Mediating Task Events to Integrate Dashboards with Existing SOA Tasks

Taskflow

Mediating Task Events to Integrate Dashboards with Existing SOA Tasks

By: John Schleicher | Sr. Technical Architect

Business Activity Monitoring (BAM) services are typically licensed with SOA implementations.  Their incorporation into SOA orchestrations and BPM workflows are not that prevalent; however, the incorporation of dashboards for BPM task visibility should not be considered as problematic as they may easily be integrated with SOA mediation in a loosely coupled fashion such that the existing sources are essentially unaware of the additional capability that is engaged.

Within this article, we will walk through the steps necessary to take an established BPM task (whether BPEL based or BPMN based) and with minimal invasive activity add the components necessary to integrate with BPEL sensors for presentation in BAM dashboard.

Of course, the business knowledge associated with the tasks and internal payload as well as BAM objects are typically highly sophisticated and we are going to abstract that sophistication for the purpose of this article.  We will employ an existing application, but the details of such are irrelevant and the steps followed would be the same no matter what the application type.

Also, it is assumed that the BAM data objects are in place and the sensors to engage BAM are externalized to a BPEL web service.  This externalization is recommended as it facilitates the integrations with multiple tasks or allows for additional projects to leverage the BAM objects and their sensor integration points.

 The steps required for after the fact BAM dashboard integration are:

  • (Assumed in place) BAM objects in place with sensor engaged BPEL service updating the BAM data objects
  • Add the BPEL service to the targeted task composite as an external reference
  • Add an event mediator to the targeted task composite
  • Add data transforms for task events (Assignment, Update, Completion)
  • Configure the mediator filters
  • Configure mediator transforms to route business data to the defined BPEL service

For this exercise, the BPEL service to engage the sensors is ‘activityReporting’ and we will be adding task event mediation to the Rescan task.

Step 1: (this one is pre-requisite and assumed in place)

Step 2:  Add the sensor BPEL service to the targeted task composite.

pic-1-bam

pic-2-bam

Step 3:  Add an event mediator.

For this step we need to get the EDL for task events.  This file (HumanTaskEvent.edl) is located in the jdeveloper integrations directory along with other workflow schemas and wsdls.  Copy it to the local task project directory.

Drag a mediator component into the target task composite:

pic-3-bam

pic-4-bam

Double click on the mediator and subscribe to the Human Task events by hitting the ‘+’ sign and identifying the event file.

pic-5-bam

Elect the events required, normally OnTaskAssigned, OnTaskCompleted, and OnTaskUpdated to support standard dashboard activity.

pic-6-bam

Now to populate the mediator’s routing rules for the event subscriptions (here we will focus on OnTaskAssigned but the same technique applies to all).

pic-7-bam

Select the green ‘+’ sign and chose permanent routing rule and select service for the invoked target.

pic-8-bam

Pick your target service that manages the sensors.

pic-9-task

Step 4:  Apply filters for the transform and map the task data to the data expected by the BPEL service managing the sensors.

Here we will filter on task data ensuring that the task event is associated with the Rescan task.  On systems will multiple task deployments the task event will fire for all tasks and must be filtered.

Depressing the funnel icon gives the filter dialog. Probe the task data so you can filter on sca/task:compositeName and ensure it matches the task’s composite name.

pic-10-task

Step 5:  Create/assign transforms to route your task data to the BPEL service.

Select the transform icon on the right and select ‘Create New Mapper File’ and map the appropriate elements for your business case (this will be specific to your business case and implementation strategy):

pic-11-task

When the mapping is completed your task assigned mediation event appears as:

pic-12-task

You are finished with the OnTaskAssigned event and can extend these activities to OnTaskCompleted and OnTaskUpdated.

Once deployed, you may apply a task assignment the em trace will show the activities in the process trail as such:

pic-13

This particular invocation didn’t pass the mediator filtration (i.e. it wasn’t a Rescan task event that fired) and it ended at the mediator.  If it was a Rescan assignment event you would see the callout to the static routing task.

