Oracle Cloud Computing

What is Cloud Computing?

Instead of buying and maintaining network, server, storage, applications and supporting equipments at our buildings, let the providers maintain them for us at their location. By having stringent legal and commercial contracts, these facilities can be used on demand basis or throughout the year.

Why Cloud Computing?

Say for example, a company has few pay roll servers to run pay roll for their employees. The pay roll servers and applications are used primarily during the pay roll run time and remaining days, they stay idle. During the idle time, the company still spends money for space, electricity, backup, monitoring and resources. By using the pay roll service on subscription basis for the payroll run time with the Cloud provider, the money spent for idle time will be saved. The Cloud provider use the Servers for some other purpose during that time.

What are Characteristics of Cloud Computing?

On-demand self-service

A consumer unilaterally provisions computing resources as needed automatically without human interaction (Example: Virtualization)

Resource pooling

Computer resources are pooled to transparently serve multiple consumers.

Rapid elasticity

Capabilities can be rapidly and elastically provisioned, in some cases automatically to quickly scale out and rapidly released to quickly scale in.

Measured service

Cloud systems automatically control and optimize resource use via a metering capability. Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the service.

Broad network access

Capabilities are accessed over the network and accessed through standard mechanisms that promote heterogeneous thin or thick client platforms.

What are the Service Models of Cloud Computing?

Software as a Service (SaaS)

With Software as a Service (SaaS), service consumers get their software applications from the service provider. The consumer uses the software as an application while the provider manages the underlying software and infrastructure. Applications are often delivered to the customer via a web browser in SaaS architecture (Example: salesforce.com)

Platform as a Service (PaaS)

In Platform as a Service (PaaS), the consumer uses programming languages and tools from the provider as an application development and deployment platform. The platform may include databases and middleware in addition to application development tools. Virtualized and grid computing are often a key basis for PaaS architectures.

Infrastructure as a Service (IaaS)

With Infrastructure as a Service (IaaS), the provider manages the underlying physical cloud infrastructure (operating system, network, storage) while consumers deploy and run their own application software and provision resources as necessary. Virtualization software is integral to IaaS architectures.

What are the Cloud Deployment Models?

Private Clouds

It is for an exclusive use by a single organization and typically controlled, managed and hosted in private data centers. The hosting and operation of private clouds may also be outsourced to a third party service provider, but a private cloud remains for the exclusive use of one organization.

Public Clouds

For use by multiple organizations (tenants) on a shared basis and hosted and managed by a third party service provider (Example: Amazon, RackSpace)

Community Clouds

For use by a group of related organizations who wish to make use of a common cloud computing environment. For example, a community might consist of the different colleges of a University, all the universities in a given region, or all the suppliers to a large manufacturer.

Hybrid Clouds

When a single organization adopts both private and public clouds for a single application in order to take advantage of the benefits of both. For example, an organization might run the steady-state workload of an application on a private cloud, but when a spike in workload occurs, such as at the end of the financial quarter or during the holiday season, they can burst out to use computing capacity from a public cloud, then return those resources to the public pool when they are no longer needed.

Oracle Cloud computing Strategy

Oracle has two Cloud Service Models

Platform as a Service (PaaS)

Oracle PaaS is based on Oracle WebLogic Server, Coherence, Tuxedo and JRockit as a foundation. On the top of the foundation, the PaaS also includes Oracle Fusion Middleware components such as Oracle SOA Suite, Oracle BPM Suite, Oracle Identity Management and Oracle Web Center. For data support, Oracle Database and RAC are used.

Infrastructure as a Service (IaaS)

Oracle IaaS is based on Sun’s Open Storage, Oracle Solaris, Oracle Enterprise Linux and Oracle VM for virtualization, Sun SPARC and x86 servers (Present Oracle Exalogic and Exadata). The above PaaS is hosted by this IaaS.

Both the Oracle PaaS and Oracle IaaS are managed by Oracle Enterprise Manager (OEM), which provides integrated systems management from applications to disk across the complete cloud deployment lifecycle.

The below diagram explains the Oracle Cloud Service Model

Happy thanks giving

I wish you and yours a very happy thanks giving. There are so many events happened this year in our life to be thankful. 

Enjoy your time with family and friends. Safe travel.

Oracle WebLogic Presentation at New York Oracle User Group 2012

NYOUG (New York Oracle User Group) is one of the largest Oracle User group in USA.

I will present a session called "Oracle WebLogic, Foundation of Oracle Fusion Middleware" on Dec 12th, 2012.

This session includes 20 minutes of power point presentation and 20-25 minutes of hands on session for WebLogic Install, Domain Creation and Application Deployment.

You can register your attendance by visiting 
http://nyoug.org/upcoming_events.htm   

Oracle WebLogic - Node Manager

What is Node Manager?

