TLS Migration – A better way

HTTPS is essential as it protects the privacy of our data over the Internet. W3’s 2022 report shows nearly 80% of all websites use HTTPS as their default web protocol, up 6% on the previous year.

Getting started with HTTP/TLS is fairly straightforward. Obtain a CA signed certificate, configure it on your web servers and reverse proxy load balancers and you’re good to go. But how do you ensure your configuration stays up-to-date with current industry standards?

CyberSecurity is an arms race. As hardware and software evolves, so do the tools and techniques created to exploit them. This fierce race largely drives the innovation that we see in the industry today.

How does this relate to TLS? Since the inception of SSLv1 by Netscape in the 90’s there’s been many revisions, SSLv2, SSLv3, TLSv1.1, TLSv1.2 with the current version being TLSv1.3. TLSv1.1 was deprecated in 2021, with new versions being released approximately every 5 years. Given the rate at which exploits are discovered these release cycles will also need to keep pace.

For organisations this poses a number of interesting challenges because you can only control what TLS versions you support. Also if your website or API is public then it’s likely you have no control over the connecting client, or which TLS versions they’re able to use.

Continue reading “TLS Migration – A better way”
Advertisement

Virus & Malware Scanning Object Storage in OCI

If you’re like me, then working in IT means you also assume Tech Support duties for friends, family, and those distant relatives that only seem to call when they’ve got a problem.

I just clicked on this link, and my computer is doing something weird. I think my PC has a virus, what do I do?

When it’s just a single computer, the answer is simple, contain and validate the rouge software is removed, install an AV solution, change their passwords, enable MFA, and provide some education on what to look out for next time.

But now imagine you’re an organisation building a new application, or are moving applications to the cloud. Are you simply performing a lift-and-shift or are you planning to make use of cloud native services? Where are you going to store your data, specifically user uploaded files? Object Storage was built specifically to solve the challenges of how to store unstructured data in the cloud.

However, there is a catch. If you were previously storing files on a server file system, then it’s likely you were also running an anti-virus / anti-malware solution to identify malicious files. With Object Storage the underlying file system is transparent, so you can’t install AV, yet many compliance requirements still state “Uploaded files must be scanned for viruses and malware”.

Continue reading “Virus & Malware Scanning Object Storage in OCI”

OCI User Access Review Made Easy

I’m sure we can all agree, adopting a cloud strategy is awesome. The opportunities and benefits it affords are many. However cloud governance is an ongoing problem that plagues security, compliance, and management teams, which cloud vendors like Oracle are continually trying to solve.

If you’re reading this, you’ve probably been asked, or heard at least once:

Who has access to what in our environment?

Any Security / Compliance Manager

The answer should be easy and simple. However the reality is likely lots of manual time & work, spreadsheets, and endless clicking in a cloud console. If you’re doing this manually then I agree, it’s time that you could be dedicating to more important tasks.

The challenge in trying to answer these questions:

  • What users exist and what groups do they belong to?
  • What does my OCI tenancy compartment structure look like?
  • What policies have users explicitly created?
  • What permissions do users have in my tenancy?
  • Are there any excessive / non-compliant policies & permissions in my tenancy?

is that these complex relationships can’t be easily represented and interpreted in a table-like format. In the OCI ecosystem:

  • users can be federated with an Identity Provider and can belong to one or many federated, or local IAM groups,
  • policies can be defined for “any-user” or for a group,
  • policies are inherited meaning they apply to all sub-compartments from which the policies are applied.

To make things easier I’ve created a solution using Oracle tools and services to simplify the auditing of OCI tenancies and user permissions called “Peek”.

Continue reading “OCI User Access Review Made Easy”

Inspiration Series – Mobile Apollo

This inspiration series is to highlight the work of others from different circumstances.

This particular team were enrolled in Business Information Systems & Analytics Capstone (BISM3208) at University of Queensland where a part of the course was a hackathon and a team of mentors from Oracle Cloud Engineering provided the problem statement and guidance throughout the semester. The problem statement focused on the Sustainable Development Goals “SDGs” with the requirement to design a digital solution using Oracle Cloud.


Introducing Mobile Apollo – one of the finalists in the hackathon.

The team consisted of: Alfred Ong (here), Jennifer Poon (here), Morwenna Fisher (here), Shin Goh (here) and Vera Han (here).

The team focused on SDG 3 – Good Health and Well-Being – To ensure healthy lives and promote well-being for all at all ages.

