System Availability. This is a very important topic, that has received a lot of attention, especially in the area of handling system failover, redundancy, and disaster recovery. This is obviously and important topic, but for most organizations, represents the smallest fraction of system outages with their PeopleSoft applications. It is the planned outages where an organization needs to kick people off the system to perform system administration functions that represents the majority of downtime for most PeopleSoft environments, and the one area that we will discuss in more detail in this blog entry.
System Maintenance and Downtime
In a PeopleSoft environment, there are 3 main drivers that drive planned outages:
The real goal of the outage is to ensure that end-users are not accessing parts of the system that are being affected by the processing, maintenance, or upgrade.
It’s just the way it’s done…
Because your PeopleSoft application is architected and managed as a single entity, most organizations need to block access to the whole PeopleSoft application regardless of what pieces they are administering. Quite often this is accomplished by having a web server that services the general population, and a different one that services the people performing the administration. When the system is unavailable to the general population, that web server is simply brought down.
So, how do I reduce Downtime?
Well, you’re never going to be able to eliminate the need to have an outage. You’re probably also not going even have a dramatic impact on the amount of time you need to restrict access for your batch windows, backups, or upgrades without spending a lot of money on hardware or additional resources.
But don’t despair. The way to look at this problem is not at the overall system level, but by breaking it up into the different areas that you wish to manage separately. For example, instead of bringing the whole system down because you are performing maintenance on Purchasing (see the following notification), just block access to the Purchasing entities, while allowing access to other functions, such as expense entry, to occur.
The following page is an example of how an administrator might bring parts of a PeopleSoft application down while leaving the rest up.
There are 3 steps to the process:
Because we recently released our ERP Firewall for PeopleSoft, we quickly recognized that all 3 of these steps are already part of the feature set provided by the product. This means that after a 1-hour installation, our customers can start managing system access in this manner. Instead of describing that here, I’ll simply provide you the link to watch the demonstration for yourself.
If you’re not in the market to purchase an application that automatically accomplishes this and are willing to do a bit of coding yourself, there are other options available to you as well. Probably the best option is to implement generic firewall product on your web server. There are several out there, including open source application firewalls (like ModSecurity.) Because the component name is part of the URL, you can have the firewall see if the page falls under the list to be blocked and whether the user is an administrator and allow or deny the request based on that.
Finally, because users need to be able to plan around these outages (especially when the whole system is brought down for any type of maintenance), it’s also important to be able to notify users ahead of time. Although email is the most common method used today, email just doesn’t cut it most of the time (especially with all the spam people are receiving nowadays). We’re seeing a lot of folks using social networking tools, such as blogging and twitter to do this. Here are a couple of items that we recently found:
Both of these techniques allow people to set up an RSS feed to tell them when there’s something new to look at (which may work well if your users are RSS feed savvy). Two other techniques are to update the portal home page and/or the PeopleSoft signon page to display a message.
One technique we’ve added as a feature to our ERP Firewall is to display a notification inside the PeopleSoft application upon access to PeopleSoft. This provides the information in the context that a user would use it, and also makes it harder for users to ignore it because they have to look at it before they can move to the next step. Again, when you have a product that knows how use rules to manage the display of PeopleSoft pages, this feature became very easy for us to add.
Labels: Firewall, Products, Security