Oracle Database + APEX + Python Really Is Awesome! #JoelKallmanDay

Ben NormanBen Norman
11 min read

Table of contents

Introduction

#JoelKallmanDay is a special day for sharing with the community about all things Oracle. Over 5 years ago, Joel Kallman himself announced the exciting release of the Oracle Database Multilingual Engine (MLE) and how it can be used with Python in Oracle Application Express (APEX).

https://blogs.oracle.com/apex/post/oracle-database-apex-javascriptpython-awesome

This announcement was an early indicator of the power and potential for using Python in APEX. Since then, many approaches of using Python in APEX have been developed. Some of these aspects have been touched on in various levels of detail, like this article:

https://medium.com/@techtutorsti/oracle-apex-and-python-554dcb7cf9d6

However, to our knowledge, we have not seen a comprehensive guide and set of tutorials detailing each approach to integrating Python with APEX. Thus, on #JoelKallmanDay 2024, the development team at Shield Reply are excited to announce the beginning of a new blog series dedicated to detailing each approach for using Python with APEX. Our blogs will offer a far more comprehensive guide to each approach, including its strengths, suitability, security, scalability and technical implementation.

This blog provides an overview of each approach and their respective attributes, helping you to determine which solution suits your needs. In the future, the 'Which Approach Should I Choose?' section will include links to our guides on each approach.

Why APEX and Python?

Having all these approaches is all well and good, but you may be asking – why Python and APEX?

APEX is a low-code development platform that enables users to build scalable, secure web applications with minimal coding effort, leveraging the power of Oracle databases. Its strength lies in its ability to integrate seamlessly with various technologies, including Python, allowing developers to extend APEX's functionality for advanced data processing, machine learning, and API interactions.

Why Python? Python is one of the most versatile and widely used programming languages, especially in data science and ML. Known for its simplicity, readability, and extensive ecosystem of libraries like TensorFlow, scikit-learn, and pandas, Python enables developers to build complex models with relative ease.

By connecting Python to APEX, organizations can leverage Python’s flexibility and extensive libraries while maintaining the robustness, security, and scalability of Oracle's ecosystem.

The Options

Simple, right? Well... not quite! We’ve identified six different approaches for running Python code from an APEX application:

  1. in OCI Data Science, with code stored in OCI Data Science projects and run using either

    • Jobs

    • Model deployments

  2. in the client browser, with code stored in the APEX app and run using PyScript

  3. in an Oracle database server-side, with code stored in the database and run using Multilingual Engine (MLE)

  4. in an Oracle database server-side, with code stored in the database and run using Oracle Machine Learning (OML) for Python (OML4Py)

  5. in serverless containers, with code stored in the containers and run using OCI Functions

  6. in a third-party server, with code stored in the server and run using a Python based API server such as FastAPI or Flask.

Which Approach to Choose?

Six approaches are daunting, so here we’ll outline their strengths, security, scalability and why it might be suitable for your APEX project. As we write a blog post on each approach, links to these will be updated in this section.

Approach 1A: OCI Data Science - Jobs

Advantages

  • Batch processing: OCI Data Science Jobs are ideal for running long-running or resource-intensive Python scripts, such as data processing or model training, without worrying about infrastructure management.

  • Managed service: The infrastructure is fully managed by OCI, which means you don’t need to worry about scaling, resource allocation, or environment setup. This allows developers to focus purely on writing and executing their Python code.

  • Scheduled or automated execution: Jobs can be scheduled to run at specific intervals or triggered via APIs, making them ideal for recurring tasks like Extract, Transform, Load (ETL) processes, report generation, or periodic model training.

Security

  • OCI Data Science offers strong integration with OCI Identity and Access Management (IAM), enabling secure role-based access control (RBAC) and fine-grained permissions.

  • Code execution in a secure, isolated environment with secure storage (OCI Object Storage, Data Science projects).

  • Jobs can be scheduled or triggered in a controlled manner, allowing for restricted access to critical environments.

  • Audit logging available for tracking usage and changes.

Scalable & Enterprise-Grade?

  • Enterprise Grade: Yes. This is well-suited for enterprise-grade applications due to built-in OCI security, scalability, and support.

  • Scalability: Yes. Highly scalable with OCI’s compute and storage capabilities, suitable for large datasets, parallel processing, and distributed workloads. Resource allocation (CPU, GPU) can be tailored to the job requirements.

Suitability

This approach is best for data scientists or teams handling large-scale data processing or model training. Ideal for batch processing, model training, or other complex tasks that need dedicated resources and frequent execution.

Approach 1B: OCI Data Science - Model Deployments

Advantages

  • Real-time inference: Model deployments allow Python-based machine learning models to be served as REST APIs, enabling real-time predictions directly from APEX applications.

