Oracle BPEL system is not a single server but instead an ecosystem of various servers. The BPEL ecosystem is considered to be down if any of its constituent elements are down. Hence monitoring the Oracle BPEL environment means monitoring each of the below entities:

BPEL Processes and Partner Links

Monitoring the health of BPEL processes is critical to meeting service-level agreements for your processes. You can probably ensure availability and meet service-level requirements by ensuring performance and functioning of the partner links your BPEL processes depend on and identifying problems in a proactive manner. The best approach is to automate tests to be performed at regular intervals and warn the admins when a particular partner link has an unscheduled service shutdown or a longer-than-expected response time.

BPEL Engine

The health of the BPEL engine is critical for your applications. Besides the status of the BPEL engine, you should also focus on statistics such as memory; CPU consumed; and business metrics such as open and closed instances, synchronous and asynchronous process latency, and load factors.

Dehydration Store

The BPEL engine stores process data in the dehydration store (typically a relational database). If you want high availability for your dehydration store, you will probably use a clustered database. Your database administrators should make sure that the database is available and performing properly.

Authentication Server

This is the server against which all your service access is authenticated. If the authentication server is down, none of your services will be usable. Hence, it is important that the authentication server is setup in a high-availability mode as well.

The Application Server on which the BPEL server is running

A typical BPEL engine runs in an application server environment. For example, Oracle BPEL Process Manager can be deployed on a J2EE-compliant application server such as Oracle Application Server, Oracle WebLogic, IBM WebSphere, or JBoss Application Server. The BPEL engine may depend on several resources and services provided by the application server, such as JDBC DataSource, JMS providers, JCA connectors, and shared libraries. The health of the application server, along with the performance of these resources, may directly influence the performance of your BPEL engine. Each application server provides several health indicator metrics. You should automate a mechanism that would proactively issue an alert before anything goes wrong with your application server.

All the activities described above can be summarized as a set of best practices followed to ensure the availability of your BPEL infrastructure:

• Establish service-level objectives for your BPEL processes and partner links.
• Keep a library of BPEL suitcases in your software library. It will help in rebuilding a system in case of server failure.
• Automate routine operations such as purging old process instances.
• Monitor the performance of partner links.
• Monitor the whole BPEL ecosystem, not just the BPEL engine.
• Keep track of BPEL ecosystem membership/topology changes.
• Keep a gold image of your configuration when everything is stable and keep updating it after every configuration change. This will help you find the cause of any possible problem due to configuration changes.
• Monitor BPEL server-specific J2EE artifacts such as the JMS queues and data sources used by the BPEL server in addition to J2EE constructs used by BPEL processes.
• Make sure that you select a management solution that can maximize your productivity and help you deliver maximum service through automation.

All conventional BI solutions offer a Web-based platform for reporting. A majority of them also have Excel and PDF adaptors to convert the Web-based reporting formats into Excel or PDF documents. These adaptors however transform the final output (the view) of the report into an Excel document. The end result is not necessarily what the end user desires since the transformation does not make use of the native Excel formatting and analysis features. As a result, the user will get his/her report in Excel without the ability to do anything further with it. This is not exactly what the end user wants. To circumvent this problem business users ‘cut-and-paste’ the relevant data from Web-reports or other data sources into their preferred Excel templates (created and managed individually by the user) making use of the native Excel features that assist them in their decision making requirements. The end result is a set of isolated Excel-based data marts, also referred as spreadmarts, propagated throughout the organization. These spreadmarts are uncontrolled, unverified, and prone to error due to manual intervention.

There is a strong need for a robust solution that addresses the business user need for Excel interactivity and IT requirement for control and manageability. One of the very few such tools that offer this functionality is BIRT Spreadsheet from Actuate. A report author uses the BIRT Spreadsheet Designer (that looks and feels like Excel) to build a report design. The report design acts as a blueprint for how the resultant spreadsheet report is to be generated by the server. The design defines:

• Where the data should be coming from – which data sources, datasets, queries, and parameters to use to filter the incoming data
• How the incoming data is to be presented in the report – how it is to be laid out and which charts, formulas, formatting, macros and other logic are to be used.

