Review: Oracle Steps Up the Competition in Enterprise Search
Its federation and security features make
Secure Enterprise Search 10g a strong option for Oracle
shops, but will it standalone in a non-Oracle enterprise?
• Performs federated searches across non-Oracle systems and repositories.
• Broad functionality and administrative controls.
• Robust and flexible security controls.
• Ample linguistic features inherited from Oracle Text .
• More expensive than previous Oracle search products.
• Requires ongoing administrative expertise for maximum value.
• Advanced features such as metadata extraction aren't as robust as best-of-breed alternatives.
Oracle has offered an enterprise search solution for almost 15 years. In the 1990s, the company rolled out search products that stirred PL/SQL queries with dollops of linguistics. Previous enterprise search products that emerged from this work include ConText, InterMedia, Ultra Search and, perhaps the most well-known product, Oracle Text. Now Oracle has come out with yet another product: Secure Enterprise Search 10g (SES 10g).
Two features help set SES 10g apart. First, Oracle emphasizes that SES 10g is a standalone system, which makes the product more interesting to non-Oracle shops. A customer with an investment in DB2 and SQL Server, for example, can license SES 10g and use it to search and federate content.
The catch--and there usually is one in any enterprise search license--is that some features require the licensee to embrace other Oracle software. For security, the product leans on Oracle Internet Directory and Single Sign-On; these are components of Oracle Application Server, and the latter must be licensed and installed independently from SES 10g.
Second, and this is the big news in SES 10g, is security. When properly configured, most enterprise search systems can take advantage of security settings via LDAP or third-party add-ons. But SES 10g expands security from safeguarding the search index to Oracle's organization-wide model for managing access to specific items of content in Oracle databases as well as third-party applications. This model lets SES 10g process a query across multiple content repositories that may contain identically named files with different owners, yet the product "knows" who has permission to access each file. When properly set up, SES 10g can ensure that authorized users see only results to which each has access.
Cut to the Source
Oracle's latest offering is functionally similar to other major enterprise search products, including those from Autonomy and Fast Search & Transfer. SES 10g spiders content, indexes it, processes queries and displays results. Its document processing is language-aware and provides support for English, major European languages, Arabic and Chinese, among others.
Like other vendors, Oracle emphasizes its ability to generate metadata (or information about a document). In processing queries, SES 10g uses the words and phrases in the document plus metadata--on the creator of the document, file type, date and time stamps, security information, creator's schedule information and hyperlinks--to determine relevancy. A user can look at a document, see the creator's calendar and generate a list of links in a relevant document with a mouse click.
The standard SES 10g results display looks a great deal like those of Google's OneBox or Microsoft's SharePoint Search Server (see screenshot), but you can customize the look and feel with stylesheets. Unlike the Google Appliance, but like other high-end search products, the SES 10g administrator has recourse to a bevy of knobs and dials to tune relevancy, determine results weighting ("hit boosting") and set options for creating cached instances of source documents to eliminate 404 errors and speed document rendering.
Federation can reduce costs. If an application already implements some kind of search, many organizations do not want to re-index that application's content. Duplicate search systems, which abound in Fortune 1000 companies, can double or triple index storage and leave users baffled about which search system to use. SES 10g APIs let energetic developers hook SES 10g into non-Oracle applications, third-party search index files and mainframe legacy repositories. A federated search can then retrieve documents from multiple sources including a Web site, an Oracle database, a PeopleSoft folder, the Internet or a third-party application repository such as a Documentum content store.
To work its federating magic, SES 10g requires that each source implement a Web service using the query API. Documentation provides information and sample scripts. But as with other enterprise search systems, you'll need experienced staff to tweak the system to ensure bottlenecks, which could slow index updating or query processing, do not develop.
Focus on Security
Security is SES 10g's core differentiator. Oracle provides a security management dashboard to control the mirroring of repository security from the various source systems so results are limited to those that match the user's access rights from each individual repository. For example, if a user cannot access a particular portal application per LDAP privileges, SES 10g masks search results coming from that source. When access rights change, SES 10g can be configured to receive and process these changes automatically without the administrator having to script security checks, use third-party products or play telephone tag with administrators to ensure that access control lists (ACL) are current.
SES 10g can work from a centralized authentication scheme, like a Unix, Microsoft or Oracle Internet Directory LDAP login, to identify which sources a given user can access. In its initial release, SES 10g didn't support Microsoft Integrated Windows Authentication (formerly known as "NTLM"), but support is planned for a future release.
For more granular security, the product can store ACL information associated with each document as part of the search engine index. With its support for ACL Crawling, SES 10g can obtain ACLs for each document directly from the crawled repositories. If a source does not have a document model, or where the source is a dynamic page, SES 10g supports ACL Stamping, whereby an administrator specifies authorization roles directly in the administrative console. SES 10g then uses this "grant" list of LDAP users and groups to search a particular source. None of this is trivial. Access control requires the SES 10g administrator to grind through some crucial tasks.
In its initial release, SES 10g supported only the Oracle Internet Directory (OID), but the vendor says it's working on connectors to Active Directory, iPlanet directory and others. A restricted use license for OID is available for some Oracle customers, but others may have to upgrade to the Oracle Database Enterprise Edition. Moreover, SES 10g administrators who need to use Kerberos or public key infrastructure (PKI) services must license Oracle Advanced Security and Oracle Identity Management. If you already have an Oracle Application Server 10g Standard Edition, you can obtain these modules as an option.
SES 10g also supports single-sign on (SSO), which lets users log in once to perform searches and then jump to the repositories containing search results. In SSO mode, all calls to the search application are passed via the Oracle Application Server, which then checks the client's SSO authentication. Remember, however, that Oracle Application Server must be licensed independently.
Oracle's marketing rightly emphasizes SES 10g's security features, but non-Oracle shops should recognize the requirements for Oracle components to provide certain security features. In this sense, it may strain the definition of "standalone" search.
Beyond security, SES 10g provides a rich feature set and tight integration with Oracle applications. For Oracle-centric shops, SES 10g is a worthy--though not inexpensive--alternative that deserves a very close look. Assume a typical enterprise requirement of indexing five million documents; a 16-processor system may be a first-year requirement. At $30,000 per processor or $60 per user, that translates to about $500,000 for an 8,000-user system. And remember that processing demands for enterprise search increase each year because of new documents and the need to keep updating indexes quickly. It's no surprise that robust enterprise search systems easily reach seven figures. SES 10g seems destined to follow a similar pricing curve.
Oracle Secure Enterprise Search 10g is $30,000 per processor or $60 per user. It supports Microsoft Windows, Linux x86, Linux 86 64-bit, Solaris Sparc 64-bit, HP-UX PA-RISC 64-bit and AIX 5L-based 64-bit systems.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.