Category Archives: Technology

On Line Training – API Driven Architecture

15 Friday Feb 2019

Posted by in General, Oracle, Packt, Technology

Leave a comment

Tags

, , , , ,

In January we presented our 1st online training, looking at API Design and use of Apiary and Swagger. Things went well until near the end where for some reason voice and video dropped for no apparent reason. Our coordinator Lindsay kept the recording going and soon as we reconnected I continued the session and went through the Q&A.

So if you missed the end of the end of the training, please do check back with the recording.

If you missed the training – we’ll be rerunning in March – go here.

For those on the training will have seen at the start of the training links to my social media profile, so happy to try respond to any further questions.

We are also scheduled to run the session again in a month or so.

One of the questions received during the session I thought worth mentioning was when would Apiary support Open API 3.0. Well according to their blog very soon, looking forward to it as the OAS 3 does look a little cleaner.

Making Scripts Work with IDCS Deployed PaaS

09 Saturday Feb 2019

Posted by in API Platform CS, APIs & microservices, General, Oracle, Technology

3 Comments

Tags

, , , , , ,

A while back I made some utilities I developed to help with managing the API Platform. At the time we didn’t have access to an IDCS based environment, so credentials worked using basic auth (I.e. user name and password). But with environments managed by IDCS tokens are used.

As a developer with a Java background I have to admit to liking Groovy over Python for scripting, not to mention for the API Platform groovy is part of the gateway deployment and SDK. Meaning it is readily available in its 2.x form (3.x is relatively recent and aligning to the latest Java idioms). We haven’t tested against Groovy 3.0

Thank you to Andy Knight for sharing with us some Java code which I adapted to be pure Groovy (removing external dependencies for processing JSON). The result is a script that can taken can be taken and worked into other scripts (which is what we have done for our previously provided scripts – Understanding API Deployment State on API Platform, Managing API Policy Versioning in Oracle API Platform, Documenting APIs on the Oracle API Platform). But this script can be used to get a token and display it on the command line or write it to file. Writing tokens to files is generally not good practise, but as a temporary measure when working on developing scripts arguably a managed risk.

The script can be found at https://github.com/mp3monster/API-Platform-Utils/tree/master/getToken and all the details on using the script can obtained by passing -h as a parameter. The important thing is to understand how to obtain the Client ID and Client Secret, the details of which are described at https://docs.oracle.com/en/cloud/paas/api-platform-cloud/apfad/find-your-client-id-and-client-secret.html

Oracle Developer Meetup – London Feb 19

05 Tuesday Feb 2019

Posted by in Dev Meetup, development, General, Oracle, Technology

Leave a comment

Tags

, , , , , , , ,

Last night was the first Oracle Developer Meetup in London for 2019.  We were very fortunate to have Tomas Langer fly over to talk about the new micro container/framework being developed as an open source solution by Oracle.

Oracle Developer Meet-up - Tomas Langer presenting on Helidon

Tomas, opened by explaining the evolution of the micro-profile being championed by the Eclipse Foundation who are now the guardians of J2EE also known as Jakarta and how the J2EE and Micro-Profile standards compare (in simplistic terms – micro-profile is J2EE stripped back to be simple and support what is typically needed in a microservice world).

The presentation then went onto compare Helidon SE and Helidon MP (micro-profile).  What was really pleasing is that with a couple of exceptions everything that Helidon MP can do, can be done in the SE edition, the difference being that for SE you have to implement more code, rather than the auto-magic of annotations, but in return you have a Reactive Java platform with a development paradigm which relates to JavaScript Express.

In addition to talking about what can be done, Tomas described the kinds of features being developed, this includes:

  • Bringing micro-profile support up to the very latest specification,
  • More reactive persistence technologies support,

With the scene set, Tomas then worked through a series of live code scenarios starting with a clean slate and building Hello World in both the SE & MP models illustrating the differences in approach.  This was then built upon to add the following capabilities:

You can get the complete example which uses Helidon in both configurations from Tomas GitHub.

In addition to Helidon itself on GitHub, there resources provided include rich documentation and examples of each key feature.  Plus a Slack community, that if you contact any of the Helidon team will get you invited allowing you to discuss with the development team how to do things along with other developers using Helidon.

Tomas can be contracted via @Langer_Tomas.  Helidon project also has its own Twitter account – Helidon Project

Helidon itself can be found at:

I have previously blogged on Helidon at Exploring Helidon – Part 1

 

API Caching with the Oracle API Platform

01 Friday Feb 2019

Posted by in API Platform CS, APIs & microservices, General, Oracle, Technology

Leave a comment

Tags

, , , , , , , , , , , ,

We have been developing some advanced custom API policies for a client and in the process picked up on a few insights that didn’t even make into the API book. One of these policies is to provide an optimization around caching of API calls. The rest of this blog will talk about the tricks we have specifically applied to link an API Gateway to a caching mechanism and why.

Before I go into the details, I’d like to thank the Oracle product management team and particularly Glenn Mi at Oracle for their support getting through the deeper undocumented elements of the capabilities of the API Platform SDK.

Caching Options

Caching comes in may forms, and is motivated by varying reasons and not always the wanting the same behaviours. When getting into the subject of caching it is surprising how polarised people’s view points can be about which cache strategies are correct. The following diagram illustrates the diversity of caches that could appear in an end to solution solution.

