Wednesday Nov 27, 2013

Chalk Talk with John: Revisiting Business Process Management Value

It is easy to get caught up in the technical aspects of Business Process Management - potentially loosing sight of basic value that it can provide to our organizations.

Using our fictional communities of Middleware Fields and Codeaway Valley, we examine strategies to ensure that each town's teddy bear factories can meet customer demand. Is there a way for them to gain some visibility and management into the processes around them to make the most of their efforts? Let’s find out.

About me:

Hi, I am John Brunswick, an Oracle Enterprise Architect. As an Oracle Enterprise Architect, I focus on the alignment of technical capabilities in support of business vision and objectives, as well as the overall business value of technology.  Before coming to Oracle, I was a Practice Manager within BEA System's Business Interaction Division consulting organization, orchestrating enterprise systems in support of line of business goals.

Follow me on Twitter and visit my site for Oracle Fusion Middleware related tips.

Tuesday Nov 26, 2013

A Primer on Process Accelerators

In yesterday's post, Ajay Khanna, Senior Principal Product Director at Oracle, discussed the merits of abstracting out processes from applications into the middleware layer with Business Process Management. That's Oracle AppAdvantage, the advantage of using Oracle Fusion Middleware technologies strategically with Oracle and other enterprise applications to extend and enhance business value. By abstracting process management out of the applications, organizations can adopt flexible processes, newer technology trends, improve user experience and eliminate disruption in application migrations, upgrades and maintenance.

Today's post is about Process Accelerators and the value these add to speed time to market for organizations.

Built on Oracle BPM Suite, Process Accelerators are pre-built, best practices processes that are customizable and extensible to fit specific customer requirements. Oracle Process Accelerators leverage best practices and domain knowledge. Industry process accelerators embody industry-specific best practices and patterns in addition to Oracle BPM Suite best practices. Horizontal process accelerators provide instant functionality and reuse for processes common in most organizations and can be easily modified to fit your requirements. Oracle Process Accelerators simplify implementation and reduce time-to-value for an organization’s business process management initiatives.

Check out this video for a primer on Process Accelerators:

Monday Nov 25, 2013

Keep Your Applications Agile with Business Process Management

Author: Ajay Khanna, Senior Principal Product Marketing Director, Oracle

Applications are the backbone of your business. To run your business, you need many applications and systems like ERP, SCM, CRM, and Billing. Since companies acquired these applications during different time periods, they end up with disjointed applications and rigid silo'ed departmental processes locked inside the applications. Many applications were implemented years ago and selected for very specific business needs but with time the needs change. At that point companies tend to make point changes to the software to meet those needs. Such changes to applications not only take time to implement but are extremely hard to maintain.

With time, the needs of business keep changing, and applications fail to keep pace with the changing needs. This creates impedance mismatch between the business needs and application capabilities. The result is decreasing business performance, less profit, waste in R&D or lower market share because of delays in time-to-market of new products and services.

Business Process agility refers to the speed and flexibility with which process based applications can keep up with the needs of changing business conditions and minimize the gap between business needs and IT systems. Oracle Business Process Management Suite delivers such agility.

With Oracle BPM Suite you can create process based applications that help you orchestrate human and system activities across departmental and applications silos. It provides the necessary visibility and agility to manage and run your business efficiently.

Using BPM to extend your existing applications has following key benefits:

  • Better visibility into the end-to-end processes and KPIs
  • Enhanced Agility. Since BPM is all model driven, business managers can design and update the process as and when required without spending months on modifying underlining applications.
  • If you move your customizations to BPM layer, rather than in the application itself, it keeps your applications clean, better performing and easy to upgrade.
  • You can add additional capabilities like social or mobile to existing applications as BPM suite supports those capabilities too.
  • Last but not least, BPM is not a rip-n-replace of your existing applications. It is enhancing them with newer capabilities.

Let the applications do what they are designed to do the best. Move the rest of extensions in BPM layer for better visibility, agility and efficiency.

For more information visit  and download resources on BPM suite at

Friday Nov 22, 2013

Recap of Oracle GoldenGate 12c and Oracle Data Integrator 12c Launch Webcast

Originally Published on Data Integration Blog

Author: Irem Radzik, Senior Principal Product Director, Oracle

Last week we had a great video webcast for Oracle GoldenGate 12c and Oracle Data Integrator 12c. Our development executives, Brad Adelberg and Tim Hall,  talked about the new features and how the new release helps with delivering future-ready data integration solutions with extreme performance and high IT productivity. 

If you missed the webcast you can watch it on demand via the following page:
On-Demand Video Webcast: Introducing 12c for Oracle Data Integration

In previous blogs we have talked about the new features of Oracle GoldenGate 12c and Oracle Data Integrator 12c, so I am not going to repeat them here. But worth repeating are what our customers and partners say about the new 12c release.

SolarWorld’s Senior Database Administrator, Russ Toyama was in the studio with our executives for the launch webcast, and Russ discussed their GoldenGate implementation for SolarWorld's manufacturing process. SolarWorld is the largest U.S. solar panel manufacturer for more than 35 years and needed operational intelligence to continuously improve the quality of its products, while ensuring the systems operate with high performance and stability.

