Active Directory Penetration Testing, cionsystems.com.pdf
Oracle Service Bus 12c (12.2.1) What You Always Wanted to Know
1. Oracle Service Bus 12c
Everything You Always Wanted to
Know About OSB 12c But Were
Afraid to Ask
munz & more, 14-Nov 2016
2. Who’s that guy?
• Dr. Frank Munz
• Founded munz & more in 2007
• 15 years Oracle WebLogic
and Middleware
• Consulting and
High-End Training
• Three Oracle / Cloud books
• @frankmunz on Twitter
2Frank Munz 2016
3. The most comprehensive Oracle applications & technology content under one roof
Service Oriented Architecture?
Frank Munz 2016 #3
4. Interwoven mess with point to point integration
The Enemy
Portal
RichClient
WebApp
Fraud Billing Network CRM
web service? ->
Slide #4
Frank Munz 2016
5. General Questions
• Where is your business logic ?
• What if you need to change it?
• How many systems require changes if one
system changes …
– A service API
– A tranport protocol
Frank Munz 2016 #5
6. So how does the solution look then?
We talk about SOA. Will introduce and explain ...
• EAI
• BPM (Oracle BPM)
• BPEL (Oracle SOA Suite)
... and then see what role an OSB takes in SOA.
Frank Munz 2016 #6
7. EAI Characteristics
• Addresses the integration problem
-> Supports many technical protocols
• You need to deploy the solution (EAR / JVM),
like the old BEA WLI, Tibco Businessworks
• Does NOT support real business processes
-> Technical level, NOT business level
-> No long running processes (e.g. 10 years?)
-> Not good in versioning
-> Oracle Service Bus can do better
Slide#7
Frank Munz 2016
8. Drag and Drop Programming
BPM, EAI and
OSB:
They all have
executable,
graphical flow
diagrams.
Frank Munz 2016 #8
9. BPEL Characteristics
• Technical orchestration
• Often no human interaction
(yes, there is BPEL4People …)
• Can be stateful
• Medium-long running processes
-> Oracle SOA Suite has BPEL engine
Frank Munz 2016 #9
10. BPM Characteristics
• Business architect draws executable workflow that make
sense for business
• Human interaction: Forms etc.
• Long running processes supported
(e.g. 2 yearly vehicle inspection stickers, TÜV)
• Support different versions of long running processes
• Adaptive Case Management (ACM)
-> Oracle BPM provides all the above
Frank Munz 2016 #10
11. Service Bus
• Also addresses EAI aspects
but it's configuration driven!
• Service bus is stateless
• Supported protocols same as for EAI broker
• Not BPM, not BPEL, and more than EAI
-> Service Virtualization Layer
-> Oracle Service Bus
Slide#11Frank Munz 2016
12. SOA Definition
"Service-Oriented Architecture is an IT strategy
that organizes the discrete functions contained in
enterprise applications into interoperable,
standards-based services that can be combined
and reused quickly to meet business needs.“
from BEA / Oracle
Frank Munz 2016 #12
13. SOA Layers
What does OSB do?
Orchestration?
Choreography?
Composition?
S. Abeck, TH Karlsruhe
Frank Munz 2016 #13
14. Service Implementation
Service Virtualization and Compositon
Service Orchestration Service Choreography
BPEL
(technical flow)
Service Bus
Java EE .NET Go Scala
Governance
Repository
Registry
BPMN
(human Workflow)
Monitoring
ErrHospital
ESB and SOA: The Big Picture
Frank Munz 2016 14
15. The most comprehensive Oracle applications & technology content under one roof
OSB Overview
Frank Munz 2016 #15
16. Proxy and Business Service
Oracle Service Bus
ProxyB BusinessYClient2 ServiceImpl2
BusinessXProxyA ServiceImpl1
ServiceImpl1
Client1
Slide#16Frank Munz 2016
PipelineH
PipeJ PipeK
18. Transport and Binding Layer
Oracle Service Bus
ProxyServiceB BusinessServiceYClient2 ServiceImpl2
BusinessServiceXProxyServiceA ServiceImpl1
ServiceImpl1
Client1
Transport
Binding
Transport
Binding
Slide#18Frank Munz 2016
PL1
PL2
19. Context Variables
Slide#19Frank Munz 2016
Variables are filled automatically
logical variable Purpose
$header SOAP header for SOAP
Else: empty <soap:Header/>
$body SOAP body for SOAP
Else: <soap:Body> with entire payload
$attachements SOAP attachements
$fault typed error information
$inbound service, transport and security information
of inbound protocol
$outbound outbound protocol
$operation current operation
20. Separate Pipelines from Proxy
Frank Munz 2016 #20
Proxy Service
Pipeline
Business
Service
Proxy Service Pipeline Business
Service
OSB 11g OSB 12c: Pipelines are
not part of Proxy Service
and can be reused.
