Category Archives: Technology

Oracle middleware cloud – what does it mean to Mulesoft and Apigee?

10 Friday Oct 2014

Posted by in Oracle

Leave a comment

Tags

, , , ,

Oracle will soon be launching 2 cloud offerings – a hosted approach to their heavy weight SOA Suite middleware. But more importantly potentially for some of the cloud integration players like Mulesoft and Apigee is a lighter, web interface IDE solution. This lighter solution is clearly aiming (and statements made to the effective of) the Gartner pace layering ethos where you want to quickly link existing services together to offer new capabilities. This new cloud integration service will be aware of all the other cloud service APIs from Oracle you have and provide smart prebuilt transformations, which you can extend or change if you want. For non Oracle integrations the service is meant to use some intelligence and heuristics built through how other customers have realised mappings to make suggestions. With control frameworks for security, access and errors etc based policy mechanisms.

The solution includes access to prebuilt connectors to obviously Oracle products, but also the likes of Salesforce, Workday and more coming like Successfactors. When combined with other new cloud offerings such as their new mobile apps then the pacing message becomes a lot stronger. Add to this the cloud adoption of the CEP (Complex Event Processing) engine (which looks very good) and the addition of several API tools next year for catalog and realtime discovery and they will have a pretty solid suite.

With this lighter weight cloud solution there is meant to be means to pull the integrations out of the cloud and into on-premise middleware deployments. This makes sense as a lot of the capability looks to be built on top of OSB.

Add to all of this the other service offerings being launched such as Dropbox like distributed document with google doc like collaboration and there is a very potent story for the Oracle one stop shop. So you could use Oracle for best of breed integration but convenience and who got fired for buying Oracle is likely to be ruling story.

I suspect you will see Oracle appear strongly in the iPaaS assessments by Gartner soon.

Given Ellison has indicated that the new cloud services from Oracle will be aggressively priced it will be interesting to see how the smaller players differentiate themselves. I suspect one of the keys will be the speed of offering new capabilities by their cloud solutions both at the product core and through connectors. Prior to the 12c launch the rate of change in the middleware space didn’t appear to be rapid.

Oracle Open World Middleware Update

09 Thursday Oct 2014

Posted by in General, Oracle, Technology

Leave a comment

Tags

, , , ,

So having been fortunate enough to attend part of Oracle Open World I provided some support to the UKOUG Fusion Middleware SIG chairman with a short briefing on some of the key points from OOW.

The following are my initial notes, if you want the complete deck, it should be available through the UKOUG website.

Cloud
– key note from Larry was all cloud, cloud cloud
– more SaaS than anyone else – announced dozens of services is the last year – probably hundreds across all the sectors
– build and buy
– platform upgrade
– data as a service – BlueKai acquisition Data Management Platform
– Some of these offerings included capabilities that sounded like enterprise offered Dropbox – so might soon see personal cloud?
– data migration of data or app up and down from cloud push of a button (reality bit more complex)
– innovation for securing the cloud at lowest levels
– going after b2c and b2b capabilities

Middleware Cloud
– SOA Suite as a hosted solution or integration cloud which more like web UI for OSB integration.
– ethos change for integration cloud no deployment – develop and promote to production
– Override able Automated mappings when going between own cloud services or Oracle adaptors to 3rd party. Can built own mappings and incorporate own functionality
– Configuration controls policy driven such as error handling etc
– Can bring integrations back to on premise
– breadth & agility / ease (pace layering started to get mentioned a lot more)
– Use cases such as linkage to mobile – 7-11 use case
– More cloud adaptors coming to support 3rd party
– API inventory and discovery capabilities coming – successor to OES
– Support for JSON and REST alway through SOA rather than transformational capability only

Mobile Application Framework
– seems to have crept up quietly, successor to ADF mobile in the form of MAF Faces
– by delivering hybrid strategy like Phone Gap but enables Java in a container on Andriod & iOS
– MAF actually incorporates Apache Cordova – the open source version of PhoneGap
– with it is a new UI presentation style with all the support style guidance – ALTA
– Java on iOS but Jobs said …. done by compiling to native solution

A couple of presentation grabs ….

IMG_0107.JPG

IMG_0104.JPG

Impact of App Maintenance on brand

26 Friday Sep 2014

Posted by in General, Technology

Leave a comment

Tags

, , , , , ,

I have recently been working on some guidance on when to use mobile or web applications for my employer. What has been interesting is that there is plenty of information on the technical dimensions that should be considered. But not so much on the negative brand impact that could occur if the application isn’t targeted at users properly, and most crucially sustained.

Let me show what I mean by highlighting some common, but relevant observations.

Many end user businesses tend to work on a project or programme basis, so once a solution whether internal, B2B or B2C once delivered gets handed over to the operational teams to monitor and keep alive. Even for devops once the solution is deemed complete the bulk of the team will move to new objectives. Net result is that the solution remains static until new functional requirements are needed.