The team identified (with their research):

  • Lack of mental health apps on the market which expand further than a journaling app.
  • Lack of integration between mental health apps and medical services/updates.
  • Lack of knowledge on alleviating mental illness through exercise/meditation.
  • Lack of having someone to hear them out and give them professional or practical advice that actually helps.
  • The prolonged use of mental health apps guiding them through their journey even when they’re feeling better.

The specific problem that they wanted to target was:

Targeting anxiety/depression in user-focused way that is unique a unique and has yet to emerge in the market, especially one that leverages on the latest technologies like AI and has all-in-one features.

The team settled on the value proposition of:

Developed an application that is portable for the ongoing progress and well-being of people with mental health concerns. We aim to partner with content creators, mental health clinics, governments and health campaigners to offer a wide range of assistance to users. We will include mental wellness information, guides to meditation/relaxing routines and pandemic related information to alleviate COVID-19 related mental health issues.


The myApollo solution targets to bridge the gap in the market between physical and psychological health by promoting character development, self-care routines and physical and mental health activities. The team focused on the following capabilities and outcomes.

  • An important outcome is to maintain the user’s interest and promote continual support whilst raising awareness about the importance of mental health even after the user has improved their mental well-being.
  • myApollo featured AI Buddy that users can talk to and allows users to be checked up on specifically as a non-medical support. This however does not replace a medical professional.
  • myApollo can consequently support users to better prepare themselves for pandemic related health concerns.
  • myApollo aims to boost productivity levels and output at work, potentially reducing suicide rates and the spread of mental health concerns.

Oracle Cloud featured as part of the myApollo solution. The team focused on Oracle Big Data Cloud Service providing the big data Hadoop environment for data management & auditing system.


The team aspires to see myApollo potentially be created and their vision to come to fruition; to be able to see people enjoy and connect with our app in a positive and productive manner; and to see more resources available for those struggling with all health conditions.


The team learnt from this course and from this experience. Some of the takeaways are:

  • The market research was important to build a better understanding and have a product driven approach based upon the needs of the users. A large highlight of the project was talking to individuals and hearing about their struggle with mental health and the types of tools and resources that have helped them overcome and/or cope in their mental health journey. This influenced what specific resources were included in the solution. Hearing firsthand accounts helped the team to connect and empathise with users; allowing them to see the real world impact that the application would have on individuals.
  • Through the multiple iterations, it allowed the team to create a more improved version of this project. The number of iterations performed was a big highlight that was noticeable over the course of the project to cater and adapt the solution to suit the needs and wants of our audience. The team remarked that this was the first project they had undertaken which their core solution had transformed greatly over multiple iterations.
  • Brainstorming ideas was important which led to the development of the idea. The diversity of opinions made for greater ideas and a deeper discussion which developed into a more thoughtful, comprehensive and well-informed solution. This also required embracing various (not all) suggestions from discussion between team members, lecturers, mentors from UQ Ventures and Oracle.
  • The use of different models such as value proposition model and business model canvas made the design thinking process easier.

Sometimes luck plays a part in life 🍀


This idea is inspirational and so the team. And as such, I want to connect you to them – whether it be to help understand the problem; to help continue building the solution; or hire them for your organisation.

I’m happy to introduce you to the team or any of the individuals. You can contact me at jason.lowe@oracle.com.

Alfred Ong

  • Bachelor of Business Management at the University of Queensland majoring in Human Resources and Business Information Systems. Graduating in June 2022. 
  • Believes that technology is rapidly evolving and re-innovating is key.
  • Interested in IOT / Crypto / DeFi / Programming / Startups.
  • Enjoys Multicultural Cuisines, Horology & Automotives.

Jennifer Poon

  • Studying a dual degree of BE (Hons) and BBusMan at the University of Queensland, majoring in Software Engineering and Business Information Systems.
  • Interested in information security and emerging environmental technologies. 
  • An avid baker with a lot of houseplants!

Morwenna Fisher

  • Bachelor of Business Management at the University of Queensland majoring in Human Resources and Business Information Systems. Graduating in June 2022. 
  • Has a passion for people and for positive change. 
  • Is driven to contribute to the world becoming a better place which I believe can be done through technology and ‘people’.