Node Manager is a process which runs outside of WebLogic Domains. The run time and operations of Node Manager is not depending upon a domain security system and the run time of Administration and Managed Servers

What are the features of Node Manager?

Node Manager has the following three features         

• Remote Start
• Auto Restart
• Auto Kill

Remote Start

Remote Start of WebLogic Server Instances is one of the useful features for WebLogic Administrators. When the managed servers of a domain are distributed across various physical servers, the Node Manager provides a facility to start/stop all together from one location.

Auto Restart

The node manager brings up the failed server Instances (failed for normal reasons like server reboot, power outage, unexpected PID crash) automatically and it has built in ping mechanism to check the health of server Instances.

Auto Kill

It’s a wonderful feature of Node Manager and it kills the Managed Server Instances which performs low in performance. It helps the users not to send the requests to the hanging server instances anymore.

Observations

• The administrator do not need to login into each physical server or VM to start/stop the server Instances.

• There is no need to have startManagedWebLogic script for each Managed Server Instance and the Node Manager will start those services.

• It is not required to keep several entries at rc scripts for auto restart and it is the job of the Node Manager to bring the server Instances during server reboot.

• When the Administrator updates the environment settings of start-up scripts for third party products, the node manager remote start tab (at the WLS Console) should also be updated with the same settings. During critical, pressurized deployment times, it is often possible the administrators forget to update the remote start tab and use the scripts to start. Later time if someone tries to start the server Instances using Node Manager, it will create a problem ticket.  So if someone wants to use the Node Manager, a stricter change control mechanism must be followed and documented.

• When the Node Manager goes down for a longer time and the Administrator takes time to fix it, it will affect the life cycle operations of server Instances (Both planned and unplanned).

I would suggest not using Node Manager if you have 2-3 physical servers and let the Administrators login into each shell and operate the server Instances. By not using, they may pose few operational inconveniences but the deployed applications will run without user complaints and also the change management document becomes smaller. On the other note, recent Oracle Fusion Middleware products (Ex: OEM, OID, OAM, OSB, WLS Portal) configures the Node Manager by default during the install process and do not try to alter those.

Reference

http://docs.oracle.com/cd/E24329_01/web.1211/e21050/toc.htm 

Oracle WebLogic Presentation at Michigan Oracle User Summit 2012

MOUS (Michigan Oracle Users Summit) is one of the largest Oracle User group in USA.

I will present a session called "Oracle WebLogic, Foundation of Oracle Fusion Middleware" on Nov 14th, 2012.

This session includes 20 minutes of power point presentation and 20-25 minutes of hands on session for WebLogic Install, Domain Creation and Application Deployment.

You can register your attendance by visiting www.mous.us  

WebLogic Administration Server - Failover / High Availability

For the last one or two years, customers are asking questions about how to enable High Availability for WebLogic Administration Server.

I designed and implemented WebLogic Administration Fail-over for a financial client back in 2004 using Veritas Hardware Cluster then in 2009, I did the same for my telecom client using HP Service guard hardware cluster.

The cost and overhead of hardware cluster makes the customer to think twice about implementing the Administration Server fail over but after Oracle acquired BEA, WebLogic Administration Server became integral part of Oracle Fusion Middleware. Meaning, the Administration server availability is mandatory for major implementations.

Here’s my rule of thumb

1 If the customer just uses WebLogic Application Server to host few Java EE applications, then the Administration Server fail over is not required (Note, Banks still wants to have Admin Server fail over).

2 The Fusion Middleware control runs on Administration Server when WebLogic is installed with other Oracle Fusion Products like Oracle Service Bus, Oracle Internet Directory, Web center and other.  When the Administration Server node goes down, the Fusion control will also go down. When the monitoring components and associated logic is written into FMW control, then the administration server availability is mandatory.

Some products enabled their application monitoring logic through Administration Server (Ex: Amdocs Order Management)

Note: Failure of Administration Server will not affect the run time and life cycle operations of Managed Servers. The configuration changes can’t be done until the Administration Server comes up.

How to enable Administration Server fail over/HA

Myth

1. I can use Hardware Load balancer in front of Administration Server fail over

Answer: NO, Administration Server is Singleton and No Active-Active, No Active-Passive. It can always run only one physical server or VM and can’t be replicated due to the security and design constraints.

2. I can use WebLogic Cluster for Administration Server fail over

Answer: NO, Administration Server is Singleton and it is not clusterable. Moreover WebLogic Cluster provides Session fail over for the deployed components with some load distribution and it is always requires an external component like Proxy Plug-In or Hardware Load balancer to fail over.