SolarWorld uses GoldenGate to move data from multiple manufacturing databases into a single decision support system (DSS) database in real time, freeing up the OLTP systems for transaction processing, which improves their performance and stability. The DSS database is very flexible in meeting reporting needs, and provides a comprehensive view of multiple manufacturing processes. This provides the traditional roles of reporting and engineering analysis to continuously improve product quality, yield and efficiency, and enables real time monitoring of the production manufacturing process. Using this real-time monitoring capability SolarWorld is able to detect the deviations from the norm right away, and take action to remedy or understand the situation. This not only improves production quality, but also improves cost management. The manufacturing process is a series of steps building upon the previous, so if there is an issue, it needs to be corrected as soon as possible to prevent waste and reduce manufacturing costs.

For GoldenGate 12c we heard from Surren Partabh, CTO for Technology Services for BT. Surren explained the role of Oracle GoldenGate for their private cloud initiative and how they have improved customer experience and availability, while managing costs as well.  Surren highlighted that Oracle's data integration product family is one of the cornerstones for BT"s cloud migration project and enables to migrate to cloud simply, and in an agile manner. BT used GoldenGate to build a replication hub to help with the migration from legacy systems to the cloud with a reliable fallback strategy. Surren also commented on the tighter integration between GoldenGate 12c and Oracle Data Integrator 12c, saying that it is a "step in the right direction" as it simplifies the actual installation, configuration, management, and monitoring of solutions. You can watch the interview with BT's Surren Partabh here.

In the launch webcast we also heard from Mark Rittman, CTO of Rittman Mead Consulting. Mark talked about the Oracle Data Integrator 12c new features in great depth, given that he was closely involved with the Beta testing program. Mark shared his opinion that the new flow-based design interface is the most critical feature of this 12c release and will bring major productivity gains for developers. He added that interoperability with OWB for easier migration and tight integration with Oracle GoldenGate are very valuable for customers. Mark also discussed the new release of Oracle BI Applications and how its use of Oracle Data Integrator for data movement and transformations simplifies life for Oracle BI Apps customers.  The complete interview with Mark Rittman is available for you as well.

If you missed the launch webcast last week, I hope you take the time to watch it on demand and discover how Oracle has changed the data integration and replication technology space with Oracle Data Integrator 12c and Oracle GoldenGate 12c. For more information, including white papers and podcasts, you can also download free resources.

Thursday Nov 21, 2013

ACE Director Challenges the Definition of "Enterprise"

Author: Debra Lilley, ACE Director

Indulge me today, I want to talk about one of my pet hates, the misuse of the word ‘enterprise’.

One of the things that motivates me as a user group leader is helping people get the most out of their investment in Oracle. Let’s face it, Oracle isn’t cheap, but their customers select Oracle based on business cases that says it is value for money, what I want us to do is help them realize that investment. All too often you hear about organizations who did not and they blame the technology. I however often believe it is how it is used, or even more often how it is not used.

The value of Fusion Middleware to me is that it provides a platform for your whole enterprise not just a point solution. So yes, the business case initially may be about one area but you must plan and implement with your whole enterprise in mind, and then you can expand your use and bring additional benefits that one their own did not initially warrant the investment.

A simple example of this is the adoption of SOA. Many organizations have adopted different applications to deliver their business but they are not integrated or only in a crude fashion, and this lack of flow causes duplication, error and poor customer service. The introduction of a single process orchestration platform will allow for automated processing across applications invisible to the business user ultimately improving the service, removing errors and saving money. Then you can continue to increase the return on your investment by using SOA across your enterprise for other process flows that on their own did not justify the spend.

Coming off my soapbox for a minute, let’s look at what I think we should be doing:

1. Understand your organization and its business

2. Understand the main weakness or what change would make the most positive difference to your organization

3. Understand the entire enterprise IT you have to support your organization

4. Understand what advances in IT can help what you have at #3 address #2 to ensure success at #1

5. Identify other areas that could benefit from the investment made at #4

This sounds really simple but I have spent most of my 30 years in IT trying to identify the stakeholders for these points and bringing them together. It always amazes me how many IT experts in an organization cannot articulate their business. Should business leaders be expected to understand the IT strategy? I think IT should be an enabler for business people and not their profession, it is down to us, the IT people to understand what it is we are to enable, and the most important role is that of enterprise architect.

So why am I writing about this under the AppAdvantage banner and not just simply a rant on my own blogpost? Education. Enterprise architects need to learn and people learn by example and showcasing what others have done is a great way to learn what business challenges can be addressed by the FMW stack. The IT Leaders program under AppAdvantage will showcase some of the projects undertaken by Oracle customers and help us relate them to our own organizations. The interviews with Rick Beers will start by explaining the business or the organization, what they needed to do and how Oracle helped them achieve it. I also ask that Rick adds a question, about what next? How else will the company benefit from the initial investment?

Does your organization have something to share? I know the program is still looking for stories and my survey is still running. Here is the link to my survey so do put your examples in.

