PeopleSoft on Client/Server and Database Issues

  • Written By: M. Reed
  • Published On: November 1 1999



Event Summary

To answer questions for a Technology Evaluation Center customer, a large utility in the northeastern United States, TEC interviewed Michael Daniels of PeopleSoft on how the PeopleSoft ERP product performs in the areas of client/server architecture and database management.

Question: Is PeopleSoft designed as a fault tolerant environment? Exactly how is this accomplished? Is the failover manual or automatic?
Mr. Daniels:
PeopleSoft clients use a "round robin" approach to connect to application servers. The client has a configuration file that contains a number of IP address/port combinations that define the locations of the application servers that the particular client is eligible to connect to. The client picks a server at random. If the server it picks is unavailable, the client attempts to connect to a different one. PeopleSoft has found that this random approach is also effective for load balancing. This method of configuration would also make the process automatic once the configuration file has been built on the client.
TEC Analysis:
This approach should be effective for both load balancing and fault tolerance. It is significantly different than the approach taken by SAP, where a central message server arbitrates connections to application servers. PeopleSoft's approach eliminates a single point of failure.

Question: What happens if the application server fails in the middle of a transaction?
Mr. Daniels:
PeopleSoft builds the logical unit of work on the client. If the client connection to the application server times out (the application server may have failed), the client picks another application server and reapplies the transaction.
TEC Analysis:
This is an effective approach to handling transaction control on logical units of work. If the transaction is partially complete when the application server fails, it should be possible to recover from the client side with little difficulty.

Question: Our customer was informed that when a client connects to the Application Server in PeopleSoft's three-tier architecture, a hard-coded "master" password which has been configured during the installation of the product is passed between the application server and the back-end database. Could that password be captured by a network sniffer (a device which captures and analyzes network packets) and used to compromise the security of the database?
Mr. Daniels:
The application server passes the login string to the backend database using DES encryption. It would not be possible for the database security to be compromised.
TEC Analysis:
DES, an acronym for the Data Encryption Standard, is the name of the Federal Information Processing Standard (FIPS) 46-1, which describes the data encryption algorithm (DEA). The DEA is also defined in the ANSI standard X9.32. Originally developed by IBM and known as Lucifer, the NSA and the National Bureau of Standards (NBS, now the National Institute of Standards and Technology, NIST) played a substantial role in the final stages of development. The DEA, often called DES, has been extensively studied since its publication and is the best known and widely used symmetric algorithm in the world. It utilizes a 56-bit encryption key (a 64-bit key minus 8 parity bits). This is a very effective approach to protecting passwords on a network.

Question: Is it possible to restore only a portion of the database schema using database tools?
Mr. Daniels:
It is possible, but the DBA must be clear on what they are doing because the referential integrity is program enforced. It is not possible to use database referential integrity because database referential integrity can not enforce business logic.
TEC Analysis:
Program enforced referential integrity is necessary for an ERP product. Database RI devices such as triggers and stored procedures could never represent the complex business logic represented in applications such as General Ledger or Payroll. Since the database does not contain all the requisite information on table relationships, if the DBA is not entirely clear on the table relationships then PeopleSoft's tools should be used to restore data unless the entire database is being restored.

Question: Does PeopleSoft have a relationship with the Object Management Group? Is it possible for other tools to work with PeopleSoft metadata information?
Mr. Daniels:
Since release 7.0, PeopleSoft has been integrated with "Select SE (System Engineer)", a CASE tool from which customers can do Entity Relationship Diagrams (ERD's) to reverse engineer the PeopleSoft schema, and also read the metadata information. In PeopleSoft release 8.0, we will enable XML (Extensible Markup Language, an almost universally recognized standard) for publishing to other products. We are also working to integrate with SILVERRUN (a business process modeling product) and CA/Platinum Erwin (a database modeling product) in release 8.0.
TEC Analysis:
: PeopleSoft is not a member of the Object Management Group, however, as of release 8.0 they appear to be making the right moves in the area of metadata sharing and making their schema information accessible to other vendor's products.