Methods to implement Administration Server fail over/HA

1 Using Hardware Cluster (Automatic fail over)

The diagram below explains the Hardware cluster functionality and the following fail over scenario is applicable

·      

• The hardware cluster provides floating IP (can float between two physical servers)
• Make Administration server listen on floating IP
• When the first physical node fails, the floating IP moves to second physical server and the administration server can be restarted using rc scripts or hardware cluster package scripts
• The Administration server data (Embedded LDAP, pointers) exists on NAS
• Managed servers were started through Administration server floating IP (with possible DNS) and they don’t see any difference regarding to administration server physical location.

2 Manual fail over

    A. After creating the WebLogic domain on the first physical server (with required managed 

    server entries), copy the whole domain into the second physical server.

    B. Make the Administration Server listens on a DNS address and the DNS address must be resolved to both the physical hosts.

C. Administration Server runs on first physical server and the managed servers started through administration server DNS listen address

     D. When first physical server fails, login into second physical server and start the

    administration server

The Managed Server won’t see any difference. Note, this is applicable only when the domain goes through minimum level changes for application roll out, configuration changes. The best practice is to copy the whole domain into the second physical server whenever the domain configuration changes at the first physical server.

Another best practice is to keep the domain (at least the Admin Server and config folders) on the NAS and the shared data avoids the above critical ‘copy’ work.

From my experience, WebLogic Administration Server availability is critical for Oracle Fusion Middleware based implementations. 

Good luck. If you have any questions/suggestions, please contact me.

Happy WebLogic journey!

Explain Oracle Identity Management

Recently some forces pulled me into Oracle Identity Management consulting work and it’s a very cool area to work. Customers always have questions about Sun/Oracle roadmap and its product mapping. I think the below contents helps you to understand the product stack and its usage. Cheers!

Overview

This document describes the Oracle Identity Management (Oracle IDM) suite of products and their functional usage.

Oracle Identity Management Suite consists of the following Product families

1 Single Sign-On and Web Access Control

Oracle Access Manager

Oracle Identity Federation

Oracle Enterprise Single Sign-On Suite Plus

Oracle Security Token Service

2 Directory Services

Oracle Unified Directory

Oracle Internet Directory

Oracle Virtual Directory

Oracle Directory Server Enterprise Edition

Oracle Authentication Services for Operating Systems

3 Content Access Control

Oracle Information Rights Management

4 Strong Authentication

Extended Identity Management Ecosystem

Oracle Adaptive Access Manager

5 Identity Administration

Oracle Identity Manager

Oracle Role Manager

6 Web Services Security

Oracle Web Services Manager

Oracle Enterprise Gateway

7 Identity and Access Governance

Oracle Identity Analytics 

8 Security Toolkits

Oracle Security Developer Tools

9 Federated Identity

Oracle Identity Federation

10 Fine Grained Entitlements

Oracle Entitlements Server

11 Fraud Detection

Oracle Adaptive Access Manager 

12 Oracle - Sun

Oracle Waveset, Oracle OpenSSO

Business use of Oracle IDM Products

1 Single Sign-On and Web Access Control

1.1 Oracle Access Manager

Oracle Access Manager (OAM) 11g is a Java EE based enterprise-level security application that provides single sign-on, authentication and authorization, policy administration and auditing.

1.2 Oracle Identity Federation

A federated environment enables business partners to achieve integration in the identity management realm, by providing a mechanism for business partners to share identity information across their respective security domains on the top of Single Sign On.

Oracle Identity Federation is a federation server that enables single sign-on and authentication in a multiple domain identity network.

It uses Federated Identity Protocols such as Liberty ID-FF, OpenID and SAML.

1.3 Oracle Enterprise Single Sign-On Suite Plus

A .NET and Visual C++ based package which can be installed on every user Desktop to provide Single Sign On for day to day applications like VPN, Password Wallet etc.  The Administrator creates this deployment package and distributes at Desktop machine using File Share or through Web Server.

1.4 Oracle Security Token Service

Oracle Security Token Service (STS) brokers trust between a Web Service Consumer (WSC) and a Web Service Provider (WSP) and provides security token lifecycle management services to providers and consumers.

Oracle STS augments Oracle Identity Federation (OIF) to use federation protocols such as SAML, WS-Federation, Liberty, or OpenID. Additional tokens include Kerberos (primarily for Windows Native Authentication) and digital certificates.

2 Directory Services

2.1 Oracle Unified Directory (Part of Oracle Directory Services Plus)

Oracle Unified Directory (OUD) is the newest member of the Oracle Directory Services Plus product family.

It can function as

LDAP Server to store data 

LDAP Proxy to route requests from Client to the LDAP Server 

Replication Server Gateway between OUD and Oracle Directory Server Enterprise Edition

  

2.2 Oracle Internet Directory (Part of Oracle Directory Services Plus)

Oracle Internet Directory (OID) is a directory service server (LDAP v3) which uses Oracle Database to store data.

2.3 Oracle Virtual Directory

Oracle Virtual Directory (OVD) acts as a directory gateway that processes client requests and dynamically re-routes them to one or more existing directories regardless of format, be it LDAP, RDBMS or others.

