The times they are a-changin’

Collaborate ’16 has come and gone. I was fortunate enough to be able to join in on Monday of the conference for the OAUG Hyperion SIG meeting. As part of the conference, I was able to join a couple of road map sessions and speak directly with Oracle EPM marketing folks; it is clear that we are in the midst of change.

To be clear, I do not mean to directly equate today’s technological shift with the political, social, and cultural upheavals of the early 1960s. To do so would be a slap in the face to the many heroes of the time, especially those that gave their lives for equality. Bob Dylan created an anthem of change and expressed his feelings in generalities that can fit many circumstances. That is what makes his song relevant for so many even today.

I was recently watching a webcast replay by Joe Aultman, a guy who I really respect and consider a friend, about Essbase and whether it belongs under the control of IT or the business. Joe gave this presentation live during KScope 15 for those lucky enough to be there. During the presentation, Joe went through an excellent history of Essbase.  He spoke about how it started as a tool that was sold to Finance and sat on a server under someone’s desk at many companies. How exciting those early days were.

I have been working with Hyperion directly for more than ten years. Before that, I worked closely with the Hyperion Enterprise administrator and he showed me a few things so I could back him up. We ran Enterprise on a Citrix server, but we pretty much had full control of the box with very little IT intervention at all. It was fantastic! Thankfully we didn’t ever need a whole lot of help with that environment.

About a year later when I started with Essbase, a co-worker showed me how to install Essbase 6.5.4 on my desktop so that I could play with an outline to replace that old Enterprise application. Our installation in production was version 9.3.1, though. We had IT to manage our servers now. I had to practically beg to get a batch script scheduled on the server for nightly backups of our data.

With the complexities of the EPM System today it’s hard to imagine anyone implementing Essbase without IT support. With Oracle’s EPM and BI Cloud Services, what’s old is new again. Departmental applications can once again flourish as the Enterprise Planning Cloud and the upcoming Essbase Cloud Service offerings reduce the rigidity of IT and allow the business to control their applications.

There is no doubt that Oracle is making a strong push for customers to join the cloud revolution. That push is strong enough to make infrastructure consultants like me who are heavily reliant on the on-premises software model take notice. So, what is an infrastructure person to do? Diversify.

Luckily, I started in Hyperion with an application background. I learned Essbase inside and out at Wells Fargo Home Mortgage, then I went into consulting and learned Planning, FDM, ODI, infrastructure, OBIEE, enough to be dangerous in HFM, FDMEE, etc. I think the real sweet spot for developers like me is in data integration. The technology will keep changing, but we are always going to need to move data from one application into another.

As the underlying technology changes, this blog must also change to reflect the current trends and hopefully help anyone who stumbles across this site. Honestly, this blog was never about one particular thing. While I have primarily focused on infrastructure, there are a lot of areas in the EPM and BI world to be explored.

Come gather ’round people
Wherever you roam
And admit that the waters
Around you have grown
And accept it that soon
You’ll be drenched to the bone
If your time to you
Is worth savin’
Then you better start swimmin’
Or you’ll sink like a stone
For the times they are a-changin’.

-Bob Dylan, The Times They Are a-Changin’, 1964


Oracle Critical Patch Update Q1, 2015 – OBIEE

Oracle’s quarterly Critical Patch Update came out today (1/20/2015).  While the Hyperion products did not have any critical patches come out in the last quarter from a security perspective, the OBIEE products were included.  Taking a look at the document, OBIEE and BI Publisher are listed as requiring a recommended security patch (number 20124371).

The OBIEE comments on the My Oracle Support Document 1488475.1 state that this will likely be the last bundle patch for the version.

Per the readme:

The Oracle BI EE Suite Bundle Patch under the top-level patch 20124371 consists of the following component patches:

Patch Abstract
16913445 Oracle Business Intelligence Installer (BIINST)
19822893 Oracle Business Intelligence Publisher (BIP)
19825503 Enterprise Performance Management Components Installed from BI Installer (BIFNDNEPM)
19822857 Oracle Business Intelligence Server (BISERVER)
19822826 Oracle Business Intelligence Presentation Services (BIPS)
19823874 Oracle Real-Time Decisions (RTD)
16997936 Oracle Business Intelligence ADF Components (BIADFCOMPS)
20022695 Oracle Business Intelligence Platform Client Installers and MapViewer

This release has no new features; however, there are 130+ new bug fixes in this bundle patch.