Bringing together a caching technology in the Reverse Proxy model and an API Gateway makes a lot of sense. Data being provided to API consumers needs to be protected whether it comes from a cache or an active back-end system. At the same time you also want to exploit an API Gateway to provide analytics on API traffic, so any caching needs to be behind the gateway. But, if In front of an application layer then we can reduce the application workload.

When it comes to caching technology to partner with the gateway, there are a number of options available from Coherence to ehCache, memcache and Redis. We have avoided Coherence, whilst the gateway currently runs on a WebLogic server, we don’t want to need to unduly distort the performance profile and configuration of the Gateway by forcing a cache onto that server. In addition to which as Coherence is a licensed addition to WebLogic it raises difficult questions about licensing when deploying gateways (with gateways licensed based on logical groupings and API volumes but Coherence is licensed by OCPU). We also know that Oracle is moving towards having a micro-gateway which may mean we see the gateway engine moved onto something like Helidon (but this last point is my speculation).

We have elected to use Redis for several reasons –

  • Available as a PaaS service with several cloud providers (AWS & Azure) so no setup or management effort but can also be deployed on-premises,
  • Has an out of the box deployment that means cached entities can have a time to live (TTL) rather than needing to implement separate processes to expire cached values,
  • The ability to make it scale through clustering,
  • Cost

This caching model also allows us to optionally allow application development teams to push into the cache directly results. So rather than waiting on TTL the cache can be refreshed directly or even primed, rather than having to create fake requests to prime a cache.

Custom Policy

Continue reading

Experian data breach report and analysis

15 Saturday Dec 2018

Posted by in General, Technology

Leave a comment

Tags

, , ,

A good friend of mine (Howard Durdle) is a security expert and CSO, he pointed out this really good Twitter trail breaking down the newly published report on the massive Experian data breach.

https://twitter.com/sawaba/status/1072319618352627714

You don’t need to be a geek or a security expert to understand what is being said here, and more importantly reading between the lines as they say, the likely root causes. For me, this all points to cultural challenges, where organisational pressures or a lack of appreciation by mid level decision makers struggle to appreciate the need to invest in non functional factors such as security, patching and maintenance.

Sadly, Experian aren’t the first with this challenge, and won’t be the last. With DevSecOps etc the people building the software will understand the issue. But, I think we need to be working with educating the business stakeholders on the need for dealing with NFRs, and the need to prioritise certain types of issues.

UKOUG Conference 2018

04 Tuesday Dec 2018

Posted by in API Platform CS, APIs & microservices, General, ICS, Oracle, Technology

Leave a comment

Tags

, , , , , ,

With the start of December comes the UK Oracle User Group conference, or to be more precise the Independent UKOUG.  This year the conference is back in Blackpool, a slightly smaller venue than the ICC in Birmingham, but in many respects that made the event feel more vibrant and busy.

The user group also announced some of the changes it is making going forwards reflecting the changing needs of its members – SIGs being largely superseded by multi-stream single day events (Summits) with the Call for Papers for the first of these here.  A wider list of Oracle related Calls for Papers is available here.

Of course being a UKOUG Volunteer, I have been presenting and co-presenting.  The slides from my presentation sessions can be found at:

This was an abridged version of the an update on my presentation here 

My second presentation was a review of Oracle Integration Cloud, in which I presented some customer use cases of OCI  as part of a wider presentation on OIC by Sid Joshi

This was followed on the second day with two API based sessions, the first being a deep dive into custom API Policies on the Oracle API Platform.

The final session, was another short one looking at Apiary which was primarily a demo of what the solution can do.

On top of trying to keep up with my usual workload – a very hectic couple of days.

London Oracle Developer Meet-up – November 18

19 Monday Nov 2018

Posted by in development, General

Leave a comment

Tags

, , , , , ,

Another Oracle Developer Meet-up took place in London yesterday. This meet-up focused on Terraform and Microservices. The summary of the evening slides:

Chris Hollies’ slides can be found at here.  As demo’s aren’t included in the deck, the following videos are alternatives:

Our second session, that I presented on how we can establish paths of transition that make it easy to adopt microservices. The presentation material for this is available here:

My next Packt Project has been announced!

17 Saturday Nov 2018

Posted by in APIs & microservices, Packt, Technology

1 Comment

Tags

, , , , ,

My next Packt project (via O’Reilly) is not a book, but a short online training course about  good API design, API 1st and some tools that can support an API 1st methodologies. Register for the session here.

It includes a closer look at cloud tools such as Oracle’s excellent Apiary (sorry if this sounds like a sales pitch, but it is a good tool and the words of the found of RestLet confirm this) along with SwaggerHub and a few other options.

A good API goes beyond just the payload definition and I’ll walk through the other considerations and explain why these other areas are important.

Microservices Patterns Book

13 Tuesday Nov 2018

Posted by in Books, General, mindmap

Leave a comment

Tags

, , ,

Earlier this year, I wrote a short post on Chris Richardson’s book Microservice Patterns (Praise for Microservice Patterns). When the I read the book I mind mapped my notes which can be seen at Mindmap Index or access directly here.  The mind map is no substitute, but should act as a reasonable aide-memoire.

We would highly recommend getting and reading the book.