Oct 04

The current big thing: Database as a Service – DBaaS

In another field of cloud, Oracle has done something big this time, as it reinvent its core product, the database. Its my personal belief, if any organization stick to its core product (along with the new area of developments/products), its not easy for competitors to cross that organization all along. “Stick to the basics” is the key.

I was going through the new offering from Oracle and collected some good facts, which I am sharing here.

As far as any product company understands the need of the time (and IBM is doing a great work in this area), they keep enhancing their core products which add the business value to the customers. Need of the time is, solving, managing and handling big data, making solutions which are not complex to the customers, availability, scalability and under budget. As organizations evolve their products, business models, and processes to keep pace with today’s dynamic global marketplace, a powerful new database offering DBaaS, that’s optimized for cloud computing and Big Data, helping organizations to cut costs through consolidation and simplified management. Oracle Database 12c features (backtracked to 11.2.0.4 too) a new architecture that allows customers to consolidate many databases into a single multitenant container database in the cloud that’s more scalable than traditional databases. And datacentre? No, this will soon be a past word, the way things are going. That is why, its named as database as a service. In layman terms, the database storage and memory is not any more located “on premises”.

Few features which I would like to pin down:

— Simplified provisioning, cloning, and resource prioritization without having to make changes to applications
— Enables businesses to deploy new databases quickly, securely, and cheaply
— Using Oracle Database 12c, cloning of an existing database can be done in minutes
— Automation enables centralized management of all databases

If you would like to try this DBaaS (and I am sure DBA’s would surely like to try this), you can do it without cost. Steps below:

— Open http://apex.oracle.com
— register for a free account
— create an instance, a database schema
— store upto 10 MB or 25 MB of data for free (after 25 MB, things will come with a cost)

Below are the main things to remember for customers, as what I got from Oracle site:

— The maximum possible storage equals 2 TB (2048 GB) for the DB creation process
— After creation, customer can add more storage – up to 4.6 TB with local backups or up to 12TB without local backup
— Without local backups means backups will be send to the Storage Cloud Container
— Customer has the choice to choose between the database versions 11gR2 (11.2.0.4) or 12cR1 (12.1.0.2) (but 11gR2 is available as Standard edition only)

Two service levels are available:

The Oracle Database Cloud Service – Virtual Image level includes Oracle Database and supporting software. You have to install this software yourself, and you are responsible for all maintenance operations for this software. You have root privilege, so you can load and run software in the compute environment. You have full administrative privileges for the Oracle database.

The Oracle Database Cloud Service level also includes Oracle Database and supporting software. However, the software is installed for you, an Oracle database is created using values you provide when creating the database deployment, and the database is started. Additionally, you can direct Database as a Service to set up automatic backups. Finally, the deployment includes cloud tooling that simplifies backup, recovery, patching and upgrade operations. You have root privilege, so you can load and run software in the compute environment. You have full administrative privileges for the Oracle database. You are responsible for making any changes to the automated maintenance setup, and you are responsible for recovery operations in the event of a failure.

You can watch a video regarding “Top 12 Features of Oracle Database 12c” at below link:

Permanent link to this article: http://alokbhardwaj.com/oracle-peoplesoft/2016/10/04/the-current-big-thingdatabase-as-a-service-dbaas/

Dec 22

PeopleTools 8.55 and PSADMIN

As per Oracle, there will be no more Release Value Proposition (RVP) documents, going forward (starting from PeopleTools 8.55), there is “Planned Features and Enhancements” document which replaced RVP. From that document, I have tried to understand and gather as much as information I can and putting it below. I have not downloaded and installed this release, however based on PT 8.54 experience, I can connect with the new features delivered with PT 8.55.

I have been through with PT 8.55 “Planned Features and Enhancements” document thoroughly and I have taken abstracts from there to complete this post.

Few main inclusions/enhancements are:

  1. User experience: fluid interface, PeopleSoft search (SES)
  2. Development tools: Application Designer (auto-completion), log analyzer, mobile application enhancements
  3. Infrastructure: Linux 7
  4. Reporting and analytic tools: simplified analytic and enhancement of pivot grid
  5. Lifecycle management tools: application dataset performance improved, search for bug in PUM improved, test framework improved

Few main exclusions are:

  1. Does not support Crystal Reports
  2. Does not support the Sybase and Informix database platforms
  3. Windows 2008 is out

PeopleTools 8.55 for PeopleSoft admin

 

A. PeopleSoft Cloud Architecture

Oracle is offering a new feature “PeopleSoft Deployment Packages (DPKs)” to install and configure your PeopleSoft environment. This is an enhanced utility by which we can do the installation and configuration of PeopleSoft environment, rather than using standard VCD installation. DPKs allow fast deployment of a PeopleSoft environment on any hardware platform—physical/virtual.

However, this utility is currently available for the customers who are having Linux and Microsoft Windows operating systems and on Oracle database platforms. For customers which are using other database platforms, Oracle will deliver the same on a later stage. Plus, they will not deliver this utility for any other Operating systems other than Linux and Microsoft Windows (not even later). (See Appendix section 2 below to know more about DPKs)

B. Server Administration and Data Management

B.1 Push Notification

In PeopleTools 8.54, Oracle introduced “Push Notification” feature, where they gave ability to the end user to subscribe for real time notification for the server events, for which user subscribed. In PT 8.55, they extented this ability for iOS and Android devices, where end users may subscribe to events and have notifications directed to their Android or iOS mobile devices.

B.2 Log Correlation

Prior to PeopleTools 8.55, for debugging issues that span both the application and web servers, log files were correlated based on the common field – timestamp. Additionally, the timestamp could vary between servers if the time is not synchronized, which made the debugging activity difficult and error prone. In PeopleTools 8.55, new fields are added to the application and web server domain logs that help easily correlate log entries on the middle tiers.

Correlation data is logged when available, otherwise placeholders (hyphen) are used in place of correlation fields to maintain uniformity of format in the log files.

A typical log file now contains these log fields:

[Server Process]:[Operating System Process ID] [Service Request Number] [Timestamp] [SRID] [TOPInstance ID] [Operator ID] [Log Level] [Message]

**Integration Broker, trace, and third-party log files do not include correlation information. However, all log files include placeholders (hyphen) for the correlation fields to maintain uniformity of format in the log files.

B.3 PSAdmin Commandline Improvements

Improvements have been done for replicate/import web domain directly from the command line, refresh PS_CFG_HOME etc.

B.4 Oracle Policy Automation Integration with PeopleSoft

Oracle Policy Automation (OPA) is a suite of software products for modeling and deploying business rules within enterprise applications. This application focuses on modeling, automating, and optimizing the implementation of policy, legislation, and complex business rules. (See Appendix section 2 below to know more about OPA)

In PeopleTools 8.55, PeopleSoft is integrated with Oracle Policy Automation to leverage the following benefits:

  • Enable business analysts to author rules in Oracle Policy Modeling (OPM) using natural language sentences written either in MS Word or MS Excel.
  • Enable business analysts to build and process complex rules on Oracle Determinations Server outside of PeopleSoft components.

