PeopleSoft on the Oracle Cloud – what does it mean? March 14, 2016Posted by Duncan in Cloud, Infrastructure, TW.
There have been a few announcements over the last couple of weeks about the Oracle Public Cloud. But what does it actually mean for the PeopleSoft community?
What is Oracle Public Cloud?
The Oracle Public Cloud is Oracle’s competitor to the Infrastructure as a Service (IaaS) providers that have swiftly risen to create a whole industry that didn’t exist 10 years ago. Because they’re the market leader (by far) everyone automatically thinks of Amazon, however Microsoft Azure, Google Compute and Rackspace are also players in the market.
As PeopleSoft adopts more SaaS-like features (new UI, incremental updates etc) companies have started to move their infrastructure from their own data-centres to the cloud. For many companies this makes good business sense, however rather than have customers going to a 3rd party provider Oracle would rather provide the cloud service themselves. Obviously this is better for Oracle, however the customer benefits too (retaining a single vendor, and Oracle can potentially optimise their applications for their own cloud better than they can for Cloud infrastructure belonging to other vendors). There may also be cost savings for the customer, however I haven’t looked at pricing yet.
Doesn’t Oracle already do Hosting?
Yes, Oracle has long had a service that will host infrastructure on your behalf – Oracle On Demand. This is more of an older-style ASP (Application Service Provider). You’re more likely to be on physical hardware without much in the way of flexibility/scalability and tied into a long-term hosting contract, so the Oracle Public Cloud is a major step forwards in a number of ways.
How will Oracle Public Cloud be better?
I attended a couple of workshops on this last week and it looks very promising. It has all the attributes required for it to be properly classed as ‘Cloud’:
- subscription pricing,
- elasticity of resources (so you can scale instances according to demand),
- resilience of data centres (so, if you’re based in the UK you might be looking at the Slough data centre, however there are two ‘availability zones’ within Slough so if one gets hit by an outage you’ll still be able to connect to the other one)
Interestingly, it also includes several ‘Database as a Service’ offerings, each offering increasing levels of performance. With this model you don’t need to worry about the virtual machine, operation system etc that your database runs on, you receive access to a database and leave the maintenance to others. You would still need to have your other tiers on the IaaS offerings.
This opens up the possibility of multiple tiers of Cloud service:
- Just the Infrastructure (client does all the database and application admin)
- DBaaS (client has other tiers on IaaS, but does not do DB admin)
- Full Cloud solution (uses Oracle Cloud and a partner to do all administration)
How can I best take advantage?
The best time to move is probably at the same time as an upgrade. Upgrades normally come with a change in some of the hardware (due to the supported platforms changing) so moving to the cloud allows the hardware to change without any up-front costs.
PeopleSoft 9.2 and the more recent PeopleTools versions have a lot of features that were built for the Cloud, so by running it on-premises you’re not realising the full capabilities of your investment.
We’d recommend you try using the Cloud for your Dev and Test instances first, before leaping in with Production at a later date. Oracle have tools to help you migrate on-premises instances to their Cloud. (At this point – Mar 2016 – we have not tested these tools.)
What will the challenges be?
The first challenge is “how do I try it?”. This is pretty straightforward, in that you get a partner to demonstrate to you, or can get yourself an Oracle Public Cloud account and then provision a PeopleSoft instance using one of the PUM images as a demo. This would work fine to look at new functionality, or as a conference room pilot.
One of the biggest challenges is likely to be security – not the security of Oracle’s cloud, but securing your PeopleSoft instances which previously might have been only available within your corporate LAN. If you need assistance with this speak to a partner with experience using Oracle Public Cloud.
Monitoring/Automating PeopleSoft with Open Source Tools March 20, 2012Posted by Duncan in Infrastructure, UKOUG.
About a week ago I posted a video over on the Succeed Blog of a session I gave at the UKOUG PeopleSoft Conference.
If you read this blog and haven’t yet added the Succeed blog into your feed reader I suggest you do so as there’ll be an increasing amount of content there, both from myself and my colleagues.