21. Service Bus
Client1 Client2 Client3 Client4
Service1 Service2 Service3
Client1 Client2 Client3 Client4
Service1 Service2 Service3
Direct, point-to-point connections
O(n^2) complexity
Service Bus Topology
O(n) complexity
ESB Reduced Architectural
Complexity
Frank Munz 2016 21
22. Service Bus VETO PatternClient with
data format
vehicle A
Service
requires
data format
Vehicle B
Validate Enrich Transform Operate
Service with
AdditionalData
ESB VETO Pattern
Frank Munz 2016 #22
24. Protocol Mix and Match
Usage example: Facade your Tuxedo legacy services
with web services
Slide#24
Frank Munz 2016
25. Security
• OSB is the core mediator service in SOA
-> central location for security
-> WS-Security standard based
• Inbound security (client to OSB)
• Outbound (OSB to service implementation)
• Authentication / Authorization
• Encrypt transport layer or message part
Frank Munz 2016 #25
28. Oracle Service Bus Cluster
Managed Server1
Managed Server2
WLS Cluster
Distributed OSB Cluster
ProxyService BusinessService
ServiceA
BusinessServiceProxyService
ServiceA
ServiceA
Load Balancer
Clients
Clients
Clients
Frank Munz 2016 #28
29. Service Bus Functionality Overview
• Loose coupling
• Location Transparency
• Schema Transformation and Validation
• Service Aggregation
• Load balancing, Clustering for Availability
• Security
• Monitoring
Configuration driven, stateless, and (incredibly) fast
Frank Munz 2016 #29
30. The most comprehensive Oracle applications & technology content under one roof
Highlights of OSB 12c
Frank Munz 2016 #30
31. SOA Quickstart
• Official quickstart avoids full installation
– 1 Installer, comes with JDeveloper
– No extra DB needed
– Used built-in WLS with compact domain
– Cannot be extended for prod
– Can we optimize it? Remove SOA Suite part?
32. XQuery
• Support for Xquery 1.0
(previously OSB 11g: XQuery 2004)
– Xquery modules / libraries
– Create via wizzard / save
– Reuse and import from JDeveloper
33. Based on JDeveloper 12.2.1
• No more support for Eclipse in12c
• Developers have to learn a new IDE
• Better integration with SOA Suite
Frank Munz 2016 #33
34. Pipelines
• Pipelines are not part of proxy anymore
• Reuse of pipelines?
• Templates
– Pipeline template editor -> error handling
– Linked (connected to template) or
unlinked (copy of template)
37. JavaScript Action
• New OSB 12c action
• Use Rhino JavaScript engine
• Works for REST and non-REST
• Quick and flexible
– Easier than Java callout: no .jar file
– Can access your .jar file
Frank Munz 2016 #37
38. Java Script Action
• Before invoking a script
OSB binds a variable process
• Use process variable and JS dot notation
to access variables:
pl = process.body ;
process.numberIterations = 7 ;
Frank Munz 2016 #38
39. Works in Log Actions
You can use JavaScript in Log/Report Actions
Frank Munz 2016 #39
40. Maven Support
• Maven is a build tool like ant (or make)
• Supports versioning and local repos of resources.