In my last post I talked about how we introduced AppAdvantage to the UKOUG Applications Community, and in a few days we have our Technology Community Conference, where our members will be drilling down into how the technology delivers. At that event we also have customer case studies which, like the AppAdvantage program, will teach by example because as I was once told by a very technical guru (that would be you, Alex Gorbachev) that being able to ‘do tech’ does not sell tech, it only delivers what you sell, and you can only sell tech if you can articulate the business benefit.

About the Author:

Debra Lilley, Fusion Champion, UKOUG Board Member, Fusion User Experience Advocate and ACE Director.

Lilley has 18 years experience with Oracle Applications, with E Business Suite since 9.4.1, moving to Business Intelligence Team Lead and Oracle Alliance Director. She has spoken at over 100 conferences worldwide and posts at debrasoraclethoughts

Editor’s Note: Debra has kindly agreed to share her musings and experience in a monthly column on the Fusion Middleware blog so look for her next post in Dec…

Tuesday Nov 19, 2013

The Business of Growing: Oracle Magazine Feature on Land O'Lakes

An iconic brand, Land O’Lakes has grown far beyond its roots as a small cooperative of dairy farmers with forward-thinking ideas about producing and packaging butter.This is a perfect showcase of technology enabling business. And a perfect example of Oracle AppAdvantage, leveraging strategically Oracle Fusion Middleware technologies with their Oracle Applications including Oracle JD Edwards EnterpriseOne, Oracle Transportation Management, Oracle Endeca Applications, and more.

Here's an Oracle magazine feature that was recently published on Land O'Lakes phenomenal business transformation journey, a journey powered by technologies including Oracle Fusion Middleware, Oracle AppAdvantage. Do take a read.

Thursday Nov 14, 2013

Oracle Fusion Middleware Pays Its Tribute to the Victims of Typhoon Haiyan

Author: Claire Dessaux, Vice President, Oracle Fusion Middleware

The Oracle Fusion Middleware team would like to pay its tribute to the victims of Typhoon Haiyan by showcasing one of our customers in the Philippines, Globe Telecom. If you'd like to help, please visit the Red Cross website.

Globe Telecom (Globe) is a leading full service telecommunications company in the Philippines, serving the needs of consumers and businesses across an entire suite of products and services including mobile, fixed, broadband, data connections, internet and managed services. Globe has more than 32 million subscribers in the country.

For many years Globe had been facing a range of business and IT challenges such as lack of flexibility to adapt to the changing business requirements and keep pace with rapid business growth, and inability to scale up systems performance to address large and unexpected spikes in workload demand.

In May 2012, Globe decided to move away from the existing IBM-based middleware infrastructure and choose Oracle Fusion Middleware (specifically Oracle SOA Suite and Oracle Service Bus) and Oracle Exalogic solutions to modernize its IT infrastructure in order to speed time to market, improve system resilience and increase business agility at lower total cost of ownership (TCO).

The new system is now live and provides the backbone infrastructure and underlying connectivity required for the carrier’s Business Support Systems (BSS) and Operations Support Systems (OSS).

You can find more details about Globe’s implementation of Oracle Fusion Middleware and Oracle Exalogic in the Oracle Exalogic Customer Reference Booklet available here.

Wednesday Nov 13, 2013

Cloud to On-Premise Connectivity Patterns

Rajesh RahejaDo you have a requirement to convert an Opportunity in to an Order/Quote in Oracle E-Business Suite? Or maybe you want the creation of an Oracle RightNow Incident to trigger an on-premise Oracle E-Business Suite Service Request creation for RMA and Field Scheduling? If so, read on.

In a previous blog post, I discussed integrating TO cloud applications, however the use cases above are the reverse i.e. receiving data FROM cloud applications (SaaS) TO on-premise applications/databases that sit behind a firewall. Oracle SOA Suite is assumed to be on-premise with with Oracle Service Bus as the mediation and virtualization layerThe main considerations for the patterns are are security i.e. shielding enterprise resources; and scalability i.e. minimizing firewall latency. Let me use an analogy to help visualize the patterns: the on-premise system is your home - with your most valuable possessions - and the SaaS app is your favorite on-line store which regularly ships (inbound calls) various types of parcels/items (message types/service operations). You need the items at home (on-premise) but want to safe guard against misguided elements of society (internet threats) who may masquerade as postal workers and vandalize property (denial of service?). Let's look at the patterns.

Pattern: Pull from Cloud

The on-premise system polls from the SaaS apps and picks up the message instead of having it delivered. This may be done using Oracle RightNow Object Query Language or SOAP APIs. This is particularly suited for certain integration approaches wherein messages are trickling in, can be centralized and batched e.g. retrieving event notifications on an hourly schedule from the Oracle Messaging Service.

To compare this pattern with the home analogy, you are avoiding any deliveries to your home and instead go to the post office/UPS/Fedex store to pick up your parcel. Every time.

