Oracle vulnerability grants ‘free’ use of Advanced Security Option with Real Application Clusters

by Paul Bullen, Senior License Consultant

Oracle has released its latest security alert (here-30 April 2012), regarding “TNS Listener Poison Attack”.  This affects 10gR2 and above.  Interestingly, if you are using RAC on 10.2.0.3 and above, the workaround for this vulnerability requires use of Oracle Advanced Security (ASO), in particular SSL (Secure Sockets Layer) and TLS (Transport Layer Security) to ensure secure registration of listeners between instances.  Oracle has therefore granted the use of SSL/TLS as part of the Oracle Real Application Clusters license.

Oracle has currently provided workarounds (My Oracle Support log in required) for 10.2.0.3 and above.  All these versions are affected and require implementation of ASO to resolve.

We’d be interested to hear how you find implementing this workaround and your thoughts on the license change this makes for you.

In short, if you have Oracle RAC (on Enterprise or Standard Edition), RAC One Node and are running 10.2.0.3 and above, Oracle is now granting you the use of the extra-cost Advanced Security Option (specifically SSL/TLS) as well.  It remains to be seen whether Oracle will rescind this entitlement in later releases or if a non-ASO solution is provided. The workaround for non-RAC instances uses IPC and does not require SSL/TLS – therefore the right to use ASO does not extend to non-RAC instances.

Useful external links:
Oracle announcement
Oracle blog post
Pdf download; Overview of exposure
Configuring SSL/TLS in 11.2
Dark Reading analysis

Rocela is not responsible for the content on non Rocela websites.

FOREX – using the Google Rates API in Oracle

By Kenny Miller, Principal Consultant for Rocela

I thought I’d share a simple but useful database function I’ve developed. I had a requirement to determine foreign exchange spot rates in real-time for the GBP (United Kingdom Pound). The European Central Bank provides a live exchange rates feed for the Euro, and the Federal Reserve provides the same for the US Dollar (both in XML format, available over HTTP). Unfortunately the Bank of England doesn’t provide an equivalent feed for GBP.

Google do however provide a free exchange rates API, where they source rates under licence from Citibank. The API works by passing currency details in the parameters to a web page.

For a GBP to USD example, try the following in the address bar of your favourite browser:

 http://www.google.com/ig/calculator?hl=en&q=1GBP=?USD

This will return something similar to the following:

 {lhs: "1 British pound",rhs: "1.5548 U.S. dollars",error: "",icc: true}

This is all that is returned – there are no HTML tags. It’s easy to write a function to “scrape” out the rate from the text.

CREATE or REPLACE FUNCTION xxget_google_rate (p_from_currency varchar2,
                                              p_to_currency varchar2)
  RETURN number IS

  -- Variable declarations.

  t_page_table    utl_http.html_pieces;
  l_url           varchar2(100);
  l_fx_rate       number;    

BEGIN

  -- Build the URL to the Google API.

  l_url := 'http://www.google.com/ig/calculator?hl=en&q=1' ||
             p_from_currency || '=?' || p_to_currency;

  -- Make a HTTP call to the API           

  t_page_table := utl_http.request_pieces(l_url);

  -- The rate is returned on the first line, so scrape out the rate. There is
  -- no HTML returned. The following is an example of the text returned:
  -- {lhs: "1 British pound",rhs: "1.5625 U.S. dollars",error: "",icc: true}

  l_fx_rate := to_number(substr(t_page_table(1),
                 instr(t_page_table(1), 'rhs: "')+6,
                 instr(substr(t_page_table(1),
                 instr(t_page_table(1), 'rhs: "')+6), ' ', 1, 1)-1));

  -- Return the rate.

  RETURN l_fx_rate;

EXCEPTION WHEN others THEN

  -- Return -999 to indicate that a rate could not be determined.

  RETURN -999;

END xxget_google_rate;
/

That’s all folks, except to draw your attention to Google’s disclaimer for the API:

Currency Conversion Disclaimer

Google cannot guarantee the accuracy of the exchange rates used by the calculator. You should confirm current rates before making any transactions that could be affected by changes in the exchange rates. Foreign currency rates provided by Citibank N.A. and displayed under license. Rates are for information purposes only and are subject to change without notice. Rates for actual transactions may vary, and Citibank is not offering to enter into any transaction at any rate displayed.

