Add files via upload

DoubleUP66 · web-flow · commit 256937e88bb1 · 2023-08-01T16:21:15.000+02:00
diff --git a/data-platform/analytical-data-platform-lakehouse/workload-architecture-documents/obia-with-odi-migration-to-oci/Readme.md b/data-platform/analytical-data-platform-lakehouse/workload-architecture-documents/obia-with-odi-migration-to-oci/Readme.md
@@ -0,0 +1,43 @@
+# Oracle BI Applications 11g with ODI migration to Oracle OCI with ODI, OAC and Oracle DB
+
+This repository contains an in-depth guide on how to define and design a Data Warehouse Analytical workload when migrating from an Oracle BI Applications (OBIA) 11g with ODI to Oracle OCI with ODI, Oracle Analytics Cloud (OAC) and Oracle Database
+
+## When to use this asset?
+
+Use this asset when planning a migration of OBIA 11g with ODI to Oracle OCI with OAC, ODI and Oracle Database.
+
+## Instructions for Utilizing This Asset
+
+Use this document as a starting point for the solution definition of an OBIA 11g to OCI with OAC, IDMC and Oracle DB implementation project.
+
+This asset contains sample content for defining a project to deploy the workload and it is just an example and should be used as such. Project scope, timelines, and deliverables will always need to be defined and agreed upon with the Customer on a case-by-case basis.
+
+This asset includes example architecture diagrams for DrawIO in the [files/images subdirectory](files/images).
+
+Following information is important when migrating OBIA 11g or 12c to OCI:
+
+| Certification Matrix                        | 10 Jan 2023 | [11.1.1.10.3 PS3 (External Link)](https://www.oracle.com/docs/tech/middleware/biapps-11-1-1-10-3-ps3.xlsx)[11.1.1.10.3 (External Link)](https://www.oracle.com/docs/tech/middleware/biapps-11-1-1-10-3-6714761.xlsx)[11.1.1.10.2 (External Link)](https://www.oracle.com/docs/tech/middleware/biapps-11-1-1-10-2-3093800.xlsx) |
+| ------------------------------------------- | ----------- | ------------------------------------------------------------ |
+| Related support notes                       | 13 Jan 2023 | OBIA 11g: Oracle BI Applications on Cloud Services – Deployment Options (Doc ID [2264063.1](https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=448725079990793&id=2264063.1&_adf.ctrl-state=jppmkcof8_222))OBIA 11g: Oracle BI Applications Installation on PaaS with Oracle Analytics Cloud (OAC) (Doc ID [2254057.1](https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=448768767008674&id=2254057.1&_adf.ctrl-state=jppmkcof8_279))  OBIA: Oracle BI Applications on Platform as a Service (PaaS) - Best Practices (Doc ID [2230192.1](https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=448803716828230&id=2230192.1&_adf.ctrl-state=jppmkcof8_336)) |
+| Fusion Middleware Lifetime support document | 10 Jan 2023 | [Lifetime Support document (External Link)](https://www.oracle.com/us/support/library/lifetime-support-middleware-069163.pdf) |
+| Related blog posts                          | 13 Jan 2023 | [OBIA 12c: ODI Customizations Migration Utility](https://blogs.oracle.com/analytics/post/obia-12c-odi-customizations-migration-utility)[Restoring Snapshot data when upgrading to BI APPS 10.3](https://blogs.oracle.com/analytics/post/restoring-snapshot-data-when-upgrading-to-bi-apps-103) |
+
+## Conclusion
+
+The Oracle BI Applications 11g with ODI migration to Oracle OCI with ODI, OAC and Oracle DB Solution Definition is expected to serve as a leading guide to the project.
+
+
+
+All participants are encouraged to provide feedback, raise queries, and contribute to enhance the overall project's success.
+
+### Useful Links
+
+This workload uses OCI services that are part of the Oracle Data platform and it can be further augmented with additional services and capabilities that are described on the [Data platform - data lakehouse reference architecture](https://docs.oracle.com/en/solutions/data-platform-lakehouse/index.html#GUID-A328ACEF-30B8-4595-B86F-F27B512744DF).
+
+# License
+
+Copyright (c) 2023 Oracle and/or its affiliates.
+
+Licensed under the Universal Permissive License (UPL), Version 1.0.
+
+See [LICENSE](LICENSE.txt) for more details.
diff --git a/data-platform/analytical-data-platform-lakehouse/workload-architecture-documents/obia-with-odi-migration-to-oci/wad.md b/data-platform/analytical-data-platform-lakehouse/workload-architecture-documents/obia-with-odi-migration-to-oci/wad.md
@@ -209,6 +209,108 @@ A network firewall is a highly available and scalable instance that you create i
 
 Above a simple example is presented where a Network Firewall is deployed in a DMZ subnet and for which all incoming traffic via the DRG as well as all the outgoing traffic from the private subnet is routed to the Network Firewall so that policies are enforced to secure traffic.
 
