Put to the Test: Oracle Secure Enterprise Search 10g

Security features help set SES 10g apart, but dependence on the vendor's infrastructure makes this 'standalone' offering best suited to Oracle shops.

Focus On Security

Security is SES 10g's core differentiator. Oracle provides a security management dashboard to control the mirroring of repository security from the various source systems so results are limited to those that match the user's access rights from each individual repository. If a user cannot access a particular portal application per LDAP privileges, for example, SES 10g masks search results coming from that source. When access rights change, SES 10g can be configured to receive and process these changes automatically without the administrator having to script security checks, use third-party products or play telephone tag with administrators to ensure that ACLs (access control lists) are current.

SES 10g can work from a centralized authentication scheme, like a Unix, Microsoft or Oracle Internet Directory LDAP login, to identify which sources a given user can access. In its initial release, SES 10g didn't support Microsoft Integrated Windows Authentication (formerly known as NTLM), but support is planned for a future release.

For more granular security, the product can store ACL information associated with each document as part of the search engine index. With its support for ACL Crawling, SES 10g can obtain ACLs for each document directly from the crawled repositories. If a source does not have a document model or where the source is a dynamic page, SES 10g supports ACL Stamping, whereby an administrator specifies authorization roles directly in the administrative console. SES 10g then uses this "grant" list of LDAP users and groups to search a particular source. None of this is trivial. Access control requires the SES 10g administrator to grind through some crucial tasks.

In its initial release, SES 10g supports only the Oracle Internet Directory (OID), but the vendor says it's working on connectors to Active Directory, iPlanet directory and others. A restricted use license for OID is available for some Oracle customers, but others may have to upgrade to the Oracle Database Enterprise Edition. Moreover, SES 10g administrators who need to use Kerberos or PKI (public key infrastructure) services must license Oracle Advanced Security and Oracle Identity Management. If you have an Oracle Application Server 10g Standard Edition, you can obtain these modules as options.

SES 10g also supports single sign-on (SSO), which lets users log in once to perform searches and then jump to the repositories containing search results. In SSO mode, all calls to the search application are passed over the Oracle Application Server, which then checks the client's SSO authentication. Remember, however, that Oracle Application Server must be licensed independently.

Will It Stand Alone?

Oracle's marketing rightly emphasizes SES 10g's security features, but non-Oracle shops should recognize the requirements for Oracle components to provide certain security features. In this sense it may strain the definition of "standalone" search.

Beyond security, SES 10g provides a rich feature set and tight integration with Oracle applications. For Oracle-centric shops, SES 10g is a worthy--though not inexpensive--alternative that deserves a very close look. Assume a typical enterprise requirement of indexing 5 million documents, a 16-processor system may be a first-year requirement. At $30,000 per processor or $60 per user, that translates to about $500,000 for an 8,000-user system. And remember that processing demands for enterprise search increase each year due to new documents and the need to keep updating indexes quickly. It's no surprise that robust enterprise search systems easily reach seven figures. SES 10g seems destined to follow a similar pricing curve.

Oracle Secure Enterprise Search 10g, $30,000 per processor or $60 per user. Supports Microsoft Windows, Linux x86, Linux 86 64-bit, Solaris SPARC 64-bit, HP-UX PA-RISC 64-bit, AIX 5L Based 64-bit Systems

Stephen E. Arnold is lead analyst for the CMS Watch Enterprise Search Report, which evaluates 32 enterprise search products.