In addition to this patch, the Dynamic Monitoring Service Patch (number 16569379) and Patch 18277370 for running Enterprise Manager in IE11 are also required.  If it’s a new install or you haven’t updated your BI Mobile Application Designer, it would be a good time to install patch number 18794832 as well.

*** EDIT 1/23/2015 – after multiple people found the note in Oracle KB Article 1488475.1, the note was removed from the document.  Oracle reserves the right to patch if necessary; however, I have a feeling development is going to be more focused on the 12c version of OBIEE.

SSL woes

There I was, trying to wrap up a client’s installation but I was stuck.  This particular client has security concerns, they even have an external security company verify their installations and enforce corporate security policy.  That meant that OBIEE and EPM needed to both be secured by SSL.

I went down a rabbit hole to get SSL installed in OBIEE, that was an adventure in itself and it took me quite awhile to make sure everything was working properly.  I found a great resource from Oracle on their blogs page here:  Thank you to  Veera Raghavendra Rao Koka for the detailed information.  I wish it was documented similarly in the BI documentation.

For awhile, I wasn’t concerned with EPM SSL.  I had implemented SSL termination at Oracle HTTP Server before in version, so I figured it would be pretty easy on  Wrong.  According to the documentation, there are only two supported scenarios for SSL deployment:

  • SSL Termination at an SSL Offloader (load balancer or bridge with SSL termination enabled)

SSL terminating at an Offloader

  • Full SSL deployment

Full SSL deployment

Hmm.  I don’t want either one of these options.  My client doesn’t really want un-encrypted traffic from their SSL bridge in their DMZ to the server inside the firewall.  So, I started to go down the path of full SSL.  This is a distributed installation, so that requires two different keystores for my servers running WebLogic JVMs, plus another keystore for Oracle HTTP Server.  I worked at it for awhile and was able to get the Foundation server deployed with full SSL.  I started the services and things appeared to be ok.  I was able to get into Workspace and click around into Shared Services fine.  I went into Calc Manager and the application appeared to be ok, but I got an error about not being able to connect to EPMA.  I tried to go into the Dimension Library, then I saw an error message:

Nested exception is: HTTP transport error:javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: Unrecognized SSL message, plaintext connection?

At this point, I had pretty much had enough.  Oracle Support’s Knowledge Base article 1904344.1 states that this is a known issue that should be fixed with Shared Services patch  Unfortunately, I had already applied that patch during the installation and I was still seeing the error.  Ain’t nobody got time for that.

So, I really didn’t want to pursue full SSL at this point.  What I really wanted was to do what I had done back in and accept SSL connections at the Oracle HTTP Server layer and terminate those SSL requests there.  That would preclude me from needing to mess with keystores at the WebLogic layer and avoid any issues with EPMA in SSL mode.  This is what I’m talking about:

SSL termination at Oracle HTTP Server

The Security guide mentions terminating SSL at the HTTP server; however, the architecture diagram they provide is the same diagram as SSL termination at an offloader.  The above diagram is actually from the documentation and exactly what I want.  So, I did some Google magic and found that Pablo Bryan of Infratects has a blog and documented the exact steps that I needed back in January of 2014.  You can read his blog post here:  Thank you, Pablo!

So, I took his advice and made the two or three changes to the ssl.conf and httpd.conf files.  After restarting Oracle HTTP Server, all was right with the world and my client now has encrypted communication terminating at the HTTP Server.  It really is amazing how easy it was to set up the EPM encryption at the HTTP Server compared to the full SSL required by OBIEE.

OBIEE Patch Available

On October 14, Oracle released patch 19261194 for OBIEE  This patch does not contain any new features; however, there are 86 bug fixes in the readme.  The bug fixes were in BI Publisher, BI Server, and BI Presentation Services.

One of those fixes is addressing SSO between EPM Workspace and OBIEE.  For those customers living on the edge and wanting your OBIEE presented in EPM Workspace, this might be the key to getting that integration working with SSO from Workspace into OBIEE and back into Essbase for analyses/dashboards.

Oracle Critical Patch Update Oct. 2014

Yesterday Oracle released their quarterly Critical Patch Update.  Browsing through the various readme files, I found that no Hyperion or EPM products were directly listed this quarter.  OBIEE didn’t have any new patches to its software this quarter, either.

