Oracle Integration Cloud Gen 3 Upgrade - Tips and Features

As some of you may be aware, Oracle is migrating their OIC Platform to its new generation, called OIC 3. For those that remember the Gen 1 to Gen 2 migration, this one is more impactful, delivering a significant overhaul from a UI and usability perspective, as well as many new features. This entry will cover some of the features that I am most excited about, as well as important links and other key information relative to the upgrade effort.

An overview of key highlights with opportunities is below, and detailed documentation to all new features and other information is available at the bottom via links. Also, new updates are being rolled out to OIC Gen3 every month.

Gen3 Feature Highlights	Opportunities
Large payload support for integrations	Payload support is growing with Gen3, which allows for more complex use cases and larger volume to be processed, which will be a win already, but also can eventually lead you to rationalizing other tools away, such as MuleSoft and Biztalk, if you use those platforms.
Enhanced Disaster Recovery Capabilities	Gen3 will have an enhanced Oracle Managed DR offering that should simplify and reduce manual labor versus our existing DR strategy in Gen2, more on that below.
Private Endpoint Connectivity	This feature will set the stage to deprecate the connectivity agent used in OIC to connect to the DBCS or ADB (autonomous database) where you may house PLSQL for complex business logic, and instead allows us to connect OIC to the Autonomous Database directly, and if you have your own tenant ADB for VBCS, then both can coexist. In short, you can rationalize databases by removing the DBCS environments and consolidate VBCS and OIC into a single ATP (autonomous database), and while replacing the connectivity agent (third party) with an adapter (native), reducing technical debt and failure points, should you have this type of configuration in OIC 2 currently.
New recipes and adapters	Enhanced connectivity and opportunities both to accelerate development of new integrations and to reduce technical debt, such as custom integrations between OIC and custom identity or token providers.
Enhanced Event Framework	True pub sub capabilities will now exist in OIC, which will simplify when we use this pattern, as today we have to write parent/child integrations with custom hand offs, versus using native event capabilities internally in OIC. There also appear to be enhanced polling capabilities.
RBAC and Projects	This feature will enhance how you utilize global OIC environments across business units and teams, better allowing HR and AFT to co-exist on the same environment (for example), reducing risk and improving supportability. You can also move away from having independent Dev environments for HR and AFT or CX, and consolidate.
RPA Capability	RPA capabilities will be added to OIC, which will allow for the utilization of this feature to address RPA requirements and aid in removing dependencies with external tools and the utilization of less integrated and supported RPA capabilities, such as Blue Prism, in the context of the broader Oracle footprint.
Increased Observability	Changes to monitoring and API framework that will allow for enhanced monitoring capabilities.

To note:

• Not all features in Gen2 may yet be available in Gen3, and this upgrade also impacts VBCS and Process Automation, so extensive testing will be required, including performance testing.
• Oracle has mentioned that middle of next year will be the deadline to migrate, potentially August, and although initial research shows that many clients are still in Gen2 and that upgrade issues can happen, you should plan and execute this sooner than later.
• Some of our features weren’t ready or fully developed in OIC 3, such as the VBCS auto upgrade, and other features, and also that there’s several break/fixes that have been completed to stabilize OIC 3. As an example, Oracle was tracking an internal bug relative to stage files read/write, and this had a performance difference compared to Gen2, as an example 20-minute runtimes would go to an hour or two, which highlights A) the need to check the Known issues link, but B) to perform extensive regression testing, and also performance testing.
• I also recommend that you upgrade a single instance as a pilot, perform your test plans there, prior to moving to upgrading several environments at once.
• The VBCS and PCS assets within your Gen 2 instance will now be part of the auto upgrade process, which was previously not available, and would have caused significant manual work on your end, however, there's some outstanding licensing concerns Oracle is working through in this regard and some updates have been postponed until February, but if you have a simple instance without VBCS or PCS, there's no reason to wait, and you can go to OIC 3 already.
• Oracle utilized the auto upgrade process to internally upgrade many of their complex OIC assets in Q4 (which include VBCS and PCS), which has increased confidence in the process for those that will undertake the complex upgrade path.
• We confirmed that the IDCS stripe that the Gen2 instance is related to will not be impacted by the upgrade, and that OIC instance names, URL’s, etc. will also not be impacted.
• We confirmed the connectivity agent does have changes relative to how it authenticates (no longer supports basic authentication), but that it should be seamless during the upgrade process, but if you use a connectivity agent make sure to test it well.
• When you login to your Gen 2 environment, there will be a section that tells you if your environment meets the prerequisites to be upgraded, it is important these upgrade pre-checks pass, check the link below for more information. Also, if you don't want your environments to be auto upgraded if the pre-checks are met, it's important that you communicate with Oracle, to avoid surprises, you can raise an SR to postpone migrations.
• Lastly, our current understanding is that the deadline to migrate to OIC 3 will be August of 2024, currently, but this could move depending on adoption and issues.