B.5 Support for WITH and MERGE Statements in SQL Access Manager

SQL Access Manager (SAM) has been enhanced to support WITH and MERGE statements, the SQL constructs that allow combining multiple DML queries into a single query to boost the performance. This functionality can be used with SELECT and INSERT statements, not with UPDATE and DELETE statements. Also, SAM does not modify/verify the syntax of the WITH and MERGE queries, it just passes the queries as is to the database for execution, hence its the developers responsibility to pass the right code.

B.6 Support for Oracle 12c In-Memory

PT 8.55 provides the ability to setup and utilize the in-memory functionality for PeopleSoft, which is delivered in database Oracle 12c. This is again a performance booster, as per notes.

B.7 Materialized Views for SQL Server and DB2 z/OS

Oracle included the support for Materialized Views for SQL Server and DB2 z/OS, which was there only for Oracle database till PT 8.54.

 

C. Security Administration

C.1 Secure by Default Initiative

As a part of “Secure Configuration Initiative”, Oracle has done some changes in Password controls by taking “Secure by Default” approach to ensure that the application configuration settings adhere to system hardening recommendations. When we do a standard installation (not upgrade), values get hardened for password controls, which adhere to the recommendations (Password expiration 180 days, Account lockout = 5 unsuccessful attempts, etc)

C.2 Forgotten Password Functionality

In PT 8.55, the system will not provide the feedback if a correct user ID is entered or if the correct response is entered to the password question, to reset the password by using “Forgot Password Utility”. This is another security step taken as a part of “Secure Configuration Initiative”.

C.3 Access ID and Connect ID Password Length Extended

In PT 8.55, the maximum length for the database access ID password and for the connect ID password has been extended to 32 characters. Also, PSACCESSPRFL table has been replaced by the PSACCESSPROFILE table to accommodate the longer passwords.

C.4 SHA-2 Hash Algorithm and 4096 Key size Support

When generating private keys for application server-based digital certificates, by default PT 8.55 uses the SHA-256 with RSA encryption algorithm and the 4096 key size. When using PSKeyManager to generate private keys for web server-based digital certificates, the default signing algorithm is SHA-256 with RSA encryption. In addition, the PSOPRDEFN table features a new column for SHA-2 hashed passwords.

C.5 My Preferences Framework

In this release the My Preferences framework has replaced the My Personalization framework. The My Preferences framework provides a WorkCenter-like interface for end-users to view and configure system-level preference items, such as time format, date format, default dictionary language, and so on.

D. Performance Monitor

D.1 PeopleTools Health Center

This feature enhanced for PeopleTools Performance Monitor (PPM). Now PPM will have dashboards for monitoring health, load, and performance in real time, alerts for potential availability or performance problems, integrated logs (in-browser viewing of all log files).

D.2 Automated Configuration Management

The automated configuration management framework allows to automate product configurations using your browser (PIA) or from the command line. This framework enables to store the environment configuration settings in a template stored in the database or an external template file. Because these settings are set once, and then saved, one can leverage the stored settings and reapply them easily when needed. PeopleTools provides two methods of running the automated configuration process — using the Automated Configuration Manager browser interface in PIA or using the command line. (See Appendix section below to know more about ACM).

These plugins are available for IB, Push notification, error handling, validations etc.

**Oracle recommends that product configuration through PIA be used only to test a template. The actual product configurations in a system must be performed through the command line

 

E. Enterprise Manager Plug-In

E.1 Alternate PeopleSoft Target discovery through plug-in

Enterprise Manager 13.1 release including new responsive UI to adapt automatically to different form-factors such as mobile/tablet clients. The administrator can schedule automatic discovery to happen from the Enterprise Manager console at periodic intervals such as once a day. PeopleSoft Plug-in will sweep thru all the hosts and discover PeopleSoft Targets automatically.

E.2 Auto Discover Environment Variables for Effective PeopleSoft Domain Administration

This feature intends to make the PeopleSoft Plug-in smarter by automatically detecting the required environment variables needed for running PeopleSoft utilities such as psadmin and psae to monitor the PeopleSoft domains. This will reduce the need do complex configuration steps like setting right “.profile” script or psemenv.sh script (as psoft user) with environment variables needed for running the PeopleSoft Plug-in. As soon as the PeopleSoft Plug-in is deployed on the Enterprise Manager Agent, it is ready to administer and monitor the PeopleSoft Domains without any pre-requisite setups needed to make the plug-in to work as a “psoft” user.

 

Appendix

A. DPKs

The DPKs include a bootstrap script that deploys a default instance of each of the PeopleSoft mid-tier domains—PeopleSoft Pure Internet Architecture (PIA), Application Server, and Process Scheduler domains. These domains are fully functional out-of-the-box. However, it is assumed that you will need to make changes to these deployments. These changes will be required to reflect your organizational standards, preferences, and customizations. DPKs set up your infrastructure for you—“infrastructure as a code,” which allows you to customize the environments to produce various topologies to serve different functionality, such as test environments, environments for performance testing or development environments, and so on. Notably, these customizations can be retained across maintenance application (upgrades, patches, and updates).

Using DPKs to create a PeopleTools middle-tier (Application Server, Process Scheduler, and PIA) typically takes less than 15 minutes. This allows for dynamic scaling and quick patching. With such fast creation of the middle-tier components, you can optimize hardware resources by creating middle-tier virtual machines (VMs) on demand. These VMs can be removed to release the resources when not in use, yet be quickly recreated as needed.

DPKs are integrated with PeopleSoft Automated Configuration Management (ACM) to provide PeopleSoft application configuration using plug-ins delivered by the PeopleSoft Application. For example, for all deployed environments, the Integration Broker and Gateway are set with ACM plug-ins, as is Oracle SES for demo environments.

DPKs allow for fast environment cloning. After creating an environment clone, you can use PeopleSoft ACM plug-ins to modify the configuration settings, such as those for Integration Broker, from those used in the original environment, to those required for the cloned environment, during the deployment of the middle-tier using PeopleTools DPK. DPKs can be used, to easily and effectively, create a fresh clone from your existing environments. Using database snap cloning, an environment clone can be achieved in less than 30 minutes.

B. Understanding Oracle Policy Automation

Oracle Policy Automation (OPA) is a suite of software products for modeling and deploying business rules within enterprise applications. It is a specialist application that is focused on modeling, automating, and optimizing the implementation of policy, legislation, and complex business rules.

OPA suite consists of the following five major components:

  • Oracle Web Determinations – The Web Determinations is a web application that allows rapid deployment of interactive applications based on rules.
  • Oracle Determinations Server – The Determinations Server is a web service interface that allows remote client applications to send assessment data, perform inference based on chosen rule-base and returns the determination of the inference to the requesting client. It is built on top of the Determinations Engine.
  • Oracle Determinations Engine – The Determinations Engine is the core component of the OPA, which provides basic services for executing rules based applications like inference mechanisms, metadata to build rules and natural language support.
  • Oracle Policy Modelling (OPM) – OPM is an integrated development environment that supports all aspects of the OPA lifecycle like natural language based rule authoring with MS Word or MS Excel, debugging of rules, comprehensive rule testing facilities and has integrated source control to store multiple versions of the rules.
  • Oracle Policy Automation Hub (OPA Hub) – OPA Hub is a central administration console with a repository database for storing Rules Projects and provides connections to third party applications, for example PeopleSoft, to fetch data models. It is a Web application deployed on WebLogic domain.