All of the above was added to an existing task process without engaging any of the previously developed sources (i.e. it is truly loosely coupled).  Once you get a handle on the technique and can apply existing processes, it is a quick and easy task to add human task event mediation to existing processes and extend this information to a sensor based process to see your data on a BAM dashboard.

Contact John Schleicher about this Integration Technique Today

We're here to help!

Application Development Framework (ADF) – An Overview

office computer

Application Development Framework (ADF) – An Overview

By: Tanveer Mohammed | Senior Developer

Application Development Framework (ADF) is a framework built on Java J2ee technology. Application Development Framework is utilized for rapid application development. The core premise of ADF’s introduction is to ensure that developer teams can rapidly build applications in visual declarative ways (drag and drop) instead of writing large segments of time-intensive code.

A typical ADF application layout is depicted below:
adf1

Figure: A Typical ADF Application Overlay

Application Development Framework (ADF) follows a Model-View-Controller (MVC) pattern, where it completely isolates business logic from the View layer. In a standard Application Development Framework application, all the business logic resides inside the Model layer. The Model layer carries business objects for CRUD operations on database, web-service calls, POJO datacontrols from other backend systems, etc. Business objects are further broken down into application module, entity objects and view objects.

Entity objects resemble a row in a database table. We can further override the default DML operations by simply extending entity implementation classes provided by the entity object. Validations can be added at entity level, doing so will make such a validation available to all consumer interfaces. View objects are nothing but your SQL query result sets. Additionally, View objects can be derived from either entity object, SQL query and programmatically. View objects can be tuned to improve the performance of the ADF application. Some tips around tuning View objects are to have separate View objects for read-only queries and updatable queries. Using such an approach one may appropriately specify batch size to fetch rows from database tables. The Application module handles transactions and defines what business functionalities are exposed to the View layer.

Application Development Framework (ADF) possesses a smart way to maintain its established connection pool. It passivates “least recently used” connection and allocates the resources to another request ensuring optimal use of resources in the pool. Data control palette contains all the operations, data that are exposed through application module. Anything from the data control palette can be dragged and dropped on the View layer as field, table, tree, operation etc. In View layer ADF provides a rich set of components (it has more than 150 UI components). ADF components repository have several layout components like panel stretch layout, panel form layout, and panel group layout to name a few. It has basic components such as button, table, radio, checkbox, select one choice, input text, output text, calendar, carousel, date chooser, tree and many more.

adf2

Figure: UI Components of Application Development Framework

The View layer is comprised of bounded taskflow, unbounded taskflow, JSPX page and JSFF fragments. Usually, there is one unbounded taskflow in a framework application which acts as entry point/navigation model of the ADF application. JSPX pages are pages which can be directly called from URL and usually are part of unbounded taskflow. Bounded taskflow is self-contained reusable functionality which once developed can be easily shared and used in any ADF application. Bounded taskflow has a single entry point and can have multiple exits/returns. Bounded taskflow usually possesses multiple page fragments (JSFF) and routing activities. JSFF fragments are the actual place where the functionality is implemented by dragging and dropping business objects from the data control pallet as UI components.

adf3

Figure: Bounded Taskflow

ADF applications provide authentication and authorization support using file based security model (i.e. JAZN or using database model like OPSS). During the development phase, JAZN.xml file can be used to define the authorization to resources. Resources such as pages, bounded task flows, and more can be fully secured. Application roles can also be created and mapped to enterprise roles. The JAZN.xml file upon deployment gets merged with system-jazn.xml file on WebLogic application server. The ADF application is authenticated against the LDAP provider registered on WebLogic server.

The deployment of the ADF application is executed by preparing and deploying the EAR file.

Application Development Framework was designed with reusability in mind. The entire Application Development Framework application can be deployed as a shared library that may expose its entire taskflow to be consumed by another consumer application.

Learn more about TekStream’s ability to help with Application Development today.

 

Contact Tanveer Mohammed about ADF Today

We're here to help!

