17 Monday Feb 2020
Posted in Dev Meetup, development, General, Oracle, Technology
Tags
@GeertjanW, code, developer, enterprise, framework, javascript, JET, meetup, toolket
Last night was the latest in #OracleDeveloperMeetups in London. The evening’s focus was on JavaScript Frameworks, Toolkits and Web Components. Whilst the event is sponsored by Oracle the focus is very much on the challenges of JavaScript Frameworks.
15 Monday Jun 2015
Posted in General, Technology
Tags
API, enterprise, ESB, Microservices, MSA, SOA, SOI
Moving my recent blogs on Microservices (Microservices & UI, Microservices) forward a bit further as a result of discussing the ins and outs of using the paradigm. Microservices as the very name suggests is the polar opposite of most COTs and particularly ERP solutions which are pretty much modularised monoliths.
It raises the question of can Microservice Architecture (MSA) deliver any benefit in this situation where buy dominates over build. I believe the answer is to an extend yes. Many consider MSA to be SOA++ although I’m not sold on this MSA does exhibit what has been referred to as Service Oriented Integration (SOI) characteristics. That is the key is not the pure service ideas that you would get if you applied the recommendations of Thomas Erl.
The difference between SOI and SOA is that SOI focuses on things like interface contracts and pulling components together (regardless of whether they embody SOA ideals). Where as SOA focuses more on the business process and capability composition. How components are pulled together is an area where MSA has a strong position.
Where SOA and to an extent SOI would need an ESB (or ESB like) platform to perform the business rules and decisioning we should be keeping the intelligence out of the ESB. You will probably still want an ESB or event registration framework so that all services can register to receive events and react as necessary – I.e. Pure pub-sub model.
One of the SOA patterns for dealing with monoliths was to promote the idea of wrapping such services with a SOA abstraction tier so that you can replace the ERP, build out custom capabilities etc. does this hold true friends a MSA approach. I would suggest yes, but rather than the purity of SOA the abstraction should be aiming for the goals of SOI and simplification both in the ERP interaction, but also moving orchestration intelligence out of an ESB into the services. You can seen a Genesis of this potential with Oracle’s Cloud Adapters whose base framework aims to simplify the integration.
So what might be he benefit of building the Microservice layer? We know MSA exchanges code complexity in the service for agility in service delivery. But when there is a monolith behind the services do you gain anything? The answer is potentially, but will be very dependent on the monolith and ESB. For example if you can actually patch your monolith quickly and easily I.e it doesn’t have huge dependency chains and deployment capabilities such as Oracle EBZ 12.2 includes improved deployment framework that reduces or removes downtime. Like wise if the middleware is exploiting the best of SCA (as offered by Oracle SOA Suite) and or an OSGi container such as Apache Karaf then the benefits start to become more marginal. It becomes more a devil you know style of debate.
10 Wednesday Jun 2015
Posted in General, Technology
Tags
bimodal, Boomi, Citizen Integrator, enterprise, Excel, Gartner, integration, iTunes, Jason Bloomberg, OIC - ICS, Oracle
Over the last year or so I have been looking a lot at technologies that Gartner and others have branded as ‘Citizen Integrators‘ – products such as Dell Boomi, and the recently launched Oracle Integration Cloud Service. What I believe we are seeing is the appearance of a product family that in many respects will be to Integration what Excel has been to Finance systems. This is to say that Finance Systems such as large ERPs tend to be changed slowly when it comes to introducing process changes, but users can get reports easily to extract data into their Excel spreadsheets. We have the old joke that organisations finance can end up being run on Excel (http://www.wired.com/2014/03/many-spreadsheets-take-run-fortune-500-company/).
So don’t get me wrong, I’m not saying these tool are evil and should be banned or the such like, as such thinking is utter folly. I am looking at the quote much attributed to Spiderman (Stan Lee) but has been traced back to Voltaire:
With great power comes great responsibility
Why do I use this quote, well my experience (and that established by many others) is that with ease and agility comes a quick answer rather than a well thought out answer. That ease can be through cost (how many times have organisations discovered key systems solutions being run off someone’s desktop stuffed away in the corner of an office because they have been able to cheaply acquire the hardware and software get setup and then had viral adoption).
It is therefore beholden on those of us that understand the challenges of integration should be seeking to help our ‘citizens’ appreciate (not lecture, brow beat etc) the implications and some intelligent governance to ensure systems are not accidentally ‘poisoned with unexpected data’ and you don’t fall foul of legal obligations.
The biggest challenge, is for SME’s to ensure that their colleagues within the IT organisation who face into the business organisation understand and promote the right thinking. After all, developers and architects alike, think like all drivers -that they’re at least above average if not good drivers – after all why would we be in the job? But to set the average we can’t all be in that place (http://www.psychologicalscience.org/index.php/news/motr/when-it-comes-to-driving-most-people-think-their-skills-are-above-average.html).
