Cloud Based Enterprise Resource Planning Using Software As A Service

Transcription

1 Cloud Based Enterprise Resource Planning Using Software As A Service Sujatha A1, Jayasudha R2, Prof Srinivasan. R3 M.Tech (IT) Student, Department of IT, PSV College of Engg & Tech, Krishnagiri, TN.India1 Assistant Professor, Department of IT, PSV College of Engg & Tech, Krishnagiri, TN,India2 Head of Department, Department of IT, PSV College of Engg & Tech, Krishnagiri, TN, India3 ABSTRACT: Decentralized access control is one of important schemes for secure data storage in clouds that supports anonymous authentication. In the proposed scheme, the cloud verifies the authenticity of the series without knowing the user s identity before storing data. We have designed the complete enterprise resource planning using a SaaS based Technology Workday. We have addressed the Core HR transactions from Hire to terminate using this SaaS technology. Tailored the Business Process rules, Security and Compensation package as per the client requirement used this SaaS, as Upgrade will not be a hassle for the client and it will be owned by the Software vendor. We can access the application through mobile from wherever you are. KEYWORDS: Cloud Computing, Access Control, Architecture, Services, Hardware Virtualization. I. INTRODUCTION Cloud computing is a computing model in which hardware, platform, infrastructure and software are characterized and conveyed as an administration instead of an item. Cloud computing is rising up out of late advances in innovations, for example, hardware virtualization, Web administrations, dispersed computing, utility computing and framework automation. Cloud computing exploits hardware virtualization to securely and powerfully distribute physical resources, for example, computational power, stockpiling, and systems to the clients. Cloud resources are conveyed to the end-clients through Web administrations. This basic model brings about alluring peculiarities like Elasticity, Cost Effectiveness, Pay-as-you-go Pricing model, Global-Scale Accessibility and Usability and Easy Maintenance. Elasticity is accomplished by designating physical resources rapidly to the consumers as per their needs and cloud administrations can scale on-demand. Resource imparting enhances utilization of physical resources and along these lines decreases the associated expense, consequently we can say it is expense adequacy. Cloud administrations have consumption-based metering and charging; this property makes them more moderate for little organizations and new businesses which are called Pay-as-you-go Pricing Model. Worldwide scale Accessibility and Usability is a good peculiarity; Cloud consumers have entry to a basically boundless physical resource pool through Web. The an alternate gimmick of cloud is Easy Maintenance, all non-functional prerequisites of IT, for example, upkeep of hardware and software, are tended to by cloud providers, in this way consumers can concentrate on their functional business necessities. To better comprehend the extent of cloud computing and related concepts and advances, in this section we exhibit taxonomy of cloud. In a cloud-show there are four principle members they are cloud provider, cloud consumer, Cloud broker and Cloud Broker Cloud administration consumer is an individual or application who gets to a cloud administration. A cloud broker is an element that intervenes between cloud providers and cloud consumers. The goal of an administration broker is to give the cloud consumer an administration that is more suitable for its needs. This is possible by streamlining and enhancing the administration and contract, amassing different cloud administrations or giving worth included administrations. One can consider cloud brokers as a unique cloud provider. A cloud auditor is an autonomous gathering who looks at a cloud administration stack to give an assessment on security, protection and accessibility level of the corresponding cloud benefits and guarantees that the corresponding Slas (Service Level Agreement) are satisfied. The subtle elements and extent of evaluating methodology is regularly pointed out in the administration contract. Copyright to IJIRCEE 6

