This advisory provides some guidelines for the product and portfolio teams to enable them to determine whether or not Oracle APEX is an appropriate tool for a specific custom build.
apex_advisory_v1.00.pdf | 486 KB |
apex_advisory_v1.00.pdf | 486 KB |
Authors |
|
---|---|
Version | 1.0 |
Last Revised | 23-Mar-2022 |
Status | Published |
Document Type | Single Topic Advisory |
Audience Level |
|
Over the past several years there has been a growing use of Oracle APEX as a development platform for creating business applications within Harvard University. This has resulted in close to 140 APEX applications introduced into the environment with varying standards of build and deployment.
This advisory provides guidance to the product development communities in determining when Oracle APEX is fit for purpose and offer some best practices to follow in the creation of the resulting applications.
There is an increasing business demand for web applications which can be easily accessed and can handle substantial amounts of data. There is also a growing demand for faster development including faster prototyping. Oracle APEX provides a platform that meets these demands.
Oracle APEX is a low-code, web application development framework that runs directly out of the Oracle Database and uses Oracle REST data services (ORDS) deployed in a WebLogic server for data access. The application definitions are stored in the database as meta data. ORDS, a mid-tier Java application, provides a database management REST API and the ability to publish RESTful web services for interacting with the data and stored procedures in an Oracle database.
Oracle APEX is included by default with all editions of the Oracle database. It can be used to build a wide variety of applications from the simplest application that converts a spreadsheet to a web page, to mission-critical applications which are used daily by tens of thousands of users.
This advisory provides some guidelines for the product and portfolio teams to enable them to determine whether or not Oracle APEX is an appropriate tool for a specific custom build.
Oracle APEX is appropriate for the creation of applications that are data driven and running on Oracle databases. Increasingly, with the use of REST APIs, the scope of use is being extended beyond Oracle databases. However, the following use cases have been identified as potentially good candidates for APEX at Harvard.
The advisory also includes several scenarios where APEX is likely not a good fit for your application like:
It is recommended that the teams review their current environment architecture and portfolios for use of Oracle and other development platforms, and their organizations for the skills required to create and maintain an APEX application. They should then consider the costs, benefits, risks, and complexity of introducing a specific Oracle APEX application into their organization and portfolio. They should also consider how well a custom build aligns with the strategic direction being taken by HUIT or a specific school.
Finally, this advisory provides some best practices for the development and DevOps teams for both the creation and deployment of APEX applications.
This document is intended for IT Managers, product & portfolio owners, APEX developers and DevOps teams who are creating business applications to aid in their determination of whether Oracle APEX is the appropriate platform for a particular use case, and once developed, in the deployment of the application.
The assumption made in these recommendations is that there is no competitive product on the market that is available to the team, and a decision has already been made to build a custom application.
There are four areas of consideration in determining whether Oracle APEX is an appropriate for a custom build:
The use cases are discussed in section 5 of this advisory.
In determining whether Oracle APEX is the best fit for a custom build, consider the strategic direction of HUIT or a specific school and how Oracle and specifically APEX aligns with that vision.
In analyzing your environment and team capabilities, ask the following questions:
In summary, the use of APEX to create applications is more appropriate when there is existing APEX infrastructure and expertise. The expertise should include Oracle database administration and APEX development. As noted above, the expertise to stand up APEX infrastructure can be part of a DevOps team or if the environments are hosted then part of the services offered.
Note that this does not exclude teams just starting out with no infrastructure or the required expertise. These teams might incur higher initial costs and have greater risks using APEX for an application build. The team would need to ensure that considering all the factors discussed, it still makes sense to proceed using Oracle APEX.
In addition, the data sources that will serve your application should factor in your decision. The more of your data sources that exist in Oracle databases, the more appropriate it would be to use APEX to create a new custom application. However, an APEX application can still interact with data that is not in an Oracle database using RESTful APIs.
Finally consider how many other development platforms your team will have to work with. Keeping that number reasonably low will reduce complexity in your environment.
The costs, complexities, risks, and benefits analysis will give the team the opportunity to weigh the following:
The higher the costs, complexities, and risks introduced for few or limited business benefits, the less appropriate Oracle APEX for a specific scenario.
