Last weekend (from Friday 29th Oct to Tuesday 2nd Nov), was the #BuildWithAI Hackathon 2021 where participants, mentors, sponsors and organisers gathered together to solve real world challenges with AI. This event does not standalone. In a world full of change, this (from my perspective) started last year in the #BuildWithAI Hackathon 2020 and continued to build.
This article is about the event but the event itself is just “Another Step”.
In Oracle Enterprise Manager (OEM) there is the ability to host an AWR Data Warehouse which enables you consolidate all your detailed performance data of all your database and store in a central location.
This enables you to do long-term analysis trend across your AWR data to determine, performance, capacity impact on the databases in your IT estate.
In OEM 13.5, Oracle now supports the AWR Warehouse repository for Autonomous Data Warehouse.
If you don’t have the infrastructure or capacity to store AWR data on-premise, you can now send your data to the Autonomous Data Warehouse(ADW) in Oracle Cloud (OCI).
There are enormous benefits to using Autonomous Data Warehouse(ADW). One of many benefits is that you can scale up/down cpu and storage whilst the database remains online.
Logs are often voluminous can be challenging to navigate through, but it can be a gold mine of valuable data to help administrators troubleshoot and identify issues or trends for operational activities.
To overcome the burden of manually eye-balling millions or (even billions) of rows in log records, bringing that data into OCI Logging Analytics(which is part of the Observability & Manageability Portfolio) will allow administrators to get quick insights, to reduce the time to isolate issues, minimising downtime and prevent impact to end users.
Recently, Oracle rolled out the OCI Bastions service, which is designed to simplify the process of accessing instances which do not have a public IP address. They are really easy to use, with simple commands to allow access to these internal hosts… if you are using a Unix shell. Unfortunately I suffer from being quite wedded to various tools, and as a Windows user, I tend to use PuTTY to access hosts via SSH, so this blog post will detail both the OCI Bastion service in a little more detail, as well as how I continued to resist changing my old habits, and set up connections using the OCI Bastion service using a number of components of the PuTTY suite of tools.
The new platform will provide OCI native integration to provide operational insights into our OCI services in addition to previous capabilities available in Oracle Management Cloud. Logging Analytics is the first major Oracle Management Cloud Service to be incorporated, and so my fellow colleague @callanhp and I were itching to give it a go and see how we could implement it, so we chose the most available logs we could think of, the audit logs from the OCI control plane.
In this blog we will discuss the mechanics for forwarding OCI Audit Logs to the Logging Analytics service from the Oracle Cloud Observability and Management platform, and discuss how this pattern can be extended to other log sources.
Oracle Cloud Infrastructure provides a ton of useful services for automating and orchestrating behaviours in your cloud environment, and while they are often pretty handy on their own, leveraging them together gives almost complete flexibility on what you can achieve. Want to trigger a backup using a command in slack, then have a message get sent back when it completes? Sure! Want to periodically poll a log API and archive the results? Easy. Oracle Cloud Infrastructure provides a number of inbuilt capabilities, as well as the ability to jump into arbitrary code to build elaborate automation flows, and this blog post will focus upon the security constructs around this, looking at how services can be authorised to invoke one another, as well as how they authenticate themselves, while avoiding storing sensitive data in insecure ways. This post is intended as an overview of the concepts, and will be referenced in more concrete ways in future.
There is plenty of information out there about connecting from an on-premises network to OCI. But if you want to see a step-by step-procedure that configures to completion an actual VPN you will have a hard time finding it. And rather than writing about it, this time I will actually show it.
This link will take you to the list of OCI’s verified CPE (Customer Premises Equipment) devices. If your On-Premises CPE is in this list then the VPN configuration should be very easy. In my case, the router I used is not in the list. It is a SOHO (Small Office-Home Office) type of router. For this configuration the on-premises network is my Home-Office LAN. For routers not on the list, there is an option called “other”. OCI offers a lists of supported configuration parameters for VPN connections that you can use for “other” types of routers. Here is the link to these parameter. And I explain them in the video. I hope that you find it useful:
Oracle’s Cloud Infrastructure has been designed in an API-first manner, which is awesome for all sorts of infrastructure automation tasks. It also implements an interesting API security model, in which all requests must be signed using a private key, associated with a public key which has already been configured in OCI (here, the developers are showing their infrastructure roots, as this echoes how SSH Auth is normally handled). The documentation of this model provides sample code in a number of languages, which is perfect if you are writing automation scripts, but is a little inflexible for ad-hoc testing. Typically I much prefer to use a rich graphical REST client, such a Postman, so that I can easily tweak my parameters and try out different types of calls before I write any code. Unfortunately while Postman is well equipped for Basic and Token based Auth, HTTP-Signature is not natively implemented, and rather than abandon Postman for a new tool, I set out to implement it using Postman’s powerful scripting capabilities. In this blog post I provide the result of this, which is a downloadable collection which provides all of the required scripts, and discuss the approach used.
Oracle recently introduced a Web Application Firewall (WAF) to further enhance and secure Oracle Cloud Infrastructure offerings. The Oracle Cloud Infrastructure WAF is based on Oracle Zenedge and Oracle Dyn technologies. It inspects all traffic destined to your web application origin and identifies and blocks all malicious traffic. The WAF offers the following tools, which can be used on any website, regardless of where it is being hosted:
Over 250 robust protection rules that include the OWASP rulesets to protect against SQL injection, cross-site scripting, HTML injection, and more
In this post, I configure a set of access control WAF policies to a website. Access control defines explicit actions for requests that meet conditions based on URI, request headers, client IP address, or countries and regions.