As you browse the information provided, you can see that WebLogic does have some low risk vulnerabilities addressed by this CPU.  Oracle’s recommendation is to apply the WebLogic Server Patch Set Update (Patch 19182814) to address some of the concerns with the WebLogic application server that is installed with and supports EPM and OBIEE.

In critical environments, it would also be advised to monitor and update the supporting Java SE version installed or used with Fusion Middleware products such as EPM and OBIEE.  See Oracle Support note 1492080.1 on updating the installed Java version for Fusion Middleware products.

In reality, most EPM/BI implementations are going to be safely behind a corporate firewall and won’t worry about these too much.  If you are hosting, for instance, I would hope that you would already be aware of these and patched by now.

EOL for Web Analysis and Production Reporting (SQR)

Torben Hein of Oracle released a blog post this morning outlining the product direction of Web Analysis and SQR Reporting.  You can see the original post here.

Long story short, both products have reached their maturity and will not be continued after the 11.1.2.x code line.  My interpretation is that they will still be contained in the upcoming release of EPM that is tentatively scheduled for sometime this winter.  Beyond that, I do not see these products carrying forward.

Many customers are shifting their EPM licenses to the BI Foundation Suite (BIFS) licensing, which is great news.  This shift in licensing allows those customers the ability to use OBIEE, which is a stronger foundation for reporting, analyses, and dashboards than Web Analysis and SQR.  OBIEE also has a wider adoption rate, in my experience.

To any prospective clients looking at an upgrade, I would strongly recommend contacting your Oracle Sales Rep and asking how to shift to the BIFS licensing and then plan to move any reporting from Web Analysis and SQR over to OBIEE after your upgrade.

July 2014 Oracle Quarterly Critical Patch Availability

Today Oracle released a list of vulnerabilities to the EPM and related BI software along with a host of other products.  See the full announcement here:

This one was interesting as my beloved Hyperion products were mentioned.  Seven vulnerabilities were identified with Hyperion products.  It was interesting that most of the patches for these vulnerabilities have been out for a little while, so hopefully you have already mitigated some of these.  Here is list of defects for Hyperion:

7-15-2014 5-25-14 PM

If you clicked the link from the announcement to My Oracle Support note number 1666884.1, the Patch Set Update and Critical Patch Update July 2014 Availability Document, will give you the patches to fix each vulnerability.

Patch Availability for Oracle Hyperion Analytic Provider Services

Product Home Patch Advisory Number Comments SPU Patch 17767293 CVE-2014-4246 PSU SPU Patch 18148649 CVE-2014-4246 PSU

Patch Availability for Oracle Hyperion BI+

Product Home Patch Advisory Number Comments SPU Patch 17529887 and SPU Patch 18383790 CVE-2014-0436 PSU (included in 17767293) and Client Installers PSE SPU Patch 18659116 and SPU Patch 18856417 CVE-2014-0436 I could not find these patches. The links do not show the patch.


Patch Availability for Oracle Hyperion Common Admin

Product Home Patch Advisory Number Comments CPU Patch 18672071 CVE-2014-4269, CVE-2014-4270 PSU for Shared Services CPU Patch 18659116 CVE-2014-4269, CVE-2014-4270 I could not find this patch either.


Patch Availability for Oracle Hyperion EAS

Product Home Patch Advisory Number Comments Admin Server Patch 17417347Admin Console Patch 17417344 Released January 2014 PSU, should also be included in PSU Admin Server Patch 17277761Admin Console Patch 17277764 Released January 2014 PSU Admin Server Patch 17545122Admin Console Patch 17545124 Released January 2014 PSU


Patch Availability for Oracle Hyperion Enterprise Performance Management Architect

Product Home Patch Advisory Number Comments SPU Patch 17529887 and SPU Patch 18383790 CVE-2014-4203, CVE-2014-4206 PSU and Client Installers PSE SPU Patch 18659116 and SPU Patch 18856417 CVE-2014-4203, CVE-2014-4206  I could not find this patch either.


Patch Availability for Oracle Hyperion Essbase

Product Home Patch Advisory Number Comments SPU Patch 18505489 CVE-2014-4271 PSU SPU Patch 18520684 CVE-2014-4271 Patch Set Update Exception (PSE): (18520684)


Patch Availability for Oracle Hyperion Strategic Finance

Product Home Patch Advisory Number Comments CPU Patch 14593946 Released April 2014 PSU CPU Patch 17636270 Released April 2014 PSU


In addition to the application patches, we also find that WebLogic Server is listed.  This is important because it is part of our installation of EPM 11.1.2.x and most of us take it for granted.

