08 Tuesday Oct 2019
Posted in Cloud, Dev Meetup, General, Technology
Tags
#OracleDeveloperMeetup, blockchain, demo, HyperLedger, Joost Volker, London, meetup, Oracle, Robert Van Molken, SDK
Whilst the weather may have put some off venturing out, not for our intrepid duo of presenters – Joost Volker (Oracle PM for a Blockchain) and Robert van Mölken Oracle Groundbreaker Ambassador and author of Blockchain Across a Oracle who both had to negotiate protesting farmers, traffic jams, flight delays (wrong kind of rain to land in London) and London’s rush hour traffic.
10 Tuesday Sep 2019
Posted in Dev Meetup, General, Technology
Tags
FluentD, Istio, Jaeger, Kiali, logging, meetup, monitoring, observability, OKE, OpenTracing, Oracle, Tracing
Last night was the London Oracle Developer Meetup’s sessions around observability. Andrei Cioaca with a focus on the use of OpenTracing as provided by Jaeger, in a standard Kubernetes deployment with Istio – realized with Oracle Kubernetes Engine (OKE). This was followed by my session on another pillar using logging via FluentD. Also incorporated into standard Kubernetes, but also able to support traditional monolithic use cases.
@andreicioaca starts talking about Oracle #Kubernetes #OKE #istio and #OpenTracing at the #OracleDeveloperMeetup #London @PaaSCommunity pic.twitter.com/HISzpmxjaN
— Phil Wilkins (@PhilConsultant) September 9, 2019
Andrei provided a great overview of the 3 pillars and the strengths and weaknesses of the different pillars. With the basics covered Andrei then dove into the configuration and execution of Istio combined with Jaeger and the corresponding insights available. including a look at the kinds of visual insights that Jaeger and Kiali provide. Some probing conversations followed about the relationship to Spring Cloud Sleuth, Open Zipkin and the OpenTracing as a concept more generally.
Andrei’s presentation material can be found in his GitHub repository here.
Google Analytics on Search Terms
My session followed a pizza break, as there was a delay in its arrival. With everybody having chatted over pizza about OpenTracing, we picked up on FluentD and the Logging aspect to Observability. FluentD, as an open-source project has been growing steadily, and actually baked into several Log Analytics products and services – as the above analytics from Google shows.
The presentation looked at the growing challenges of modern software in terms of making sense of logging. We explored the capabilities of FluentD before drilling into real-world use cases and potential deployment models.
As you’ll see from the slides we ran a couple of demos. The configuration for the demos can be found at https://github.com/mp3monster/fluentd-demos along with an example payload.
The next meetup we have organized is around Blockchain, all the details can be found at https://www.meetup.com/Oracle-Developer-Meetup-London/events/264661742/.
Other related info …
06 Friday Sep 2019
Posted in General, Technology
Tags
Capgemini’s Oracle Expert Community – which includes myself, have been asked to publish articles directly to LinkedIn as part of the supporting activities to Oracle Open World. So here is my offerings: https://www.linkedin.com/pulse/connection-between-api-gateways-opentracing-phil-wilkins/.
This is a short look at why API Gateways at the boundary of your environment when supporting OpenTracing can offer more values.
30 Friday Aug 2019
Posted in API Platform CS, General, Oracle, Technology
At the time of writing the Oracle API Platform doesn’t support the use of Socket connections for handling API data flows. Whilst the API Platform does provide an SDK as we’ve described in other blogs and our book it doesn’t allow the extension of how connectivity is managed.
The use of API Gateways and socket-based connectivity is something that can engender a fair bit of debate – on the one hand, when a client is handling a large volume of data, or expects data updates, but doesn’t want to poll or utilize webhooks then a socket strategy will make sense. Think of an app wanting to listen to a Kafka topic. Conversely, API gateways are meant to be relatively lightweight components and not intended to deal with a single call to result in massive latency as the back-end produces or waits to forward on data as this is very resource-intensive and inefficient. However, a socket-based data transmission should be subject to the same kinds of security controls, and home brewing security solutions from scratch are generally not the best idea as you become responsible for the continual re-verification of the code being secure and handling dependency patching and mitigating vulnerabilities in other areas.
