Integrating Essbase and Exadata with OBIEE at Bank of AmericaEnterprise Business Intelligence & Analytics

February 15, 2013

Agenda

Introduction Mike Babb, Senior Technology Manager Darren Purdy, Technology Manager Carey Worth, Senior Service Delivery Manager

Business Intelligence at Bank of America Technology Cost Allocations

Technology Cost Allocations OBIEE with Essbase & Relational

Human Resources Analytics OBIEE with Exadata

Overview & Infrastructure Security

Q&A

2

Bank of America Today

$2T in assets; $83B in revenue 5,500 retail banking offices 16,300 ATMs 270,000 employees in 40 countries $36B labor and related costs $4B in data processing and telecom costs

3

Business Intelligence at Bank of America

Centers of Excellence Oracle Microstrategy Cognos

Legacy & Line of Business Actuate Microsoft TIBCO Teradata

Vendor Preferred

4

Vendor Preferred Business Objects

Enterprise Business Intelligence & Analytics

Led by Manoj Bohra Oracle EPM Architect of the Year 2008

Foundation of Oracle technology Database Essbase

Essbase Planning OBIEE

Businesses supported Human Resources Technology Finance Infrastructure Finance

5

Technology Cost AllocationsMike BabbMike Babb

Technology Cost Allocations - The Challenge

How to allocate costs? 140k Servers/Virtual Servers 30k Database Instances 50 Exabytes of storage + associated tape backup 270,000 employees (email, laptop/desktop, IM, LAN, Telecom) across 24,000

cost centers

How to report by Seller view Buyer view Product view Inventory (server/hostname) view Manager (span of control) view

7

Technology Cost Allocations - COMIT

8

COMIT Reporting - Essbase

Essbase Cube Combined 3 BSO cubes into single ASO cube 30-60 GB input level data + 80-160 GB aggregation data

Primary access method for Finance 25k monthly hits 3 sec response time

3 sec response time

9

COMIT Reporting - OBIEE

Feature Lesson Learned

30+ dashboards, no graphics Design to strength of tool, not just recreate legacy reporting

Mix of Essbase & Relational Use the right data source based on process, not outcome

10

Originally built with OBIEE 10 Much happier with 11g

Migrated to OBIEE 11g (11.1.1.3) Much happier with 11.1.1.6

OBIEE as Export tool Requires large amount of RAM or must limit download size

Run on Entry Quick run to no results OR personalize

COMIT Reporting OBIEE Example 1

11

COMIT Reporting OBIEE Example 2

12

Human Resources AnalyticsDarren PurdyDarren Purdy

Human Resources Analytics The Challenges

Business Challenges Uptime of the environment and meeting SLAs Consistent & cohesive analytics strategy Self service of analytics is problematic

Technical Challenges

Bandwidth limitations and resource throttling Contention amongst applications for system resources Cobbled collection of code and technologies for ETL and analytics Lack of cohesive data model Expansion non-trivial and cost prohibitive

Human Resources Analytics - The Requirements

Support the analytic needs of 4,000 concurrent/50,000 total users

Information should be easy to obtain, and flexible to meet individuals analytic needs

Data model needs to be consistent for all

Serve as Enterprise Data Distribution Point (EDDP) for HR

The overall solution must be: Highly available Balanced Responsive Extensible

9.2

27.6

14.5

12.7

BI Test Case 4 (25 Users Q1-Q5, 10 Users Q6-Q10)

BI Test Case 3 (10 Users forEach Query)

BI Test Case 2 (5 Users Q1-Q5,1 User Q6-10)

BI Test Case 1 (Single User forEach Query)

Why Exadata? POC on Exadata

9.2x 27.6xAverage BI Speedup

12.6

0 5 10 15 20 25 30

ETL Tests (4 Load Scripts)

Q5, 10 Users Q6-Q10)

Improvement Factor

12.6x Average ETL Speedup

HR Analytics Deployment Architecture

17

OBI 11g Stack - Data Center Layout

OBI Stack Single Machine Layout

Key Features Application Autonomy, Shared Resources Single OS, multiple instances Shared File System between Frames Simplified Server Add Ons

Local disk for Instances & Cache

Benefits Resources Licensing Maintenance

OBI 11g Instance Whats In It??