Oracle’s Q1 FY2012 Results – Sailing through market turbulence

by Greg Rankin, Head of Marketing at Rocela

Oracle posts Q1 results with non-GAAP total revenues up 11% to $8.4Bn and non-GAAP EPS up 14% to 48c. The devil, as always though is in the details.

In choppy market conditions Oracle’s first quarter for FY12 has proven that their now huge portfolio of software products can help them navigate through rocky waters, with new software licenses growing 17% Q-on-Q from 2010 – and this, after 25% growth Q-on-Q in Q1 2010. On top of this software license updates and product support grew at a similar 16% rate. This is solid performance in the current environment but not as impressive as it has been. This was reflected in after-hours trading where ORCL barely recovered to its opening position of yesterday, though this is likely to change somewhat after the market opens.

Analysts continue to focus on the Hardware division, and every Oracle watcher is keen to see how the Sun acquisition will be leveraged into hard cash. In this area the quarter was not really stellar with Q-on-Q revenue on hardware systems down by 5% – though this was blamed on the low-end server business. On Oracle’s part they again are absolutely clear that the focus is on high-margin products and this time they were emphatic about focus on products such as Exadata, Exalogic and SPARC M-series that contain ‘Oracle IP’.  President Mark Hurd suggested that profitability of these products including all “attach, support and service” would be around 5 times of that for x86 hardware. Larry Ellison made it clear that x86 had had its day and went further by stating that by the end of the next fiscal Oracle would “pretty much only be selling servers and storage with our IP”.

CFO Safra Catz also discussed guidance for Q2, which seems conservative even by Oracle’s usual standards, with predictions of new software growth in the 6-16% range, hardware flat or even down 5% and increase in overall revenue in the 4-8% range. With an announced 350 additional sales people added to the organisation in Q1 you can only imagine that the guidance performance is either highly conservative, will be significantly beaten as the company moves into Q3 and beyond or the current number of sales personnel will not be sustained much beyond the middle of the year.

Regarding new technologies, Larry batted off enquiries about ‘big data’ by saying that as with Object Oriented Db technology, video and audio, Oracle would still be the core platform for delivery of such data and would achieve this by providing interfaces to Hadoop. Furthermore Larry announced that 4 “brand-new engineered systems products” would be released in Q2 including a “fault tolerant SPARC Supercluster, featuring our new SPARC T4 microprocessor that runs up to 5x faster than a T3 microprocessor it replaces”.  At least one of the new systems will be announced at OpenWorld, perhaps lending more weight to the rumours of a mid-market Exadata solution.

So, for Q1 overall, solid results, more solid in software and support than hardware with that trend likely to continue into the next quarter and beyond, despite strong focus on the high margin hardware business. With Fusion pegged for general availability by the end of this calendar year and continued strength in Apps and core technology, it will take a serious uptick in hardware revenues for them to take centre stage on any of the next few earnings calls, despite the continuing improvement in margins in this area.

Oracle BI Publisher set to become every accountant’s best friend (Part 1)

by Kenny Miller, Principal Consultant for Rocela

Accountants love spreadsheets!  Retrieving data from Oracle E-Business Suite (EBS) to Excel has never been easy and so in the past, most customers have cobbled together their own solutions for doing this such as CSV, macro’s etc.

So how can Oracle “standard” reports in R12 be easily converted to output to an Excel spreadsheet? BI Publisher makes it much easier to do – and the new “True Excel” functionality is a powerful new feature.

BI Publisher (“Business Intelligence Publisher”, also known as BIP and XML Publisher) has been available in EBS R11 for a number of years. Oracle Reports is no longer available in Oracle Fusion, where BIP becomes Oracle’s de-facto reporting tool for EBS, therefore BIP is being increasingly used in EBS R12.

BIP has always been capable of forcing spreadsheet programs to open its output, but this was not in a true binary file format, rather XHTML output was used instead. This relies on spreadsheet programs being able to convert XHTML into a viewable spreadsheet format, something Excel (from version 2003 onwards) is able to do.

However, there are significant limitations to this approach – primarily an inability to fully leverage the formatting and formula functionality in spreadsheets. Also, output was limited to a single spreadsheet tab.

With very little fan-fare, Oracle recently added new Excel functionality to 11g BIP. Oracle calls this functionality “True Excel” – templates are developed using Excel, and can more fully leverage the functionality of Excel. With even less fan-fare, Oracle have back-ported this functionality for BIP 10g in both EBS R11 and R12.