Links to Documentation:

• What’s New in Gen3: Oracle Cloud What's New for Oracle Integration 3
• Differences between Gen2 and Gen3: https://docs.oracle.com/en/cloud/paas/application-integration/whats-new/index.html#GUID-6366FC51-5836-4D2E-AF8E-E9E939BF7330
• FAQ: https://docs.oracle.com/en/cloud/paas/application-integration/oracle-integration-oci/upgrade-faqs.html [docs.oracle.com]
• Upgrade pre-checks: https://docs.oracle.com/en/cloud/paas/application-integration/oracle-integration-oci/prepare-upgrade-oracle-integration-3.html [docs.oracle.com]
• Known issues: https://docs.oracle.com/en/cloud/paas/application-integration/known-issues/preface.html#GUID-34683717-9FA8-4982-BD27-39E1AAA43FBF
• Upgrade from OIC Gen2 to Oracle Integration 3 (OIC3) - Schedule Information (Doc ID 2977663.1)

Oracle FA - Credential Store Framework (CSF) Key Registration with Oracle Integration Cloud for Business Events

The purpose of this entry is to provide information regarding registering CSF keys and configuring connectivity between the Fusion based ERP application and Oracle OIC!

As discussed in prior entries, Cloud ERP provides business events which can be subscribed to by Oracle Integration. To enable the trust between OIC and ERP, in a FA-based SaaS instance, the outbound call of a webservice uses a OWSM security policy which retrieves the credentials for the call from a CSF Key.

Credential Store Framework (CSF) keys are credentials that use basic authentication (username and password) to certify the access of users and system components. Once the registration process is completed then the CSF keys will help to trigger the business events and call-backs from ERP to OIC, and after catching the event in OIC, we can apply our business logic and perform any other action, such as calling an external API, sending an email, writing the output to a database, and more.

For this to work we must create a local IDCS account with admin privileges in OIC, and use that ID in the CSF key configuration. We must note that Oracle now also has a token based alternative, but that will be covered in another entry.

To generate the CSF key, follow the below steps:

a. Login into the OIC instance with the user credentials and navigate to the Integration home page.

b. Click on the username from the top right corner of the OIC page and select About.

c. The CSF Key will be generated by appending the identity domain and OIC admin. The format for the csf key generation is mentioned in the below table.

Format: <Identity Domain><Service Instance>

Now, follow the step by step process to configure CSF key:

a. Navigate to Oracle ERP SOA Composer to configure CSF key from the below mentioned url.

b. SOA Composer URL - https://<erphostname>/soa/composer

c. Login to the cloud application with your Oracle Cloud ERP user credentials

Note that you will need the following two roles, to perform the following actions:

SOA_OPERATOR_ROLE_JOB

SOA_DESIGNER_ROLE_JOB

d. Once the login is successful then click on the Manage Security from the right side of the page. Then click on the Manage Security and another popup will be open to provide the Manage Credentials details. Please refer to the below table to provide the Manage Credentials details.

Once the details are provided then click on the Register button to complete configuring the CSF KEY.

#	Element	Description	value
1	csf-key	Specify the csf key as extracted from the section before.	<Identity Domain><Service Instance>
2	User Name	Enter the OIC admin user name	Local account we talked about earlier.
3	Password	Enter the password for accessing OIC application	<PASSWORD>
4	Confirm Password	Renter the same password for second time	<PASSWORD>

Now it's time to verify the configuration has been done successfully.

