Oracle Open World Middleware Update

09 Thursday Oct 2014

Posted by in General, Oracle, Technology

Leave a comment

Tags

, , , ,

So having been fortunate enough to attend part of Oracle Open World I provided some support to the UKOUG Fusion Middleware SIG chairman with a short briefing on some of the key points from OOW.

The following are my initial notes, if you want the complete deck, it should be available through the UKOUG website.

Cloud
– key note from Larry was all cloud, cloud cloud
– more SaaS than anyone else – announced dozens of services is the last year – probably hundreds across all the sectors
– build and buy
– platform upgrade
– data as a service – BlueKai acquisition Data Management Platform
– Some of these offerings included capabilities that sounded like enterprise offered Dropbox – so might soon see personal cloud?
– data migration of data or app up and down from cloud push of a button (reality bit more complex)
– innovation for securing the cloud at lowest levels
– going after b2c and b2b capabilities

Middleware Cloud
– SOA Suite as a hosted solution or integration cloud which more like web UI for OSB integration.
– ethos change for integration cloud no deployment – develop and promote to production
– Override able Automated mappings when going between own cloud services or Oracle adaptors to 3rd party. Can built own mappings and incorporate own functionality
– Configuration controls policy driven such as error handling etc
– Can bring integrations back to on premise
– breadth & agility / ease (pace layering started to get mentioned a lot more)
– Use cases such as linkage to mobile – 7-11 use case
– More cloud adaptors coming to support 3rd party
– API inventory and discovery capabilities coming – successor to OES
– Support for JSON and REST alway through SOA rather than transformational capability only

Mobile Application Framework
– seems to have crept up quietly, successor to ADF mobile in the form of MAF Faces
– by delivering hybrid strategy like Phone Gap but enables Java in a container on Andriod & iOS
– MAF actually incorporates Apache Cordova – the open source version of PhoneGap
– with it is a new UI presentation style with all the support style guidance – ALTA
– Java on iOS but Jobs said …. done by compiling to native solution

A couple of presentation grabs ….

IMG_0107.JPG

IMG_0104.JPG

Impact of App Maintenance on brand

26 Friday Sep 2014

Posted by in General, Technology

Leave a comment

Tags

, , , , , ,

I have recently been working on some guidance on when to use mobile or web applications for my employer. What has been interesting is that there is plenty of information on the technical dimensions that should be considered. But not so much on the negative brand impact that could occur if the application isn’t targeted at users properly, and most crucially sustained.

Let me show what I mean by highlighting some common, but relevant observations.

Many end user businesses tend to work on a project or programme basis, so once a solution whether internal, B2B or B2C once delivered gets handed over to the operational teams to monitor and keep alive. Even for devops once the solution is deemed complete the bulk of the team will move to new objectives. Net result is that the solution remains static until new functional requirements are needed.

As businesses, we would like to increase the ability for customers to serve themselves and ‘shape their customer journey’ to what they want. All of which means we will increasingly see 1st point of customer engagement either as new or returning customers through apps in the same way as websites have prior to the rise in mobility.

We know that mobile devices are evolving at a tremendous rate driven by vendor competition. This has resulted in things like ever changing screen sizes and resolutions which have largely been growing but with Apple jumping into the watch market I think we’ll see another change in the next couple of years.

Not only have the screen resolutions changed, the interaction and presentation styles have been evolving. Take the huge change for IOS7 with the adoption of the ‘flat’ design paradigm, and with IOS8 subtler but important changes to allow changing of the feel of aspects like the keypad. This all before you think about the change and evolution of other solutions that you might want to integrate with such as Facebook, Twitter etc.

So, back to my original point, what does this mean? Well essentially if you’re going to invest in mobile apps you have to keep up the investment with regular updates to keep the experience current, you can’t really use the project model. With stats like Gartner’s around security (75% of apps not passing security tests by 2015) there is a clear need also to invest in capability to drive quality into the solution in all the less visible non functional issues and examining the solution continually from the user view point. This all adds upto a mobile application not being cheap.

Just to bring my point home, below are some screen shots from the Apple App Store taken very recently which reflect what happens and the impact you could end up with (and the feedback in a form that you’re unlikely to address). Not to mention Virgin is a pretty brand aware organisation, so we’d have thought they wouldn’t have got caught out by these challenges.