Oracle Virtual Directory presents a virtual directory hierarchy, or tree, to its clients and then assigns hierarchy branches of that tree to designated LDAP or RDBMS servers.

2.4 Oracle Directory Server Enterprise Edition (Part of Oracle Directory Services Plus)

Oracle Directory Server Enterprise Edition (ODSEE), formerly Sun Directory Server Enterprise Edition is an Enterprise LDAP Server which provides core directory service with Embedded Database, Directory Proxy and Synchronization with Active Directory.

2.5 Oracle Authentication Services for Operating Systems

Oracle Authentication Services for Operating Systems (OAS4OS) enables enterprises to centralize management for UNIX and Linux authentication, user accounts, password policies, and sudo authorization policies using Oracle Internet Directory. Based on open standards interfaces, OAS4OS provides full automation of client configuration and user migration, and serves as LDAP based naming service to replace NIS.

3 Content Access Control

3.1 Oracle Information Rights Management

Oracle Information Rights Management secures and tracks sensitive digital information everywhere it is stored and used.

Oracle Information Rights Management uses encryption to extend the management of information beyond the server side repository - to every copy of an organization's most sensitive information, everywhere it is stored and used - on end user desktops, laptops and in other repositories, inside and outside the firewall.

4 Strong Authentication

4.1 Oracle Adaptive Access Manager

Oracle Adaptive Access Manager protects companies exposing Web applications and services, and their end users from online threats and insider fraud. It provides risk-aware authentication, real-time behaviour profiling, and transaction and event risk analysis.

5 Identity Administration

5.1 Oracle Identity Manager

Oracle Identity Manager is a user provisioning and administration solution, which automates the process of adding, updating, and deleting user accounts from applications and directories within an enterprise.

5.2 Oracle Role Manager (Formerly Bridgestream SmartRoles)

Oracle Role Manager is a Java EE based product which enforces Role based Management for organizations. Using its web interface, administrators can configure roles for applications, importing users from diverse repositories and exporting role definition for role life cycle management.

6 Web Services Security

6.1 Oracle Web Services Manager

Oracle Web Services Manager (OWSM) is part of WebLogic Server Installation from 11g. It secures the Web Services by having policies at Oracle Database.

6.2 Oracle Enterprise Gateway

Oracle Enterprise Gateway designed to simplify and secure SOA deployments on-premise, across domain boundaries or in the cloud. Oracle Enterprise Gateway secures, accelerates, integrates and routes XML and other types of data with SOA and Cloud infrastructures.

7 Identity and Access Governance

7.1 Oracle Identity Analytics (Formerly Sun Role Manager)

Oracle Identity Analytics provides enterprises with the ability to define and manage roles and automate critical identity-based controls.

8 Federated Identity

8.1 Oracle Identity Federation

Oracle Identity Federation is a standalone, self-contained federation server that enables single sign-on and authentication in a multiple-domain identity network. Oracle Identity Federation supports multiple federated identity protocols including the Liberty ID-FF, OpenID, and SAML protocols.

9 Fine Grained Entitlements

9.1 Oracle Entitlements Server (Formerly BEA AquaLogic Enterprise Security)

Oracle Entitlements Server is an authorization product that allows an organization to protect its resources by defining and managing policies that control access to, and usage of, these resources. The policy can enforce controls on all types of resources including software components (URLs, Java Server Pages, Enterprise JavaBeans, methods, servlets and the like used to construct an application) and business objects (representations of user accounts, personal profiles and contracts such as bank accounts in a banking application, patient records in a health care application, or anything used to define a business relationship).

Oracle Entitlements Server supports the creation of role policies and access control policies. Role policies are used to define constraints regarding which users are assigned roles. Access control policies define access to the software components and business objects.

Contents of the downloadable IDM packages

Oracle Identity Management (11.1.1.6.0)

Includes

HTTP Server

Oracle Internet Directory

Directory Integration Platform

Virtual Directory

Directory Services Manager

Identity Federation

Security Developer Tools

Enterprise Manager Fusion Middleware Control

Required Additional Software

WebLogic Server

Repository Creation Utility

Patch Scripts

Oracle Database

            Oracle Identity and Access Management (11.1.1.5.0)

Includes

Access Manager

Adaptive Access Manager

Identity Manager

Identity Navigator

Oracle Security Token Service

Oracle Entitlements Server

Required Additional Software

WebLogic Server

Repository Creation Utility

Patch Scripts

Oracle Database

BI Publisher

SOA Suite (for Oracle Identity Manager)

Oracle Access Manager WebGates (11.1.1.5.0)

Includes

Oracle HTTP Server 11g WebGates

Required Additional Software

Oracle Access Manager (11.1.1.5.0)

Oracle HTTP Server 11gR1