Download
oracle financial system mary ann carr september 14 2000 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Oracle Financial System Mary Ann Carr September 14, 2000 PowerPoint Presentation
Download Presentation
Oracle Financial System Mary Ann Carr September 14, 2000

Oracle Financial System Mary Ann Carr September 14, 2000

169 Views Download Presentation
Download Presentation

Oracle Financial System Mary Ann Carr September 14, 2000

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Oracle Financial System Mary Ann Carr September 14, 2000

  2. Financial Management Project • The Financial Management Project (FMP) is a university-wide initiative to improve Carnegie Mellon’s financial systems and processes. FMP includes implementation of: • Integrated financial system (Oracle) • Redesigned work processes • Financial policies and consistent, university-wide procedures • Comprehensive user education

  3. Oracle Implementation Timeline • May 1997 - Acquired Oracle Applications and development tools • August 1997 - Beta Test Grants Management • 1998 - 1999 - Project Implementation • November 1999 - “Big Bang” Go-Live • Today - System Stabilization and Upgrade Preparation - 300 Central and Campus Business Users - 600 Casual Users

  4. FMP Deployment Requirements • Support all major campus desktop platforms • Achieve excellent performance on all platforms • Implement a ‘thin client’ • Minimize software installation, distribution and maintenance • Leverage existing infrastructure • Mitigate any/all security risks

  5. Oracle Applications Overview • Core Financial Applications • Self Service Web Applications • Application Desktop Integrator Applications • Budget Spreadsheet • Feeder File Interface System • CITRIX Application Server

  6. Core Financial Applications - Overview • Internet (Network) Computing Architecture • Multi-Tier Tier Architecture • Database Tier - DB, stored procedures, executables • Application - web server, forms server • Client - java-enabled web browser or applet viewer, forms client applet • GUI Interface with ‘Thin’ Client Implementation • Java Applet connects to Oracle’s forms server, excepting initial signon HTML page

  7. Multi-Tier Architecture

  8. Self Service Web Applications • Web-based Interface for Casual Users (travel expense reporting, pcard distributions) • HTML and JavaScript • Direct connection to an HTTP listener running Oracle Web Application Server • Logic is executed through the Web Application Server’s PL/SQL Cartridge, and Java servlets • Database communication via JDBC

  9. Application Desktop Integrator • Excel-based interface and extension to Oracle application database • Supports budget entry, journal entry, reporting, and analysis • Communicates via SQL*Net to database

  10. Budget Spreadsheet • Custom Excel-based budgeting tool • Template files stored on file server • Working budget files updated and stored locally • Two possible transport mechanisms • Budget inload functionality of ADI • Web-based upload to interface tables

  11. Feeder File Interface System • Mechanism for uploading feeder files for import into Oracle GL and/or GM • Validates and inloads feeder transactions • Provides e-mail notification of process success/failure

  12. CITRIX Application Server • NT terminal server implementation to support UNIX, Macintosh and low-end PCs • Access to Core Financials • Access to ADI • Possible file server for budget spreadsheet

  13. System Configuration

  14. Core Financial Applications Security • Features • Signed Java Applet guarantees its authenticity to the forms client and ensures that the forms server only accepts connections from “certified” forms clients (open TAR) • All communication between the Forms client applet and forms server is encrypted using the RSA RC4 40-bit standard form of encryption • Application level security intact: login id/password challenge/response • Concerns • Neither Web Browser (w/Java Plug-In, Jinitiator) nor Applet Viewer supports Secure Socket Layer transport (data encryption between the client and web server) at this time…desire for stronger encryption • No certified Macintosh or Unix JVM as of 3/31/99 • Additional login/password…desire to move to kerberos-based single sign-on

  15. Self Service Web Applications Security • Features • Supports Secure Socket Layer transport (data encryption between the client and web server) • Application level security intact: login id/password challenge/response • Concerns • Additional login/password…desire to move to kerberos-based single sign-on

  16. Application Desktop Integrator Security • Features • Application level security intact: encrypted login id/password challenge/response • Ability to implement Oracle’s advanced networking option for stronger encryption • Concerns • Additional login/password…desire to move to kerberos-based single sign-on. • Physical security of local files…training issue • Excel is susceptible to viruses... train users to use anti-virus protection and to use caution when enabling embedded macros

  17. Budget Spreadsheet Security • Features • Supports Secure Socket Layer transport (data encryption between the client and web server) via HTTPS to upload site • Kerberos authentication of Andrew ID • Concerns • Physical security of local files…training issue • Excel is susceptible to viruses... train users to use anti-virus protection and to use caution when enabling embedded macros

  18. Feeder File Interface Process Security • Features • Secure transfer options • HTTPS - andrew authenticated and SSL encrypted, web-based upload • SCP - encrypted transfer via public key encryption for unix to unix transfers • Secured directory structure based on authenticated user id and limited access (only upload or download) • Concerns • Physical security of local files with hardcoded login/password…training issue

  19. CITRIX Application Server Security • Features • Standard NT account security (encrypted login) • RSA RC5 add-on option • Secured directory structure based on authenticated user id and limited access • Supports all standard Oracle application security features • Concerns • Virus susceptibility…use anti-virus protection • Security holes in NT…apply service paks and all patches

  20. FMP Application Security FMP Application Security • Application Username/Password • Custom ‘responsibilities’ determine which forms, reports, functions, and data users can access • Employee level set-ups determine approval relationships (workflow) and purchasing authority • Secured ‘value sets’ limit the range of data users can access by responsibility • Customizations provide additional security to implement business rules, e.g. GM Award Security Extension

  21. Additional Security Measures • Fire wall (TIS) prevents direct connection to any administrative host • Business Net isolates ‘trusted’ user community (caveat: need to verify on an on-going basis) • SSH 1.2.26 for encrypted developer connections • Reset Oracle’s default passwords for ‘root’ accounts • Audit user sessions (performance considerations)