, unlike previous releases.
The below table details which files have changed from the initial release with bold:

ZIP File Name Download Description SHA1 Hash
V44413-01.zip Oracle WebLogic Server 12.1.3.0.0 for Microsoft Windows x64 (64-bit) 02B2EB70A5B208EE20083E9DA833983D98F00DD5
V44425-01.zip Oracle Data Integrator 12.1.3.0.0 for Microsoft Windows x64 (64-bit) A4B97264516F1A75AA33F5FAA0D49AAB32C0558C
V886440-01.zip Oracle Fusion Middleware 12c (12.2.1.3.0) SOA Suite and Business Process Management 8D65D949C862CB4652D2D28D69BEEDD4DF918B39
V886442-01_1of2.zip Oracle Fusion Middleware 12c (12.2.1.3.0) SOA Quick Start (Part 1) 2B308A22414861073937345379CBEAE6346A37FA
V886442-01_2of2.zip Oracle Fusion Middleware 12c (12.2.1.3.0) SOA Quick Start (Part 2) E2F05CA1060C266D119FEF7055158354FAF638D8
V886451-01_1of2.zip Oracle Fusion Middleware 12c (12.2.1.3.0) Data Integrator (Part 1) D80310331C0003F27752AB4AEB8747A3FB609DB3
V886451-01_2of2.zip Oracle Fusion Middleware 12c (12.2.1.3.0) Data Integrator (Part 2) 76450D1FC463B7EBF2057C6C548D694409854211
V933015-01.zip Oracle Fusion Middleware 12c (12.2.1.3.0) Internet Directory for Microsoft Windows x64 (64-bit) CF09129C9E1D974749094E230792DB4C0B2C5F7E
V933018-01_1of2.zip Oracle Fusion Middleware 12c (12.2.1.3.0) Identity and Access Management Quick Install (Part 1) 64CD01DC271999DF0B399E59805C3A21F65E5898
V933018-01_2of2.zip Oracle Fusion Middleware 12c (12.2.1.3.0) Identity and Access Management Quick Install (Part 2) C953B5CD7EC299BD7A89C14218AEEB0C2AD37877
V1003510-01.zip Oracle Enterprise Performance Management System - Client Installers 11.2.3.0.0 E63DF3CCC7ED315A00BF66CEA0498818A4BDA7FD
V1003513-01.zip Oracle Data Relationship Management Analytics 11.2.3.0.0 F1F115867DA2F441D2D2BC439570B4A2DEE63A99
V1003485-01.zip Oracle Enterprise Performance Management System - Part 1 11.2.3.0.0 E3299DCC46A1B08F97CADD31C41B663B071EE8B3
V1003498-01.zip Oracle Enterprise Performance Management System - Part 2 11.2.3.0.0 E3299DCC46A1B08F97CADD31C41B663B071EE8B3
V1003508-01.zip Oracle Enterprise Performance Management System - Oracle HTTP Server 11.2.3.0.0 629A0198925BC2C267B7B2E65DD33CE9A1959AF5
V1003511-01.zip Oracle Enterprise Performance Management System - Part 3 11.2.3.0.0 1DB1806D8F0DCBBC1DA61E8AA2D88E94A72B4E79
V1003501-01.zip Oracle Enterprise Performance Management System - Part 4 11.2.3.0.0 6D83526A61C48262D84C4AC1B353A7823D16960A
V1003503-01.zip Oracle Enterprise Performance Management System - Part 5 11.2.3.0.0 823E7ABBC3319D025011C43B76DD87CFDC92153E
V1003505-01.zip Oracle Enterprise Performance Management System - Part 6 11.2.3.0.0 3C80681AF980434A4A75EE9407C1CEF40ACB54CD
V1003512-01.zip Oracle Data Relationship Management 11.2.3.0.0 D11AA06B942C2EA58745FED32DEEBCBEE70C28CF
V1003532-01.zip Oracle Enterprise Performance Management System - Installation Documents and Readmes 11.2.3.0.0 FB021DD0A0102603815B936EC0682CF1682331E8


I have a recommendation for people who have issues with Oracle's download manager or using the wget option - if you use Firefox as your browser you can install the Download Star add-in to download the ZIP files in an organised manner. Use the naming mask ${text} and choose to skip on conflict.

