I thought it was just me being a grumpy old man because Apple won't answer their 800 line and AT&T suck.
If I am, I'm not the only person thinking this way. Android on T-Mobile, anyone?
Friday, June 18, 2010
Storing UCM Content in the Database
One of the very cool things that the Filestore Provider added when it was officially released in 10gR3 was the ability to store content in the database. For a long time we (Stellent) had argued that metadata belonged in the database and content belonged on the file system. There were very good arguments for that, primarily around performance, but that changed when Oracle bought Stellent.
Actually what changed was that in Oracle Database 11g, there's a really cool feature called SecureFiles (much more info here) that allows the database to act as a file system (DBFS). Performance is comparable to a Linux file system and Oracle has run tests showing ingestion rates of 120-270 items/second (depending on file size, smaller is faster) on a 2x dual core proc server with 16GB of RAM. Presentation of web pages ran 81-124 pages accesses/sec on the same hardware but with various different cache and presentation settings.
What made me think of this recently, though, was a conversation we had with a customer yesterday concerning high security. Storing content on the file system with UCM requires securing physical access to the server (or storage array) because the application controls security rather than the file system. If you store content in the database (using Oracle 11g) you can also leverage Database Vault and Audit Vault to add multiple extra layers of security and auditing on top of the storage layer. This makes it impossible for even the most trusted DBAs to access the content without permission and auditing, but it's transparent to the authorized user submitting and retrieving content through the UCM interface.
Database Vault and Audit Vault are additional cost add-ons to the Oracle 11g database. Transparent Data Encryption may be included in another SKU or it may be standard (you'll have to ask your Oracle license rep or SE) - but they provide substantial additional security for those really secret content items. Remember, using FSP you can also set up storage rules to have some content stored on the file system and some in the database if that makes sense for you. Perhaps dSecurityGroup=secret store in database using TDE and dSecurityGroup=public goes to the filesystem.
Important Note: While it's possible to store content in the database using database 10g, I wouldn't recommend it. It will be stored as a BLOB and retrieval performance will be far below that using SecureFiles on database 11g.
Another Important Note: Database storage is only supported on Oracle database, so if you are using MS SQL Server or IBM DB2 you are out of luck. If you are using Sybase not only can you not store files in the database, you will be experiencing column indexing issues now and you should migrate ASAP as Sybase is not be supported as a metadata store in UCM 11g.
Actually what changed was that in Oracle Database 11g, there's a really cool feature called SecureFiles (much more info here) that allows the database to act as a file system (DBFS). Performance is comparable to a Linux file system and Oracle has run tests showing ingestion rates of 120-270 items/second (depending on file size, smaller is faster) on a 2x dual core proc server with 16GB of RAM. Presentation of web pages ran 81-124 pages accesses/sec on the same hardware but with various different cache and presentation settings.
What made me think of this recently, though, was a conversation we had with a customer yesterday concerning high security. Storing content on the file system with UCM requires securing physical access to the server (or storage array) because the application controls security rather than the file system. If you store content in the database (using Oracle 11g) you can also leverage Database Vault and Audit Vault to add multiple extra layers of security and auditing on top of the storage layer. This makes it impossible for even the most trusted DBAs to access the content without permission and auditing, but it's transparent to the authorized user submitting and retrieving content through the UCM interface.
Database Vault and Audit Vault are additional cost add-ons to the Oracle 11g database. Transparent Data Encryption may be included in another SKU or it may be standard (you'll have to ask your Oracle license rep or SE) - but they provide substantial additional security for those really secret content items. Remember, using FSP you can also set up storage rules to have some content stored on the file system and some in the database if that makes sense for you. Perhaps dSecurityGroup=secret store in database using TDE and dSecurityGroup=public goes to the filesystem.
Important Note: While it's possible to store content in the database using database 10g, I wouldn't recommend it. It will be stored as a BLOB and retrieval performance will be far below that using SecureFiles on database 11g.
