Infosys’ blog on industry solutions, trends, business process transformation and global implementation in Oracle.

« March 2018 | Main | May 2018 »

April 28, 2018

Platformization at Telcos


Telecom service providers operate in a highly competitive environment. There has been continuous erosion of profitability around their core services related to connectivity and content. Platformization is a means for the Telcos to capitalize on new revenue generation opportunities by leveraging their networks, infrastructure, IT systems and customer data.

TM Forum defines a platform strategy as comprising of two key elements:
• Creation of digital ecosystems such as marketplaces that connect consumers of goods/services with the providers.
• Providing platform based IT architecture that supports the digital ecosystems and enables the digital business model for the Telco and its customers.

Telcos can offer a variety of services on top of their platforms
• Infrastructure as a Service:  Most Telcos offer cloud based services that enable their clients to deploy their applications on the Telco's cloud. The clients have the ability to manage the both the application and the cloud environments.
 Platform as a Service: Telcos can provide standard services on top of their IT or Networks and expose the same for their partners/customers. Eg: Billing and assurance services that can be used by Small and Medium enterprises.
• Software as a Service: Telcos can have applications that that they can provide as a service to their customers or partners. Eg: Data analytics applications, Applications for B2B customers to manage the communications services for their employees.
• Network as a Service: Telcos can offer network functionality as a service. Eg: hosting networks for MVNO's, network security services etc.
• Digital ecosystems or marketplaces: The telco can act as an intermediary to connect providers and consumers of services. The telco, with its vast customer data and extensive infrastructure, is in a position to provide a seamless experience across all the partied involved in the ecosystem. Eg: Smart Home services, eHealth services etc.

In order to expose any of the above services to customers and partners outside the Telco's ecosystem, a standard set of API's need to be available. These services should be in industry standard formats, using common language and guidelines.


My current client, a leading Telco in the ANZ region, is working towards improving its revenue streams via platformization. They have taken a step in this direction by transforming a set of key services into a 'Common Service Model' (CSM) aligned to the industry standard SID framework. These services are based on Oracle's Fusion middleware. The services have been modularized to deliver specific capabilities and are shareable across other sister companies.


These services also serve as a basis for enabling the DXL (Data Exchange Layer) required to support the digital micro services. The CSM SOA services serve as a standardized back-end for the digital front end applications. The micro services framework will be used to deliver a truly digital experience for the Telco's customers.


Common Services and Open API's that allow exchange of data and information across the Telco-Customer-Partner ecosystem are an important enabler for a platform based business model. And platformization is imperative for Telcos to generate new revenue streams in order to survive in a highly competitive market.

April 23, 2018

Sentiment Analysis with Twitter data using Oracle Analytics Cloud

Oh! human sentiments can be analyzed is it ?!!(my first thought when I heard about this couple of months back J)

So started digging and thought of sharing an end to end view on how it can be achieved.

First of all, analysis is all about data. To do Sentiment Analysis, we need data about our ideas, emotions, feelings, likes, dislikes ...etc. So primary source for this data would be social network like Facebook, Twitter ...etc.

Outcomes of a Sentiment Analysis can be categorized under Polarity and Subjectivity.

Polarity is about - Negative, Neutral or Positive

Subjectivity is about - Objective or Subjective

Below I am going to explain the steps to do Sentiment Analysis for Polarity derivation using Twitter feed, Python program and OAC (Oracle Analytics Cloud).

Step#1: Get feed from Twitter using Python

       Login to twitter link with your credentials https://developer.twitter.com/ and create an application

       Save the customerkey, customer secret, accesstoken, accesssecret keys available. Need this tokens to extract the feed.

       Install python 3 (or any suitable version) and Install pip and tweepy though command prompt

       Download get-pip.py file github.com  and  follow the steps)

       Run the command "python get-pip.py" through command prompt.

       "Python.exe -m pip"(to get list of commands)

       "Python.exe -m pip install tweepy" (command to install tweepy)

       A bit of coding now in Python J (Find a simple template code to get data from twitter)

       Run the script through command prompt as <<python file name>>. Then CSV twitter file will get downloaded to your desktop. Use that file in OAC to perform sentimental analysis.