You only really need to download the ZIP files below. As before, use sha1sum to calculate the hashes:

sha1sum *.zip
e3299dcc46a1b08f97cadd31c41b663b071ee8b3 *V1003485-01.zip
da939b92bc2a595bcdcd8c10d67f85d3a548b442 *V1003498-01.zip
6d83526a61c48262d84c4ac1b353a7823d16960a *V1003501-01.zip
823e7abbc3319d025011c43b76dd87cfdc92153e *V1003503-01.zip
3c80681af980434a4a75ee9407c1cef40acb54cd *V1003505-01.zip
629a0198925bc2c267b7b2e65dd33ce9a1959af5 *V1003508-01.zip
e63df3ccc7ed315a00bf66cea0498818a4bda7fd *V1003510-01.zip
1db1806d8f0dcbbc1da61e8aa2d88e94a72b4e79 *V1003511-01.zip
d11aa06b942c2ea58745fed32deebcbee70c28cf *V1003512-01.zip
f1f115867da2f441d2d2bc439570b4a2dee63a99 *V1003513-01.zip
fb021dd0a0102603815b936ec0682cf1682331e8 *V1003532-01.zip

As before we use 7za.exe to extract the files correctly, make sure 7za.exe is in the PATH and run the following commands:

7za x -y -oClient_Installers V1003510-01.zip
7za x -y -oDRM V1003512-01.zip
7za x -y V1003485-01.zip
7za x -y V1003498-01.zip
7za x -y V1003508-01.zip
7za x -y V1003511-01.zip
7za x -y V1003501-01.zip
7za x -y V1003503-01.zip
7za x -y V1003505-01.zip
7za x -y -oDRM V1003513-01.zip
7za x -y -oDocumentation V1003532-01.zip

We should now have a folder with all of the correct ZIP files.
Posted by at No comments:

Monday 24 August 2020

Alternative Method to Support TLS 1.2 on EPM 11.1.2.x

An issue is described for Active Directory authentication in the document "Oracle Enterprise Performance Management System Tips and Tricks from EPM System Infrastructure Development: Issues 103 and Higher" as well as Oracle Support Document 2482392.1. The error that is shown is "EPMCSS-05318: Failed to validate Security Configuration. Failed to connect. Invalid values for host or port. Enter valid value(s)" and the cause is that TLS 1.2 is not supported by JDK 160_35. The given solution is to upgrade the version of the JDK to 1.7.0_161.

However I recently came across another method to support TLS 1.2 on versions of Java that do not otherwise support it. The advantage to this method is that it does not require large changes to the infrastructure I found this method on a Stack Overflow answer and can confirm that it does work. 

The first step is to take a backup of the correct files in the JDK/JRockIt folders. For JRockIt the folder would be similar to: E:\Oracle\Middleware\jrockit_160_37\jre\lib\security\ and the files to backup are:
  • java.security
  • local_policy.jar
  • US_export_policy.jar
Next download the JCE Unlimited Strength Jurisdiction Policy Files 6 and copy the following 2 files to the same folder as before, overwriting the existing files:
  • local_policy.jar
  • US_export_policy.jar
Now go over to the latest releases section of the Bouncy Castle website. Download the latest bctls-jdk15to18-* and bcprov-jdk15to18-* JAR files, as of 24/08/2020 these would be:
  • bcprov-jdk15to18-166.jar
  • bctls-jdk15to18-166.jar
Drop these JAR files into the /jre/lib/ext/ folder - for the JRockIt installation this would be similar to: E:\Oracle\Middleware\jrockit_160_37\jre\lib\ext\.

Finally go to the java.security file, for the JRockIt installation this would be: E:\Oracle\Middleware\jrockit_160_37\jre\lib\security\java.security. Open the file and look for the list of security providers. By default this section will look like this:
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider
security.provider.6=com.sun.security.sasl.Provider
security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.8=sun.security.smartcardio.SunPCSC
We need to replace this whole section with this:
security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider
security.provider.3=sun.security.provider.Sun
security.provider.4=sun.security.rsa.SunRsaSign
security.provider.5=com.sun.net.ssl.internal.ssl.Provider
security.provider.6=com.sun.crypto.provider.SunJCE
security.provider.7=sun.security.jgss.SunProvider
security.provider.8=com.sun.security.sasl.Provider
security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.10=sun.security.smartcardio.SunPCSC

ssl.SocketFactory.provider=org.bouncycastle.jsse.provider.SSLSocketFactoryImpl
After these changes all that is required is to restart the WebLogic servers and TLS 1.2 will be used by default.

Here is a snippet from Netmon showing how with this change, TLS 1.2 being used for the LDAP connection to MSAD:

Versus what happens without this change:
 

What we have done is install the Bouncy Castle security provider and unlock greater strength for cryptographic functions.

