All cloud service providers support seamless cloud automation and management through a REST API architecture allowing for single tasks or complex multi-step orchestrations to be created. REST has become the de facto standard for these cloud interfaces because of its ease of us, communication over HTTP, and wide support of nearly all programming languages and operating systems.
Where do you start? How do you decipher the API documentation? Where do you authenticate? And how do you create cloud resources programmatically?
This presentation walks through the fundamentals of REST, how its invoked through cURL, as well as a live demonstration of the automated provisioning of Oracle Cloud services through cURL/REST.
Automating Cloud Operations - Everything you wanted to know about cURL and RE...Revelation Technologies
All cloud service providers support seamless cloud automation and management through a REST API architecture allowing for single tasks or complex multi-step orchestrations to be created. REST has become the de facto standard for these cloud interfaces because of its ease of us, communication over HTTP, and wide support of nearly all programming languages and operating systems.
Where do you start? How do you decipher the API documentation? Where do you authenticate? And how do you create cloud resources programmatically?
This presentation walks through the fundamentals of REST, how its invoked through cURL, as well as a live demonstration of the automated provisioning of Oracle Cloud services through cURL/REST.
DEMYSTIFYING REST
Kirsten Jones
REST web services are everywhere! It seems like everything you want is available via a web service, but getting started with one of these web services can be overwhelming – and debugging the interactions bewilders some of the smartest developers I know. In this talk, I will talk about HTTP, how it works, and how to watch and understand the traffic between your system and the server. From there I’ll proceed to REST – how REST web services layer on top of HTTP and how you can expect a REST web service to behave. We’ll go over how to monitor and understand requests and responses for these services. Once we’ve covered that, I’ll talk about how OAuth is used for authentication in the framework of a REST application. PHP code samples will be shown for interacting with an OAuth REST web service, and I will cover http monitoring tools for multiple OS’s. When you’re done with this talk you’ll understand enough about REST web services to be able to get started confidently, and debug many of the common issues you may encounter.
Automate your automation with Rudder’s API! \o/RUDDER
Rudder comes with a complete REST API which provides access to all data available within Rudder so you can automate your configuration automation without using the web interface.
Using it, you can create tools (scripts, UI) adapted to your environment to automate common tasks in Rudder (Change a single setting in a Directive? Enable or disable a Rule according on customer request? Accept new nodes via a third party interface) or integrate existing tools like your CMDB, monitoring or even a KPI-reporting system.
We try to provide lot of documentation and make it as user friendly as possible, but it’s not always easy to realise exactly what the API can do, or figure out to best use it.
In this hands-on session, I will first explain how Rudder API works and is organized. Then, we will practice our knowledge (and our Python) to create a tool over Rudder API.
How to build Simple yet powerful API.pptxChanna Ly
How to build simple yet powerful API from novice to professional. API for beginners, API for gurus, Enterprise level API, REST API, JWT API, Deep dive.
Automating Cloud Operations - Everything you wanted to know about cURL and RE...Revelation Technologies
All cloud service providers support seamless cloud automation and management through a REST API architecture allowing for single tasks or complex multi-step orchestrations to be created. REST has become the de facto standard for these cloud interfaces because of its ease of us, communication over HTTP, and wide support of nearly all programming languages and operating systems.
Where do you start? How do you decipher the API documentation? Where do you authenticate? And how do you create cloud resources programmatically?
This presentation walks through the fundamentals of REST, how its invoked through cURL, as well as a live demonstration of the automated provisioning of Oracle Cloud services through cURL/REST.
DEMYSTIFYING REST
Kirsten Jones
REST web services are everywhere! It seems like everything you want is available via a web service, but getting started with one of these web services can be overwhelming – and debugging the interactions bewilders some of the smartest developers I know. In this talk, I will talk about HTTP, how it works, and how to watch and understand the traffic between your system and the server. From there I’ll proceed to REST – how REST web services layer on top of HTTP and how you can expect a REST web service to behave. We’ll go over how to monitor and understand requests and responses for these services. Once we’ve covered that, I’ll talk about how OAuth is used for authentication in the framework of a REST application. PHP code samples will be shown for interacting with an OAuth REST web service, and I will cover http monitoring tools for multiple OS’s. When you’re done with this talk you’ll understand enough about REST web services to be able to get started confidently, and debug many of the common issues you may encounter.
Automate your automation with Rudder’s API! \o/RUDDER
Rudder comes with a complete REST API which provides access to all data available within Rudder so you can automate your configuration automation without using the web interface.
Using it, you can create tools (scripts, UI) adapted to your environment to automate common tasks in Rudder (Change a single setting in a Directive? Enable or disable a Rule according on customer request? Accept new nodes via a third party interface) or integrate existing tools like your CMDB, monitoring or even a KPI-reporting system.
We try to provide lot of documentation and make it as user friendly as possible, but it’s not always easy to realise exactly what the API can do, or figure out to best use it.
In this hands-on session, I will first explain how Rudder API works and is organized. Then, we will practice our knowledge (and our Python) to create a tool over Rudder API.
How to build Simple yet powerful API.pptxChanna Ly
How to build simple yet powerful API from novice to professional. API for beginners, API for gurus, Enterprise level API, REST API, JWT API, Deep dive.