The most significant difference between BIP and traditional reporting tools (such as Oracle Reports and SQL*Plus) is that BIP completely separates the selection of source data from the formatting of the data layout for presentation.

The theory is that while data selection remains a task for a technical IT resource, the layout of the data can be done by a functional resource. In practice, complex data layouts have remained a task for a technical IT resource, with functional resources only capable of minor changes such as fonts, boiler-plate text and logos.

However, one real advantage of the separation is that multiple layouts can be developed for a single selection of source data. Once these formats are defined in the BIP application, and are linked to the relevant concurrent program, EBS users have the ability to select which format they want when submitting a concurrent request.

Therefore, to partly answer the question, EBS users can easily select at run-time to output a concurrent program request in Excel format, BUT only if an Excel layout has been developed for the concurrent program.

In my next blog I’ll go on to show you how to practically apply this new functionality, by running through some report conversion examples.

Oracle Q3 earnings: Our perspective

For the fourth consecutive quarter Oracle beat analyst expectations. The software behemoth’s net income was up 78% compared to the previous period. And revenue, from new software sales, grew an impressive 29% to $2.2bn. This figure is often used by analysts as an indicator of general market performance. It’s great to see growing confidence in IT spend and competitive advantage in Oracle products.

At the time of the announcement Larry was serving jury duty, so Oracle presidents Safra Catz and Mark Hurd performed the usual routine of chest beating against HP, IBM and SAP and feigned surprise at their performance compared to expectations, while setting positive but perhaps modest ambitions for its important Q4.

So, what can we interpret from this set of impressive results?

Read more of this post

Purchasing a new Oracle license in the Public Sector? How to beat the price rise!

It’s that time of the year again when the Public Sector is setting up budgets and planning ahead for the next twelve months. But just how aware are central government departments and local authorities of every element which could affect their IT budget calculations? A key consideration should be the impact that Oracle’s 32% price rise will have on next year’s increasingly tight budgets.

What’s the price you pay?

The new Oracle pricing, which will affect new licenses, will come into effect on the 1st of April, placing immense pressure on the Public Sector to place orders before or on the 25^th of March to beat the price increase. But as Oracle technology underpins all major Government databases and virtually all public sector organisations, the risk of under-budgeting doesn’t just apply to projects currently in play. It can also have drastic consequences for projects in the IT pipeline.

This may sound obvious, but we can’t emphasise enough how important beating this Oracle price hike could be for the Public Sector right now. At a conservative estimate, we’re looking at approximately 20% of Public Sector IT budgets dedicated solely to Oracle. When you add in a projected 32% price rise, this grows to nearly 27% of total new spend of your IT budget.

To put this in perspective the license cost currently for a single processor of enterprise edition Database with Tuning, Diagnostics and Partitioning options including the 35% discount for Public Sector is £22,775 +VAT and the annual Support and maintenance is £5,010 +VAT. With the price increase it will cost £30,063 +VAT and £6,613 +VAT respectively which means over the next 5 years you will spend a whopping £15,303 +VAT extra by buying in 3 week’s time rather than now.

It is significant price differences such as these that cause shortfalls in other areas if you don’t plan ahead properly.

Plan B

The trick to avoiding the pitfalls of under-budgeting is to make sure you’re spending the remainder of this year’s IT budget wisely and receive the best price at the optimum level. Before anything, assess where you can spend on Oracle investments, make informed predictions as to where you will need new licenses soon and make the purchase now. You will literally get more for your money.

Of course, even for the most organised department, this is a mammoth task to complete before the 25^th March. If you need a helping hand, there’s always the option to call in the experts in Oracle optimisation.

EVENT: Oracle Financials SIG meeting

In the Oracle community, we think it’s important to make a concerted effort to be out there talking to people and sharing wisdom. As a result, we try to make it along to events and meetups where we can network with likeminded individuals and organisations.

It’s with this in mind that we’re sponsoring and attending the UKOUG’s Oracle Financials SIG meeting on the 2^nd of February 2011. The day should be a great opportunity to hear from some big Oracle users and pick their brains about some of the finer details of their talks.

Visit the official site to find all the details or take a look at the brief outline we’ve put together for you below – hopefully we’ll see you there!

