the rise and fall of oracle ipaas why we moved off · oracle ipaas overview 5 ©2019 attain, llc...
TRANSCRIPT
©2019 Attain, LLC
Schoolcraft College – VisTaTech Center
Room W210A
Wednesday, October 30, 2019
10:40am – 11:35am
The Rise and Fall of Oracle iPaaS –Why We Moved Off
Ahmed Aboulnaga
Principal
Attain
©2019 Attain, LLC
About
2
©2019 Attain, LLC
About Me
Ahmed Aboulnaga
Principal at Attain
20+ years of IT experience
M.S. in Computer Science from George Mason University
Past employment with Booz Allen Hamilton, IBM, CSC, and Oracle
Federal IT projects for the DOD, DHS, DOJ, and DOE
Recent emphasis on DevOps, cloud, and security in current projects
Oracle ACE, OCE, OCA
Author, Presenter, Blogger
@Ahmed_Aboulnaga
3
©2019 Attain, LLC
About Attain
Headquartered in McLean VA
Management, technology, and strategy consulting firm
Supporting customers in government, healthcare,
education, and nonprofit markets
Industries:
• Defense, Civilian, National Security, Federal
Health, State and Local Government, and more
4
Awards
#5 Best IT Firms to Work For
2019
#18 Best Firms to Work For
2019
Red Hat Partner of the Year
2018
Contractor of the Year
2018
©2019 Attain, LLC
Oracle iPaaS Overview
5
©2019 Attain, LLC
Why Cloud?
No need to purchase or maintain hardware
Less effort spent upgrading and patching
A slew of other reasons you can find online
6
©2019 Attain, LLC
Cloud Services
7
Factoid
Although on-premise is easier
and quicker to pronounce,
the term is actually on-
premises.
Aside from being
grammatically wrong, saying
your IT is on-premise is also
imprecise from a technology
perspective.
Just say on-prem. ☺
©2019 Attain, LLC
Oracle Services
8
Cloud Service Description Examples
IaaS Infrastructure as a Service Virtual machines
PaaS Platform as a Service Middleware
SaaS Software as a Service On-demand software (e.g., Gmail)
DBaaS Database as a Service
iPaaS Integration Platform as a Service
IDaaS Identity as a Service
CaaS Container as a Service Also Communications as a Service
FaaS Function as a Service
MBaaS Mobile Backend as a Service
MaaS Monitoring as a Service
XaaS Anything as a Service Anything and everything
©2019 Attain, LLC
Oracle iPaaS
iPaaS = Integration Platform As A Service
Oracle SOA Cloud Service – latest version 12.2.1.x
Three offerings:
• SOA Cloud Service (SOA, OSB, B2B)
• Managed File Transfer Cloud Service (MFT)
• API Manager Cloud Service
Retain full control – root OS and WebLogic administrator access
Comprehensive CLI and REST interfaces
Network access via SSH, SQL*Net, JDBC, HTTP, and other drivers
9
©2019 Attain, LLC
Oracle Marketing Speak
“Comprehensive integration” in the cloud
“Powerful”
“Simple administration”
“Save time and money”
10
©2019 Attain, LLC
Will Traditional Administrators Become Obsolete?
Cloud administration skills needed:
• Everything a traditional administrator knows
• PaaS and iPaaS architecture and usage
• Familiarity with cloud tools (e.g., cloud cli, REST services, etc.)
• Security
Cloud Strategic Middleware Administrator –top future job role
• Strategic management of middleware in the cloud
• Niche skills in multitenancy, tuning, high availability, and security
11
©2019 Attain, LLC
Compute Cloud
12
©2019 Attain, LLC
Clicking on ‘Services’
13
©2019 Attain, LLC
Compute Cloud Dashboard
14
©2019 Attain, LLC
SSH
15
Full root level SSH access to box
Default user ‘opc’
Sudo su access to already created ‘oracle’ and ‘root’
accounts
©2019 Attain, LLC
Network / Firewall
16
©2019 Attain, LLC
Storage
17
Can’t add shared filesystems though
©2019 Attain, LLC
Database Cloud Service
18
©2019 Attain, LLC
Database Cloud Service Dashboard
19
The most stable/reliable of all PaaS services
©2019 Attain, LLC
Hamburger Icon
20
©2019 Attain, LLC
SSH
21
Root OS access, full SYSDBA access
©2019 Attain, LLC
SYSDBA Access
22
©2019 Attain, LLC
SOA Cloud Service
23
©2019 Attain, LLC
Navigation
24
©2019 Attain, LLC
SOACS Dashboard
25
©2019 Attain, LLC
Hamburger Icon
26
Full Oracle SOA Suite 12c console access
©2019 Attain, LLC
SOACS Instance Details
27
Note the ‘Associations’
Note the ‘Load
Balancer’ (i.e., OTD)
©2019 Attain, LLC
WebLogic Server Admin Console
28
Full WebLogic Server Admin Console access
©2019 Attain, LLC
WebLogic Server Admin Console
29
©2019 Attain, LLC
EM Console
30
©2019 Attain, LLC
URL Format
31
My Services Consolehttps://myservices.us.oraclecloud.com/mycloud/a999999/faces/dashboard.jspx
WebLogic Admin Consolehttps://oc-129-xxx-xxx-xxx.compute.oraclecloud.com:7001/console/
©2019 Attain, LLC
Cloud Administration
32
©2019 Attain, LLC
Cloud Administrator
So what are your expected duties as a Middleware
Cloud Administrator?