As a general rule of thumb, web sockets are our least preferred way of driving connectivity, aside from the resource demand, it is a fairly fragile approach as connections are subject to the vagaries of network connections, which can drop etc. It can be difficult to manage state (i.e. knowing what data has or hasn’t reached the socket consumer). But sometimes, it just is the right answer. Therefore we have developed the following pattern as the following diagram illustrates.
The client initiates things by contacting the gateway to request a socket, with the details of the data wanted to flow through the socket. This can then be validated as both a legitimate request or (API Tokens, OAuth etc) and that the requester can have the data wanted via analyzing the request metadata.
The gateway works in conjunction with a service component and will if approved acquire a URI from the socket manager component. This component will provide a URL for the client to use for the socket request. The URL is a randomly generated string. This means that port scans of the exposed web service are going to be difficult. These URLs are handled in a cache, which ideally has a TTL (Time To Live). By using Something like Redis with its native TTL capabilities means that we can expire the URL if not used.
With the provided URL we could further harden the security by associating with it a second token.
Having received the response by the client, it can then establish the socket-based connection which gets routed around the API Gateway to the Socket component. This then takes the randomly-generated part of the URL and looks up the value in the cache, if it exists in the cache and the secondary token matches then the request for the socket is legitimate. With the socket connection having been accepted the logic that will feed the socket can commence execution.
If the request is some form of malicious intent such as a scan, probe or brute force attempt to call the URL then the attempt should fail because …
You could of course craft in more security checks such as IP whitelisting etc, but every-time this is done the socket service gets ever more complex, and we take on more of the capabilities expected from the API Gateway and aside from deploying a cache, we’ve not built much more than a simple service that creates some random strings and caches them, combined with a cache query and a comparison. All the hard security work is delegated to the gateway during the handshake request.
Thanks to James Neate and Adrian Lowe for kicking around the requirement and arriving at this approach with us.
28 Wednesday Aug 2019
Posted in General, Oracle, Technology
Tags
AWS, Azure, Cloud, costs, data, ExpressRoute, FastComnect, Oracle, OracleCloud
Over the last couple of years, we have seen growing references to multi-cloud. That is to say, people are recognizing that organisations, particularly larger ones are ending up with cloud services for many different vendors. This at least in part has come from where departments within an organization can buy meaningful resources within their local budgets.
Whilst there is a competitive benefit of the recent partnership agreement between Microsoft and Oracle given the market margin AWS has in comparison to everyone else. Irrespective of the positioning with AWS, this agreement has arisen because of the adoption of multi-cloud. It also provides a solution to the problem of running highly resilient Oracle database setups using RAC, DataGuard etc can be made available to Azure without risk to security and the all-important network performances that are essentially to DB operation. Likewise, Oracle’s SaaS offerings are sector leaders if not best in place, something Microsoft can’t compete with. But at the other end, regardless of Oracle’s offerings, often organisations will prefer Microsoft development ecosystem because of the alignment to office tooling, the ease of building solutions quickly.
Multi-cloud even with the agreements like the Microsoft and Oracle one (See here), doesn’t mean there won’t be higher costs in crossing clouds. Let’s see where the costs reside …
If data egress is the key challenge to costs, what drives the data egress beyond the obvious content for user interfaces? …
In addition to the data flows, you need to consider how other linkages in addition to the Oracle-Azure connection are involved. In the detailed documentation, it is not possible to get your on-premises location connected to one of the clouds (e.g. Oracle FastConnect, and then assume your traffic can hop to Azure via the bridge using FastConnect and Azure’s ExpressRoute. To add performance to your solution parts in both Azure and Oracle Cloud, you still need to have FastConnect and ExpressRoute configured to your on-premises location. This, of course, may impact how bulk data for lift and shift app use cases such as EBS may be applied. For example, if you choose to regularly bulk data transfer between on-premise and EBS via the app/middleware tier rather than via direct DB, and that mid-tier is running in Azure – you will need both routes established.