+### Mandatory Security Best Practices
+
+*Guide:*
+
+*Use this text for every engagament. Do not change. Aligned with the Cloud Adoption Framework*
+
+The safety of the ExampleCustomer's Oracle Cloud Infrastructure (OCI) environment and data is the ExampleCustomer’s priority.
+
+To following table of OCI Security Best Practices lists the recommended topics to provide a secure foundation for every OCI implementation. It applies to new and existing tenancies and should be implemented before the Workload defined in this document will be implemented.
+
+Workload related security requirements and settings like tenancy structure, groups, and permissions are defined in the respective chapters.
+
+Any deviations from these recommendations needed for the scope of this document will be documented in chapters below. They must be approved by ExampleCustomer.
+
+ExampleCustomer is responsible for implementing, managing, and maintaining all listed topics.
+
+<table style="width:25%;">
+<colgroup>
+<col style="width: 2%" />
+<col style="width: 2%" />
+<col style="width: 19%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>CATEGORY</th>
+<th>TOPIC</th>
+<th>DETAILS</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td>User Management</td>
+<td>IAM Default Domain</td>
+<td><p>Multi-factor Authentication (MFA) should be enabled and enforced for every non-federated OCI user account.</p>
+<ul>
+<li>For configuration details see <a href="https://docs.oracle.com/en-us/iaas/Content/Identity/mfa/understand-multi-factor-authentication.htm">Managing Multi-Factor Authentication</a>.</li>
+</ul>
+<p>In addition to enforce MFA for local users, Adaptive Security will be enabled to track the Risk Score of each user of the Default Domain.</p>
+<ul>
+<li>For configuration details see <a href="https://docs.oracle.com/en-us/iaas/Content/Identity/adaptivesecurity/overview.htm">Managing Adaptive Security and Risk Providers</a>.</li>
+</ul></td>
+</tr>
+<tr class="even">
+<td></td>
+<td>OCI Emergency Users</td>
+<td><p>A maximum of <strong>three</strong> non-federated OCI user accounts should be present with the following requirements:</p>
+<ul>
+<li>Username does not match any username in the Customer’s Enterprise Identity Management System</li>
+<li>Are real humans.</li>
+<li>Have a recovery email address that differs from the primary email address.</li>
+<li>User capabilities has Local Password enabled only.</li>
+<li>Has MFA enabled and enforced (see IAM Default Domain).</li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td></td>
+<td>OCI Administrators</td>
+<td><p>Daily business OCI Administrators are managed by the Customer’s Enterprise Identity Management System . This system is federated with the IAM Default Domain following these configuration steps:</p>
+<ul>
+<li>Federation Setup</li>
+<li>User Provisioning</li>
+<li>For configuration guidance for major Identity Providers see the OCI IAM Identity Domain tutorials.</li>
+</ul></td>
+</tr>
+<tr class="even">
+<td></td>
+<td>Application Users</td>
+<td>Application users like OS users, Database users, or PaaS users are not managed in the IAM Default Domain but either directly or in dedicated identity domains. These identity domains and users are covered in the Workload design. For additional information see <a href="https://docs.oracle.com/en-us/iaas/Content/cloud-adoption-framework/iam-security-structure.htm">Design Guidance for IAM Security Structure</a>.</td>
+</tr>
+<tr class="odd">
+<td>Cloud Posture Management</td>
+<td>OCI Cloud Guard</td>
+<td><p>OCI Cloud Guard will be enabled at the root compartment of the tenancy home region. This way it covers all future extensions, like new regions or new compartments, of your tenancy automatically. It will use the Oracle Managed Detector and Responder recipes at the beginning and can be customized by the Customer to fulfil the Customer’s security requirements.</p>
+<ul>
+<li>For configuration details see <a href="https://docs.oracle.com/en-us/iaas/cloud-guard/using/part-start.htm">Getting Started with Cloud Guard</a>. Customization of the Cloud Guard Detector and Responder recipes to fit with the Customer’s requirements is highly recommended. This step requires thorough planning and decisions to make.</li>
+<li>For configuration details see <a href="https://docs.oracle.com/en-us/iaas/cloud-guard/using/part-customize.htm">Customizing Cloud Guard Configuration</a></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td></td>
+<td>OCI Vulnerability Scanning Service</td>
+<td><p>In addition to OCI Cloud Guard, the OCI Vulnerability Scanning Service will be enabled at the root compartment in the home region. This service provides vulnerability scanning of all Compute instances once they are created.</p>
+<ul>
+<li>For configuration details see <a href="https://docs.oracle.com/en-us/iaas/scanning/home.htm">Vulnerability Scanning</a>.</li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td>Monitoring</td>
+<td>SIEM Integration</td>
+<td>Continuous monitoring of OCI resources is key for maintaining the required security level (see <a href="#regulations-and-compliances-requirements">Regulations and Compliance</a> for specific requirements). See <a href="https://docs.oracle.com/en-us/iaas/Content/cloud-adoption-framework/siem-integration.htm">Design Guidance for SIEM Integration</a> to implement integration with the existing SIEM system.</td>
+</tr>
+<tr class="even">
+<td>Additional Services</td>
+<td>Budget Control</td>
+<td><p>OCI Budget Control provides an easy to use and quick notification on changes of the tenancy’s budget consumption. It will be configured to quickly identify unexpected usage of the tenancy.</p>
+<ul>
+<li>For configuration details see <a href="https://docs.oracle.com/en-us/iaas/Content/Billing/Tasks/managingbudgets.htm">Managing Budgets</a></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
 #### Bill of materials
 
 | Environment | Description                 | Metric            | Size | Monthly Cost | Annual Cost | Hours p/m |
