Event
Summary
To answer questions for a Technology Evaluation Center customer, a large utility
in the northeastern United States, TEC interviewed Michael Daniels of PeopleSoft
on how the PeopleSoft ERP product performs in the areas of client/server architecture
and database management.
Question:
Is PeopleSoft designed as a fault tolerant environment? Exactly how is this
accomplished? Is the failover manual or automatic?
Mr. Daniels: PeopleSoft clients use a "round robin" approach to connect
to application servers. The client has a configuration file that contains a
number of IP address/port combinations that define the locations of the application
servers that the particular client is eligible to connect to. The client picks
a server at random. If the server it picks is unavailable, the client attempts
to connect to a different one. PeopleSoft has found that this random approach
is also effective for load balancing. This method of configuration would also
make the process automatic once the configuration file has been built on the
client.
TEC Analysis: This approach should be effective for both load balancing
and fault tolerance. It is significantly different than the approach taken by
SAP, where a central message server arbitrates connections to application servers.
PeopleSoft's approach eliminates a single point of failure.
Question: What happens if the application server fails in the middle of
a transaction?
Mr. Daniels: PeopleSoft builds the logical unit of work on the client. If
the client connection to the application server times out (the application server
may have failed), the client picks another application server and reapplies
the transaction.
TEC Analysis: This is an effective approach to handling transaction control
on logical units of work. If the transaction is partially complete when the
application server fails, it should be possible to recover from the client side
with little difficulty.
Question:
Our customer was informed that when a client connects to the Application Server
in PeopleSoft's three-tier architecture, a hard-coded "master" password which
has been configured during the installation of the product is passed between
the application server and the back-end database. Could that password be captured
by a network sniffer (a device which captures and analyzes network packets)
and used to compromise the security of the database?
Mr. Daniels: The application server passes the login string to the backend
database using DES encryption. It would not be possible for the database security
to be compromised.
TEC Analysis: DES, an acronym for the Data Encryption Standard, is the name
of the Federal Information Processing Standard (FIPS) 46-1, which describes
the data encryption algorithm (DEA). The DEA is also defined in the ANSI standard
X9.32. Originally developed by IBM and known as Lucifer, the NSA and the National
Bureau of Standards (NBS, now the National Institute of Standards and Technology,
NIST) played a substantial role in the final stages of development. The DEA,
often called DES, has been extensively studied since its publication and is
the best known and widely used symmetric algorithm in the world. It utilizes
a 56-bit encryption key (a 64-bit key minus 8 parity bits). This is a very effective
approach to protecting passwords on a network.
Question:
Is it possible to restore only a portion of the database schema using database
tools?
Mr. Daniels: It is possible, but the DBA must be clear on what they are
doing because the referential integrity is program enforced. It is not possible
to use database referential integrity because database referential integrity
can not enforce business logic.
TEC Analysis: Program enforced referential integrity is necessary for an
ERP product. Database RI devices such as triggers and stored procedures could
never represent the complex business logic represented in applications such
as General Ledger or Payroll. Since the database does not contain all the requisite
information on table relationships, if the DBA is not entirely clear on the
table relationships then PeopleSoft's tools should be used to restore data unless
the entire database is being restored.
Question:
Does PeopleSoft have a relationship with the Object Management Group? Is it
possible for other tools to work with PeopleSoft metadata information?
Mr. Daniels: Since release 7.0, PeopleSoft has been integrated with "Select
SE (System Engineer)", a CASE tool from which customers can do Entity Relationship
Diagrams (ERD's) to reverse engineer the PeopleSoft schema, and also read the
metadata information. In PeopleSoft release 8.0, we will enable XML (Extensible
Markup Language, an almost universally recognized standard) for publishing to
other products. We are also working to integrate with SILVERRUN (a business
process modeling product) and CA/Platinum Erwin (a database modeling product)
in release 8.0.
TEC Analysis: : PeopleSoft is not a member of the Object Management Group,
however, as of release 8.0 they appear to be making the right moves in the area
of metadata sharing and making their schema information accessible to other
vendor's products.