 

 

Inspyrus Enhanced Invoice Extraction

inspryrus tekstream

Inspyrus Enhanced Invoice Extraction

By: Karla Broadrick | Technical Architect, WebCenter Imaging Team

Oracle WebCenter Forms Recognition is not a tool that is unique to the Inspyrus Solution.  WebCenter Forms Recognition (WFR) is a tool that has been around for many years.  WFR is a key component of how Oracle enables accounts payable automation because it provides intelligent classification and extraction of invoice metadata.  Key fields such as Invoice Date, Invoice Number, Supplier, PO Number as well as line items are intelligently recognized for a large number of suppliers based on a pre-trained set of invoices.

The Inspyrus solution utilizes WFR in a “black box mode.”  This means that invoices pass through WFR where the invoice metadata is extracted but instead of being routed to the Verifier application for correction, invoices do not stop in WFR but instead go directly to the Inspyrus UI.  It is there that invoices are able to be corrected, if needed, before being routed to the applicable ERP system.

What makes the Inspyrus solution’s use of WFR different than traditional solutions is that the out of the box WFR product has been enhanced to alleviate common problems and shortcomings experienced by a large number of WFR customers.  With these enhanced invoice extraction capabilities, the Inspyrus solution brings invoice automation to the next level, one of the many reasons the solution is considered the next generation in accounts payable automation.

One of the most basic examples that long time users of the WFR product can relate to is the extraction of the PO Number field.  The way that PO Number extraction typically works is that any number of PO masks can be configured in the INI file.  The masks can be as specific (TEK#####) or generic (6 digit number) as needed.  As a best practice, I advise customers to use PO masks that are as specific as possible.

If masks can be kept very specific and the number of them kept low, WFR typically does a pretty good job of finding the PO Number on the invoice, regardless of its location.  After the PO Number is extracted, it is then validated against the ERP database to ensure that it is a valid PO.  If it is not found in the database it is flagged as invalid and will require user correction.

Where problems arise is when business needs dictate that PO masks must be generic (######) or a large number of masks are required (as often happens in larger companies with multiple systems generating PO’s).  In these cases, WFR often does not do as good a job of correctly choosing the actual PO number.  Despite clear keywords such as “Purchase Order Number” that could contextually help locate the actual PO number, WFR will often incorrectly choose another value on the invoice that matches a mask but is nowhere near any labels that would indicate a PO Number.

The Inspyrus WFR solution addresses this issue by offering a routine that enhances the out of the box invoice automation by using contextual evidence to help identify the correct PO number from the possible candidates.

TekStream recently worked with a customer that faced both of these challenges.  The screen shots below illustrate the difference between the out of the box WFR extraction and the extraction results with the Inspyrus solution.  This is just one of the many examples of ways the Inspyrus solution takes accounts payables invoice automation to the next level.

Out of the box extraction: PO Number is chosen from the text under a barcode on the page that matches one of the many masks.  The number chosen has no context to suggest it is a PO number.

inspyrus-pic-1

inspyrus-pic-2

Inspyrus extraction: PO Number is correctly chosen as the candidate following the label “P.O. #”

inspyrus-pic-3

inspyrus-pic-4

 

Contact Karla Broadrick about the Inspyrus WFR Solution Today.

We're here to help!

 

Oracle Document Capture and WebCenter Enterprise Capture

Documents Capture

Oracle Document Capture and WebCenter Enterprise Capture

By: Kevin Cocilo | WebCenter Imaging Integration Engineer

Introduction

Since WebCenter 11.1.1.8.0 was introduced, there are 2 major versions of Oracle Document Capture that are available for integration: Oracle Document Capture (ODC 10g) and WebCenter Enterprise Capture (WEC 11g). WebCenter Enterprise Capture is a browser based implementation and is part of the WebCenter stack. Oracle Document Capture is an older, stand-alone Windows server and thick client technology.

Although it should be apparent which to implement, there are some considerations to take into account, mainly supportability and your current starting point.

Supportability

Oracle Document Capture, and its web counterpart ODDC (Oracle Distributed Document Capture), are no longer covered by Oracle Premium (Nov 2013) or Extended Support (Dec 2015), but only Sustaining Support. What this means is that Oracle will only help with the product as it currently exists. Sustaining Support does not include the following:

  • New updates, fixes, security alerts, data fixes, and critical patch updates
  • New tax, legal, and regulatory updates
  • New upgrade scripts
  • Certification with new third-party products/versions
  • Certification with new Oracle products

For complete information see support sheet: http://www.oracle.com/us/support/library/lifetime-support-middleware-069163.pdf.

