Best Practices from Oracle Development's A‑Team
-
/ A-Team Chronicles
July 23, 2020
Provisioning Oracle Analytics Cloud Natively in Oracle Cloud Infrastructure
Validated October 12, 2020 with OAC 5.8
Introduction
The latest releases of Oracle Analytics Cloud (OAC) now include the ability to provision it natively in OCI in select geographies.
The Oracle document Administering Oracle Analytics Cloud lists the currently available geographies.
See Get Started with Administration for the official OCI Native documentation.
This post is a step-by-step guide to provision Oracle Analytics Cloud (OAC) Natively in Oracle Cloud Infrastructure (OCI). The Tokyo region is used for the provisioning. Note: This post is for OAC instances with public end-points. For a post on provisioning instances with a private end-point refer here.
Validations
October 12, 2020 with OAC 5.8
July 23, 2020 with OAC 5.7
May 19, 2020 with OAC 5.6
March 2, 2020 with OAC 5.5 in EMEA
February 14, 2020 with OAC 5.5 in NA
February 13, 2020 with OAC 5.5 in APAC
January 31 with OAC 5.4
Topics
-
Before You Begin
-
Provisioning OAC in OCI
-
Validating and Connecting to the OAC instance
-
Viewing the OAC Application in IDCS
Before You Begin
The following prerequisites must be in place before provisioning OAC natively. Various administrator privileges are required to perform the tasks.
After the prerequisite tasks are performed the OCI topology looks like this:
IDCS Prerequisites
The following tasks must be completed by an IDCS administrator.
Creating an IDCS User
Create an IDCS user to perform the provision. Refer here for documentation.
Note: The provisioning user must be an IDCS federated user and not a local OCI user. During the provisioning process this user is granted the Service Administrator role in the provisioned IDCS OAC application.
Creating an IDCS Group
Create an IDCS group for the IDCS user. Refer here for documentation. This group is mapped to an OCI group in the next section.
Assigning the IDCS User to the IDCS Group
Add the IDCS user to the IDCS group. Refer here for documentation.
OCI Prerequisites
The following tasks must be completed by an OCI Identity and Access Management (IAM) administrator.
Creating an IAM Group
Create an IAM Group. Refer here for documentation. This group is mapped to the IDCS group and granted the OCI privileges to provision OAC.
Mapping the IDCS Group to the IAM Group
Map the IDCS group to the IAM group. Refer here for documentation. This mapping provides the IDCS user/group the privileges to provision OAC.
Creating a Compartment
Create a compartment. Refer here for documentation. This compartment isolates and secures OAC instances.
Preparing the IAM Group Privileges in the Compartment
Prepare the IAM group privileges in the compartment. Refer to Policy Basics and Policy Syntax for documentation. See here for the example privileges required to provision OAC. These privileges are granted via statements in the compartment policy below. This post uses the example policy statement:
allow group <IAM Group> to manage analytics-instances in compartment <Compartment>
Creating a Compartment Policy
Create a Compartment Policy. Refer here for documentation. The policy contains the statement above that grants privileges to OAC resources within the compartment.
Provisioning OAC in OCI
The provisioning process below creates an OAC instance in the OCI compartment. It also creates an IDCS application with the standard OAC IDCS application roles. The provisioning user is granted the ServiceAdministrator application role. After the provisioning the OCI topology looks like this:
Connecting to the OAC Console
If you are new user, open your e-mail address, find the welcome email, and change your password. Connect to the OCI console. Refer here for documentation. The URL should be in the format
https://console.< home region >.oraclecloud.com e.g. https://console.us-ashburn-1.oraclecloud.com
You may be prompted to enter your tenancy name. Enter it and press Continue.
Selecting the Region
If your home region is not enabled for OAC Native, then switch to a region that is e.g. Japan East (Tokyo). Refer here for documentation.
Your current region is displayed at the top of the Console. If your tenancy is subscribed to multiple regions, you can switch regions by selecting a different region from the Region menu.
Navigating to the Analytics Cloud
Navigate to the Analytics Cloud. Refer to Navigating to Oracle Cloud Infrastructure Services for documentation.
Open the navigation menu in the upper left 
, scroll down and hover over Analytics and click Analytics Cloud.
Selecting the Compartment
Select the Compartment. Refer to Understanding Compartments for documentation.
From the Compartment dropdown, choose the compartment you have access to for Analytics.
Creating the OAC Instance
Create the OAC Instance. Refer here for documentation. From this documentation is the following:
Click Create Instance.
Ensure the Compartment is the one you chose.
Enter an Instance Name and a brief description. The name must start with a letter and can contain only letters and numbers.
Optionally enter a Description.
Select the Feature Set you want to deploy.
Self Service Analytics: Deploys an instance with data visualization. Select this option if you subscribe to Professional Edition.
Enterprise Analytics: Deploys an instance with enterprise modeling, reporting, and data visualization. Select this option if you subscribe to Enterprise Edition.
For Capacity, select the number of OCPUs that you want for the service.
For production services, select the number of OCPUs you want to deploy (between 2 and 52). If you want to create an instance for trial purposes, you can select 1 OCPU.
For License Type, select whether you want to use your Oracle Middleware on-premises license with Oracle Analytics Cloud and be charged the Bring Your Own License (BYOL) rate or subscribe to a new Oracle Cloud license for Oracle Analytics Cloud.
Select Public for Network Access Type
Optionally select Configure Access Control Rules to create rules that restrict access to the OAC instance. Leaving the box unchecked (the default) allows unrestricted access to OAC. Access Control Rules may also be configured after provisioning via the OCI console.
Optionally enter Tags.
Verify that the details are correct and click Create.
The Instance Details page shows the initial status Creating. It takes about 20 minutes to create the service. The status to Active when the process is complete.
Validating and Connecting to the OAC instance
Validate the provisioning by connecting to the OAC instance.
On the Instance Details page click Open URL.
A successful connection displays the OAC home page.
Viewing the OAC Application in IDCS
The provisioning process also creates an IDCS application and assigns the provisioning user to the application's ServiceAdministrator application role.
There are two methods to view the IDCS Identity Console
♦ Navigating to the IDCS Identity Console using the Identity Federation Page
If you or your group has the inspect identity-providers in tenancy privilege then open the navigation menu in the upper left , scroll down and hover over Identity then click Federation.
Click on the Oracle Identity Cloud Service Console link e.g.
https://idcs-< IDCS ID >.identity.oraclecloud.com/ui/v1/adminconsole/
♦ Navigating to the IDCS Identity Console using the Service User Console
Click on the 
Icon and click Service User Console.
Click on the Icon again and click My Profile.
Click Identity Console.
♦ Viewing the IDCS Application and Application Role
Open the IDCS navigation menu in the upper left and click Applications
Click on the Application created via the provisioning process. Note the OCI instance name is the suffix of the Application name.
View the application details. Click on Application Roles.
Note the ServiceAdministrator role and click on 1 User Assigned.
Note that you are the user assigned to the role.
Set Up Users, Groups, and Application Roles
One of the first jobs you do after setting up a service with Oracle Analytics Cloud is to add user accounts in Oracle Identity Cloud Service for everyone you expect to use the service and then assign them suitable permissions in Oracle Analytics Cloud. The topic is not covered in this blog but refer here for details.
Summary
This post described provisioning Oracle Analytics Cloud Natively in Oracle Cloud Infrastructure.
For other posts relating to analytics and data integration visit http://www.ateam-oracle.com/dayne-carley