This of course also touches upon the arguments with Gartner’s bi-modal approach to IT, such as those presented by Jason Bloomberg. Personally I believe pace layering is right, but bi-modal thinking can create opportunities for things to be done badly – not an absolute certainty, but to work needs some strong hands trusted by organisational executives to steer successfully – something that seems rather rare.
26 Monday Jan 2015
Posted in Books, Oracle, Technology
Tags
ebook, enterprise, free, mobile, Oracle
Oracle a free Ebook about enterprise Mobility – it can be downloaded from https://blogs.oracle.com/imc/entry/free_oracle_special_edition_ebook1 The book focuses on the following areas:
05 Wednesday Feb 2014
Posted in Book Reviews, Books, General, Packt, Technology
Tags
Aaron Woody, book, data, datasec, enterprise, Packt, review, Security
So I have previously blogged a series of largely chapter by chapter reviews of Aaron Woody’s book Enterprise Security – A Data Centric Approach. This post tries to provide a brief summarised view pulling my thoughts of the book overall together.
As an Enterprise Architect I took an interest in this book as an opportunity to validate my understanding of security and ensure in the design and guidance work that I do I am providing good insights and directions so that the application architects and developers are both ensuring good security practices and also asking the helpful information available to other teams such as IT Security, operational support and so on.
The book has been overall very well written and extremely accessible to even those not versed in the dark arts of IT Security. Anyone in my position, or fulfilling a role as an application designer or product development manager would really benefit from this book. Even those on the business end of IT would probably benefit in terms of garnering an insight into what IT Security should be seeking to achieve and why they often appear to make lives more difficult (I.e. putting restrictions in, perhaps blocking your favourite websites).
So why so helpful, well Aaron has explained the issues and challenges that need to be confronted in terms of Security from the perspective of the organisations key assets – mainly its data (certainly the asset that is likely to cause most visible problems if compromised). Not only that the book presents a framework to help qualify and quantify the risks as a result device a justifiable approach to securing the data and most importantly make defensible cases for budget spend.
I have to admit that the 1st chapter that that introduces the initial step in the strategy was a bit of a struggle as it seemed to adopt and try to define a view of the world that felt a little too simplistic. The truth is that this the 1st step in a journey, and in hindsight important – so stick with it.
Once the basic framework is in place we start looking at tooling strategies and technologies to start facilitating security. The book addresses categories of product rather than specific solutions so the book isn’t going to date too quickly. The solution examination includes the pros and cons of their use (e.g wifi lock down) which is very helpful.
Finally to really help the book comes with a rich set of appendices providing a raft of references to additional material that will help people translate principles into practice.
To conclude, a little effort maybe needed to get you started but ultimately a well written, informative, information rich book on security.
Previous blog entries:
There is also a supporting website for the book athttp://www.datacentricsec.com/
05 Wednesday Feb 2014
Posted in Book Reviews, Books, General, Packt, Technology
Tags
Aaron Woody, book, data, enterprise, Packt, review, Security
so I have reached the final chapter of the book which covers the handling of security events and security incidents (the differentiation of the two being the consequences of the event – a piece of malware being detected on a desktop can an event as the consequences are relatively trivial compared to the defacing of an e’tailer’s website).
I have to admit I glossed through this chapter as my role within an organisation doesn’t demand the operational management of issues. That said, the book provides some clear guidance on how to develop a process to support the handling of a security issue – important as you don’t want be figuring these things out when something happens, you want to get on and focus on execution. s with previous chapters, this well written and doesn’t demand knowledge of security dark arts to get to grips with.
The book finishes with a series of appendices which provides some illustrative information for chapters in the book, plus a series of appendices of really useful additional reference information sites cover a spectrum of information from security education resources to security tools.
This series of blogs on this book will wrapped up with a short review of the whole book. But I would like to congratulate Aaron Woody on a fine book rich with helpful additional information.
Previous blog entries:
There is also a supporting website for the book athttp://www.datacentricsec.com/
28 Tuesday Jan 2014
Posted in Book Reviews, Books, General, Packt
Tags
Aaron Woody, engineering, enterprise, Kevin Mitnick, networks, review, Security, social, social engineering, wireless
Chapters 7 and 8 of the book in many respects are the polar opposites in their nature, with Chapter 7 looking at Wireless networks in the Enterprise and technicalities of different encryption frameworks, authentication and authorization. Then at the other end is chapter 8 facing into the difficulties of social engineering – the approach of using people’s own nature to divulge sensitive information. Probably one of the most famous people for this sort of thing is Kevin Mitnick and to acts of social engineering are will illustrated in the influential book Bruce Stirling’s Hacker Crackdown.
