Sunday, July 7, 2019

KScope 2019 - Candid Thoughts


Disclaimers:
1. I'm not an employee of Oracle Corporation and do not claim to speak for them. This blog contains my own independent observations.
2. Safe Harbor applies.  Some of Oracle's comments at KScope were directional in nature and may change in the future.
I’ve spent a bit of time reflecting upon my time at KScope 2019.

Some highlights:

  • Oracle has moved the Essbase development work out of EPM and into the Oracle Database development team.  Essbase will remain an OLAP database rather than relational – Oracle just shuffled some deck chairs.
  • When EPM 11.2 comes out, Essbase will initially remain 11.1.2.4 technology under the covers:  we won’t be getting the new Sandbox features introduced with Essbase 12 in on-premises OBI12 / cloud OAC.
  • On-premises CapEx, Workforce and Project planning modules will be deprecated and not available in EPM 11.2.  (We knew for some time that Project Planning will be going away; nobody seems to use it).  But losing CapEx and Workforce was a bit of a shock.  This means those cubes would need to be re-implemented as custom cubes in 11.2 Planning; no more pre-built content for them.
  • Disclosure Management, Interactive Reporting, WebAnalysis (deprecated when 11.1.2.4.900 came out), and SQR Reporting are also sunset and will not be available post-11.1.2.4.0/11.1.2.4.7xx.
  • It is clear Oracle wants to push CapEx, Workforce and HSF customers to the cloud.
  • At some point, we’re not sure when, EPMA will be gone in 11.2 and will be replaced by a limited-use version of Enterprise DRM.  This DRM will be bundled with 11.2.  This is a complete reversal from previous Safe Harbor statements made by Oracle
  • Out-of-place / lift-and-shift migration from 11.1.2.4 to 11.2 will apparently be certified.  Some kind of migration tool will be provided for this.
  • OAC will no longer have Essbase bundled with it, effective immediately for all new customer-managed OAC implementations.  Essbase “12c” will have to be installed separately as a standalone instance, and then Essbase cubes would need to be migrated from the old Essbase instance into a new standalone Essbase 12c instance.  The jury is out on this.  Unsure if Oracle will soften their position and bend to the collective will of their customers.
  • A new Essbase, Essbase 19c, is under development for 11.2.  It is expected to come out sometime next year.  Essbase 19c will be for on-premises only.  So the confusion:  11.1.2.4 Essbase is for 11.2 in the short term and also EPM Cloud.  Customer-managed OAC will remain on Essbase 12.  Oracle-managed OAC might eventually get Essbase 19c.
  • 11.1.2.4 on-premises Essbase patch development has apparently stopped and will not continue.  This makes no sense as there are still unsolved bugs lingering out there, and EPM Cloud uses 11.1.2.4 technology behind the scenes.  No word yet if EPM Cloud will be bumped up to 11.2.  My gut feeling is EPM Cloud will get 11.2 first, as the cloud’s servers run Linux.  Plan on opening SRs galore if Oracle plans on doing this within the first 6 months of 11.2’s release.  They’ve pushed out 11.2’s release multiple times now, so they must be fighting bugs.

Lots of confusion due to EPM and Essbase now being split.  People are also scratching their heads about possible migration paths to either 11.2 or the cloud, especially when Essbase is in the mix of their on-premises suite.

It is rumored that 11.2 will first come out for Linux only, perhaps as early as Sept 2019 (SAFE HARBOR APPLIES), and a Windows version will not come out until Q1 or Q2 2020 (SAFE HARBOR APPLIES).  No clue if HFM will be certified for commodity Linux servers, or Windows & Exalytics only.

All in all, it was a great event and ODTUG is to be commended.  Kudos to Oracle Product Managers for showing up and taking the heat.  It was great to reconnect with old colleagues as well!

I'm just a little bummed I missed the chance to chat with my favorite blogger from AppliedOLAP.  I pale in comparison with him.

On the upside:  I met with family in Seattle and took a few days off to take the cross-country Amtrak from Seattle back to Omaha.  Crossed one item off of the bucket list!!!!






