Oracle Financial System

2,837 views
2,746 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,837
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
22
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Oracle Financial System

  1. 1. Oracle Financial System Mary Ann Carr September 14, 2000
  2. 2. Financial Management Project <ul><li>The Financial Management Project (FMP) is a university-wide initiative to improve Carnegie Mellon’s financial systems and processes. FMP includes implementation of: </li></ul><ul><ul><li>Integrated financial system (Oracle) </li></ul></ul><ul><ul><li>Redesigned work processes </li></ul></ul><ul><ul><li>Financial policies and consistent, university-wide procedures </li></ul></ul><ul><ul><li>Comprehensive user education </li></ul></ul>
  3. 3. Oracle Implementation Timeline <ul><li>May 1997 - Acquired Oracle Applications and development tools </li></ul><ul><li>August 1997 - Beta Test Grants Management </li></ul><ul><li>1998 - 1999 - Project Implementation </li></ul><ul><li>November 1999 - “Big Bang” Go-Live </li></ul><ul><li>Today - System Stabilization and Upgrade Preparation </li></ul><ul><ul><ul><li>- 300 Central and Campus Business Users </li></ul></ul></ul><ul><ul><ul><li> - 600 Casual Users </li></ul></ul></ul>
  4. 4. FMP Deployment Requirements <ul><li>Support all major campus desktop platforms </li></ul><ul><li>Achieve excellent performance on all platforms </li></ul><ul><li>Implement a ‘thin client’ </li></ul><ul><li>Minimize software installation, distribution and maintenance </li></ul><ul><li>Leverage existing infrastructure </li></ul><ul><li>Mitigate any/all security risks </li></ul>
  5. 5. Oracle Applications Overview <ul><li>Core Financial Applications </li></ul><ul><li>Self Service Web Applications </li></ul><ul><li>Application Desktop Integrator Applications </li></ul><ul><li>Budget Spreadsheet </li></ul><ul><li>Feeder File Interface System </li></ul><ul><li>CITRIX Application Server </li></ul>
  6. 6. Core Financial Applications - Overview <ul><li>Internet (Network) Computing Architecture </li></ul><ul><li>Multi-Tier Tier Architecture </li></ul><ul><ul><li>Database Tier - DB, stored procedures, executables </li></ul></ul><ul><ul><li>Application - web server, forms server </li></ul></ul><ul><ul><li>Client - java-enabled web browser or applet viewer, forms client applet </li></ul></ul><ul><li>GUI Interface with ‘Thin’ Client Implementation </li></ul><ul><li>Java Applet connects to Oracle’s forms server, excepting initial signon HTML page </li></ul>
  7. 7. Multi-Tier Architecture
  8. 8. Self Service Web Applications <ul><li>Web-based Interface for Casual Users (travel expense reporting, pcard distributions) </li></ul><ul><li>HTML and JavaScript </li></ul><ul><li>Direct connection to an HTTP listener running Oracle Web Application Server </li></ul><ul><li>Logic is executed through the Web Application Server’s PL/SQL Cartridge, and Java servlets </li></ul><ul><li>Database communication via JDBC </li></ul>
  9. 9. Application Desktop Integrator <ul><li>Excel-based interface and extension to Oracle application database </li></ul><ul><li>Supports budget entry, journal entry, reporting, and analysis </li></ul><ul><li>Communicates via SQL*Net to database </li></ul>
  10. 10. Budget Spreadsheet <ul><li>Custom Excel-based budgeting tool </li></ul><ul><li>Template files stored on file server </li></ul><ul><li>Working budget files updated and stored locally </li></ul><ul><li>Two possible transport mechanisms </li></ul><ul><ul><li>Budget inload functionality of ADI </li></ul></ul><ul><ul><li>Web-based upload to interface tables </li></ul></ul>
  11. 11. Feeder File Interface System <ul><li>Mechanism for uploading feeder files for import into Oracle GL and/or GM </li></ul><ul><li>Validates and inloads feeder transactions </li></ul><ul><li>Provides e-mail notification of process success/failure </li></ul>
  12. 12. CITRIX Application Server <ul><li>NT terminal server implementation to support UNIX, Macintosh and low-end PCs </li></ul><ul><li>Access to Core Financials </li></ul><ul><li>Access to ADI </li></ul><ul><li>Possible file server for budget spreadsheet </li></ul>
  13. 13. System Configuration