[drupalday2017] - Drupal come frontend che consuma servizi: HTTP Client ManagerDrupalDay
Proviamo a gettare un nuovo standard per la gestione delle sorgenti e per la presentazione di dati nelle istanze Drupal che consumano servizi. Perchè ne abbiamo bisogno e come i Guzzle Service Description possono salvarci la vita.
di Adriano Cori
This set of slides showcases how you can interact with PowerVC via its OpenStack-based REST APIs. It also demonstrates how to mimic the REST APIs made from your web browser in familiar command line utilities like curl.
Enterprise API adoption has gone beyond predictions. It has become the ‘coolest’ way of exposing business functionalities to the outside world. Both your public and private APIs, need to be protected, monitored and managed. This talk focuses on API Security. There are so many options out there to make someone easily confused. When to select one over the other is always a question – and you need to deal with it quite carefully to identify and isolate the tradeoffs.
Security is not an afterthought. It has to be an integral part of any development project – so as for APIs. API security has evolved a lot in last five years. The growth of standards, out there, has been exponential. The talk will elaborate how to build an ecosystem for API security around OAuth 2.0, OpenID Connect, UMA, SAML, SCIM and XACML.
How APIs Can Be Secured in Mobile EnvironmentsWSO2
To view recording of this webinar please use below URL:
http://wso2.com/library/webinars/2015/08/how-apis-can-be-secured-in-mobile-environments/
In this session, Shan, director of mobile architecture at WSO2 will discuss:
What makes mobile API authentication different from traditional API authentication
Best practices for implementing mobile API security
What WSO2 API Manager provides for mobile developers
[CB16] Esoteric Web Application Vulnerabilities by Andrés RianchoCODE BLUE
This talk will show esoteric web application vulnerabilities in detail, these vulnerabilities would be missed in a quick review by most security consultants, but could lead to remote code execution, authentication bypass and purchasing items in merchants using Paypal as their payment gateway without actually paying. SQL injections are dead, and I don’t care: let's explore the world of null, nil and NULL; noSQL injections; host header injections that lead to phone call audio interception; paypal’s double spent and Rails’ MessageVerifier remote code execution.
--- Andres Riancho
Andrés Riancho is an application security expert that currently leads the community driven, Open Source, w3af project and provides in-depth Web Application Penetration Testing services to companies around the world.
In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS, contributed with SAP research performed at one of his former employers and reported vulnerabilities in hundreds of web applications.
His main focus has always been the Web Application Security field, in which he developed w3af, a Web Application Attack and Audit Framework used extensively by penetration testers and security consultants.
Andrés has spoken and hold trainings at many security conferences around the globe, like BlackHat (USA and Europe), SEC-T (Sweden),DeepSec (Austria), PHDays (Moscow), SecTor (Toronto), OWASP (Poland),CONFidence (Poland), OWASP World C0n (USA), CanSecWest (Canada),PacSecWest (Japan), T2 (Finland) and Ekoparty (Buenos Aires).
Andrés founded Bonsai Information Security, a web security focused consultancy firm, in 2009 in order to further research into automated Web Application Vulnerability detection and exploitation.
Mastering Microservices with Kong (DevoxxUK 2019)Maarten Mulders
When architecting microservice solutions, you'll often find yourself struggling with cross-cutting concerns. Think security, rate limiting, access control, monitoring, location-aware routing… Things can quickly become a nightmare.
The API Gateway pattern can help you solve such problems in an elegant and uniform way. Using Kong, an open source product, you can get started today. In this session we'll look at the why and how of this approach.
At Adobe APIs are powering the next generation of Creative applications.
Mesos makes it very easy and fun to deploy and run Robust and Scalable Microservices in the Cloud. Today's technologies offer simple solutions to create RESTfull services while Mesos brings them to life faster.
As the number of microservices increase and the inter communication between them becomes more complicated, we soon realize we have new questions awaiting our answers: how do microservices authenticate ? how do we monitor who's using the APIs they expose ? How do we protect them from attacks ? How do we set throttling and rate limiting rules across a cluster of microservices ? How do we control which service allows public access and which one we want to keep private ? How about Mesos APIs and its frameworks ? Can they benefit from these features as well ?
Come and learn a scalable architecture to manage microservices in Mesos by integrating an API Management layer inside your Mesos clusters. This presentation will show you what an API Management layer is, what it's composed of and how it can help you expose microservices in a secure,managed and highly-available way, even in multi-Mesos cluster setups.
During this session you will also have the opportunity to learn how Adobe's API Platform solved this problem, where it is today and what it envisions do to with Mesos further.
If you're working with microservices already or you're creating new ones then this presentation is for you. Come and learn how Mesos together with an API management layer will make you a microservices hero in your organisation. At Adobe APIs are powering the next generation of Creative applications.
APIs are one of the main elements of cloud services. All major cloud service providers expose REST APIs to allow you to programmatically access their services and capabilities. SOAP and REST are the two most common ways of exposing APIs, whether to external, partner, cloud, or internal developers.
The concept of API management is to publish these web APIs for consumption, and includes capabilities such as monitoring, security, and documentation.
This presentation introduces basic concepts of APIs, API management, cloud REST services, and a brief walkthrough of WSO2 API Manager and the Oracle API Gateway to see how you can centrally publish, expose, and secure APIs, essentially virtualizing your backend services.
