- August 9, 2017
- Posted by: admin
- Category: Blog
Overview:
Quite a few customers even in the security-sensitive industries have migrated to JDE 9.2 but are still considering various options to secure their infrastructure before opening up access to their BSSV and AIS servers to the outside world. Ephlux is actively helping such customers implement infrastructure security that enables them to publish their JDE integration touch points to fully utilize the key benefits of JDE 9.2 i.e. Published Business Services, IoT Orchestration, and AIS.
Challenges:
Enterprise level organizations have strong security policies especially for JD Edwards but they also have security concerns over extend the server access and publish them over the internet for 3rd party vendors and is a major concern for the network security and infrastructure teams to provide a secure and seamless solution. Some Key challenges that we often face are listed below:
- JD Edwards 9.2 is under DMZ and has to publish externally in a secure manner.
- JAS and BSSV servers slow response in peak hours.
- Securing Integrated servers endpoint i.e. BSSV, AIS
- AIS Server to handle the huge volume generated from IoT devices.
Solution Architecture:
The way we normally solve it is by incorporating the industry standard F5 Web Application Firewall (WAF), which has the capability to scale server horizontally and securing the published endpoints based on enterprise security policy. grant access to selected inbound and outbound TCP ports and adding Whitelist IP’s on the external firewall to make it more secure. Data encryption layer using SSL also help the customer to secure end to end data transfer.
Key Feature:
- Secure Environment: All traffic which is going out to DMZ and over the internet is secured and only selected ports are allowed in the firewall to communicate externally with specific whitelist IP’s. Moreover, authorization security will be added based on the enterprise security policy.
- High Availability: in-case of node downtime like BSSV, JAS and AIS, this solution has a capability to divert all the traffic seamlessly to other nodes.
- Load Balancing Methodology: Multiple load balancing approaches are available which can be configured based on customer requirement i.e. Round Robin, Least connection etc.
- Performance Improvement: Using this approach your JDE 9.2 environment will definitely get a breathing space and customer will feel a significant difference in terms of performance especially in server response time.
- User Session Handling: The key concern for system team is around how to handle user session, above solution covering that aspect by handling user session on load balancer level.
- Extensible and Adaptable: Oracle roadmap clearly stated to support JDE till 2028 or more, which means that they will bring more key feature and may introduce more integration needs. So it’s time to plan for an upgrade if you missed and move on the next level by introducing secured and scalable solution.
BSSV, AIS and IoT Orchestrator:
In an age of digital business, most companies run their operations on multiple systems and applications. To get the most value from these technology investments, seamless integrations are vital. in JD Edwards 9.2 release Oracle focused on the integration by introducing AIS and IoT Orchestrator to integrate with Oracle IoT Cloud, Oracle Cloud Apps, and third-party solutions.
Here is quick background of each component which helps customer to identify their integration needs.
- Business Services (BSSV) – SOAP Based API helps JDE to integrate with 3rd party on-prem or cloud based applications including CRMs, E-Commerce, HCM Cloud
- Application Interface Services (AIS) – REST Based API used for chatty applications such as mobile applications, social applications. It also provides the basis for Orchestrator.
- IoT Orchestrator – The internet of things orchestrator allows business users to collect and filter raw data collected from sensors or devices and feed that data into EnterpriseOne. IoT Orchestrator allows you to define and design an orchestration using a graphical user interface
We would love to hear from customers who are facing infrastructure security challenges or in the planning phase to expose JD Edwards to outside world.