Shin Goh

  • Currently studying my last year at University of Queensland, Bachelor in Commerce majoring in Business Information System and Finance. Graduating in Nov 2022.   
  • Main interest in drawing. I am the mascot and icon designer for the team!
  • Passion in expressing creativity through technology, having interest in data management as well.
  • I believe that having constant feedback (iterations) of ‘What Went Well’ and ‘Even Better If’, embracing different opinions, while expressing your own thoughts are what I believe – a key to having an effective and efficient team.  

Vera Han

  • Bachelor of Business Management at the University of Queensland, majoring in Business Information Systems and Marketing.
  • Strong interest in technology and design, communications, creative ideation and innovation.
  • I create aesthetics and enjoy travelling.

Thank you Team Mobile Apollo.

OCI Arcade Gets A Revamp

Over the past couple of years, we’ve posted about the OCI Arcade. You can find the original article (here) and the repository (here). As part of the revamp, many things have changed and as such we’ve spent a little bit of time to make it better. Check out some of these new additions.

Continue reading “OCI Arcade Gets A Revamp”

A Better Mechanism for Periodic Functions Invocation?

Functions in Oracle Cloud Infrastructure are great. As a serverless execution environment with pre-built logging, metrics, etc. it allows developers to simply focus on their code and not worry about all of the supporting infrastructure, while still providing a lot of flexibility through the use of container primitives. As great as Functions are, they are reactive, they can only be invoked and can’t natively be configured to be executed in a spontaneous or scheduled manner. Often this won’t matter, as Functions will be invoked directly or indirectly by users, or in response to events, but sometimes you simply need a bit of code to run periodically.

Continue reading “A Better Mechanism for Periodic Functions Invocation?”

Manage SOA Marketplace Image Database Password Reset!!!

This blog title seems quite easy and simple but there are bit of steps to manage SOA Market Place Image (SOA MP) Database password reset configuration within application tier which I will discuss in this blog.

There could be multiple situations when user needs to change SOA MP Database password e.g. SOA MP DB password might got expired, or about to expire hence that’s must need to reset to new password which should get further updated all relevant places inside SOA application tier.

In my case it was for SOA dev/test environment eventually SOA MP DB password has default expiry set for 6-month time and it got expired, due to which SOA application was not coming up and constantly keep throwing below error-

Caused by: java.sql.SQLException: ORA-28001: the password has expired

Note:

In my case below software version were used.

Continue reading “Manage SOA Marketplace Image Database Password Reset!!!”

#FormulaAI Hackathon – On Show

Normally, as part of the review of a hackathon I would write something about the teams and the solutions. This time round I’m doing something a little different. With the three challenges being very specific, I want to share the github repositories and kaggle code that I could find.

Continue reading “#FormulaAI Hackathon – On Show”

#FormulaAI Hack – In Review

(With more to come with the winners being announced)

On Friday 18 March 03:00 PST | 06:00 EST | 10:00 GMT | 15:30 IST | 21:00 AEDT, Hackmakers will announce the winners of the #FormulaAI Hackathon 2022. It will be an exciting moment to conclude the event. Stay tuned at https://www.formulaaihack.com/ to watch the public live stream.

It’s been an immense learning experience for many people (including myself). Here’s a snapshot of some of those learnings when I look back in review. Please note that the content below does not contain any spoilers about winners and solutions delivered.

Continue reading “#FormulaAI Hack – In Review”

Oracle Integration, OCI API Gateway and OCI Logging & Analytics

Integration, Control, Security and Monitoring

A real implementation often has different aspects which need to be addressed. Some of them are:

  • A tool to be used for building the integration among applications and technologies, possibly leveraging a low code environment
  • A tool to expose the APIs enabling the integration with third party applications applying in addition security policies, caching capabilities, routing, etc
  • A tool to monitor from IT Operation perspective the entire solution as just one application skipping the need to manage several silos or frameworks

Oracle Cloud can provide the right answer to your developer needs using the best Cloud native services and here identified by OCI API Gateway (API GTW), Oracle Integration (OIC) and OCI Logging and Analytics (LA)

If you are already using Oracle Integration for your development purposes probably you have already noticed the chance you have to configure the API Management solution that you prefer, exposing what you have already built.

From OIC console, you can access the “Setting” section and configure properly what you need

Clicking on the “API Management” link you can configure the connection to your OCI API Gateway instance

How and where can you find the required information?

Tenancy OCID can be found navigating the OCI Console and clicking on “Tenancy” details

Copy and paste this value on the previous screen into the Oracle Integration console

User OCID can be found from OCI Console under the link “My Profile”.