Another Important Note: Database storage is only supported on Oracle database, so if you are using MS SQL Server or IBM DB2 you are out of luck. If you are using Sybase not only can you not store files in the database, you will be experiencing column indexing issues now and you should migrate ASAP as Sybase is not be supported as a metadata store in UCM 11g.
Labels:
AuditVault,
DatabaseVault,
Filestore Provider,
FSP,
TDE,
UCM
Thursday, June 17, 2010
Starting to rethink this iPhone thing
I wish I could remember who came up with this idea:
(Paraphrasing) Staying with AT&T is like enduring an abusive relationship where the iPhone is the beautiful child that keeps you in it. No matter what the abuser does, it's extremely hard to walk away because of that attachment.
I really like my iPhone - I was quite suspicious at first because of all the hype, but after 2-3 months of a Samsung BlackJack (what a cruel joke that pitiful windows mobile OS is), I gave the iPhone a try and was hooked. I stuck with the first generation when the 3g and 3gs models came out because why pay for an upgrade (an expensive upgrade) when the AT&T network in NYC is so pitifully bad. I can have my EDGE calls drop just as fast and as often as 3G calls, thank you very much.
But it's time and the iPhone 4 seems like a real upgrade in functionality at a reasonable price point (at least for the 16GB model). I'm also generally not an early adopter either, but my ur-iPhone is getting so worn out at this point, I thought it would be OK to upgrade ASAP.
Well the ordering fiasco took care of that and it's even making me wonder if I really want to continue to do business with either company. The website accepted my order (after multiple attempts), but I didn't think to take a screen shot. When I didn't get a confirmation email I started to be suspicious and so I thought I'd check to see if the reservation had gone through.
Well Apple have just stopped answering their phones (perhaps wisely) at their 1-800 number and the stores are no better. AT&T at least answer, but they have no clue (why am I not surprised?) Eventually I spoke to someone at the SoHo Apple store and no, I don't have a reservation. But even if I did, I'd still have to wait in line with hundreds, if not thousands of others. That's not going to happen, so in some way, I'm glad it didn't go through.
BUT - it made me think that there's a certain point where companies start to lose their direction. They become bloated, arrogant, and unresponsive. BP crossed that line years ago as did every aspect of the financial "services" industry. Most of the cell phone companies (I'd except T-Mobile), all cable TV companies I've ever dealt with and some of the larger technology companies start to resemble the DMV more than they do client-focused, responsive, and innovative organizations (and I think I'm being uncharitable to the DMV by comparing them to the cable companies).
Apple is getting very close to that line right as they also cement their high-value niche in the technology marketplace. Their computers are great in terms of functionality, durability, and innovation. They invented a product segment with the iPod, and radically changed another with the iPhone. I'm unconvinced by the iPad, but that's another post - and plenty of other people seem to disagree with me.
The trouble is that when they partnered with AT&T, they partnered with the worst of the US cell carriers and AT&T has provided shockingly poor service ever since that day. In other countries where they made similarly poor partner choices initially, they have widened that out, but the only other national GSM carrier is T-Mobile and I guess that doesn't look attractive to Apple. We get used to laughably poor service, but when you get better network coverage in Mexico and rural Argentina than you do in New York City, there's an issue.
In addition to the mis-steps in the provider category, there have also been multiple concerns with the way the app store functions that, it seems to me, drive away the very people who were originally Apple's core demographic.
I'll probably end up with a new iPhone in late July or early August - when I can walk into a store and just buy one. There's the powerful force of inertia, the fact that I don't mind iTunes, have multiple Macs and a few apps I really like. But I'll be spending the intervening time looking for an alternative GSM smartphone on a different provider, and I suspect I won't be the only one.
(updated 6-17-10, 5:53 EST to clarify some sentences)
(Paraphrasing) Staying with AT&T is like enduring an abusive relationship where the iPhone is the beautiful child that keeps you in it. No matter what the abuser does, it's extremely hard to walk away because of that attachment.