C. Understanding Automated Configuration Management

With each new release, Oracle PeopleTools provides new technology to our infrastructure, which adds rich, new features to support the functional requirements of our applications. While the new technology enhances the user experience and capabilities of our applications, the new technology often brings additional steps to the environment configuration and implementation process. This can create challenges for system administrators, development teams, and testing teams who routinely set up numerous environments that need to be refreshed on a regular basis. For example, with each implementation, system administrators routinely deal with multiple copies of various types of environments, such as production environments, testing environments, demonstration environments, , development environments, and so on. Oracle PeopleTools and PeopleSoft application teams share this same challenge.

For this reason, Oracle PeopleTools provides an automated configuration management framework that enables you to store your environment configuration settings in a template stored in the database

or an external template file. Because these settings are set once, and then saved, you can leverage the stored settings and reapply them easily when needed. PeopleTools provides two methods of running the automated configuration process — using the Automated Configuration Manager browser interface in PIA or using the command line. When running the process from the command line, you can use a batch file or shell script or the Application Engine command line options.

After setting up the basic infrastructure of a PeopleSoft environment, including database, application server, Process Scheduler server, and PIA domain, you run the configuration program (either using PIA or command line). This configuration program reads your configuration settings (referred to as environment properties) that you have stored in the template or template file, and inserts the stored values into the database, saving you from updating the settings manually each and every time you create or refresh an environment. The settings stored in the template or template file are those that you typically enter on a configuration page in PeopleTools and save to the database. For example, the value for your Integration Gateway URL, which you would normally add manually on the Gateways page, can be entered in your template or template file once, and then retrieved by the automated configuration management framework and inserted into the database each time you refresh that environment.

A template is a composite of configuration plug-ins in which the properties and its values are defined. The configuration program fires configuration plug-ins that take the properties specified in the plug-in and configures the feature associated with that plug-in. Each plug-in provided is focused on a particular setting or functional area of your configuration. You enable configuration plug-ins by referencing them in your template or template file and specifying the settings for that configuration plug-in to insert into the appropriate fields in the configuration interface.

Automated Configuration Manager uses a template to store settings and run a configuration program. In a template, you can include all the product configurations called plug-ins that you require for an environment, and you can group the plug-ins based on the product. For example, plug-ins required for an Integration Broker configuration can belong to one group, whereas the plug-ins required for a Search Framework configuration can be another group in the same template. This enables you to configure more than one product in a single configuration program run, and you can also control the sequence in which products are configured. For example, you can set Integration Broker to be setup and configured first and the Search Framework second to account for the dependencies the Search Framework has upon Integration Broker. Your configuration templates can be exported from one environment and imported by others so you can reuse templates in different environments by editing the configuration plug-in properties and values as required for an environment.

Automated Configuration Manager allows you to:

  • Create, edit, manage, import, and export templates.
  • Define template variables.
  • Register configuration plug-ins.
  • Specify template processing modes.

Permanent link to this article: http://alokbhardwaj.com/oracle-peoplesoft/2015/12/22/peopletools-8-55/

Jul 09

SaaS – Oracle and Workday

Software as a service, or ‘SaaS’, is known as a software application delivery model over the Internet—as a service. In this model, a vendor develops a web-based software application, and hosts and operates that application over the Internet for use by its customers. This eliminates the need to buy software licenses or infrastructure for the customer. This model also completely eliminates the installation and maintenance of the software/enterprise application, and the same can be accessed through the Internet. The need and innovation arises to free the customer from complex software and hardware management. Alternatively, SaaS applications can be named as Web-based, on-demand, or hosted software. In any case, SaaS applications run on a SaaS provider’s servers. It’s the vendor/provider province to manage access of the application to the customer, including security, availability, and performance and so on. To the customers, it delivers software functionality without the overhead of operating the application.
Adoption of this model came from Business Process Outsourcing (BPO), where the complete business processes of a company can be outsourced and managed by other company(vendor/provider). So the idea arises if the business processes, IT processes can be outsourced, why not the Software applications? And why it can’t be act as an important enterprise strategy, provided the fact that the IT and business process outsourcing industry has grown at a very good rate.
 
Security and Operational Risk
 
Data security and privacy are to be considered as a big risk factors (or were may be), as all type of a company data transportation has to happen in this model. As I said “or were may be”, and as the technology grows, there are best in the industry remote security technologies and data redundancy tools are available too, which makes SaaS model less risky and more successful, and in turn, the SaaS adoption is increasing day by day.
 
Major Players: Oracle Fusion and Workday
  
Oracle as a market leader, aggressive about its marketing approach, provider of great Enterprise products. Workday, in turns, another great product by Dave Duffield (after PeopleSoft) who gave the enterprises its first HRMS globalized product.
 
While the strategy from making the product and selling it, these two differs a lot, however, the outcome and product delivery is same, based on one model only, SaaS (yes, may be for Oracle, 100% not now, but in future). While going through the product statement for both, points which I gathered are broadly based on finding pros and cons of these products over one another.
 
Workday:
Pros
1. Pioneer in market for its HRMS product because of PeopleSoft (who can forget PIA, not in decades), Workday gives a better User Interface than Fusion
2. Because Workday becomes the first company to provide Cloud HCM, it gives Workday first mover advantage and better experience in SaaS implementations
3. Smartphone and tablet apps are advance
4. Users claims it faster and more regular in terms of updates.
Cons
1. Keeping its approach same as what Dave had for PeopleSoft, its very much US-Centric. May be same as PeopleSoft, he wants to start from there, rather then taking chances to launch it for global at once.
2. Only focus on HCM as of now. For other solutions, integration with other vendors is required.
3. Major modules like Recruitment are missed out.
4. Don’t give any alternative to cloud. There might be customers who are still not ready for SaaS model.
Fusion:
Pros
1. Its an Integrated solution, not just one suite, like HCM
2. Non-centric to one geography (like what Workday is for US only)
3. Customization available (although not fully available, but atleast available for customization on cloud)
4. Having an alternative, can be installed and run locally too, not just on cloud.
5. Integrated BI (workday can’t have it, integration has to be done).
Cons
1. Not pure cloud
2. Oracle still have to work on SaaS model
3. Physical installation is still required, and can be  question of affordability for small and mid size enterprises
4. User Interface
What survey says about SaaS?
Towers Watson’s 2013 HR Survey:
 
— 88% customers will ultimately choose a SaaS-based solution in near future.
— One in three companies will ultimately choose a SaaS-based solution in near future.
•About half of the responses came from multinational organizations.
•Two-thirds of the responses came from organizations with more than 5,000 employees.
•The survey responses came from a broad cross section of industries, with the largest number concentrated in the manufacturing sector, followed by financial services, IT and telecom, professional services, and retail.
Why is SaaS architecture growing in popularity? May be organizations that choose it, choose for its lower ongoing costs and the peace of mind of always being on the current version of the software without owning it. Even they need not to concern about any platform, server or infrastructure. Thinking platform-less would have been good!!!