As businesses, we would like to increase the ability for customers to serve themselves and ‘shape their customer journey’ to what they want. All of which means we will increasingly see 1st point of customer engagement either as new or returning customers through apps in the same way as websites have prior to the rise in mobility.

We know that mobile devices are evolving at a tremendous rate driven by vendor competition. This has resulted in things like ever changing screen sizes and resolutions which have largely been growing but with Apple jumping into the watch market I think we’ll see another change in the next couple of years.

Not only have the screen resolutions changed, the interaction and presentation styles have been evolving. Take the huge change for IOS7 with the adoption of the ‘flat’ design paradigm, and with IOS8 subtler but important changes to allow changing of the feel of aspects like the keypad. This all before you think about the change and evolution of other solutions that you might want to integrate with such as Facebook, Twitter etc.

So, back to my original point, what does this mean? Well essentially if you’re going to invest in mobile apps you have to keep up the investment with regular updates to keep the experience current, you can’t really use the project model. With stats like Gartner’s around security (75% of apps not passing security tests by 2015) there is a clear need also to invest in capability to drive quality into the solution in all the less visible non functional issues and examining the solution continually from the user view point. This all adds upto a mobile application not being cheap.

Just to bring my point home, below are some screen shots from the Apple App Store taken very recently which reflect what happens and the impact you could end up with (and the feedback in a form that you’re unlikely to address). Not to mention Virgin is a pretty brand aware organisation, so we’d have thought they wouldn’t have got caught out by these challenges.

IMG_0102.PNG

IMG_0101.PNG

Adopting Collaboration Tools in the Workplace

14 Sunday Sep 2014

Posted by in General, Technology

Leave a comment

Tags

, , ,

I was recently reading an article from MIT Sloan about the use of collaboration tools in the enterprise. The article made the point that collaboration tools are being introduced into the workplace, but not being effectively leveraged and people continuing to use email. I think there is a correlation here to some of the statistics for mobile and web applications.

So let me start with some facts, and some thoughts before I bring it back to the point about office collaboration.

We know from research from organisations such as PEW (general view of use, older generation view) that there is a correlation between age and use of mobile devices, and mobile apps. This I believe reflects on technology in general. As collaboration technology goes, it is a fairly young set of ideas. Although many will associate collaboration with social – there is a difference when social is more simply just sharing information. Collaboration is not just sharing but collectively working on assets such as documents.

Add to this a view of the demographics of any enterprise leadership (although IT is something of an exception) and you will see that leadership is an older generation (illustrated by this FT article). So, understandably less likely to lead an organisation into technology adoption.

Add to this the constant noise and increased pressure on information security, remembering that the most harmful security compromises originate internally. So with this sort of consideration you’re likely to see downward pressure to keep things tightly controlled. Such tight reigns seriously impact collaboration from my experience.

The last key thread, is the fastest way to encourage adoption of something is for the executive and senior leadership visibly adopt something. Organisational role comes with an inferred command (a well established piece of psychology) best illustrated by a story where a chief exec wanted to motivate staff, so spent time wondering around talking with his staff, and in doing so made observations and suggestions to people thinking he was helping. But as his role inferred a level of command, he sound discovered that those suggestions and ideas had been read as instructions and his staff where rapidly implementing such suggestions.

So here you have a recipe, where executives potentially don’t get the power of collaborative technology, potentially nervous of the security implications and least of all not using position to leverage it. You can see why the technologies aren’t being effectively exploited.

What is worse, is that you will see hotspots of collaboration which will be established by those who get the ideas and will inspire their colleagues. This is the true risk of collaboration as it is unlikely to controlled or properly secured with no contingency or remedial actions in the event of a security breach as those situations aren’t being dealt with by

Mastering Puppet Review

09 Tuesday Sep 2014

Posted by in Books, General, Technology

Leave a comment

Tags

, , , , , , , , , , , , ,

Packt’s Mastering Puppet kicks off with substantial first chapter on how to setup Puppet in a manner that can then scale. The core of this is driven by an explanation of the constituent parts of a Puppet solution and where the workload is. In terms of execution this is as much about understanding the configuration of things like Apache, Passenger and Ningx as it is Puppet. As part of the explanation there are indicative numbers in terms of supportable scale which reflects the knowledge of the product.

Looking at configuration distribution for headless deployments with Git is a solid well considered piece and the writing suggests considers all the needs of a solid deployment of a production quality solution such as access control, whilst supporting collaborative working etc. it would be interesting to have seen how that would have stacked against capabilities such as Zookeeper.

