oracle hyperion users group presentation - bank of america
DESCRIPTION
EssbaseTRANSCRIPT
-
Integrating Essbase and Exadata with OBIEE at Bank of AmericaEnterprise Business Intelligence & Analytics
February 15, 2013
-
Agenda
Introduction Mike Babb, Senior Technology Manager Darren Purdy, Technology Manager Carey Worth, Senior Service Delivery Manager
Business Intelligence at Bank of America Technology Cost Allocations
Technology Cost Allocations OBIEE with Essbase & Relational
Human Resources Analytics OBIEE with Exadata
Overview & Infrastructure Security
Q&A
2
-
Bank of America Today
$2T in assets; $83B in revenue 5,500 retail banking offices 16,300 ATMs 270,000 employees in 40 countries $36B labor and related costs $4B in data processing and telecom costs
3
-
Business Intelligence at Bank of America
Centers of Excellence Oracle Microstrategy Cognos
Legacy & Line of Business Actuate Microsoft TIBCO Teradata
Vendor Preferred
4
Vendor Preferred Business Objects
-
Enterprise Business Intelligence & Analytics
Led by Manoj Bohra Oracle EPM Architect of the Year 2008
Foundation of Oracle technology Database Essbase
Essbase Planning OBIEE
Businesses supported Human Resources Technology Finance Infrastructure Finance
5
-
Technology Cost AllocationsMike BabbMike Babb
-
Technology Cost Allocations - The Challenge
How to allocate costs? 140k Servers/Virtual Servers 30k Database Instances 50 Exabytes of storage + associated tape backup 270,000 employees (email, laptop/desktop, IM, LAN, Telecom) across 24,000
cost centers
How to report by Seller view Buyer view Product view Inventory (server/hostname) view Manager (span of control) view
7
-
Technology Cost Allocations - COMIT
8
-
COMIT Reporting - Essbase
Essbase Cube Combined 3 BSO cubes into single ASO cube 30-60 GB input level data + 80-160 GB aggregation data
Primary access method for Finance 25k monthly hits 3 sec response time
3 sec response time
9
-
COMIT Reporting - OBIEE
Feature Lesson Learned
30+ dashboards, no graphics Design to strength of tool, not just recreate legacy reporting
Mix of Essbase & Relational Use the right data source based on process, not outcome
10
Originally built with OBIEE 10 Much happier with 11g
Migrated to OBIEE 11g (11.1.1.3) Much happier with 11.1.1.6
OBIEE as Export tool Requires large amount of RAM or must limit download size
Run on Entry Quick run to no results OR personalize
-
COMIT Reporting OBIEE Example 1
11
-
COMIT Reporting OBIEE Example 2
12
-
Human Resources AnalyticsDarren PurdyDarren Purdy
-
Human Resources Analytics The Challenges
Business Challenges Uptime of the environment and meeting SLAs Consistent & cohesive analytics strategy Self service of analytics is problematic
Technical Challenges
Bandwidth limitations and resource throttling Contention amongst applications for system resources Cobbled collection of code and technologies for ETL and analytics Lack of cohesive data model Expansion non-trivial and cost prohibitive
-
Human Resources Analytics - The Requirements
Support the analytic needs of 4,000 concurrent/50,000 total users
Information should be easy to obtain, and flexible to meet individuals analytic needs
Data model needs to be consistent for all
Serve as Enterprise Data Distribution Point (EDDP) for HR
The overall solution must be: Highly available Balanced Responsive Extensible
-
9.2
27.6
14.5
12.7
BI Test Case 4 (25 Users Q1-Q5, 10 Users Q6-Q10)
BI Test Case 3 (10 Users forEach Query)
BI Test Case 2 (5 Users Q1-Q5,1 User Q6-10)
BI Test Case 1 (Single User forEach Query)
Why Exadata? POC on Exadata
9.2x 27.6xAverage BI Speedup
12.6
0 5 10 15 20 25 30
ETL Tests (4 Load Scripts)
Q5, 10 Users Q6-Q10)
Improvement Factor
12.6x Average ETL Speedup
-
HR Analytics Deployment Architecture
17
-
OBI 11g Stack - Data Center Layout
-
OBI Stack Single Machine Layout
Key Features Application Autonomy, Shared Resources Single OS, multiple instances Shared File System between Frames Simplified Server Add Ons
Local disk for Instances & Cache
Benefits Resources Licensing Maintenance
-
OBI 11g Instance Whats In It??