Design Summit - RESTful API Overview - John HardyManageIQ
This is an overview of the new RESTful API in the ManageIQ Anand release. Build cross-cloud applications and management systems using ManageIQ as a developer platform.
More more on ManageIQ, see http://manageiq.org/
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...iMasters
Erick Tedeschi fala sobre Segurança de identidade digital levando em consideração uma arquitetura de microserviço no InterCon 2016.
Saiba mais em http://intercon2016.imasters.com.br/
The Linux operating system accounts for 90% of all servers provisioned in the cloud, thus its security becomes of the utmost importance. Proactively securing Linux becomes especially critical in order to protect against expanding cybersecurity threats. However, most Linux patching is traditionally disruptive and requires planning and downtime.
Oracle Cloud offers a number of services to help manage operating system security at a large scale: OS Management Service (to monitor and manage patching), Oracle Ksplice (for non-disruptive patching), Oracle Autonomous Linux (self-managed Linux operating system), and the Vulnerability Scanning Service (to scan hosts and containers).
This presentation starts with general operating system security concepts, as well as a brief overview of CVEs and zero-day vulnerabilities, and walks through each of the Oracle Cloud operating system security offerings. Multiple live demos will be accompanied during the presentation.
Infrastructure-as-Code, or IaC, has gained momentum in the past several years with the explosion of cloud computing. IaC helps automate and manage infrastructure provisioning of your cloud resources. Even small infrastructure footprints can benefit from IaC. It can become difficult to manage and maintain hundreds, if not thousands, of individual configuration settings in your infrastructure. Enter Terraform, an open-source IaC software tool created in 2014.
This presentation walks through the fundamentals of Terraform, and where and how it can benefit you in your cloud infrastructure provisioning. A live demo will showcase the provisioning of an entire Oracle Cloud infrastructure from scratch, in a matter of minutes, including compartments, networking, compute, and database, for both a development and production environments.
More Related Content
Similar to Automating Cloud Operations: Everything You Wanted to Know about cURL and REST
[drupalday2017] - Drupal come frontend che consuma servizi: HTTP Client ManagerDrupalDay
Proviamo a gettare un nuovo standard per la gestione delle sorgenti e per la presentazione di dati nelle istanze Drupal che consumano servizi. Perchè ne abbiamo bisogno e come i Guzzle Service Description possono salvarci la vita.
di Adriano Cori
This set of slides showcases how you can interact with PowerVC via its OpenStack-based REST APIs. It also demonstrates how to mimic the REST APIs made from your web browser in familiar command line utilities like curl.
Enterprise API adoption has gone beyond predictions. It has become the ‘coolest’ way of exposing business functionalities to the outside world. Both your public and private APIs, need to be protected, monitored and managed. This talk focuses on API Security. There are so many options out there to make someone easily confused. When to select one over the other is always a question – and you need to deal with it quite carefully to identify and isolate the tradeoffs.
Security is not an afterthought. It has to be an integral part of any development project – so as for APIs. API security has evolved a lot in last five years. The growth of standards, out there, has been exponential. The talk will elaborate how to build an ecosystem for API security around OAuth 2.0, OpenID Connect, UMA, SAML, SCIM and XACML.
How APIs Can Be Secured in Mobile EnvironmentsWSO2
To view recording of this webinar please use below URL:
http://wso2.com/library/webinars/2015/08/how-apis-can-be-secured-in-mobile-environments/
In this session, Shan, director of mobile architecture at WSO2 will discuss:
What makes mobile API authentication different from traditional API authentication
Best practices for implementing mobile API security
What WSO2 API Manager provides for mobile developers
[CB16] Esoteric Web Application Vulnerabilities by Andrés RianchoCODE BLUE
This talk will show esoteric web application vulnerabilities in detail, these vulnerabilities would be missed in a quick review by most security consultants, but could lead to remote code execution, authentication bypass and purchasing items in merchants using Paypal as their payment gateway without actually paying. SQL injections are dead, and I don’t care: let's explore the world of null, nil and NULL; noSQL injections; host header injections that lead to phone call audio interception; paypal’s double spent and Rails’ MessageVerifier remote code execution.
--- Andres Riancho
Andrés Riancho is an application security expert that currently leads the community driven, Open Source, w3af project and provides in-depth Web Application Penetration Testing services to companies around the world.
In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS, contributed with SAP research performed at one of his former employers and reported vulnerabilities in hundreds of web applications.
His main focus has always been the Web Application Security field, in which he developed w3af, a Web Application Attack and Audit Framework used extensively by penetration testers and security consultants.
Andrés has spoken and hold trainings at many security conferences around the globe, like BlackHat (USA and Europe), SEC-T (Sweden),DeepSec (Austria), PHDays (Moscow), SecTor (Toronto), OWASP (Poland),CONFidence (Poland), OWASP World C0n (USA), CanSecWest (Canada),PacSecWest (Japan), T2 (Finland) and Ekoparty (Buenos Aires).
Andrés founded Bonsai Information Security, a web security focused consultancy firm, in 2009 in order to further research into automated Web Application Vulnerability detection and exploitation.
Mastering Microservices with Kong (DevoxxUK 2019)Maarten Mulders
When architecting microservice solutions, you'll often find yourself struggling with cross-cutting concerns. Think security, rate limiting, access control, monitoring, location-aware routing… Things can quickly become a nightmare.