HTTP Server Individual binaries or with Vhosts off 1 set of

binaries

SSO Siteminder is bank standard for all web Apps

Weblogic JVMs rolled out as part of OBI config for each new

app that comes on board

OBI Backend (opmn processes) Create with new app, configured to use standard

nomenclature and paths

OBI Schemas One DB for all instances

20

OBI No Fuss Deployments

3) Services are stopped, RPD pulled from shared location to each Instance

4) Users and developers smoke test release

6) Depending on App, use FDNS to flip users for

zero down time

1) Inbound WebCat replications stop from

production site

2) Automated pull of RPD from source control

from shared location to each Instance

5) Enable WebCatreplication to primary

Human Resources AnalyticsOBIEE Security Implementation Carey W. WorthCarey W. Worth

Four categories of securityColumn Level

The ability to grant or deny access to report attributes(columns) Implemented within the repository Without access, columns are removed from display

Row Level Applies a filter a report query based on a user data level access Implemented with the repository by adding filters with special variables to table objects

OBIEE Security Overview

Limits the rows of data return based on the filter (i.e. user with North region will only see that regions data)

Object level The ability to grant or deny access to application features, reports and dashboards Implemented within the presentation catalog User are assigned to group Groups are granted or denied access to presentation objects.

Database level Uses Oracles Virtual Private Database feature to restrict access to query a physical database table Implemented within the database

We needed the ability to secure highly confidential HR data

Access requests needed to be automated Managers should not have to request access for their span of control Users should not be allowed to see compensation data of their peers Super users should be able to see all data Database administrators should not see HR compensation data

Our business drivers

Database administrators should not see HR compensation data Non-managers needing access to HR data should not gain access to

their peers data User should be able to see all records for associate who transferred out

of their organization but not see certain confidential category groups Detailed confidential data must always be secured, but aggregated

forms of that data are not confidential in most cases and should be visible even to those that are not allowed to see the detail data

Implicit (Based on who you are) Object Level Security

All managers get access to Workforce Profile Dashboards and details reports by default

Data Level Security All managers get implicit access to their span of control data

Explicit (Based on what you want) Object Level Security

Security Types Implicit vs Explicit

Object Level Security Access based on groups in Corporate Application Access Request (CAAR) form:

Subject areas, Presentation tables, Presentation table columns. Groups grant access to certain sets of dashboards and reports If user does not have access to a field for any population, then the column will not appear on the report

Data Level Security Non-Confidential is default category within CAAR form w/Organization, Country, & Manager inclusions

Confidential Data Categories will have sub-categories for the Organization, Country, & Manager inclusions (w/Org the only exclusion as today)

Individuals are granted access based on their selection within CAAR

Object Level All managers receive access to Workforce Profile

Dashboards and detailed reports by default.

Managers do not receive access to payroll, benefits, national ID and diversity data for their span of control records

Implicit Access

Data Level All managers receive implicit access to their

span of control data.

All managers receive implicit access to their span of control data. Managers do not receive access to Payroll, benefits, national ID, diversity access for their span of control records Managers do not receive access to confidential data for BA Continuum aligned associates

Implicit Access

Explicit Object Level Explicit access to the following objects is granted based on groups:

Subject areas Presentation tables Presentation table columns

Users belonging to particular group should see a certain set of dashboards/reports.

Explicit Access

Explicit Data Level Select specific categories to gain access within security

access tool

Explicit access granted will not change (add or take away) any implicit access granted

Row level will be provisioned by data category. Row level access will not be provisioned at an individual field level.

Specify a row level for non-confidential data and a different row

Explicit Access

Specify a row level for non-confidential data and a different row level for each of the confidential data categories for which the user has access

Confidential data categories will have sub-categories for the organization, country and manager inclusions

Special security for transfers/detail change data Allow users to see associates who transfer out of the LOB

they are supporting Users will not see confidential data for associates who

transfer out of the LOB they support.

Select a combination of organization and region or manager (by itself) when specifying a row level inclusion for non-confidential data categories.

Select a combination of organization and region or manager (by itself) when specifying a row level exclusion for the confidential and non-confidential data categories

Only the org and region combination components of the security above will be used to provision the dashboard.

Explicit Data Access

Specific rules will apply for displaying confidential data columns in a report if a user does not have access to the data field. Text fields containing secured data not visible to a user

should display the following value: * Restricted * Numeric fields containing secured data not visible to a user

should display a BLANK or NULL value. (no text or numeric value within field)

Date fields containing secured data not visible to a user should display the date 01-Jan-1000.

Explicit Data Access

Provides the ability to turn on/off access by User ID Groups Departments Manager span of control Location

Fine-Grain Access control

Questions?

33