Below are some examples of use cases where Oracle APEX has been or could be used to create business applications in Harvard.
These are applications that replace spreadsheets, PDF forms, and email review and approval processes. They often provide organization-specific dashboards, improved workflows, or fill reporting gaps
They also can provide interactive reporting and data visualization applications based on disparate data from across multiple systems.
This category of applications provides application specific solutions for fine grain access control for other APEX and non-APEX applications. An example of this is Alseta.
The applications define user-organization unit, user-object, and user-organization unit-object relationships. They are used to define and manage the ownership and allowed operations and actions.
Applications that extend ERPs and other enterprise software to avoid customizations within a vendor application or when a business application like EBS, GMAS, Peoplesoft or Center Stone have limitations in terms of how the data can be viewed of number of licenses in the case of Center Stone.
These are applications that fill business needs not covered by any of the existing enterprise applications or new business needs triggered by some unforeseen change like Covid-19.
Often there is a need to fill the business need in days or weeks and not months or years. The development teams can easily modify to meet changing requirements and rapidly iterate to a production ready application. A key aspect of this use case is that often applications that are needed urgently and developed quickly end up having an operational life measure in years.
When your organization has an idea for an enterprise application, you can quickly create and test a prototype to determine its viability.
Your organization may have many tech-savvy workers that would benefit from being able to put together highly customized enterprise applications to support their work. These users can get what they need without taking up the development team’s time for most of the process. The use of APEX in this case helps to impose some standards and consistency in development.
The goal of the best practices below is to ensure that good and consistent practices are followed in the development of APEX applications. These best practices should be considered when designing an application and managing the development process.
A data model will provide the structure, definition, and format of the data. It is the foundation for any applications and a good application requires a good data model. It is essential not simply for storing data and implementing data related business rules but also for application performance.
Institute some common practices that a development team adheres to when creating APEX applications. Here are some recommended practices:
Pick a theme and create a template and used by all developers within your organization for a consistent look and feel within and across applications. Embedded in the templates should also be the reusable components and security models.
The ability to be able to turn on logging and debugging at any point to see what is happening behind the scenes is particularly important. Utilize all the appropriate Oracle provided features and recommended logging and debugging techniques.
Build as many reusable components as possible such as PL/SQL packages to do error handling and if APEX needs to be extended, make use of plugins, or use the main building blocks of APEX like PL/SQL, jQuery, HTML5, CSS.
Workspaces enable the separation of web applications and databases to ensure security and data integrity. Each workspace is associated with one or more database schemas (database users) which are used to store the database objects, such as tables, views, packages. Applications can only be associated with one workspace.
There are several things to consider when creating workspaces such as security, users and development accounts, REST services and interactive reports.
A workspace with access to multiple database schemas would be a concern for managing RESTful services because there is currently no way to specify a parsing schema. In this case, a one-to-one mapping of schema to workspace with the purpose of managing that schema’s RESTful services would be one way to go.
In an organization with less experienced developers, giving each developer their own workspace and schema might be most appropriate. This would allow them the space to learn more about the tool without any chance of negatively impacting other business applications.
In general, determine the required user and developer management scheme then plan out the appropriate APEX workspaces.
Below are a few best practices to follow on documentation:
It is still a common practice for teams to use database links to expose and share data between databases. Database links while a simple, straightforward, and useful method for transferring data, pose several concerns including security, distributed transactions and performance resulting from the coupling of databases and applications.
ORDS provides all the requirements to create, manage, expose, and secure RESTful services. If you need to expose or share data from your APEX application, consider creating REST services against your database objects.
An inventory would keep track of all the custom APEX applications within your environment. It would also provide valuable answers to important questions like
As with the development best practices above, consideration should be given to the deployment best practices below to ensure the application will operate properly and be supportable over time.
The runtime environment enables users to run a production application without supporting the ability to change or edit the application or the ability to run ad hoc queries from the SQL Workshop component.
A runtime environment includes only the packages necessary to run your applications, making it a more hardened environment. It does not provide a web interface for administration.
Standard deployments are necessary. Create best practices and security guidelines for APEX deployments.
Review existing APEX environments with a goal of using shared infrastructure as much as possible.
