Liberate your data

Intelligence is all about knowledge. This website is dedicated sharing expertise on Oracle BI. More »

 

Oracle EPM 11.2.3.0 Is Available on Oracle eDelivery

The EPM Certification Matrix has been updated for on-premises Hyperion/Oracle EPM 11.2.3.0.

The online Feature Comparison Tool hasn’t been updated as of this writing. The README, however, lists a boatload of bugfixes. HFM shops should inspect the README carefully and allow sufficient time for rigorous regression testing.

There’s about 2GB remaining in my download queue, and then it will be time to take it for a spin.

Initial observations:

  • Still no certified migration path from 11.1.2.3 and older.
  • The certification matrix says HFM isn’t available for Linux 7 yet. Fortunately, I don’t have any customers screaming for this (yet). I do have customers who’ve expressed interest in running Essbase on Linux 7 instead of Linux 6. Linux 6 is a dead product and Linux 7 has faster disk I/O drivers, among other improvements.
  • Installation media is only available for 64-bit Microsoft Windows and Linux 7. Solaris and AIX (“AIX ain’t UNIX“) aren’t listed.
  • In-place “Apply Updates” upgrade is available if you’re on 11.2.0.0 through 11.2.2.0.
  • The LCM bug for Google Chrome has apparently been fixed.
  • The README provides the workaround for Planning RMI not binding to its port.
  • No mention if the FDMEE Linux bugs have been fixed or not.
  • The README explains why I can’t login to EAS; an Oracle WebLogic policy update is needed. The problem may have been introduced in 11.2.2.0, as my 11.2.1.0 sandbox works just fine.
  • The README has a very important note about LDAP hosted through MSAD; every Microsoft shop will need to get in front of this before Microsoft forces our hand in 2021.

 

Read the original post at epmonprem.pro.

Read This Next

From the Mad Scientist’s Lab: An Assessment of Oracle Hyperion/EPM 11.2

What exactly is new about EPM 11.2, and how can you best prepare for the upgrade? What benefits and challenges have been discovered, and what do the changes – new features and discontinued features – mean for your organization? Join Dave Shay, EPM Director and Mad Scientist, in his EPM 11.2 lab as he shares what he’s discovered.

The post Oracle EPM 11.2.3.0 Is Available on Oracle eDelivery appeared first on Datavail.

Automation in Oracle EBS – It Can Be Done!

By now, the general benefits of automation are well-known—including lowering IT costs, reducing errors, and freeing up time and effort for tasks that are better suited to human employees. What’s less clear, however, is how to take advantage of automation when using powerful (and complicated) enterprise resource planning software like Oracle EBS.

According to a 2018 study by CA Technologies, for example, businesses using automation in Oracle EBS have been able to shorten their financial reporting cycles by up to 70 percent, while also reducing manual effort by as much as 90 percent. With that said, how can you get started reaping the benefits of Oracle EBS automation for your own organization?

Datavail’s Oracle EBS Automation Library

Datavail has built a plug-and-play automation library specifically for our Oracle EBS clients, with dozens of scripts for automating database administration work. The library includes scripts for tasks including:

  • Generic daily health checks (to prevent unexpected incidents)
  • Patch management
  • Log management
  • Common maintenance activities (including startups and shutdowns, reorganizing database tables and indexes, collecting schema statistics, and more)
  • Backups and restores
  • Database installation and provisioning
  • System monitoring
  • Cloning and database refreshes
  • High availability and disaster recovery

 
We’ve built our Oracle EBS automation library to help support the diverse needs of our clients, from operating systems and databases to Oracle WebLogic Server and GoldenGate. Even better, our automation scripts can easily integrate with your existing environment: they run both in the cloud and on-premises, and are compatible with CI/CD tools such as Jenkins and Ansible AWX.

One of our clients, a Fortune 500 fast food chain, has leveraged Datavail’s Oracle EBS automation library to save over 550 hours of manual IT work each month, including laborious tasks such as:

  • EBS single-node and multi-node clones
  • TRIRIGA environment restarts
  • Cisco Global Site Selector (GSS) scripts
  • Session kills for Oracle EBS and Business Intelligence inactive users
  • Oracle Hyperion artifact backups through LCM (Life Cycle Management)

 
Datavail’s Oracle EBS automation library has helped our clients unlock a tremendous amount of value in their enterprise IT environments—but it’s only one of the many EBS services we offer. To learn more about how we can help improve the efficiency and accuracy of your EBS workflows, check out our new white paper “Strategic Oracle EBS Managed Services – with Benefits.”