Pros: On-premise assets not exposed to the Internet, firewall issues avoided by only initiating outbound connections

Cons: Polling mechanisms may affect performance, may not satisfy near real-time requirements

Pattern: Open Firewall Ports

The on-premise system exposes the web services that needs to be invoked by the cloud application. This requires opening up firewall ports, routing calls to the appropriate internal services behind the firewall. Fusion Applications uses this pattern, and auto-provisions the services on the various virtual hosts to secure the topology. This works well for service integration, but may not suffice for large volume data integration.

Using the home analogy, you have now decided to receive parcels instead of going to the post office every time. A door mail slot cut out allows the postman can drop small parcels, but there is still concern about cutting new holes for larger packages.

Pros: optimal pattern for near real-time needs, simpler administration once the service is provisioned

Cons: Needs firewall ports to be opened up for new services, may not suffice for batch integration requiring direct database access

Pattern: Virtual Private Networking

The on-premise network is "extended" to the cloud (or an intermediary on-demand / managed service offering) using Virtual Private Networking (VPN) so that messages are delivered to the on-premise system in a trusted channel.

Using the home analogy, you entrust a set of keys with a neighbor or property manager who receives the packages, and then drops it inside your home.

Pros: Individual firewall ports don't need to be opened, more suited for high scalability needs, can support large volume data integration, easier management of one connection vs a multitude of open ports

Cons: VPN setup, specific hardware support, requires cloud provider to support virtual private computing

Pattern: Reverse Proxy / API Gateway

The on-premise system uses a reverse proxy "API gateway" software on the DMZ to receive messages. The reverse proxy can be implemented using various mechanisms e.g. Oracle API Gateway provides firewall and proxy services along with comprehensive security, auditing, throttling benefits. If a firewall already exists, then Oracle Service Bus or Oracle HTTP Server virtual hosts can provide reverse proxy implementations on the DMZ. Custom built implementations are also possible if specific functionality (such as message store-n-forward) is needed.

In the home analogy, this pattern sits in between cutting mail slots and handing over keys. Instead, you install (and maintain) a mailbox in your home premises outside your door. The post office delivers the parcels in your mailbox, from where you can securely retrieve it.

Pros: Very secure, very flexible

Cons: Introduces a new software component, needs DMZ deployment and management

Pattern: On-Premise Agent (Tunneling)

A light weight "agent" software sits behind the firewall and initiates the communication with the cloud, thereby avoiding firewall issues. It then maintains a bi-directional connection either with pull or push based approaches using (or abusing, depending on your viewpoint) the HTTP protocol. Programming protocols such as Comet, WebSockets, HTTP CONNECT, HTTP SSH Tunneling etc. are possible implementation options.

In the home analogy, a resident receives the parcel from the postal worker by opening the door, however you still take precautions with chain locks and package inspections.

Pros: Light weight software, IT doesn't need to setup anything

Cons: May bypass critical firewall checks e.g. virus scans, separate software download, proliferation of non-IT managed software


The patterns above are some of the most commonly encountered ones for cloud to on-premise integration. Selecting the right pattern for your project involves looking at your scalability needs, security restrictions, sync vs asynchronous implementation, near real-time vs batch expectations, cloud provider capabilities, budget, and more. In some cases, the basic "Pull from Cloud" may be acceptable, whereas in others, an extensive VPN topology may be well justified.

For more details on the Oracle cloud integration strategy, download this white paper.

Tuesday Nov 12, 2013

Chalk Talk with John: Business Value of Identity and Access Management

Conveying the business value of Identity and Access Management to non technologists can potentially be challenging, especially considering the breadth capability supplied by these technologies.

In this episode of Chalk Talk with John, Bob at Codeaway Valley asks Jim from Middleware Fields how they are able to manage access to buildings and facilities throughout their community. Bob and his team struggle to keep up with the needs of their community members, while ensuring the community’s safety. Jim shares his creative solution to simplifying the management of access throughout their community in Middleware Fields.

About me:

Hi, I am John Brunswick, an Oracle Enterprise Architect. As an Oracle Enterprise Architect, I focus on the alignment of technical capabilities in support of business vision and objectives, as well as the overall business value of technology.  Before coming to Oracle, I was a Practice Manager within BEA System's Business Interaction Division consulting organization, orchestrating enterprise systems in support of line of business goals.

Follow me on Twitter and visit my site for Oracle Fusion Middleware related tips.

Monday Nov 11, 2013

Maximize Performance and Availability with Oracle Data Integration

Alert: Oracle is hosting the 12c Launch Webcast for Oracle Data Integration and Oracle Golden Gate on Tuesday, November 12 (tomorrow) to discuss the new capabilities in detail and share customer perspectives. Hear directly from customer experts and executives from SolarWorld Industries America, British Telecom and Rittman Mead and get your questions answered live by product experts. Register for this complimentary webcast today and join in the discussion tomorrow.

Author: Irem Radzik, Senior Principal Product Director, Oracle

Organizations that want to use IT as a strategic point of differentiation prefer Oracle’s complete application offering to drive better business performance and optimize their IT investments. These enterprise applications are in the center of business operations and they contain critical data that needs to be accessed continuously, as well as analyzed and acted upon in a timely manner. These systems also need to operate with high-performance and availability, which means analytical functions should not degrade applications performance, and even system maintenance and upgrades should not interrupt availability.

