Thursday, September 19, 2024

Oracle AutoML: AI Model Building Made Easy with No Code

 Artificial Intelligence (AI) and Machine Learning (ML) are no longer reserved for data scientists and tech experts. Thanks to Oracle AutoML, you can build powerful machine learning models without any deep knowledge of AI or coding. Whether you're a business professional or a developer, Oracle AutoML makes the model-building process effortless, allowing you to harness the power of AI within minutes.

What is Oracle AutoML?

Oracle AutoML is a no-code machine learning solution offered as part of Oracle Machine Learning (OML) on Oracle Autonomous Database. It simplifies the end-to-end ML workflow by automating the most complex steps, such as feature engineering, algorithm selection, and hyperparameter tuning. With Oracle AutoML, even users without prior knowledge of machine learning can build, train, and deploy highly accurate models.

In this post, I'll show you how to easily set up the AutoML service on Oracle Autonomous Database using the Always Free tier:

1- Access OCI console (if you don't have an account, you can create a free account from https://www.oracle.com/cloud/free).

2- From the main menu select "Oracle Database" then "Autonomous Database"



3- Select Compartment then press on "Create Autonomous Database" button

4- Enter "Display Name", "Database name", select Data Warehouse, deployment type Serverless, select Always Free and database version as shown


5- Enter Database Admin password then press "Create Autonomous Database" button

6- You will need to create database user where the user will be used to access and deal with Oracle Machine Learning. So wait until the database status to be Available then select database and from Database actions select Database Users. 

7- Press "Create User"




8- Enter username, password and select OML and Web Access then press "Create User" button

9- We will use this user to access the Machine Learning console. But now let us create table in the database with the data which we will need to build the model. Back to Autonomous Database and select "Database actions" then SQL


10- Log out from SQL editor and login with the new created user which we created in step 8 then press Data Load.





11- In this example, we want to predict the "AccountId" from the GL Accounts table (F0911). So, I will export the GL Accounts table to a CSV file. If you're using the Always Free tier, you should reduce the number of records because the free tier has limited resources, and training with too much data can take a long time. In this example, I will train the model with about 1,500 rows. Once you've refined the CSV file, upload it and click "Upload."



12- Now, the table we want to use to create the machine learning model is ready in the database. 








13- Let's access Machine Learning console to build the model. Back to Autonomous Database and select Tool configurations then select "Copy" URL for Oracle Machine Learning user interface



14- Open Oracle Machine Learning user Interface and enter database user credentials 



15- Select AutoML




16- From AutoML Experiments press "Create"




17- Enter name, comment and select Data Source. Select OML_USER and select our table





 18- From Predict, select the target column which you would like to predict (in this example I will choose ACCOUNT_ID). From the Prediction type select "Classification". If the table has a unique primary key, you can select it in Case ID







19- You can leave everything else as default, and AutoML will test different algorithms and score each one. It will also identify the most important columns for predicting the target (Feature Columns). AutoML will fine-tune the models and provide the best score for each. 
In the additional settings, you can define how many top models with the highest scores should be displayed after AutoML finishes (the default is 5 models). You can also set the maximum running time. The model metric is set to "Balanced Accuracy" by default, but you can change it based on how you want to evaluate the model. In the algorithm section, you'll see all available algorithms for classification models, and you can choose specific ones for AutoML to train with. If you select all (which is the default), AutoML will take a bit more time to train the data and check accuracy.




20- Press "Start," and you'll have the option to choose between "Faster Results" or "Better Accuracy." (Choosing "Better Accuracy" will take more time to build the models.) I'll select "Faster Results" and wait until the models are ready. The time it takes to build the models will depend on the number of algorithms, feature columns, and rows. 





21- Once it finishes, it will display the top 5 models, sorted by score from highest to lowest. At the bottom, you'll find the feature columns used to predict the target column, along with the importance of each feature column.



22- Select the model with the highest accuracy and click "Deploy."



23- Enter the deployment name, the URI (which will appear in the REST API URL), the version, and select the "Shared" option if you want other users to access it, then click "OK."






24- After model is deployed, from main menu select "Models"




25 - Select the Deployments tab and you will see the deployed model




26 - To get model REST API URL press URI



27- From the opened popup we will get API URL and payload input data.

28- Oracle Machine Learning Services REST APIs use tokens to authenticate an Oracle Machine Learning Services user. To get token you will need the following:
     - URL: <oml-cloud-service-location-url>/omlusers/api/oauth2/v1/token
     The oml cloud URL will be the URL of the OML (highlighted red)


- Database User: (in our example: OML_USER)
- Database user password
- Open Postman and call it as shown



29- Now we are ready to involve our model Rest and reive the predicted account. The URL of the model will be 
<oml-cloud-service-location-url>/omlmod/v1/deployment/<score_path>

You can get the score path from model URI 





The input to the model will be array of inputRecords and to get record name and type, press on the deployed model name as shown



