OBIEE Production Environment - Should it be made Private or Public?

Similar Messages

• OBIEE 11.1.1.6 Production Environment on AIX

  Hi Friends
  Consultant from Oracle installed OBIEE on three AIX machines.One is database server,web logic and OBIEE server installed on one machine, Informatica and DAC server installed on one machine.Ii is our Dev environment,My boss is planning for Production environment.
  To build production environment, Do we have to start the installation process from the beginning or is there anyway we can copy from existing Dev environment
  Please suggest
  Thanks,

  The process is basically setting up a Secure Shell (SSH) and then using RCP or SCP to copy files over. Again, details can come from a System Administration expert. Also, you may need to change some things around once the OBIEE components are moved to a new server.

• What level of access a DBA should have on production Environment

  We are in the process of auditing
  I want to know what level of acccess a DBA has on a production server..How about the Backups ONLINE/EXport backup? Which account should be used for those purposes...
  Can i DBA login as SYSTEM or SYS user? or he should have separate account to do all the activities..
  I am more on protecting the data from unauthorized user..Any standards followed for that
  Best Regards
  Maran

  Hi Maran,
  What level of access a DBA should have on production Environment
  root
  However, there have been cases of dishonest DBA's and SA, manipulating data for profit and stealing data:
  http://www.dba-oracle.com/art_lumigent_whitepaper.htm
  Kevin Mitnick, the noted computer felon likes to show how security breeches are commonly the result of employee errors. In his book “The Art of Deception”, Mitnick talks about his techniques to get trusting employees to disclose confidential information and privileged passwords. In one case Mitnick was able to secure a privileged password using the name Lemonjello, and then bragged about the naïve employee who handed-over a system password to someone called “Lemon Jell-O”. In this case the IT staff was never able to ascertain the root cause of the breech because their mechanism for the dissemination and auditing of secure information was inadequate.
  Today, there are ways to seregate the audit trails, giving the DBA what they need to do their job, while not giving them the keys to the kingdom.
  Hope this helps . . .
  Donald K. Burleson
  Oracle Press author
  Author of "Oracle Tuning: The Definitive Reference"
  http://www.rampant-books.com/book_2005_1_awr_proactive_tuning.htm

• Use of Emigall for creation of masters in the production environment

  Hi,
  The EMIGALL objects are normally used for migrating legacy master data and/or cut-over data before production environment is up.
  I am contemplating to use EMIGALL object for creation of contract account masters in production environment. One more option that I have is to use standard BAPI for creating contract account masters.
  Can anyone tell me whether it is proper to use EMIGALL object for day to day creation of master day in production environment. Is there any disadvantage or risk involved in it.
  Kindly reply soon.
  Regards,
  Ganesh

  I've already used emigall multiple times to do delta migrations into an operational prod environment.
  Purely looking at the functionalities, it should/would/must be possible to use emigall as a master data generator. I just think you need to look into the requirements:
  who will use it? end-user/application manager/...
  what's the amount of data to be loaded?
  what's the time window of the load? Day/night
  how is the data supplied?
  As you know, emigall EATS system resources like mad, so using it during the day might not be preferable. emigall is also very picky about the file format, whereas in a custom report you can define the input structure yourself.
  On the other hand, the error handling and follow-up of emigall is great...
  Personally, I'd go for a custom report with a BAPI... It'll give you more flexibility than emigall.

• MSDN and Production Environment (again)