Patch Set Update Availability for Oracle WebLogic Server

Product Home Patch Advisory Number Comments
Oracle Java SE home JDK/JRE 6 Update 81:

See Note 1492980.1How to Maintain the Java SE Installed or Used with FMW 11g Products
Oracle JRockit 28.x home R28.3.3- Patch 18763693
WebLogic Server home PSU Patch 18040640 CVE-2014-2480, CVE-2014-2481, CVE-2014-4256, CVE-2014-4242, CVE-2014-4253, CVE-2014-4267, CVE-2014-4255, CVE-2014-4254, CVE-2014-2479, CVE-2014-4210, CVE-2014-4241, CVE-2014-4217, CVE-2014-4201, CVE-2014-4202 See Note 1306505.1Announcing Oracle WebLogic Server PSUs (Patch Set Updates)For CVE-2014-4256, see Note 1903763.1, Download Request for Security Configuration


Also note in the announcement that there is a patch for OBIEE’s Mobile App Designer.

Patch Availability for Oracle Business Intelligence App Mobile Designer

Product Home Patch Advisory Number Comments SPU Patch 18794832 CVE-2014-4249 Must delete existing MAD deployment and install this one.  Check the readme.


This appears to be a replacement for the entire MAD install.  Going forward, I will use the Oracle BI Mobile App Designer patch 18794832 instead of the older 17220994 patch.  This patch came out on 6/3, so they aren’t very good about announcing these patches.  I guess that’s why we should be reading these quarterly announcements to find out what has been fixed.


New OBIEE patches – IE10 compatibility

I haven’t done much OBIEE work lately; however, the OBIEE patch posts I have done in the past remain one of the most popular topics on my blog.  Since the release of, there have been two new patches released.

OBIEE released back in October of 2013.  There were a few notable new features:

There are eight component patches that are served by one patch number: 17530796.  Once these component patches have been applied, you may also apply patch 17220944 for the BI Mobile App Designer if it has not been previously installed.

Patch 17530796 includes the following:

  • Patch 16913445 – Oracle Business Intelligence Installer (BIINST)
  • Patch 17463314 – Oracle Business Intelligence Publisher (BIP)
  • Patch 17300417 – Enterprise Performance Management Components Installed from BI Installer (BIFNDNEPM)
  • Patch 17463395 – Oracle Business Intelligence Server (BISERVER)
  • Patch 17463376 – Oracle Business Intelligence Presentation Services (BIPS)
  • Patch 17300045 – Oracle Real-Time Decisions (RTD)
  • Patch 16997936 – Oracle Business Intelligence ADF Components (BIADFCOMPS)
  • Patch 17463403 – Oracle Business Intelligence Platform Client Installers and MapViewer

In addition to the above patch, the Dynamic Monitoring Service patch 16569379 and of course, the BI Mobile App Designer patch 17220944.

Before getting too excited about applying, on January 14, 2014, OBIEE was released as patch 17886497.  This patch may be applied to OBIEE or

There were no new features in this patch, although Oracle did fix a few bugs in some of the products since the prior patch.  Not all of the patches contained in are new, only the following products were actually changed for this patch:

  • Oracle Business Intelligence Publisher (BIP)
  • Oracle Business Intelligence Server (BISERVER)

  • Oracle Business Intelligence Presentation Services (BIPS)
  • Oracle Business Intelligence Platform Client Installers and MapViewer

Patch 17886497 includes the following patches:

  • Patch 16913445 – Oracle Business Intelligence Installer (BIINST)
  • Patch 17922352 – Oracle Business Intelligence Publisher (BIP)
  • Patch 17300417 – Enterprise Performance Management Components Installed from BI Installer (BIFNDNEPM)
  • Patch 17922552 – Oracle Business Intelligence Server (BISERVER)
  • Patch 17922596 – Oracle Business Intelligence Presentation Services (BIPS)
  • Patch 17300045 – Oracle Real-Time Decisions (RTD)
  • Patch 16997936 – Oracle Business Intelligence ADF Components (BIADFCOMPS)
  • Patch 117922577 – Oracle Business Intelligence Platform Client Installers and MapViewer

In addition to the above patch, the Dynamic Monitoring Service patch 16569379 and of course, the BI Mobile App Designer patch 17220944 (both are the same as above).