Step#2: Sentiment Analysis using OAC

As part of OAC, DVCS has inbuilt capabilities to perform sentiment Analysis on textual data. To invoke sentimental functionality, add the twitter data set and create a data flow using the data set

In Oracle DV, sentiment analysis is implemented using Python. To invoke it add Analyze Sentiment node to the dataflow.

  §  Click on create Data set and select the twitter csv file and click on add

  §  Click on create data flow

  §  select the data set which you added (twitter excel) and click on Add

  §  For e.g. I took the twitter feed of product XXXXX and performed sentimental analysis on column "Tweet Text"

SentImage1.jpg










SentImage2.jpg












       Click on + sign and select "Analyze Sentiment"

SentImage3.jpg

















       In the Analyze Sentiment pane, Output section, give a column name to capture the emotion value. Rename the default column 'emotion' as needed.


SentImage4.jpg
















       In the Parameters section, choose the column with text content to analyze

       Click on select column and add the column from available data for e.g. Tweet Text

       After adding the analyze sentiment column we can see column with name as emotion and it indicates the "Positive"," Negative" or "Neutral"

       To add the column, click on Add step (+) and select the Add Columns

       Rename the column as required

       Give the Expression and click on Validate and select apply

       Now we can see the Count column added to the available data, click on save


SentImage5.jpg










SentImage6.jpg





















       Go to Home page and click on create and select the Project as shown

       Select the Dataflow which you created above and click on Add to project

       Select the attribute emotion and select the count measure and click on pick visualization (or you can drag drop the columns on right side pane accordingly)

SentImage7.jpg











SentImage8.jpg









SentImage9.jpg












       Below is the pie chart which is showing the positive, negative or neutral tweets as per the data available in the data set.

SentImage10.jpg

 

 









Python Code:

Using the below code snippet you could write a simple code to extract feed from twitter 
TwittercodeImg1.JPG




TwittercodeImg2.JPG

April 17, 2018

Enabling CA Signed Certificate in Oracle JCS and On-Premise Weblogic

Enabling CA Signed Certificate in Oracle JCS and On-Premises WebLogic (How To Series)

Tools: KeyTool, Openssl (Optional)

Introduction

By default Oracle JCS server has self-signed certificate based SSL/TLS. For enhanced security and trust, we have to use CA signed certificates.  This document can be used for both On-premises WebLogic servers and Oracle JCS based Weblogic servers. Implementing CA signed certificate can prevent hacking attack like man-in-the-middle. Using CA signed certificates internal and external communications between services can be secured. Also environment access can be secured.

Key Features covered in Document

1) Brief about CA signed certificates and how chain of certificates are maintained.

2) How to implement chain of CA sign certificate on WebLogic admin and managed server.

Brief about CA signed certificate:

There are two types of CA signed certificates.

1) Internal CA Signed Certificate:

This kind of certificate is only used when services are used within intranet.  Certificate can be issued to oneself using internal CA.

Advantage: One can have full control on certificate like validity, whom to issue etc. This can be used when application is used internally in customer network only.

2) External CA Signed Certificate

This type of certificate can be issued reputable CA like Verisign, Entrust etc. 

AdvantageThis certificate is mostly useful when external service calling is required.

SSL Certificate Chain:

There are two types of certificate authorities. RootCAs and Intermediate CAs. Certificates can be obtained two ways. One is to get directly from root CAs. Second way is to obtain from intermediate CAs which will have different root CAs.

To trust certificate, it must have been issued by certified CA and added to trust store of device. In below section Certificate chain is explained.

Example of Certificate chain.

ABC Customer acquires certificate from UserTrust RSA Certification Authority which is user and intermediate certificates.  UserTrust RSA Certification Authority internally using intermediate CA certificate from Network Solution OV. Network Solution OV is using Root CA certificate issued by Geo Trust RSA.

Hence below certificates chain representation is required.