Oracle’s data integration products, Oracle Data Integrator, Oracle GoldenGate, and Oracle Enterprise Data Quality, provide the core foundation for bringing data from various business-critical systems to gain a broader, unified view. As a more advance offering to 3rd party products, Oracle’s data integration products facilitate real-time reporting for Oracle Applications without impacting application performance, and provide ability to upgrade and maintain the system without taking downtime.

Oracle GoldenGate is certified for Oracle Applications, including E-Business Suite, Siebel CRM, PeopleSoft, and JD Edwards, for moving transactional data in real-time to a dedicated operational reporting environment. This solution allows the app users to offload the resource-heavy queries to the reporting instance(s), reducing CPU utilization, improving OLTP performance, and extending the lifetime of existing IT assets. In addition, having a dedicated reporting instance with up-to-the-second transactional data allows optimizing the reporting environment and even decreasing costs as GoldenGate can move only the required data from expensive mainframe environments to cost-efficient open system platforms. 

With real-time data replication capabilities GoldenGate is also certified to enable application upgrades and database/hardware/OS migration without impacting business operations. GoldenGate is certified for Siebel CRM, Communications Billing and Revenue Management and JD Edwards for supporting zero downtime upgrades to the latest app version. GoldenGate synchronizes a parallel, upgraded system with the old version in real time, thus enables continuous operations during the process. Oracle GoldenGate is also certified for minimal downtime database migrations for Oracle E-Business Suite and other key applications. GoldenGate’s solution also minimizes the risk by offering a failback option after the switchover to the new environment. Furthermore, Oracle GoldenGate’s bidirectional active-active data replication is certified for Oracle ATG Web Commerce to enable geographically load balancing and high availability for ATG customers.

For enabling better business insight, Oracle Data Integration products power Oracle BI Applications with high performance bulk and real-time data integration. Oracle Data Integrator (ODI) is embedded in Oracle BI Applications version and helps to integrate data end-to-end across the full BI Applications architecture, supporting capabilities such as data-lineage, which helps business users identify report-to-source capabilities. ODI is integrated with Oracle GoldenGate and provides Oracle BI Applications customers the option to use real-time transactional data in analytics, and do so non-intrusively. By using Oracle GoldenGate with the latest release of Oracle BI Applications, organizations not only leverage fresh data in analytics, but also eliminate the need for an ETL batch window and minimize the impact on OLTP systems.

You can learn more about Oracle Data Integration products latest 12c version in our upcoming launch webcast and access the app-specific free resources in the new Data Integration for Oracle Applications Resource Center.

Friday Nov 08, 2013

Pace Layering Comes Alive

Rick Beers is Senior Director of Product Management for Oracle Fusion Middleware. Prior to joining Oracle, Rick held a variety of executive operational positions at Corning, Inc. and Bausch & Lomb.

With a professional background that includes senior management positions in manufacturing, supply chain and information technology, Rick brings a unique set of experiences to cover the impact that technology can have on business models, processes and organizations.

Rick hosts the IT Leaders Editorial on a monthly basis.

By now, readers of this column are quite familiar with Oracle AppAdvantage, a unified framework of middleware technologies, infrastructure and applications utilizing a pace layered approach to enterprise systems platforms.

1. Standardize and Consolidate core Enterprise Applications by removing invasive customizations, costly workarounds and the complexity that multiple instances creates.

2. Move business specific processes and applications to the Differentiate Layer, thus creating greater business agility with process extensions and best of breed applications managed by cross- application process orchestration.

3. The Innovate Layer contains all the business capabilities required for engagement, collaboration and intuitive decision making. This is the layer where innovation will occur, as people engage one another in a secure yet open and informed way.

4. Simplify IT by minimizing complexity, improving performance and lowering cost with secure, reliable and managed systems across the entire Enterprise.

But what hasn’t been discussed is the pace layered architecture that Oracle AppAdvantage adopts. What is it, what are its origins and why is it relevant to enterprise scale applications and technologies? It’s actually a fascinating tale that spans the past 20 years and a basic understanding of it provides a wonderful context to what is evolving as the future of enterprise systems platforms. It all begins in 1994 with a book by noted architect Stewart Brand, of ’Whole Earth Catalog’ fame.

In his 1994 book How Buildings Learn, Brand popularized the term ‘Shearing Layers’, arguing that any building is actually a hierarchy of pieces, each of which inherently changes at different rates. In 1997 he produced a 6 part BBC Series adapted from the book, in which Part 6 focuses on Shearing Layers. In this segment Brand begins to introduce the concept of ‘pace’.

Brand further refined this idea in his subsequent book, The Clock of the Long Now, which began to link the concept of Shearing Layers to computing and introduced the term ‘pace layering’, where he proposes that: An imperative emerges: an adaptive [system] has to allow slippage between the differently-paced systems … otherwise the slow systems block the flow of the quick ones and the quick ones tear up the slow ones with their constant change. Embedding the systems together may look efficient at first but over time it is the opposite and destructive as well.”