If you’re a new WebCenter customer, the most current offering as of this writing is version 11.1.1.9.x. And since Oracle WebCenter Enterprise Capture has been offered since 11.1.1.8.0, it’s hard to imagine a scenario where you would want to use ODC/ODDC (although it is still available for download).

A more likely scenario is that you’re facing an upgrade decision.

Upgrade & Migration Considerations

If you’re currently using an ODC integration with an earlier version of WebCenter and are upgrading to WebCenter 11.1.1.9x, here are several points to consider:

Benefits

  1. Supportability, as noted above. All of Oracle’s support models are available for Oracle WebCenter Enterprise Capture 11g.
  2. WEC definitely has the advantage of strictly having a web interface and WebLogic managed server. No more need for ODC and ODDC.
  3. Security model, control and logging are now governed by your WebLogic implementation, just like your other WebCenter Managed Servers.
  4. Patching should be easier in 11g. Patches to WEC (and OIT!) are handled through the normal OPatch method. No more registry hacks, etc. (although currently Oracle WebCenter Enterprise Capture supports only Outside In technology, no Native document conversion until 12c)
  5. Migrating configurations to higher environments is easier such as “dev” to “test” and then to “production.”

Considerations

  1. Although most of the functionality for 10g is now available in 11g, upgrading will require you to reconstruct all of your ODC services (Servers, File Cabinets, Scan and Index Profiles). In other words, there is no way to migrate ODC 10g to WEC 11g. The configuration in 11g is arranged differently than it was in 10g.
  2. Scripting for Macros. It is not possible to reuse ODC 10g macros since they are written using Visual Basic scripting and WEC uses Java scripting.
  3. Recognition Processor is still a Windows OS only proposition although it’s still a Managed Server, and not a Windows client. Support for a Linux Recognition processor is not yet published.
  4. Pay attention to requirements for Java compatibility, since the WEC Client uses a JRE plugin. In addition to Java, be aware that not all Browsers versions are supported. The following link will lead to certification and supportability links:

https://support.oracle.com/epmos/faces/SearchDocDisplay?_adf.ctrl-state=1ap4gfkd0h_4&_afrLoop=408291063482624

 

Contact Kevin Cocilo about Oracle WebCenter today.

We're here to help!

Search Tricks for Users of WCC running on Oracle Text Search

WebCenter Search

Search Tricks for Users of WCC running on Oracle Text Search

By: Brandon Prasnicki | Technical Architect

The WebCenter Content product (WCC) has been running on the powerful Oracle Text Search engine for quite some time. However, it is well known that WCC doesn’t always leverage all of the features that Oracle Text Search has to provide. While TekStream can help leverage many of the features via customizations, there are also a few that require no customization and can help make day-to-day activities more efficient right away. Here are two little-known, but out of the box search tricks that leverage the Oracle Text Search solution.

1 . Stemming

Stemming is the process of reducing inflected (or sometimes derived) words to their word stem, base or root form—generally a written word form. There are often times where it is unknown which variation of a word stem that a contributor might have used to tag content, and this is a great way to uncover those content items.

You can stem searches using the contains operator. To leverage this operator, simply prefix your search term with the ‘$’ (dollar sign character).

Try it!  Here are some fun examples:

$speak, expands to search for all documents that contain speak, speaks, spoke, and spoken.

$sing, expands to sang sung sing

Check in an item with a title of ‘sang’ and search for that document with a search term on the title field of ‘$sing’ and it will be returned!

stemming-11

 

stemming-2-2

2. Sounds Like

The Oracle Text Search index engine has the ability to use ‘Sounds like’ functionality. To do this use the soundex (!) function.

Here is a fun example:

First, check in an item with a Title of ‘Smith’. Then, do a search for that item with the text of ‘!Smyth’ or ‘!Smythe’. You can see screenshots of an example below.

stemming-33

Here you can see that a content item with a title of ‘Smith’ was returned when searching the title field with a ‘!Smyth’ value. This works for fulltext as well, since the fulltext search term uses the ‘contains’ operator.