Permanent link to this article: http://alokbhardwaj.com/oracle-peoplesoft/2014/07/09/saas-oracle-and-workday/

Jul 08

The cloud and the change

Coming back to the story, how this cloud and recent technologies can change the technicians? I think we can all agree that the heavily-specialized infrastructure teams of the past—the networking team, the server team, the storage team—are no longer sufficient in the brave new world of converged infrastructure that blends networking, virtualization, and storage all together. I’d agree, in general terms, that IT infrastructure and technical folks need to broaden beyond their core strengths into adjacent technologies in order to remain relevant. And by broadening the scope, it doesn’t mean to leave the things which we are working on. It means to do additions, and not subtractions.
 
It will be helpful to understand what goes into application development and the infrastructure dependencies that are the result of the development choices. Again, that’s awareness, and yes—infrastructure engineers and technical folks need enhanced awareness of adjacent technologies and the relationships with their core technology strengths. Regardless of how many layers of abstraction are inserted into, in its simplest form, is another layer of abstraction—someone still has to manage the things. Customers building their private cloud and having highly virtualized infrastructure, pooled resources, self-service provisioning, someone still has to manage it and the ongoing things. Someone still has to ensure that there is sufficient capacity, and that someone needs to understand the core technologies that make the cloud tick.
 
Especially regarding the infrastructure (because that is where I belong from the core), there are many upcoming opportunities I can see. Even if the virtualization of servers, storage, networks, software will happen and happening, management of this infrastructure is still necessary. People who understand this infrastructure—both virtual and physical—are still necessary. People who know the relationships among the virtualization layers and the various technologies are still necessary.
 
Yes, the infrastructure and technical people will change, grow, and evolve, but it’s an opportunity and not the termination.
 
Oh yes, the age of PeopleSoft. Let’s begin with Oracle, when PeopleSoft came under its umbrella. Oracle acquired PeopleSoft in 2004-2005.At that point of time PeopleSoft had 12,200 customers. Oracle has been continuing to invest in PeopleSoft applications and technology to deliver value to PeopleSoft customers. More than 300 additional features have been added since the PeopleSoft 9.2 release. Today 439 companies out of Fortune 500 use PeopleSoft. Currently PeopleSoft has customers across the globe which is mainly segmented into 5 regions – APAC, Japan, North America, Latin America and EMEA with more than 200,000 users use PeopleSoft and in variety of industries.
 
Having collected all the data above, analytics says its time for PeopleSoft to get completely out of reach. Multi million investments in servers, infrastructures and staffing have already been done to keep the things running. In India itself, there are thousands of mid sizes and big organizations are running on PeopleSoft. So the market analyst says its still time to get over from these investments and apply new one. Eventually a change will come, as everyone has to run with the time and technology, however, the kind of features PeopleTools delivered and still making enhancements to cope up with the change in time and industry trends, PeopleSoft is still in a long run.

Permanent link to this article: http://alokbhardwaj.com/oracle-peoplesoft/2014/07/08/the-cloud-and-the-change/

Mar 31

PeopleSoft and Kerberos integration: Desktop Single Signon Solution

Single Signon refers to the ability of users to navigate freely within a system of multiple applications after only being authenticated once.

It means that user will be asked for his/her login details only once and whenever he/she clicks on a link pointing to other application, then security information is passed from one application to other automatically and there is no additional burden on user to enter login details again. Of course, all these participating application should have Single Signon configured.

With PeopleTools 8.51 onwards, Oracle delivered Kerberos Software Development Kit (SDK) which can be used as Desktop Single Signon Solution. Which means, once the user will get authenticated inside their machine, they need not to give their credentials to get into PeopleSoft application. PeopleSoft authentication will happen on the basis of user’s network login.

The following diagram illustrates the request and response flow between the client, the KerberosSSOFilter, and the portal servlet.

Task details

For PeopleSoft and Kerberos integration, we need to complete below tasks:

• Configure the directory server to act as the Key Distribution Center (KDC).
• Setup Active Directory in PeopleSoft
• Set up Kerberos authentication on the web server.
• Set up Kerberos authentication on the application server.
• Write Signon PeopleCode for Kerberos authentication.
• Configure the PeopleSoft application for Kerberos authentication.
• Modify and Enable Signon PeopleCode to include Kerberos authentication
• Browser Configuration

Configure the Directory Server to Act as the Key Distribution Center (KDC)

To configure your directory server to act as the KDC:

1.    Create an appropriate server user account in the directory.

To add a server user:

a. On a Windows 2003 domain controller, select Start, Control Panels, Administrative Tools, Active Directory Users and Computers.
b. From the menu bar, select Action, New, User.
c. Enter values in the Full name and User logon name fields. You should use your own internal naming conventions. For example, Full name: Kerberos Server, User logon name: krbsrv

Note: The First name, Last name, and Initials fields are not important, but you must specify the Full name and User logon name. Kerberos authentication uses the User logon name only.

d. Click Next.

e. Use this table to set the password and check box values:

Password                                                   
User must change password at next logon     Cleared
User cannot change password                      Selected
Password never expires                                Selected
Account is disabled                                      Cleared

f. Click Next and then click Finish.

In my test case, the user name is system123

2. Generate the keytab file. The keytab file stores the name and encrypted password of the server user account.

In my case, keytab file got generated as per below command:

ktpass -princ HTTP/machine.com@AD.ABC -mapuser system123@AD.ABC -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -pass password -out c:krb5.keytab

-princ         Specifies the service principal name in the form user@realm
-mapuser    Maps the name of the Kerberos principal specified by the princ parameter to the specified local user   name
-crypto       Sets the encryption type to use
-ptype        Sets the principal type to Kerberos 5 for Microsoft Windows
-pass         Causes the utility to prompt you for a password
-out           Specifies the name and location of the Kerberos version 5 .keytab file to generate

3. Map the server user credentials to a Service Principal Name (SPN) matching the website that the server hosts (network team).

The SPN can include any possible URL. Valid SPNs for the AD.ABC domain include:

• HTTP/mail.AD.ABC@AD.ABC
• HTTP/other.domain.net@AD.ABC
• HTTP/localhost@AD.ABC
• HTTP/192.168.1.100@AD.ABC

Set the SPN as per below:

a- Setspn –d HTTP/machine.com ADsystem123
b- Setspn –a HTTP/machine.com ADsystem123

   


Setup Active Directory in PeopleSoft

Step 1:    Directory Setup

To setup the directory, navigate to the PeopleTools > Security > Directory > Configure Directory page.

Configuring the directory is used for caching the directory schema, which is a required process for LDAP authentication in PeopleTools 8.4.

Although this component has four pages, Directory Setup, Additional DNs, Schema management, and Test Connectivity, to setup LDAP authentication, only the Directory Setup and Test Connectivity pages are important at this point.

All values entered must be correct and not mistyped or signon PeopleCode will not be able to talk to your directory correctly.

Directory ID: Identifies the directory connection that you are creating. The directory ID that you enter can identify a specific LDAP server or a collection of LDAP servers depending on how many servers you add in the Server Name section.

Description: Enter a description of the directory connection.

Directory Product: Select your directory product from the list of options i.e. Microsoft Active Directory, Novell e-Directory, etc. We are using MS Active directory, hence we have selected the same.