Using Amazon’s managed database service (RDS) means AWS takes over many of the difficult and tedious management tasks of a relational database like installations, upgrades, patching, backups, automatic failure detection, and recovery.
Create a self-service development environment where developers and other tech-savvy users can create prototypes and proofs of concept for business applications.
Create naming conventions and templates for the use of variable URLS.
The various product teams should consider consolidating the AOP Plugin licenses into a common license.
Ensure support organizations such as DevOps are prepared and trained to support the APEX applications.
The situations below would warrant that a team look at alternatives to APEX.
It is important to note that the APEX platform is constantly evolving and some of the scenarios below may get addressed in future releases. The Oracle APEX roadmap can be found here https://apex.oracle.com/en/learn/resources/roadmap/.
These are applications built to be used on a specific device or OS e.g., navigation apps on mobile phones. These applications require native low-level access to a device’s peripherals.
In general Oracle APEX is most appropriate for data centric web-based applications. If the desired solution is a rich client application, then it is not an appropriate platform.
The application can execute offline without network/internet connection to supporting application and database servers. APEX developed applications require access to the database to work.
A single page application is a web application that interacts with the user by dynamically rewriting the current page, rather than loading entire new pages from the server.
Oracle APEX is a multi-page application (MPA) framework. It is possible to achieve single page applications using custom code or by integrating a JavaScript framework like Oracle Jet, ReactJS, AngularJS etc. However, these options would likely involve more effort and result in a more complex application.
Oracle APEX allows for the creation of web applications which responsively work on any mobile device; however, it does not natively allow for the creation of applications that can be installed on a mobile device. To solve this problem, applications would need to be implemented as a Progressive Web Applications (PWA). Even then, the application would still require a connection to the Oracle database to work.
For large scale development efforts, an effective framework that allows multiple developers to work concurrently is necessary. The ability to manage multiple versions of the application through its development life cycle is also critical.
Unlike file-based development languages, APEX stores the application definitions as metadata inside an Oracle database. It has an export feature that generates a file with many randomized values which makes it challenging to compare two copies of the same application.
Therefore, key aspects of version control like tracking changes, tagging, and merging code, and rolling back changes have to be handled differently in APEX. For example, to mitigate the inability to track changes, it is recommended that as much code as possible is stored in packages. These packages can be stored as regular files and as such it would then be simple to do a diff comparison.
At an application level, tools like APEX Diff can be used to export an APEX application in a JSON format. Diff Comparisons using the JSON format exports can then be done on different versions of an APEX application.
The scope of this advisory is limited to APEX design, development, and operation. Within Harvard there are several other development platforms in use, and considerations that go beyond the use of APEX.
This advisory does not offer a comparison between Oracle APEX and any other development platforms.
The following are additional resources on the Enterprise Architecture website that would be helpful when creating or implementing any software solution.
TABLE 1: CUSTOM BUSINESS APPLICATIONS
# |
Use Case/Application |
Description |
IT Team |
Business Area |
1 |
ASIP (Annual Salary Increase Process) |
• Administrative interface for departments, divisions, and HR to manage FAS annual salary increase processes for non-union and union staff. • Facilitates informed decisions - identifies departments’ budget pools and can incorporate performance ratings. • Manages data in flux that requires action. • Includes approval workflows. • Generates official letters to staff. |
HUIT/ATS (HR Systems) |
Human Resources |
2 |
FROPS (Faculty Review, Offer, Professorship and Searches) |