Short cuts like these can improve your content searches and empower your business to quickly and efficiently find and utilize content in the system. Keep following the TekStream blog for more tips, tricks and short cuts!

For more information see:

https://docs.oracle.com/cd/B19306_01/text.102/b14218/cqoper.htm#i998055

 

Contact Brandon Prasnicki or TekStream about WebCenter Content Today.

We're here to help!

 

Accounts Payable Automation in the Cloud

Accounts Payable Automation

Accounts Payable Automation in the Cloud

By: Mariano Romano | Senior Developer

Accounts Payable (AP) has always been a crucial part of business, but as accounting becomes more and more complex or as it increases in volume, we are forced to upgrade our hardware and software. These issues can be easily solved when using an AP solution in the cloud.

What is AP Automation in the Cloud?

AP Automation in the cloud provides AP solutions that are hosted on the Internet. The solution can be combined with an on-premise EBS system or a cloud EBS system. When using an on-premise EBS system, you can create a Site-to Site VPN connection to your internal EBS system. This allows for your EBS system to remain in-house while your AP solution resides in the cloud.

Benefits of AP Automation in the Cloud

There are many benefits to providing your accounts payable solution in the cloud and for cloud solutions in general, including reduced support and maintenance costs and increased speed of upgrade deployments.

  1. No hardware to purchase or maintain. By having your AP solution in the cloud, you do not have to provision hardware for the solution. Additionally, as your needs grow, you will not have to purchase additional hardware to support the extra load.
  2. No need to perform software upgrades. Since it is hosted in the cloud, the provider will be responsible for implementing any updates at an OS level or application level. This also allows you to have the latest version running much sooner than having to go through weeks of testing before performing an upgrade.
  3. No need to support the OS. Since the hardware is hosted, you are not responsible for the OS on the hardware. This eliminates the need to have an OS expert to support your AP Solution hardware.
  4. No need to support security patches at an OS or application level. All security related patches are supported by the hosting partner.

Areas of Concern

There are also some areas of concern in using AP Automation in the Cloud.

  • Is my data safe in the cloud? Of course! Just because it is in the cloud doesn’t mean anyone can log in and access your data. AP Solutions offer many layers of security to ensure your data is protected at all times.
  • Will my data be backed up? Yes! Most cloud solutions offer multiple levels of backup and redundancies including offsite backups.

Regardless of the benefits or areas of concern, AP Automation in the Cloud is slowly becoming the future of AP systems. As more solutions are available in the Cloud, companies will become more comfortable with the architecture in general and will trust moving their own AP Systems to the Cloud as well.

 

Contact Mariano Romano about AP Automation in the Cloud Today!

We're here to help!

 

Oracle DoCS vs. OSN: Which One to Choose

Oracle Cloud

Oracle DoCS vs. OSN: Which One to Choose

By: Greg Becker | Technical Architect

With all of the recent releases and offerings from Oracle in the Cloud space, it’s easy to get confused when deciding which one(s) may be appropriate for your business. At the same time, it’s essential to understand the offerings, especially if you need to make important business decisions regarding which solutions and products to implement. Two of those recent offerings from Oracle are Documents Cloud Service (referred to as Oracle DoCS) and Oracle Social Network Cloud (referred to as OSN).

Oracle DoCS: Documents Cloud Service

Oracle Documents Cloud Service is an enterprise-level collaboration platform that is available in Oracle Cloud. It connects people and information. Built for the enterprise from the ground up, offering robust security and integration options, DoCS focuses on easy-to-use collaboration optimized for social and mobile use.

greg-becker-blog

OSN: Oracle Social Network

Oracle Social Network enables people to have online conversations, share documents, start one-on-one chats for quick private exchanges, and build out rich user profiles to find the right people to connect with.

greg-becker-blog2

Differences of Intent Between DoCS and OSN

After reading Oracle’s introduction of both products, they sound very similar in nature; in fact, to some extent they are. The difference comes primarily in what each product is primarily used for and also what type of content it is based around. DoCS is primarily for files and conversations (discussions and annotations, real-time/online) based around various file types (contracts, presentations, etc.) and OSN is primarily for collaboration based around social objects (sales opportunities, talent profiles, incident reports, etc.).