There is no doubt that the Oracle-Azure cloud to cloud linkage is a step forward, but ‘the devil is in the details‘ as the saying goes. To optimize the benefits and savings we’d suggest that you;
19 Monday Aug 2019
Tags
Ace, ACED, Ground Breaker, MVP, Oracle
For the observant, you’ll have noticed that I have a logo on the left side of my site saying Oracle Ace. Periodically I get asked what is it, what does it mean, and for those who are less involved in the Oracle community probably don’t know what it means.
Most developers will probably have encountered the idea of Java Champions or perhaps Microsoft MVPs (Most Valued Professional). All of these badges and other large vendors such as SAP have comparable ones are a recognition of individuals outside of the organisation (in this case Oracle) who do a lot to support the community and wider technology ecosystem.
These contributions vary but typically take the form activities such as writing blogs/articles/books, answering questions on StackOverflow and other community sites where questions are raised and answered by experts. Organising and/or presenting at conferences.
This is the content helps bridge the gap between the standard guidance, documentation, white papers that the vendors will produce and real-world practical experience.
Whilst you, in theory, you don’t have to be an expert to be part of these advocacy programmes, the reality is to communicate the meaningful value you need to have a level of experience and understanding that is more than the majority. I know a number of people in the Ace community who would deny being experts, and the only thing that differentiates them from everyone else is being willing to stand up and share what they have learnt. I would say that inevitably they are experts, as the processes and resource (at least for Aces inevitably enable that development of expertise as I will try to illustrate shortly).
But before we progress, let me quickly summarise the advocacy communities that Oracle support …
Java Champions – these are people working in the pure Java ecosystem
Ace then a at the top are a smaller community ofAce’s generally focus on Oracle’s mainstream products from the database to Middleware like WebLogic and Apps
The final group are Groundbreaker Ambassadors – this group are comparable to Ace Directors and actually progress through the Associate and Ace accreditation. But rather than focus on more traditional Oracle offerings this group tend to work with what could be described as modern app dev tech from Microservices and APIs to Blockchain.Why get involved in such a community? Whilst I can only speak for myself, I suspect some of my motivators hold true for others, for me, it’s about…
Coming back to the point of expertise, as you develop within the community, the chances of learning from others increases, but developing relationships with product management means getting to hear about what’s next etc as well as getting to hear the product managers and their thinking. In fact, Ace Directors and Groundbreakers have dedicated briefing sessions and additional access that provides further insight into the product, strategy and direction. These relationships can start to create a virtuous circle of knowledge accumulation.
Carrying the badge of a vendor, and obviously contributing to a vendor’s community carries the risk of being perceived as not being independent/impartial or perhaps understanding the wider landscape. But having been part of the community, this is deeply inaccurate. The community members I know take pride in being professional which usually means being clearly impartial and appreciating the wider IT landscape in which they specialize. Being an Ace doesn’t mean you only know Oracle products, many Ace’s in the integration and development space are often also certified on the Azure or AWS platforms for example. What you won’t find is an Ace publicly calling Oracle out, but then with the access afforded/acquired into the organisation means where there are concerns/challenges/issues they are communicated through the relationships developed and this input appears to be taken very seriously.
When it comes to benefits, there are some, but I wouldn’t want people to think that it will ‘pay’ for the level of effort put in. The benefits are very much in the realm of acknowledgement for the contributions made. So yes, we get a few goodies – nice polo shirt with the community logo and the alike. Engraved glassware acknowledging your progress to Ace. The real reward for me is the community and having opportunities to share insights and a bit of acknowledgement of the effort invested, everything else is a bonus.