Downside:  rafters on the Colorado River MOONED THE TRAIN.  I suspect alcohol was involved. :)

Tuesday, March 19, 2019

Hyperion Hero Award deadline announced


There’s only a few weeks left to nominate yourself or a team member for the Hyperion Hero Award – deadline is April 10th. Click below to submit your nomination – winner gets to fly away to a destination of their choice valued at $5,000! https://www.datavail.com/hyperion-hero/

Monday, November 5, 2018

KC Winery Tour + EPM = What Could Go Wrong?

With apologies due to The Clash:

Hyperion 11.2 vs. Cloud: Should I Stay or Should I go?

The link above will take you to the registration page for the event my company is hosting in downtown Kansas City on November 15.  Presenters will be myself (Global Director, EPM Middleware), Bobby Ellis (Global Director, EPM Functional), Joe Farrell (Senior VP, Product Development), and Chuck Czajkowski (Accelatis Engineer, don't attempt to pronounce his last name).

Topics will include:
  • Expected features of on-premises EPM 11.2
  • Pros & Cons of moving from on-premises to the Cloud
  • TaaS with Accelatis (mysterious?  attend to find out!)
  • Q&A
  • Winery tour.
  • Did I mention a winery tour?

Where & When:

https://www.amigoni.com/
Amigoni Urban Winery
1505 Genessee Suite
100 Kansas City, MO 64102

November 15, 2018

4:00 pm – Welcome – Introductions
4:15 pm – Workshop – Hyperion 11.2 vs Cloud: Should I Stay or Should I Go?
5:15 pm – Q&A
5:30 pm – Tour – Wine Tasting

Having lived and worked in the KC metro, I have an attachment and hope to see many of my former colleagues there!

For my former Sprint colleagues, may I add:  #ThristyThursday


Friday, August 24, 2018

Poor Man's DRM; EPMA Batch Automation

Nearly 2 years ago, I upgraded a client's system from EPM 11.1.2.1 to 11.1.2.4.  This client had some very clever automation that used the EPMA Batch Client and wrapper code to read records from a relational database and pump metadata updates into EPMA.

At that time, I stumbled upon a problem with the EPMA Batch Client, and logged an Oracle SR about it.  Oracle issued a bug # for it (25113781).  On August 13, 2018, nearly 2 years later (I logged the SR in June 2016), Oracle published this knowledge base article:

Enterprise Performance Management Architect (EPMA) Batch Client Error Handling Incorrect in 11.1.2.2 and higher (Doc ID 2433106.1) 

The article confirms the behavior I noticed:

In EPMA Batch Client 11.1.2.1, if the parent/child relationship you are trying to add already exists within EPMA, the batch client just prints an error message and then moves on to the next command within your batch script.

In EPMA Batch Client 11.1.2.2 through 11.1.2.4, if the parent/child relationship you are trying to add already exists within EPMA, the batch client prints a Java stack trace message and then immediately aborts;  the subsequent commands within your batch script never get executed.

Unfortunately, the KB article states two things:
  1. There are no plans to fix the bug in 11.1.2.4.
  2. If the bug is a problem for you, you should use EPMA Batch Client 11.1.2.1 instead.
I disagree with Oracle on the 2nd point.  When I regression tested, I discovered inconsistencies when attempting to use EPMA Batch Client 11.2.1. against an EPMA 11.1.2.4 dimension server.  Some EPMA commands worked, and others did not.  I had to abandon the 11.1.2.1 client and stick with 11.1.2.4.

If you're in the same boat and have hit the same bug, here is the fix!

While reading your relational database or input file for parent/child members to insert into EPMA (because you either don't own a license for Oracle DRM or choose not to use it for this purpose), you need to run these 3 SQL queries against your EPMA database before you add the CREATE MEMBER command to your EPMA batch command script.