Once the CSF Key configuration is completed then the CSF Key verification should be done.

a. Access the below mentioned FA Cloud instance by executing the following URL in a browser.

NOTE – Access the Event Subscription URL from IE, Firefox or Edge Browsers. Do not use Google Chrome browser

 
b. Event Subscription URL – https://<erphostname>/ soa-infra/PublicEvent/subscriptions

If the event subscription url doesn’t work from the browser, then use the same URL in Postman to test it.

In the basic authentication section in Postman, pass the credentials for the local user and run the endpoint.

With this, OIC will now be able to listen to business events from ERP. One additional point to note, if you ever change the password for the account used for this setup, this trust will be broken. Also, rather than using the "update" option when changing the password and following these steps, you have to "register" again, because the changes won't take effect due to caching.

Oracle Integration Cloud (OIC) - Introduction and Best Practices

As more customers adopt the Oracle Cloud Infrastructure (OCI) platform, and also the Fusion applications, such as ERP and HCM, the usage and prominence of the Oracle Integration Cloud (OIC) platform will continue to grow. OIC is a middleware, much like other competitors in the market, such as the Azure integration options, Biztalk, Boomi, and such. The competitive advantage of OIC, as it relates to the Oracle space, particularly for Cloud tools, is how the OIC product managers work closely with the FA development teams, and ensure that the adapters provided inside OIC for ERP, HCM, etc. stay up to date and are tested as quarterly patches are rolled out for both OIC and FA. In short, there's technical stack harmony when you use OIC to integrate with Oracle Cloud, not to mention that if you want to subscribe to business events from ERP, if you are looking to do event driven integrations that are real time, then OIC is your only option, since other tools cannot subscribe to these business events. In terms of adapters in OIC, the ERP and HCM adapters provide for reduced complexity when integrating with those systems. With the adapters, for example, you can subscribe to events, but also integrate via FBDI or HDL files without having to orchestrate calling many different jobs, and the adapters will instead handle a lot of the complexity on your behalf.

OIC is currently in it's third generation (Gen3), although a lot of customers are still using Gen2, and it has grown quite a bit in terms of capabilities over the last few years, particularly in terms of it's service limits. Previously OIC did not handle large files very well, or large payloads for API patterns, and although it still has limitations in this space, great strides have been made, and it can satisfy a lot of requirements that you may throw at it. As you utilize OIC, before implementing a design pattern, carefully review the service limits here, as you don't want to spend many cycles developing integrations that will fail when being load tested, or performance tested later on.

OIC can be licensed in several ways, but with the Enterprise License, you will get more than just Integrations, and you also get the Visual Builder web development IDE, to extend your SaaS applications, as well as the Oracle Process Cloud product (although this may no longer be bundled with OIC starting with Gen3). With OIC you need to keep a close eye on your message pack consumption, as that can drive up your cost a bit and also impact performance, if you environment is not sized correctly for your usage.

Below I've consolidated a lot of the best practices we have identified by using OIC over the past 4 years, to execute hundreds of integrations across multiple business units.

If you are planning to use OIC, review these in detail, and also pay attention to the third slide that talks about message pack consumption, as depending on how you implement your integrations, you could be unnecessarily incurring additional cost.

Another recommendation is taking complex business logic out of OIC, and instead use OIC to invoke stored procedures in a database cloud service (via a connectivity agent) or autonomous database (via adapter), because these heavy operations that rely on extensive business logic can be done with PLSQL quite more efficiently, and you can use OIC to control the flow, make external calls, and much more.

In terms of drawbacks, OIC still struggles with large files if you want to deal with them outside of them being an opaque element (meaning you don't understand the contents of the file and it's schema). We have also ran into issues when scheduling too many integrations, even with the maximum allowed number of message packs (but this isn't an area of concern unless you are scheduling hundreds of integrations in the same environment). From a disaster recovery perspective, OIC is highly available within it's region, but if you want to implement HA capabilities across multiple regions, accomplishing this is a bit manual and not as efficient as it could be, the architecture can be seen here, for Gen2.

In summary, OIC is a strong solution that continues to grow, but understanding it's limitations is key in order to implement the most robust integrations on behalf of your business partners.