Differences of Integration Capabilities

Another primary difference between the two products revolves around the software that each product integrates with. Oracle Social Network integrates with Oracle Sales Cloud, Oracle Human Capital Management Cloud, Oracle Enterprise Resource Planning Cloud, and Oracle Service Cloud. DoCS integrates with Oracle Process Cloud, Oracle Sites Cloud, SaaS, and on-premises applications and content management systems. There are also robust APIs for easy integration with PaaS, third-party systems using DOCS.

So…Should I choose Documents Cloud Service or Oracle Social Network?

Take a look at both products if you’re in the market for a cloud sharing and collaboration tool. If you’re looking for a product that revolves around social objects, Oracle Social Network might be the right one for you. If you’re looking to connect people and information across a wide range of business units within your organization, then DoCS may be the best solution to solve your business problem.

Check out the Oracle product pages for more information:

Documents Cloud Service: https://cloud.oracle.com/documents
Social Network Cloud: https://cloud.oracle.com/social-network-cloud

 

Contact Greg Becker about Oracle DoCS or OCN Today!

We're here to help!

Press Release: TekStream Makes 2016 INC. 5000 List For Second Consecutive Year

inc5000-with-text

Press Release: TekStream Makes 2016 INC. 5000 List For Second Consecutive Year

For the 2nd Time, Atlanta-based Technology Company Named One of the Fastest-growing Private Companies in America with Three-Year Sales Growth of 133%

Atlanta, GA (Oct 3, 2016) – Atlanta-based technology company, TekStream Solutions, is excited to announce that for the second time in a row, it has made the Inc. 5000 list of the fastest-growing private companies in America.  This prestigious recognition comes again just five years after Rob Jansen, Judd Robins, and Mark Gannon left major firms and pursued a dream of creating a strategic offering to provide enterprise technology software, services, solutions, and sourcing.  Now, they’re a part of an elite group that, over the years, has included companies such as Chobani, Intuit, Microsoft, Oracle, Timberland, Vizio, and Zappos.com.

“Being included in this prestigious list of companies two years in a row is an honor and testament to the growth we’ve sustained since starting the company in February of 2011,” said TekStream Solutions Chief Executive Officer, Rob Jansen. “Our current and future success continues to be grounded by our employees who are passionately driven to exceed expectations and work in partnership with our clients and partners to deliver results,” he added.

This year’s Inc. 5000 nomination comes after TekStream has seen a three-year growth of over 133%, and 2016 is already on pace to continue this exceptional growth rate.  In addition, the company has added 25% more jobs over the last 12 months and recently doubled its office space at its Atlanta, GA US Headquarters.

“We are proud of the recognition and of the team we have assembled at TekStream,” stated Mark Gannon, Executive Vice President of Recruitment.  “We will continue to grow and diversify both our Federal and Commercial recruiting solutions in close collaboration with our technology team” Gannon noted.

To qualify for the award, companies had to be privately owned, established in the first quarter of 2013 or earlier, experienced a two-year growth in sales of more than 50 percent, and garnered revenue between $1 million and $300 million in 2015.

“It’s an honor to be nominated this year for the Inc. 5000.  Our growth can be attributed to continued efforts with key partnerships like Oracle and others. With the rapid adoption of Oracle Cloud and other cloud technologies, we expect that trend to continue well into 2017 with our eye on the nomination again next year,” said Judd Robins, Executive Vice President of Consulting Services.

TekStream Solutions

TekStream Solutions is an Atlanta-based technology solutions company that specializes in addressing the company-wide IT problems faced by enterprise businesses, such as consolidating and streamlining disparate content and application delivery systems and the market challenges to create “anytime, anywhere access” to data for employees, partners, and customers. TekStream’s IT consulting solutions combined with its specialized IT recruiting expertise helps businesses increase efficiencies, streamline costs, and remain competitive in an extremely fast-changing market. For more information about TekStream Solutions, visit www.tekstream.com or email Shichen Zhang at shichen.zhang@tekstream.com.