I really like my iPhone - I was quite suspicious at first because of all the hype, but after 2-3 months of a Samsung BlackJack (what a cruel joke that pitiful windows mobile OS is), I gave the iPhone a try and was hooked. I stuck with the first generation when the 3g and 3gs models came out because why pay for an upgrade (an expensive upgrade) when the AT&T network in NYC is so pitifully bad. I can have my EDGE calls drop just as fast and as often as 3G calls, thank you very much.
But it's time and the iPhone 4 seems like a real upgrade in functionality at a reasonable price point (at least for the 16GB model). I'm also generally not an early adopter either, but my ur-iPhone is getting so worn out at this point, I thought it would be OK to upgrade ASAP.
Well the ordering fiasco took care of that and it's even making me wonder if I really want to continue to do business with either company. The website accepted my order (after multiple attempts), but I didn't think to take a screen shot. When I didn't get a confirmation email I started to be suspicious and so I thought I'd check to see if the reservation had gone through.
Well Apple have just stopped answering their phones (perhaps wisely) at their 1-800 number and the stores are no better. AT&T at least answer, but they have no clue (why am I not surprised?) Eventually I spoke to someone at the SoHo Apple store and no, I don't have a reservation. But even if I did, I'd still have to wait in line with hundreds, if not thousands of others. That's not going to happen, so in some way, I'm glad it didn't go through.
BUT - it made me think that there's a certain point where companies start to lose their direction. They become bloated, arrogant, and unresponsive. BP crossed that line years ago as did every aspect of the financial "services" industry. Most of the cell phone companies (I'd except T-Mobile), all cable TV companies I've ever dealt with and some of the larger technology companies start to resemble the DMV more than they do client-focused, responsive, and innovative organizations (and I think I'm being uncharitable to the DMV by comparing them to the cable companies).
Apple is getting very close to that line right as they also cement their high-value niche in the technology marketplace. Their computers are great in terms of functionality, durability, and innovation. They invented a product segment with the iPod, and radically changed another with the iPhone. I'm unconvinced by the iPad, but that's another post - and plenty of other people seem to disagree with me.
The trouble is that when they partnered with AT&T, they partnered with the worst of the US cell carriers and AT&T has provided shockingly poor service ever since that day. In other countries where they made similarly poor partner choices initially, they have widened that out, but the only other national GSM carrier is T-Mobile and I guess that doesn't look attractive to Apple. We get used to laughably poor service, but when you get better network coverage in Mexico and rural Argentina than you do in New York City, there's an issue.
In addition to the mis-steps in the provider category, there have also been multiple concerns with the way the app store functions that, it seems to me, drive away the very people who were originally Apple's core demographic.
I'll probably end up with a new iPhone in late July or early August - when I can walk into a store and just buy one. There's the powerful force of inertia, the fact that I don't mind iTunes, have multiple Macs and a few apps I really like. But I'll be spending the intervening time looking for an alternative GSM smartphone on a different provider, and I suspect I won't be the only one.
(updated 6-17-10, 5:53 EST to clarify some sentences)
Sunday, June 13, 2010
Thought leaders with Macs?
I'm traveling this Sunday afternoon and once again in the United Airlines lounge, I notice quite a few Mac laptops. I started to notice this about a year ago - around the time I was starting to seriously contemplate the shift back to Mac from XP. I'd say that close to 25% of the laptops in use at any time in the club are Macs which is significantly more than the 5-10% market share usually quoted.
However, if you look at the top 20% of laptops sold by cost, the Mac share (at least according to this three year old report - I couldn't find anything newer) is almost 30%. And this market, I suspect, is the one represented in airline club lounges throughout the world (based on observations in the US, Canada, Europe, Australia and Argentina).
I'm very happy with my choice, although I wish the MacBook Pro was as light as my old Lenovo X61s. I also have a Dell Mini 10 running OSX (paid for) for personal use which is much lighter and more compact.
However, there are a couple of things that make it tough to switch 100% and get rid of that VMware XP image:
1. Entourage in Office for the Mac is not as good as Outlook still - supposed to be changing with Office 2010 for Mac. Why entourage can't support CalDAV calendars is beyond me.