09 Tuesday Jul 2019
Posted in Dev Meetup, drone, General, Oracle, Technology
This Meetup was put together quickly as it presented an opportunity to align with other events happening in the Oracle offices. Despite the relatively short notice we a turn out that really made great use of our speaker – Sid Joshi who walked through the Enterprise Level patterns supported by Oracle’s Integration Cloud (OIC) including a demo showing how PaaS4SaaS worked using Service Cloud and OIC making use of VBCS and integration (formerly ICS) parts of the API Platform.
As with all the meet-ups we allow the discussions to flow freely. So, the conversation probed different aspects of OIC. So with the follow up on Several Capgemini use cases of OIC that have won the team awards.
You can see these use cases here. Sid’s presentation is available AppIntegrationPatterns_MeetUp. Additional resources can also be obtained from https://oracle-integration.cloud
As the conversation has focused on OIC and the use cases rather than our ongoing Drones with APIs stories, I have had an interesting follow on discussion about the application of drones. The drone story has many threads. The initial driver for the work on the drone has been about bringing something interesting and distinctive to the meetup. The drone is very tangible, and the source of amusement which makes the meetups a lot more fun.
03 Wednesday Jul 2019
Posted in API Platform CS, APIs & microservices, General, Oracle, Technology
The Oracle API Platform adopted an intelligent pricing model by basing costs on API call volumes and Logical gateway node groupings per hour. In our book about the API Platform (more here). We suggested that a good logical grouping would be to reflect the development, test, pre-production and production model. This makes it nice and easy to use gateway based routing to different environments without needing to change the API policy configuration as you promote your solution through environments.
We have also leveraged naming and Role/Group Based Access Controls to make it easy to operate the API Platform as a shared service, rather than each team having its own complete instance. In doing so the number of logical gateways needed is limited (I.e. not logical gateway divisions on per team models needed). Group management is very easy through the leveraging of Oracle’s Identity Cloud Service – which is free for managing users on the Oracle solutions, and also happens to a respected product in its own right.
Most organisations are not conducting development and testing 365 days a year, for 24 hours a day (yes in an ideal world prolonged soak and load tests would be run to help tease out cumulative issues such as memory leaks, but even then it isn’t perpetual). As a result, it would be ideal to not be using logical gateways for part of the day such as outside the typical development day, and weekends.
Whilst out of the out of hours traffic may drop to zero calls and we may even shutdown the gateway nodes, this alone doesn’t effectively reduce the number of logical gateways as the logical gateway aspect of the platform counts as soon as you create the logical group in the management portal. This in itself isn’t a problem as the API Platform drinks it’s own Champagne as the saying goes, and everything in the UI is actually available as a published REST endpoint. Something covered in the book, and in previous blog posts (for example Making Scripts Work with IDCS Deployed PaaS and Analytics and Stats for APIs). Rather than providing all the code, you can see pretty much all the calls necessary in the other utilities published.
Before defining the steps, there are a couple of things to consider. Firstly, the version of the API deployed to a specific logical gateway may not necessarily be the latest version (iteration) and when to delete the logical gateway this information is lost, so before deleting the logical gateway we should record this information to allow us to reinstate the logical gateway later.
As deleting logical gateways will remove the gateway from the system, when recreating the gateway we can use the same name, but the gateway is not guaranteed to get the same Id as before, as a result, we should when rebuilding always discover the Id from the name to be safe.
A logical gateway can not be deleted until all the physical nodes are reallocated, so we need to iterate through the nodes removing them. When it comes to reconnecting the nodes, this is a little more tricky as reconnecting the gateway appears to only be achievable with information known to the gateway node. Therefore the simplest thing is when bringing the node back online we take the information from the gateway-props.json file and run a script that determines whether the management tier knows about the node. If not then just re-run the create, start, join cycle., otherwise just run the start command.