33
©2019 Attain, LLC
Administration: Backups
34
RMAN behind the scene
©2019 Attain, LLC
Administration: Patching
35
©2019 Attain, LLC
Firewall Management
36
©2019 Attain, LLC
SOACS and DBaaS Backups
37
SOACS and DBaaS backups may or may not be co-dependent
Can restore/delete, but manage available disk space manually
©2019 Attain, LLC
Monitoring
No monitoring out-of-the-box
Implement OEM Cloud Control or equivalent
38
©2019 Attain, LLC
Patching
Many zero downtime patches available
Manually, or some through cloud console
39
export ORACLE_HOME=/u01/app/oracle/middlewareexport PATCH_TOP=/u01/app/oracle/middleware/OPatchexport PATH=$PATCH_TOP:$PATHwhich opatchwhich unzipopatch versionopatch lsinventory -jre /u01/jdk/jrecd $PATCH_TOPunzip ~/patches/p24654879_122120_Generic.zipcd $PATCH_TOP/24654879opatch apply
©2019 Attain, LLC
Scaling
Scaling up or down
40
©2019 Attain, LLC
SSH Key Management
SSH key management
41
©2019 Attain, LLC
Deployment
Deployment (e.g., SOA, OSB, BAM, WSM, etc.)
And configuration (think OTD)
42
©2019 Attain, LLC
DNS Management
DNS managed independently
43
©2019 Attain, LLC
VPN Setup
VPN configuration, as needed
44
©2019 Attain, LLC
License Renewal
A non-metered plan is the way to go
May involve difficult migration during scale down
45
©2019 Attain, LLC
Customer #1 – Government Agency
46
©2019 Attain, LLC
Customer Use Case
Customer has a mix of Oracle and non-Oracle technologies
Leverages on-prem Oracle SOA Suite for integration
Requires a mechanism to catalog, document, and communicate APIs to
other business units
Prefer not, but open to cloud solutions
High-level requirements:
• Document and catalog services
• Track/monitor services
• Control access to services
• Secure services
• Automatically harvest services
47
©2019 Attain, LLC
API Gateway
An API Gateway is necessary for any inbound requests
Provides all necessary security, threat protection, SLA management,
analytics, and monitoring
48
Inte
gra
tion
Layer
security
monitoring
protection – DoS, throttling, etc.
Gate
way
©2019 Attain, LLC
API Gateway
An API Gateway is necessary for any inbound requests
Provides all necessary security, threat protection, SLA management,
analytics, and monitoring
49
Go
og
le A
pig
ee (
AP
I G
ate
way)
©2019 Attain, LLC
API Catalog
Publish and document developed APIs for reusability
Similar in concept to the Integration Repository
50
Inte
gra
tion
Pla
tform
service catalog – for documentation and reusability
AP
I
Cata
log
©2019 Attain, LLC
API Catalog
Publish and document developed APIs for reusability
Similar in concept to the Integration Repository
51
Ora
cle A
PI C
ata
log
Clo
ud
Serv
ice
©2019 Attain, LLC
Oracle API Product Landscape
Initial research and discovery identified 5 Oracle products
52
ProductLatest
Version
Cloud /
On-PremDesign Flow Gateway Catalog
Runtime
AccessComments
Oracle API Platform Cloud Service Cloud ✓ ✓ ✓ ✓
Oracle Apiary Cloud ✓ ✓ ✓ API-first (or design-first) development
Oracle API Gateway 11.1.2.4 On-Prem ✓ API security
Oracle API Manager 12.1.3.0 On-Prem ✓ ✓ Create, publish, secure APIs
Oracle API Catalog 12.1.3.0 On-Prem ✓ API management and visibility
©2019 Attain, LLC
Oracle API Product Landscape
Initial research and discovery identified 5 Oracle products
53
ProductLatest
Version
Cloud /
On-PremDesign Flow Gateway Catalog
Runtime
AccessComments
Oracle API Platform Cloud Service Cloud ✓ ✓ ✓ ✓
Oracle Apiary Cloud ✓ ✓ ✓ API-first (or design-first) development
Oracle API Gateway 11.1.2.4 On-Prem ✓ API security
Oracle API Manager 12.1.3.0 On-Prem ✓ ✓ Create, publish, secure APIs
Oracle API Catalog 12.1.3.0 On-Prem ✓ API management and visibility
Maintaining it, unenthusiastically
Currently not investing in it
No longer being sold
©2019 Attain, LLC
Full Lifecycle API Management Tools
54
API Gateway
API Management
Cloud Platform API Management
API Management
API Gateway
CA API Gateway
API Gateway
©2019 Attain, LLC
Customer #2 – Commercial Warranty Company
55
©2019 Attain, LLC
Sales Issues
56
Customer was not educated on the need for midtier,
OS, security, and database administration resources
No education to customer regarding PaaS
No oversight on disastrous Oracle Consulting
implementation
©2019 Attain, LLC
Consulting Issues
57
Bad code design• 20+ minute synchronous services