2 II. RELATED WORK In [1] open systems such as cloud computing platforms, delegation transfers privileges among users across different administrative domains and facilitates information sharing. We present an independently verifiable delegation mechanism, where a delegation credential can be verified without the participation of domain administrators. Our protocol, called role-based cascaded delegation (RBCD), supports simple and efficient cross-domain delegation of authority. RBCD enables a role member to create delegations based on the dynamic needs of collaboration. In [2] Cloud storage enables users to remotely store their data and enjoy the on-demand high quality cloud applications without the burden of local hardware and software management. Though the benefits are clear, such a service is also relinquishing users' physical possession of their outsourced data, which inevitably poses new security risks toward the correctness of the data in cloud.in order to address this new problem and further achieve a secure and dependable cloud storage service, we propose in this paper a flexible distributed storage integrity auditing mechanism, utilizing the homomorphic token and distributed erasure-coded data. In [3] an important problem in public clouds is how to selectively share documents based on fine-grained attribute-based access control policies (acps). An approach is to encrypt documents satisfying different policies with different keys using a public key cryptosystem such as attribute-based encryption, and/or proxy re-encryption. A direct application of a symmetric key cryptosystem, where users are grouped based on the policies they satisfy and unique keys are assigned to each group, also has similar weaknesses. We observe that, without utilizing public key cryptography and by allowing users to dynamically derive the symmetric keys at the time of decryption, one can address the above weaknesses. In [4] File distribution and storage in a cloud storage environment is usually handled by storage device providers or physical storage devices rented from third parties.files can be integrated into useful resources that users are then able to access via centralized management and virtualization. Nevertheless, when the number of files continues to increase, the condition of every storage node cannot be guaranteed by the manager. High volumes of files will result in wasted hardware resources, increased control complexity of the data center, and a less efficient cloud storage system. III. PROBLEM DEFINITION We need to own the software and take care of maintenance. The data will be available in the service provider s premises and is prone to data hackers. Every year, the software provider can release a new version and it is our responsibility to upgrade our system along with the data to cope up with the new version. Security is a big concern here as the data is available to most of the developers who supports the system. Time and money involved in supporting and enhancing will be very high, where we don t have any other option. We need to upgrade our application to the new version of the software provided else support will be stopped by the vendor. We need to have frequent down times as maintenance will be undergoing. Amount of money and time involved will be very high. Prone to data hackers. As all the data will be maintained in one place, there is a high risk of data loss and need to have a mitigation plan for natural calamities etc. We are providing the complete HR solution with the Cloud based SaaS solution Workday. We will be designing the organization structure and Locations or any other Organization types based on the clients requirement. We will be setting the business process for all the client actions right from Hiring an employee to Terminating an employee. So, the actions are fully controlled and the security will be imposed in two ways based on Who sees what and Who approves what. Only the person assigned with a particular role will be able to act on the transaction We don t have access to the database as it is handled at the centralized place. Setting up the Compensation for the new hires is also done by the Eligibility rules, Compensation plan, Compensation grade and the Compensation Package. Once the Business Process flows are setup, we can start with our day to day activities and also, the managers can see the reports from their Home Page about all the activities like Performance, Team member details, Profit and Loss of the organization. Copyright to IJIRCEE 7

3 A: Location Hierarchy and Locations IV. IMPLEMENTATION AND RESULT Locations are an attribute associated with a worker in a position, and can also be used for assets. Locations reflect a worker's work location rather than an area of responsibility. Locations can be structured as a hierarchy whereby Location A can be the superior of Location B. Location hierarchies have organizational roles and can include locations for grouping purposes. Location hierarchies can also be structured as a hierarchy whereby Location Hierarchy X can be the superior of Location Hierarchy Y. B: Custom Organization You can use custom organizations to group workers into logical constructs that are not defined by Workdayprovided organization types.use the Maintain Organization Types task to define custom organization types. You can configure a custom organization to be a worktag in financial transactions, and assign a worker to the custom organization in organization assignment so that the custom organization defaults as a worktag into transactions that involve the worker. You can mark up to 10 custom organization types as a financial worktag. In addition to their use in business process routing, worktags can also be used as a dimension in reporting. If a custom organization is configured to be allowed in Change Organization Assignment, then it cannot be assigned via membership or Assign Worker tasks. Image: System architecture C: Organization Roles, Members and Org Assignments Roles enable security control for role-enabled objects, such as Organizations, Service Centers, and Spend Categories. Roles include responsibilities such as Manager, Recruiter, and HR Partner. The Maintain Assignable Roles task identifies the security groups that can assign each role. You can assign a role to any level in a hierarchy. If a role is not assigned directly, the position assigned to the role is inherited from the superior. Workday's model of assigning a role to a position, rather than to a specific worker, considerably simplifies role maintenance in the position management staffing model, as roles do not have to be updated manually every time a worker moves out a position. Copyright to IJIRCEE 8

