EnterpriseOne (E1) ERP Employee Self-Service
We are starting a Employee Self-Service project in the next month or so. The overall goal of which is to provide a place where employees can view/change their personal information: address, phone number, W-4, dependants, etc. There are many application setup things that need to happen in order for this to be possible. Luckily for me, I don’t have to worry about the function setup, but am concerned about the technical stuff.
From a CNC perspective, this could be a nightmare. We’ve done a fairly decent job restricting the sprawl of our system to being very basic: 1 Enterprise Server, 1 Deployment Server, 1 JAS Server. Ok, maybe only having 1 JAS server isn’t really recommended but there are plans to add to that.
Anyway, there seems to be 4 basic hurdles to clear:
- What about the additional users that do not currently use E1?
Additional users, which have never seen E1 before, will be added to E1. To create the user profiles, we will either import from the Address Book (R0092) or enter them by hand. There will also be some security work to setup additional roles to access the Employee Self-Service stuff. Application support for these users will need to be coordinated with the PC Helpdesk, Human Resources and Payroll departments.
- How will the users be presented the application?
There seem to be 3 choices on this issue: 1) Use the portal. 2) Use the normal UI with a scaled down menu. 3) Setup our own web page that links to the applications using parameterized URLs.
Here is a quick rundown of why we decided on option 3:
- Option 1: adds system complexity; may cause a degradation in performance; lacking current in-house JAVA expertise for UI modifications
- Option 2: may confused users by presenting them with an unfriendly menu; no control over the UI
- Option 3: greatest control over the UI using current staff expertise; maintains system simplicity
- Can the users access it from home?
Now, this one worried me a little. However, I know that it can be done using SSL. I don’t exactly know how to do this, but shouldn’t be too difficult.
- What happens to the server during the last week of the Open Enrollment Period when everyone is making their selections?
There will be about a month out of the year that the system will be very heavily utilized, which may require additional JAS servers. That means setting up a cluster of Websphere servers, both horizontal and vertical. I’m not real excited about this either, but I know it can be done.
These three things really shouldn’t be too difficult to tackle, but could definitely cause some issues.
My main concern is numbers 3 & 4. I really don’t want to add anymore complexity that is required.
Then, I got wind of a project that was going on with our internet servers and MS SharePoint (I am a secondary administrator for the web servers and like to make sure I know what is going on in that arena). Anyway, they are testing Microsoft’s Internet Security and Acceleration (ISA) Server.
What is it? The following is from the ISA web site:
ISA Server 2006 is an integrated edge security gateway that helps protect IT environments from Internet-based threats while providing users fast and secure remote access to applications and data.
We’ve done some preliminary tests and have found that both issues 3 & 4 could be resolved using an ISA server without installing SSL or clustering Websphere.
Not too bad for Micro$oft!
Thanks!
Let me know if there is anything that you are interested in that I could maybe help with.
Ilove the blog. I bookmarked your post
Are you still using an ISA server, or migrated to WebLogic? We are concerned with security, and have read issues with WebLogic getting hacked.
https://www.securityweek.com/hackers-target-poorly-patched-oracle-weblogic-flaw
Hey, Daniel. Thanks for the question. However, many things have changed since this post in 2008. I no longer work for that organization and Microsoft has drastically changed ISA Server into the all encompassing monster that was Microsoft Forefront Threat Management Gateway which was discontinued in 2012. I’m not really sure what or if they replaced it with anything. Unfortunately, no matter what product you use to present a web page to your users, there will come a time when you are vulnerable. It’s the nature of web security. That being said, I would use Weblogic, because of performance and ease of support through Oracle My Support, along with a layered protection approach between the hacker and the data. This can take many forms (firewalls, reverse proxy, etc.) but any good IT security professional can point you in the right direction. Essentially, keep the JDE CNC stuff simple and add the complexity outside of JDE.