1. Check if the 'thechild' already exists within EPMA in 'thedimension'.

SELECT i_member_id FROM ds_member
WHERE i_library_id = 1
AND UPPER(c_member_name) = UPPER('thechild')
AND i_dimension_id =
(SELECT i_dimension_id FROM ds_dimension WHERE i_library_id = 1 AND UPPER(c_dimension_name) = UPPER('thedimension');

2. For each i_member_id returned by the above query, check if 'theparent' exists.

SELECT i_member_id FROM ds_member
WHERE i_library_id = 1
AND UPPER(c_member_name) = UPPER('theparent')
AND i_dimension_id =
(SELECT i_dimension_id FROM ds_dimension WHERE i_library_id = 1 AND UPPER(c_dimension_name) = 'thedimension';

3. Finally, for each result returned by query #2, check if there is a relationship with the i_member_id from query #1.

SELECT count(1) AS FOUNDREC
FROM ds_relationship
WHERE i_library_id = 1
AND i_dimension_id =
(SELECT i_dimension_id FROM ds_dimension WHERE i_library_id = 1 AND UPPER(c_dimension_name) = 'thedimension')
AND i_child_member_id = childidfromquery1
AND i_parent_member_id = parentidfromquery2;


A non-zero result means the relationship already exists and you should avoid adding the CREATE MEMBER command to your EPMA batch script for this parent/child combination.

Saturday, August 4, 2018

Updates made to 2 prior posts

Two of the scripts provided in Upgrading to Java 7 for EPM 11.1.2.4 - It doesn't need to be difficult! have been updated.  If you saved a copy of the scripts from the original post, please grab updated copies of SwapJava.bat and sed.ps1 from the updated post.

Additional information has been added to SSL TLS 1.2, OHS 11.1.1.9, and... Calculation Manager??? because:
  1. Oracle redacted the Knowledge Base article I referred to; it still exists, but is flagged as Oracle internal-only now.
  2. A Calculation Manager patch (11.1.2.4.013) has been issued that solves the problem described in my post linked above.
Look for a new post soon that provides more information about upgrading to OHS 11.1.1.9 for SSL protocol TLS 1.2 support.  The 30-second soundbyte is OHS 11.1.1.9 breaks Hyperion Planning web forms, unless you either open them in the Simplified Interface (not possible for Workforce Planning), or via SmartView.  There's a fix for this, which I'll cover in my upcoming post.

Wednesday, July 4, 2018

Upgrading to Java 7 for EPM 11.1.2.4 - It doesn't need to be difficult!

First, some background information to put this post into proper context.

All Oracle EPM / Hyperion systems in the 11.1.2.x on-premises series of releases have Java SE 6 and JRockit 6 bundled with the software.  Oracle KB article # 2244851.1 states that both Java SE 6 and JRockit 6 will be coming out of Extended Support in December 2018; no new security patches will be issued for Java 6 & JRockit 6 beyond that date.  (Disclaimer: I'm not an Oracle employee and do not speak on behalf of Oracle Corporation)

In mid-June 2018, Oracle published KB article # 2351499.1.  This article contains two crucial pieces of information:
1. That EPM 11.1.2.4 is certified for Java SE 7, which replaces both Java SE 6 and JRockit 6.
2. A detailed technical procedure on how to manually update the system configuration accordingly.

When I first read through the article, the steps made sense... but what a tedious, manual process!  I was dreading having to do it for multiple customer systems, inevitably committing human error along the way, and then spending extra time figuring out what went wrong.

What we need here is automation to streamline the process, so let's get to it!  The process I'm about to describe was written for Windows-based systems, but could easily be adapted to a UNIX shell script as well.

  • SwapJava.bat - This is our main wrapper script that guides us through the process.
  • RecursiveReplace.ps1 - This Powershell script is used behind the scenes to recursively descend through a folder structure and replace any arbitrary text specified.  There are tools such as UltraEdit that do this, but I wanted to script the whole thing.
  • sed.ps1 - This Powershell script is very similar to RecursiveReplace.ps1, except here we are editing a single file at a time.
  • ScriptEnv.bat - This defines environment variables that I leverage across my entire suite of scripts; SwapJava.bat only needs a handful of them.
We double-click SwapJava.bat and it does the heavy lifting. The things you have to do yourself are:
  • Download and install Java into the location suggested by the messages you see from SwapJava.bat.
  • Export the Hyperion Solutions section from the Windows Registry.
  • Import the Hyperion Solutions .reg file once SwapJava.bat finishes manipulating it.
  • Inspect essbase.cfg, to see if anybody customized the jvm setting.
  • Import your Root and Intermediate certificates into JDK 7's cacerts file, if you had previously configure the system for SSL.
Want to see the code?  Read on!