The API Gateway pattern can help you solve such problems in an elegant and uniform way. Using Kong, an open source product, you can get started today. In this session we'll look at the why and how of this approach.
At Adobe APIs are powering the next generation of Creative applications.
Mesos makes it very easy and fun to deploy and run Robust and Scalable Microservices in the Cloud. Today's technologies offer simple solutions to create RESTfull services while Mesos brings them to life faster.
As the number of microservices increase and the inter communication between them becomes more complicated, we soon realize we have new questions awaiting our answers: how do microservices authenticate ? how do we monitor who's using the APIs they expose ? How do we protect them from attacks ? How do we set throttling and rate limiting rules across a cluster of microservices ? How do we control which service allows public access and which one we want to keep private ? How about Mesos APIs and its frameworks ? Can they benefit from these features as well ?
Come and learn a scalable architecture to manage microservices in Mesos by integrating an API Management layer inside your Mesos clusters. This presentation will show you what an API Management layer is, what it's composed of and how it can help you expose microservices in a secure,managed and highly-available way, even in multi-Mesos cluster setups.
During this session you will also have the opportunity to learn how Adobe's API Platform solved this problem, where it is today and what it envisions do to with Mesos further.
If you're working with microservices already or you're creating new ones then this presentation is for you. Come and learn how Mesos together with an API management layer will make you a microservices hero in your organisation. At Adobe APIs are powering the next generation of Creative applications.
APIs are one of the main elements of cloud services. All major cloud service providers expose REST APIs to allow you to programmatically access their services and capabilities. SOAP and REST are the two most common ways of exposing APIs, whether to external, partner, cloud, or internal developers.
The concept of API management is to publish these web APIs for consumption, and includes capabilities such as monitoring, security, and documentation.
This presentation introduces basic concepts of APIs, API management, cloud REST services, and a brief walkthrough of WSO2 API Manager and the Oracle API Gateway to see how you can centrally publish, expose, and secure APIs, essentially virtualizing your backend services.
Design Summit - RESTful API Overview - John HardyManageIQ
This is an overview of the new RESTful API in the ManageIQ Anand release. Build cross-cloud applications and management systems using ManageIQ as a developer platform.
More more on ManageIQ, see http://manageiq.org/
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...iMasters
Erick Tedeschi fala sobre Segurança de identidade digital levando em consideração uma arquitetura de microserviço no InterCon 2016.
Saiba mais em http://intercon2016.imasters.com.br/
The Linux operating system accounts for 90% of all servers provisioned in the cloud, thus its security becomes of the utmost importance. Proactively securing Linux becomes especially critical in order to protect against expanding cybersecurity threats. However, most Linux patching is traditionally disruptive and requires planning and downtime.
Oracle Cloud offers a number of services to help manage operating system security at a large scale: OS Management Service (to monitor and manage patching), Oracle Ksplice (for non-disruptive patching), Oracle Autonomous Linux (self-managed Linux operating system), and the Vulnerability Scanning Service (to scan hosts and containers).
This presentation starts with general operating system security concepts, as well as a brief overview of CVEs and zero-day vulnerabilities, and walks through each of the Oracle Cloud operating system security offerings. Multiple live demos will be accompanied during the presentation.
Infrastructure-as-Code, or IaC, has gained momentum in the past several years with the explosion of cloud computing. IaC helps automate and manage infrastructure provisioning of your cloud resources. Even small infrastructure footprints can benefit from IaC. It can become difficult to manage and maintain hundreds, if not thousands, of individual configuration settings in your infrastructure. Enter Terraform, an open-source IaC software tool created in 2014.
This presentation walks through the fundamentals of Terraform, and where and how it can benefit you in your cloud infrastructure provisioning. A live demo will showcase the provisioning of an entire Oracle Cloud infrastructure from scratch, in a matter of minutes, including compartments, networking, compute, and database, for both a development and production environments.
Getting Started with API Management – Why It's Needed On-prem and in the CloudRevelation Technologies
APIs are one of the main elements of cloud services. All major cloud service providers expose REST APIs to allow you to programmatically access their services and capabilities. SOAP and REST are the two most common ways of exposing APIs, whether to external, partner, cloud, or internal developers.
The concept of API management is to publish these web APIs for consumption, and includes capabilities such as monitoring, security, and documentation.
This presentation introduces basic concepts of APIs, API management, cloud REST services, and a brief walkthrough of WSO2 API Manager and Oracle API Gateway to see how you can centrally publish, expose, and secure APIs, essentially virtualizing your backend services.
Introducing the Oracle Cloud Infrastructure (OCI) Best Practices FrameworkRevelation Technologies
As AWS became a viable cloud service provider with wide adoption, Amazon introduced back in 2015 the "AWS Well-Architected Framework" which provides architectural best practices across five pillars. Similarly, Oracle Cloud Infrastructure (OCI) introduced their own "OCI Best Practices Framework." This framework covers best practices for four "business goals" that include: security and compliance, reliability and resiliency, performance and cost optimization, and operational efficiency. Learning about and adopting these recommended best practices help you design and operate cloud topologies that deliver maximum business value.