Restrict external access to PeopleSoft with Squid June 8, 2011Posted by Duncan in Infrastructure, PeopleSoft.
I recently had to expose a client’s PeopleSoft installation to the outside world, which I did in the usual manner (additional PIA in the DMZ etc).
We wanted to use the “closed by default, open by exception” approach, so we would start by blocking access to everything and then open the areas we needed access to URL by URL. I suspected that the final ‘URL Whitelist’ might take many iterations to get right and as the Reverse Proxy in the DMZ was outside of my control I needed to trial it somewhere else first.
I commandeered one of our less frequently used environments and went about searching for a quick/free method of blocking access. After trying a few different approaches I settled on Squid, the open-source forward-proxy / web-caching server. Although it’s better known for running on Unix systems, there is a Windows implementation and it can operate perfectly well as a reverse-proxy.
Setting up Squid
Once I’d downloaded and unzipped the binaries, and installed it as a service (using this helpful write-up as a guide) it was just a case of setting the rules.
In the ACLs section I added my bad and good URLs:
acl bad_url urlpath_regex *DEV* acl good_url urlpath_regex "c:\squid\etc\good-urls.squid"
This would block any URL with DEV in (my chosen environment was DEV), but then allow any URLs in the ‘good-urls.squid’ file. I then had specify in the http_access section what to do with these ACL groups.
http_access allow good_url http_access deny bad_url http_access allow all
It took me a few goes to get this right as the last line confused me for a while, but luckily there are copious notes in the provided .conf file:
If none of the “access” lines cause a match, the default is the opposite of the last line in the list. If the last line was deny, the default is allow. Conversely, if the last line is allow, the default will be deny.
I was happy leaving my PeopleSoft environment on port 80 and Squid on 3128 as this is just a temporary setup for my testing. Obviously Squid would be on port 80 if this was a production setup.
I amended the default port line thus:
http_port 3128 defaultsite=xxx.yyy.com
(where xxx is the hostname and yyy is the domain name)
And finally I added this line:
cache_peer 127.0.0.1 parent 80 0 originserver default
I used 127.0.0.1 as Squid is on the same host as the PIA, and the rest is for forwarding.
In the Web Profile ‘Virtual Addressing’ tab, add the reverse proxy details. This willensure that PeopleSoft uses the reverse-proxy port number. Bounce the PIA.
Custom Error Page
If you want a nice custom ‘Access Denied’ page instead of the default Squid one, they can be found in ‘C:\squid\share\errors\English’. They have no file extension, but they’re HTML so a cinch to amend.
Building up the good-urls.squid file
This is largely going to vary depending upon what you want to expose to the external users. A lot of what we opened up were custom pages so there isn’t a lot of value sharing the full file here. Having said that, here is a snippet of our file:
*login* *css */psp/ps/EMPLOYEE/HRMS/h/* */cs/ps/cache/* */ps/images/* */psc/ps/*viewattach* */psp/ps/EMPLOYEE/HRMS/c/ROLE_EMPLOYEE.GP_SS_EE_PSLP.GBL* */ps/ckeditor/* */psc/ps/EMPLOYEE/HRMS/c/HRS_HRAM.HRS_CE.GBL* */psp/ps/EMPLOYEE/HRMS/c/HRS_HRAM.HRS_CE.GBL* */psc/ps/EMPLOYEE/HRMS/s/WEBLIB_TIMEOUT.PT_TIMEOUTWARNING.FieldFormula.IScript_TIMEOUTWARNING */psc/ps/EMPLOYEE/HRMS/\?cmd=expire */psp/ps/EMPLOYEE/HRMS/\?cmd=expire */psp/ps/EMPLOYEE/HRMS/\?cmd=logout
Lines 1 and 2 sort out the signon page.
Line 3 is the Employee Portal homepage.
Lines 4 and 5 are for images. Lines 6 and 8 are for viewing attachments and the Rich Text editor.
Lines 7, 9 and 10 are sample PeopleSoft pages/components.