As we move through the chapters the books continues with more advanced themes such as using Hiera as a object hierarchical framework for managing configuration and on into leveraging Puppet forge and various Git repositories (and the challenges when linking to git repositories of the latest code vs a release). With the repositories we can draw in additional tooling and how to incorporate these capabilities into a deployment. This includes looking at several modules that practical experience from the author would recommend.

By chapter 6 we’re into writing our own custom modules and facts and deploying them. So you can do things such as create modules to manage your custom solutions.

The next natural step is to look at the reporting aspects of Puppet, orchestration through marionette collective (mCollective). Obviously to report you need to gather the activity information, so the book touches on the out of the box (OOTB) approach and moves onto the idea of using IRC; presentation via Foreman and Puppet Dashboard. Finally then with a reporting view, the next step is to dynamically query the nodes in Puppet environment which uses mcollective to communicate back & forth with the nodes.

So now we have a dynamically configurable set of Nodes, which can report and have dynamic querying against the nodes.  Final chapters cover the use of things like PuppetDB, roles & profiles and developing and debugging your puppet environment.

Reading the book, I get the feeling that a fair grasp of Linux system administration would help (i.e. a bit more than the average developer). There are a few useful touches that I think could have been included, such as external references such as man pages for RPM or site for the Pulp tool mentioned. But, as criticisms go, this as much me being too lazy to Google. The only other refinement would be inclusion of some diagrams to support the words. As they say a picture can tell a 1000 words, even if this was to just show the hierarchy or directory structures involved.

Compared to the recently reviewed Puppet Reporting book, this book isn’t for someone starting out with Puppet (but the Packt site says as much). You atleast need to have got some basic understanding or practical exposure to Puppet,  and exposure to a development environment is an added bonus.  So if you’re setting out with Puppet you might consider starting with the Puppet 3 Beginner’s Guide (Amazon) or Instant Puppet 3 Starter (Amazon).  Having got those under your belt, try this book to to really develop the use of Puppet configuration and deployment.  When it comes to reporting I’d look at this book along with reporting book (reviewed here).  This book feels like more options are on offer, but Puppet Reporting is a lot richer (but you’d expect that given the different book emphasis).

In summary – good solid book, full of practical experience and ideas.  But don’t try to use this as a jumpstart to Puppet.

Below are a few links I thought might be helpful as they aren’t in the book:

  • YAML – human readable serialization format
  • Pulp – software repository management app
  • Ruby – Open Source OO programming language
  • Foreman – tool capable of extending puppet to deliver PXE capabilities along with capabilities such as reporting
  • Splunk – BigData style analytics on log files etc
  • Elasticsearch / Logstash / Kibana (ELK) – set of tools to provide analytics against log files
  • ActiveMQ – Apache implementation of a JMS compliant messaging solution used my mcollective

Mastering Puppet at Amazon.

Booking Puppet and SOA

21 Thursday Aug 2014

Posted by in Books, General, Technology

Leave a comment

Tags

, , , , , , , ,

So having been a little quiet on the book review side of things, having had a bit of time away with the family Packt have asked me to take a look at their book Mastering Puppet  (Packt site, Amazon); and excitingly I have been talking with people at Architura (the people behind the Thomas ERL SOA books published by Prentice Hall (Amazon)) and the architecture resources such as SOA Patterns with the possibility of contributing to the pre-publication reviewing of a new book in the series in the next month or so – should be interesting.

Talking of pre-publication reviews Applied SOA Patterns on the Oracle Platform which I contributed reviews to is now publisher on the Packt Site and Amazon.

 

JDeveloper 12c

29 Tuesday Jul 2014

Posted by in General, Oracle, Technology

Leave a comment

Tags

, , , , , ,

So I have been using JDeveloper 11g for a while and have to admit that I wasn’t a big fan finding a bit flaky and prone to crashing. The biggest driver to using it has been the fact that it offers a lot of XMLSpy like features without the stupidly high XMLSpy license costs.

With JDeveloper 12c arriving I took the opportunity to give it a go. Wow, is it so much better – quicker particularly during the startup cycle and way more reliable. The features around XSD editing haven’t significantly changed but just feels subtly easier to use.

With all the features around working with SOA Suite 12c and Weblogic 12c for core Oracle development I can imagine it is a huge step forward.

With the easier deployment of 12c getting PoC work done should be a lot easier. It’s just a shame still needs that huge 8GB footprint to do anything meaningful and my company laptop being a notebook (great for travelling with) doesn’t pack that punch and Oracle isn’t yet offering low cost SOA Suite deployments in the cloud yet.

Evaluating SSL certificates for SaaS

29 Tuesday Jul 2014

Posted by in General, Technology

Leave a comment

Tags

, , , , ,

So when looking at SaaS solutions one of the things we consider is the strength of the SSL certificate, and when using a small provider who the Certificate Authority as commercial authorities will provide insurance for a breach which can go to paying some of the cleanup costs (assuming the breach isn’t from negligence).

