www.zippyzebra.co.uk • We are a software development company specialising in developing bespoke Oracle based solutions with a particular focus on APEX. • Our mission is to use agile methods to develop effective business solutions that fully meet our customers business requirements. • We focus on database driven technical solutions enabling our customers to really leverage on their investment in Oracle technology. Who are we? Zippy Zebra was Founded in 2006 by: Jonathan Rhind Over 20 Years development experience with Oracle technology Zaid Ali Over 20 Years development experience with Oracle technology A bit more About Us Our Team Our core development team consists of a very experienced group of dedicated individuals that we have known and worked with over many years. Proud to be : • • An Oracle Partner A Member of the APEX Feature Advisory Board Services we provide include: • APEX development • Analysis • Database Design • Application Design More about what we do • User Interface Design • Integration / Interfaces / Web Services • Prototyping • Assistive Technologies • Application Security Liverpool Victoria – Travel Insurance Key Features: • eCommerce Quote and Buy Insurance website Turning Point • Dual user interfaces • Web Front End (Internet) • Call Centre Front End (Intranet) • Shared application logic layer • Print Integration (PDF Generation and Download) • Online Card Payment Integration • Sophisticated Bespoke Rating Engine • Third Party Branding • Live operation since 2008 Ministry of Justice National Offender Management Service (NOMS) National Offender Management Service (NOMS) • The National Offender Management Service (NOMS) is an Executive Agency of the Ministry of Justice. Ministry of Justice • Provides offender services in the community and in custody in England and Wales. • Works to protect the public and reduce reoffending by delivering the punishment and orders of the courts and supporting rehabilitation by helping offenders to change their lives. • NOMS keeps the public safe by ensuring that around 260,000 offenders each year securely undertake the punishment provided through the prison and probation services. National Offender Management Service (NOMS) • OASys is the abbreviated term for the Offender Assessment System, used in England and Wales by Her Majesty's Prison Service and the National Probation Service. OASys • As part of a modernisation programme the existing OASys system was to be completely re-developed. • The goals of the new OASys were to provide a single database containing all offender and assessment data delivered to users in a browser based application with a rich user interface including support for assistive technologies. • Ability to support user base of approximately 60,000 users OASys live since March 2013 National Offender Management Service (NOMS) How did we get involved? Our Involvement • Decision made by HP and Capita to investigate use of Oracle Application Express • Approached by HP, due to our extensive APEX and Oracle experience • Engaged by Capita and HP to do a number of technical workshops to assess the technical feasibility of creating such a large application using Oracle APEX • After the successful completion of the workshops, covering the key technical challenges, Zippy Zebra was commissioned for the technical design and application development of the new OASys system Our team had full responsibility for: • Technical Design • Application Development • Configuration Management. Our Roles and Responsibilities • Engagement of our Development Team “Having worked with the Zippy Zebra team for nearly two years, I have been constantly impressed by their technical knowledge and the way they have applied it to complex business scenarios. The resulting application has received consistently high praise from the user community. Under pressure to deliver in short timescales, they have put together a team of highly skilled and commited developers.” Martin Hiorns, Project Manager OASys Project Capita Software Stack: • Oracle 11g Enterprise RAC (Including APEX 4.0) • Oracle BI Publisher • Oracle HTTP Server The Technology Client Support: • Internet Explorer 6 Only (Currently) Key Project Challenges: • Design of the User Interface • Structuring such a large APEX Application • Supporting Assistive Technologies Key Challenges • Internet Explorer 6 • Performance • Security OASys What does it look like? Screenshots Here Screenshots Here Screenshots Here Create Project Standards: • Coding Standards • Coding Style • Best Practice • Standard API’s e.g. error handling • Debug Project Development Standards • User Interface Standards • Consistent Look and Feel • Visual Style Guide – e.g. Search Page, Edit Page etc • Widget / Component Library Make Sure of the following: • Keep these documents up to date • Ensure Development team know and understand these documents in detail Application Structure – “Modules” Structuring Large APEX Applications What do we mean by a “Module”: • Single APEX application • One or more pages • Performs specific business function Structuring Large APEX Applications • Associated Module Package • Associated Module Views APEX Parsing Schema has permissions to access following: • Module packages / Generic Packages • Views All Database objects owned by separate owning