The remainder deal with the timeout and signout links.
(Assuming that your PIA site is ‘ps’)
And you’re done. There are a few little quirks to note.
Firstly, every time you change your URLs file you’ll need to restart the Squid service, but it’s a quick process so doesn’t hold you up too much.
Secondly, PeopleSoft frequently uses the ‘?’ special character as a URL delimiter so Squid only matches against the characters before this point. There are several occasions when you need to match against the full URL which is why I’ve used url_path_regex in the ACL section above. This allowed me to escape the special characters so that the log-out, time-out and view attachment links work ok.
Service Start Up – Automatic (Delayed) July 15, 2009Posted by Duncan in Administration, Infrastructure, Windows.
I’ve been spending a little time putting together a VM using Windows Server 2008 and was pleasantly surprised to see that there is a new start-up type when configuring the PIA, App Server and Process Scheduler to start as services.
As well as Automatic, Manual and Disabled, there is now an Automatic (Delayed) option.
David Kurtz has spoken about using service dependencies, but I just want my App Server and Process Scheduler to start after the intial flurry of start-up activity has finished and everything else has calmed down.
Services that have a delayed start still start automatically, they just wait until all the services that aren’t delayed to finish before firing up.
It works a treat!
REN Server Ports on Multi-App Installations February 7, 2008Posted by Duncan in Administration, Infrastructure, Oracle, PeopleSoft, PeopleTools, PS Admin.
When you have more than one App Server on a single machine – and they both need to run a Ren Server process – you need to adjust the port number in the same way you do for other processes (although the REN Server is easy to miss – like I did – as it’s near the bottom away from the other port numbers).
If you do boot the App Server without changing the port you’ll get an error message:
exec PSRENSRV -A -- -C psappsrv.cfg -D PADMO -S PSRENSRV : CMDTUX_CAT:1685: ERROR: Application initialization failure
tmboot: CMDTUX_CAT:827: ERROR: Fatal error encountered; initiating user error handler
OK, you think. I know what that is, it must be a port clash. So you reconfigure the port in PSADMIN and then try to boot it again. Same error. Checking the REN Server log gives the following clue:
(ERROR) nssock: Cannot listen on port 7180. The port may already be in use.
It’s still looking on port 7180, not the new port!
The missing step is to update the database, as the port is stored there also:
UPDATE PSREN SET PORT_NUM = 7185, SSLPORT_NUM = 7148
You should then find you App Server and Ren Server boot fine.
Tolerance of slow App Server boot January 22, 2008Posted by Duncan in Infrastructure, Oracle, PeopleSoft, PeopleTools, PS Admin, Tuxedo.
In one of the more recent versions of Tools (8.49 is the first time I’ve noticed it, but that doesn’t mean it hasn’t been around in prior versions) I’ve noticed that occasionally the boot of an Application Server will fail with an error.
Booting admin processes ...
exec BBL -A :
CMDTUX_CAT:1863: INFO: Process ID=2636 Assume failed (timeout).
At the time of writing, there is nothing in Customer Connection for this, and a google search wasn’t particularly helpful either. So I had to resort to a technique from pre-Google days – i.e. work it out myself. Thankfully it wasn’t too difficult. (more…)
I think I’ve stumbled across a better way of remotely administering servers than using remote control software and PSADMIN. There’s a tool called the ‘Tuxedo Administration Console’ (or sometimes ‘WebGUI’) which does the job also.
It looks like this:
Once you’ve done a little bit of config (no more than 15 minutes, and it’s just config, there’s nothing additional to install) you just point the web browser on your client PC to a URL and it loads up the above screen.
You drop down the Domain menu to choose which App Server or Process Scheduler to administer, then use it to start and stop the domain, or you can do individual processes if you prefer. (For example, on my current client site we have a developer who frequently hangs the domain by using all of the PSAPPSERV processes during debugging. Using this tool, we could change the Max App Servers setting and then boot a couple of extra App Servers, all in a few clicks and without rebooting the domain.)