In 2000, IBM architects Ian Simmonds and David Ing published a paper entitled A Shearing Layers Approach to Information Systems Development, which applied the concept of Shearing Layers to systems design and development. It argued that at the time systems were still too rigid; that they constrained organizations by their inability to adapt to changes. The findings in the Conclusions section are particularly striking: “Our starting motivation was that enterprises need to become more adaptive, and that an aspect of doing that is having adaptable computer systems. The challenge is then to optimize information systems development for change (high maintenance) rather than stability (low maintenance). Our response is to make it explicit within software engineering the notion of shearing layers, and explore it as the principle that systems should be built to be adaptable in response to the qualitatively different rates of change to which they will be subjected. This allows us to separate functions that should legitimately change relatively slowly and at significant cost from that which should be changeable often, quickly and cheaply.”

The problem at the time of course was that this vision of adaptable systems was simply not possible within the confines of 1st generation ERP, which were conceived, designed and developed for standardization and compliance. It wasn’t until the maturity of open, standards based integration, and the middleware innovation that followed, that pace layering became an achievable goal. And Oracle is leading the way.

Oracle’s AppAdvantage framework makes pace layering come alive by taking a strategic vision 20 years in the making and transforming it to a reality. It allows enterprises to retain and even optimize their existing ERP systems, while wrapping around those ERP systems three layers of capabilities that inherently adapt as needed, at a pace that’s optimal for the enterprise.

Wednesday Nov 06, 2013

Hello With Oracle Identity Manager Architecture

Hi, my name is Mustafa! I'm a Senior Consultant in Fusion Middleware Team and living in Istanbul,Turkey. I worked many various Java based software development projects such as end-to-end web applications, CRM , Telco VAS and integration projects.I want to share my experiences and research about Fusion Middleware Products in this column.

Customer always wants best solution from software consultants or developers. Solution will be a code snippet or change complete architecture. We faced different requests according to the case of customer. In my posts i want to discuss Fusion Middleware Products Architecture or how can extend usability with apis or UI customization and more and I look forward to engaging with you on your experiences and thoughts on this. 

In my first post, i will be discussing Oracle Identity Manager architecture  and i plan to discuss Oracle Identity Manager 11g features in next posts.

Oracle Identity Manager System Architecture

Oracle Identity Governance includes Oracle Identity Manager,Oracle Identity Analytics and Oracle Privileged Account Manager. I will discuss Oracle Identity Manager architecture in this post. 

In basically, Oracle Identity Manager is a n-tier standard  Java EE application that is deployed on Oracle WebLogic Server and uses  a database . 

oracle identity manager architecture

Oracle Identity Manager presentation tier has three different screen and two different client. Identity Self Service and Identity System Administration are web-based thin client. Design Console is a Java Swing Client that communicates directly with the Business Service Tier.  Identity Self Service provides end-user operations and delegated administration features. System Administration provides system administration functions. And Design Console mostly use for development management operations such as  create and manage adapter and process form,notification , workflow desing, reconciliation rules etc.

Business service tier is implemented as an Enterprise JavaBeans(EJB) application. So you can extense Oracle Identity Manager capabilities. 
-The SMPL and EJB APIs allow develop custom plug-ins such as management roles or identities. 
-Identity Services allow use core business capabilites of Oracle Identity Manager such as The User provisioning or reconciliation service.
-Integration Services allow develop custom connectors or adapters for various deployment needs.
-Platform Services allow use Entitlement Servers, Scheduler or SOA composites.

The Middleware tier allows you using capabilites ADF Faces,SOA Suites, Scheduler, Entitlement Server and BI Publisher Reports. So OIM allows you to configure workflows uses Oracle SOA Suite or define authorization policies use with Oracle Entitlement Server. Also you can customization of OIM UI without need to write code and using ADF Business Editor  you can extend custom attributes to user,role,catalog and other objects.

Data tiers; Oracle Identity Manager is driven by data and metadata which provides flexibility and adaptability to Oracle Identity Manager functionlities. 
-Database has five schemas these are OIM,SOA,MDS,OPSS and OES. Oracle Identity Manager uses database to store runtime and configuration data. And all of entity, transactional and audit datas are stored in database.
-Metadata Store; customizations and personalizations are stored in file-based repository or database-based repository.And Oracle Identity Manager architecture,the metadata is in Oracle Identity Manager database to take advantage of some of the advanced performance and availability features that this mode provides.
-Identity Store; Oracle Identity Manager provides the ability to integrate an LDAP-based identity store into Oracle Identity Manager architecture. 

Oracle Identity Manager

Oracle Identity Manager uses the human workflow module of Oracle Service Oriented Architecture Suite. OIM connects to SOA using the T3 URL which is front-end URL for the SOA server.Oracle Identity Manager uses embedded Oracle Entitlement Server for authorization checks in OIM engine. 

Several Oracle Identity Manager modules use JMS queues. Each queue is processed by a separate Message Driven Bean (MDB), which is also part of the Oracle Identity Manager application. Message producers are also part of the Oracle Identity Manager application.