schema – minimal objects exposed to APEX Parsing schema via synonyms and grants Multiple “Modules” - create a seamless application system • Decide on a level of granularity • Each Module has a “Landing Page” and one or more related pages • Landing Page is the only URL access enabled page in a module Structuring Large APEX Applications • All Modules share same APEX session – via session cookie defined in subscribed authentication scheme • Modules allow ease of maintenance for large development team • Use Application and Page aliases • Build standard navigation API’s • Create Master Library Application • Contains “Master” copy of all Shared Components • Contains test pages for each component type including any JavaScript components Structuring Large APEX Applications • Use Copy and Subscribe functionality of Shared Components • • • • • Authentication Schemes Authorization Schemes Templates Plug-Ins LOVs • Create “Hooks” in Application Level Processes for common events • Contains Test pages for Theme Templates and all UI components • Create Starter Application • Pre-configured application containing required subscribed components • Developers take a copy of this application when starting a new Module Structuring Large APEX Applications • Contains common components on Page 0 • Contains standard set of Application Items and Processes • Create Top Level Application • The Login Module • Entry point to entire application • Owner of shared Authentication scheme via subscription • OASys consists of 120+ Modules • That’s 120+ individual APEX applications • All work seamlessly together as a single application Structuring Large APEX Applications • Provides flexibility with medium/large development team • Ease of maintenance • Easier source code control • check-in / check-out individual Modules • Easier release management – due to granularity Application Logic Structured Using PLSQL Package API’s Structuring Large APEX Applications API Layers • Table API Packages – as table interaction not just through APEX • Adds another layer of security – Table access not directly exposed to APEX parsing schema just packages Structuring Large APEX Applications • Module API’s – one package per APEX module • Minimal PLSQL in APEX pages – only contains calls to event handlers from corresponding Module API Package • Allows sharing of all application logic e.g. from Native Webservices from Batch processes • Business Logic API’s • Utility and UI API’s OASys Interface Layer consists of: • SOAP Webservice calls to BI Publisher • Native web services exposed for incoming Case Management Systems to consume – PCMS, CRAMMS, PNOMIS OASys Interfaces • SOAP Webservice calls for live Offender searches across other internal systems direct from within OASys search screens No JAVA stack required! All Web Service functionality performed via Oracle Database and PL/SQL User Interface Designing the User Interface • Build static HTML prototypes for key areas • Pages • Search Page • Edit Page • Modal Page etc • Regions • Menus • Integrate and Test JQuery components • Get user agreement • Create APEX Templates from Static HTML • Create full APEX Theme Standard Header with Pull Down System Navigation Menu – Dynamic Region – Page 0 Designing the User Interface Floating Accordian Menu – Dynamic Region – Page 0 Tabs – Dynamic Region Designing the User Interface Government projects insist on compliance with AT software • Do not assume browser will support AT software Supporting Assistive Technologies • Identify technology to be used Dragon (dictation) Jaws (screen reader) Read & Write Zoom Text • Design AT standards into core build • Use specialist testers with knowledge of the tools Apex is NOT the culprit, your application code is! • Tune all application SQL and PLSQL • Use Oracle tools Explain Plan, TKProf, AWR Performance • Use Statistics from a volume database in Development / System Test environments to detect poor performing queries early • Simulate concurrent connections 10,000+ with a tool like LoadRunner • Tune JavaScript/Jquery – especially Jquery selectors used • Cross site scripting – escape your data • SQL injection • Use bind variables • Beware of Dynamic SQL Security • Enable Session State Protection • Prevent URL hacking • Use page blockers to prevent duplicate page submissions • Feature also built in to APEX • Penetration Testing • Use Authorization Schemes • Sharing session state across applications • 100 item limit on page (200 with APEX 4.2) • APEX session tables RAC - Contention Issues encountered with APEX • Sharing session state across applications • Created our own session state tables • APEX 4.2 now provides read/write to application items across applications Our Solutions • 100 item limit on page • Created our own dynamic renderer based on our own metadata • Renderer uses APEX_ITEM API’s to work around 100 item limit • APEX 4.2 item limit now 200 items per page • APEX session tables RAC - Contention • Caused excessive traffic across RAC interconnects • Implement Instance affinity – bind sessions to same RAC nodes • Dynamic Actions • Plugins New APEX Features Used • Oracle always there to help • Direct communication with APEX team at Oracle Oracle Support Use APEX for Enterprise Systems? YES Q &A www.zippyzebra.co.uk Please feel free to ask us any questions