Time: 09:45 – 16:30, Weds 2 Feb

Venue: CBI Conference Centre, London

Highlights include:  

• ‘EBS Financials R12 – Top Business & Implementation issues’ by Margaret Walsh, Oracle
• ‘Cash management surgery’ by Paul Beumont, Oracle
• ‘Corporation Tax Online Filing Using XBRL’ by Simon Tomey, Belife
• ’12.1 Technology highlights for non-techies’ by Chris Lamb, Oracle
• ‘EiS Reporting Solution’ by Jeff Fein, EiS.

See you there!

Oracle Q2 2011 Results Threaten to Revolutionise the High-End Server Business

Last Thursday Oracle announced its Q2 2011 earnings in an ebullient mood, and with good reason given that their revenues grew by an eye-watering 47%, to $8.6bn. Coming not long after industry bellwethers Cisco and Intel issued disappointing results this is a shot in the arm for technology analysts on Wall Street and, indeed, for the whole sector (showing as it does that there is still solid demand for leading edge Enterprise Solutions.)

Sales of new software licenses were also stronger than expected, with a rise of 21%, and the company also crucially cited improving profitability for the Sun Microsystems business it bought for $7.4bn nearly a year ago.

The stand-out aspect of the call however was the significant threats Oracle expressed towards their competitors, both old and new. Firstly, and most conventionally, Oracle President Safra Catz expressed the usual feeling that SAP continues to lose customers to them, citing that Oracle’s comparative licence revenue had grown 23% over the last two years while SAP’s had declined by 14%. More significantly, Larry Ellison definitively targeted HP’s high-end server business, stating that he thought that “…IBM’s hardware and software technology is quite competitive, while HP’s big servers are slow, expensive and have little or no software value add.” Ellison also went on to state that Sun Oracle benchmarks had a proven 30 million transactions per minute but that HP’s “best ever” was only 4 million. IBM was not let off the hook however as it was clearly stated that once Oracle had pushed HP into the number three slot in the high-end server market, “Then we’ll fight it out with IBM for the number one spot.”

Obviously this is extremely bullish in a market where vultures were circling after the Sun acquisition, with industry watchers muttering dark thoughts about the deal being a Java land-grab that would result in Oracle haemorrhaging cash. In fact Oracle already seems to have been very successful with the integration of Sun, not least as it has improved profitability from this part of the business and released not one but three major new product lines over this time period (Exadata, Exalogic and, in the last quarter, Sparc Superclusters). This is quite incredible when we recall fact that the acquisition only completed in January of this year.

The core of this recent success, and a major focus for the future, seems to be Exadata, and it was this technology that gained much attention on the call, not least as the sales pipe has recently doubled to $2Bn. Indeed, this is probably only the beginning as Oracle start to leverage their relationships with their 295,000 licence customers. The boardrooms at HP and even IBM certainly have food for thought over the coming months, particularly as Ellison stated that the primary focus for competition will be in high-end, high margin Online Transaction Processing (OLTP) and Data Warehousing segments “where the margins are good and we can have a highly differentiated product”.

Since the announcement of Oracle’s intention to acquire Sun in April 2009, many of Rocela’s biggest clients had told us that they wouldn’t commit to Sun platforms. Recently, however, they have changed their minds on Exadata as they can now see clear value. This is obviously very exciting for us as this increasing reliance on Oracle in enterprise deployments will require very careful Software Asset Management in order to maximize the value of these significant investments, an area in which Rocela are the global leaders.

Any readers looking for some guidance on what Oracle’s continuing expansion means for their business, or who are concerned that they may not  have optimal use of Oracle technology within their business should get in touch with us, as we’re always glad to share our expertise.

Oracle Q4 results hide deeper customer concerns

So, the Oracle Q4 earnings report shows it has managed to defy analyst estimates and things are working out well with Sun after all.  The company has quickly ripped out the inefficiencies and cost duplication and is doing a good job of demonstrating its commitment to grow Sun’s software and hardware business.

However, Oracle is still yet to confirm the product roadmap, and the lack of certainty surrounding this crucial element is compounded by a continuing problem of enterprises not fully understanding their licensing estate.

Read more of this post

Rocela responds to the Oracle Q3 results

Earnings growth indicates tech spend recovery but should concern strategic vendor managers

Beating its own forecast from last quarter and also Wall Street estimates, Oracle’s recent Q3 results reported a 13% increase in new software licenses; with its applications business reporting an impressive 21% increase in new license sales.  Support and maintenance fees also grew by 13%, illustrating that businesses have once again turned their attention to software.

Read more of this post