August 4, 2018 update - if you downloaded my scripts previously, please re-download SwapJava.bat and sed.ps1, and both have been modified since the original post.

SwapJava.bat

@ECHO off
REM SwapJava.bat
REM
REM This script provides a guided process on replacing Oracle EPM's JDK 1.6 and JRockit 6
REM with Java 7.  Oracle has certified only EPM 11.1.2.4 to use Java 7 behind the scenes.
REM All older versons of EPM will need to remain on JDK 1.6 and JRockit 6 until the EPM
REM system is upgraded to EPM 11.1.2.4.0 or higher.
REM
REM This script must be executed on each EPM server.
REM
REM Other required scripts:
REM ScriptEnv.bat, sed.ps1 and RecursiveReplace.ps1
REM
REM This script is based upon instructions provide by Oracle on how to manually replace Java:
REM "How to Configure an Existing EPM 11.1.2.4 With Java 7" (Doc ID 2351499.1)
REM
REM  Written 07/04/2018 by Dave Shay (Datavail)

REM Modified 07/30/2018 by Dave Shay - Additional edit-replace operations in hyperion.reg.
REM Modified MM/DD/YYYY by Your Name - Briefly list changes made

CALL D:\Scripts\ScriptEnv.bat

ECHO --------------------------------------------------
ECHO This is a guided process to replace JDK SE 1.6 and JRockit 6 with JDK SE 7.
ECHO This process is only certified for EPM 11.1.2.4.0 and higher.
ECHO
ECHO Please shut down all EPM services, including the WebLogic Admin Server now.
PAUSE

ECHO Please install 64-bit JDK SE 1.7 (JDK7u181 or higher) now.
ECHO Override the suggested installation directory to:
ECHO %HYPDRIVE%\Oracle\Middleware\jdk7
ECHO You may click Cancel when prompted to install the public JRE.
ECHO Once installed, you can zip up the jdk7 folder and copy it to the other servers.
PAUSE

ECHO Now launch REGEDIT and export HKEY_LOCAL_MACHINE\SOFTWARE\Hyperion Solutions
ECHO and save the file as:
ECHO %SCRIPTDIR%\hyperion.reg

ECHO If this server runs Essbase only, the registry might not
ECHO contain a Hyperion Solutions hierarchy.
PAUSE

ECHO We're going to attempt to run an unsigned Windows PowerShell script now.
ECHO If you an error message in red, get assistance from your IT department
ECHO to temporarily alter the security policy on the EPM servers.
powershell.exe Set-ExecutionPolicy Unrestricted

ECHO If you got the error, please fix it now before proceding further.
PAUSE

ECHO Applying fixes to your exported hyperion.reg file....
COPY %SCRIPTDIR%\hyperion.reg %SCRIPTDIR%\hyperion.java6backup
powershell.exe %SCRIPTDIR%\sed.ps1 -file %SCRIPTDIR%\hyperion.reg -old jrockit_160_37\\jre\\bin\\jrockit\\jvm.dll -new jdk7\\jre\\bin\\server\\jvm.dll
powershell.exe %SCRIPTDIR%\sed.ps1 -file %SCRIPTDIR%\hyperion.reg -old JROCKI~2\\lib\\tools.jar -new jdk7\\lib\\tools.jar
powershell.exe %SCRIPTDIR%\sed.ps1 -file %SCRIPTDIR%\hyperion.reg -old jrockit_160_37 -new jdk7
powershell.exe %SCRIPTDIR%\sed.ps1 -file %SCRIPTDIR%\hyperion.reg -old jdk160_35 -new jdk7


ECHO Now please double-click %SCRIPTDIR%\hyperion.reg, and click Yes when prompted.
PAUSE