Default Connect DN: The Distinguished Name of directory based account with “Browse” rights to ObjectClass=Person entries and “Read” rights to all needed attributes. The DN is the full path to the user, for example cn=administrator,cn=users,dc=peoplesoft,dc=com which means that this user is located in the container called users under the domain called peoplesoft.com. This DN will be chosen by default when creating subsequent maps. The default DN can be overridden on each mapping page by adding addition connect DNs on the following page.

Password: The directory password for User DN. This is important as with no password you are making an anonymous bind to the directory. PeopleSoft suggests not using anonymous to bind to your directory but that is your choice to make. You need a password in order to cache the directory schema, which will be in the next step. The password is stored in encrypted form in the database; not even individuals with administration access to the database can view this password.

Server Name: Add LDAP directory servers to a connection list. You can add multiple servers for failover purposes using the plus button. All servers you add must participate in the same directory service.

LDAP Server: Identify a specific LDAP server. You can use the DNS name or you can use IP address dotted notation. For example, either of the following formats is acceptable: ldap12.yourcompany.com or 192.201.185.90.

Port: Enter the port number on which the LDAP server is configured to receive search requests. The standard LDAP port is 389. If you do not specify the correct port, PeopleSoft Directory Interface can’t exchange data with your LDAP server. In Active Directory you can also choose to use the Global Catalog
port of 3268.

SSL Port: If you are implementing Secure Socket Layer (SSL), enter the SSL port on the LDAP server. The standard SSL port in 636. In Active Directory the Global Catalog port for SSL is 3269.

In our case, the values were as below:

Directory ID:            SYSTEM123
Directory Product:    Microfost Active Directory
Default Connect DN: system123@AD.ABC
LDAP server:           AD.ABC
Port:                       389

Step 2: Test Connectivity

Next we need to verify the settings in Directory Setup page to see if they can pass all the connectivity tests. The page displays the results (SUCCESS or FAIL) of the connectivity test. If connectivity fails, modify the connect information on the Directory Setup and Additional Connect DN’s pages. All tests must return SUCCESS. If they do not then either your configuration settings are not correct or the default connect id used does not have full access to your LDAP Directory. If you have the bind and search of the host returning success, but the search of the schema is failing, then that means you are attempting to bind anonymously, and normally anonymous cannot read the schema. This test verifies that the server and directory are up and running, it makes a bind if you are using a password with the connect DN; otherwise it is making an anonymous bind to the directory. So you may see varied results depending what values you have on your directory setup page.

**Things to check if you get a failure on this page:

i. Test the connect DN without a password, this will do an anonymous bind and should return successfully.
ii. Check the port numbers being used that they are valid.

iii. Check the server name, if you are using DNS names you might try using the IP address instead.
iv. Check to make sure the DN being used is correct.

Step 3: Caching the Directory Schema

You use the Cache Schema page to specify a directory server and invoke an Application Engine program designed to create a cache in the PeopleSoft database of the directory schema. This enables you to select names of Object Classes and Attribute Types when creating security maps. If you have multiple directory configurations you will need to cache the schema for each configuration. The directory authentication and User Profile maps use these attribute values when mapping your directory.

When caching the directory schema you will need to choose the directory and the server. This process should only take a few minutes and it needs to be run for every configuration you create.

 

Step 4: Setup Authentication Map

This is the information used to bind to the directory and search for the LDAP user that is logging into PeopleSoft.

The first thing is to make sure the map you are using is active.

The Directory ID is the configuration that you previously setup in the configure directory. This must be defined in order to properly fill the Connect DN.

Anonymous Bind and Use Secure Socket Layer are options you can check at this point if you are using that setup. You can only use one option not both or neither and use the default DN.

The Connect DN gets populated automatically when you choose the directory ID from the previous setup. If you wanted to use a different connect DN then you can use the dropdown box which will allow you to choose from the Additional DNs page you may have setup when configuring the directory in step 1. We skipped this page but as mentioned before the Additional DNs page can be used if you want to have other users that can search the directory, that you would want your Authentication map to use instead of the connect DN on the directory setup page The list of servers is brought over from step 1 also. You can choose to add or subtract any servers for this particular map. Be sure to add the appropriate sequence number for the search order of which server will be first searched. The User Search Information is critical. Here is where we have also found a lot of errors made. This is where you will define the Search base, the search scope, and the search attribute used to find the users in the directory.

Search Base: The search base is the container or starting point in the directory that you want to start your search for users. You MUST include the whole DN path for this location.

Scope: The scope of the search, which can be one of these values:

Base retrieves information only at the level of your search base. It will not look deeper in you directory for users.
One retrieves information about entries one level below the base.
Sub retrieves information about entries at all levels below the base. The base entry is included in this scope. If no scope is specified, the server performs a base search.

Search Attribute: The search attribute is the directory attribute of  ObjectClass=Person to which the provided User ID should be matched.

Example:

cn=system123,ou=System Accounts,ou=Support,dc=ad,dc=abc

Step 5: Setup User Profile Map

This page is used for mapping you directory users to the PSOPRDEFN table.

 

Mandatory User Properties page:

Authentication Map: Choose the authentication map, from the dropdown list, that you will be using this profile map with. As stated before you can have multiple authentication maps, therefore you need to have a corresponding profile map with each authentication map. You may ONLY have one User Profile Map per authentication Map.

User ID Attribute: This is the directory attribute containing the value that will be used as the PeopleSoft OPRID on the PSOPRDEFN table. So once the search attribute, on the last page is found, the signon PeopleCode then binds to this directory attribute. This is also the value that will be updated or created in PeopleSoft if you are using the USER_PROFILE component interface. So if your uid or sAMAccountName, in the directory, were jsmith then the OPRID in PeopleSoft would be searching for, or creating would be JSMITH.

Note: Although the directory is case insensitive the delivered peoplecode will ALWAYS force UPPER CASE when returning from the directory and searching the PSOPRDEFN table for this user or when creating the user in the PSOPRDEFN table. So you will notice that your users get created in upper case regardless of their case in the directory. See possible solution in Appendix C to make changes to this delivered functionality.

ID Type: This is the default ID Type for newly created users. Once you have established LDAP authentication and you want to change this to EMP (emplid) you may but bear in mind that when using the value of EMP you must also have the ID Type Attribute value filled with the user’s correct employee number.

ID Type Attribute: The name of the LDAP attribute containing valid data for the given ID Type. If using NON then this filed is grayed out and no value is required. However, if you are using the EMP ID type then the directory attribute named here must contain the same value on the user profile of the directory as the EMPLID value in the PS_PERSONAL_DATA table in PeopleSoft contains for this user, as there is a cross reference to the employee when the user is created. So if you are using EMP as the ID Type and the ID Type Attribute is employeenumber (which would need to be a valid attribute in your directory) then this value on the employeenumber attribute in the directory would have to match the EMPLID for this user on the PS_PERSONAL_DATA table in order to correctly cross reference and update or create the user profile.

Default Role: We have 3 options here.

1) You can choose to assign to your newly created users a default role, that exists in PeopleSoft, that will give only the minimal access you would want EVERY user to have and also allowing the user to logon with only this role.