BIRT Spreadsheet Designer

Once the report design is complete, the report author can publish the produced report executable to the Actuate Reporting Server, called as iServer. The iServer manages all deployment aspects such as security, scheduling, versioning, presentation, etc. Once the report executable is published to the iServer, users with the right privileges can schedule the report; execute it on-demand to produce a fresh spreadsheet report document containing the latest data; or, elect to view a previously generated spreadsheet report document that is cached on the iServer. In all cases the user will receive an Excel file that is downloaded to the user’s desktop and is automatically opened within Microsoft Excel.

Sample Excel produced by BIRT Spreadsheet

Sample Excel produced by BIRT Spreadsheet

Sample Excel produced by BIRT Spreadsheet

Sample Excel produced by BIRT Spreadsheet

]]> http://kaizaramin.com/2010/04/06/excel-based-bi-using-birt-spreadsheet/feed/ 0 http://kaizaramin.com/2010/03/06/voip-encryption-in-a-surveillance-society/ http://kaizaramin.com/2010/03/06/voip-encryption-in-a-surveillance-society/#comments Sat, 06 Mar 2010 17:48:19 +0000 kaizar http://kaizaramin.com/?p=294 In one of my previous articles, I touched upon the basics of VoIP security. Recently I came across this YouTube video covering a seminar given by Phillip Zimmermann (the Father of PGP) talking about VoIP encryption for the Stanford University Computer Systems Colloquium. Basically, Zimmermann talks about ephemeral encryption of VoIP traffic using Diffie-Hellman key exchange. Its a lengthy video (1 hour 15 mins) but quite an interesting watch.

www.youtube.com/watch?v=IP39ISsX9o0

The Oracle Application Development Framework (ADF) combines the rich features of Oracle Forms such as sophisticated graphical components with easy database binding, drag and drop, WYSIWYG editing, transaction control, record locking, validation, query by example, and master-detail coordination along with the benefits of an online Java EE application such as distributed, platform-independent, Web-based, and with MVC support. It simplifies Java EE development by minimizing the need to write code that implements the application’s infrastructure allowing the users to focus on the features of the actual application and business logic. Oracle ADF provides these infrastructure implementations as part of the underlying framework.

Oracle ADF is based on the Model-View-Controller (MVC) design pattern. It further separates the model layer from the business services to enable service-oriented development of applications. The Oracle ADF architecture is based on four layers:

• The Business Services layer – provides access to data from various sources and handles business logic.

• The Model layer – provides an abstraction layer on top of the Business Services layer, enabling the View and Controller layers to work with different implementations of Business Services in a consistent way.

• The Controller layer – provides a mechanism to control the flow of the Web application.

• The View layer – provides the user interface of the application.

The key layer in the ADF architecture is the Business Services layer where all the business logic is embedded .This layer can be implemented in a wide variety of technologies including EJB, Web Services, POJO, Toplink, or ADF Business Components. The view layer provides a large range of AJAX based rich UI components that enhance the user experience of ADF applications. The model layer provides bulk of the automated code that ADF builds on. It facilitates the auto-binding between the rich UI components of the view layer and business logic components of the business services layer. Additional detail on Oracle ADF is available on their website.

The document management plan needs to be simple, executable, and practical. Any basic plan would have to address the below issues at a minimum.

Documents to be Managed

This might sound trivial but is a fundamental aspect that needs to be agreed upfront. You will have to define as to what pieces of information and data make a document in your organization and will be managed within the DMS. For example, are you only going to consider official and business documents or even personal documents owned by individuals. This decision will help you in capacity planning for the system. Needless to say that the larger the volume of documents you chose to manage the more complex the implementation.

Business Process for Managing the Documents

You need to identify all the approval cycles involved in handling the documents. For complex approval and communication cycles, the underlying product will have to support such customizations. You also need to address the Records Management and Retention Cycle of the documents managed by the DMS. All of your policy compliance will be handled in this section of your plan.