Question: Some vendor's ERP products contain tables that can not be read by third-party query products. Does PeopleSoft have this problem?
Mr. Daniels:
Any third-party query product can access all of the PeopleSoft tables.

Question: Is it possible to add database triggers to the PeopleSoft schema to assist in custom event-driven actions?
Mr. Daniels:
PeopleSoft supports the addition of triggers to the database.
TEC Analysis:
If the customer adds database objects, they must keep careful track of the objects and what they were designed to accomplish. If issues arise and PeopleSoft technical support needs to be consulted, the support representative must be aware of what modifications the customer has made to the database. This information will also be critical at any time the PeopleSoft product is upgraded.

Question: Is it possible to add indexes to the PeopleSoft schema?
Mr. Daniels:
Yes, sometimes it is even advisable for performance reasons.

Question: How does a customer migrate code from test to production environments?
Mr. Daniels:
PeopleSoft provides a transport mechanism with the product to perform this task. We recommend a three-layer architecture with test, production test, and production systems to allow for sufficient testing before migration to production.
TEC Analysis:
The ability to "promote" code from test to production test to production is an important feature. The exact mechanism used by the vendor should be examined carefully by the customer's programming staff.

Question: How does a client implement a single sign-on security structure?
Mr. Daniels:
PeopleSoft supports single sign-on. The application server will make a call to whatever third-party single sign-on product the client has implemented.
TEC Analysis:
Single sign-on is the ability for users to log on once to a network and be able to access all authorized resources within the enterprise. A single sign-on program accepts the user's name and password and automatically logs on to all appropriate servers. It is an important feature that the client should investigate with any ERP vendor being considered. The exact method of making the call to the SSO product should be discussed in depth.

Question: What is the maximum number of concurrent production users that has been recorded by PeopleSoft?
TEC Analysis:
Mr. Daniels was unable to answer this question immediately, but according to benchmarks recorded on their web site, PeopleSoft has been proven to handle 10,000 concurrent users against a UNIX system.

Question: How does PeopleSoft handle configuration/change management?
Mr. Daniels:
PeopleSoft leaves the changes in the test database, then they can be moved to the other system with the project relationships kept in place. SAP extracts ABAP into binary code then puts it in a queue to be manually moved into the next system. With this method it is impossible to determine the interdependencies in the queue. We believe PeopleSoft's method is superior.
TEC Analysis:
Prospective customers should carefully investigate the method ERP vendors use to propagate changes between test and production. Relationships between program modules should be made easy to track and control.

Question: Another ERP vendor has accused PeopleSoft's client architecture as having high bandwidth requirements to draw the screens for the graphical user interface. Do you have any comments on this?
Mr. Daniels:
As an example, SAP does all the processing on the application server, so there is a great deal of packet traffic between the client and the application server to draw the screen. The packets are smaller, but there are a greater number of them. PeopleSoft sends "panel groups" all at once, after that point only data is exchanged. We feel this is a more efficient approach. In addition, compression can be configured using the BEA transaction monitor provided with the product.
TEC Analysis:
Customers evaluating ERP products should analyze network traffic in their real-world environment and determine which vendor provides the most efficient approach given their specific topology.

Question: Does PeopleSoft support the use of static packages (pre-compiled queries) for commonly issued queries?
Mr. Daniels:
No, PeopleSoft does not support this feature.
TEC Analysis:
Pre-compiling a query allows a database management system to build the access plan (the method for getting at the data) in advance, which improves efficiency and cost. This would be a useful feature for customers who need to repeat the same query often (i.e. a weekly query to see how much vacation time employees have accrued).

User Recommendations

Customers should carefully review the features of ERP products that they are considering, including how the client/server architecture is designed, and how the product interacts with the back-end database. Often customers are focused on the functionality of the modules in question and fail to recognize issues regarding two-tier versus three-tier architecture, security, bandwidth required by the graphical user interface on the client, and database administration. All of these issues should be examined in detail with the vendor and the customer's database administrators, network administrators, and others concerned with the corporate infrastructure.

 
comments powered by Disqus