These best practices are the result of years of experience with thousands of cloud customers creating architectures that are meant to be secure, highly performant, resilient, and efficient. While not overly complex this framework can be intimidating for those newly embarking on their cloud journey; this presentation introduces the framework, walks through the business goals, and highlights some of the elements and strategies to give you a stronger idea of how this framework can benefit you.
Everything You Need to Know About the Microsoft Azure and Oracle Cloud Interc...Revelation Technologies
Back in 2019, Microsoft and Oracle announced a partnership enabling customers to migrate and run mission-critical enterprise workloads across Microsoft Azure and Oracle Cloud.
This extremely low-latency, private connection can distribute workload, and it opens a world of possibilities including deploying applications using the best of Oracle Cloud and Microsoft Azure. Scenarios such as running Oracle E-Business Suite in Azure with its databases operating in Oracle Cloud are now entirely possible.
Highlights on the current offerings, support and licensing models, details on performance, and a list of pitfalls are covered in this presentation. Join this presentation to learn more about what the Oracle and Microsoft cloud partnership is all about, how it works, and what this means for cloud interoperability.
Our article in PTK describes how Ansible was used to boost Oracle Fusion Middleware to deliver true Infrastructure-as-Code (IaC) via extreme automation.
PTK Winter 2020 / Issue 72
Our article in PTK evaluates and compares the performance of Linux Host, Oracle WebLogic Server 12c, and Oracle Database 18c performance on leading compute cloud providers that include Oracle Cloud, Amazon Web Services, Microsoft Azure, Google Cloud, and IBM Cloud.
PTK Autumn 2019 / Issue 71
Everything You Need to Know About the Microsoft Azure and Oracle Cloud Interc...Revelation Technologies
Back in 2019, Microsoft and Oracle announced a partnership enabling customers to migrate and run mission-critical enterprise workloads across Microsoft Azure and Oracle Cloud.
This extremely low-latency, private connection can distribute workload, and it opens a world of possibilities including deploying applications using the best of Oracle Cloud and Microsoft Azure. Scenarios such as running Oracle E-Business Suite in Azure with its databases operating in Oracle Cloud are now entirely possible.
Highlights on the current offerings, support and licensing models, details on performance, and a list of pitfalls are covered in this presentation. Join this presentation to learn more about what the Oracle and Microsoft cloud partnership is all about, how it works, and what this means for cloud interoperability.
Compute Cloud Performance Showdown: 18 Months Later (OCI, AWS, IBM Cloud, GCP...Revelation Technologies
In January 2019, our team conducted and published results of performance tests against leading compute cloud providers that included Amazon Web Services, Microsoft Azure, Google Cloud, Oracle Cloud, and IBM Cloud. Host, application server, and database performance were compared. Nothing alarming in the results were found; more powerful CPUs yielded better performance with the exception of Azure which generally underperformed. However, other non-performance related factors were found to affect the overall experience and cloud selection recommendations.
Now, 18 months later, we have ran the same series of tests against the same cloud service providers. In this presentation, we compare how each cloud provider has evolved in the past year and a half and share our findings and observations.
Compute Cloud Performance Showdown: 18 Months Later (OCI, AWS, IBM Cloud, GCP...Revelation Technologies
In January 2019, our team conducted and published results of performance tests against leading compute cloud providers that included Amazon Web Services, Microsoft Azure, Google Cloud, Oracle Cloud, and IBM Cloud. Host, application server, and database performance were compared. Nothing alarming in the results were found; more powerful CPUs yielded better performance with the exception of Azure which generally underperformed. However, other non-performance related factors were found to affect the overall experience and cloud selection recommendations.
Now, 18 months later, we have ran the same series of tests against the same cloud service providers. In this presentation, we compare how each cloud provider has evolved in the past year and a half and share our findings and observations.
The Microsoft Azure and Oracle Cloud Interconnect Everything You Need to KnowRevelation Technologies
Bank in 2019, Microsoft and Oracle announced a partnership enabling customers to migrate and run mission-critical enterprise workloads across Microsoft Azure and Oracle Cloud.
This extremely low-latency, private connection can distribute workload, and it opens a world of possibilities including deploying applications using the best of Oracle Cloud and Microsoft Azure. Scenarios such as running Oracle E-Business Suite in Azure with its databases operating in Oracle Cloud are now entirely possible.
Highlights on the current offerings, support and licensing models, details on performance, and a list of pitfalls are covered in this presentation. Join this presentation to learn more about what the Oracle and Microsoft partnership is all about, how it works, and what this means for cloud interoperability.
Learn about various cloud integration strategies, and how API Gateways fit into the schema of things. Learn about cloud integration development lifecycles and cloud integration strategies.
Compute Cloud Performance Showdown: Amazon Web Services, Oracle Cloud, IBM ...Revelation Technologies
This one of a kind presentation that compares Linux Host, Oracle WebLogic Server 12c, and Oracle Database 18c performance on leading compute cloud providers that include Oracle Cloud, Amazon Web Services, Microsoft Azure, Google Cloud, and IBM Cloud. Join us to see actual results and findings as it pertains to IaaS performance.
This is practically the only presentation of its kind with actual published results of numerous performance metrics against the 5 leading compute cloud providers. Attendees will learn about provisioning challenges as well as non-performance factors in terms of cloud provider selection.