ECHO Backing up and editing setJavaRuntime.bat....
COPY %EPM_MW_HOME%\common\config\11.1.2.0\setJavaRuntime.bat setJavaRuntime.java6
powershell.exe %SCRIPTDIR%\sed.ps1 -file %EPM_MW_HOME%\common\config\11.1.2.0\setJavaRuntime.bat -old jdk160_35 -new jdk7

ECHO Backing up and editing setDomainEnv.cmd....
ECHO This file might not exist on an Essbase server, and that's OK.
SET DOMAINHOME=%HYPDRIVE%\Oracle\Middleware\user_projects\domains\EPMSystem
COPY %DOMAINHOME%\bin\setDomainEnv.cmd setDomainEnv.java6
powershell.exe %SCRIPTDIR%\sed.ps1 -file %DOMAINHOME%\bin\setDomainEnv.cmd -old jrockit_160_37 -new jdk7

ECHO Backing up and editing deploymentScripts....
ECHO The edit we're doing here assumes FlightRecorder is turned off.
ECHO If someone previously enabled FlightRecorder for monitoring purposes,
ECHO this edit/replace operation might not work propertly, and you may
ECHO need to manually add to your JAVA_OPTIONS:
ECHO -XX:-UnlockCommercialFeatures
SET DEPDIR=%EPM_INSTANCE_HOME%\bin\deploymentScripts
MKDIR %DEPDIR%\Backup
COPY %DEPDIR%\*.bat %DEPDIR%\Backup\
powershell.exe %SCRIPTDIR%\RecursiveReplace.ps1 -editDir %DEPDIR% -old '-XX:-FlightRecorder' -new '-XX:-UnlockCommercialFeatures -XX:-FlightRecorder'
PAUSE

ECHO Don't worry if the next step produces an error message.
ECHO Here, we are backing up and editing a file that only exists on an Essbase server.
COPY %EPM_INSTANCE_HOME%\config\OPMN\opmn\opmn.xml %EPM_INSTANCE_HOME%\config\OPMN\opmn\opmn-java6
powershell.exe %SCRIPTDIR%\sed.ps1 -file %EPM_INSTANCE_HOME%\config\OPMN\opmn\opmn.xml -old jdk160_35 -new jdk7
PAUSE

ECHO If this an an Essbase server, please now inspect the essbase.cfg file, usually located here:
ECHO %EPM_INSTANCE_HOME%\EssbaseServer\essbaseserver1\bin\essbase.cfg
ECHO If the line containing the text "JvmModuleLocation" does not begin with a semicolon ";"
ECHO then you will need to manually change it to
ECHO %EPM_MW_HOME%\jdk7\jre\bin\server\jvm.dll
PAUSE

ECHO Don't worry if the next step produces an error message.
ECHO This step applicable on the EPMA Server host only.
COPY %EPM_INSTANCE_HOME%\config\EPMA\BPMA_Server_Config.xml %EPM_INSTANCE_HOME%\config\EPMA\BPMA_Server_Config.java6
powershell.exe %SCRIPTDIR%\sed.ps1 -file %EPM_INSTANCE_HOME%\config\EPMA\BPMA_Server_Config.xml -old jdk160_35 -new jdk7
PAUSE

ECHO Don't worry if the next step produces an error message.
ECHO This step applicable if the EAS Console was installed.
COPY %EPM_MW_HOME%\products\Essbase\eas\console\bin\admincon.bat %EPM_MW_HOME%\products\Essbase\eas\console\bin\admincon.java6
powershell.exe %SCRIPTDIR%\sed.ps1 -file %EPM_MW_HOME%\products\Essbase\eas\console\bin\admincon.bat -old jdk160_35 -new jdk7
PAUSE

ECHO And now likewise for the Financial Reporting Studio thick client....
COPY %EPM_MW_HOME%\products\financialreporting\bin\setJavaRuntime.cmd %EPM_MW_HOME%\products\financialreporting\bin\setJavaRuntime.java6
powershell.exe %SCRIPTDIR%\sed.ps1 -file %EPM_MW_HOME%\products\financialreporting\bin\setJavaRuntime.cmd -old jdk160_35 -new jdk7
PAUSE