HTTP Server Individual binaries or with Vhosts off 1 set of
binaries
SSO Siteminder is bank standard for all web Apps
Weblogic JVMs rolled out as part of OBI config for each new
app that comes on board
OBI Backend (opmn processes) Create with new app, configured to use standard
nomenclature and paths
OBI Schemas One DB for all instances
20
-
OBI No Fuss Deployments
3) Services are stopped, RPD pulled from shared location to each Instance
4) Users and developers smoke test release
6) Depending on App, use FDNS to flip users for
zero down time
1) Inbound WebCat replications stop from
production site
2) Automated pull of RPD from source control
from shared location to each Instance
5) Enable WebCatreplication to primary
-
Human Resources AnalyticsOBIEE Security Implementation Carey W. WorthCarey W. Worth
-
Four categories of securityColumn Level
The ability to grant or deny access to report attributes(columns) Implemented within the repository Without access, columns are removed from display
Row Level Applies a filter a report query based on a user data level access Implemented with the repository by adding filters with special variables to table objects
OBIEE Security Overview
Limits the rows of data return based on the filter (i.e. user with North region will only see that regions data)
Object level The ability to grant or deny access to application features, reports and dashboards Implemented within the presentation catalog User are assigned to group Groups are granted or denied access to presentation objects.
Database level Uses Oracles Virtual Private Database feature to restrict access to query a physical database table Implemented within the database
-
We needed the ability to secure highly confidential HR data
Access requests needed to be automated Managers should not have to request access for their span of control Users should not be allowed to see compensation data of their peers Super users should be able to see all data Database administrators should not see HR compensation data
Our business drivers
Database administrators should not see HR compensation data Non-managers needing access to HR data should not gain access to
their peers data User should be able to see all records for associate who transferred out
of their organization but not see certain confidential category groups Detailed confidential data must always be secured, but aggregated
forms of that data are not confidential in most cases and should be visible even to those that are not allowed to see the detail data
-
Implicit (Based on who you are) Object Level Security
All managers get access to Workforce Profile Dashboards and details reports by default
Data Level Security All managers get implicit access to their span of control data
Explicit (Based on what you want) Object Level Security
Security Types Implicit vs Explicit
Object Level Security Access based on groups in Corporate Application Access Request (CAAR) form:
Subject areas, Presentation tables, Presentation table columns. Groups grant access to certain sets of dashboards and reports If user does not have access to a field for any population, then the column will not appear on the report
Data Level Security Non-Confidential is default category within CAAR form w/Organization, Country, & Manager inclusions
Confidential Data Categories will have sub-categories for the Organization, Country, & Manager inclusions (w/Org the only exclusion as today)
Individuals are granted access based on their selection within CAAR
-
Object Level All managers receive access to Workforce Profile
Dashboards and detailed reports by default.
Managers do not receive access to payroll, benefits, national ID and diversity data for their span of control records
Implicit Access
Data Level All managers receive implicit access to their
span of control data.
-
All managers receive implicit access to their span of control data. Managers do not receive access to Payroll, benefits, national ID, diversity access for their span of control records Managers do not receive access to confidential data for BA Continuum aligned associates
Implicit Access
-
Explicit Object Level Explicit access to the following objects is granted based on groups:
Subject areas Presentation tables Presentation table columns
Users belonging to particular group should see a certain set of dashboards/reports.
Explicit Access
-
Explicit Data Level Select specific categories to gain access within security
access tool
Explicit access granted will not change (add or take away) any implicit access granted
Row level will be provisioned by data category. Row level access will not be provisioned at an individual field level.
Specify a row level for non-confidential data and a different row
Explicit Access
Specify a row level for non-confidential data and a different row level for each of the confidential data categories for which the user has access
Confidential data categories will have sub-categories for the organization, country and manager inclusions
Special security for transfers/detail change data Allow users to see associates who transfer out of the LOB
they are supporting Users will not see confidential data for associates who
transfer out of the LOB they support.
-
Select a combination of organization and region or manager (by itself) when specifying a row level inclusion for non-confidential data categories.
Select a combination of organization and region or manager (by itself) when specifying a row level exclusion for the confidential and non-confidential data categories
Only the org and region combination components of the security above will be used to provision the dashboard.
Explicit Data Access
Specific rules will apply for displaying confidential data columns in a report if a user does not have access to the data field. Text fields containing secured data not visible to a user
should display the following value: * Restricted * Numeric fields containing secured data not visible to a user
should display a BLANK or NULL value. (no text or numeric value within field)
Date fields containing secured data not visible to a user should display the date 01-Jan-1000.
-
Explicit Data Access
-
Provides the ability to turn on/off access by User ID Groups Departments Manager span of control Location
Fine-Grain Access control
-
Questions?
33