Find Content Easily and Securely with Oracle Secure Enterprise Search (SES)

Colin Laird – Principal Solutions Consultant - Database

Agenda

• Why should we care about search?• The Pain

• Why Secure Search?• Oracle Secure Enterprise Search• Demonstration• Experiences• Q&A

"The most interesting new product I think that we have built in a few years is our Secure Enterprise Search product. We think the paradigm for doing business, how people do their daily jobs is changing and is moving to a search paradigm"

Larry Ellison

Why should we care about Search?

• Workers can waste up to 19 hours in a 40 hour work week with problems accessing, managing, and integrating content

• Reformatting from multiple formats into single document (3.8 hours)

• Search but not find (3.5 hours)

• Recreate Content (3 hrs)

• Multichannel publishing with multiple applications (2.8 hrs)

• Moving documents from one format to another (2.4 hrs)

• Acquiring archived records with little or no automation (2.3 hrs)

• Version control issues (2.2 hrs)

Source: IDC (April 2006) Hidden Costs of Information Work

The Dull Aching Pain(High Level)

• Content more than doubling annually

• So much content

• Not enough quality information

• How much cumulative time is wasted?

• Decision making takes longer

• Resources increase

• Regulatory requirements

• Auditable, Secure but accessible?

• Legal consequences for failures

The Acute Specific Pain(Lower Level)

• Organisations which have distributed content

• Knowledge Management Professionals

• Department-level management

• Industries across the board

• IT Professionals

• Repetitive Searches• Redundant Content• Lost or inaccessible

content• Problems managing

secure access across multiple systems

• Problems ensuring relevance across multiple searches

WHO WHAT

Benefits From Improving Content Management and Access

• Content processes reduce problems of redundancy and fragmentation

• Targetted intelligient searching allows easier access to content and good information

• Good information and content are a facilitator to good decisions

Why Is It So (Relatively) Simple To Search The Internet?

• No Security• Most searchers seek “good enough,” not exact

matches• Relevance inferred from web links

Web Servers

Web User SearchServer

Why Is It So Hard To Find Enterprise Information?

• People have roles• Content is secured by policy• Content is distributed• Few linked documents (different from Internet)

X C O R P

S a les D IR E ast

S a les D ir W est

S a les E ur

V P S a les

P roduc t D irec tor

P roduc t D irec tor

V P D eve lopm ent

C ounselC ounsel

V P Lega l

F inance D irec tor

F inance D irec tor

T ech D irec torT ech D irec tor

C IO

V P F inance

C EO

StructuredContent

E-Mail

File/DataServer

Applications

Web Content

SearchServer

Search Enables Information Access

With Enterprise Search, users:• Use a single, common interface• Find information across many

kinds of content• Improve effectiveness with better

information• Eliminate need for redundant

search efforts

StructuredContent

E-Mail File/DataServer

Applications Web Content

Agenda

• Why should we care about search?• The Pain

• Why Secure Search?• Oracle Secure Enterprise Search• Demonstration• Experiences• Q&A

Why Secure

Search?

Security Matters• How does search determine who is performing the search?• How does search determine what documents to show the

searcher?• Your search does not authenticate stored credentials

versus the repository at query time• Your search cannot work with multiple separate

authentication schemes• Your index is stolen• Your crawler is spoofed• Your crawler or query streams are compromised• Is the index secure?

Agenda

• Why should we care about search?• The Pain

• Why Secure Search?• Oracle Secure Enterprise Search• Demonstration• Experiences• Q&A

Oracle Secure Enterprise Search (SES)

• Secure access to content

• Extensible• Scalable• Simple

user interface

Basic SES Architecture

Crawler Query Engine

End-User

End-User

End-User

LDAP Directory

SES Index Embedded Database

ContentMgmt

DatabaseGroup

SingleSign-On

Portal

SESFunctions

SES - Why It's Different

• Highest Level of Security• Secures the search index and metadata• Automatically enforces multiple layers of authentication • Extends to new data sources through a Secure SDK

• Enterprise Ready • Uses enterprise context to improve relevance • Indexes content from all Unicode languages • Easy to install, maintain, and extend

• A natural Extension of Oracle’s information management leadership• Leverages Oracle’s grid infrastructure • Deep integration into Oracle data sources and access tools

Secure ConnectorsData SourceData Source Availability AvailabilityOracle Portal 9.0.4, 10.1 (Free)             Oracle Portal 9.0.4, 10.1 (Free)             Available TodayAvailable Today

Oracle Content DB (Free)Oracle Content DB (Free) Available TodayAvailable Today

Microsoft Connectors (Free)Microsoft Connectors (Free)• Exchange 2000, 2003 (Emails, Attachments, Appts etc) Exchange 2000, 2003 (Emails, Attachments, Appts etc) • NTFS           NTFS           • Sharepoint 2003Sharepoint 2003

Available TodayAvailable Today

Documentum 5.3.x, 5.2.5 & 5.1 (Not Free)Documentum 5.3.x, 5.2.5 & 5.1 (Not Free)

FileNet 4.x &  3.6 sp2 and aboveFileNet 4.x &  3.6 sp2 and above

IBM DB2 Content MgrIBM DB2 Content Mgr

Lotus Notes  6.5.4 Lotus Notes  6.5.4 

HummingbirdHummingbird

Open Text LivelinkOpen Text Livelink

Available TodayAvailable Today

Enterprise Applications (Not Free)Enterprise Applications (Not Free)• Oracle E-Business Suite 11i      Oracle E-Business Suite 11i      • Oracle Siebel 7.8                            Oracle Siebel 7.8                            • Oracle Peoplesoft                       Oracle Peoplesoft                       • SAP (Planned)                                   SAP (Planned)                                  

Available TodayAvailable Today

Agenda

• Why should we care about search?• The Pain

• Why Secure Search?• Oracle Secure Enterprise Search• Demonstration• Experiences• Q&A

AT Kearney Story

In 1998, A.T. Kearney embarked on a comprehensive document management system review, which resulted in the selection of Documentum’s PCDocs product.

