Why do I have an Ace logo on my website?


, , , ,

For the observant, you’ll have noticed that I have a logo on left side of my site saying Oracle Ace. Periodically I get asked what is it, what does it mean, and for those who are less involved in the Oracle community probably don’t know what it means.


Most developers will probably have encountered the idea of Java Champions or perhaps Microsoft MVPs (Most Valued Professional). All of these badges, and other large vendors such as SAP have comparable ones are a recognition of individuals outside of the organisation (in this case Oracle) who do a lot to support the community and wider technology ecosystem.

These contributions vary but typically take the form activities such as writing blogs/articles/books, answering questions on StackOverflow and other community sites where questions are raised and answered by experts. Organising and/or presenting at conferences.

This is the content helps bridge the gap between the standard guidance, documentation, white papers that the vendors will produce and real world practical experience.

Whilst you in theory you don’t have to be an expert to be part of these advocacy programmes, the reality is to communicate the meaningful value you need to have a level of experience and understanding that is more than the majority. I know a number of people in the Ace community who would deny being experts, and the only thing that differentiates them from everyone else is being willing to stand up and share what they have learnt. I would say that inevitably they are experts, as the processes and resource (atleast for Aces inevitably enable that development of expertise as I will try to illustrate shortly).

But before we progress, let me quickly summarise the advocacy communities that Oracle support …

  • 9928f94d6fb7bc0024781fa68e0bc571_400x400Java Champions – these are people working in the pure Java ecosystem
  • Oracle Ace’s – within this community we have three tiers of Ace and which tier reflects the amount of time actively involved in the Ace programme and how much you contribute. So you start out as …
    • Ace Associate progressing to
    • ace-logoAce then a at the top are a smaller community of
    • Ace Directors

Ace’s generally focus on Oracle’s mainstream products from database to Middleware like WebLogic and Apps

  • obga_badgeThe final group are Groundbreaker Ambassadors – this group are comparable to Ace Directors and actually progress through the Associate and Ace accreditation. But rather than focus on more traditional Oracle offerings this group tend to work with what could be described as modern app dev tech from Microservices and APIs to Blockchain.


Why get involved in such a community? Whilst I can only speak for myself, I suspect some of my motivators hold true for others, for me it’s about…

  • The is a strong sense of community amongst the Aces and obviously an inbuilt common interest. Given we often encounter each other at conferences etc, it makes it a lot easier socially when attending conferences. Stuck for a coffee conversation? Go say hello to someone you already know.
  • The value in knowledge and experience is in the sharing of that information, and you can’t beat the sense of validation when someone says – thank you, that really helped me.
  • Talking to other Aces means you may pickup useful insights. Certainly the Ace community are encouraged to develop relationships with Oracle product management (to be nominated for Ace Director / Groundbreaker Ambassador you need the sponsorship of a product manager).
  • These insights will further your knowledge which makes the day job easier. It becomes easier to influence Oracle when it comes to having features or priorities set that are of interest.
  • Some employers and customers put value on the Ace recognition as
    • there is the implicit expertise
    • gives indirect channels to product management
    • track record of sharing and enabling others
  • …so it creates some extra career opportunities or a foot up. If you look at eProseed’s website you’ll see that they are very proud to employee a lot of Ace Directors.


Coming back to the point of expertise, as you develop within the community, the chances of learning from others increases, but developing relationships with product management means getting to hear about what’s next etc as well as getting to hear the product managers and their thinking. In fact Ace Directors and Groundbreakers have dedicated briefing sessions and additional access that provides further insight into the product, strategy and direction. These relationships can start to create a virtuous circle of knowledge accumulation.