Securing your Oracle Fusion Middleware Environment, On-Prem and in the CloudRevelation Technologies
Oracle WebLogic Server (and Oracle HTTP Server) form the foundation for practically all Oracle Fusion Middleware products. For the most part, securing your on-prem installation is similar to their Oracle Cloud equivalent counterparts, with some notable differences which we intend to cover. In this presentation, we discuss security patching, configuration hardening, web service security, network lockdowns, transport security, OS best practices, access policies, and much more - all intended to increase the security of your Oracle Fusion Middleware environments.
Want to see Oracle SOACS in action and understand how it differs from your on-premise Oracle SOA Suite installation? Join us for some hands-on with the entire stack - Oracle Java Cloud Service (JCS), Oracle SOA Cloud Service (SOACS), and Oracle Database Cloud Service (DBaaS). Learn about access, backups, monitoring, and deployment in the Oracle Cloud. Also find out first hand the struggles a recent customer went through and what it took to get everything stabilized and back on track. The lessons learned - part technical, part sales, and part management - should be considered for anyone considering a first time implementation on the Oracle Cloud.
Let’s face it. There’s a shortage of Oracle BPM development skills out there. And developing SOA-based integrations is not quite the same as modeling business processes. This presentation is self-explanatory and is geared towards Oracle SOA Suite developers who want to understand key concepts surrounding BPM and how to get started developing your first business process.
Developing Web Services from Scratch - For DBAs and Database DevelopersRevelation Technologies
WSDL. XSD. SOAP. Namespaces. Port types. If these terms make little sense, this presentation is for you. By the end of this presentation, you will completely understand how to dissect and decipher a web service interface, understand key design patterns, and learn how to develop top-down and bottom-up web services in technologies such as Java and Oracle SOA Suite. Want to know how to expose a PL/SQL package as a web service? This technical presentation, one of my most popular, is intended for DBAs and database developers who want to know what it takes to design and create web services.
Domain Partitions and Multitenancy in Oracle WebLogic Server 12c - Why It's U...Revelation Technologies
Do we really need virtualization within Oracle WebLogic Server? Last year, I said no. This year, my opinion has changed. I explain domain partitions, how to set it up, and when you'd want have multiple partitions in a single WebLogic domain. I also discuss the App2Cloud utility from Oracle which simplifies the migration of your on-premise WebLogic domain to the Oracle Java Cloud Service (JCS).
Oracle Database Cloud Service - Provisioning Your First DBaaS InstanceRevelation Technologies
Moving to the cloud is inevitable, yet many haven’t started getting their hands dirty yet. This presentation will walk you through key Oracle Cloud concepts for those who have never seen or used it before, and walk through provisioning a cloud database, which includes storage and infrastructure. We explain how to access it, and discuss various administration concepts. This presentation is perfect for the Oracle DBA who wants to understand how to get started administering an Oracle DBaaS environment, from a technical perspective.
Anyone Can Build a Site, Even You! Create a Microsite with Oracle Sites Cloud...Revelation Technologies
The beauty of Oracle Sites is that business users can manage websites themselves, but it’s a whole lot more than that, offering a cross-channel digital experience. "Learn how to create a microsite quickly with Oracle Sites Cloud Service powerful visual tools." That's what Oracle states on their website and that's what we'll be demonstrating live. Will you be impressed or disappointed? Join us and find out.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Automating Cloud Operations: Everything You Wanted to Know about cURL and REST
1. MICHIGAN ORACLE USERS SUMMIT 2022
WEDNESDAY OCTOBER 26,2022
1:15PM @W210C
AUTOMATING CLOUD OPERATIONS
EverythingYou Needed to Know about REST and cURL
PRESENTER NAME: AHMED ABOULNAGA
PRESENTERTITLE: TECHNICAL DIRECTOR
2. TABLE OF CONTENTS
Introduction 3
REST and Cloud 6
Introduction to REST 9
Introduction to cURL 23
Creating an Oracle Autonomous Database 30
Figuring Out Authentication and Headers 41
Demo 56
4. ABOUT ME
Ahmed Aboulnaga
Master’s degree in Computer Science from George Mason University
Recent emphasis on cloud,DevOps,middleware,security in current projects
OracleACE Pro, OCE, OCA
Author, Blogger,Presenter
@Ahmed_Aboulnaga
6. CLOUD APIS
All cloud vendors provide some type of API to their services
This allows for programmatic access to cloud services
A basic understanding of cURL, REST, and JSON is helpful
Most cloud providers use the REST architectural style for their APIs
Client REST API Cloud Service
JSON / XML
GET / POST / PUT / DELETE
7. GOAL OFTHIS PRESENTATION
Better understanding of REST and JSON
Understand and interpret REST API documentation
Familiarization with authorization when calling REST APIs
Become capable of automating your cloud operations through REST APIs
Target
Audience
https://globalacademy-eg.com/training-courses/oracle-dba.htm
9. MY USE CASE
What I was trying to do?
Create an Identity Domain in Oracle
Access Manager
OAM 12.2.1.3 had a web-based console
for all OAuth configuration
10. MY USE CASE
What was my challenge?
OAM 12.2.1.4 provided no web-
based interface and only supported
a RESTAPI
https://docs.oracle.com/en/middleware/idm/access-manager/12.2.1.3/oroau/op-oam-services-rest-ssa-api-v1-oauthpolicyadmin-oauthidentitydomain-post.html
11. STARTWITHTHE DOCUMENTATION
Was the documentation helpful?
