PCI stands for Payment Card Industry consists of major credit card brands such as VISA, MasterCard, American Express, Discover Card, and JCB International formed as a consortium to create a Data Security Standard (DSS). This is popularly known as PCI DSS.
PCI DSS consists of 12 broad requirements such as protecting the network, protecting the data channel using SSL etc., implementing tight access control mechanism, protect the cardholder data etc.
Out of all the requirements protecting the card holder data is one requirement that generally takes most effort to implement, as the solution must be part of the core data and access.
Historically: for the applications that are part of mainframe and client/server applications, the solution is typically maintaining the public key as part of the client application in the form of a DLL or EXE to encrypt/decrypt the data.
Building Composite Applications: using SOA framework has it's own advantages but implementing the PCI compliance is on the disadvantage side. This is due to the reason of maintaining so many components that are loosely coupled, such as services, processes and composite services and J2EE applications that typically reside outside of the database.
The Solution is two fold:
1. Buy the technology that supports PCI compliance. Examples including a combination of technologies such as Oracle Advanced Security (ASO), Oracle Data Vault and/or Oracle Virtual Private Database (VPD).
2. Build a custom solution using encrypt / decrypt functions in the database using public/private key infrastructure.
We have implemented both the above solutions and has advantages based on the customer requirements and IT goals of the organization.
Friday, February 15, 2008
Thursday, February 14, 2008
Integration of Oracle SOA with mainframe technolgies
Recently, I was with a customer talking about SOA integration with legacy applications such as mainframe technologies and below is an image. I know this is a blog and supposed to write but I really felt that this picture is worth a thousand words.
Let me know your thoughts on this ...
How to enable debugging in Oracle ESB
Quite some times it is little frustrating to understand what happens inside Oracle ESB. It is because of Error reporting which is very limited and not to the point.
This can be resolved by enabling the ESB log level FINE in the Oracle application server control and below are the steps to do that.
1. Login into the Application Server Control at http://Server.Client.com:7777/em
2. Click on the oc4j_soa instance and Administration tab.
3. Click on Logger Configuration.
4. Now expand Root Logger / oracle to display the logger classes and the Log Level settings.
5. In the Log Level list, select the level FINE for the following classes
. oracle.tip.esb.server.common
. oracle.tip.esb.server.service
6. Restart the SOA suite to apply the changes and the logs can be found at
\\SERVER\\j2ee\oc4j_soa\application-deployments\esb-dt\oc4j_soa_default_group_1\application.log
\\SERVER\\j2ee\oc4j_soa\application-deployments\esb-rt\oc4j_soa_default_group_1\application.log
This can be resolved by enabling the ESB log level FINE in the Oracle application server control and below are the steps to do that.
1. Login into the Application Server Control at http://Server.Client.com:7777/em
2. Click on the oc4j_soa instance and Administration tab.
3. Click on Logger Configuration.
4. Now expand Root Logger / oracle to display the logger classes and the Log Level settings.
5. In the Log Level list, select the level FINE for the following classes
. oracle.tip.esb.server.common
. oracle.tip.esb.server.service
6. Restart the SOA suite to apply the changes and the logs can be found at
\\SERVER\\j2ee\oc4j_soa\application-deployments\esb-dt\oc4j_soa_default_group_1\application.log
\\SERVER\\j2ee\oc4j_soa\application-deployments\esb-rt\oc4j_soa_default_group_1\application.log
Wednesday, February 13, 2008
How to setup BPEL JNDI connection on the application server
At the time of BPEL process / ESB service deployment into Production/QA environment, the developer should remove the following entries to make sure the service is not accidentally uses the local DB connection settings. For the first time deployment, developer should request the system administrator to create JNDI location configuration. Once configured server connection pool will be applicable even if the below mcf.* Properties exists in the xxx.WSDL file.
-------------------------START--------------------------------
<jca:address location="eis/DB/App1" UIConnectionName="App1" />
<!-- ManagedConnectionFactory="oracle.tip.adapter.db.DBManagedConnectionFactory"
mcf.DriverClassName="oracle.jdbc.OracleDriver"
mcf.PlatformClassName="oracle.toplink.internal.databaseaccess.Oracle9Platform"
mcf.ConnectionString="jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=rac1)(PORT=1523))(ADDRESS=(PROTOCOL=TCP)(HOST=rac2)(PORT=1523))
(LOAD_BALANCE = yes)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = EENADU)
)
)"
mcf.UserName="app1"
mcf.Password="8234567129863157899ESDOWI3950MSXSOF" -->
-------------------------END------------------------------------------
If you want to wear the system administrator hat for a second, follow the below process to create the connection pool, data source and to configure the jndi location. This procedure is little different than the ESB.