Oracle Identity Manager uses a scheduled jobs for some activities in the background.Some of scheduled jobs come with Out-Of-Box such as the disable users after the end date of the users or you can define your custom schedule jobs with Oracle Identity Manager APIs.

You can use Oracle BI Publisher for reporting Oracle Identity Manager transactions or audit data which are in database.

About me:

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

Tuesday Nov 05, 2013

Standards Corner: OAuth WG Client Registration Problem

Phil Hunt is an active member of multiple industry standards groups and committees (see brief bio at the end of the post) and has spearheaded discussions, creation and ratifications of  industry standards including the Kantara Identity Governance Framework, among others. Being an active voice in the industry standards development world, we have invited him to share his discussions, thoughts, news & updates, and discuss use cases, implementation success stories (and even failures) around industry standards on this monthly column.

Author: Phil Hunt

This afternoon, the OAuth Working Group will meet at IETF88 in Vancouver to discuss some important topics important to the maturation of OAuth. One of them is the OAuth client registration problem.

OAuth (RFC6749) was initially developed with a simple deployment model where there is only monopoly or singleton cloud instance of a web API (e.g. there is one Facebook, one Google, on LinkedIn, and so on). When the API publisher and API deployer are the same monolithic entity, it easy for developers to contact the provider and register their app to obtain a client_id and credential.

But what happens when the API is for an open source project where there may be 1000s of deployed copies of the API (e.g. such as wordpress). In these cases, the authors of the API are not the people running the API. In these scenarios, how does the developer obtain a client_id?

An example of an "open deployed" API is OpenID Connect. Connect defines an OAuth protected resource API that can provide personal information about an authenticated user -- in effect creating a potentially common API for potential identity providers like Facebook, Google, Microsoft, Salesforce, or Oracle. In Oracle's case, Fusion applications will soon have RESTful APIs that are deployed in many different ways in many different environments. How will developers write apps that can work against an openly deployed API with whom the developer can have no prior relationship?

At present, the OAuth Working Group has two proposals two consider:

Dynamic Registration

Dynamic Registration was originally developed for OpenID Connect and UMA. It defines a RESTful API in which a prospective client application with no client_id creates a new client registration record with a service provider and is issued a client_id and credential along with a registration token that can be used to update registration over time.

As proof of success, the OIDC community has done substantial implementation of this spec and feels committed to its use. Why not approve?

Well, the answer is that some of us had some concerns, namely:
  1. Recognizing instances of software - dynamic registration treats all clients as unique. It has no defined way to recognize that multiple copies of the same client are being registered other then assuming if the registration parameters are similar it might be the same client.
  2. Versioning and Policy Approval of open APIs and clients - many service providers have to worry about change management. They expect to have approval cycles that approve versions of server and client software for use in their environment. In some cases approval might be wide open, but in many cases, approval might be down to the specific class of software and version.
  3. Registration updates - when does a client actually need to update its registration? Shouldn't it be never? Is there some characteristic of deployed code that would cause it to change?
  4. Options lead to complexity - because each client is treated as unique, it becomes unclear how the clients and servers will agree on what credentials forms are acceptable and what OAuth features are allowed and disallowed. Yet the reality is, developers will write their application to work in a limited number of ways. They can't implement all the permutations and combinations that potential service providers might choose.
  5. Stateful registration - if the primary motivation for registration is to obtain a client_id and credential, why can't this be done in a stateless fashion using assertions?
  6. Denial of service - With so much stateful registration and the need for multiple tokens to be issued, will this not lead to a denial of service attack / risk of resource depletion? At the very least, because of the information gathered, it would difficult for service providers to clean up "failed" registrations and determine active from inactive or false clients.
  7. There has yet to be much wide-scale "production" use of dynamic registration other than in small closed communities.

Client Association

A second proposal, Client Association, has been put forward by Tony Nadalin of Microsoft and myself. We took at look at existing use patterns to come up with a new proposal. At the Berlin meeting, we considered how WS-STS systems work. More recently, I took a review of how mobile messaging clients work. I looked at how Apple, Google, and Microsoft each handle registration with APNS, GCM, and WNS, and a similar pattern emerges. This pattern is to use an existing credential (mutual TLS auth), or client bearer assertion and swap for a device specific bearer assertion.

In the client association proposal, the developer's registration with the API publisher is handled by having the developer register with an API publisher (as opposed to the party deploying the API) and obtaining a software "statement". Or, if there is no "publisher" that can sign a statement, the developer may include their own self-asserted software statement.

A software statement is a special type of assertion that serves to lock application registration profile information in a signed assertion. The statement is included with the client application and can then be used by the client to swap for an instance specific client assertion as defined by section 4.2 of the OAuth Assertion draft and profiled in the Client Association draft. The software statement provides a way for service provider to recognize and configure policy to approve classes of software clients, and simplifies the actual registration to a simple assertion swap. Because the registration is an assertion swap, registration is no longer "stateful" - meaning the service provider does not need to store any information to support the client (unless it wants to).

Has this been implemented yet? Not directly. We've only delivered draft 00 as an alternate way of solving the problem using well-known patterns whose security characteristics and scale characteristics are well understood.