The post Automation in Oracle EBS – It Can Be Done! appeared first on Datavail.

Availability Groups Supporting Distributed Transactions

By default, SQL Server Availability Groups (AG) do not fully support Distributed Transactions – even if the AG’s underlying Windows Servers are configured for Distributed Transaction support.

 
Typically, if a system is required to support Distributed Transactions, the only requirement is to enable and configure the Windows Servers’ local MS-DTC to support XA Transactions. “XA” is a two-phase commit protocol used to ensure data integrity for a single transaction shared between multiple relational databases. However, with SQL Server AG, there are additional requirements to enable Distributed Transaction support and high availability.

Prior to SQL Server 2016 SP2, it was not recommended or supported to implement AGs on systems which supported Distributed Transactions within databases on the same Instance. Since SQL Server 2016 SP2, distributed transactions are fully supported in all databases – including those involved in AG and within databases on the same Instance.

If an AG is not configured to support Distributed Transactions (this includes unsupported SQL Server versions) – potential side effects can go unnoticed…. until the AG is moved to a different Replica. Here is a real-life example that happened during a “planned” SQL Server 2017 AG failover in which Local DTCs were used and the AG was not configured for Distributed Transactions. The database names and server names have been genericized:

All AG databases, including the Shipping database, were reporting “Synchronized” just prior to a planned failover. However, a DTC-enlisted transaction was made on ReplicaA_Instance immediately prior to the failover. When the AG failed over to ReplicaB_Instance, all standard transactions were either rolled forward or back successfully in each AG database. Then the recovery of in-doubt Distributed Transactions were invoked.  At that point, ReplicaB_Instance went to check in its local MS DTC for the Distributed Transaction result….but since MS DTC on ReplicaB_Instance doesn’t have any knowledge of the Distributed Transactions which were initiated from ReplicaA_Instance – ReplicaB_Instance generated this error:
 
Message: SQL Server detected a DTC/KTM in-doubt transaction with UOW  {F37CAD38-899F-4469-9FAF-45BF1C67FD9D}.Please resolve it following the guideline for Troubleshooting DTC Transactions.
 
Then automatically (and immediately) the Shipping AG database was put in Suspect mode.

It is surprising we do not see this issue more often! Luckily there are a handful of easy actions which will help prevent this issue from happening going forward:

Ask the Application Owner if Distributed Transactions are required to be supported when configuring an AG.

  • There is already a myriad of questions a DBA must ask when architecting a reliant SQL Server environment for an application. Make sure to add this one to your list of questions!
  • If transactions can span multiple databases, even on the same Instance, they are Distributed Transactions!

 
Configure a Clustered MS-DTC as a Resource in the WSFC.

  • To make this highly available, configure this Resource onto Clustered Shared Storage

 
Disable the Local MS-DTC on all Replica Windows Servers.

Enable the AG for Distributed Transactions with the “DTC_SUPPORT = PER_DB” option.

  • In SQL Server 2016 SP2, this option must be set during the CREATE AVAILABILITY GROUP sequence. This option is not enable-able after the AG is created.
  • In SQL Server 2017 or beyond, this option can be enabled during and after the AG is created

 
Configure the in-doubt xact resolution option if you are using a Local DTC.

  • To presume commit any in-doubt MS DTC transactions, set to 1
  • To presume abort any in-doubt MS DTC transactions, set to 2
  • By default, this is set to 0, which requires the DBA to manually resolve in-doubt transactions as the affected database will go into Suspect Mode.
  • It is recommended to have this configuration option consistently set across all Instances which support Distributed Transactions

Here are the effects of configuring a Clustered MS DTC and configuring the DTC_SUPPORT = PER_DB AG option:

In order to participate in distributed transactions, an instance of SQL Server enlists with a DTC. Normally the instance of SQL Server enlists with DTC on the local server, but in the case of an AG, the SQL Server Instance should enlist with a Clustered MS DTC. Each instance of SQL Server creates a resource manager with a unique resource manager identifier (RMID) and registers it with the Clustered DTC. In the default configuration, all databases on an instance of SQL Server use the same RMID. Also in the default configuration, during AG failover – the new Primary Replica will have a different RMID (because it is running on a new Instance), therefore the new Primary Replica’s Instance does not have any knowledge of prior in-doubt distributed transactions initiated on the old Primary Replica’s Instance.