2. PST support for Entourage. Actually this is now fixed with a tool from Microsoft, although I haven't yet imported those 20,000 plus archived messages from various PST files.
3. Visio? Every architect needs his or her Visio - isn't a large part of what we do draw pictures? I've read that ConceptDraw is a viable alternative, but I haven't downloaded the trial version yet.
Oops - gotta run for the flight. more later
Update (6/14/10 9:25 CST)
The other things that keep me having to have the VM image of XP around:
4. MS Project - is there a realistic Mac alternative for this?
5. Photoshop - I know, something of a red herring, but I have a licensed copy of PS for windows and I don't have $1000 to buy a mac license.
And this is minor, but IMHO feed demon for windows is better than net new wire for Mac even though they are from the same place.
However, if you look at the top 20% of laptops sold by cost, the Mac share (at least according to this three year old report - I couldn't find anything newer) is almost 30%. And this market, I suspect, is the one represented in airline club lounges throughout the world (based on observations in the US, Canada, Europe, Australia and Argentina).
I'm very happy with my choice, although I wish the MacBook Pro was as light as my old Lenovo X61s. I also have a Dell Mini 10 running OSX (paid for) for personal use which is much lighter and more compact.
However, there are a couple of things that make it tough to switch 100% and get rid of that VMware XP image:
1. Entourage in Office for the Mac is not as good as Outlook still - supposed to be changing with Office 2010 for Mac. Why entourage can't support CalDAV calendars is beyond me.
2. PST support for Entourage. Actually this is now fixed with a tool from Microsoft, although I haven't yet imported those 20,000 plus archived messages from various PST files.
3. Visio? Every architect needs his or her Visio - isn't a large part of what we do draw pictures? I've read that ConceptDraw is a viable alternative, but I haven't downloaded the trial version yet.
Oops - gotta run for the flight. more later
Update (6/14/10 9:25 CST)
The other things that keep me having to have the VM image of XP around:
4. MS Project - is there a realistic Mac alternative for this?
5. Photoshop - I know, something of a red herring, but I have a licensed copy of PS for windows and I don't have $1000 to buy a mac license.
And this is minor, but IMHO feed demon for windows is better than net new wire for Mac even though they are from the same place.
Friday, June 11, 2010
Filestore Provider in UCM
I have a meeting with a client later today to discuss the use of FSP in their UCM and URM deployment, so I thought it might be a good idea to talk a little about this under-used feature of UCM.
We developed the Filestore Provider for a client in NZ who had a requirement to store hundreds of millions of documents. Early in the sales cycle, we had proposed I/PM because that already was able to deal with these kind of volumes, but the customer rejected it because it only ran on windows.
So we had to come up with some way to manage file storage for up to 200 million objects on the file system that made sense in terms of the underlying file system. Filestore Provider met that need because it allowed us to modify the rules governing where files were stored (in all previous versions, native files were stored in a path /vault///. and web viewable files were stored at /weblayout/groups///documents//dDocName>.
Filestore provider lets us do a number of important things:
1. It lets us specify a different rule for the file paths - so we can embed metadata information in there to a) distribute the files more evenly across the file system, and b) leverage these paths for hierarchical storage management, backup, auditing, etc.
2. It lets us define different storage rules for different types of content - so web content can be stored on one file system, catalog pages on another.
3. It gives us the ability to specify a database storage rule and then store content on a database - either as BLOBs in Oracle 10g (not recommended) or as SecureFiles in 11g (much, much better).
4. We can specify rules that tell the system only to store one copy of some content and two of others - very important in large collections, where the duplication of files adds up really quickly.
Our client in NZ has been in production with FSP since 2005 on UCM version 7.1.1 and the FSP was made a core feature (and given an actual UI) for 10gR3. We tested with a 32TB file system and 200 million objects, but a well-planned storage system could easily be larger than this.
Some key points to remember:
We developed the Filestore Provider for a client in NZ who had a requirement to store hundreds of millions of documents. Early in the sales cycle, we had proposed I/PM because that already was able to deal with these kind of volumes, but the customer rejected it because it only ran on windows.