Not all RESTAPI documentation is
created equally
Fortunately,the OAM REST API
documentation provided an example
request and example response
12. PREPARINGTO LOGIN
What did I do first?
Passwords can be passed as a
“username:password” combination or
encoded
Encoding converts literal text to a humanly
unreadable format
Used online to encode“weblogic:welcome1”
Authentication Options:
curl -u 'weblogic':'welcome1'
curl -H 'Authorization:Basic d2VibG9naWM6d2VsY29tZTE='
https://www.base64encode.org
13. DID ITWORK?
Initial invocation failed command:
curl -H 'Content-Type: application/x-www-form-urlencoded'
-H 'Authorization:Basic d1VibG9naWM6d2VsY29tZTE='
--request POST
http://soadev.revtech.com:7701/oam/services/rest/ssa/api/v1/oauth
policyadmin/oauthidentitydomain
-d ' {
"name" : "AhmedWebGateDomain",
"identityProvider" : "AhmedOUDStore",
"description" : "Ahmed OIDC Domain"
} '
Output:
Mandatory param not found. Entity - IdentityDomain, paramName - name
The documentation states that only “name” is mandatory
So what’s the problem?
14. WHATWASTHE SUCCESSFUL OUTCOME?
Final successful command:
curl -H 'Content-Type: application/x-www-form-urlencoded' -H 'Authorization:Basic
d1VibG9naWM6d2VsY29tZTE='
'http://soadev.revtech.com:7701/oam/services/rest/ssa/api/v1/oauthpolicyadmin/oauthidentitydomai
n' -d '{"name":"AhmedWebGateDomain", "identityProvider":"AhmedOUDStore", "description":"Ahmed
OIDC WebGate Domain",
"tokenSettings":[{"tokenType":"ACCESS_TOKEN","tokenExpiry":3600,"lifeCycleEnabled":false,"refres
hTokenEnabled":false,"refreshTokenExpiry":86400,"refreshTokenLifeCycleEnabled":false},
{"tokenType":"AUTHZ_CODE","tokenExpiry":3600,"lifeCycleEnabled":false,"refreshTokenEnabled":fals
e,"refreshTokenExpiry":86400,"refreshTokenLifeCycleEnabled":false},
{"tokenType":"SSO_LINK_TOKEN","tokenExpiry":3600,"lifeCycleEnabled":false,"refreshTokenEnabled":
false,"refreshTokenExpiry":86400,"refreshTokenLifeCycleEnabled":false}],
"errorPageURL":"/oam/pages/servererror.jsp", "consentPageURL":"/oam/pages/consent.jsp"}'
Impossible to determine accurate command without support,examples,or thorough documentation
Required Oracle Support assistance to get these details
16. WHAT IS REST?
REpresentational StateTransfer
Architectural style for distributed hypermedia system
Proposed in 2000 by Roy Fielding in his dissertation
Web Service implemented with REST is called RESTful web service
REST is not a protocol like SOAP.It is rather an architectural style
REST services typically use HTTP/HTTPS,but can be implemented with other protocols like FTP
17. REST ARCHITECTURAL CONSIDERATIONS
Uniform interface: Easy to understand and readable results and can be
consumed by any client or programming language over basic protocols.
URI-based access: Using the same approach to a human browsing a
website where all resource are linked together.
Stateless communication: Extremely scalable since no client context is
stored on the server between requests.
18. REST METHODS
The HTTP protocol provides multiple methods which you can utilize for RESTful web services
The table maps the HTTP method to the typical REST operation
Some firewalls may limit some HTTP methods for security reasons
HTTP Method REST Operation
GET Read
POST Create
PUT Update
DELETE Delete
OPTIONS List of available methods
HEAD Get version
PATCH Update property/attribute
Most common in
web applications
Most common in
REST to provide
CRUD functionality
19. RESOURCES
Requests are sent to resources (i.e., URLs)
Each resource represents an object which identified by a noun (e.g., employee,etc.)
Each resource has a unique URL
When performing a POST (create) or PUT (update),you must pass additional values
Resource HTTP Method REST Output
https://hostname/hr/employee GET Retrieve a list of all employees
https://hostname/hr/employee/12 GET Retrieve details for employee #12
https://hostname/hr/employee POST Create a new employee
https://hostname/hr/employee/12 PUT Update employee #12
https://hostname/hr/employee/12 DELETE Delete employee #12
https://hostname/hr/employee/12/address GET Retrieve address for employee #12
20. HTTP RESPONSE CODES
HTTP response codes determine the overall response of the REST invocation
HTTP Code Status Description
2XX (200,201,204) OK Data was received and operation was performed
3XX (301,302) Redirect Request redirected to another URL
4XX (403,404) Client Error Resource not available to client
5XX (500) Server Error Server error
21. JSON
JavaScript Object Notation
Pronounced“Jason”
An object surrounded by { }
An array or ordered list
REST can support both JSON and XML
Less verbose than XML,but lacks metadata support
//JSON Object
{
"employee": {
"id": 12,
"name": "Kobe",
"location": "USA"
}
}
//JSON Array
{
"employees": [
{
"id": 12,
"name": "Kobe",
"location": "USA"
},
{
"id": 13,
"name": "Jordan",
"location": "Canada"
},
{
"id": 14,
"name": "Barkley",
"location": "USA"
}
]
}
23. WHAT IS CURL?
Open-source command-line tool
Supports more than 22 different protocols (e.g.,
HTTP,HTTPS,FTP,etc.)