As with the logical gateway, re-running the create, deploy, start cycle will result in the node having a new Id. This does mean that whilst the logical gateway name and even the node names will remain the same, the analytics data is likely to become unavailable, so you may wish to extract the analytics data. But then, for development and test, this data is unlikely to provide much long term value.
So based on this, our sequence for releasing the logical gateway needs to be…
Recover would then be …
Of course, these processes can be all linked to scheduling such as a cron job and/or server startup and shutdown processes.
28 Friday Jun 2019
Posted in APIs & microservices, Books, Dev Meetup, development, General, Oracle, Packt, Technology
It’s been a quiet month for this blog, but I’ve been pretty busy with a raft of other activities…
Reviewing a new book on Enterprise API Management for Packt which we would very highly recommend if you want to understand the more Enterprise perspectives of adopting APIs, particularly if you’re considering APIs as a potential new revenue stream.
15 Monday Apr 2019
Tags
Ace, Capgemini, Cloud, conference, development, drone, Luis Weir, meetup, Oracle, PaaS, Presentation, Technology
Image by @motivcx
Another Spring means another excellent Oracle EMEA PaaS Forum for Oracle partners. Every Year Juergen Kress organizes the event, finding really nice venues to host several hundred people over four and half days.
The event is split into several parts, Monday afternoon normally involves Oracle Ace’s presenting on best practices, insights on applying the various technologies etc. For me this meant presenting on the London Developer Meetup, looking at how it worked, what has been successful, and what hasn’t. For those know have read my blogs on the subject (here) will know about our Drone initiative.
Picture by @AmyGrangeX
Then Tuesday is a single stream day where Juergen has managed to pull in SVPs and Senior Product Managers from around the globe to provide a high-level view of what has been going on with their products. For anyone consulting in the Oracle domain, this is incredibly useful. For example, there is a clear strategy coalescing around AI and Machine Learning both as a service proposition to users, but also how these technologies are being made available and used within other products. Other areas such as OIC and SOA CS have stability and maturity, and the road map is about maximising connectivity with the newer products.
But before the sessions start, Juergen starts with opening remarks, and demos’ something engaging. In previous years this has been things like Digital Assistants/Chatbots and so on. This year, we have been fortunate to be an active contributor by demoing the drone through the use of APIs and talking about the ideas. The dry runs of the demo on Monday went without a problem, but when it came to the main show, the drone was a little uncooperative – we think because the air-con had really kicked in. But importantly, even not achieving the desired result, the message of engagement made it home.
Wednesday is split into streams with in-depth sessions from the different Product Managers, he amount of insight gained from these sessions is tremendous, some of which is very much protected by safe harbour statements or not for public disclosure such is the honest and open discussions. The day closes with an Ace Director initiative which demonstrates the application of Oracle Cloud products to a plausible use case, and Luis Weir (Capgemini Oracle CTO) is part of. This session has become something of a tradition now.
The day’s business concludes awards, and for a second year the UK Capgemini team have taken home two awards for APIs and PaaS Contribution.
Luis Weir with his API award
The final two days are then a choice of Hackerthon or 1/2 day training sessions on different products with the relevant Product Managers, and an excellent opportunity to pick the brains of the presenters as well as get hands-on experience with the different products.
The week isn’t without it’s social and networking activities of course …
End-to-End OIC to SAP integration
A blog-post by blog-post journey of a ERP Cloud Solutions Degree Apprentice
from Technology to Music
Demystifying cloud technologies...
Technofunctional Blogs
Business, Technology and more
Personal, design, inspiration, interests.
by Jürgen Kress
Oracle Cloud Stuff
My thoughts on Enterprise Software Technologies...and more.
Achieving business objectives through technology standards
Success & Satisfaction with the Cloud
Thoughts of a lifelong music hoarder...
A Blog for Event and Data Analytics