By default Java is constrained in what security it can provide, for example we are limited to AES keys with a maximum size of 128 bits. The policy files we downloaded makes sure that Java isn't limited by these default restrictions. These policy files are only valid for versions of Java lower than 8u161, 7u171 and 6u181 - versions of Java later than this already use the unlimited policy files.

The second part - and the most important - is that now Bouncy Castle is handling all SSL communications, instead of the default JRE providers. Bouncy Castle is a library to provide access to a wide range of cryptographic functions, and it uses the Java Cryptographic Extension (JCE) technology to transparently provide these to the JRE. Bouncy Castle supports not just TLS 1.2 but lots of other algorithms, whereas the default JCE provider has a more limited selection.

You can see how using Bouncy Castle we are able to support a wider range of cryptographic functions in EPM 11.1.2.x. Given that this is done at the JRE level it can be done for any JRE and as seen in the Stack Overflow answer, is generic to all Java installations.

Edit: Please note that if you set SSL certificates in WebLogic this will also upgrade the protocols used on the SSL listening ports from TLS 1.0 to TLS 1.2! This can cause issues with OHS, since OHS 11.1.1.7 (the version shipped with 11.1.2.3 and 11.1.2.4) can only support up to TLS 1.0.
Posted by at No comments:

Wednesday 29 July 2020

Under the Covers of the 11.2 Document Repository

Admittedly this is a pretty niche topic but I thought I may as well post it anyway.

On our EPM 11.1.2.3 system we had a mechanism whereby users could upload documents to Workspace and then our batch jobs could run with those files as parameters. In order to do this we would have to reconcile the folder and filename in R&A Workspace with the folder and filename in the RM1 folder. This required getting information out of the database and creating it as a view.

So in 11.1.2.3 a typical view entry would look like the below:


The definition of the view is available below.



Now in 11.2 the RA repository is no more - but there is something similar. So we wanted to create functionality that could do the same thing. In 11.2 the tables are very, very different. The file itself (in fact most document properties) are saved as hex values in the database table, so additionally we would have to change our scripts to pull the file data out of the table first and then run operations on it.

The document repository tables relevant for us are:

  • REPOSITORY_OBJECTS - gives us the UUID of a repository object, the object type, parent object, owner and last modified date
  • REPOSITORY_OBJECT_PROPERTIES - allows us to view the properties of an object, encoded as a hex string - properties include the name, description, file size, original filename and content
  • REPOSITORY_OBJECT_PROP_INDEX - is essentially the properties of the properties of an object, giving us the data type and string value for properties of a certain object

So seeing the data in these tables I knew we would be able to build a view to give the information we needed. The tables above had the information we needed - the object hierarchy, object names, UUIDs, owners and last modified dates. The only thing I needed to do was pull all the data together.

I wanted to keep the exact same view columns so I knew I would have to somehow change the existing view definition into something that can be used with 11.2. Now I am not the best SQL coder so I am sure there are much better ways of achieving the same result but I managed to adapt the view, so now it will give a view entry like the below:


The new definition of the view is available below.



Hopefully this information will prove useful to someone! If someone finds a way to optimise the view and suggest improvements I am very open to that. For us the next step is to create a function that pulls the related object out of the SQL tables. So the query would do something like:

SELECT PROPERTY_VALUE FROM [HSS].[dbo].[REPOSITORY_OBJECT_PROPERTIES]
WHERE OBJECT_UUID = '...' AND PROPERTY_NAME = 'jcr:data'


Posted by at No comments:

Tuesday 12 May 2020

Oracle April 2020 CPU Impact for EPM 11.2

In this post I will discuss the impact of the Oracle Critical Patch Updates for April 2020 on Oracle EPM 11.2 environments.

Oracle EPM 11.2 ships with Oracle WebLogic Server 12.2.1.3, Oracle Coherence 12.2.1.3 and OPatch 13.9.4.2. We need to resolve the following vulnerabilities that will affect EPM 11.2 environments:

CVE-2019-16943
CVE-2019-17571
CVE-2019-17359
CVE-2020-2766
CVE-2020-2798
CVE-2020-2801
CVE-2020-2811
CVE-2020-2867
CVE-2020-2869
CVE-2020-2883
CVE-2020-2884
CVE-2020-2963
CVE-2020-2915
CVE-2020-2949

The first vulnerability requires us to upgrade OPatch to 13.9.4.2.2 and apply a PSE. The rest of the vulnerabilities up to CVE-2020-2963 require us to upgrade Oracle WebLogic Server to 12.2.1.3.200227. CVE-2020-2915 and CVE-2020-2949 require us to upgrade Oracle Coherence to 12.2.1.3.7. We should also upgrade the WebLogic Samples to 12.2.1.3.191015 to ensure we are not affected by the historical vulnerabilities related Apache Struts.