  • Managed service: Like Jobs, OCI handles scaling, infrastructure, and monitoring, ensuring the deployed models are highly available and secure. This allows data scientists to focus on refining models without worrying about operational concerns.

  • Automated API integration: Once deployed, the models can be consumed as APIs, enabling seamless integration with APEX and other applications for real-time predictions or analytics.

Security

  • Similar security to Jobs with IAM-based access control.

  • Secure endpoints for deployed models are integrated with VCNs (Virtual Cloud Networks) and can be configured with SSL/TLS encryption for secure communications.

  • Integration with OCI WAF (Web Application Firewall) for added protection from cyber threats.

Scalable & Enterprise-Grade?

  • Enterprise Grade: Yes. Supports continuous integration/continuous delivery (CI/CD) pipelines and MLOps, making it a highly enterprise-focused option.

  • Scalability: Yes. Designed to support real-time, low-latency model inference at scale. Model deployments can be load-balanced and horizontally scaled.

Suitability

This approach is suitable for applications that require real-time predictions or analytics using ML models. Suitable for businesses that need to integrate advanced ML capabilities into their applications with minimal operational overhead.

Approach 2: PyScript

Advantages

  • Client-side execution: Running Python directly in the browser means no need for server-side integration. The code runs locally, which can reduce latency for certain tasks like UI interactions.

  • Simplified setup: Since the code is embedded in the APEX application, it doesn’t require access to an external environment or cloud services. It’s straightforward for developers who are familiar with frontend development.

  • Interactive Applications: This is ideal for building small, interactive applications where quick, real-time Python execution is needed, such as simple data visualizations or lightweight computations.

Security

  • Runs entirely on the client side, so security risks include exposure to cross-site scripting (XSS), manipulation, and code tampering.

  • Limited control over execution environments. User devices may have varying levels of security (antivirus, firewall, etc.).

  • No built-in server-side protection or data validation, so it requires additional security mechanisms (like content security policies and secure data storage).

Scalable & Enterprise-Grade?

  • Enterprise Grade: No. Running code in the browser has significant limitations in terms of security, maintainability, and control, making it unsuitable for critical enterprise applications.

  • Scalability: No. Not scalable for enterprise-grade workloads. PyScript is better suited for small-scale or individual computations.

Suitability

Our ‘quick and dirty’ approach, using PyScript is best for quick demos or simple applications that don’t require heavy processing or complex integration. Suitable for those looking for a lightweight Python execution method without complex backend steps.

Approach 3: MLE

Advantages

  • Seamless database integration: MLE allows you to run Python code directly within Oracle Database, making it easy to access and manipulate data stored in the database without needing external API calls.

  • Performance: Because the code runs inside the database engine, it reduces the latency of moving data back and forth between the application and an external Python environment.

  • Security and governance: Running code within Oracle’s infrastructure means benefiting from Oracle’s enterprise-grade security and data governance features.

Security

  • The code runs within the Oracle database, benefiting from Oracle’s database-level security features such as encryption, RBAC, and auditing.

  • MLE is executed inside a secure, sandboxed environment within the database. This restricts access to sensitive resources, making it relatively safe.

  • However, improper use of the database permissions or granting over-privileged roles may increase the attack surface.

Scalable & Enterprise-Grade?

  • Enterprise Grade: Yes. MLE provides deep integration into Oracle databases, making it a good choice for enterprises that already rely on Oracle’s ecosystem.

  • Scalability: Scalable for database-centric workloads. Performance depends on database resources (CPU, memory) and careful optimization of in-database execution.

Suitability

This solution allows Python to closely interact with Oracle Database, such as performing advanced analytics or processing large datasets stored within the database. Using MLE is therefore ideal for data-heavy applications and suitable for organisations prioritising performance and security.

Approach 4: OML

Advantages

  • Native machine learning capabilities: OML4Py allows developers to leverage Oracle's powerful ML algorithms within Python scripts directly in the Oracle Database, simplifying the process of model training, scoring, and inference.

  • Data proximity: Since the data stays in the database, there’s no need to move large datasets to an external environment for processing. This reduces latency and improves performance.

  • Enterprise readiness: Built specifically for enterprise-level machine learning workloads, OML4Py provides extensive capabilities for handling large-scale data and complex analytics.

Security

  • Runs within Oracle Database, benefiting from the robust security features (e.g., encryption, RBAC, data masking).

  • Access to Python functions is governed by database permissions, reducing the risk of unauthorized execution.

  • Since code runs inside the database, it limits exposure to external attacks, though internal threats (insider attacks) must still be monitored.

Scalable & Enterprise-Grade?

  • Enterprise Grade: Yes. OML4Py provides high integration with Oracle databases and supports enterprise-level machine learning workloads.