Users, Groups, and Roles

In this section of your plan you will have to list the potential users of the DMS and the logical categorization of groups. This will be entirely dependent on the organization structure followed in your business. Additionally you also need to identify the various roles that will be defined on the system. Some examples of roles include Reader, Writer, Publisher, Manager, Administrator, Reviewer, etc. Your users and groups will be given access to various sections of your DMS based on these pre-defined roles. You will also need to address the system administration here. Will the system be managed by a single administrator or will each department have a dedicated administrator. Based on that, the groups and roles defined on the system will have to be adjusted.

Folder Hierarchy

You will have to define the folder structure for organizing your files. Options could vary from a highly structured one with multiple levels of folder directories to a shallow single folder strategy.

Permission Hierarchy

The Groups, Roles, and Folder Hierarchy defined in the previous sections will have to be combined here to give a detailed permission hierarchy defining which user has what access on which folder. A lot will depend on the granularity of the groups and folder hierarchy outlined earlier. For example, the more levels of folders you have the more detailed is your security assignment. Having a very detailed security control might not always be the best thing since it will significantly increase your administrative maintenance.

Metadata

According to me this is the most important aspect and value-add for a DMS. A DMS without adequate metadata is nothing more than an access-controlled FTP server. The true benefit from a well implemented DMS is apparent from the ease with which documents can be searched and retrieved. Metadata (information about information) adds the relevant categories, keywords, and tags that assist in optimized indexing and retrieval of documents.  It is possible to capture the smallest detail about a document making it very easy for searching however the process must be sustainable and practical. It won’t make any sense to frustrate your end users while asking for more that 20 metadata attributes for every document they upload. Hence, in this section of your document management plan you concisely identify the key 5-8 attributes that will assist in the indexing and document retrieval process.

Having defined each of the above elements of your document management plan you can then proceed with the product selection phase identifying any system that caters to all your requirements. Having an effective document management plan is the first step of the process. The next steps are to execute the plan and to follow through regularly.

TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted or decrypted right before it is loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta data, etc).

Files can be copied to and from a mounted TrueCrypt volume just like they are copied to/from any normal disk (for example, by simple drag-and-drop operations). Files are automatically being decrypted on the fly (in memory/RAM) while they are being read or copied from an encrypted TrueCrypt volume. Similarly, files that are being written or copied to the TrueCrypt volume are automatically being encrypted on the fly (right before they are written to the disk) in RAM. Note that this does not mean that the whole file that is to be encrypted/decrypted must be stored in RAM before it can be encrypted/decrypted. There are no extra memory (RAM) requirements for TrueCrypt.

Practical Use

Some of the above technical description might sound too complex to be used by a normal (non-technical) computer user. However, in reality TrueCrypt is very simple to use. Lets say you have some important and confidential files such as MS Word documents, Powerpoint presentations, PDF documents, and your emails.  You want to have all of this data on your computer or USB drive, however only YOU should be able to read it even if someone else has physical access to the system.

TrueCrypt Volume

After installing TrueCrypt on your computer, you need to create a volume. A volume is nothing but a logical disk partition that will contain all your secured and encrypted data. This volume will reside as a normal file on your computer. You can give it any name, e.g. “My Encrypted Data”. While you create your volume you will be asked to mention the volume location, encryption algorithm (AES, Twofish, etc), volume size, and the volume password.

Mount Volume

Once you have created a volume, you can then mount it on your computer as a normal drive and use it just like you would use your C: or D: . The benefit you get here is just before the data is written to the mounted drive it is encrypted and likewise decrypted when data is read from it. When the drive is unmounted, the volume resides on your computer like a regular data file with some encrypted binary text that no one can understand. The volume container can be treated as a regular file and can be copied on USB or transferred to another computer where it can be mounted to a drive again using TrueCrypt, thereby giving you portability with your secured data.

TrueCrypt is an open source application and is FREE. If you are skeptical about using a freebie application for protecting your confidential data, think again. Some of the best brains in the realm of security (Bruce Schneier, Joanna Rutkowska) have given it a serious look in terms of breaking its security. Like every security system hackers will continuously try to break it while the application will evolve to thwart these attacks. Having said that, TrueCrypt is quite an impressive tool to achieve security and confidentiality of your important data without having to pay for commercial products which pretty much do the same thing.