Question:
Some vendor's ERP products contain tables that can not be read by third-party
query products. Does PeopleSoft have this problem?
Mr. Daniels: Any third-party query product can access all of the PeopleSoft
tables.
Question:
Is it possible to add database triggers to the PeopleSoft schema to assist in
custom event-driven actions?
Mr. Daniels: PeopleSoft supports the addition of triggers to the database.
TEC Analysis: If the customer adds database objects, they must keep careful
track of the objects and what they were designed to accomplish. If issues arise
and PeopleSoft technical support needs to be consulted, the support representative
must be aware of what modifications the customer has made to the database. This
information will also be critical at any time the PeopleSoft product is upgraded.
Question:
Is it possible to add indexes to the PeopleSoft schema?
Mr. Daniels: Yes, sometimes it is even advisable for performance reasons.
Question:
How does a customer migrate code from test to production environments?
Mr. Daniels: PeopleSoft provides a transport mechanism with the product
to perform this task. We recommend a three-layer architecture with test, production
test, and production systems to allow for sufficient testing before migration
to production.
TEC Analysis: The ability to "promote" code from test to production test
to production is an important feature. The exact mechanism used by the vendor
should be examined carefully by the customer's programming staff.
Question:
How does a client implement a single sign-on security structure?
Mr. Daniels: PeopleSoft supports single sign-on. The application server
will make a call to whatever third-party single sign-on product the client has
implemented.
TEC Analysis: Single sign-on is the ability for users to log on once to
a network and be able to access all authorized resources within the enterprise.
A single sign-on program accepts the user's name and password and automatically
logs on to all appropriate servers. It is an important feature that the client
should investigate with any ERP vendor being considered. The exact method of
making the call to the SSO product should be discussed in depth.
Question:
What is the maximum number of concurrent production users that has been recorded
by PeopleSoft?
TEC Analysis: Mr. Daniels was unable to answer this question immediately,
but according to benchmarks recorded on their web site, PeopleSoft has been
proven to handle 10,000 concurrent users against a UNIX system.
Question:
How does PeopleSoft handle configuration/change management?
Mr. Daniels: PeopleSoft leaves the changes in the test database, then they
can be moved to the other system with the project relationships kept in place.
SAP extracts ABAP into binary code then puts it in a queue to be manually moved
into the next system. With this method it is impossible to determine the interdependencies
in the queue. We believe PeopleSoft's method is superior.
TEC Analysis: Prospective customers should carefully investigate the method
ERP vendors use to propagate changes between test and production. Relationships
between program modules should be made easy to track and control.
Question:
Another ERP vendor has accused PeopleSoft's client architecture as having high
bandwidth requirements to draw the screens for the graphical user interface.
Do you have any comments on this?
Mr. Daniels: As an example, SAP does all the processing on the application
server, so there is a great deal of packet traffic between the client and the
application server to draw the screen. The packets are smaller, but there are
a greater number of them. PeopleSoft sends "panel groups" all at once, after
that point only data is exchanged. We feel this is a more efficient approach.
In addition, compression can be configured using the BEA transaction monitor
provided with the product.
TEC Analysis: Customers evaluating ERP products should analyze network traffic
in their real-world environment and determine which vendor provides the most
efficient approach given their specific topology.
Question:
Does PeopleSoft support the use of static packages (pre-compiled queries) for
commonly issued queries?
Mr. Daniels: No, PeopleSoft does not support this feature.
TEC Analysis: Pre-compiling a query allows a database management system
to build the access plan (the method for getting at the data) in advance, which
improves efficiency and cost. This would be a useful feature for customers who
need to repeat the same query often (i.e. a weekly query to see how much vacation
time employees have accrued).
User
Recommendations
Customers
should carefully review the features of ERP products that they are considering,
including how the client/server architecture is designed, and how the product
interacts with the back-end database. Often customers are focused on the functionality
of the modules in question and fail to recognize issues regarding two-tier versus
three-tier architecture, security, bandwidth required by the graphical user
interface on the client, and database administration. All of these issues should
be examined in detail with the vendor and the customer's database administrators,
network administrators, and others concerned with the corporate infrastructure.