So we need to download the following patches for OPatch:
28186730
31101362

Then download the following patch for Oracle WebLogic Server:
30965714

To resolve the other issues in Oracle Coherence and with the WebLogic Samples you should download the following patches:
31030882
30170398

The first OPatch update requires you to extract it and then run the JAR file, like so:

SET PATH=E:\Oracle\Middleware\jdk1.8.0_181\bin;%PATH%
java -jar opatch_generic.jar -J-Doracle.installer.oh_admin_acl=true -silent oracle_home=E:\Oracle\Middleware


The other patches can be applied with the following commands:

SET JAVA_HOME=E:\Oracle\Middleware\jdk1.8.0_181
SET ORACLE_HOME=E:\Oracle\Middleware
opatch apply 31101362
opatch apply 30965714
opatch apply 31030882
opatch apply 30170398

This should resolve all of the issues mentioned above.
Posted by at No comments:

Thursday 2 April 2020

EPM 11.2.1: Downloads, Verification and Unzipping

So Oracle Hyperion EPM 11.2.1 has been released! For more information on that read here:
https://blogs.oracle.com/proactivesupportepm/enterprise-performance-management-epm-1121-is-available

To download the files needed for the release you need to head over to Oracle eDelivery: https://edelivery.oracle.com

As noted in the blog post initially all the files will say "11.2.0" but in the checkout screen you can see whether they are 11.2.1 or not.
The below table details which files have changed from the initial release with bold:

ZIP File Name Download Description SHA1 Hash
V44413-01.zip Oracle WebLogic Server 12.1.3.0.0 for Microsoft Windows x64 (64-bit) 02B2EB70A5B208EE20083E9DA833983D98F00DD5
V44425-01.zip Oracle Data Integrator 12.1.3.0.0 for Microsoft Windows x64 (64-bit) A4B97264516F1A75AA33F5FAA0D49AAB32C0558C
V886440-01.zip Oracle Fusion Middleware 12c (12.2.1.3.0) SOA Suite and Business Process Management 8D65D949C862CB4652D2D28D69BEEDD4DF918B39
V886442-01_1of2.zip Oracle Fusion Middleware 12c (12.2.1.3.0) SOA Quick Start (Part 1) 2B308A22414861073937345379CBEAE6346A37FA
V886442-01_2of2.zip Oracle Fusion Middleware 12c (12.2.1.3.0) SOA Quick Start (Part 2) E2F05CA1060C266D119FEF7055158354FAF638D8
V886451-01_1of2.zip Oracle Fusion Middleware 12c (12.2.1.3.0) Data Integrator (Part 1) D80310331C0003F27752AB4AEB8747A3FB609DB3
V886451-01_2of2.zip Oracle Fusion Middleware 12c (12.2.1.3.0) Data Integrator (Part 2) 76450D1FC463B7EBF2057C6C548D694409854211
V933015-01.zip Oracle Fusion Middleware 12c (12.2.1.3.0) Internet Directory for Microsoft Windows x64 (64-bit) CF09129C9E1D974749094E230792DB4C0B2C5F7E
V933018-01_1of2.zip Oracle Fusion Middleware 12c (12.2.1.3.0) Identity and Access Management Quick Install (Part 1) 64CD01DC271999DF0B399E59805C3A21F65E5898
V933018-01_2of2.zip Oracle Fusion Middleware 12c (12.2.1.3.0) Identity and Access Management Quick Install (Part 2) C953B5CD7EC299BD7A89C14218AEEB0C2AD37877
V995408-01.zip Oracle Enterprise Performance Management System - Client Installers 11.2.1.0.0 F0685848B18D9D0295E51E53CB42ABD1F2F46D3C
V984490-01.zip Oracle Data Relationship Management Analytics 11.2.0.0.0 1F66F76BC62FCA2E3F4A1735BE58B428D47C9051
V995412-01.zip Oracle Enterprise Performance Management System - Part 1 11.2.1.0.0 97A3C5315AB937B31A07B166A29861F75CB672D7
V995413-01.zip Oracle Enterprise Performance Management System - Part 2 11.2.1.0.0 D7D5930FA751C39A95A92F35813435409E01193B
V995409-01.zip Oracle Enterprise Performance Management System - Oracle HTTP Server 11.2.1.0.0 72401D681B71669B5C065038B1B8F4021DCBBF97
V995414-01.zip Oracle Enterprise Performance Management System - Part 3 11.2.1.0.0 D5DD2039B6E20EBE034A65E7188AFF5172F1C3D9
V995415-01.zip Oracle Enterprise Performance Management System - Part 4 11.2.1.0.0 C80BB9E329D6E4DBE67064D5FFC86348408638CB
V995416-01.zip Oracle Enterprise Performance Management System - Part 5 11.2.1.0.0 7F04EB81FF8CB6E4E7F44171FDC29EC7BA3CC349
V995417-01.zip Oracle Enterprise Performance Management System - Part 6 11.2.1.0.0 FF9CA25A4EDACB94CFA00B7A0752D45AFD23FC7F
V995418-01.zip Oracle Data Relationship Management 11.2.1.0.0 DA2C08973EE0E748E6A83B0B07700A8A832F6513
V995465-01.zip Oracle Enterprise Performance Management System - Installation Documents and Readmes 11.2.1.0.0 8A0C0D79A1D5C976E162C79ABA9C06BC618098BD


