enterprise class apex
DESCRIPTION
TRANSCRIPT
Enterprise Class APEX
Scott SpendoliniExecutive Director
1
The following is intended to outline our general product & services direction. It is intended for
information purposes only, and may not be incorporated into any contract or agreement. It is
not a commitment to deliver any service, material, code, or functionality, and should not be relied
upon in making purchasing decisions.
The development, release, and timing of any features or functionality described for Enkitec’s
products remains at the sole discretion of Enkitec.
2
WELCOME
3
About Enkitec� Oracle Platinum Partner
� Established in 2004
� Headquartered in Dallas, TX
� Locations throughout the US & EMEA
� Specialties include:
� Exadata Implementations
� Development Services
� PL/SQL / Java / APEX
� DBA/Data Warehouse/RAC
� Business Intelligence
4
“Solutions for APEX Developers, by APEX Developers”
5
Complete APEX Solutions
6
Services
ProductsEducation
Services
7
� One of the largest pool of experienced & totally focused APEX resources in the world
� Many of whom are presenting @ KScope this week!
Education
8
X X X X X
X X X X X
X X X X X
Enkitec APEX Training� Intro I
� Intro II
� Advanced APEX
� Secure Best Practices
� Troubleshooting & Debugging
� APEX Installation & Administration
� Custom
Education
9
Enkitec @ KScope� Monday
� Making Sense of APEX Security
� Compelling, Dynamic, Graphical - And if We’re Lucky - Useful E-Mail Generation
� APEX Behind the Scenes
� Open Mic Night
� Tuesday
� Enterprise Class APEX
� That’s Not Where I Want That!
� Building Commercial Applications with APEX
10
Enkitec @ KScope� Wednesday
� LOBS, BLOBS, CLOBS - Dealing with Attachments in APEX
� Load Testing APEX Applications
� Mastering the Oracle Data Pump
� Thursday
� Dynamic Action Deep Dive 1
� Dynamic Action Deep Dive 2
� Dynamic Action Deep Dive 3
11
Products
12
� eFramework - Free Edition
� Basic user & role management
� eSERT
� APEX application that evaluates the security of other APEX applications
� eSERT Cloud
� Online version of eSERT
PLUG-INS
13
Plug-Ins� Plug-Ins allow developers to extend the
capabilities of APEX itself
� Several different types:
� Item
� Region
� Process
� Dynamic Action
� Authorization Schemes
� Authentication Schemes
14
Plug-Ins� Plug-Ins are great additions to APEX
� However, they are inherently complex and can fail for anumber of different reasons:
� APEX Upgrade
� Browser Upgrade
� Code Changes
� jQuery Issues
� Most failures cannot easily or efficiently be addressed by the average APEX developer
15
Enkitec Plug-In Support
16
Enkitec Plug-In Support� Curated list of supported Plug-Ins and
corresponding APEX releases
� Two levels:
� Basic
� Enterprise
� Enkitec Plug-Ins will continue to be provided at no cost for anyone via www.enkitec.com
17
Plug-In Support: Basic
18
� $999 annually per “production stream”
� E-Mail support with 2 business day response time
� Receive releases and updates ahead of public
� Access to Forums
Plug-In Support: Enterprise
19
� $1999 annually per “production stream”
� E-Mail/Phone/Web support with 1 business day response time
� Receive releases and updates ahead of public
� Access to Forums
� Monthly Call with Enkitec APEX Developers
� Prioritized Feature Requests
Supported Plug-Ins: Today� CLOB Load
� NavBar
� Sparklines
� Modal LOV
� Calendar
20
Supported Plug-Ins: 2013� Modal Page
� Session Timeout
� Save Before Exit
� Password
� File Upload
� And More!