To support distributed transactions during AG failover movement, each database should act as a separate resource manager and must have a unique RMID. When an availability group has DTC_SUPPORT = PER_DB, SQL Server creates a resource manager for each database and registers with the Clustered DTC using a unique RMID. In this configuration, the database is a resource manager for DTC transactions. It is very important to know that the RMID follows the database during an AG failover! This is the secret sauce which allows the resolution of in-doubt transactions!

Other helpful tips to ensure trouble-free AG failovers:

  • Replicas should be in Synchronous Mode
  • Validate the AG is Healthy and Synchronized between the current Primary and Secondary Replica(s) immediately prior to moving the AG to a different Replica
  • Validate the AG is Healthy and Synchronized after the failover (Databases incurring a large number of transactions may take several minutes to become synchronized.)
  • If any issues are detected, consult the SQL Errorlog immediately

In short review, if your SQL Server 2016 SP2 (or higher) AG environment is required to support Distributed Transactions, ensure the following configurations are enabled:

Enable Clustered MS DTC

  • Put this Resource on Clustered Shared Storage

 
Disable Local MS DTC

  • If this is not done, at least set the in-doubt xact resolution option

 
Enable the “DTC_SUPPORT = PER_DB” option in the AG

  • In SQL 2016 SP2, you must set this option while the AG is being created
  • In SQL 2017 and beyond, this AG option can be set at any time

 
If you’re looking for support with SQL Server availability groups, or other initiatives around SQL Server please contact us.

The post Availability Groups Supporting Distributed Transactions appeared first on Datavail.

Oracle EBS 12.2.10 Hits the Stands: What You Need to Know

The latest version of Oracle E-Business Suite, 12.2.10, is hot off the presses—it was just released on September 25. So what’s new with Oracle EBS 12.2.10, and what do you need to know about this latest version?

What is Oracle EBS 12.2.10?

EBS 12.2.10 is Oracle’s most recent iteration of the E-Business Suite collection of software applications for enterprise resource planning, customer relationship management, and supply chain management. The previous version, EBS 12.2.9, was released last year in August 2019.

This release schedule is in line with Oracle’s EBS roadmap, which aims to deliver a new EBS patch on an annual basis. Oracle also plans to issue an upcoming “12.X” version of EBS which will be supported through at least 2030, although details at this point are hazy.

What’s New in Oracle EBS 12.2.10?

With that said, what are the new features in EBS 12.2.10?

EBS 12.2.10 is a cumulative patch, which means that it includes both new features and updates that were part of previous 12.2 patches. According to Oracle product management director Elke Phelps, many of the new EBS 12.2.10 features were requested and voted on by EBS customers, while others have been in the pipeline as part of Oracle’s overarching goals of improving operational efficiency and modernizing the user interface.

Just a few of the most anticipated new features of EBS 12.2.10 are:

  • Order management: Oracle iStore uses Enterprise Command Center technology to “provide a modern user experience in B2B shopping.” The Performance Evaluation Dashboard in the Oracle Incentive Compensation Command Center lets administrators view employees’ sales attainment and performance across different roles, plans, and periods.
  • Logistics:2.10 has made significant updates to the Receiving Dashboard, Reservations Dashboard, and Reservations HTML UI. For example, the Receiving Dashboard allows users to track material by “Expected Date,” track pending inspections, manage pending putaways, and much more. Oracle Warehouse Management (WMS) has added various enhancements, e.g. creating optimized travel paths for pickers to finish their work with a single pass through the warehouse.
  • Procurement: As with Order Management, Oracle iStore now has “an enhanced consumer-like shopping experience”. The Employee Shopping Tracker in the Oracle Procurement Command Center helps improve catalog content by tracking employees’ shopping searches.
  • Projects:2.10 includes more accurate financial management for U.S. federal trading partners, with support for G-Invoicing (government invoicing).

 
The 12.2.10 features listed above really are just the tip of the iceberg—there are also various improvements to asset lifecycle management, human capital management, financial management, and more. For the full list of new features in EBS 12.2.10, check out Oracle’s document “Announcing Oracle E-Business Suite: Innovations in 2020.”

Upgrading to Oracle EBS 12.2.10

Keeping your EBS deployment up-to-date is crucial—especially if you’re using Oracle EBS 12.1, which is scheduled to end Premier Support next year. (Still using EBS 12.1? Check out our white paper “Time is Running Out for Oracle EBS 12.1 – Here’s What You Can Do.”)

If you’re already on EBS 12.2, you can install 12.2.10 through My Oracle Support as Patch 30399999. The good news is that 12.2.10 is an online patch, i.e. you can keep your EBS deployment running while it installs. You can find detailed instructions for applying the 12.2.10 patch here.