IMG_0102.PNG

IMG_0101.PNG

What Ghandi said …

16 Tuesday Sep 2014

Posted by in Books, General

Leave a comment

Tags

According to Ruby Wax in here serious but humourous book Taming the Mind

Gandhi said, ‘There is more to life than speed’. Unfortunately he didn’t tell us what, he just left us hanging while he pranced around in his nappy.

Wax, Ruby (2013-06-06). Sane New World: Taming the Mind (Kindle Locations 171-172). Hodder & Stoughton. Kindle Edition.

Next Generation SOA book – part of the Thomas Erl Series

14 Sunday Sep 2014

Posted by in Book Reviews, Books, General

1 Comment

Tags

, , , , ,

I recently contributed to the prepublication review of the Next Generation SOA book. Aside from offering feedback, I also provided some praise for the book which has been published at servicetechbooks.com/nextgen and quoted below …

“This is the perfect book for anyone who wants to refresh, or get a handle on the foundations of SOA without delving into the deep technical details & implementation specifics. By working from the principles, the book shows how the SOA concepts and goals have matured, influenced and grown with technologies such as Master Data, Virtualization and Cloud. The book points to other volumes in the series for the depth of detail and technicalities, allowing you to get the broad picture view and without any vendor colouration.”

– Phil Wilkins, Enterprise Integration Architect

I would actively recommend the book to anyone who has an IT leadership role.

IMG_0099.JPG

Adopting Collaboration Tools in the Workplace

14 Sunday Sep 2014

Posted by in General, Technology

Leave a comment

Tags

, , ,

I was recently reading an article from MIT Sloan about the use of collaboration tools in the enterprise. The article made the point that collaboration tools are being introduced into the workplace, but not being effectively leveraged and people continuing to use email. I think there is a correlation here to some of the statistics for mobile and web applications.

So let me start with some facts, and some thoughts before I bring it back to the point about office collaboration.

We know from research from organisations such as PEW (general view of use, older generation view) that there is a correlation between age and use of mobile devices, and mobile apps. This I believe reflects on technology in general. As collaboration technology goes, it is a fairly young set of ideas. Although many will associate collaboration with social – there is a difference when social is more simply just sharing information. Collaboration is not just sharing but collectively working on assets such as documents.

Add to this a view of the demographics of any enterprise leadership (although IT is something of an exception) and you will see that leadership is an older generation (illustrated by this FT article). So, understandably less likely to lead an organisation into technology adoption.

Add to this the constant noise and increased pressure on information security, remembering that the most harmful security compromises originate internally. So with this sort of consideration you’re likely to see downward pressure to keep things tightly controlled. Such tight reigns seriously impact collaboration from my experience.

The last key thread, is the fastest way to encourage adoption of something is for the executive and senior leadership visibly adopt something. Organisational role comes with an inferred command (a well established piece of psychology) best illustrated by a story where a chief exec wanted to motivate staff, so spent time wondering around talking with his staff, and in doing so made observations and suggestions to people thinking he was helping. But as his role inferred a level of command, he sound discovered that those suggestions and ideas had been read as instructions and his staff where rapidly implementing such suggestions.

So here you have a recipe, where executives potentially don’t get the power of collaborative technology, potentially nervous of the security implications and least of all not using position to leverage it. You can see why the technologies aren’t being effectively exploited.

What is worse, is that you will see hotspots of collaboration which will be established by those who get the ideas and will inspire their colleagues. This is the true risk of collaboration as it is unlikely to controlled or properly secured with no contingency or remedial actions in the event of a security breach as those situations aren’t being dealt with by

Mastering Puppet Review

09 Tuesday Sep 2014

Posted by in Books, General, Technology

Leave a comment

Tags

, , , , , , , , , , , , ,

Packt’s Mastering Puppet kicks off with substantial first chapter on how to setup Puppet in a manner that can then scale. The core of this is driven by an explanation of the constituent parts of a Puppet solution and where the workload is. In terms of execution this is as much about understanding the configuration of things like Apache, Passenger and Ningx as it is Puppet. As part of the explanation there are indicative numbers in terms of supportable scale which reflects the knowledge of the product.

Looking at configuration distribution for headless deployments with Git is a solid well considered piece and the writing suggests considers all the needs of a solid deployment of a production quality solution such as access control, whilst supporting collaborative working etc. it would be interesting to have seen how that would have stacked against capabilities such as Zookeeper.