So we had to come up with some way to manage file storage for up to 200 million objects on the file system that made sense in terms of the underlying file system. Filestore Provider met that need because it allowed us to modify the rules governing where files were stored (in all previous versions, native files were stored in a path /vault/
Filestore provider lets us do a number of important things:
1. It lets us specify a different rule for the file paths - so we can embed metadata information in there to a) distribute the files more evenly across the file system, and b) leverage these paths for hierarchical storage management, backup, auditing, etc.
2. It lets us define different storage rules for different types of content - so web content can be stored on one file system, catalog pages on another.
3. It gives us the ability to specify a database storage rule and then store content on a database - either as BLOBs in Oracle 10g (not recommended) or as SecureFiles in 11g (much, much better).
4. We can specify rules that tell the system only to store one copy of some content and two of others - very important in large collections, where the duplication of files adds up really quickly.
Our client in NZ has been in production with FSP since 2005 on UCM version 7.1.1 and the FSP was made a core feature (and given an actual UI) for 10gR3. We tested with a 32TB file system and 200 million objects, but a well-planned storage system could easily be larger than this.
Some key points to remember:
- Most file systems have a maximum reasonable limit of 40-100,000 items per subdirectory or folder. Ignore theoretical maximums, research what is realistic. Sun engineers advised us to aim for no more than 40,000 files per subdirectory.
- You must, must, must keep the groups/
/ / string in the web viewable storage path rule - otherwise security checks from the web server will be bypassed. - You may need to create specific metadata values for the path to make sense (for instance we created a set of metadata values for year / month / day by breaking apart the dIndate) - the client was then able to use these paths to move files to lower cost disc after specified time intervals, simply by looking at the filepath.
- Use some kind of business logic to create the file paths - even if you aren't using it now. Some clients use substring calculations on dID and things like that. Why not use department/location/author or something that may actually be useful?
Thursday, June 10, 2010
Oracle Enterprise Content Management 11g released!
There was a major product launch earlier this week from Oracle and wisely they chose Tuesday to launch because some other tech company had some kind of new phone coming out.
There are lots of great new things in the new release: the most major change for all of us who have worked with the product for years is the change to an Application Server container architecture as opposed to the J2SE standalone app that UCM / Content Server has been ever since day one. For most practical purposes the application is fundamentally the same, but the new container architecture will allow us to do lots of great things with security integrations, cluster configs, and enterprise monitoring that were much more difficult to do with 10gR3.
The other exciting change is that IPM (Image Processing Management) 11g now integrates and co-exists with UCM/ECM. This is huge because it allows enterprises to now integrate their transactional and standard content into one system (or one common application architecture) and the transformational possibilities of this are substantial.
Lots more to come on this over the next few posts. In the mean time take a look at Bex, Billy, and John for their takes.
There are lots of great new things in the new release: the most major change for all of us who have worked with the product for years is the change to an Application Server container architecture as opposed to the J2SE standalone app that UCM / Content Server has been ever since day one. For most practical purposes the application is fundamentally the same, but the new container architecture will allow us to do lots of great things with security integrations, cluster configs, and enterprise monitoring that were much more difficult to do with 10gR3.
The other exciting change is that IPM (Image Processing Management) 11g now integrates and co-exists with UCM/ECM. This is huge because it allows enterprises to now integrate their transactional and standard content into one system (or one common application architecture) and the transformational possibilities of this are substantial.
Lots more to come on this over the next few posts. In the mean time take a look at Bex, Billy, and John for their takes.
Starting again
Now that I've completed my transition to my new role at TEAM Informatics, it was time to migrate my technical blogging to a new platform. In the spirit of my broader role at TEAM, I'm going to widen my focus beyond Content Management to address broader technological and business issues and hopefully contribute some useful insight into how to successfully deploy systems to manage all your structured and unstructured information securely and efficiently.
Subscribe to:
Posts (Atom)