• One of the largest Apex applications with over 200 database tables. • Faculty career lifecycle event tracking application: tracks and reports on searches, candidates, offers, reviews, and leaves management. • Tracks a faculty member’s leave history, eligibility, request tracking, and notes in conjunction with the Leave Request Application. • FAS only |
HUIT/ATS (HR Systems) |
FAS Faculty Affairs |
3 |
PREP (Position Request Portal) |
• Facilitates the FAS position controls process, for staff positions. • Includes approval workflows. • Provides a repository for statuses/outcomes/decisions about positions. • Facilitates basic reporting. |
HUIT/ATS (HR Systems) |
Human Resources |
4 |
Bonus Application |
• Like ATS’ ASIP but bonus focused • Could not use ASIP because of different business rules. • Data sent back to PeopleSoft after the workflow completes |
HMS |
Human Resources |
5 |
Helpdesk Utility Application |
• Connects to Midas and ServiceNow |
HMS |
IT Service |
6 |
HarvardKey Registration |
• In the pipeline. • Would eliminate the PDFs currently used to generate the information entered in CAS. • It would provide a mechanism for reporting on the number of applications registered, who owns each app etc. • It would provide a mechanism to create new application requests. • Currently there are 4 protocols in use for authentication managed by 4 different applications. |
IAM |
|
7 |
FIFA (Faculty Instructional Funding Application) |
• Tracks endowed funds with the purpose of professorship. • Matches faculty to restricted funds with the purpose of freeing up unrestricted dollars. • Tracks faculty agreements included in offer letters and generated add pay upload file for PeopleSoft. • FAS Only |
HUIT/ATS (HR Systems) |
FAS Faculty Affairs and Finance |
8 |
HILDA (Harvard Interactive Library of Data Assets) |
• Tracks data elements and data dictionary components for Alumni Affairs. Replaced Collibra. |
HUIT/ATS (HR Systems) |
Alumni Affairs & Development |
9 |
Asset Tracker |
• Tracks assets from purchase to assignment. Has full histories and reports on the department's technical needs |
HMS – AA&D |
Alumni Affairs & Development |
10 |
Reunion Committee Portal |
• Application for reunion committee members. |
HMS – AA&D |
Alumni Affairs & Development |
11 |
Board of Fellows |
• Personalized site for Board of Fellows to share resources and contacts. |
HMS – AA&D |
Alumni Affairs & Development |
12 |
Intramural Sports |
• Intermural app allows you to manage those events and meetups set up by the intermural division. |
Student Systems |
Student & Student Lifecycle |
13 |
Athletics Applications |
• There were some legacy apps written in Perl, that are getting rewritten in APEX and vended apps. |
Student Systems |
Student & Student Lifecycle |
14 |
College Facebook |
• unsupported and outdated College Facebook application is being rewritten with new features |
Student Systems |
Student & Student Lifecycle |
15 |
Roster Wizard |
• unsupported roaster wizard application is being re-written. This helps house monitors and security personals to manage roster related information |
Student Systems |
Student & Student Lifecycle |
16 |
Course Balance tool |
• A tool used by FAS Colleges to ensure courses being created are following the rules set by the college |
Student Systems |
Student & Student Lifecycle |
17 |
Office or Arts registration system |
• OFA’s online registration system is going out of support, and they wanted to create a complete online registration system that allows them to register internal and external patrons with payment capability. |
Student Systems |
Student & Student Lifecycle |
18 |
Research Administration Portal |
• Brings together data from multiple research administration and compliance applications to provide researchers with a single view of pending research administration tasks and their current portfolio. • Includes selected data from GMAS (Oracle) and the Huron Research Suite (SQL Server). • Does not replace specific, purpose-built administration and compliance applications but helps researchers to navigate disparate research administration requirements. |
HUIT/ATS |
Research Administration |
TABLE 2: REPORTING AND WORKFLOW APPLICATIONS
# |
Use Case/Application |
Description |
IT Team |
Business Area |
1 |
Applications Metrics Platform |
• Provides charts and reports used for monthly or annual reporting on the applications portfolio. e.g., since 8/2019, there have been 7,100 distinct users, 240,000 logins etc. |
HMS/IT |
IT Service |
2 |
Aurora Reporting |
• Reporting tool for Aurora HR (FAS) application. |
HUIT/ATS/HR Systems |
Human Resources |
3 |
POI Portal |
• Reporting Application - My POI dashboard. • Manages transaction requests for new POIs. • Workflows using open-source plugin called flows for APEX. |