1. Create the Connection Pool (eg. App1)
2. Create Data Source (eg. App1)
3. Goto /SERVER/j2ee/oc4j_soa/application-deployments/default/DbAdapter
4. Edit oc4j-ra.xml and add the folllowing
<connector-factory location="eis/DB/App1" connector-name="Database Adapter">
<config-property name="xADataSourceName" value="jdbc/App1"/>
<config-property name="dataSourceName" value=""/>
<config-property name="platformClassName" value="oracle.toplink.platform.database.Oracle9Platform"/>
<config-property name="usesNativeSequencing" value="true"/>
<config-property name="sequencePreallocationSize" value="50"/>
<config-property name="defaultNChar" value="false"/>
<config-property name="usesBatchWriting" value="true"/>
<connection-pooling use="none">
</connection-pooling>
<security-config use="none">
</security-config>
</connector-factory>
5. Restart the Application Server (or only OC4J_SOA instance)
6. Test the Web service using the following URL
7. http://server.client.com:7777/event/DefaultSystem/Service1 (here Service1 is the project)
8. Now test the service to check the validity of the configuration.
9. If you have any issues, you should be able to find the issue in BPEL domain logs.
-------------------------START--------------------------------
<jca:address location="eis/DB/App1" UIConnectionName="App1" />
<!-- ManagedConnectionFactory="oracle.tip.adapter.db.DBManagedConnectionFactory"
mcf.DriverClassName="oracle.jdbc.OracleDriver"
mcf.PlatformClassName="oracle.toplink.internal.databaseaccess.Oracle9Platform"
mcf.ConnectionString="jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=rac1)(PORT=1523))(ADDRESS=(PROTOCOL=TCP)(HOST=rac2)(PORT=1523))
(LOAD_BALANCE = yes)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = EENADU)
)
)"
mcf.UserName="app1"
mcf.Password="8234567129863157899ESDOWI3950MSXSOF" -->
-------------------------END------------------------------------------
If you want to wear the system administrator hat for a second, follow the below process to create the connection pool, data source and to configure the jndi location. This procedure is little different than the ESB.
1. Create the Connection Pool (eg. App1)
2. Create Data Source (eg. App1)
3. Goto /SERVER/j2ee/oc4j_soa/application-deployments/default/DbAdapter
4. Edit oc4j-ra.xml and add the folllowing
<connector-factory location="eis/DB/App1" connector-name="Database Adapter">
<config-property name="xADataSourceName" value="jdbc/App1"/>
<config-property name="dataSourceName" value=""/>
<config-property name="platformClassName" value="oracle.toplink.platform.database.Oracle9Platform"/>
<config-property name="usesNativeSequencing" value="true"/>
<config-property name="sequencePreallocationSize" value="50"/>
<config-property name="defaultNChar" value="false"/>
<config-property name="usesBatchWriting" value="true"/>
<connection-pooling use="none">
</connection-pooling>
<security-config use="none">
</security-config>
</connector-factory>
5. Restart the Application Server (or only OC4J_SOA instance)
6. Test the Web service using the following URL
7. http://server.client.com:7777/event/DefaultSystem/Service1 (here Service1 is the project)
8. Now test the service to check the validity of the configuration.
9. If you have any issues, you should be able to find the issue in BPEL domain logs.
How to create a new OC4J server instance in Oracle Application Server 10g
It is important to segregate all the custom/composite applications into a specific OC4J instance for better manageability and control.
Use the following on the server node to create a new OC4J server instance
./createinstance -instanceName CustomApps
Creating OC4J instance "CustomApps"...
Set OC4J administrator password for "CustomApps" (password text will not be displayed as it is entered):
Enter password:
Confirm password:
Now start the 'CustomApps' instance from /em website.
Use the following on the server node to create a new OC4J server instance
./createinstance -instanceName CustomApps
Creating OC4J instance "CustomApps"...
Set OC4J administrator password for "CustomApps" (password text will not be displayed as it is entered):
Enter password:
Confirm password:
Now start the 'CustomApps' instance from /em website.
How to find a string recursively in Unix / Linux
Quite interestingly there is no simple approach in UNIX / Linux to find a string in the files recursively. Here is the command that you can use
find . -type f -exec grep "string to find" {} \; -print
find . -type f -exec grep "string to find" {} \; -print
Saturday, February 9, 2008
Subscribe to:
Posts (Atom)