SugarCRM Dashboard

Based on PHP and MySql, SugarCRM provides all the advanced features available in any commercial CRM software. There are four main entities in the SugarCRM system.

Account: An account is any customer organization/company that you are or will do business with.

Contact: Contacts are people that you are or will be communicating with. Contacts can be independent or be associated with your accounts.

Opportunities: This represents any sales or commercial prospect you might have with an account.

Lead: A lead is a potential prospect that you want to follow but has not yet become a Contact or Account.

Initially your customer will be entered as a Lead. Once the lead develops, it can be converted into Contact or an Account. An Account can have multiple Contacts and Opportunities.  There is also a notion of Activity such as Meeting, Email, Call, and Task that can be associated with either of the entities described above (Lead, Contact, Account, and Opportunity).  Hence while viewing an Account you can get a good understanding of all the contacts & opportunities associated with it along with the history of activities such as meetings and follow-up calls actioned or planned with that account.

To add to the functionality, SugarCRM allows you to create marketing campaigns such as email or newsletter campaigns. All leads, accounts, and opportunities can be linked with a particular campaign allowing you to measure the ROI of that marketing campaign. If you are interested in the domain of Customer Service, SugarCRM also allows you to create and track issues (cases) and bugs. These issues and bugs can also be linked to Accounts giving you a complete 360 view into you customer history.

The community (free) edition of the software provides all the above functionality along with some basic reporting. However, the commercial version offers some additional features and a more advanced reporting. Additionally, the SugarExchange platform offers a wide array of third-party created modules further increasing the value-add of SugarCRM

There are a few problems with this approach, though. One is that it doesn’t take complete advantage of modern server’s processing power. Most servers use only a small fraction of their overall processing capabilities. Another problem is that as a computer network gets larger and more complex, the servers begin to take up a lot of physical space. A data center might become overcrowded with racks of servers consuming a lot of power and generating heat. Last but not the least, dedicating individual machines for each application certainly increases the infrastructure and hardware costs of any organization.

Server virtualization attempts to address all of the above issues. By using specially designed software, an administrator can convert one physical server into multiple virtual machines. Each virtual server acts like a unique physical device, capable of running its own operating system (OS).

There are three ways to create virtual servers: full virtualization, para-virtualization and OS-level virtualization. They all share a few common traits. The physical server is called the host. The virtual servers are called guests. The virtual servers behave like physical machines. Each system uses a different approach to allocate physical server resources to virtual server needs.

Full virtualization uses a special kind of software called a hypervisor. The hypervisor interacts directly with the physical server’s CPU and disk space. It serves as a platform for the virtual servers’ operating systems. The hypervisor keeps each virtual server completely independent and unaware of the other virtual servers running on the physical machine. Each guest server runs on its own OS. You can even have one guest running on Linux and another on Windows. The hypervisor monitors the physical server’s resources. As virtual servers run applications, the hypervisor relays resources from the physical machine to the appropriate virtual server. Hypervisors have their own processing needs, which means that the physical server must reserve some processing power and resources to run the hypervisor application. This can impact overall server performance and slow down applications. VMware and Microsoft Virtual Server both use the full virtualization model.

The para-virtualization approach is a little different. Unlike the full virtualization technique, the guest servers in a para-virtualization system are aware of one another. A para-virtualization hypervisor doesn’t need as much processing power to manage the guest operating systems, because each OS is already aware of the demands the other operating systems are placing on the physical server. The entire system works together as a cohesive unit. Xen and UML both use the para-virtualization model.

An OS-level virtualization approach doesn’t use a hypervisor at all. Instead, the virtualization capability is part of the host OS, which performs all the functions of a fully virtualized hypervisor. The biggest limitation of this approach is that all the guest servers must run the same OS. Each virtual server remains independent from all the others, but you can’t mix and match operating systems among them. Because all the guest operating systems must be the same, this is called a homogeneous environment.Virtuozzo and Solaris Zones both use OS-level virtualization.

Encryption and Decryption

Data that can be read and understood without any special measures is called plaintext or cleartext. The method of disguising plaintext in such a way as to hide its substance is called encryption. Encrypting plaintext results in unreadable gibberish called ciphertext. You use encryption to ensure that information is hidden from anyone for whom it is not intended, even those who can see the encrypted data. The process of reverting ciphertext to its original plaintext is called decryption.