  I started this on another forum before I found this one, but this seems a more suitable place.
  The definition of "production environment" seems rather odd. In some responses on this forum it appears to refer to "soft" systems whereas the latest MSDN licence refers to environment and physical kit.
  Below is a conversation I had over email with someone from MSDN and I find the whole thing utterly bizarre. I cannot for the life of me see how this helps anyone apart from MS being able to charge for non-production software. It renders having a powerful desktop
  for local lab experimentation pointless as you're not allowed to install anything and effectively doubles the hardware cost to small companies if they have to buy a separate server for any testing work (yes, best practice and all that, but budgets...) or pay
  out for a Windows Datacenter licence.
  Question:
  “If a physical machine running one or more virtual machines is used entirely for development and test, then the operating system used on the physical host system can be MSDN software. However, if the physical machine or any of the VMs hosted on that physical
  system are used for other purposes, then both the operating system within the VM and the operating system for the physical host must be licensed separately.”
  Is this actually saying that if I have a physical server licenced with a purchased (not MSDN) Server 2012 R2, running Hyper-V with, say, a production file server VM on it,  that ALL Windows VMs on that machine must have purchased licences even if they
  are only for development & testing purposes?
  Is this saying that all production and development Windows VMs must be only completely separate hardware, cluster, SAN, etc otherwise you must pay for full licences for the VMs?
  Or does it just mean that the bare metal licence (plus any additional ones required for running further production VMs) must be purchased if the VMs are a mix of production and development?
  Answer:
  We kindly inform that any products licensed under the developer tools model (e.g. SQL/BizTalk developer and/or MSDN) must be installed on their own separate physical hardware.
  You are not allowed to run test or development products on a server where production workloads are running at the same time.  Kindly run your developer software on a device/host that is dedicated to testing and development.
  Explanation:
  The Product Use Rights (PUR) say that the developer software is not licensed for use in a production environment. Even if the PUR does not have a separate definition of production environment, a production environment is a set of resources for network, physically
  dedicated hardware and software to provide "live" service.  If the intent was to say that the same physical server could be used for both development and production - it would say "not licensed for use in a production OSE," instead
  it says environment.
  See current PUR, page  51:
  Developer Tools (User License)
  You have the rights below for each license you acquire.
  #      You must assign each license to a single user.
  #      Each Licensed User may run an unlimited number of copies of the Developer Tools software and any prior version on any device.
  #      The Licensed User may use the software for evaluation and to design, develop, test, and demonstrate your programs. These rights include the use of the software to simulate an end user environment to diagnose issues related to your programs.
  #      The software is not licensed for use in a production environment. #      Additional rights provided in license terms included with the software are additive to these product use rights, provided that there is no conflict
  with these product use rights, except for superseding use terms outlined below.
  Question:
  Classifying an entire physical infrastructure as "production" in these days of virtualisation and shared storage really does not make any sense at all. Not using the software for production purposes makes perfect sense, but not being able to locate
  it alongside production OS installs is mad. Does this only apply to the server running the VM (CPU and RAM)? If the VHDX is hosted on shared SAN storage does the SAN have to be dedicated to non-production storage?
  Answer:
  We kindly inform that after double-checking the case we would like to confirm the development software cannot be run on the same hardware with production software.
  We have also received a feedback from the responsible team regarding your request about a dedicated SAN (Storage Area Network) for MSDN software.
  They have confirmed that the SAN has to be dedicated to the development and testing environment if it is used to run the software acquired through MSDN.
  Question:
  OK, so if I have my desktop (which is a production environment as I use it for email and other day to day office tasks), can I turn on Hyper-V and install an MSDN Windows Server 2012 instance for development purposes?
  Answer:
  We kindly inform it is not allowed to install and run software from MSDN subscriptions in production environments. Please do not install MSDN software on a desktop in a production environment:
  "[.] The customer will need to run the developer software on a device/host that is dedicated to testing and development.
  Explanation:
  The Product Use Rights (PUR) say that the developer software is not licensed for use in a production environment. Even if the PUR does not have a separate definition of production environment, a production environment is a set of resources for network, physically
  dedicated hardware and software to provide "live" service.  If the intent was to say that the same physical server could be used for both development and production - it would say "not licensed for use in a production OSE," instead
  it says environment.
  See current PUR, page  51:
  Developer Tools (User License)
  You have the rights below for each license you acquire.
  -      You must assign each license to a single user.
  -      Each Licensed User may run an unlimited number of copies of the Developer Tools software and any prior version on any device.
  -      The Licensed User may use the software for evaluation and to design, develop, test, and demonstrate your programs. These rights include the use of the software to simulate an end user environment to diagnose issues related to your programs.
  -  The software is not licensed for use in a production environment.
  -      Additional rights provided in license terms included with the software are additive to these product use rights, provided that there is no conflict with these product use rights, except for superseding use terms outlined below.

