Oracle Application Server (OAS) is the Web and Application server typically deployed with OBIEE. There are several settings which by default may be viewed as security weaknesses. Whether realistically a target or not, it’s good practice to always be considering security and lock down your servers as much as reasonably possible. I adopt the default stance of having to find a reason to leave something less secure, rather than justify why it needs doing.

Here’s a set of scripts that I use on our servers as a quick way to check if the various BI components are up and running. Because we split the stack across servers, there are different scripts called in combination. On our dev boxes we have everything and so the script calls all three sub-scripts, whereas on Production each server will run one of: BI Server Presentation Server & OAS Informatica & DAC The scripts source another script called process_check.

It’s possible to change the error pages served up by OAS/Apache by using the ErrorDocument directive. This is widely documented. However, to get this to take effect in an oc4j application (such as analytics) you need to change mod_oc4j.conf too. (I found this out from this post here) Take backups of httpd.conf and mod_oc4j.conf, and then edit them as follows: In httpd.conf add: ErrorDocument 500 /500.html where /500.html is a relative path to your custom document

We’ve got a setup of two OAS/Presentation Services boxes and two BI Server boxes, with load balancing/failover throughout. The Load Balancing of the web requests is being done through a separate bit of kit, an F5 BIG-IP load balancer. This directs the requests at the two OAS servers. The problem we have is that by default OAS serves HTTP on port 7777, but the F5 is using port 80. A request for our load balanced URL: http://bi.

A very minor irritation, but an irritation nonetheless, is when I go to Application Server Control in OAS I have to login twice. Reading around I found this is an Apache feature, and is actually designed behaviour. For reasons I’ve not explored our servers have several different hostnames which resolve to the same IP, e.g.: myserver myserver-app myserver-data When you request a page from Apache using a hostname other than that configured as ServerName in Apache’s httpd.