So the input payload will be like

{
    "inputRecords":[
    {
      "ADDRESS_NUMBER": 3480,
      "AMOUNT": 520,
      "BUSINESS_UNIT": 5300,
      "CO": 50,
      "CURRENCY": "USD",
      "EXPLANATION_ALPHA_NAME": "Digger Incorporated"
    }
  ]
}

30- Let us open Postman and invoke model score. In Authorization select Bearer Token and set token





Then set input JSON payload as shown


be sure you send a payload with the correct data type, so if the type is numeric and you send it as a String you will get an error. For example if I sent Amount as String I will get an error as shown



31- As this is a Classification model, the response will be all possible values with probabilities for each value. The response will not be sorted by you can sort the response using a programming language like JS:


const response = { /* your API response */ }; 
const sortedClassifications = response.classifications.sort((a, b) => b.probability - a.probability); console.log(sortedClassifications);


Then you can take the highest probability value.






Tuesday, April 9, 2024

Enhance Oracle Integration API Security Using Oracle API Gateway

In today's interconnected digital landscape, businesses are increasingly relying on seamless integrations to streamline operations and enhance productivity. Oracle Integration APIs serve as crucial conduits for exchanging data and functionalities between diverse applications, systems, and services. However, ensuring the security of these integrations is paramount to safeguard sensitive information, maintain regulatory compliance, and mitigate potential threats.

Oracle API Gateway emerges as a robust solution for fortifying Oracle Integrations by providing comprehensive security features and capabilities. In this blog post, we'll delve into the significance of securing Oracle Integrations and explore how Oracle API Gateway empowers organizations to achieve heightened levels of protection.

  • Let's start with simple integration

The integration will receive "name" as a parameter and return "Hello, name"



From Postman let us call the integration

We will use Basic Auth to call the integration




Any user who has access to the OIC instance will be able to invoke the integration. So, if you make an integration, everyone who can use OIC can get to it. That's where the API gateway comes in to make sure it's safe.

To set up the API Gateway, you need to start by creating a Virtual Cloud Network (VCN), which is where the API Gateway operates. Using this network adds an extra layer of security because you can decide which IP addresses are allowed to access the network and block any unwanted ones.

  • Provision Virtual Cloud Network (VCN)

From OCI console --> Networking --> Virtual cloud networks




Start VCN Wizard and create VCN with internet connectivity. After creating VCN, you will find the VCN is created with Subnets, Gateways, security lists and Route tables




Open the default Security List and add the Ingress Rule as shown


This means VCN will accept any request from any source (0.0.0.0/0) and can access port 443 which is the OIC integrations port.

Open Network Security Group and create one like this:







  • Provision API Gateway


Create a new instance and set the following:
Type: Public
Compartment: select the compartment where VCN is created
Network: select VCN, then select public sub-net then tick on the Enable Network security groups and select network security groups




From Gateway, select Deployment and create a deployment


From API request policies you can add policies on the API like you can limiting the number of requests per second either total requests or the limitation will be per client IP




You can add usage plans where you force the client to add API token to the header of the request.

From Usage plans press "Add" and in the Token location add the following "request.headers[X-Client-Token]"
This means request should have X-Client-Token in the header





In the Authentication you have multiple options, let us go with No Authentication and this means the only users has access to the VCN network will have access to this deployment





In Route 1 enter the path of the Route, Method and select HTTP then enter the OIC integration URL






You can add up to 50 routes per deployment (this number can be changed in the future)

You can find the deployment URL from







Create Usage plans and Subscribers
Once you create the deployments, you can create a Usage Plan for each deployment (or for multiple Deployments) then define a subscriber for the usage plan.


From API Gateway select Usage plans and press Create usage plan







Enter Name and select Compartment then select Entitlements.

Create entitlement and associate the deployment(s) to this Usage plan




Back to API Gateway and select Subscribers and create new subscriber



In the Client enter Name "A" and enter Client token where the token should be sent in the request header. Then add Usage Plans







Let's try to call the integration through API Gateway

From API Gateway Deployment copy URL then add the route path

Use the basic authentication and try to invoke the integration




You will find it is Forbidden because we need to add the token in the request header "X-Client-Token"



Once we add token in the header, we are able to invoke the API



  • Force using API Gateway through API Gateway
Now the integration can be invoked through API Gateway but at the same time the user still be able to invoke integration directly without API Gateway. To force the OIC integrations to be invoked only through API Gateway

From OCI àDeveloper Services àIntegration àIntegration Instance àNetwork Access


Enable Restrict Network Access --> then either select Virtual Cloud Network and select API Gateway VCN or select IP and enter API Gateway IP (you can find it in the API Gateway instance). Then restart OIC instance.







Conclusion

Securing Oracle Integrations is essential to safeguard sensitive data, ensure regulatory compliance, and protect against evolving cybersecurity threats. Oracle API Gateway offers a comprehensive suite of security features and capabilities to fortify Oracle Integrations effectively. By adopting best practices and leveraging Oracle API Gateway's robust security controls, organizations can enhance the resilience and integrity of their integrations in an increasingly interconnected digital ecosystem.