  Hi Mike,
  It sucks that MSDN software can't be run in a production environment, that means you have to have two entirely separate hardware environments, which are costly, and it seems unnecessary.  
  That's essentially it. I'm not saying for one second that it should be used for production purposes, just that it's physical location shouldn't be relevant. Also, the word "environment" is a very bad choice in the documentation simply because it's very open
  to interpretation.
  A production environment is defined as an environment that is accessed by end users of an application (such as an Internet Web site) and that is used for more than
  Acceptance Testing of that application
  or Feedback. Some scenarios that constitute production
  environments include:
  Environments that connect to a production database.
  Environments that support disaster-recovery or backup for a production environment.
  Environments that are used for production at least some of the time, such a server that is rotated into production during peak periods of activity.
  So I dont think (here's that inconclusive language) but am not sure that your desktop machines count as production environments, based on that, unless end users are connecting to them. (I dearly hope they are not!)
  My reading is based on the "Other Guidance" section:
  "If a physical machine running one or more virtual machines is used entirely for development and test, then the operating system used on the physical host system can be MSDN software. However, if the physical machine or any of the VMs
  hosted on that physical system are used for other purposes, then both the operating system within the VM and the operating system for the physical host must be licensed separately."
  <o:p>This is the crux of the matter and the interpretation of "licensed separately". A (to my mind) sensible reading of that would be "if you're running any production purpose VMs on a server then the physical host OS must be a full licence
  [presuming it's Server 2012 and not, say, VMWare or Hyper-V 2012] as must all production purpose VMs on that server". This has been getting interpreted by others (I'm not the first) and backed up by MS as meaning that if you want to run any dev/test VMs on
  a server that also runs production VMs then you can't use MSDN for those dev/test VMs.</o:p>
  Also, there is a section
  here, on the MSDN Licensing help page that says (with my added emphasis):
  Many
  MSDN subscribers use a computer for mixed use—both design, development, testing, and demonstration of your programs (the use allowed under the MSDN subscription license) and some other use.  Using the software in any other way, such as for doing email,
  playing games, or editing a document is another use and is not covered by the MSDN subscription license. 
  When this happens, the underlying operating system must also be licensed normally by purchasing a regular copy of Windows such as the one that came with a new OEM PC.
  Now to me, it seems this might be saying that the underlying operating system on a work
  machine cannot be licensed using MSDN if that work machine is going to be doing non-msdn things in addition to MSDN things.  It doesn't say "This can't happen" it just says "When this happens, the underlying
  OS must be licensed normally..." 
  So, based on what I'm reading it seems that this quote from you might not be true:
  "We can't install a local MSDN instance of Server 2012 or 8.1 for dev and test under Hyper-V on desktops
  because desktops used for email, writing documents, etc are production. "
  I wouldn't have expected this to be true either, but this is the response I was given. It may well be
  that my question was misunderstood. I hope this is the case otherwise one of the big reasons for turning on Hyper-V on  expensive, powerful desktops enabling the running of personal test environments goes out the window!
  Thanks for your time on this.

• Is vmware supported for production environment ?

  Hi All,
  Is vmware supported for production environment ?
  Thanks
  Sunny

  All,
  I'm glad someone has outlined the clear support statement that has existed for sometime between VMware - SAP.  For those of you still running on Oracle, here is some good news:
  Wording towards SAP Customers requesting support:
  "Oracle, VMware and SAP are working collaboratively to ensure support for SAP customers that use VMware virtualization for SAP solutions running Oracle DB. Functional tests are currently being performed to verify supportability of the SAP&Oracle stack.  Details will be made available in SAP note 1173954 u201CSupport of Oracle for VMwareu201D after tests have been completed. It is expected that in Q1 2010, ESX 3.5 and later releases including vSphere 4 will be supported by Oracle and SAP according to Oracleu2019s metalink note 249212."
  There is no reason why x86 platform today cannot run the most demanding workloads on VMware vSphere in a production environment.  But has noted earlier, don't get hung up on "production" - you have heaps of TestDev, SolMan TestDev, sandboxes, gateways, application servers etc that should immediately by put into a VM - once you are comfortable with your solution in-house, I'm sure you will move production instances into a VM as well.
  Below are some great resources for you to use in your quest to virtualize SAP on VMware:
  Additional Resources
  SAP Notes (for Windows platform)
  674851: Virtualization on Windows
  1104578: Virtualization on Windows: Enhanced Monitoring
  1056052: Windows: VMware ESX Server 3.x or vSphere configuration guidelines
  1260719: Detailed virtualization data using saposcol
  SAP Notes (for Linux platform)
  1122388 u2013 Linux: VMware ESX Server 3.x or vSphere configuration guidelines
  1122387 u2013 Linux: Supported Virtualization technologies with SAP
  171356 u2013 Virtualization on Linux: Essential information
  SAP, VMware (and other) benchmarks
  http://www.sap.com/solutions/benchmark/sd2tier.epx
  Introductory document u201CVirtualizing SAP applications on Windowsu201D by SAP
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/70f63258-bff1-2a10-9db6-
  cda6ef202bfc
  VMware and SAP
  White Papers, Success Stories, Webinars, Links, etc.
  http://www.vmware.com/sap
  SAP VMware Blog
  http://communities.vmware.com/blogs/SAPsolutions
  Regards,
  Andre Kemp
  VMware Sr. Product Marketing Manager - Asia Pacific
  Certified mySAP 2K and Migration Consultant
  Edited by: Andre Kemp on Dec 10, 2009 9:00 AM

• Issue in production environment

  Hi,
  We got an issue in the production environment on last Friday and yet not able to find out the root cause of the issue.
  Environment
  GUI : .Net
  Server : Java
  Application Server: Jboss
  Database: Sqlserver
  The Java application is deployed into Jboss application server which connects to SQL server as back end. GUI makes the web service call to server for data communication
  Issue
  Friday at 2 PM users reported the slowness of the application (Not getting the response from server in GUI), all the request from GUI were getting timed out.
  Restart of Jboss didn't help
  Restarted the Jboss and sqlserver for the second time and than the environment became stable
  Analysis
  1. From the thread dump of Jboss log we see that there are many threads waiting on a socket for database connection(according to database team all the connections are open and available at that particular time).
  2. The size of transaction log is almost doubled during this period (when the issue was reported). 
  We couldn't find a reason why this issue is happened. Is it a database issue or something else? Please suggest...
  Thanks,
  Manoj

  Hi Manoj,
  According to your description, when running the web application, many threads are waiting for the socket from database which cause requests from front GUI time out. Right?
  In this scenario, user can access the front GUI, which means the application server is working. Since the connections are all open at that particular time, it should not be issue on your JDBC. It seems to be a deadlock issue which cause other threads
  waiting and hang. I recommend check and optimize your code. On database side, I suggest you open the SQL profiler, select DeadLock Graph, it will record when deadlock occurs. Please refer to links below:
  Detecting and Ending Deadlocks
  Analyze Deadlocks with SQL Server Profiler
  If you have any question, please feel free to ask.
  Simon Hou
  TechNet Community Support

• OBIEE 11g environment going down.

  Hi Experts,
  Our OBIEE 11g Production environment goes down every now and then.
  I want to enable some scripts wherein i can get a notification on the pager or email that my obiee environment is down.
  So far we have no mechanism to know when is our environment down...
  Any pointers in this regard will be highly appreciated.
  Our servers are setup in Linux environment.
  Thanks
  Ashish

  Ashish,
  you have different 3rd party applications like sitescope, HP Open View etc. You might need to check with your company/alerts team who will setup these alerts for you.
  you can go through this to have a clear view of it. http://www.rittmanmead.com/2012/09/automated-monitoring-of-obiee-in-the-enterprise-an-overview/
  we use HP Openview and sitescope for these down alerts
  mark if it helps

• Security Issue httpOnlyCookies="true" is not working with production environment

  Dear All, 
  I have tired to make set cookie value as httpOnly
  The development environment is working fine and give me an output like that 
  Set-Cookie
  WSS_KeepSessionAuthenticated={3644d93c-d1d3-46cd-845f-42c01640ab21};
  path=/;
  HttpOnly
  But when implement the same changes in web.config production environment its not working 
  Set-Cookie                NLSessionCdomainweb=a98q9jnsy0vXk5+RHeHnlKmM+HnneA9KmhIAR6g1bJiwTs8sD6d7dfV1gBffc8HiJXBowxdO8LhZAiIEKiFY6PzNWySyRs5rvgCfPu8XIFnqKcN4XQ4UL9PN3JI3f4E6;path=/;domain=.domain.com
  I am using sharepoint 2010, under web.config i made the following changes  
  Add following tags under system.web
  <httpRuntime maxRequestLength="2097151" enableVersionHeader="false"
  />
  <httpCookies httpOnlyCookies="true"/>
  Add following tags under <system.webServer>
    <httpProtocol>
        <customHeaders>
                 <remove name="X-Powered-By" />
               <remove name="MicrosoftSharePointTeamServices" />
        </customHeaders>
      </httpProtocol>
  Can any one tell me why it's happening i have checked all possible reasons from my side but no success  
  Regards 
  Rashid Bilgrami 
  RB

  Hi,
  From your description, I know you want to set cookie value as httpOnly but it is not work.
  Please try to add codes below to your global.asax file:
  <SCRIPT language="C#" runat="server">
  protected void Session_Start(Object sender, EventArgs e)
   try
    if (Request.IsSecureConnection == true)
                  Response.Cookies ["ASP.NET_SessionId"].Secure = true;
   catch (Exception)
  </SCRIPT>
  Please refer to this article:
  https://social.technet.microsoft.com/Forums/sharepoint/en-US/0fe55c13-3911-422e-af17-cb5c1ab2abd7/missing-secure-httponly-flags-on-sharepoint-2010-cookie?forum=sharepointadminprevious.
  Best Regards
  Vincent Han
  TechNet Community Support

• How to port database changes from development to a production environment

  How do I port database changes from the development to the production environment?
  I am using v8 and have always had to redo everything using the schema manager all over in the production environment. Is there an easy way to generate a script, for example to dump the database changes on the development machine to be executed later on the production machine?

  This should already be a clearly defined change control process. Once a procedure, function, package, trigger, or whatever completes the testing rounds, it should be promoted to production.
  Forgive me if it seems I'm trivializing, but I don't see the problem, just copy the object(s) from your software library (or development) into production using whatever tool works best or has been chosen. If you are doing data copies then you have various options again including good old export/import.

• Best practice for a deplomyent (EAR containing WAR/EJB) in a productive environment

  Hi there,
  I'm looking for some hints regarding to the best practice deployment in a productive
  environment (currently we are not using a WLS-cluster);
  We are using ANT for buildung, packaging and (dynamic) deployment (via weblogic.Deployer)
  on the development environment and this works fine (in the meantime);
  For my point of view, I would like to prefere this kind of Deploment not only
  for the development, also for the productive system.
  But I found some hints in some books, and this guys prefere the static deployment
  for the p-system.
  My question now:
  Could anybody provide me with some links to some whitepapers regarding best practice
  for a deployment into a p-system ??
  What is your experiance with the new two-phase-deploment coming up with WLS 7.0
  Is it really a good idea to use the static deployment (what is the advantage of
  this kind of deployment ???
  THX in advanced
  -Martin

  Hi Siva,
  What best practise are you looking for ? If you can be specific on your question we could provide appropriate response.
  From my basis experience some of the best practices.
  1) Productive landscape should have high availability to business. For this you may setup DR or HA or both.
  2) It should have backup configured for which restore has been already tested
  3) It should have all the monitoring setup viz application, OS and DB
  4) Productive client should not be modifiable
  5) Users in Production landscape should have appropriate authorization based on SOD. There should not be any SOD conflicts
  6) Transport to Production should be highly controlled. Any transport to Production should be moved only with appropriate Change Board approvals.
  7) Relevant Database and OS security parameters should be tested before golive and enabled
  8) Pre-Golive , Post Golive should have been performed on Production system
  9) EWA should be configured atleast for Production system
  10) Production system availability using DR should have been tested
  Hope this helps.
  Regards,
  Deepak Kori

• Best Practice for Production environment

  Hello everyone,
  can someone share the best practice for a production environment? or is there a SAP standard best practice to follow in a Production landscape?
  i understand there are Best practices available for Implementation , Migration and upgrade. But, i was unable to find one for productive landscape
  thanks.

  Hi Siva,
  What best practise are you looking for ? If you can be specific on your question we could provide appropriate response.
  From my basis experience some of the best practices.
  1) Productive landscape should have high availability to business. For this you may setup DR or HA or both.
  2) It should have backup configured for which restore has been already tested
  3) It should have all the monitoring setup viz application, OS and DB
  4) Productive client should not be modifiable
  5) Users in Production landscape should have appropriate authorization based on SOD. There should not be any SOD conflicts
  6) Transport to Production should be highly controlled. Any transport to Production should be moved only with appropriate Change Board approvals.
  7) Relevant Database and OS security parameters should be tested before golive and enabled
  8) Pre-Golive , Post Golive should have been performed on Production system
  9) EWA should be configured atleast for Production system
  10) Production system availability using DR should have been tested
  Hope this helps.
  Regards,
  Deepak Kori

• Production Environment RFC's for EWA.... Please help!!

  We have some of the production environment setup EWA. I will need to add else which are left. I have setup EWA in sandbox for testing. worked fine. but i have question about RFC's.
  My all DEV systems has the following RFC's in solman;
  SM_XXXCLNT100_LOGIN
  SM_XXXCLNT100_READ
  SM_XXXCLNT100_TMW
  SM_XXXCLNT100_TRUSTED
  But my all QAS and PRODUCTION system has the following RFC'c in solman.
  SM_XXXCLNT100_LOGIN
  SM_XXXCLNT100_READ
  SM_XXXCLNT100_TMW
  I thought when I generate auto RFC's from SMSY, it creates the following;
  SM_XXXCLNT100_READ
  SM_XXXCLNT100_TMW
  SM_XXXCLNT100_TRUSTED
  What should I do? if it creates _TRUSTED ONE in PRD, should I delete it? Please help!!
  Question: If I am generating auto RFC's for PRD, it created _LOGIN one too? I am totaly confused??
  Thanks,
  I will definitely post points

  The only reason I want to do that because I have to talk to security folks for that, they will go and look at the other production environments which dont have _TRUSTED rfc...
  Like as I have mentioned, all production has the following rfc's
  SM_XXXCLNT100_LOGIN
  SM_XXXCLNT100_READ
  SM_XXXCLNT100_TMW.
  I dont understand only one thing. how can I get _LOGIN rfc?
  The only reason I am asking, when I did EWA in sandbox, It did not generate _LOGIN rfc...
  Do you have any idea?
  Thanks,