If you’re not yet on EBS 12.2, however, you won’t yet be able to install 12.2.10 by itself (and it’s high time that you start planning for an upgrade). You’ll first have to upgrade to a EBS 12.2.x version, and then install the 12.2.10 patch.

Looking for some help? As an Oracle Platinum Partner with 17 different specializations in Oracle products, Datavail has helped countless clients enjoy the latest features and bug fixes by upgrading their Oracle deployments. Get in touch with Datavail’s team of Oracle experts today to chat about your business needs and objectives.

The post Oracle EBS 12.2.10 Hits the Stands: What You Need to Know appeared first on Datavail.

ZeroLogon Vulnerability and EPM On-Premises and Cloud

I don’t normally write about Microsoft vulnerabilities and related patches, but this one is important for all Oracle EPM/Hyperion instances…whether on-premises or in Oracle’s EPM SaaS Cloud.

A little background: Vulnerabilities are ranked on a score from 0.1 to 10.0. What I’m about to discuss here is a 10.0, which is the most dangerous score.

The official designation of this particular critter is “CVE-2020-1472”. Independent security research firms, such as Secura, refer to it as ZeroLogon. Microsoft issued a patch for it in August 2020’s “Patch Tuesday”, but the extent of the problem wasn’t fully known at the time. If you want to read the gory details, you can check out Secura’s white paper on the subject. I’ll summarize, in brief:

The vulnerability allows anyone having access to the network to become a Windows Domain Administrator. You don’t even need network credentials if you stroll into the office and plug a device into an Ethernet port. Remote workers, of course, often have the access required. The point being that once the attacker runs the exploit and elevates himself to a domain admin or creates a new domain admin account with a known password, he can cause all sorts of mischief with far-reaching consequences throughout the organization.

Now let’s talk about EPM, starting with on-premises and then moving on to Oracle’s EPM SaaS Cloud (PBC, FCC, etc).

Microsoft Active Directory (“MSAD”) is ubiquitous within the on-premises EPM space. The vast majority of EPM implementations I’ve supported, installed, or health-checked use MSAD for end-user authentication. Hyperion Shared Services and the various EPM components connect to a Windows Domain Controller in order to authenticate end-user login attempts.

Disclaimer: the following paragraph contains theoretical conjecture. We won’t know the effects for sure until an non-patched system is attacked. 

Our fictional attacker, who exploits ZeroLogon, can completely break this. Worse, the attacker could kick the EPM servers out of the domain, making it hard to hop on the EPM servers and troubleshoot why nobody can login.

I have worked with a few customers who use alternatives to Microsoft for end-user authentication, such as Novell eDirectory or other LDAP solutions. By and large, though, there can be a Microsoft Windows Domain lurking somewhere within the network.

They key takeaway here is that EPM system stakeholders should inquire with the IT department and confirm the Domain Controllers have had the August 2020 Microsoft patches applied. I’ve noticed it is a mixed bag “out in the wild”; some organizations patch immediately, while others lag behind…especially during financial Quarter-End or Year-End change freezes.

Now let’s talk Cloud briefly.

Oracle’s EPM SaaS Cloud products for Consolidation, Planning, Account Rec, etc. all share one thing in common: EPMAutomate.

EPMAutomate is the Cloud’s command-line utility used for a variety of tasks: upload data to the Cloud, run it through Data Management, fire off Calculation Rules, download reports and audit logs, and more. EPMAutomate resides on a server under the customer’s control, either on-premises or in a hosted cloud such as AWS, Azure, OCI, etc. The vast majority of EPMAutomate implementations I’ve seen happen to sit on MS Windows servers. (It can be hosted on Linux, and sometimes I witness that variation.)

If EPMAutomate is hosted on MS Windows, and that machine happens to be joined to the MS Windows Domain…well, there’s a possibility your EPM Cloud automation might stop working someday if an intruder bricks your network account or kicks the EPMAutomate host server out of the domain. (Again, I use the word possibility until we see the fallout when it eventually happens.)

2020 has been an awful year thus far, so please do your part not to make it…awful-er. Insist your network domain controllers get patched for “CVE-2020-1472”, included in August 2020 Microsoft Patch Tuesday.

That’s it for this post, but if you’re looking for more reading on EPM 11.2, be sure to check out my white paper, “It’s the Eleventh Hour for Hyperion 11.1.2.4 — Here’s What to Do.”

Cross-posted from EPM On-Prem Pro. Read the original post here.

 

The post ZeroLogon Vulnerability and EPM On-Premises and Cloud appeared first on Datavail.