Also in this case, copy and paste the “OCID Id” into the Oracle Integration console

Finger Print: from OCI Console, after having selected “User Profile”, click on “API Keys” and from here you can add a new API Key

Download the “private key” than click “add”

A new key will appear among those eventually already generated previously

Private Key: this one, in pem format, comes from the activities previously done during the API Key creation. Before uploading the key in the API Management setting, you need to convert this one. The key that you have downloaded is in PKCS8 format and this one must be converted to RSA (PKCS1) before using it for the API Management connection, using the following command from your shell

openssl rsa -in private_key_in_pkcs8_format.pem -out new_converted_file.pem

Once converted the file, you can upload your new key to complete the configuration with your API Management connection.

Click “Save” and that’s all

Now from your Oracle Integration console, you can work with your integration flows and after having completed your implementation you are now ready to publish your asset to you OCI API Gateway instance. I’m using the “ECHO” integration flow as an example

Clicking on API Management you can publish the integration flow providing all the required information and details as below presented

selecting the Compartment where your OCI API Gateway is running and the right API GTW instance (for example that one for the TEST environment)

Clicking on the “Deploy” button and wait for few seconds before seeing your service exposed into you OCI API Gateway instance (in my case “MyAPIGateway”)

Clicking on the active gateway instance, you can access to the deployed APIs

as below shown

Clicking on your service, it’s possible to configure the policy you want to apply. In the case below shown, a “Rate Limiting” policy has been applied to control and filter the use of this service

So, jumping again into the previous webpage, where your REST service is detailed, you can copy the URL of the API endpoint to use it for invocation

Open your REST client (or simply a browser) to test your service

The invocation has been successfully tested.

Now, you can monitor the metrics from the OCI API Gateway console in the “Metrics” section to get more details about the behavior; you can select the right time interval to check and get visibility of the API execution

At the same time, you can also have a look at your Oracle Integration console to see how the calls have been managed by the integration platform and if needed you can submit again manually the requests in case of error if, of course, they are involving back-end systems which ahd some problems (networking issues, maintenance, …).

and getting further info about the execution and all details about the business message

In this case, I have used 2 different consoles to monitor OCI API Gateway and Oracle Integration respectevely.

Keep in mind that Oracle Cloud Infrastructure can help you in case you want to consolidate in just one console several information coming from different and disparate OCI Services.

This is the right case for using OCI Logging & Analytics; it allows you to build your own dashboard collecting all info you need from IT Operations perspective and just if needed you can use the dedicated console of each service to leverage deeper and specific management capabilities (errors management, resubmitting faulted instances, changing scheduling parameters, modifying security policies, tuning caching options, etc).

How to use OCI Logging & Analytics?

Using OCI Console and clicking on “Observability and Management” as below described

and select “Logging Analytics” link

From here you can create your own dashboard to include all information you need. In my case I have built a dashboard (“My OCI Dashboard”) collecting info from OCI API Gateway, Oracle Integration and Logging & Analytics itself, as below described:

The screenshot upper represented, includes 6 different widgets which are collecting metrics from different sources so including in just one console all information you want about latency, inbound requests, bytes ingested, bytes sent, etc

How to create a Logging & Analytics dashboard?

Not really hard… on the contrary very straightforward procedure and you can get more details looking at the following blog post:

https://blogs.oracle.com/observability/post/monitor-and-optimize-performance-of-integrated-applications

This is a very simple implementation to show capabilities and synergies of the Oracle Cloud Infrastructure services and resources

Documentation:

OCI API Gateway

https://docs.oracle.com/en-us/iaas/Content/APIGateway/Concepts/apigatewayoverview.htm

https://www.oracle.com/webfolder/technetwork/tutorials/infographics/oci_apigw_gs_quickview/apigw_quickview_top/apigw_quickview/index.html

Oracle Integration

https://docs.oracle.com/en/cloud/paas/integration-cloud/integrations-user/managing-integration-api-oracle-api-gateway.html#GUID-7F82A91E-CA79-4053-94D8-7DF0BEB0438A

https://docs.oracle.com/en/cloud/paas/integration-cloud/rest-adapter/troubleshoot-rest-adapter.html#GUID-F6137806-4051-484A-810B-DA366B96D7C1

https://docs.oracle.com/en/cloud/paas/integration-cloud/index.html

OCI Logging & Analytics

https://docs.oracle.com/en/cloud/paas/logging-analytics/logqs/#before_you_begin

%d bloggers like this: