About
SSL
SSL
is a cryptographic protocol that enables secure communication between
applications across a network. Enabling SSL communication provides several
benefits, including message encryption, data integrity, and authentication. An
encrypted message ensures confidentiality in that only authorized users have
access to it. Data integrity ensures that a message is received intact without
any tampering. Authentication guarantees that the person sending the message is
who they claim to be.
SSL in Oracle Business Intelligence
By default, Oracle Business
Intelligence components communicate with each other using TCP/IP. Configuring
SSL between the Oracle Business Intelligence components enables secured network
communication.
Oracle Business Intelligence components
can communicate only through one protocol at a time. It is not possible to use
SSL between some components, while using simple TCP/IP communications between
others. To enable secure communication, all instances of the following Oracle
Business Intelligence components must be configured to communicate over SSL:
- Oracle BI Server
- Oracle BI Presentation Services
- Oracle BI JavaHost
- Oracle BI Scheduler
- Oracle BI Job Manager
- Oracle BI Cluster Controller
- Oracle BI Server Clients, such as Oracle BI ODBC Client
SSL requires that the server possess a public key and a private key for session negotiation. The public key is made available through a server certificate. The certificate also contains information that identifies the server. The private key is protected by the server.
The SSL Everywhere
central configuration feature configures SSL throughout the Oracle Business
Intelligence installation from a single centralized point. Certificates are
created for you and every Oracle Business Intelligence component is configured
to use SSL. The following default security level is configured by the SSL
Everywhere feature:
- SSL encryption is enabled.
- Mutual SSL authentication is not enabled. Since mutual SSL authentication is not enabled, clients do not need their own private SSL keys. All security sensitive inter-component communication links are authenticated by the BISystemUser credentials, or a user's credential.
- The default cipher suites are used. For information about how to use a non-default cipher suite.
- When scaling out, the centrally managed SSL configuration is automatically propagated to any new components that are added.
If a higher level of security is
required, manual configuration might be used to augment or replace the SSL
Everywhere central configuration. This is considerably more complex.
Creating Certificates and Keys in Oracle Business Intelligence
Secure
communication over SSL requires certificates signed by a certificate authority
(CA). For internal communication, the SSL Everywhere feature creates both a
private certificate authority and the certificates for you.
The internal
certificates cannot be used for the outward facing Web server because user Web
browsers are not aware of the private certificate authority. The Web server
must therefore be provided with a Web server certificate signed by an
externally recognized certificate authority.
The central SSL configuration must
be given the external certificate authority's root certificate so that the
Oracle Business Intelligence components can recognize the Web server
certificate.
Credential Storage
The
Oracle Business Intelligence credential store is used to store the SSL
credentials, such as certificates, trusted certificates, certificate requests,
and private keys. SSL-related credentials are stored in the
oracle.bi.enterprise credential map. The supported certificate file formats are
.der and .pem .
No comments:
Post a Comment