Carrying the badge of a vendor, and obviously contributing to a vendor’s community carries the risk of being perceived as not being independent/impartial or perhaps understanding the wider landscape. But having been part of the community, this is deeply inaccurate. The community members I know take pride in being professional which usually means being clearly impartial and appreciating the wider IT landscape in which they specialize. Being an Ace doesn’t mean you only know Oracle products, many Ace’s in the integration and development space are often also certified on the Azure or AWS platforms for example. What you won’t find is an Ace publicly calling Oracle out, but then with the access afforded/acquired into the organisation means where there are concerns/challenges/issues they are communicated through the relationships developed and this input appears to be taken very seriously.


When it comes to benefits, there are some, but I wouldn’t want people to think that it will ‘pay’ for the level of effort put in. The benefits are very much in the realm of acknowledgement for the contributions made. So yes, we get a few goodies – nice polo shirt with the community logo and the alike. Engraved glassware acknowledging your progress to Ace. The real reward for me, is the community and having opportunities to share insights and a bit of acknowledgement of the effort invested, everything else is a bonus.

London Oracle Developer Meetup – OIC Patterns and more


, , , ,

This Meetup was put together quickly as it presented an opportunity to align with other events happening in the Oracle offices. Despite the relatively short notice we a turn out that really made great use of our speaker – Sid Joshi who walked through the Enterprise Level patterns supported by Oracle’s Integration Cloud (OIC) including a demo showing how PaaS4SaaS worked using Service Cloud and OIC making use of VBCS and integration (formerly ICS) parts of the API Platform.

As with all the meet-ups we allow the discussions to flow freely. So, the conversation probed different aspects of OIC. So with the follow up on Several Capgemini use cases of OIC that have won the team awards.

You can see these use cases here. Sid’s presentation is available AppIntegrationPatterns_MeetUp. Additional resources can also be obtained from https://oracle-integration.cloud

As the conversation has focused on OIC and the use cases rather than our ongoing Drones with APIs stories, I have had an interesting follow on discussion about the application of drones.  The drone story has many threads.  The initial driver for the work on the drone has been about bringing something interesting and distinctive to the meetup.  The drone is very tangible, and the source of amusement which makes the meetups a lot more fun.

Continue reading

Managing API Gateway Costs with Oracle API Platform


, , , , , , ,

The Oracle API Platform adopted an intelligent pricing model by basing costs on API call volumes and Logical gateway node groupings per hour. In our book about the API Platform (more here). We suggested that a good logical grouping would be to reflect the development, test, preproduction and production model. This makes it nice and easy to use gateway based routing to different environments without needing to change the API policy configuration as you promote your solution through environments.

We have also leveraged naming and Role/Group Based Access Controls to make to make it easy to operate the API Platform as a shared service, rather than each team having its own complete instance. In doing so the number of logical gateways needed is limited (I.e. not logical gateway divisions on per team models needed). Group management is very easy through the leveraging of Oracle’s Identity Cloud Service – which is free for managing users on the Oracle solutions, and also happens to a respected product in its own right.

Most organisations are not conducting development and testing 365 days a year, for 24 hours (yes in an ideal world prolonged soak and load tests would be run to help tease out cumulative issues such as memory leaks, but even then it isn’t perpetual). As a result it would be ideal to not be using logical gateways for part of the day such as outside the typical development day, and weekends.

Whilst out of the out of hours traffic may drop to zero calls and we may even shutdown the gateway nodes, this alone doesn’t effectively reduce the number of logical gateways as the logical gateway aspect of the platform counts as soon as you create the logical group in the management portal. This in itself isn’t a problem as the API Platform drinks it’s own Champagne as the saying goes, and everything in the UI is actually available as a published REST endpoint. Something covered in the book, and in previous blog posts (for example Making Scripts Work with IDCS Deployed PaaS and Analytics and Stats for APIs). Rather than providing all the code, you can see pretty much all the calls necessary in the other utilities published.

Before defining the steps, there are a couple of things to consider. Firstly, the version of the API deployed to a specific logical gateway may not necessarily be the latest version (iteration) and when to delete the logical gateway this information is lost, so before deleting the logical gateway we should record this information to allow us to reinstate the logical gateway later.