  14. 14. Core Financial Applications Security <ul><li>Features </li></ul><ul><li>Signed Java Applet guarantees its authenticity to the forms client and ensures that the forms server only accepts connections from “certified” forms clients (open TAR) </li></ul><ul><li>All communication between the Forms client applet and forms server is encrypted using the RSA RC4 40-bit standard form of encryption </li></ul><ul><li>Application level security intact: login id/password challenge/response </li></ul><ul><li>Concerns </li></ul><ul><li>Neither Web Browser (w/Java Plug-In, Jinitiator) nor Applet Viewer supports Secure Socket Layer transport (data encryption between the client and web server) at this time…desire for stronger encryption </li></ul><ul><li>No certified Macintosh or Unix JVM as of 3/31/99 </li></ul><ul><li>Additional login/password…desire to move to kerberos-based single sign-on </li></ul>
  15. 15. Self Service Web Applications Security <ul><li>Features </li></ul><ul><li>Supports Secure Socket Layer transport (data encryption between the client and web server) </li></ul><ul><li>Application level security intact: login id/password challenge/response </li></ul><ul><li>Concerns </li></ul><ul><li>Additional login/password…desire to move to kerberos-based single sign-on </li></ul>
  16. 16. Application Desktop Integrator Security <ul><li>Features </li></ul><ul><li>Application level security intact: encrypted login id/password challenge/response </li></ul><ul><li>Ability to implement Oracle’s advanced networking option for stronger encryption </li></ul><ul><li>Concerns </li></ul><ul><li>Additional login/password…desire to move to kerberos-based single sign-on. </li></ul><ul><li>Physical security of local files…training issue </li></ul><ul><li>Excel is susceptible to viruses... train users to use anti-virus protection and to use caution when enabling embedded macros </li></ul>
  17. 17. Budget Spreadsheet Security <ul><li>Features </li></ul><ul><li>Supports Secure Socket Layer transport (data encryption between the client and web server) via HTTPS to upload site </li></ul><ul><li>Kerberos authentication of Andrew ID </li></ul><ul><li>Concerns </li></ul><ul><li>Physical security of local files…training issue </li></ul><ul><li>Excel is susceptible to viruses... train users to use anti-virus protection and to use caution when enabling embedded macros </li></ul>
  18. 18. Feeder File Interface Process Security <ul><li>Features </li></ul><ul><li>Secure transfer options </li></ul><ul><ul><li>HTTPS - andrew authenticated and SSL encrypted, web-based upload </li></ul></ul><ul><ul><li>SCP - encrypted transfer via public key encryption for unix to unix transfers </li></ul></ul><ul><li>Secured directory structure based on authenticated user id and limited access (only upload or download) </li></ul><ul><li>Concerns </li></ul><ul><li>Physical security of local files with hardcoded login/password…training issue </li></ul>
  19. 19. CITRIX Application Server Security <ul><li>Features </li></ul><ul><li>Standard NT account security (encrypted login) </li></ul><ul><li>RSA RC5 add-on option </li></ul><ul><li>Secured directory structure based on authenticated user id and limited access </li></ul><ul><li>Supports all standard Oracle application security features </li></ul><ul><li>Concerns </li></ul><ul><li>Virus susceptibility…use anti-virus protection </li></ul><ul><li>Security holes in NT…apply service paks and all patches </li></ul>
  20. 20. FMP Application Security FMP Application Security <ul><ul><li>Application Username/Password </li></ul></ul><ul><ul><li>Custom ‘responsibilities’ determine which forms, reports, functions, and data users can access </li></ul></ul><ul><ul><li>Employee level set-ups determine approval relationships (workflow) and purchasing authority </li></ul></ul><ul><ul><li>Secured ‘value sets’ limit the range of data users can access by responsibility </li></ul></ul><ul><ul><li>Customizations provide additional security to implement business rules, e.g. GM Award Security Extension </li></ul></ul>
  21. 21. Additional Security Measures <ul><ul><li>Fire wall (TIS) prevents direct connection to any administrative host </li></ul></ul><ul><ul><li>Business Net isolates ‘trusted’ user community (caveat: need to verify on an on-going basis) </li></ul></ul><ul><ul><li>SSH 1.2.26 for encrypted developer connections </li></ul></ul><ul><ul><li>Reset Oracle’s default passwords for ‘root’ accounts </li></ul></ul><ul><ul><li>Audit user sessions (performance considerations) </li></ul></ul>

×