Let’s talk about Oracle’s Secure Enterprise Search (SES) 11g

Introduction

Since the acquisition of Sun few years ago, Oracle is now has more things to offer (especially in the hardware side). From a company of Software Products, Oracle is now a company with lot of hardware stuff as well. Oracle’s Exadata and Exalogic are some of the top-tier hardware offerings that we all know. They are based on Sun SPARC hardware. There are lot of things to talk about… However, in this post, I wanted to explore something less talked about.

If you are an Oracle Shop running Enterprise Applications from Oracle, then you may want to look for Enterprise Search Application from Oracle to provide search capabilities for your intranet applications (especially for content management systems). I came to know about this recently when I was reading the Release Value Propositions for Peopletools 8.52. Then, I realized that this product is used in many other products from Oracle.

Functionality of SES

Secure Enterprise Search (SES) 11g (11.1.2) is a product from Oracle for Search Operations in enterprise systems.  Also, Oracle’s Secure Enterprise Search (SES) comes with Oracle Database 11g Enterprise Edition – for use with limited license with Oracle database 11g. SES 11g requires Weblogic Application Server for the functionality (so, obviously it uses lot of Java for sure).

Oracle SES can crawl, search and index for several source types. Some of the content types that are built-in for SES are web content, files, emails, database tables and other SES sources. Also, using connectors you can use many of the content management products for search purposes.

Here are some of the Oracle products that uses/will use SES as part of providing search operations:

• Proposed Peopletools 8.52
• Fusion Applications
• Oracle iAS/Portal
• EBS
• Siebel
• Web Center etc

My personal opinion is, installing something is the simple thing to do with any of the Oracle Products that I know of. If you can understand some of the basic concepts behind Oracle Installers, then you are all set with the installation, nothing complicated here – installation is easy. During the SES installation, you need to make sure the port numbers and the data storage locations are correctly setup. Configuring a product for a specific implementation is something more work to do, some conceptual knowledge will be required at this time.

Most of the time, contents are not public for SES to search. So the search engine should provide crawling and indexing functions for private content. So, a kerberos based authentication or LDAP based authentication can be used in SES as an authentication plug-ins.

SES Scheduler is used to run jobs for crawling and related purposes. Also, we can write a custom Scheduled Tasks for SES using Search API.

If you have some basic understanding of the search engine concepts, then I think SES Administration Tool is simple and easy to understand.

SES Connectors

For searching, there are variety of content available from products from different vendors. SES can perform search and index operations in variety of other target systems using SES Connectors. Obviously, in heterogeneous IT environments, the content is not available in one single source or systems. So, there are different connectors available. Oracle SES 11g connectors are delivered free with the SES product for:

• Microsoft Exchange
• NTFS File Systems
• JDBC Connections to Oracle and MS SQL Server
• Microsoft Sharepoint
• Oracle Portal 9/10 etc.

There are other SES Connectors available for different products, especially for content management systems. However it looks like they need a separate license to be purchased. You can check the available SES Connectors here.

SES and Oracle products

I checked few of the products that are using/planning to use SES. There are other Oracle Products too. This is only a short list that I know of:

Peopletools 8.52

In the next release of Peoplesoft’s Peopletools (expected in Q3/Q4 2011), SES framework will be used in the Peoplesoft Systems. Peoplesoft Applications already use Verity Software for the Search Operations. We need to wait until Peopletools 8.52 release to see what things are going to change.

To know more about PeopleSoft Application Search in next release of Peopletools, you can check here.

Fusion Middleware and Applications

Web Center uses SES as Search Provider. Also, Fusion Application uses SES as the default search Provider.

Oracle iAS/Portal

Going forward, SES will replace the Oracle’s earlier UltraSearch as the Search Provider in newer versions of Portal.

Oracle EBS

Latest versions of EBS support SES. You may want to check the system certifications for SES on EBS in My Oracle Support.

So, thats it for now. Lets meet you in another post. Until then

Read More about  Oracle’s Secure Enterprise Search (SES) 11g

Provisioning to two Active Directory Domains with Oracle Identity Manager – Connector Cloning – Part I

In many large enterprises, there can be two Active Directory Domains used (sometimes more than two), for example, one for India users and one for North America users (Considering the company has two major locations). This requires two AD Connector instances to be created in OIM, for provisioning and reconciliation purposes. OIM Connector Guide for Active Directory User Management provides following description for creating copies of the Connector to provision into multiple target systems. However detailed instructions are not available in the connector.

From the Oracle Connector Documentation (Oracle Identity Manager Connector Guide for Microsoft Active Directory User Management – Release 9.1.1 – E11197-11 – Page 186):

Section: 4.15.1

To create a copy of the connector:

1. Create copies of the IT resource, resource object, process form, provisioning process, scheduled tasks, and lookup definitions that hold attribute mappings.
2. Create a copy of the Lookup.AD.Configuration lookup definition. In the copy that you create, change the values of the following entries to match the details of the process form copy that you create.
   1. 1. ROUserID
      2. ROUserManager
      3. ROFormName
      4. ROUserGUID
3. Map the new process tasks to the copy of the Lookup.AD.Configuration lookup definition.

Initially I was not sure how I can setup the Cloning. I had two Active Directory Domains. When the users are created in OIM, access policies will identity to which one it has to be provisioned. However I have to setup two AD Connectors for these two domains.

Based on my investigation, following AD Connector Specific objects are involved:

1. Copy of the IT Resource
2. Copy of the RO
3. Copy of the Process form
4. Copy of the Provisioning Process
5. Copy of the Scheduled Tasks
6. Copy of the Lookup Definitions
7. Copy of the Reconciliation Rule

First, you need to export the relevant objects as XML file, rename them by manually editing the XML file, then re-import them. One recommendation, is run your XML file through “xmllint –format” on Linux, that should make it more readable, so it is easier for you to edit (Thanks to Oracle Support for providing this – xmllint – information).

Here are the steps for cloning a connector – based on my personal experience:

1. Identify all the connector Objects used by the Active Directory Connector (Mostly the below tables – but I am still not sure whether I covered all the objects – Please let me know if I missed any).
2. Export these Objects using Deployment Manager Export Utility. This will create an XML File during the export.
3. Once you have the XML file, you need to identity and replace the values for the objects in the XML file. This is the main reason you should be aware of the AD Connector Objects.
4. Then, you can import this manipulated XML file into the OIM System. I faced errors during the import. I will write about those errors in the next post.

AD Connector Objects:

S. No.	Object Type	Object Name for AD Connector
1.	IT Resource	AD IT Resource
2.	Resource Object	AD User
3.	Process Form	UD_ADUSERUD_ADUSRC
4.	Provisioning Process	AD User
5.	Scheduled Tasks	Target Recon
6.	Lookup Definitions	Many…
7.	Child Tables	UD_ADUSER*

In my current OIM System, I have the default connector configured to the First AD Domain. The cloned connector is configured to the second AD Domain. I thought it was confusing. So, I had a question about this and received the below information from Oracle Support. Hope it is useful.

The best approach is to import the connector twice for the two domains by using the cloning method to clone twice, and leave the original objects installed unused. That way, when you upgrade to newer connector version on top the existing one, you will update the original unused template objects, then clone the change on to the two domain objects.

Second method is, keeping the installed AD Connector for one domain, and the clone the AD Connector for the second AD Domain, will also work.

I liked the approach of keeping two connectors cloned. You may like the other approach, but it is up to you to decide.

I will write a continuation of this post later. Until then

Read More about Oracle Identity Manager