As deleting logical gateways will remove the gateway from the system, when recreating the gateway we can use the same name, but the gateway is not guaranteed to get the same Id as before, as a result we should when rebuilding always discover the Id from the name to be safe.

A logical gateway can not be deleted until all the physical nodes are reallocated, so we need to iterate though the nodes removing them. When it comes to reconnecting the nodes, this is a little more tricky as reconnecting the gateway appears to only be achievable with inform known to the gateway node. Therefore the simplest thing is when bringing the node back online we take the information from the gateway-props.json file and run a script that determines whether the management tier knows about the node. If not then just re-run the create, start, join cycle., otherwise just run the start command.

As with the logical gateway, re-running the create, deploy, start cycle will result in the node having a new Id. This does mean that whilst the logical gateway name and even the node names will remain the same, the analytics data is likely to be become unavailable, so you may wish to extract the analytics data. But then, for development and test this data is unlikely to provide much long term value.

So based on this our sequence for releasing the logical gateway needs to be ….

  1. Capture the deployed APIs and the iteration numbers,
  2. Ideally shutdown the gateway node process itself,
  3. Delete all the gateway nodes from the logical gateway,
  4. Delete the logical gateway,

Recover would then be …

  1. Construct the logical gateway,
  2. Redeploy the APIs with the correct iteration numbers to the logical gateway using the recorded information- if no nodes are connected at this stage, the UI will provide a warning
  3. As gateway nodes comeback on line, determine if it is necessary to execute the create, start, join or just start

Of course these processes can be all linked to scheduling such as a cron job and/or server startup and shutdown processes.

Mastering Distributed Tracing – book review

So recently we have been working on ‘knowing what I don’t know’ when it comes to Open Tracing and how such tech may intersect with traditional logging and the use of Fluentd.

As part of that, I have read the Packt book Mastering Distributed Tracing written by Yuri Shkuro who has been key in the OpenTracing API and Jaeger and is the technical lead for Uber’s tracing team.

Whilst I have a good relationship with Packt, the fact they published the book is pretty much coincidental.

Understanding tracing over traditional logging is very important when moving into the world of microservices and reactive frameworks such as Node.js where threads are picked up and put down, you don’t know where and when the next service in a solution will pick up the next related activity. When you add to this solutions are more polyglot than ever – not only in the sense of different languages that maybe used, but a more diverse source of middle features e.g. historically you’d probably use JMS based messaging if you’re a Java developer and MSMQ for .net. Now you may be using AWS SNS as easily as Kafka. This means the mechanisms for passing and tracing events through these services need to be more unifying than ever.

Complexity of Observability

Continue reading

Popping Up on the Net and more


, , , , , ,

It’s been a quiet month for this blog, but I’ve been pretty busy with a raft of other activities…

  • recent article on our sister site – oracle-integration.cloud on  RPA.
  • I also appear in an interview with K21 Academy here.
  • 4186btedcpl._sx403_bo1204203200_Reviewing a new book on Enterprise API Management for Packt which we would very highly recommend if you want to understand the more Enterprise perspectives of adopting APIs, particularly if you’re considering APIs as a potential new revenue stream.
  • UK Oracle User Group committees for TechFest (having been reviewing the paper submissions it looks like its going to be an excellent conference in December) and Southern Summit (next week).
  • Just launched a number of sessions for the Oracle London Developer Meetup, with another to be announced soon (Blockchain) and potentially two more before the end of the year (we’re working on the speakers now).

API Security


, , , , , ,

I’ve started to subscribe to the APISecurity.io news letter. The news letter includes the analysis of recent API based security breaches along with other useful API related news. Some of the details of the breaches make for interesting reading and provide some good examples of what not to do. It is rather surprising how regularly the lack of the application of good practises is, including:

  • Checking the payload is valid to the definition,
  • Checking the payload size to ensure it is in the expected bounds,
  • Use strong typing on the content received it will help validate content and limit the chances of poisonous content like injected SQL,
  • owaspEnsuring the API has mitigation’s against the classic OWASP Top 10 – SQL Injection, poor authentication implementation.