What is Cryptography?

Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended recipient.

How does cryptography work?

A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process. A cryptographic algorithm works in combination with a key — a word, number, or phrase — to encrypt the plaintext. The same plaintext encrypts to different ciphertext with different keys. The security of encrypted data is entirely dependent on two things: the strength of the cryptographic algorithm and the secrecy of the key.

A cryptographic algorithm, plus all possible keys and all the protocols that make it work comprise a cryptosystem. PGP is a cryptosystem.

Conventional Cryptography

In conventional cryptography, also called secret-key or symmetric-key encryption, one key is used both for encryption and decryption. The Data Encryption Standard (DES) is an example of a conventional cryptosystem that is widely employed by the US Federal Government.

Key management and conventional encryption

Conventional encryption has benefits. It is very fast. It is especially useful for encrypting data that is not going anywhere. However, conventional encryption alone as a means for transmitting secure data can be quite expensive simply due to the difficulty of secure key distribution.

For a sender and recipient to communicate securely using conventional encryption, they must agree upon a key and keep it secret between themselves. If they are in different physical locations, they must trust a courier, the Bat Phone, or some other secure communication medium to prevent the disclosure of the secret key during transmission. Anyone who overhears or intercepts the key in transit can later read, modify, and forge all information encrypted or authenticated with that key.

Public key cryptography

Public key cryptography is an asymmetric scheme that uses a pair of keys for encryption: a public key, which encrypts data, and a corresponding private, or secret key for decryption. You publish your public key to the world while keeping your private key secret. Anyone with a copy of your public key can then encrypt information that only you can read. Even people you have never met.

It is computationally infeasible to deduce the private key from the public key. Anyone who has a public key can encrypt information but cannot decrypt it. Only the person who has the corresponding private key can decrypt the information. The primary benefit of public key cryptography is that it allows people who have no preexisting security arrangement to exchange messages securely. The need for sender and receiver to share secret keys via some secure channel is eliminated; all communications involve only public keys, and no private key is ever transmitted or shared.

How PGP works

PGP combines some of the best features of both conventional and public key cryptography. PGP is a hybrid cryptosystem. When a user encrypts plaintext with PGP, PGP first compresses the plaintext. Data compression saves modem transmission time and disk space and, more importantly, strengthens cryptographic security. Most cryptanalysis techniques exploit patterns found in the plaintext to crack the cipher. Compression reduces these patterns in the plaintext, thereby greatly enhancing resistance to cryptanalysis. (Files that are too short to compress or which don’t compress well aren’t compressed.)

PGP then creates a session key, which is a one-time-only secret key. This key is a random number generated from the random movements of your mouse and the keystrokes you type. This session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext; the result is ciphertext. Once the data is encrypted, the session key is then encrypted to the recipient’s public key. This public key-encrypted session key is transmitted along with the ciphertext to the recipient.

Decryption works in the reverse. The recipient’s copy of PGP uses his or her private key to recover the temporary session key, which PGP then uses to decrypt the conventionally-encrypted ciphertext.

The combination of the two encryption methods combines the convenience of public key encryption with the speed of conventional encryption. Conventional encryption is about 1,000 times faster than public key encryption. Public key encryption in turn provides a solution to key distribution and data transmission issues. Used together, performance and key distribution are improved without any sacrifice in security.

To understand these concepts in detail and read on additional topics such as Keys, Signatures, Digital Certificates, and Trust I would strongly suggest you take a look at the original article.

At its base level Telepresence can constitute a television set since it stimulates our primary senses of vision and hearing. As the screen size increases, the sense of immersion increases too. Let’s say for example iMAX screens or even large corporate video conference environments. At its highest level, Telepresence can become a Star Trek style virtual presence in 3D. It would seem that virtual presence concepts are far from reality and only hold place in sci-fi movies. Well, the YouTube video below will prove you wrong. It is very much a reality and several companies are working on it big time.

Cisco Telepresence Magic

www.youtube.com/watch?v=rcfNC_x0VvE