2) You can choose a directory attribute that will hold the default PeopleSoft role you want to assign to your users, remember with this option you must have an attribute defined in the directory with the PeopleSoft role name value in it for this role to be correctly assigned to the user logging in.

3) You can choose not to assign a default role at all. This is the safest option if you are already dynamically assigning roles to your users, or you are only authenticating users and not creating them through the LDAP_PROFILESYNCH option on the signon peoplecode page.

Note: We cannot use both options 1 & 2 and in using the 3rd option, if you have directory groups named the same as your PeopleSoft roles, then your users will get these roles assigned to them “on the fly” as they logon and their static roles will be deleted.

Additional note: If the user is already created in PeopleSoft, then they will not be assigned the default role when they logon through the LDAP_PROFILESYNCH. This is only for users that have not yet been created on the PSOPRDEFN table.

Default Language Code: This is the same as the default role as you can define to use a default value or a directory attribute. Remember you cannot use both.

Step 6: Setting up Signon PeopleCode

This will be discussed in Kerberos integration as below point:

Modify and Enable Signon PeopleCode to include Kerberos authentication

Set up Kerberos Authentication on the Web Server

To configure the web server JVM for Kerberos authentication:

1. Create a folder specific to kerberos configuration files, such as /usr/krb5 on the server. Place the keytab file in this folder.

2. Create two configuration files:

krb5.conf
krb5Login.conf

In my case, the values were below:

krb5.conf

[libdefaults]
default_realm = AD.ABC
ticket_lifetime = 2400
dns_lookup_realm = false
dns_lookup_kdc = true
#default_tkt_enctypes = des-cbc-crc
#default_tgs_enctypes = des-cbc-crc
#allow_weak_crypto=true

[realms]
AD.ABC = {
kdc = AD.ABC
admin_server = AD.ABC
default_domain = AD.ABC
}

[domain_realm]
.AD.ABC = AD.ABC
AD.ABC = AD.ABC

krb5Login.conf

krbServer {
com.sun.security.auth.module.Krb5LoginModule required
storeKey=true
useKeyTab=true
keyTab=”/UNIX_DIR/krb5.keytab”
isInitiator=false
principal=”HTTP/machine.com”;
};

3. Configure the web server to use these files for Kerberos authentication, by adding JVM arguments.

a. Edit the setEnv file in the /webserv//bin/ directory.

b. Find the line that begins with SET JAVA_OPTIONS = and append the line with this text:

-Djava.security.auth.login.config=”krb5Login.conf file path with the file name”
-Djava.security.krb5.conf=”krb5.conf file path with the file name”

** In our test case:

JAVA_OPTIONS=”-Xms512m -Xmx512m -XX:MaxPermSize=256m -Dtoplink.xml.platform=oracle.toplink.platform.xml.jaxp.JAXPPlatform -Dcom.sun.xml.namespace.QName.useCompatibleSerialVersionUID=1.0 -Djava.security.auth.login.config=/UNIX_DIR/krb5Login.conf -Djava.security.krb5.conf=/UNIX_DIR/krb5.conf”

4. Save the file.

Kerberos Java class files should be present in the /webserv/peoplesoft/applications//PORTAL.war/WEB INF/classes/com/peoplesoft/pt/desktopsso/kerberos directory.

• KerberosSSOFilter.class
• KerberosSSOFilter$1.class
• KerberosSSOFilter$KerberosAuthWrapper.class
• KerberosSSOFilter$KerberosHideWrapper.class

Open the web.xml file in the /webserv//applications/peoplesoft/PORTAL.war/WEB INF/ directory

Place below code:


KerberosSSO
com.peoplesoft.pt.desktopsso.kerberos.KerberosSSOFilter
checkSecureConnectiontrue
validateTokentrue
verbosetrue


KerberosSSO
/*

Weblogic console settings:

Configure NegotiateIdentityAsserter from the console. Open the weblogic console by typing the URL:

http://machine:port/console

Home > Summary of Security Realms > myrealm > Providers > Authentication > Create new NegotiateIdentityAsserter

Leave the default Active Types
Under Provider Specific, uncheck Form Based Negotiation Enabled

Activate the changes and restart the server.

Set up Kerberos Authentication on the Application Server

Setting up Kerberos authentication on the application server requires that you configure the application server JVM to validate the Kerberos token:

To configure the application server JVM to validate the Kerberos token:

1. These Java class files should be in the /class/com/peoplesoft/pt/desktopsso/kerberos directory.

• KerberosSSOValidator.class
• KerberosSSOValidator$1.class

Note: In addition to the compiled Java classes, all PeopleSoft applications include the Java source code for the KerberosSSOValidator. You can find the source files in the sdkdesktopssosrccompeoplesoftptdesktopssokerberos directory.

2. Open the application server configuration file: psappsrv.cfg

3. Find the line that begins with JavaVM Options=and append the line with this text:

-Djava.security.auth.login.config=”krb5Login.conf file path with the file name”
-Djava.security.krb5.conf=”krb5.conf file path with the file name”

** In my test case, the values were like below:

JavaVM Options=-Dxdo.ConfigFile=%PS_HOME%/appserv/xdo.cfg -Xms32m -Xmx128m -Djava.security.auth.login.config=/UNIX_DIR/krb5Login.conf -Djava.security.krb5.conf=/UNIX_DIR/krb5.conf

4. Save the file.

 
Write Signon PeopleCode for Kerberos authentication

1. In PeopleSoft Application Designer, open the FUNCLIB_LDAP record definition. Right-click the LDAPAUTH field and select View PeopleCode.
2. Find the Function getWWWAuthConfig() PeopleCode function.
3. Change the &defaultUserId to “PUBUSER”.
4. In the same field and event, add a KRB_AUTHENTICATION function. We have to add the following function at the end with the below code.

Signon PeopleCode

Function KRB_AUTHENTICATION()
If %PSAuthResult = True And
&authMethod <> “WWW” And
&authMethod <> “OAMSSO” And
&authMethod <> “OSSO” And
&authMethod <> “SSO” And
&authMethod <> “LDAP” Then
getWWWAuthConfig();
If %SignonUserId =
&defaultUserId Then
Local string &princName =
%Request.GetHeader(“KRB_USER”);
Local string &krbToken =
%Request.GetHeader(“Authorization”);
Local string &userName =
&princName;
Local number &foundDelim =
Find(“@”, &userName);
If (&foundDelim > 0) Then
&userName = Substring(
&userName, 1, &foundDelim – 1);
End-If;
If Len(&userName) > 0 Then
&krbToken = Substring(
&krbToken, 11, Len(&krbToken) + 1);
&validator =
GetJavaClass(“com.peoplesoft.pt.
desktopsso.kerberos.
KerberosSSOValidator”).
getInstance();
Local string
&validUserName = &validator.validate(
&krbToken);
If &validUserName <>
“NULL” And
&princName =
&validUserName Then
SetAuthenticationResult(True, Upper(
&userName), “”, False);
&authMethod = “KRB”;
End-If;
End-If;
End-If;
End-If;
End-Function;

Configure the PeopleSoft application for Kerberos authentication

To configure the PeopleSoft application to use Kerberos authentication, we need to enable public access.

To enable public access:

1. Select PeopleTools, Web Profile, Web Profile Configuration and open the profile to which you are adding Kerberos authentication.