Dynamic Take II

At roughly the same time that Client Association and Software Statement were published, the authors of Dynamic Registration published a "split" version of the Dynamic Registration (draft-richer-oauth-dyn-reg-core and draft-richer-oauth-dyn-reg-management). While some of the concerns above are addressed, some differences remain. Registration is now a simple POST request. However it defines a new method for issuing client tokens where as Client Association uses RFC6749's existing extension point. The concern here is whether future client access token formats would be addressed properly. Finally, Dyn-reg-core does not yet support software statements.


The WG has some interesting discussion to bring this back to a single set of specifications. Dynamic Registration has significant implementation, but Client Association could be a much improved way to simplify implementation of the overall OpenID Connect specification and improve adoption. In fairness, the existing editors have already come a long way. Yet there are those with significant investment in the current draft. There are many that have expressed they don't care. They just want a standard. There is lots of pressure on the working group to reach consensus quickly.

And that folks is how the sausage is made.

Note: John Bradley and Justin Richer recently published draft-bradley-stateless-oauth-client-00 which on first look are getting closer. Some of the details seem less well defined, but the same could be said of client-assoc and software-statement. I hope we can merge these specs this week.

About the Writer:

Phil Hunt joined Oracle as part of the November 2005 acquisition of OctetString Inc. where he headed software development for what is now Oracle Virtual Directory. Since joining Oracle, Phil works as CMTS in the Identity Standards group at Oracle where he developed the Kantara Identity Governance Framework and provided significant input to JSR 351. Phil participates in several standards development organizations such as IETF and OASIS working on federation, authorization (OAuth), and provisioning (SCIM) standards.  Phil blogs at and a Twitter handle of @independentid.

Sunday Nov 03, 2013

Registration Now Open: Virtual Developer Day, North America, APAC & Europe

Is your organization looking at developing Web or Mobile application based upon the Oracle platform?  Oracle is offering a virtual event for Developer Leads, Managers and Architects to learn more about developing Web, Mobile and beyond based on Oracle applications. This event will provide sessions that range from introductory overviews to technical deep dives covering Oracle's strategic framework for developing multi-channel enterprise applications for the Oracle platforms. Multiple tracks cover every interest and every level and include live online Q&A chats with Oracle's technical staff.

For registration and information on Vortual Developer Day: Oracle ADF Development, please follow the link HERE

Sign up for one of the following events below:

Americas - Tuesday - November 19th / 9am to 1pm PDT / 12pm to 4pm EDT / 1pm to 5pm BRT

APAC - Thursday - November 21st / 10am - 1:30pm IST (India) / 12:30pm - 4pm SGT (Singapore) / 3:30pm -7pm AESDT

EMEA - Tuesday - November 26th / 9am - 1pm GMT / 1pm - 5pm GST / 2:30pm -6:30pm IST

And for those interested in Cloud Application Foundation, including Weblogic and Coherence, don't forget to sign up for the following events:

Americas - Tuesday, November 5, 2013 - 9 am - 1 pm PDT/ 12 pm - 4 pm EDT/ 1 pm - 5 pm BRT

EMEA - December 3, 2013 - 9 a, - 1 pm GMT/ 1pm - 5pm GST/ 2:30 pm - 6:30 pm IST

The event will guide you through tooling updates and best practices around developing applications with WebLogic and Coherence as target platforms.

Friday Nov 01, 2013

Live Oracle AppAdvantage Webcast in APAC: Register Today

How Oracle Applications Customers can Extend the Value of their Investments

How Oracle Applications Customers can Extend the Value of their Investments
Oracle AppAdvantage is an exciting new initiative for Oracle enterprise application customers including E-Business Suite, PeopleSoft, JD Edwards, and Siebel. Oracle AppAdvantage provides strategies to help applications customers simplify, differentiate and innovate their investments through a pace layered architecture that can adjust with business requirements.

Whether your organization is extending your applications to mobile devices, building a customer self-service portal, taking applications to the cloud, integrating applications with your other business critical applications or securely extending them to serve your specific needs, you can take the extension or customization work out of the applications and seamlessly extend with Oracle Fusion Middleware technologies as required.

This webcast will discuss:
Strategies to help applications customers simplify, differentiate and innovate their investments through a pace layered architecture
How to get started and implementation use cases with customer examples

Register today for this webcast on November 6.

Can't wait until the Live Webcast?
Oracle Tech Guru and ask him a question!
If you are facing problems with registration or would like further information please email us at
For any questions on Oracle, our events and products please call or send us an email.

Wednesday, 6th November 2013
Mumbai 10:30 a.m. (GMT +5:30)
Singapore 1:00 p.m. (GMT +8:00)
Sydney 4:00 p.m. (GMT +11:00)

The duration of this
Webcast is 60 minutes.

Forward To A Friend
Share this Event
Facebook Twitter Linkedin
Hardware and Software, Engineered to Work Together Contact Us | Legal Notices | Privacy
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.


Get the latest on all things Oracle PaaS and Fusion Middleware. Join Oracle's PaaS/Middleware Community today.

Find Us on facebook Follow us on twitter Catch Us on YouTube 


« November 2013 »