As we move through the chapters the books continues with more advanced themes such as using Hiera as a object hierarchical framework for managing configuration and on into leveraging Puppet forge and various Git repositories (and the challenges when linking to git repositories of the latest code vs a release). With the repositories we can draw in additional tooling and how to incorporate these capabilities into a deployment. This includes looking at several modules that practical experience from the author would recommend.

By chapter 6 we’re into writing our own custom modules and facts and deploying them. So you can do things such as create modules to manage your custom solutions.

The next natural step is to look at the reporting aspects of Puppet, orchestration through marionette collective (mCollective). Obviously to report you need to gather the activity information, so the book touches on the out of the box (OOTB) approach and moves onto the idea of using IRC; presentation via Foreman and Puppet Dashboard. Finally then with a reporting view, the next step is to dynamically query the nodes in Puppet environment which uses mcollective to communicate back & forth with the nodes.

So now we have a dynamically configurable set of Nodes, which can report and have dynamic querying against the nodes.  Final chapters cover the use of things like PuppetDB, roles & profiles and developing and debugging your puppet environment.

Reading the book, I get the feeling that a fair grasp of Linux system administration would help (i.e. a bit more than the average developer). There are a few useful touches that I think could have been included, such as external references such as man pages for RPM or site for the Pulp tool mentioned. But, as criticisms go, this as much me being too lazy to Google. The only other refinement would be inclusion of some diagrams to support the words. As they say a picture can tell a 1000 words, even if this was to just show the hierarchy or directory structures involved.

Compared to the recently reviewed Puppet Reporting book, this book isn’t for someone starting out with Puppet (but the Packt site says as much). You atleast need to have got some basic understanding or practical exposure to Puppet,  and exposure to a development environment is an added bonus.  So if you’re setting out with Puppet you might consider starting with the Puppet 3 Beginner’s Guide (Amazon) or Instant Puppet 3 Starter (Amazon).  Having got those under your belt, try this book to to really develop the use of Puppet configuration and deployment.  When it comes to reporting I’d look at this book along with reporting book (reviewed here).  This book feels like more options are on offer, but Puppet Reporting is a lot richer (but you’d expect that given the different book emphasis).

In summary – good solid book, full of practical experience and ideas.  But don’t try to use this as a jumpstart to Puppet.

Below are a few links I thought might be helpful as they aren’t in the book:

  • YAML – human readable serialization format
  • Pulp – software repository management app
  • Ruby – Open Source OO programming language
  • Foreman – tool capable of extending puppet to deliver PXE capabilities along with capabilities such as reporting
  • Splunk – BigData style analytics on log files etc
  • Elasticsearch / Logstash / Kibana (ELK) – set of tools to provide analytics against log files
  • ActiveMQ – Apache implementation of a JMS compliant messaging solution used my mcollective

Mastering Puppet at Amazon.

Booking Puppet and SOA

21 Thursday Aug 2014

Posted by in Books, General, Technology

Leave a comment

Tags

, , , , , , , ,

So having been a little quiet on the book review side of things, having had a bit of time away with the family Packt have asked me to take a look at their book Mastering Puppet  (Packt site, Amazon); and excitingly I have been talking with people at Architura (the people behind the Thomas ERL SOA books published by Prentice Hall (Amazon)) and the architecture resources such as SOA Patterns with the possibility of contributing to the pre-publication reviewing of a new book in the series in the next month or so – should be interesting.

Talking of pre-publication reviews Applied SOA Patterns on the Oracle Platform which I contributed reviews to is now publisher on the Packt Site and Amazon.

 

Walk by shooting

19 Tuesday Aug 2014

Posted by in General, Photography

Leave a comment

Tags

, , ,

No, I’m not talking about some weird variation of drive by shooting for malls or that European phenomena of pedestrianized city centres (or some poor joke about the events in Ferguson). But an approach to taking photos whilst on holiday with you family.

When holidaying with family the opportunity to work out the best location to get your shot, adjust you exposure, aperture and so on doesn’t exist – your other half doesn’t want to stand around for ages and you’re trying to keep track of your children.
Nantes Cathedral
But at the same time you don’t want to be reduced to taking ‘snaps’. Now, a lot of photography books would say you split your time go persue the photography whilst the rest of the family are chilling etc. Which is all well and good, but with a young family not so easy, and what about when you’ve spent an hour driving somewhere. Are you really going to drive back to where you’re staying, turn around and drive back?