21
Available Today
22
ESERT
23
eSERT
24
� eSERT is an APEX application that evaluates the security of other APEX applications
� Provides step-by-step instructions on how to address vulnerabilities
� Designed to be used as a part of your development process, not at the end
� Total integration with the APEX development environment
� Collaborate with all APEX developers
� eSERT inspects APEX applications and reports on threats in five classifications:
App Settings
Page Settings
SQL Injection
Cross Site Scripting
URL Tampering
Classifications
25
Ongoing Collaborative Evaluation
26
� eSERT allows developers to add exceptions for false positives and acceptable risks
� All exceptions must be reviewed & approved by a manager before the “approved” score increases
� As exceptions are logged, the value of the attribute in question is also captured
� If this value changes at any time, the exception will be instantly flagged as “stale” and require re-approval
� Correcting each additional security vulnerability may cause other functional issues
� Thus, a high number of vulnerabilities corrected at once will yield more functional defects
Without eSERT
27
2007 2008 2009 Untitled 1Untitled 2Time
Vuln
erab
iliti
es
With eSERT
28
2007 2009 Untitled 1Time
Vuln
erab
iliti
es
� Using eSERT to keep security vulnerabilities to a minimum reduces the number of functional defects introduced
Customers Across All Industries� Private Sector
� Multi-Channel Retailer
� Massive application with Over 300 Concurrent Users
� Major Defense Contractor
� Hundreds of applications
� Major Healthcare Provider
� Infrastructure Management
� Higher Education
� Multiple Major Universities
� Access to student & research information
� Public Sector
� Intelligence Agency
� Over 100 internal applications
� Local Government
� Internal Applications
� Civilian Agency
� Internet Facing e-Commerce Application
� DOD Agency
� Logistical Reports & Info
29
Slide www.oh-tech.orgwww.oh-tech.org
eSERT TestimonialJeff Smith, Application Infrastructure ManagerKSCOPE13, New Orleans6/25/2013
Slide www.oh-tech.org
Research & Innovation Center will operate, when opened, as the proving grounds for next-generation technology infrastructure innovations and a catalyst for cutting-edge research and collaboration.
The OH-TECH ConsortiumOhio Supercomputer Center provides high performance computing, software, storage and support services for Ohio’s scientists, faculty, students, businesses and their research partners.
OARnet connects Ohio’s universities, colleges, K-12, health care and state and local governments to its high-speed fiber optic network backbone. OARnet services include co-location, support desk, federated identity and virtualization.
OhioLINK serves nearly 600,000 higher education students and faculty by providing a statewide system for sharing 50 million books and library materials, while aggregating costs among its 90 member institutions.
eStudent Services provides students increased access to higher education through e-learning and technology-enhanced educational opportunities, including virtual tutoring.
Slide www.oh-tech.org
eSERT Testimonial
• Standards, Checks and Balances• Developer Accountability and approval workflow• Efficiency and Productivity• Audit compliance• Outsourcing Development• Support
Slide www.oh-tech.orgwww.oh-tech.org
Questions
Jeff SmithApplication Infrastructure [email protected]
Like Us on Facebook: https://www.facebook.com/OhioTechnologyConsortium
1224 Kinnear RoadColumbus, OH 43212Phone: (614) 292-9248
D E M O N S T R A T I O N
ESERT
34
� Per “Production Stream”
� Up to 4 instances of APEX in a Production instance of APEX
� Any Number of Workspaces/Applications/Users
Licensing
35
DEV QA ProductionTEST
eSERT Statement of Direction� Support for APEX 5.0
� Shortly after release
� Additional Reports & Analytics
� Scheduled Evaluation Enhancements
� Team Development Integration
� eFramework Integration
36
Available Today
37
ESERT CLOUD
38
eSERT Cloud
39
� eSERT cloud is a affordable hosted service where anyone can upload their APEX applications and get an instant security evaluation via eSERT
� Interactive Online Dashboard with summary results
� PDF Summary Report (typically 100+ pages)
How it Works - 5 Simple Steps1) Create an account at http://enkitec.com/sert
2) Request a workspace to upload your APEX applications into
3) Purchase evaluation credits (1 credit = 1 application evaluation)
4) Select an application to evaluate
5) View and/or download the results
40
How it Works - 5 4 Simple Steps1) Create an account at http://enkitec.com/sert
2) Request a workspace to upload your APEX applications into
3) Purchase evaluation credits (1 credit = 1 application evaluation)
4) Select an application to evaluate
5) View and/or download the results
41
100% Free Starting Today
42
EFRAMEWORK
43
APEX Application Adoption
44
APEX Users
LDAP
Internet Users
SCOTT
SCOTT.SPENDOLINI
Problem: User & Role Management
45
� Multiple user repositories
� Different applications manage roles differently
� Or not at all...