• Central file pom.xml
• Maven support in modern IDEs like Netbeans,
also in JDeveloper12c (but broken)
• Recommended read:
https://community.oracle.com/thread/3672819?start=0&t
start=0
Frank Munz 2016 #40
41. Native REST
• No virtualization layer
-> JSON payload is not
converted to XML
• New pipeline branch for REST
Frank Munz 2016 #41
42. Native REST
• To use it, start with
REST technology
adapter
• Pull it to External
Services lane
Frank Munz 2016 #42
43. Shared Variables
If PS1 declares and x and PS2 declares x,
then P2 sees updates in x from PS1
-> Use „Expand Shared Variable Section“
44. DMV
• Domain Value Maps
• Values are dynamically
changeable from EM console
45. New Consoles
• /servicebus is the new /sbconsole
with new L&F
• /em has most of the /sbconsole functionality for
monitoring / reports etc
-> functionality is split across two consoles
46. DB is Required as of OSB 12c
• RCU to create MDS
(meta data, artifacts, metrics etc.)
• More complex setup process
• OSB 11g could work without, kind of ….
Frank Munz 2016 #46
47. MDS
• Design time only support for MDS
• File based per default
• Import resources from MDS to project
48. Debug OSB Projects
Frank Munz 2016 #48
JDeveloper can debug OSB projects
Lets you set conditional breakpoints
49. Chef / Puppet
Scripted install that saves couple of hours?
In a standard way?
There are Puppet modules that install
EVERYTHING from Edwin Biemond:
https://github.com/biemond
Frank Munz 2016 #49
53. Java Mission Control
Java Mission Control comes
with JDK 1.7.0_40 or later
• Free for development
• Ported over from JRockit
• Detailed, graphical views
-> start with jmc
Frank Munz 2016 #53
55. Heap Overload
Quite often OSB is too fast , eg.
PS listening to JMS Q is a MDB with poolsize 16.
many msg -> too much garbage created on heap
• Review architecture if ESB is the right solution
• For PS listening to Q consider
maxTConstr 1..2
• Sometimes even maxTConstr does not fix it,
OSB is still too fast
Frank Munz 2016 #55
56. Heap Overload
• Bad, but feasible, solution: slow down service
invocation / Q troughput
• Can try tuning GC
– higher eden size for generational GC
– Different GC
(throughput vs. latency vs. G1 collector)
Frank Munz 2016 #56
57. Understand Your Threads
Single most important non default setting
• Systems in production can lock up even after
years working well because of threading issues
• Make sure a single service cannot take down
OSB
• Not easy to understand
Frank Munz 2016 #57
58. OSB Deadlocks
OSB can deadlock, e.g. BS returns from invocation,
but PS threads are all blocked:
• Configure BS and to use separate WM for with
small minTConstr to prevent deadlocks.
– WM settings for BS applies to response pipeline of PS
– Size of minTConstraint = 1
– SBDefaultResponseWM as of 11.x
Frank Munz 2016 #58
59. OSB Blocking
Sync invocation of potentially
blocking service can cause OSB to block
• Use read and cx timeouts wherever applicable:
– Service callout
– Business service transport layer setting
Frank Munz 2016 #59
60. OSB WMs
• We configure WMs per service for
– Deadlock prevention (minTConstr)
– Overload protection (maxTConstr)
– Monitoring (WMs are shown in admin console)
• Shared WMs are possible but bring other issues
– Oracle recommends them
Frank Munz 2016 #60
61. The most comprehensive Oracle applications & technology content under one roof
Oracle Cloud: SOA CS / ICS
Frank Munz 2016 #61
62. Cloud Services
• It will be hard to run OSB on AWS, GCP
-> we know this since 5 years
• Check out ICS and SOA CS instead
• SOA CS is marketed as iPaaS
= integration platform as a service
• Let’s look at the promises:
– Innovate faster
– Connect more
– Rapidly deliver value
Frank Munz 2016 #62
63. SOA CS
SOA CS includes the following components
(simple domain config wizzard)
• SOA Suite
• Service Bus
• Managed File Transfer
• API Management CS
Frank Munz 2016 #63
64. Key Benefits of PaaS
Cloud automation gives you:
• Quick and easy provisioning
• 100% compatible (runs on premise SCAs)
• Access to all consoles (EM, also WLS admin)
• Easy scaling
• One click ZDT patching
• Automated Backup
Frank Munz 2016 #64