More broadly, we see that people will recognise the need for applying penetration testing, and look to external organisations to perform the testing, when such work is commissioned the understanding of what the pen tester does is not understood by those logocommissioning the tests (SANS paper of security scoping), therefore know whether all the risks are checked. When you add to that, the temptation to keep such costs down resulting in the service provider not necessarily probing your APIs to the fullest extent. Not all penetration test services are equal, so simply working to a budget isn’t wise, yes there is a need for pragmatism, but only when you understand the cost/risk trade off.

But also remember application logic and API definitions and the security controls in place change over time as do the discovery of new vulnerabilities on the stack you’re using, along with evolving compliance requirements. All meaning that a penetration test at the initial go live is not enough and should be an inherent part of an APIs lifecycle.

cloudgs_apimgrWhen it comes to payload checks etc, products like Oracle’s API Platform make it easy to realise or provide out of the box checks for factors such as size limits, implementing payload checks, so better to use them.

If you ever need to be reminded that of why best practises are needed and should be implemented; a mindset of when not if a breach will happen will ensure you’re prepared and the teams are motivated to put the good practises in.

Integrating API Management with the rest of your Development Pipeline


, , , , ,

Oracle API Management keeps API policy configuration and management internalized for a number of reasons including security (after all you don’t want your security rules for APIs out in the open).  The Platform does provide simple versioning.  But you need to able to link the policies to the back end implementations – so the policy configuration is aligned to what is implemented. For example you don’t want the policy to accept parameters that your back end can’t handle in version 1, but does in version 2 of your solution. I have blogged about some of these considerations in the past here.

We have had the good fortune to sit and discuss the challenges of how API configurations could be managed with Flexagon. As a result of our input and from others Flexdeploy has a number of new features making the configuration management of APIs very easy. In addition to this is further simplifying gateway deployment processes. When combined with a very powerful CI/CD that can handle traditional development, microservices and development with integration products such as like SOA Suite and OIC a huge amount of flexibility is made available enabling configuration management, multi environment deployments.


Flexagon have started a series of blogs on the subject – recommend checking them out – here.

API Platform – Plans & Subscriptions


, , , ,

When it comes to Plans and Subscriptions on the Oracle API Platform we have a very flexible set of relationships. When it comes to checking the relationships to ensure a configuration is correct and that the impact of changing a plan or subscription is clear.  I end up having to draw a little diagram, which always leaves me second guessing myself about which way the linkages are. So I created a quick aide memoir, particularly given the unfortunate fact that Oracle’s online documentation isn’t great for diagrams.

If the diagram helps me, then perhaps it can help others, so here it is:

API-Plan - Entitlement

I’ve also attached the original PowerPoint document so it can be modified, enhanced if you want to – API-Plan – Entitlement.

Everything As Code – Article for PTK


, , , , ,

PTK 2019-04-30.pngPTK (Pass The Knowledge) is the new name for the Independent UK Oracle User Group‘s journal, previously known as Oracle Scene.  Yesterday saw the 1st release under its new name, and I’m proud to say that I have an article included called Everything as Code.

Not only that,  it is great to see the journal includes the appearance of one of my Oracle Team colleagues at CapgeminiAmy Simpson-Grange (here).

The magazine features the approach trialled in the last issue of Oracle Scene where the Journal was split in two – one half focusing on Oracle Applications and Applications Technology and the other on Oracle core technologies i.e PaaS, IaaS, Database, Infrastructure etc.  it also just happens that Amy appears in one half, and I in the other.

One thing that hasn’t changed is the high quality of articles that reflect the diversity of Oracle’s portfolio and community – covering things like Women In IT, Conversational AI, Sanjeevan Bala from Channel 4 discussing the use of Data Science, Database Security and Table Scans.