1) End User certificate from UserTrust RSA Certification

2) Intermediate certificate issued by UserTrust RSA Certification

3) Intermediate certificate issued by Network Solution OV

4) Root Certificate issued by Geo Trust RSA

While installing certificates, End user certificate needs to be installed first. All intermediate certificate must be bundled together and needed to be added in trusted store. Finally root certificate needs to be installed.

NOTE:

1) If Chain is broken for any intermediate certificate then it will not be trusted by any devices.

2) For browser only End user and intermediate certificates are required to be installed. Root certificate are packaged within browser installations.

Validation Sequence.

Validation Sequence.png

Implementation on WebLogic On-Premises and PaaS:

Point 10) is specific to WebLogic on PaaS Cloud remaining can be used for On-Premises WebLogic.

 

1) Create Custom Identity Key store in WebLogic server.

à cd $DOMAIN_HOME/bin

à source setDomainEnv.sh

à Create separate directory called keystores under $FMW_HOME

E.g. $FMW_HOME/keystores: keytool -genkey -alias newsrv_crt -keyalg RSA -keysize 2048 -sigalg SHA256RSA -dname "CN=server.cn.ou.com,OU=Support,O=Organization,L=City,ST=County,C=Country" -keypass keypwd -keystore identitykeystore.jks -storepass storepwd

Server.cn.ou.com is host.domain from the server. (CN =Country Name, OU=Organization Name)

2) Create a certificate request

FMW_HOME/keystores: keytool -certreq -v -alias newsrv_crt -file server.csr -sigalg SHA256RSA -keypass keypwd -storepass storepwd -keystore identitykeystore.jks

NOTE: Use same alias, storepassword and keypass from above step.

Output will look like below.  Send this .csr to Authorized CA.

CSR will look like below.

-----BEGIN NEW CERTIFICATE REQUEST-----

MIIC7zCCAdcCAQAwejELMAkGA1UEBhMCVVMxDzANBgNVBAgTBkhhd2FpaTERMA8G

A1UEBxMISG9ub2x1bHUxGzAZBgNVBAoTElNlcnZjbyBQYWNpZmljIEluYzETMBEG

A1UECxMKU2VydmNvIFRJUzEVMBMGA1UEAwwMKi5zZXJ2Y28uY29tMIIBIjANBgkq

DQYJKoZIhvcNAQELBQADggEBAG+Wfb9F9cxnLCHkZgFFFrE/nGqs8bvCfbRvCA5j

Ab1sauEN9VbzBteP7nDl03XgKDSO/qk5vjLl730hw2uvpz+lTvXc/BuhKMeXYGSM

8zCmPZJITYD1Tatd7FQ2gH0vUXflUP62+IPA+fMp0Mrk4YzUTxsPtod1cOprS9WG

oRwXp/H2o6JxUcYtrUiZee/YmUT6GOwIGTzVLZDUOe+CzS4+sx+W2ALIRnjNuWRu

iiNSAmrd3WHk3Lz5xfBsQOo16kl1b9JcHGo7t57pCyIbGmjX14p4S5DanVd+PEcj

hZDg+qCP5NlaFEeEgjLRFWYSM2BKhhEuL+ioULzuh3mDfjQ=-

----END NEW CERTIFICATE REQUEST-----

3) Once you receive CA signed Certificate, Import certificates in Identity Key store.

First import CA's User certificate then remaining Intermediate certificates and last import root certificate.

E.g.

User Certificate

$FMW_HOME/keystores/ keytool -import -v -noprompt -trustcacerts -alias usercacert

-file User.cer -keystore identitykeystore.jks -storepass storepwd

Intermediate Certificate

$FMW_HOME /keystores/ keytool -import -v -noprompt -trustcacerts -alias intercacert

-file intermeidate.cer -keystore identitykeystore.jks -storepass storepwd

Root Certificate

$ FMW_HOME/keystores/ keytool -import -v -noprompt -trustcacerts -alias rootcasigncert

-file rootsignCA.cer -keystore identitykeystore.jks -storepass storepwd

Repeat this for each Root certificate in the chain and use different alias each time.

4) Import Server Certificate into Identity Key store using below command.