I have a recommendation for people who have issues with Oracle's download manager or using the wget option - if you use Firefox as your browser you can install the Download Star add-in to download the ZIP files in an organised manner. Use the naming mask ${text} and choose to skip on conflict.

You only really need to download the ZIP files below. As before, use sha1sum to calculate the hashes:

sha1sum *.zip
f0685848b18d9d0295e51e53cb42abd1f2f46d3c *V995408-01.zip
72401d681b71669b5c065038b1b8f4021dcbbf97 *V995409-01.zip
97a3c5315ab937b31a07b166a29861f75cb672d7 *V995412-01.zip
d7d5930fa751c39a95a92f35813435409e01193b *V995413-01.zip
d5dd2039b6e20ebe034a65e7188aff5172f1c3d9 *V995414-01.zip
c80bb9e329d6e4dbe67064d5ffc86348408638cb *V995415-01.zip
7f04eb81ff8cb6e4e7f44171fdc29ec7ba3cc349 *V995416-01.zip
ff9ca25a4edacb94cfa00b7a0752d45afd23fc7f *V995417-01.zip
da2c08973ee0e748e6a83b0b07700a8a832f6513 *V995418-01.zip
8a0c0d79a1d5c976e162c79aba9c06bc618098bd *V995465-01.zip

As before we use 7za.exe to extract the files correctly:

We can copy the DRMA ZIP file from our 11.2 downloads: V984490-01.zip. Next make sure 7za.exe is in the PATH and run the following commands:

7za x -y -oClient_Installers V995408-01.zip
7za x -y -oDRM V984490-01.zip
7za x -y V995412-01.zip
7za x -y V995413-01.zip
7za x -y V995414-01.zip
7za x -y V995415-01.zip
7za x -y V995416-01.zip
7za x -y V995417-01.zip
7za x -y V995409-01.zip
7za x -y -oDRM V995418-01.zip
7za x -y -oDocumentation V995465-01.zip

We should now have a folder with all of the correct ZIP files.
Posted by at 1 comment:

Wednesday 26 February 2020

Oracle OpenWorld Europe 2020 Summary

The following are some of my notes from the Oracle OpenWorld Europe 2020 conference.

There was some news on the support dates for 11.1.2.4:
  • Hyperion 11.1.2.4 Premier Support extended through to December, 2021 - this replaces Extended Support.
Basically it will be Premier Support until December 2021 and then straight into Sustaining Support. I posted the definitions of each support level in a previous blog post.

 The roadmap for 11.2 patches has been released - I have copied it below:

.100 .200 .xxx
Scheduled for March Scheduled for mid year Scheduled for end of year
3rd party Certification
+ Chrome
+ Edge Chromium
+ Windows 2016		 3rd party Certification
+ OEL 7 (UL 0+)
+ Red Hat 7 (UL 0+)
+ Solaris 11 update 2+
+ AIX 7.1 TL 1+, 7.2 TLO+		 3rd party Certification
+ SQL Server 2017
+ SQL Server 2019

FMW 12.2.1.4
Defect Fixing Defect Fixing Defect Fixing

Apart from that there was just some information on migration. I would recommend downloading the session slides here:
https://events.rainfocus.com/widget/oracle/owlonglobal2020/cataloglondonow20

Posted by at No comments:
Subscribe to: Posts (Atom)