• Adf security misbehaving in production environment

  Hi all,
  I am using jdev 11.1.2.2 and weblogic 10.3.6
  I have implemented adf security from based authentication in my web application and i have used sql authenticator for authentication.
  In my integrated WLS everything works fine . but in the production WLS what is happening is when the user access a Protected Page without login it navigates to the protected page instead of navigating him to the login page. In the integrated WLS this happens normally .
  Has anyone faced this issue before ? What can be wrong ?
  I have added my web.xml
  <?xml version = '1.0' encoding = 'windows-1252'?>
  <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
           version="2.5">
    <context-param>
      <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
      <param-value>client</param-value>
    </context-param>
    <context-param>
      <param-name>javax.faces.PARTIAL_STATE_SAVING</param-name>
      <param-value>false</param-value>
    </context-param>
  <session-config>
      <session-timeout>5</session-timeout>
    </session-config>
    <context-param>
      <description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
      <param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
      <param-value>false</param-value>
    </context-param>
    <context-param>
      <param-name>oracle.adf.view.rich.SUPPRESS_IDS</param-name>
      <param-value>auto</param-value>
    </context-param>
    <context-param>
      <description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
      <param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
      <param-value>false</param-value>
    </context-param>
    <context-param>
      <description>Security precaution to prevent clickjacking: bust frames if the ancestor window domain(protocol, host, and port) and the frame domain are different. Another options for this parameter are always and never.</description>
      <param-name>org.apache.myfaces.trinidad.security.FRAME_BUSTING</param-name>
      <param-value>differentOrigin</param-value>
    </context-param>
    <context-param>
      <param-name>javax.faces.FACELETS_VIEW_MAPPINGS</param-name>
      <param-value>*.jsf;*.xhtml</param-value>
    </context-param>
    <context-param>
      <param-name>javax.faces.FACELETS_SKIP_XML_INSTRUCTIONS</param-name>
      <param-value>true</param-value>
    </context-param>
    <context-param>
      <param-name>javax.faces.FACELETS_SKIP_COMMENTS</param-name>
      <param-value>true</param-value>
    </context-param>
    <context-param>
      <param-name>javax.faces.FACELETS_DECORATORS</param-name>
      <param-value>oracle.adfinternal.view.faces.facelets.rich.AdfTagDecorator</param-value>
    </context-param>
    <context-param>
      <param-name>javax.faces.FACELETS_RESOURCE_RESOLVER</param-name>
      <param-value>oracle.adfinternal.view.faces.facelets.rich.AdfFaceletsResourceResolver</param-value>
    </context-param>
    <filter>
      <filter-name>JpsFilter</filter-name>
      <filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
      <init-param>
        <param-name>enable.anonymous</param-name>
        <param-value>true</param-value>
      </init-param>
      <init-param>
        <param-name>remove.anonymous.role</param-name>
        <param-value>false</param-value>
      </init-param>
    </filter>
    <filter>
      <filter-name>trinidad</filter-name>
      <filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
    </filter>
    <filter>
      <filter-name>ADFLibraryFilter</filter-name>
      <filter-class>oracle.adf.library.webapp.LibraryFilter</filter-class>
    </filter>
    <filter>
      <filter-name>adfBindings</filter-name>
      <filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
    </filter>
    <filter-mapping>
      <filter-name>JpsFilter</filter-name>
      <url-pattern>/*</url-pattern>
      <dispatcher>FORWARD</dispatcher>
      <dispatcher>REQUEST</dispatcher>
      <dispatcher>INCLUDE</dispatcher>
    </filter-mapping>
    <filter-mapping>
      <filter-name>trinidad</filter-name>
      <servlet-name>Faces Servlet</servlet-name>
      <dispatcher>FORWARD</dispatcher>
      <dispatcher>REQUEST</dispatcher>
      <dispatcher>ERROR</dispatcher>
    </filter-mapping>
    <filter-mapping>
      <filter-name>ADFLibraryFilter</filter-name>
      <url-pattern>/*</url-pattern>
      <dispatcher>FORWARD</dispatcher>
      <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
    <filter-mapping>
      <filter-name>adfBindings</filter-name>
      <servlet-name>Faces Servlet</servlet-name>
      <dispatcher>FORWARD</dispatcher>
      <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
    <filter-mapping>
      <filter-name>adfBindings</filter-name>
      <servlet-name>adfAuthentication</servlet-name>
      <dispatcher>FORWARD</dispatcher>
      <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
    <listener>
      <listener-class>oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack</listener-class>
    </listener>
    <listener>
      <listener-class>oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack</listener-class>
    </listener>
    <servlet>
      <servlet-name>Faces Servlet</servlet-name>
      <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
      <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet>
      <servlet-name>resources</servlet-name>
      <servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
    </servlet>
    <servlet>
      <servlet-name>BIGRAPHSERVLET</servlet-name>
      <servlet-class>oracle.adf.view.faces.bi.webapp.GraphServlet</servlet-class>
    </servlet>
    <servlet>
      <servlet-name>BIGAUGESERVLET</servlet-name>
      <servlet-class>oracle.adf.view.faces.bi.webapp.GaugeServlet</servlet-class>
    </servlet>
    <servlet>
      <servlet-name>MapProxyServlet</servlet-name>
      <servlet-class>oracle.adf.view.faces.bi.webapp.MapProxyServlet</servlet-class>
    </servlet>
    <servlet>
      <servlet-name>adflibResources</servlet-name>
      <servlet-class>oracle.adf.library.webapp.ResourceServlet</servlet-class>
    </servlet>
    <servlet>
      <servlet-name>adfAuthentication</servlet-name>
      <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
      <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
      <servlet-name>Faces Servlet</servlet-name>
      <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
      <servlet-name>resources</servlet-name>
      <url-pattern>/adf/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
      <servlet-name>resources</servlet-name>
      <url-pattern>/afr/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
      <servlet-name>BIGRAPHSERVLET</servlet-name>
      <url-pattern>/servlet/GraphServlet/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
      <servlet-name>BIGAUGESERVLET</servlet-name>
      <url-pattern>/servlet/GaugeServlet/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
      <servlet-name>MapProxyServlet</servlet-name>
      <url-pattern>/mapproxy/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
      <servlet-name>resources</servlet-name>
      <url-pattern>/bi/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
      <servlet-name>adflibResources</servlet-name>
      <url-pattern>/adflib/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
      <servlet-name>adfAuthentication</servlet-name>
      <url-pattern>/adfAuthentication</url-pattern>
    </servlet-mapping>
    <mime-mapping>
      <extension>swf</extension>
      <mime-type>application/x-shockwave-flash</mime-type>
    </mime-mapping>
    <mime-mapping>
      <extension>amf</extension>
      <mime-type>application/x-amf</mime-type>
    </mime-mapping>
    <security-constraint>
    <web-resource-collection>
      <web-resource-name>Allowed ADF Resources</web-resource-name>
      <url-pattern>/adf/*</url-pattern>
      <url-pattern>/afr/*</url-pattern>
      <url-pattern>/bi/*</url-pattern>
    </web-resource-collection>
  </security-constraint>
    <security-constraint>
      <web-resource-collection>
        <web-resource-name>adfAuthentication</web-resource-name>
        <url-pattern>/adfAuthentication</url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <role-name>valid-users</role-name>
      </auth-constraint>
    </security-constraint>
    <login-config>
      <auth-method>FORM</auth-method>
      <form-login-config>
        <form-login-page>/faces/login</form-login-page>
        <form-error-page>/faces/login</form-error-page>
      </form-login-config>
    </login-config>
    <security-role>
      <role-name>valid-users</role-name>
    </security-role>
  </web-app>Thanks,
  Rakesh