2. On the Security tab, select the Allow Public Access check box and then enter the user ID and password of the public access PeopleSoft application user. This user should have minimal permissions.

In this example, you see that public access is enabled as the user ID, PUBUSER.

 

Note: User ID on this page must be the same user ID that you entered in the getWWWAuthConfig() function in the Signon PeopleCode.

3. Save the web profile.

Modify and Enable Signon PeopleCode to include Kerberos authentication

To enable Kerberos authentication Signon PeopleCode:

1. Select PeopleTools, Security, Security Objects, Signon PeopleCode.

2. Insert a new row and enter these values:

Field                    Value or State

Enabled                Selected
Record                 FUNCLIB_LDAP
Field Name           LDAPAUTH
Event Name          FieldDefault
Function Name     KRB_AUTHENTICATION
Exec Auth Fail     Selected
Sequence            Enter a value that does not conflict with the flow of other Signon PeopleCode functions.

 

3. Save the page.

Browser Configuration

Internet Explorer default settings typically work with Kerberos single signon. However, if the browser settings are not the default, you might need to change the browser settings. In addition, Internet Explorer only uses Kerberos authentication for sites in the Local intranet zone. If your PeopleSoft applications are not within this zone, you must add them.

Internet Explorer settings:

1. Open Internet Explorer and select Tools, Internet Options. Then, select the Security tab.
2. In the zones display, select Local intranet and then, click the Sites button.
3. Select the check boxes that apply to the PeopleSoft site.
4. If these settings do not meet your needs, then click the Advanced button and add the site specifically.

After you add the site, click the Close button.

5. On the Local Intranet dialog box, click the OK button.
6. On the Internet Options dialog box, select the Advanced tab. Then, scroll down to the Security settings. Select the Enable Integrated Windows Authentication check box.
7. Click the OK button and then, restart the browser so that the settings take effect.

After completing the configuration, try the URL below to access the PeopleSoft application.

http://server:port/psp//EMPLOYEE/ERP/h/?tab=DEFAULT

** One should not try the typical PS URL ”http://server:port//signon.html”, as no matter what desktop SSO solution you have implemented, you will land up to the default PeopleSoft login page.

**IMP: If everything regarding the setup is fine, user should get login. However, the testing is not over yet. If the setup is not fine, then also user will get login as there is a public user configured inside the application. User should check their roles and run a CNTL+J test even if their login is fine and check if they are getting their userID only. PeopleSoft application administrator should check the application server and PIA logs for any descripencies or inconsistencies. A Network administrator role is also very important in any troubleshooting.

** First image has been taken from “PeopleSoft Security Administration e-book”

References:

1. PeopleSoft Security Administration
2. Randy’s blog from Remote PeopleSoft admins:

http://remotepsadmins.com/2012/08/28/peoplesoft-desktop-single-sign-on-via-kerberos-part-1/ 

** Special thanks to Randy for his extended support. He helped me out for implementing this solution.

Permanent link to this article: http://alokbhardwaj.com/oracle-peoplesoft/2014/03/31/peoplesoft-and-kerberos-integration-desktop-single-signon-solution/

Jul 25

Data Migration Workbench

Till PeopleTools 8.52, application version 9.1, to migrate the configuration data from one PeopleSoft environment to another, there were different custom methods customers had to try, DMS scripts, SQL scripts etc. With the release of PeopleTools 8.53 and application 9.2, Oracle has come up with a new tool and methodology, “Data Migration Workbench”, which will help customers to do this task without applying any of the custom methods.


This tool provides a method of migrating configuration data between environments as managed objects, rather than using DMS, SQL scripts. With Data Migration Workbench, one can migrate application configuration data. This tool will copy all/selective data from the source database configuration tables to a flat file base and later the flat File can be loaded to target database and before copying the data to target data base one can compare the data too and then load it. This tool has permission and approval process also in between.

Data Migration Workbench facilitates the Configuration Management process using Application Data Sets. The Data Migration Workbench is designed to manage the complexity of migrating configuration data across multiple PeopleSoft systems. The Data Migration Workbench provides the ability for any authorized developer to easily define application data sets and to compare and copy the data similar to the way managed objects have been copied and compared.

Application Data Sets:

•Enable developers to use PeopleSoft Pure Internet Architecture (PIA) to define data set definitions as a hierarchy of records with some collective properties. A data set definition defines the shape of data set instances. It consists of a hierarchy of one or more record definitions and some properties. Each child record has all the keys of its parent record and optional additional keys. A data set instance has a single root row defined by the unique keys of the root record.

Data set definitions are like record definitions: record definitions define a group of fields that constitute a record; data set definitions define a group of records that constitute a data set. Both record definitions and data set definitions are metadata that define the shape of data.

•Enable developers using PIA to insert data sets instances ( data content) into projects to represent a unit of work as a data migration project. Data migration projects are like managed object projects: a collection of data set instances having various data set definitions.

•Enable developers using PIA or Change Assistant to copy and compare projects containing data sets.

•Enable PIA-based copy and compare to use powerful servers rather that the Windows workstations required for PeopleSoft Integrated Development Environment (PSIDE)-based copy and compare. (Copy and Compare can also be run from Change Assistant using Application Engine)

•Integrate with the Enterprise Components Approval Framework to provide administrative control of the project copy from file process.

•Provide enhanced security to assure that the data set definitions are suitable for copying data, that the user has access to the PIA data set pages, and that user has the right to copy and compare the data.

•Provide an alternative to Data Mover that offers greater visibility and control for managed changes of a customer’s environment.

The two main components in data sets are the Data Set Designer used to define the structure of the data set and the Data Migration Workbench, used to define the data migration project content and to orchestrate copy and compare. Data Migration Workbench shows the current status of a project and prevents inconsistent actions. Once you have defined the data migration project, you can copy the data to a file that can later be compared or copied from file on another PeopleSoft database.

The Data Migration Workbench uses a Project Repository as a place in the file system where project files can be copied to and from. The Project Repository is defined in the data base as a repository name, an associated file path, and one or more areas (sub folders) that can contain project files. The purpose of Project Repository is to avoid manually copying project files from one system to another by promoting common definition of shared file locations and providing better security for administrative control of the places that project files can be copied to.

 

Data Set Component  

 

Flow for creating and copying Data Set Migration projects

 

 

 

 

 

Steps:


1. Create Data Set Definition.
2. Create or select then populate Data Migration Project.
3. Copy to file.
4. Compare Data Migration Project from file.
5. Review compare and validation reports.
6. Copy Data Migration Project from file.


Data Migration Workbench Limitations and Recommendations:


Limitations

•The Application Server and Process Scheduler used must both be able to access the project files using the same path. This will require that both are running on Operating Systems that use compatible file access conventions. For example, Microsoft Windows and UNIX-derived operating systems do not have compatible native file access conventions.

•The Application Data Set framework is not sufficiently secure in 8.53 to use for sensitive data.

•The data set definition must exist on the target database before you load a data set project to the target database.

•The data set definition must have the same shape on both the source and target database. Shape is defined by the records and fields included in the data set. Shape equality can usually be achieved most easily by copying a managed object project containing the data set definitions from source to target prior to copying the Data Migration Project. But if the constituent records and fields are different between source and target matching shape may involve executing database CREATE or ALTER steps to attain equivalence.