For HTTP,supports all methods (e.g., GET, POST,
PUT,DELETE, etc.)
Very useful for testing RESTful web services
Other advanced tools available include Postman,
SoapUI,Oracle SQL Developer,etc.
Example service:
https://api.weather.gov/alerts/active?area=MI
26. POSTMAN
PopularAPI client
Free version available
www.postman.com
Numerous features that include:
‒ Create API documentation
‒ Automated testing
‒ Design and mock APIs
‒ MonitorAPIs
‒ Etc.
27. BENEFITS OF CURL
Free
Command-line based tool
Useful for non-interactive scripts
Can pass HTTP headers,cookies,and authentication information
Support for SSL, proxy,numerous protocols (e.g., LDAP, SMB,SCP,IMAP,FILE,TELNET,etc.), etc.
34. NAVIGATETO DOCUMENTATION
CreateAutonomousDatabase Reference
https://docs.cloud.oracle.com/en-us/iaas/api/#/en/database/20160918/AutonomousDatabase/CreateAutonomousDatabase
Note:
‒ API reference
‒ CreateAutonomousD
atabase operation
‒ REST API endpoint
‒ API version
35. VIEW RESOURCE DETAILS AND EXAMPLE
The resource details provides a
list of all required parameters,
often beyond what is
demonstrated in the example
Use the example as a starting
point
{
"compartmentId" : "ocid1.tenancy.oc1..d6cpxn…dbx",
"displayName" : "MOUS DB 2020 Auto",
"dbName" : "MOUSDBAUTO",
"adminPassword" : "Kobe_24_24_24",
"cpuCoreCount" : 1,
"dataStorageSizeInTBs" : 1
}
36. FIRST ATTEMPT… FAILED!
Unable to authenticate upon first try despite all parameters/settings correct per the documentation…
41. DISCOVERY IS PAINFUL
API References and Endpoints
https://docs.cloud.oracle.com/en-
us/iaas/api/#/en/database/20160918/
Oracle Cloud Infrastructure
Documentation
https://docs.cloud.oracle.com/en-
us/iaas/Content/API/Concepts/apisigningkey.htm#How
Managing Autonomous Data
Warehouse Using oci-curl
https://blogs.oracle.com/datawarehousing/managing-
autonomous-data-warehouse-using-oci-curl
Oracle Cloud Infrastructure
(OCI) REST call
walkthrough with curl
https://www.ateam-oracle.com/oracle-cloud-
infrastructure-oci-rest-call-walkthrough-with-curl
But why didn’t
the docs point me
to this?
Found this on my
own, has some
helpful info… I don’t want
to use “oci-
curl”!
This is
complicated!
Thank God they
have a script!
Blog?
Another
blog?
42. PIECING IT TOGETHER
If you want to use cURL to invoke OCI REST APIs…
1. Get information from the OCI Console
a. Get theTenancy ID
b. Get the User ID
2. Generate and configure an API Signing Key
a. Create public/private key pair
b. Get the fingerprint of the key
c. Get the public key from the private key in PEM format
d. Add the API Key to the OCI user (by uploading the public key)
3. Prepare and execute script
a. Ensure private key is available
b. Create the JSON request
c. Update the custom script
d. Execute!
45. 2A. CREATE PUBLIC/PRIVATE KEY PAIR
Use ssh-keygen to create a public/private key pair
The public key will be added as an “API Key” to your OCI account
The private key will be used by your client (i.e., cURL)
46. 2B. GET THE FINGERPRINT OFTHE KEY
Use openssl to view the X.509 MD5 PEM certificate fingerprint
47. 2C. GET PUBLIC KEY FROMTHE PRIVATE KEY IN PEM FORMAT
OCI requires that the public key is imported in PEM format
Use openssl to get the public key in PEM format
48. 2D.ADDTHE API KEY TOTHE OCI USER
The public key is added to the OCI user’sAPI Key
Must be in PEM format
Can be uploaded or pasted
49. 3A. ENSURE PRIVATE KEY IS AVAILABLE
The private key created earlier (and in PEM format) is used when invoking the REST service
50. 3B. CREATE THE JSON REQUEST
The payload is created in JSON format
51. 3C. UPDATE CUSTOM SCRIPT
The various elements (tenancy id, user id,
private key, key fingerprint,etc.) are
parameterized
OCI’s REST API requires additional
calculated elements,all taken care of here
(oci-curl takes care of all of this for you)
The cURL command is eventually called
using a combination of static and dynamic
values
52. 3D. EXECUTE!
The cURL command is
expanded
The cURL command is
executed
The HTTP status code is
observed to obtain the result
of the invocation
55. www.mous.us
THANKYOU
SAVE THE DATE
• ASCEND CONFERENCE 2023
June 11-14,2023
Caribe Royale Resort
Orlando,Florida
https://ascendusersconference.com
• MOUS 2023
October 25, 2023
Schoolcraft College -VisTaTech Center,
18600 Haggerty Rd, Livonia,MI
https://www.mous.us