So how to evaluate SSL certificates in terms of robustness (i.e. cryptographic strength) after all some people will talk. About 128 bit certificates and others such as Google mention 2048 which on the surface don’t seem comparable.

So the bit length is to do with the cryptographic algorithm used of which there are several such as AES, 3DES and so on. No I’m no expert on this so I won’t presume to explain the pros and cons of the different algorithms, there are other resources on the web for that (such as this document).

The point I have been working towards is that NIST (National Institute of Standards and Technology)(aside from being a good resource on security) have tables  that recommends the size of the key used to help build the certificate (the document is here and tables 1 & 2 contain the key details, more here). The tables shown below takes into account the algorithm (therefore a comparator on key size) but also a recommended growth in key size.

 

NISTTable2 NISTTable

 

An alternative representation of the same information can be found here and the 1st table here.

So why grow a key size well one of the factors in driving key size is that as computing power increases the time and effort to brute force crack of a key shrinks. So every time the key size increases so does the effort to brute force the cracking of the key.

This leads to secondary consideration – that of the certificate life i.e. how long the certificate is valid for. This is in effect to potentially greatest period of exposure based on the fact that someone may brute force your certificate and then simply listen to the traffic so you never know of the compromise. Obviously you can revoke the certificate at any time.

Finally remember the need and level of security should be informed by assessing the data being transferred (in motion). Data security should also be considered for data at rest I.e being stored (data loss from a data store is likely to be far more damaging).

Review of Creating Flat Design Websites

18 Friday Jul 2014

Posted by in Books, General, Technology

Leave a comment

Tags

, , , , , , , , ,

I always find when looking at book if I encounter early in the book comments such as “…eventually I found out that design is not about the answers, it’s about asking the right questions …” as Antonio Pratas does in the Acknowledgement of Creating Flat Design Websites that the book feels like I can trust the author as this sort of thing is both an honest observation and one that reflects some more considered thinking. The book beards this point out. For example rather than pitching the technology or approach as a tool for all things as many IT books have habit if doing, even in the first couple of chapters we are clearly informed that flat design isn’t necessarily correct approach in all cases and examples are given to illustrate the point.

The opening chapter explains the ideas of flat design vs skeuomorphic, and a brief history of the design approaches and “flat’s” ruse in popularity. Even providing an incredibly simple illustration that doesn’t demand that you be a graphic artist to achieve to show the differences and how you might move from skeuomorphic to flat.

The following chapters look at the consideration for usability, referencing Jakob Neilsen’s work (and if design piques your interest I’d highly recommend the work of Neilsen’s partner at NN/g – Don Norman with writing such as the Design of Everyday Things). The only criticism I might make here is with UI design, and specifically web there are legal (in the UK this cones presently as part if disability discrimination) and industry standards (particularly W3C’s WCAG standard/guidelines) aren’t really mentioned. But if you start digging into good usability material you will encounter these aspects.

From this point when are then guided through a design approach with plenty of recommendations on how to approach the design phase (from the basics of considering your target audience onwards).  It is only chapter 5 that really get stuck into web tech with HTML and the Designmodo framework built on Twitter’s Bootstrap and chapter 6 covers building your own flat UI framework. So this book maybe pitched at web app development, but actually the bulk of the books content holds true whether you’re working on web solutions, thick apps for the desktop or the mobile variety as it embodies the principles if good interface design.

Not only does it successfully talk about good design it bridges the gap between techies and graphic artists without the sense it is trying to address either skills base. No mean feat.

Rather than stealing the book’s wealth of useful resources, I’ll point you at links relevant the book and it’s author. From there you’ll find a cast array of helpful resources. The references :

CreatingFlatDesignWebsite

Pure REST is not always a good thing

05 Saturday Jul 2014

Posted by in General, Technology

2 Comments

Tags

, , , , ,

So following REST web service best practice is not always a good thing, but of a controversial statement. That said I came across a situation that beautifully illustrated it.

I was recently asked for my opinion on a web solution that had to interact with customer data. The developers concerned implemented the functionality using REST web services and followed the principles to the letter. Except one of the services needed to locate a unique customer object. To do this the service enough customer details are provided in the URL to obtain a unique record.

So regardless of the security Implemented using strong SSL and payload encryption in the solution implementation we have just exposed every element in the network that can log URIs to DPA levels of security (not to mention information commissioner requests). That is before you consider man in the middle and packet URL attacks.

What to do, such sensitive web services need to be delivered without personal data in the URL, we could go via WSDL (but our use case points to REST being a better approach) or we follow the object creation pattern for REST (and pay the price of not caching the results on the web tier although if we are concerned about security then this isn’t such a bad thing and we can still get performance on the DB tier. Using the payload is probably the right thing to do.