ECHO --------------------------------------------------
ECHO Final step!  If your system was previously configured for SSL,
ECHO the Root and Intermediate certificates need to be imported into:
ECHO %HYPDRIVE%\Oracle\Middleware\jdk7\jre\lib\security\cacerts
ECHO Restart services and start testing!
ECHO --------------------------------------------------
PAUSE


RecursiveReplace.ps1

# RecursiveReplace.ps1
#
# This Powershell script recursively replaces all references of text within
# a directory hierarchy.  If the specified directory contains subdirectories,
# it will recursively descend into all subdirectories and repeat the process.
#
# Syntax:  powershell D:\Scripts\RecursiveReplace.ps1 -editDir <directory name> -old '<old text>' -new '<new text>'
# Example: powershell D:\Scripts\RecursiveReplace.ps1 -editDir D:\import_export\ExportSharedServices -old EssbaseCluster-1 -new 'Prod Essbase'
#
# If the values supplied to either -old or -new must contain spaces,
# then those values should be enclosed with single quote (') characters.
#
# If you receive a security policy error about “unsigned” Powershell scripts when
# running this process, open a command prompt and type:
# powershell.exe Set-ExecutionPolicy Unrestricted
#
#  Written on 04/09/2015 by Dave Shay (Datavail)
# Modified on MM/DD/YYYY by Your Name - Briefly describe changes

param($editDir, $old, $new)

# $editFiles=Get-ChildItem $editDir * -Recurse
$editFiles=Get-ChildItem $editDir -Recurse | Where-Object{!($_.PSIsContainer)}

foreach ($file in $editFiles)
{
    if(Select-String $file.PSPath -pattern "$old")
    {
        Write-Host Found matching text within $file.FullName
       
        (Get-Content $file.PSPath) |
        Foreach-Object {$_ -replace "$old", "$new"} |
        Set-Content $file.PSPath
    }
}


sed.ps1

# sed.ps1
#
# This Powershell script replaces all references of text within
# a specified file.
#
# Syntax:  powershell D:\Scripts\sed.ps1 -file <path\to\file> -old '<old text>' -new '<new text>'
# Example: powershell D:\Scripts\sed.ps1 -file D:\Scriipts\Hyperion.reg -old jdk160_36 -new jdk7
#
# If the values supplied to either -old or -new must contain spaces,
# then those values should be enclosed with single quote (') characters.
#
# If you receive a security policy error about “unsigned” Powershell scripts when
# running this process, open a command prompt and type:
# powershell.exe Set-ExecutionPolicy Unrestricted
#
#  Written on 07/04/2018 by Dave Shay (Datavail)

# Modified on 07/30/2018 by Dave Shay - Added the SimpleMatch parameter and simplified
#    the text replacement command.
# Modified on MM/DD/YYYY by Your Name - Briefly describe changes

param($file, $old, $new)

if(Select-String -SimpleMatch -Path $file -pattern $old)
{
    Write-Host Found matching text within $file
  
    (Get-Content $file).replace($old, $new) | Set-Content $file
}


ScriptEnv.bat
(The file I use is larger... here I am just revealing the variables used by SwapJava.bat)

@echo off
REM ScriptEnv.bat
REM
REM This script is called by most of the other automation scripts and utilities
REM written by Datavail's EPM practice.  Modify the variable values below
REM as appropriate for your environment.
REM
REM  Written on 04/18/2015 by Dave Shay (Datavail)
REM Modified on MM/DD/YYYY by Your Name - Briefly list changes made

REM Modify the values below as appropriate for your environment, but
REM do not change the names of the variables.

Set EPM_INSTANCE_NAME=epmsystem1
Set HYPDRIVE=D:

Set EPM_INSTANCE_HOME=%HYPDRIVE%\Oracle\Middleware\user_projects\%EPM_INSTANCE_NAME%
Set EPM_MW_HOME=%HYPDRIVE%\Oracle\Middleware\EPMSystem11R1

Set SCRIPTDIR=%HYPDRIVE%\Scripts

Conclusion

With these scripts in hand, you can get through the process quickly, and with less human error.

