Welcome to the new blog platform! Oracle has just migrated to use MovableType, which give bloggers more control and flexibility than our old platform. Despite the warning about losing old comments, the team found a way of preserving them, so that's great news too.
I periodically get a worried e-mail about the iRecruitment anti-virus support, asking why we haven't certified X, Y or Z company for use with iRecruitment. There's clearly a lot of confusion about this topic, so I thought it best to clarify.
The anti-virus software that most of us are familiar with is the software on our PCs. This software typically scans files as they arrive on our PC in various ways such as sent via e-mails, that we download from the internet, and which are loaded from removable media, like CDs or memory sticks, and other more obscure ways too. They also run a periodic scan of your hard drive to check for files that have viruses that it was not able to catch on the way in, either because the virus was not known to them at the time, or they arrived by sneaky means that it was not able to detect.
The basic requirements for anti-virus checking for iRecruitment are similar to the PC requirements. We ideally want to stop any files with viruses from being uploaded, and we want to periodically check our existing files for viruses that were not known at the time of upload. It's worth noting at this point that, as of today, there are no known ways in which a virus in an uploaded file can effect the database or the server. The reason we are checking for viruses is to protect those who download the files again, not to protect the database from internal attack.
If you don't have any virus checking of the files which are being stored on the database, there are two main defenses against getting viruses when downloading the files to your PC. The first one is the most obvious - you have up to date anti-virus software on your PC. That will stop any viruses from being downloaded, provided your anti-virus software is working correctly and is up to date. The second method is simply not to download the files. Sounds flippant? Not really. iRecruitment has an excellent html view of documents, so you can look at a Word or PDF resume as html in the iRecruitment screens without ever downloading the file and exposing yourself to potential viruses.
If you don't want to rely on your PC anti-virus software being good enough then you have a few further options. If that is the case though, you probably want to start thinking about not letting your users browse any web sites outside of your company though, because there are some serious nasties out there for the unprotected. That said though, belt and braces isn't going to hurt here.
The first option is a Gateway product. Most anti-virus companies sell something like this, but the name varies between companies. What it does is it scans all your internet traffic, and - amongst many other things - it will stop a file with a virus from being uploaded to any server. That includes iRecruitment. So a product like this will automatically stop any known virus from being uploaded. There is no configuration for iRecruitment required, because this product monitors all data coming through your firewall, regardless of it's destination. Pretty neat.
The second option is the internal Symantec option. This is the option that some customers mistakenly think is what we are saying is the only option. This is not the only option, but it is the one that we had to do some special work for, as opposed to the previous options which all operate in complete independence of iRecruitment. Because we had to build code and you have to set up profile options to configure it, this is the one that you notice in our documentation.
The Symantec solution works by directly integrating with an anti-virus web service, so that iRecruitment can control the virus checking. The way this works is when a user attempts to upload a file, we stream it to the web service (typically running on one of your own servers), which validates it is virus free, and cleans or blocks it if it is not. We then either stop the upload and warn the user if the file has a virus, or save it to the database if it is clean. This is a nice user experience that integrates well with iRecruitment.
What I have described so far offers no additional security beyond the Gateway products, which all check for the incoming files. If you think about your PC solution though, it scans incoming files, and it also does a periodic check of existing files. The second thing that we therefore do though is we periodically use the web service to scan the existing files stored in the database for any virus definitions that were not known of at the time that they were uploaded. There is always a lag between virus creation time and the virus checking tools being able to detect them, so this is an important step too. If a virus is detected in an existing file, we will clean the file or delete it if that is not possible.
With this solution, the only product we have ever found which can do this is the Symantec Anti-Virus Scan Engine. This uses the open standard ICAP protocol to talk with any third party software that wants to check files. It's simple to use, and it is very effective. Some customers assume that the reason that we only directly integrate with Symantec is because we have an exclusive partnership with them (although they have been helpful, there is no formal iRecruitment partnership with Symantec, and Oracle typically avoids exclusive relationships anyway), or because we don't like other vendors (we like everyone - we are very loving people really), or because we are lazy (it's a hive of activity here. Honest!). None of those are the reason - the reason is that there are simply no other products out there that do this. We have looked long and hard, and not found any at all. If you are an anti-virus provider who does offer a similar product, please let us know, and chastise your partnership departments for not knowing about them when we contacted them. If you don't offer such a product, perhaps you want to think about building one?
And if you are a customer who is angry at us for not "supporting" your preferred vendor - don't get mad at us please. Read this article. After reading it, if you think you still need a product like Symantec's in addition to all of the other virus protection you already have, get mad at your anti-virus vendor for not providing any suitable product.
I'm not really a process person. I really like to just get stuck in and get on with things. The last thing that I want to do is to do documentation, and pre-documentation and pre-pre-documentation. I like to just try things out without wasting time before I get stuck in. At least that's the way I used to be, and some of the time that's the way that Oracle used to be. I came across this article today by Shae Allen called If Architects Had To Work Like Web Designers. Have a read. It's very funny, and it is an extreme but recognisable caricature of the way we sometimes found ourselves working. Not all of the time - we were typically pretty methodical, even in my team. But just sometimes, it was a bit like that.
A couple of years ago though, John Wookey decided that he wanted to stamp down on that, and introduce rigorous enforcement of best development practices, based on best industry practices. I even got involved in designing the standards myself, looking at our code review process. For that, much of our inspiration was taken from books like Peer Reviews in Software: A Practical Guide by Karl E. Wiegers and Winning with Software: An Executive Strategy by Watts S. Humphrey. We weren't the only team. There were over 20 other teams looking at other aspects of our development practices, and the best suggestions from all of us have been put in to practice in Oracle now. Most importantly of all though, the Oracle management team all bought in to the process. Without that, we would still be the architect described in Shae's article.