After one year of customizations, PCDocs was rolled out in April 1999. The rollout included an elaborate communications plan

General user acceptance of the tool was slow and by 2003, it was agreed that the tool was “broken” in terms of both usage and content.

AT Kearney Story

Key identified issues were:• Age old problem of getting people to contribute IC• In addition to IC, there was no consistent place to store and search

vital corporate records• No capability to search across multiple content sources (files, tables,

etc.) from a single interface, while still adhering to strict security rules

Following technologies were examined:• IBM search• Microsoft SharePoint Portal• Oracle SES R1• Verity• Many others

AT Kearney

SES at Oracle Corporation

• Secure Search – oracle.com• Two dual CPU 3GHz servers running Red Hat Linux

• 8GB memory and 12G Swap per server• 700GB index space on disk available per server• Fronted by large IP devices to handle transactions

• 350,000 documents crawled• 15GB of content indexed• More than 40,000 search views daily• High Availability System – only down for maintenance.

SES Install experience

• Requirements:• Windows, Linux, Solaris, HP-UX, AIX• Minimum 2 gigabytes of disk space

• Includes 1 gigabyte to install• Approximately 0.5 gigabytes to create the initial index

• Some configuration examples:• To index 100,000 documents:

• 4 gigabytes disk space• 1 gigabyte RAM

• To index 1,000,000 documents:• 20 gigabytes disk space• 6 gigabytes RAM

SES Install experience

• Downloaded from otn.oracle.com• Size: 560MB approx

• Install time taken: 20 mins approx• Configure loopback – 5 mins• Convert FAT32 to NTFS for host FS

• OUI Install order:• SES one off patch• Oracle Net Config Assistant• Oracle Database Config Assistant• Oracle Search Config Assistant• Removes Temporary Files

SES Install experience

• End up with:• Very slim Oracle Database 10.1.0.5• 9 Datafiles, 3 redo logs etc.

• Apache web server

• Then need to setup your sources

• Very quick

SES – Conclusions and Takeaways

• Focus: Highest Level Of Security• Tunable To Your Enterprise• Ease of Administration/Use/Integration• Leverage Your Existing Infrastructure• Unified Access To Your Enterprise Content

AQ&

Extra Slides

Highest Level of Security

• Uses an embedded Oracle Database to securely store the Search Index

Secure EnterpriseSearch Index

An index stores references to all the searchable content. The embedded Oracle Database protects the index with proven security.

Find All Your Content

• Access Content Through Standard Connectors

• Develop Custom Connectors To Legacy Content• Secure Software Development Kit• Shipped with examples custom connectors

• Integrate into infrastructure as web service• Embed search function without need to re-engineer

application/page

Application Search

• Application Search E-Business Suite Today• Built as a custom test case• JDBC Crawler against Applications backend

(database)• Utilizes current SES SDK and APIs

• Planned search integrations (in progress)• E-Business Suite• Siebel 8.0 and 8.1• Peoplesoft

Enterprise Ready

• Relevance rankings based on business usage

• Simple to install, use, and maintain

• Multi-Lingual• More than 150 Unicode languages

• Global 24x7 support

Easy to Administer

• Web-based administration

• Control and manage relevance of keyword searches and results

• Manage security

SES & Directory Services

• SES uses directory for • User Authentication during query time (SSO & form login)• User Authorization during crawl and query time

• Crawl time – checking if the user/group given by the crawler is valid and convert to GUID

• Query time – get the list of groups belonging to the user• Admin – Stamping users/roles for a datasource

• App entity credentials for federation and list of authorized master nodes

• App entity credentials for crawling Oracle sources such as OCS

• SES does not store any other SES specific information in the directory

A natural extension of Oracle leadership

• Leadership in Information Management

• Leadership in Data Access• Oracle Portal• Oracle Text

Relevance Rankings based on Business Context

Award winning keyword ranking engine developed over 15 years and based on over a dozen Oracle patents

Multiple, complementary techniques for determining relevance

Keyword Ranking Link Analysis Query Log Analysis Metadata Extraction Intelligent matching Duplicate Elimination

SES - What It does• Authenticates to repository

• Indexes content and user access information

• Exposes content accessible to named user

• Secures search transactions

• Secure index

StructuredContent

E-Mail

File/DataServer

Applications

Web Content

SearchServer

Secure Access

Intranet

Collaborative crawl

Secure crawl

Authenticate

AuthorizedIndex Access

Search request

•ACLs enforced on search results

Information Sources

Secure Search Repository

SSOInformation Sources

Client

•Authenticate as theend user or some privileged user•Access Content &corresponding ACL

•Authenticate as trusted application•Access Content &corresponding ACL•Incremental Content if peer application, e.g. OCS, Portal..

Access Wallet

• Crawl time Username/ Password accessed from wallet