• Polling using 24-hour settings
• No HA adapter setup/testing
• Usage of IP addresses between services
Consultants attitude and competency
No deployment processes established
No environment validation after provisioning• No shared DBFS filesystem
• Deleted SOACS instances not fully deleted, associations still there
©2019 Attain, LLC
Operational Issues
58
Departed OCS consultant email address used in cloud
configurations
Minor SOACS product stability issues
©2019 Attain, LLC
Technical Issues
59
p24525712_122120_Generic.zip<Critical> <WebLogicServer> <BEA-000386> java.lang.IllegalStateException: trying to set illegal state, present state RESUMING, new state ADMIN
p24654879_122120_Generic.zipPeerSiteRecoveryLeaseMaintenance: Unable to create either connection or prepared statements for cross-site recovery
Email addresses tied to backup jobs
Complete environment restarts (due to associations) to add SSH keys
Complete environment restart to add more ASM disk space to DB servers
EM Console issues when saving properties
Service unavailability when starting/stopping composites
Inability to mount additional DBFS filesystems on midtier
Cloud operations not completing due to backend REST timeouts
serious
serious
serious
serious
©2019 Attain, LLC
Customer Feedback
60
Issue Details
Scaling No dynamic or auto
Interface Oracle Cloud UI inferior to AWS
Management Requires senior WebLogic and Oracle Database administrators; “Didn’t realize I had to hire a
DBA and middleware admin”
Talent Lack of qualified SOA talent; can use a Java programmer or Java/DevOps resource to pick up
AWS; had to use a niche consulting company; was not cheap
Technology AWS serverless technology was attractive
Cost Oracle required everything up front; AWS can “pay by the drink”; paying for something never
used; Oracle Database Extreme Edition needed for RAC
Zones AWS has 69 availability zones within 22 geographic regions; Oracle had to pay for equivalent
Entry Barrier to entry is lower for AWS, while Oracle appears to target large, Fortune 500 companies;
“Felt they lost the midsize company”
Licensing Moving to PostgresSQL on AWS because Oracle Database licensing on AWS cost prohibitive
“Just found AWS a better offering”
©2019 Attain, LLC
Pricing Issues
Database Edition impact on pricing
• Enterprise – additional performance and availability
• High Performance – plus all management packs, but no Active Data Guard, no in-memory, no
Oracle RAC One Node, no RAC
• Extreme Performance – no Oracle RAC One Node
61
Standard
Edition
Enterprise
Edition
Enterprise Edition
High Performance
Enterprise Edition
Extreme Performance
Single Instance ✓ ✓ ✓ ✓
Single Instance + Data Guard Standby ✓ ✓ ✓
Database Clustering + RAC ✓
Database Clustering + RAC and Data Guard
Standby✓
©2019 Attain, LLC
Security Issues
62
Cloud design issues:• Services and consoles publicly exposed
• OSB protected by WS-Security, but SOA services exposed
©2019 Attain, LLC
Pricing & Performance
63
©2019 Attain, LLC
Performance
64
Composite Name State Avg (ms) Min (ms) Max (ms) CountCompositeA Completed 185.938 76.000 234.400 24CompositeA Faulted 311.100 310.500 311.700 2CompositeD Completed 0.016 0.000 65.700 73,486CompositeD Rolled Back 15.450 15.100 15.800 2CompositeE Completed 0.257 0.100 239.100 213,775CompositeG Completed 11.674 0.700 205.300 20,223CompositeH Completed 0.456 0.000 5.200 922CompositeI Completed 0.001 0.000 53.100 191,252CompositeJ Completed 0.005 0.000 251.900 444,889CompositeK Completed 0.001 0.000 49.100 432,434CompositeL Completed 0.028 0.000 6.800 13,736CompositeM Completed 0.154 0.000 1103.900 722,540CompositeO Completed 0.598 0.000 284.500 274,928CompositeP Completed 0.358 0.000 1172.300 228,112CompositeQ Completed 135.773 0.300 219.900 40CompositeQ Faulted 331.300 331.300 331.300 1CompositeR Completed 32.700 32.700 32.700 1CompositeS Completed 0.001 0.000 0.700 5,611
1 OCPU midtier
2 OCPU database
©2019 Attain, LLC
Pricing
Non-metered service is the way to go
1 OCPU = 2 AWS EC2 vCPUs
65
Product Price Metric
SOA Cloud Service $2,750 OCPU/month
©2019 Attain, LLC
Q&A
66
©2019 Attain, LLC
To Continue the Discussion
67
Want to learn more about how
Attain is different?
Please contact us.
We’re eager to work with you.
Ahmed Aboulnaga
www.attain.com
©2019 Attain, LLC