So, what's the result of this? My Core HR team is one of the first to work our way through the life-cycle of our new processes. It was a hard sell to the developers. The changes involved front loading a lot more work. More design steps, more reviews, more methodology. It has taken a lot longer for us to get to the code stage than we had in the past. But we have produced far better code for it, and it will spend far less time in testing have fewer iterations of re-testing issues found by QA than in the past, because we have beaten the bugs out of the code before it gets to that stage. It wasn't easy, but we are all now converts to our new processes. Even me.
[Edit: Clarified reduced QA time needed. Thanks Paul]
I recently got sent a message by the implementation team at Network Rail (the organization who run all of the railway infrastructure in the UK) to say that they have just completed implementing iRecruitment with a Network Rail specific skin. You can access their site at http://www.networkrail.co.uk/, and then drill down through the Careers link if you want to have a look.
They have changed the banners and navigation at the top and bottom of the screen to match the rest of their site, and changed the fonts and colour schemes to match the rest of the site. It looks almost seamless to me, and I think that they have done a great job. Well done guys, and thanks for letting me know about it.
Has anyone else used skins to change the appearance of their site? It would be great to see some more examples.
I still get asked quite a few questions about how to secure Oracle Applications when running through a firewall. This is a very common request for iRecruitment customers who want to have Candidate and Agency functionality available outside of their firewall, and is also a fairly common request from SSHR customers these days, who want to have functionality like the Employee Verification available outside of their firewall. I thought it would therefore be useful to put a note here to let people know where to find that information. There is a great note on metalink, number 287176.1, which has all of the information which you need to know about configuring 11i to run through a DMZ, and note 380490.1 for configuring R12.
Some great news for everyone - Release 12 of Oracle Applications is now Generally Available! We are all really pleased to see this go out to customers, and really happy with the quality and the functionality that we have in there. There is a launch event with John Wookey and Charles Phillips for everyone who is interested. There are lots of details about the new functionality on all products on metalink, but why not check out Steven Chan's blog for details of that.
From the perspective of my team, there are several great things in particular about this milestone release;
1) We have been working hard on this functionality for several years, with great new features in Core HR, like global transfers, and checklists. We know that many people are really keen to use these new features, and it makes it all worthwhile when we see people benefiting from the things that we have produced.
2) We don't have to keep apologising to customer for not being able to discuss R12 dates. We don't like that, and we know you don't like it either. But we have to do it for legal things like SOX. It does lead to some fun conversations, like this one though;
I had a great week this week, because on Monday I got a special mention in John Wookey's All Hands meeting. The department is looking at things which we can do to improve quality and efficiency, and some time ago John threw out an open invitation to submit ideas, with the best 5 winning a prize. I was very pleased and surprised to have submitted a winning idea, as well as Gopi Tummala saying that I should have his job. I don't want his job, but it was nice of him to say so! I'm now looking forward to getting my "I'm bug free" t-shirt in the mail.
Getting up to speed in my new role as director of Core HR has kept me very busy for the past couple of months. We have been working very hard both on Release 12, and on Fusion. At last I am getting a chance to get out of the office and to meet customers again at OpenWorld next week. I'm going to be part of the Meet The Experts session for HCM where you can talk to some of the senior product experts in HCM Development. It's on Thursday from 3pm to 4pm in the Meet The Experts lounge in Moscone South. It's pretty much the last thing of the conference, but I hope that plenty of you can come along to talk to us.
I have been persuaded that after 6 years of working on iRecruitment, it is time to hand the reigns on to someone else, and move to lead the Core HR team instead. I have owned iRecruitment development since it started way back in 2000, and have seen it go from strength to strength. I have devoted a lot of blood, sweat and tears on the product over the years, so it was a very hard decision to make the move. One of the reasons I was prepared to move is that I have Ravi Banda as an excellent replacement, and I am sure he will do a great job of taking the product forward. I'll be keeping an interest in what is going on with iRecruitment, and I am sure that in my new role I will stay involved with many of my iRecruitment friends, both in Oracle and externally.
My new Core HR role is like a blast from the past for me since I managed part of the Core HR team before starting iRecruitment. My new role here is a great new challenge though. My team is responsible for the Person part of the HCM product, along with most things that belong to a person (e.g. their employment details, contacts, addresses and the like). I will be leading the team through the transition to Fusion, where our first big goal is to enhance our schema to take advantage of some global person concepts from PeopleSoft that we think will be of benefit to everyone, and give us a great platform to move forward on..
Last Friday we released our latest round of functionality, IRC.E RUP1 (patch 5061111). This is a great new released that contains some new functionality that we know that many of you have been waiting for. This includes;
As well as all of that, we have done a number of bug fixes and minor enhancements, to make this our best release yet. The whole team are really proud of what we have built here, so we hope you all download it and upgrade to it soon! Have a look on metalink for more details. The About Doc is note number 373827.1, and the new implementation guide is note number 373837.1. Both contain far more information than in this article, so please have a read.
For those of you who are confused by the name of the release, let me explain. We are no longer releasing mini-packs on 11i. Instead we are releasing rollup patches. They can contain a similar level of new functionality and bug fixes, but they are not a cumulative patch like the mini-packs were. This makes them smaller and more manageable, but means that they can only be applied on top of the last mini-pack. If you are not currently on IRC.E, when you apply IRC.E RUP1, you must either apply IRC.E first, or merge the two patches together and apply as one.