� Lack of auditing when managing and/or assigning roles
� Especially in home-grown systems
� No central view of what applications & roles a single user has access to
Problem: Too Much Access
46
� APEX instance administration console gives a user complete access to the instance
� Users with access to this can:
� Create or Delete Workspaces
� Create or Delete Schemas
� Assign a Developer to Any Workspace
� Alter the instance options andsecurity settings
� Approve Requests
� Monitor Usage
� Deploying in Runtime Mode makes even this option unusable
Problem: Not Enough Access
47
� On the other hand, there are several commonly needed management features that are not available from the APEX admin console
� Manage User Repositories
� Manage Users & Roles
� Enable/Disable an Application
� Secure Pages with Roles
� Manage Application Help
� View Errors
� View Feedback
Solution: Enkitec eFramework
48
� The Enkitec eFramework is an APEX-based platform for deploying, managing & monitoring multiple APEX applications
� Provides a central Management & Monitoring console that can be discretely delegated to any user
� On either an application or workspace basis
Requirements� APEX 4.1 & 4.2
� Oracle Database 10gR2 or later
� SE One, SE or EE
49
Key Features� User Repository Integration
� Discrete user-to-app or user-to-workspace management
� Role Management
� Page Security
� Centralized Help
� Monitoring Reports & Charts
� Error Management
� Auditing
� Application Control
50
How it Integrates� eFramework provides a set of APIs that can easily
and non-intrusively be integrated into existing APEX applications
� Configuration Typically less than 5 minutes per application
� Built-in Verification Tool to assist with integration
51
• Application Item• Page Zero Region• Error Handling Call
• Authentication Scheme• Authorization Scheme(s)• PL/SQL Init & Cleanup
• Navigation Bar Entries
• Label Templates
eFramework
How its Configured
52
Administration Management
Manage Application 100,101 & 102
Monitor all Applications in Workspace PROD
Manage Help Text in Application 100
Equivalent to APEX Instance Administrator
Customer Applications
eFramework Domain
How it Works
53
Launchpad Customer ApplicationsRepository
How We Use It
54
Enkitec Internal Apps
Launchpad STATSLDAP
Enkitec Public Website
Launchpad www.enkitec.comCustom
Oracle Sales Portal
Launchpad Sales ForecastCustom
Data
Shadow
Shadow
Single APEX Workspace
D E M O N S T R A T I O N
EFRAMEWORK
55
Summary
56
� eFramework provides a robust development, management & monitoring platform for multiple APEX applications
� Can be integrated with any user repository
� Provides a federated view of all APEX application activity and associated access controls
� Simple to integrate with existing APEX applications
eFramework Statement of Direction
� Additional Reports & Analytics
� Integration with eSERT
� Alerts
� Enhanced Auditing Capabilities
57
Available July 2013
58
SUMMARY
59
“Solutions for APEX Developers, by APEX Developers”
60
Complete APEX Solutions
61
Services
ProductsEducation
eFramework
Our Vision
62
eSERT
eQAManage & Monitor
Customer Apps
Development Production
Supported Plug-Ins
For More Info
63
� Contact us for details & pricing
� +1 972 607 3751
� Visit our Booth in the Exhibition Hall
http://www.enkitec.com
64