HUIT/IAM |
|
4 |
Masthead |
• FAS listing of faculty and affiliates of a department and standing committee members including chairs and area deans. |
HUIT/ATS (HR Systems) |
FAS Faculty Affairs |
5 |
Workflow Application (Name of APEX app?) |
• Application built for faculty reporting and workflow. |
||
6 |
Reunion Report Portal |
• Application to access, edit and submit reunion reports. |
HMS – AA&D |
Alumni Affairs & Development |
7 |
Pledge Reminders |
• Application to manage open pledges and ensure fulfillment. |
HMS – AA&D |
Alumni Affairs & Development |
8 |
Data Hub |
• A unified location for data for data updates from both individuals and systems. |
HMS – AA&D |
Alumni Affairs & Development |
9 |
Donor Acknowledgement |
• Has weekly refreshing acknowledgement batches that allow for both personalized recognition and efficient delivery. |
HMS – AA&D |
Alumni Affairs & Development |
10 |
Gift Report |
• Customized fiscal gift reporting for HMS' units outside of AAD and finance. |
HMS – AA&D |
Alumni Affairs & Development |
11 |
Reunion Event Management |
• Aggregates reunion event data. |
HMS – AA&D |
Alumni Affairs & Development |
12 |
Funds & Terms |
• Provides insights on HMS funds and their allocations. |
HMS – AA&D |
Alumni Affairs & Development |
13 |
Detail List of Gifts |
• Weekly view of new gifts. Site refreshed daily. Highlights important fundraising information. |
HMS – AA&D |
Alumni Affairs & Development |
14 |
Professorship Tracker |
• Term professorships are awarded to tenure-track faculty members to recognize and reward faculty achievements. |
HMS – AA&D |
Alumni Affairs & Development |
15 |
AAD Calendar |
• Central location for department events and travel of staff, faculty, and the dean. |
HMS – AA&D |
Alumni Affairs & Development |
16 |
Student Support System |
• Create case management tool for Student Support Team which allows them to help students that are directed to the office. |
Student Systems |
Student & Student Lifecycle |
17 |
Internal Org chart Applications |
• A quick way to get org chart information – similar to org chart published in HUIT site, but more dynamic and searchable. |
Student Systems |
Student & Student Lifecycle |
18 |
Testing Cadence Upload |
• Supports color coding application for covd-19. • Previously spreadsheets were emailed back and forth. • Users now upload their spreadsheets to the app for reporting. |
HUIT/IAM |
|
19 |
RAD (Athletics Reporting & Data) |
• Reporting and data platform for Athletics, including NCAA compliance data, team rosters, etc. |
Student Systems |
Student & Student Lifecycle |
20 |
Ivy Dashboard |
• These are APEX/BI Publisher dashboards to help customers on the Admission and Financial Aid |
Student Systems |
Student & Student Lifecycle |
21 |
HR Position Management System |
• Provides an electronic form and workflow to create or modify positions similar to Aurora. |
HMS |
Human Resources |
TABLE 3 : APPLICATION EXTENSIONS
# |
Use Case/Application |
Description |
IT Team |
Business Area |
1 |
MARS (Medical Area Representation System) |
• Allows access to PeopleSoft data to administrative users who are not in PS. • All PeopleSoft data viewed and presented differently. |
HMS |
Human Resources |
2 |
People in Space |
• Uses Center Stone data • Center Stone licenses are limited so this allows more administrative staff to work with this data • This application integrates with Blueprint & the helpdesk application • It helps for instance the helpdesk to determine where people are seated when they need to provide services. • The application also provides space utilization information that helps with fed rate negotiations. |
HMS/IT |
TABLE 4: AUTHORIZATION APPLICATIONS
# |
Use Case/Application |
Description |
IT Team |
Business Area |
1 |
Alseta |
• Manages the application authorization for a subset of applications (mostly within FAS). • Provides reports on user roles and permissions. • Contains functionality to clone a user and also copyback permissions from production to a lower environment. |
HUIT/ATS (HR Systems) |
IT Service (for certain areas) |
2 |
IAM Authorization |
• Authorization application is similar to Alseta. • Alseta had gaps like delegated POI administration hence the creation of a new app. • Provides authorization for APEX only applications. |
HUIT/IAM |
IT Service |
3 |
Tokens Online |
• Generates access tokens that provide temporary, secure access to certain pages and captures a user's input. |
HMS – AA&D |
Alumni Affairs & Development |
4 |
Token Management |
• Manages and authenticates tokens and the access they grant. |
HMS – AA&D |
Alumni Affairs & Development |