As always, the best advice I can give for installing these patches is to read and follow the instructions in the README files that are included with each of the patches.  For these OBIEE patches, often the main patch download includes the instructions that should be applied for each of the patches contained within.

OBIEE patching

Just last week I installed OBIEE and patched it to version which was released back in July, I believe.  I went to my trusty Oracle Support document (Doc ID 1488475.1), and found that someone from Oracle had gutted the article of virtually all helpful information on the various OBIEE patches available for versions and  Thankfully, I was able to find Doc ID 1566124.1, which states the patches that make up OBIEE

The six OBIEE-specific patches are combined into one download as patch number 16556157.  Also required during the patching is patch number 16569379.  These patches are available on the My Oracle Support site ( and are installed as previously covered on this blog.  Be sure to read the readme file in the Patch 16453010 folder for any questions.

Patch 16556157 – OBIEE BUNDLE PATCH (Patch) is comprised of the following patches, which are not available separately:

  • Patch 16453010 – Patch (1 of 6) Oracle Business Intelligence Installer (BIINST)
  • Patch 16849017 – Patch (2 of 6) Oracle Business Intelligence Publisher (BIP)
  • Patch 16916026 – Patch (3 of 6) Enterprise Performance Management Components Installed from BI Installer (BIFNDNEPM))
  • Patch 16850553 – Patch (4 of 6) Oracle Business Intelligence Server (BIS)
  • Patch 16842070 – Patch (5 of 6) Oracle Business Intelligence Presentation Services (BIPS)
  • Patch 16869578 – Patch (6 of 6) Oracle Business Intelligence Platform Client Installers and MapViewer

Also you must download:

Patch 16569379 – Dynamic Monitoring Service patch

Oracle states the following caveats as well:

  • Be aware that a small number of the bug fixes that became available in the through Suite Bundle Patches are not available in the Suite Bundle Patch. Carefully review the list of bugs that are fixed in this Suite Bundle Patch before applying it to your system.
  • Oracle Exalytics customers must not install this Oracle Business Intelligence Suite Bundle Patch unless it is certified for the specific Oracle Exalytics Patch or Patchset Update that they are applying. For more information see Oracle Fusion Middleware Installation and Administration Guide for Oracle Exalytics In-Memory Machine and the Oracle Exalytics certification information.
  • For Oracle Fusion Applications customers, this Oracle Business Intelligence Suite Bundle Patch will be applied as part of a Fusion Applications installation or upgrade. Oracle Fusion Applications customers must not apply this Suite Bundle Patch independently.
  • The Oracle Business Intelligence Suite Bundle Patch is cumulative and might include patches that you might have already applied to the Oracle BI system. Therefore, when you install the Suite Bundle Patch, you might see warning messages that indicate that earlier patches are being rolled back. These warnings simply indicate that oPatch is working correctly, and do not require any action.
  • If you have horizontally scaled out the Oracle BI system on to multiple machines, then you must apply the Oracle Business Intelligence Suite Bundle Patch and the Dynamic Monitoring Service patch to all machines in the cluster.
  • When the installation of the Suite Bundle Patch is complete and the Oracle BI system is running again, end users might experience unexpected behavior due to pre-existing browser sessions that cache javascript from the earlier Oracle BI release. To avoid unnecessary support requests, ask all end users to clear their browser cache.

Exalytics Installation in progress

Exalytics Installation in progress

Today I began my first of three Exalytics installations at a client. I am geeking out just working on the hardware.

Rather than having Oracle do the software installation, this client has opted for me to install EPM and OBIEE on these servers. The standard installation for EPM is Essbase only where this client is going to host the majority of their EPM stack (Planning and Essbase along with other requisite software) on the Exalytics servers and HFM/FDM/ODI/EPMA on Windows.

The Exalytics server isn’t that much different from any other 64-bit Linux server with the exception of the 1TB of RAM and 40 processing cores.  The OS is Oracle Linux release 5.5, which appears to be based on Red Hat Enterprise Linux 5.5.  The same downloads and installation steps for a regular 64-bit EPM install are used on Exalytics with very few exceptions.  I will follow up on the status with my thoughts as the project progresses.