OPSS Keystore Service - centralised key management
31 Mar 2015 by Simon Haslam (in General)
This is a topic I've been meaning to write about for a while: FMW Infrastructure 12.1.2 introduced a rather nice OPSS Keystore Service (KSS) which is now used by default in SOA Suite 12.1.3 (and other 12c products soon no doubt).
As most readers will know WebLogic, and therefore the layered products that sit on top of it like SOA or WebCenter, uses Java Keystore files (.jks) to store server identity certificates and trust certificates/key-chains (before JKS people used flat files).
If you're building clusters you want to centralise configuration where possible to keep things simple - that's why it's nice to put things like the server memory parameters in the domain configuration. Unfortunately you still had to distribute (and later update) JKS files to each host... until KSS arrived.
What the Keystore Service does is to provide keystores to WebLogic server instances - at run-time from from a central place (the OPSS schema in the Fusion Middleware infrastructure repository).
Managing the Keystores
You can manually manage the keystores using EM Fusion Middleware Control, via the Security menu on the domain. By default you will have demo trust and demo identity keystores, for example created by the Configuration Wizard, but you can create your own and delete the demo ones. See the documentation at: https://docs.oracle.com/middleware/1213/idm/app-security/kssadm.htm.
Upgrading to SOA 12c and details of the next UKOUG Middleware SIG
19 Mar 2015 by Simon Haslam (in Events)
SOA 12c is the most important release of Oracle's flagship integration product set that we've seen for 5 years (when 11g was launched). Oracle has also now produced the first SOA 12c bundle patch-set (22.214.171.124.1) so in my opinion any new SOA installations should definitely be using 12c, and existing 11g users should be seriously considering upgrading to take advantage of the many new features.
For administrators what is particularly nice about this release is that a lot of work has clearly been put into the upgrade process, building on some of the changes introduced in WebLogic 12.1.2. The upgrade is actually surprisingly straightforward...[Read More]
What you need to know about the new ODA X5-2
21 Jan 2015 by Simon Haslam (in Hardware)
Today, as part of the "Next Generation of Oracle Engineered Systems" webcast, Larry Ellison launched the new X5 systems. This bullishly-titled post attempts to summarise what's new specifically with the ODA X5-2, and what's most important, especially for those using ODA Virtualized Platform (ODA VP) to build entire Oracle infrastructures as an appliance.
We've known since last September when Intel released the Haswell-EP processors (the E5-2600 v3 models) that there would likely be refreshes to many of Oracle's engineered systems. However for this year's ODA refresh there have been far more changes than the previous one (which was just the processor update and fibre option).
Summary of Changes
Here are the most significant changes in the ODA X5-2, as compared to the previous X4-2 generation, biased towards my perspective of running Fusion Middleware products, and associated databases, on ODA VP for O-box:
- Extra SSD on shared storage ("ODA Flash Accelerator") to hold some database data ("ODA Flash Cache") and ACFS metadata ("ODA Flash Files")
- 40Gb/s InfiniBand for interconnect between server nodes
- DDR4 memory with the option to upgrade to 768GB per node, so 1.5TB total
- SAS3, which runs at 12 Gb/s - I assume/hope this is for connections to server disks, internally within the array(s) and between the arrays and servers
White-box Server Build 2014 - Part 1
04 Jan 2015 by Simon Haslam (in Hardware)
Happy New Year readers! This post is about building a new "white-box" server to run VMware ESXi, using one of the latest Intel Core i7 "enthusiast" processors and components sourced in the last quarter of 2014 (hence the title). Rather than buying a server from a single vendor, such as HP or Oracle, white-box servers are those you build yourself, typically to get something tailored to your needs and at a much lower price.
Selecting compatible components is the most challenging part of building a white-box server especially if, like me, you don't do it very often since PC parts change very quickly. Component specifications depend very much on your requirements (e.g. games machine, HT PC, home lab server, NAS etc) so before I go further I'll describe mine.[Read More]
Nordic ACE Tour 2014
26 Oct 2014 by Simon Haslam (in Events)
Last week I was a speaker on the OTN sponsored Nordic ACE Director Tour 2014. It's well over a year now since I was kindly invited to take part but, as an "ACE Tour virgin," I wasn't really sure what to expect, so hopefully this non-technical article will help others in a similar position. Heli Helskyaho, a fellow speaker, has pipped me to the post so you can read about her experiences too.
The tour consisted of 4 one-day events in 4 countries on consecutive days - given my distance from London Heathrow this meant I was away from home for 6 days. I had offered 5 abstracts, most of which I'd actually presented elsewhere, but I also included the new EDG presentation that my good friend Jacco Landlust and I have submitted for a few conferences this autumn/winter. Each speaker delivered 2 presentations per day and the 4 user groups chose the sessions they wanted - for me that meant 4 out of my 5, for others it was the same 2 presentations given 4 times. What surprised me was that the event in each country had a different feel.
We started in Sweden in a Japanese-style health spa, in the countryside about an hour's drive away from the airport. This was a very peaceful setting for meetings though all guests were provided with kimonos and seemed to wear them around the hotel. Being almost the only one in the restaurant without one on Sunday evening I hopefully redeemed myself by spending the whole of the following day in one (over my normal clothes I hasten to add!)...