4 D: Security Group The context type of each security group is determined automatically by the security group type with which it is associated, and can t be changed. The name of the security group type indicates different types of row-level access to secured items. Example: A user-based security group is automatically unconstrained, but a role-based security group (constrained) is constrained by organization access. Unconstrained: All users in the security group have access to all data instances secured by the security group, similar to having access to all rows in systems based on traditional relational database architecture. Constrained: All users in the security group have contextual access to a subset of data instances (rows) which the security group can access. Users' access to individual instances is governed by either: Individual Role Organization Mixed: Users in the security group don't have uniform access to data instances. This applies to these security group types: Intersection security groups (a subset of 2 or more security groups). Aggregation security groups (a superset of 2 or more security groups). E: Business Process Setups A business process in Workday is a set of tasks that people initiate, act upon, and complete in order to accomplish a desired business objective. When a business process is initiated, Workday routes the tasks to the responsible roles (users who are capable of completing the tasks based on their membership in security groups) and enforces security and business rules throughout the business process. Any user with the appropriate role can initiate a business process. Once initiated, the business process notifies users in the responsible roles as it processes each step and receives feedback when each step is complete, so it can move on to the next step. All business processes are based on a business process definition; you can't create a business process in Workday without first defining it. Workday's default business processes are delivered definitions and can be customized to meet your needs. You can copy the business process to any supervisory organization and tailor it as necessary, creating different versions of the same business process for different organizations. The business process logic is inherited, so a subordinate organization uses the business process definition of the superior organization unless you specify a custom definition for the subordinate organization. V. CONCLUSION AND FUTURE WORK We have designed the complete enterprise resource planning using a SaaS based Technology Workday. We have addressed the Core HR transactions from Hire to terminate using this SaaS technology. Tailored the Business Process rules, Security and Compensation package as per the requirement. Used this SaaS, as Upgrade will not be a hassle for the client and it will be owned by the Software vendor. We can access the application through mobile from wherever you are. Future Enhancement We can establish the HCM complete setup for multiple Countries REFERENCES. 1 A. Sahai and B. Waters, Fuzzy Identity-Based Encryption, in Proceedings of Advances in Cryptology - EUROCRYPT 05, ser. LNCS, vol Springer, 2005, pp B. Wang, S. S. M. Chow, M. Li, and H. Li, Storing Shared Data on the Cloud via Security-Mediator, in International Conference on Distributed Computing Systems - ICDCS IEEE, B. Alomair and R. Poovendran, Information Theoretically Secure Encryption with Almost Free Authentication, J. UCS, vol. 15, no. 15, pp , C.-K. Chu and W.-G. Tzeng, Identity-Based Proxy Re-encryption Without Random Oracles, in Information Security Conference (ISC 07), ser. LNCS, vol Springer, 2007, pp Copyright to IJIRCEE 9

5 5 C.-K. Chu, J. Weng, S. S. M. Chow, J. Zhou, and R. H. Deng, Conditional Proxy Broadcast Re-Encryption, in Australasian Conference on Information Security and Privacy (ACISP 09), ser. LNCS, vol Springer, 2009, pp C. Wang, S. S. M. Chow, Q. Wang, K. Ren, and W. Lou, Privacy- Preserving Public Auditing for Secure Cloud Storage, IEEE Trans. Computers, vol. 62, no. 2, pp , D. Boneh, X. Boyen, and E.-J. Goh, Hierarchical Identity Based Encryption with Constant Size Ciphertext, in Proceedings of Ad- vances in Cryptology - EUROCRYPT 05, ser. LNCS, vol Springer, 2005, pp D. Boneh, R. Canetti, S. Halevi, and J. Katz, Chosen-Ciphertext Security from Identity-Based Encryption, SIAM Journal on Com- puting (SIAMCOMP), vol. 36, no. 5, pp , D. Naor, M. Naor, and J. Lotspiech, Revocation and Tracing Schemes for Stateless Receivers, in Proceedings of Advances in Cryptology - CRYPTO 01, ser. LNCS. Springer, 2001, pp D. Boneh, C. Gentry, and B. Waters, Collusion Resistant Broad- cast Encryption with Short Ciphertexts and Private Keys, in Proceedings of Advances in Cryptology - CRYPTO 05, ser. LNCS, vol Springer, 2005, pp D. Boneh and M. K. Franklin, Identity-Based Encryption from the Weil Pairing, in Proceedings of Advances in Cryptology - CRYPTO 01, ser. LNCS, vol Springer, 2001, pp D. Boneh, C. Gentry, B. Lynn, and H. Shacham, Aggregate and Verifiably Encrypted Signatures from Bilinear Maps, in Proceedings of Advances in Cryptology - EUROCRYPT 03, ser. LNCS, vol Springer, 2003, pp F. Guo, Y. Mu, and Z. Chen, Identity-Based Encryption: How to Decrypt Multiple Ciphertexts Using a Single Decryption Key, in Proceedings of Pairing-Based Cryptography (Pairing 07), ser. LNCS, vol Springer, 2007, pp F. Guo, Y. Mu, Z. Chen, and L. Xu, Multi-Identity Single-Key Decryption without Random Oracles, in Proceedings of Informa- tion Security and Cryptology (Inscrypt 07), ser. LNCS, vol Springer, 2007, pp Copyright to IJIRCEE 10