 

###

Oracle Compute Cloud – Cloud Security

Cloud data security services concept.

Oracle Compute Cloud Security

By: Pete Chen | Manager, Hosting Services

Hosting servers on a public cloud may seem like a scary concept. Everyone who has Internet access is a potential threat to corporate data security. In a local server cluster, a firewall can be set up to protect the servers from malicious outside traffic. The good news is Oracle Compute Cloud has included some security features to help secure their cloud environment. Setting up network security should be one of the first tasks for any environment.

Oracle Compute Cloud Service’s security is broken down into 4 pieces. Security applications are created to allow application-specific ports to remain open. Security lists are created to determine in general how incoming and outgoing traffic should be handled. Security rules are created to bridge a security application to a security list. Security IP lists are created to allow entry from specified IP addresses.

Security Applications

Security Applications can be created to specify the ports needed to gain access to the application. Supported port types are TCP, UDP, ICMP, and GRE and a range of ports can be used. In Oracle’s Middleware, WebLogic Server’s Admin Console typically runs on port 7001, or 7002 if secured through SSL. The port type would be set to TCP. Access to the console would be required prior to setting up SSL, so both ports should be included in the security application. The allowed port range would start at 7001, and end at 7002, or any other custom values given to WebLogic Server. The same would hold true for WebCenter Content and WebCenter Portal. Build a security application for each application installed in the environment.

Security Lists

Security Lists are the network security attribute assigned to a server instance. Security lists dictate how the network will respond to inbound and outbound traffic from a server instance. By default, Inbound packets are dropped with no reply given. This means an outside source sending information into the network will have that traffic stopped. The source will only know that the packet never reached its destination. The alternative is to drop the packets with a reply. This will let the source know that the packet was specifically dropped. The outbound traffic policy is set to Allow by default. This can be changed to Deny (drop packets with no reply), or Reject (drop packets with reply).

All server instances assigned to a specific security list can openly communicate to each other. An example of this is the communication between WebCenter Content and WebCenter Portal. The portal servers communicate with the content servers through port 4444. If both of the server instances are added to the same security list, they can communicate between the two servers without restrictions. Therefore, there isn’t a need to create a security application specifically for port 4444 on the content server.

Security Rules

Security Rules bind security applications to security lists. Each rule is created to allow specific traffic to a specific destination. After selecting the security application, a source must be provided. A source can be a security list created or a security IP list. Examples of a security IP list include an instance, ntp, powerbroker, public-internet, or a site. Afterwards, a destination must also be provided. Same as the source, the destination can be a security list or a security IP list. Security rules can be enabled or disabled based on the environment’s needs.

Security IP Lists

Security IP Lists allow for a block of IP’s to be grouped together. The default IP lists given are for the instance (IP block for server instances in the environment), ntp (network time protocol), powerbroker, public-internet, or site. To better secure an environment, specific IP addresses from known sources (office, VPN, or data center) can be added to an IP list. A security rule can be created to only allow traffic from these IP addresses to reach their destination. While it’s convenient to allow all public internet traffic to reach the server instances, it also leaves the environment vulnerable. Locking down the allowed IP traffic for each environment will help to ensure the environment remains safe and secure.

These tools help to protect an Oracle Compute Cloud Services environment from security breaches. Security applications help to define what ports should be opened, security lists define how traffic should be handled, security rules bridge the applications to the lists, and security IP lists help to decide what traffic is allowed. Best practices are available, but take some time to consider the overall security requirements of each environment. Map out the servers, plot out the ports, and specify the various IP addresses. Once the big picture is clear, setting up the security parameters will be easy.

Summation

Oracle Compute Cloud service offers complete security control over the environment, allowing administrators to fully protect their site. Start off by locking down all ports on incoming traffic, and restricting the IP addresses allowed to access the sites. Then define the ports to open by the applications installed. Finally, define which virtual instances require the security rules. Although not covered in this blog, there is an SSL certificate requirement to SSH into the server. Creating an SSL certificate should be done with a systems administrator, as there may be rules and standards on its creation, along with best practices.

Contact Pete Chen about Oracle Compute Cloud Today

We're here to help!