E.g. $FMW_HOME/keytores> keytool -import -v -alias newsrv_crt -file server.cer -keystore identitykeystore.jks -keypass keypwd -storepass storepwd

NOTE: 1) Server certificate will be at last level provided by CA certificate chain.

            2) Here use the same alias used in step-2.

5) Import the Certificate Chain in Trust store of the server.

Import all user, intermediate and root certificate in trust store. Do not import Server certificate.

E.g.

User Certificate

$FMW_HOME/keystores> keytool -import -v -noprompt -trustcacerts -alias usercacert

-file User.cer -keystore trustkeystore.jks -storepass storepwd

Intermediate Certificate

$FMW_HOME /keystores> keytool -import -v -noprompt -trustcacerts -alias intercacert

-file intermeidate.cer -keystore trustkeystore.jks -storepass storepwd

Root Certificate

$FMW_HOME/keystores: keytool -import -v -noprompt -trustcacerts -alias rootcasigncert

-file rootsignCA.cer -keystore trustkeystore.jks -storepass storepwd

6) View and confirm certificate.

keytool -list -v -keystore identitykeystore.jks -storepass storepwd

Your identity store should have server certificate as entry type as a Private Key.

E.g. Output of above command.

Alias name: newsrv_crt

Creation date: April 15, 2018

Entry type: PrivateKeyEntry

7) Configure SSL on WebLogic Server

à Login to WebLogic console.

à Click on Environment then select Servers on which SSL needs to be configured

à Click on Keystore and change

à From drop down box take "Custom Identity and Custome Trust"

à Click on SAVE.

à Enter the required information in the Keystores tab as given below

             Custom Identity Keystore: e.g $FMW_HOME/keystores/identitykeystore.jks

             Custom Identity Keystore: JKS (JKS should be in Uppercase)

             Custom Identity Keystore Passphrase: keypwd

             Confirm Custom Identity Keystore Passphrase: storepwd

             Custom Trust Keystore: $FMW_HOME/keystores/trustkeystore.jks

             Custom Trust Keystore Type: JKS (JSK should be in Uppercase)

             Custom Trust Keystore Passphrase: keypwd

             Confirm Custom Trust Keystore Passphrase: storepwd

             Click on SAVE

    Note: Enter absolute path for certificate e.g. /u01/app/oracle/middleware/keystore/keystore.jks

à Navigate to SSL Tab. Provide below values.

              Private Key Alias: newsrv_crt

              Private Key Password: keypwd

              Confirm Private Key Password: keypwd

              Click on SAVE.

8) Click on Environment then select Servers, after that click the General tab of server configuration

    Make sure 'SSL Listen Port' is enabled

                SSL Listen Port: 9072

                Click on SAVE.

9) Change nodemanager.properties to reflect SSL.

   Add below entries in to the nodemanager.properties and bounce nodemanager.

              KeyStores=CustomIdentityAndCustomTrust

              CustomIdentityAlias=keyname

              CustomIdentityKeyStoreFileName=path/identitykeystore.jks

              CustomIdentityKeyStorePassPhrase= passphrase value

              CustomIdentityKeyStoreType=JKS

              CustomIdentityPrivateKeyPassPhrase= passphrase value

   NOTE: Without this you may not able to start managed server from console.

10) Make below changes into Cloud console to access SSL urls for admin and managed servers.   

     (Specific to Oracle JCS WebLogic)

    This is required since by default all ports are not opened from Oracle Public Cloud.

   Example given below is for admin server.

 à Login to Cloud Console and Navigate to Compute Classic.

 à Select Network and IP or Shared network depends on your configurations.

 à Navigate to Security Applications and Create new security application.

   E.g. To access admin console using SSL with Port 9072, security application will look like below.

Security port for PaaS.png  

 

 

  à Go to Security rules and Create new security rule with above created security application

 

Security role for PaaS.png

 

 

 

 

 

 

 

 

 

 

 

 

 11) Restart the respective server.

 12) Test the certificate accessing WebLogic Console if on admin server or webapplication if on managed server.

https://WebLogichost.com:9072/<uri>

Subscribe to this blog's feed

Follow us on

Blogger Profiles

Infosys on Twitter