 

So the approach I’ve taken to have a sense of the sort of pictures that you might want to take.  Look ahead to where you’re walking/travelling and try ‘steer’ things in the direction that would give you the best chances of an acceptable picture.  Have you camera prepared in terms of settings – that may mean relying on preconfigured modes or settings, or just quickly flicking between the different modes to get different depths of field etc.  Have a stab at setting the focus to be roughly what you’ll want as you approach your subject.  Don’t set the focus to be too tight – in the world of digital you can then crop and tweak any slight angle challenges (yes for the old  school – that is cheating, but cheat a little or no photo?).

When taking the picture – with a digital SLR you might was well have the camera on multi frame shutter and bracketing modes. At the end of the day you can bin the bad frames to free up storage on you memory stick.  Not to mention a multi-gig USB card these days is cheaper than a reasonable role of quality negative now, so be trigger happy with your young children etc you’re likely only get one crack at the photos.  All of this means you’ll probably got through 6 or 8 frames for every photo you’re going to consider passable.
A sharks smile    Silverback Gorilla

 

Of course there is nothing wrong with snaps – a chance to pickup images that amuse, like this …Nice Things Hopefully you might find some other images you like at http://photos.mp3monster.org 

JDeveloper 12c

29 Tuesday Jul 2014

Posted by in General, Oracle, Technology

Leave a comment

Tags

, , , , , ,

So I have been using JDeveloper 11g for a while and have to admit that I wasn’t a big fan finding a bit flaky and prone to crashing. The biggest driver to using it has been the fact that it offers a lot of XMLSpy like features without the stupidly high XMLSpy license costs.

With JDeveloper 12c arriving I took the opportunity to give it a go. Wow, is it so much better – quicker particularly during the startup cycle and way more reliable. The features around XSD editing haven’t significantly changed but just feels subtly easier to use.

With all the features around working with SOA Suite 12c and Weblogic 12c for core Oracle development I can imagine it is a huge step forward.

With the easier deployment of 12c getting PoC work done should be a lot easier. It’s just a shame still needs that huge 8GB footprint to do anything meaningful and my company laptop being a notebook (great for travelling with) doesn’t pack that punch and Oracle isn’t yet offering low cost SOA Suite deployments in the cloud yet.

Evaluating SSL certificates for SaaS

29 Tuesday Jul 2014

Posted by in General, Technology

Leave a comment

Tags

, , , , ,

So when looking at SaaS solutions one of the things we consider is the strength of the SSL certificate, and when using a small provider who the Certificate Authority as commercial authorities will provide insurance for a breach which can go to paying some of the cleanup costs (assuming the breach isn’t from negligence).

So how to evaluate SSL certificates in terms of robustness (i.e. cryptographic strength) after all some people will talk. About 128 bit certificates and others such as Google mention 2048 which on the surface don’t seem comparable.

So the bit length is to do with the cryptographic algorithm used of which there are several such as AES, 3DES and so on. No I’m no expert on this so I won’t presume to explain the pros and cons of the different algorithms, there are other resources on the web for that (such as this document).

The point I have been working towards is that NIST (National Institute of Standards and Technology)(aside from being a good resource on security) have tables  that recommends the size of the key used to help build the certificate (the document is here and tables 1 & 2 contain the key details, more here). The tables shown below takes into account the algorithm (therefore a comparator on key size) but also a recommended growth in key size.

 

NISTTable2 NISTTable

 

An alternative representation of the same information can be found here and the 1st table here.

So why grow a key size well one of the factors in driving key size is that as computing power increases the time and effort to brute force crack of a key shrinks. So every time the key size increases so does the effort to brute force the cracking of the key.

This leads to secondary consideration – that of the certificate life i.e. how long the certificate is valid for. This is in effect to potentially greatest period of exposure based on the fact that someone may brute force your certificate and then simply listen to the traffic so you never know of the compromise. Obviously you can revoke the certificate at any time.

Finally remember the need and level of security should be informed by assessing the data being transferred (in motion). Data security should also be considered for data at rest I.e being stored (data loss from a data store is likely to be far more damaging).