  • Scalability: Excellent scalability for data science workloads within the database. However, this is more suitable for in-database analytics and machine learning, not general-purpose Python code execution.

Suitability

Using OML is best for large enterprises or advanced data science teams who need to perform ML directly on data within the Oracle Database. It’s suitable for mission-critical applications where performance and security are paramount.

Approach 5: OCI Functions

Advantages

  • Serverless architecture: OCI Functions allow you to run Python code without managing infrastructure. You only pay for the compute resources when the function is invoked, which can be cost-effective for sporadic workloads.

  • Scalability: OCI Functions scale automatically with demand, making this approach well-suited for handling unpredictable traffic or workloads.

  • Flexible execution: Since the code is stored in serverless containers, it can run Python tasks asynchronously, which is ideal for long-running or batch tasks.

Security

  • OCI Functions (serverless) run within secure, isolated containers, benefiting from OCI’s security services (IAM, VCNs, encryption).

  • Fine-grained IAM roles can limit which functions can be invoked by which users or services.

  • Functions are ephemeral, meaning that each invocation runs in a fresh, short-lived environment, reducing the surface area for persistent attacks.

  • OCI provides audit logging and monitoring, making it easier to detect and respond to potential threats.

Scalable & Enterprise-Grade?

  • Enterprise Grade: Yes. Serverless functions are highly suitable for enterprise workloads due to their elasticity, cost-efficiency, and strong security model.

  • Scalability: Very scalable. OCI Functions automatically scale based on the load, supporting millions of concurrent invocations as needed.

Suitability

OCI Functions are great for developers building scalable, event-driven applications, where Python code needs to be executed in response to specific events or triggers (such as processing a file upload or triggering a data pipeline). It’s an excellent option for dynamic, cloud-native applications with variable workloads.

Approach 6: Python API Server

Advantages

  • Full Control & Flexibility: You have complete control over the infrastructure, environment, and application architecture, allowing for custom optimizations and integrations.

  • Rich Ecosystem & Extensibility: Both frameworks support a wide range of libraries and services, enabling seamless integration with databases, authentication systems, and third-party tools.

  • Performance & Scalability: FastAPI offers excellent performance for real-time, asynchronous applications, and both frameworks can be scaled through containerization or cloud services.

Security

  • Security heavily depends on the configuration of the third-party server and the API implementation. Using HTTPS, authentication mechanisms (JWT, OAuth), and proper API throttling are necessary to avoid security vulnerabilities.

  • Exposure to common API vulnerabilities such as SQL injection, DDoS attacks, and XSS. Requires thorough input validation and endpoint protection (e.g., rate limiting).

  • Server hardening and monitoring are crucial to reduce risks.

Scalable & Enterprise-Grade?

  • Enterprise Grade: Potentially, but requires proper configuration, security management, and monitoring. FastAPI or Flask alone doesn’t provide out-of-the-box enterprise features (like CI/CD pipelines, logging, or monitoring).

  • Scalability: While scalable, third-party servers require additional load balancing, containerization (e.g., Docker, Kubernetes), and orchestration to achieve high scalability. Without these, scaling can become complex and less reliable than cloud-native solutions.

Suitability

It’s suitable for small to medium-sized applications that require specific integrations or performance optimizations, but it requires managing security and scalability manually, which may not be ideal for all enterprise scenarios.

Conclusion

Thanks for reading, we hope this blog has you feeling as excited about the potential of using Python in APEX as we feel about it! To hear first about our new blogs in this series, please follow us on LinkedIn using the link below to stay updated! We’re touching up the guide to “Approach 1A: OCI Data Science – Jobs” and will be posting soon, so watch this space!

About Shield Reply

Shield Reply specialise in driving technology-led transformational change for our Defence, Intelligence and Security customers through the design and delivery of cloud-based services and solutions that help protect our collective futures. Our strength is our ability to merge security-cleared expertise, cutting-edge digital capabilities, and complex data to provide new solutions that empower our clients in making informed decisions.

0
Subscribe to my newsletter

Read articles from Ben Norman directly inside your inbox. Subscribe to the newsletter, and don't miss out.

OracleOracle DatabaseOracle CloudOraclecloudinfrastructurePythonOCIorclapexoracleapexMachine Learning

Written by

Ben Norman
Ben Norman

Ben is a developer at Shield Reply and a certified Oracle APEX professional with a strong passion for Oracle technologies, recently undertaking projects focused on APEX and OCI Data Science and Functions. A recent graduate from the University of Edinburgh, Ben earned a first-class BSc degree in Computer Science and won an award for his dissertation, which focused on developing technology to help children with autism manage anxiety. A keen learner, he continually seeks to expand his knowledge of new technologies and programming languages.