•Application Data Set definitions containing views or derived records are not copy-able or comparable.

•In 8.53, the language selections available in Copy from File do not include COMMON, thus COMMON cannot be excluded during copy. For traditional managed objects COMMON can be excluded, making it possible to copy only the language specific data, leaving the language-independent data (COMMON) unchanged if the object exists on the target.


Recommendations

•Data set projects are meant for relatively small data sets of static data.and not recommended for large data sets.

•Do not change the source Data Migration Project file after the compare been performed.

•Setting up the Project Repositories and areas is a one time activity. The directories should first be created by a system administrator with read/write access permissions for the users who will start the application and process schedule servers.

Permanent link to this article: http://alokbhardwaj.com/oracle-peoplesoft/2013/07/25/data-migration-workbench/

Feb 14

PeopleSoft Cumulative Feature & Fit/gap analysis

In any PeopleSoft application or PeopleTools upgrade process, you will need to perform a fit gap between your current version of PeopleSoft in order to find the differences. This is a daunting task to do when it comes to delivered functionality. For example, many people want to know what are the major differences between my version and the new one.

Oracle provides a cumulative feature overview tool for PeopleSoft to start your fit gap analysis.This tool is basically an Excel spreadsheet, that enables you to quickly understand major changes that have occurred across multiple releases for any give product. For example, if you are on PeopleSoft FSCM 9.0 and are looking for the changes that have occurred between 9.0 and 9.1, this new tool allows you to enter your current version and will provide you with a list of these changes for all releases since your version with detailed descriptions. The same is applicable to any source and target PeopleTools release.

If you want to download the new tool, you can go to My Oracle Support at the link below and login with your credentials.

https://support.oracle.com/epmos/faces/DocContentDisplay?_afrLoop=1023358752541899&id=1117033.1&_afrWindowMode=0&_adf.ctrl-state=rturvgxol_4

Permanent link to this article: http://alokbhardwaj.com/oracle-peoplesoft/2013/02/14/peoplesoft-cumulative-feature-fitgap-analysis/

Jul 24

RVP for HCM and FSCM 9.2

The roadmap is clear, for HCM and FSCM 9.2. Yesterday, Release Value Propositions for HCM and FSCM 9.2 has been released by Oracle. Items like iPad certification (with Safari as browser) and Pivot Grids are great, however, more or less related to PeopleTools 8.52. So PT 8.52 has been a pre-requisite to use the same features/technology for HCM and FSCM 9.2.
Moreover, a new term has been introduced, PeopleSoft Interaction Hub for PeopleSoft Applications Portal. Unlike the old days, this product now comes with an HCM or FSCM license. This will be a great change for the customers who are using the most used features, Dynamic Unified Navigation and Site-wide branding. Earlier, for these features too, customers had to purchase the entire license.
Now for the enhancements per license:
HCM
Smart HR – extension on Template Based Hire
Headcount Pivot Grids
Profile Management Enhancements – based on Secure Enterprise Search
Open compensation cycle job changes
Compensation Pivot Grids
Compensation history
ePerformance Workcenter
ePerformance Outlook integration
E-learning homepage / self service
Recruitment Gateway – with various 360 screens like in CRM (Job Opening, Applicant)
Recruiting Pivot Grids
Benefits
Absence with Outlook integration
Approval via HTML e-mail
HR Helpdesk – self service homepage, FAQ enhancements, discussion forums
There is more, for FSCM
Extending Global Reach
Financial Control & Reporting Business Process Overview
Plan to Retire Business Process Overview
Program and Portfolio Management Business Process Overview
Order to Cash Business Process Overview
Plan to Produce Business Process Overview
Source to Settle Business Process Overview
Industry Enhancements – General Ledger, Healthcare, Higher Education / Research

Permanent link to this article: http://alokbhardwaj.com/oracle-peoplesoft/2012/07/24/rvp-for-hcm-and-fscm-9-2/

Oct 25

Application Server failed to boot

While booting the application server on AIX 6.1, I encountered the below issue:
PSAPPSRV.921614 (0) [03/18/10 10:24:55](3) PSJNI: Creating a Java VM instance
PSAPPSRV.979130 (0) [03/18/10 10:24:56](3) PSJNI: Created a Java VM instance
PSAPPSRV.979130 (0) [03/18/10 10:24:56](1) PSJNI: EnvImplementation::threadAttach: Could not attach to the Java VM
PSAPPSRV.979130 (0) [03/18/10 10:24:56](1) PSJNI: EnvImplementation::Ctor: Failed to attach the current thread
PSSAMSRV.868352 (0) [03/18/10 10:24:56](3) PSJNI: Created a Java VM instance
PSAPPSRV.921614 (0) [03/18/10 10:24:56](3) PSJNI: Created a Java VM instance
PSAPPSRV.921614 (0) [03/18/10 10:24:56](1) PSJNI: EnvImplementation::threadAttach: Could not attach to the Java VM
PSAPPSRV.921614 (0) [03/18/10 10:24:56](1) PSJNI: EnvImplementation::Ctor: Failed to attach the current thread
PSSAMSRV.868352 (0) [03/18/10 10:24:56](1) PSJNI: EnvImplementation::threadAttach: Could not attach to the Java VM
PSSAMSRV.868352 (0) [03/18/10 10:24:56](1) PSJNI: EnvImplementation::Ctor: Failed to attach the current thread
To solve this issue, I added PS_HOMEjrebin to the app server AddToPATH variable.

Permanent link to this article: http://alokbhardwaj.com/oracle-peoplesoft/2010/10/25/application-server-failed-to-boot/

Oct 25

PeopleTools client error on workstation

After setting up the client on the windows machine, sometimes users get the error message while trying to run pscfg.exe, pside.exe or psdmt.exe.
PS_HOMEbinclientwinx86pscfg.exe
Error: This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem
In the PeopleTools 8.50 Installation guide, the task titled “Verifying Necessary Files for Installation on Windows” explains that the issue is caused by the C Run Time (CRT) files not getting updated which will cause PeopleTools not to run.
This from the PT 8.50 Installation guide Task “Verifying Necessary Files for Installation on Windows”:
PeopleSoft PeopleTools 8.50 is developed using Microsoft Visual C++ 2005. Microsoft, as part of VC++ 2005, changed the way applications use and ship the required C Run Time (CRT) files (these files are installed as shared assemblies). PeopleSoft PeopleTools 8.50 programs require these files to be present or the programs will not run.
During PeopleSoft PeopleTools installation, the install programs will automatically update the Microsoft Windows machine performing the installation. However, if the bin folder or PS_HOME has been copied from one machine to any other machine to run PeopleTools, chances are the MS VC++ modules might not have installed already on that machine and user might get the error while trying to run any PeopleTools executable:
Error: This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem
To implement the solution, execute the following steps:
1. Go to PS_HOMEsetupvcredist.
2. Run vcredist_x86.exe.
The installation is completed automatically.
Try running any PeopleTools client executable now.

Permanent link to this article: http://alokbhardwaj.com/oracle-peoplesoft/2010/10/25/peopletools-client-error-on-workstation/

Older posts «