  Hi Rakesh,
  Make sure you have migrated the policy store to the production server. When Weblogic Server is running in production mode, automatic credential overwrite is not allowed. From the developer's guide:
  When the target server is configured for production mode, you typically handle the migration task outside of JDeveloper using tools like Oracle Enterprise Manager. For details about using tools outside of JDeveloper to migrate the policy store to the domain-level in a production environment, see the Oracle Containers for J2EE Security Guide. Note that Oracle WebLogic Server running in production mode does not support the overwriting of system credentials under any circumstances.http://docs.oracle.com/cd/E26098_01/web.1112/e16182/adding_security.htm#CDDGFDFH
  HTH,
  Joonas

• OWB propagation from development to production environment

  Our department is in need to implement overall security around our production data warehouse.
  One issue that seems to bother our management is having only one OWB Designer where developers would have to be responsible enough to use snapshots and export mappings to mdl files. Management would like to have development and production OWB Designer Repository where production designer would always be in sync with what is deployed in prd database. Also prd OWB Designer Repository would be like a source safe so we have to always get a mapping from prd designer move it dev designer and when done propagate changes back to prd designer and then deploy to prd database.
  Would this be a good approach?
  Any input on how to handle propagation from development to production environment, and if you are aware of "best practices" when it comes to OWB environment is appreciated.
  Best Regards,
  Vlasta

  Hi,
  Copy whole catalog and rpd from dev to prob.
  If you want to copy specific report go to OracleBIData\web\catalog\samplesales\root\shared\sample+sales(group folder name)
  You can copy reports under folders and dashboards in _portal in Sample sales group folder...both file and .atr file.But you may miss security applied on those dashboards.
  http://www.rittmanmead.com/2008/04/28/migration-obiee-projects-between-dev-and-prod-environments/
  Best practice is to copy whole catalog and rpd (or) Copy shared and system folders and their .atr files from OracleBIData\web\catalog\samplesales\root so that you will not miss security and you will not over ride users folders which may contain some data created by them.
  Thanks,
  Srikanth