If you're not comfortable doing this yourself, reach out to me on LinkedIn or contact a Datavail sales executive, and we can get a conversation started.

Best of luck out there!

Wednesday, June 20, 2018

SSL TLS 1.2, OHS 11.1.1.9, and... Calculation Manager???

With more and more folks migrating Oracle EPM 11.1.2.4 / Hyperion from on-premises data centers to 3rd-party hosted environments, the topics of Secure Socket Layer ("SSL") and support for TLS 1.2 are becoming much more common conversations.

The devil, of course, is in the details.

As a matter of policy, many 3rd-party hosting companies and/or IT departments are disabling SSL protocols 2.0, 3.0, TLS 1.0, and TLS 1.1 by default.  Security vulnerabilities for those older protocols are to blame.  This leaves us with TLS 1.2 as the preferred option for SSL.

The problem, though, is EPM 11.1.2.4 uses Oracle HTTP Server ("OHS") 11.1.1.7 under the covers, and guess what?  OHS 11.1.1.7 cannot support any TLS protocol higher than version TLS 1.0.

But wait!  Isn't EPM 11.1.2.4 certified by Oracle to use Microsoft IIS 8.5 as the web proxy, which supports TLS 1.2?  Yes, indeed it is.  But, the SSL configuration documentation for EPM 11.1.2.4 is OHS-centric;  the IIS-related matters are incomplete and several important configuration details are missing in various blogs and Knowledge Base articles.  (Case in point: manual edits required for iisproxy.ini are completely missing in the EPM-centric documentation currently available as of this writing).

This brings us to the Oracle Knowledge Base article named "How To Update OHS 11.1.1.7 In EPM System To 11.1.1.9 (Doc ID 2406726.1)"

July 4, 2018 update:  The Knowledge Base article mentioned above is no longer available to Oracle customers; the KB is now flagged as Oracle internal-only.  I'll write a new blog post that explains why I believe this is so, and what you can do if you've already upgraded from OHS 11.1.1.7 to 11.1.1.9, and one or more EPM modules are now non-functional.

This article provides steps on how to perform an in-place upgrade from OHS 11.1.1.7 to 11.1.1.9 for EPM 11.1.2.4.  Oracle certifies that OHS 11.1.1.9 supports the TLS 1.2. SSL protocol.  The procedure to upgrade OHS is easy to follow.

But, there's a catch, and this is the point of today's blog post.

OHS 11.1.1.9 and Hyperion Calculation Manager 11.1.2.4 do not play well together!  After applying the OHS 11.1.1.9 in-place upgrade, attempting to login to Calculation Manager 11.1.2.4 results in a blank tab in EPM Workspace.  There are no blog posts or Knowledge Base articles on how to fix this.... until now!

The fix is buried within the release notes for the EPM Shared Services patch 11.1.2.3.500.

July 4, 2018 update:  The information below is obsolete.  I'm keeping it online for historical reference purposes.  Simply apply Calculation Manager patch 11.1.2.4.013 or higher.  This fixes the regression bug, and you don't need to execute the instructions listed below.

Open a command prompt and CD to your Oracle EPM Instance home's \bin folder on any of your Hyperion servers.  The default location for this is D:\Oracle\Middleware\user_projects\epmsystem1\bin for most Microsoft-based systems.   UNIX nerds like me; you know the drill!  (Swap the direction of the slashes)

Paste this command:

epmsys_registry addProperty /CALC_MANAGER_PRODUCT/@BINDOWS_ENABLED true  

Then restart your Calculation Manager service, and you're good to go.

What you've just done is you went back in time to the 11.1.2.3.0 days and instructed Calculation Manager that it should not use the 11.1.2.3.500+ Application Development Framework ("ADF") interface, which apparently OHS 11.1.1.9 has an issue with.

Hopefully, Oracle will use a future patch to remediate this.  But for now, carry on and be safe out there!