Although Chapter 7 is addressing an area many would view as the dark art of wireless network setup; it is well explained and actually worth reading by anyone who would like to better understand their own home wireless network as lot of the information (not all) is relevant even in that context. For example the benefit of supressing the visibility of the Network ID (SSID) doesn’t make the network invisible – it simply makes it harder to spot as any device such as smart phone will call out yo the network to see if it is present and this information can be picked up just as easily if you know what you’re doing.
Drilling into the social engineering aspect, the book looks at the more obvious and perhaps brute force models such as spam to increasingly subtle takes such using social media communications through the likes of linkedin to send emails loaded with malware and see the end user open them. For example pretending to be an agent with a job offer who has found you via LinkedIn. But beyond that, the amount of information being made available via social sites as it can be a means to establish a organisations’ IT fingerprint and therefore suggest the best routes to attacking IT. The chapter addresses training, and the pros and cons of different approaches, plus mitigation strategies for the different attack strategies.
Previous blog entries:
There is also a supporting website for the book athttp://www.datacentricsec.com/
01 Wednesday Jan 2014
Posted in Books, General, Technology
Tags
Aaron Woody, book, data, Data-Centric Approach, enterprise, Enterprise Security, network security, Security
Continuing into a chapter 4 of
Enterprise Security: A Data-Centric Approach to Securing the Enterprise by Aaron Woody we start to look at some technical aspects of security and technology covering things like the capabilities of new generation of firewalls, DNS security and so on. The information is presented in a very readable manner.
As an Enterprise Technology Architect, and having security specialist friends I thought I was reasonably well informed in this aspect of IT, but the book still taught me me things. Interestingly, perhaps not intended but the chapter left me with a number of things that could be incorporated into development governance that would make the work of network security a lot easier.
The chapter continues with lots of really helpful references many, maybe all are incorporated into a series of appendices that are full of helpful information references and links. If these are made available on the book’s website (see below) it would likely become a must go to site for security resources.
It does leave me asking one question how does this all fit in when using a PaaS solution such as those offered by the likes of Amazon and Rackspace?
Previous blog entries:
The book has been published by Packt (who at the time of writing are running a promotion – more here)
There is also a supporting website for the book at http://www.datacentricsec.com/
14 Sunday Jul 2013
Posted in Book Reviews, Books, Packt, Technology
Tags
Enterprise Security – A Data Centric Approach to Securing the Enterprise
Continuing with the review of Enterprise Security: A Data Centric Approach to Securing the Enterprise by Aaron Woody having given a bit of history and motivation for an alternate approach Chapter 2 of the book starts describing the data centric approach.
We start out looking at why network boundaries need to revisited – as a result of BYOD, closer integration with business partners, collapsed/simplified software stacks etc. Then go into defining in more details the data centric views and how t go about building a trust model for identifying what needs to be secured. A trust model looks at the different dimensions that can impact data:
With the guidance to help gather the information you can start to build a profile of your data and the need (or not) for security with challenges and risks that need be addressed to achieve this within an organisation. All of which has to take into account of ‘data at rest’ (i.e. in databases, flat files etc) and ‘in motion’ transfers such as email, HTTP, FTP, SQLNet and so on.
The book then begins to talk about architectures that can reflect the considerations and needs of your data.
In terms of the writing, chapter is pretty direct and to the point which is great as long as you have some basic appreciation of security needs. It would have been good to enrich the information with some examples (although the Appendix does illustrate a bit further). The ideal would have been to have a use case running through the book (perhaps at the end of each chapter applying some of the ideas to a fictitious scenario).
Useful Links
02 Tuesday Jul 2013
Posted in Book Reviews, Books, Packt, Technology
I have started to review another book, this time Enterprise Security: A Data-Centric Approach to Securing the Enterprise by Aaron Woody. Based on the interest that my review of Getting Started with Oracle Event Processing 11g I thought I’d follow a similar approach of reviewing one or two chapters at a time, although because of other constraints possibly not as quickly as last time.
As an enterprise architect, and having worked within some more sensitive environments which means security typically has a lock the world down, particularly at the perimeter. But with an increasingly less practical as we become ever more connected. Not to mention the tighter the old approaches are applied, the more the business will by pass IT (e.g. Go acquire SaaS solutions without IT support), the net result being a home goal in undermining the very thing you’re trying to achieve. So the killer question is, can the book show another way that works matching the challenges ranging from SaaS (software as a service) to BYOD (bring your own device – i.e. connecting your own smart phone to systems and work with them on the move etc) against the backdrop of increasing data legislation and commercial fallout (customer loss etc) as a result of security breaches becoming public knowledge.
Chapter 1 is very much a good scene setter, providing some of the background as to how security approaches have evolved over the last 30 or so years. It sets out some clear perspectives on the challenges of applying security such as
The book also challenges the mentality of security is the network, which a grave mistake as security impacts processes and roles just as much as it does the software and physical infrastructures.
This sets up for the journey for defining an alternate approach starting with defining the boundaries that should be considered.
Phil (aka MP3Monster)'s Blog 
You must be logged in to post a comment.