con4199-architectural design choices to support devops for peoplesoft systems_final
TRANSCRIPT
Architectural design choices to support DevOps for PeopleSoft systemsSession ID CON4199September 2016
2© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Brennan FolmerDirector/[email protected]
Presenter
Join the conversation@KPMG_US#KPMGoow
3© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
— DevOps concepts for PeopleSoft— Standardization— Infrastructure design— Automation— Developer enablement— Change control
Agenda
Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates. Code samples are presented as examples only. Sample designs are intended to represent observed good practices, and KPMG does not represent that these configurations are applicable to any specific client situation.
DevOps concepts for PeopleSoft
5© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
DevOps definition• IT cultural shift intended to improve collaboration across the service lifecycle• Dev = Developers, product managers, QA• Ops = System engineers, operations staff, DBAs, network engineers, security• Emphasizes people and process changes, not specific technology• Technology is used to facilitate DevOps concepts, but DevOps is not a technology
What is DevOps?
6© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Goals:1. Deploy/refresh PS environments in minutes-to-hours2. Automate repetitive administrative tasks3. Empower developers to handle common tasks4. Standardize the process of releasing changes to production
DevOps support for PeopleSoft
StandardizationEstablish a solid foundation for operational excellence
8© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
A region is a logical grouping of environments whose use is similar from a migration and testing perspective
Useful regions:• DEMO• DEVELOPMENT• TEST• QAT• PRODUCTION• PROJECT
Regions
9© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Environment naming conventionApplication pillar PrefixFinancials/Supply Chain FSHuman Capital Management HRInteraction Hub IHCampus Solutions CSCustomer Relationship Management
CR
Enterprise Learning Management
EL
Enterprise Performance Management
EP
PeopleTools PT
Environment AbbreviationDevelopment DEVTest TSTQuality Assurance Testing
QAT
Production PRDConversion CNVConfiguration CFG
10© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Proliferation of environments require a pattern for port management (5-digit ports)
Port matrix pattern
Application (HCM, FMS, IH, etc.)
Service (JSL, WSL, PIA HTTP/HTTPS, etc.)
Environment (DEV, TST, PRD, etc.)
External/Internal Increment for web domains
11© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Sample port matrixApplication
Tuxedo Jolt Listeners (JSL)Non-production PROD
region PROJECT regionDEMO region DEV region TEST region QAT regionDMO SBX DEV Reserved TST Reserved QAT TRN Reserved PRD CFG CNV PRE
Interaction Hub 9.1 (IH) 34000 34010 34020 34030 34040 34050 34060 34070 34080 34060 34060 34070 34080
CS 9.2 (CS) 34100 34110 34120 34130 34140 34150 34160 34170 34080 34160 34160 34170 34180
HCM 9.2 (HR) 34200 34210 34220 34230 34240 34250 34260 34270 34080 34260 34260 34270 34280
FMS 9.2 (FS) 34300 34310 34320 34330 34340 34350 34360 34370 34080 34360 34360 34370 34380
Application
Tuxedo Workstation Listeners (WSL)Non-production PROD
region PROJECT regionDEMO region DEV region TEST region QAT regionDMO SBX DEV Reserved TST Reserved QAT TRN Reserved PRD CFG CNV PRE
Interaction Hub 9.1 (IH) 35000 35010 35020 35030 35040 35050 35060 35070 35080 35060 35060 35070 35080
CS 9.2 (CS) 35100 35110 35120 35130 35140 35150 35160 35170 35080 35160 35160 35170 35180
HCM 9.2 (HR) 35200 35210 35220 35230 35240 35250 35260 35270 35080 35260 35260 35270 35280
FMS 9.2 (FS) 35300 35310 35320 35330 35340 35350 35360 35370 35080 35360 35360 35370 35380
12© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Sample port matrix (continued)Application
PeopleCode DebuggerNon-production PROD
region PROJECT regionDEMO region DEV region TEST region QAT regionDMO SBX DEV Reserved TST Reserved QAT TRN Reserved PRD CFG CNV PRE
Interaction Hub 9.1 (IH) 36000 36010 36020 36030 36040 36050 36060 36070 36080 36060 36060 36070 36080
CS 9.2 (CS) 36100 36110 36120 36130 36140 36150 36160 36170 36080 36160 36160 36170 36180
HCM 9.2 (HR) 36200 36210 36220 36230 36240 36250 36260 36270 36080 36260 36260 36270 36280
FMS 9.2 (FS) 36300 36310 36320 36330 36340 36350 36360 36370 36080 36360 36360 36370 36380
Application
PIA HTTPNon-production PROD
region PROJECT regionDEMO region DEV region TEST region QAT regionDMO SBX DEV Reserved TST Reserved QAT TRN Reserved PRD CFG CNV PRE
Interaction Hub 9.1 (IH) 27000 27010 27020 27030 27040 27050 27060 27070 27080 27060 27060 27070 27080
CS 9.2 (CS) 27100 27110 27120 27130 27140 27150 27160 27170 27080 27160 27160 27170 27180
HCM 9.2 (HR) 27200 27210 27220 27230 27240 27250 27260 27270 27080 27260 27260 27270 27280
FMS 9.2 (FS) 27300 27310 27320 27330 27340 27350 27360 27370 27080 27360 27360 27370 27380
13© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Sample port matrix (continued)
Application
Realtime Event Notification (REN)Non-production PROD
region PROJECT regionDEMO region DEV region TEST region QAT regionDMO SBX DEV Reserved TST Reserved QAT TRN Reserved PRD CFG CNV PRE
Interaction Hub 9.1 (IH) 29002 29012 29022 29032 29042 29052 29062 29072 29082 29062 29062 29072 29082
CS 9.2 (CS) 29102 29112 29122 29132 29142 29152 29162 29172 29082 29162 29162 29172 29182
HCM 9.2 (HR) 29202 29212 29222 29232 29242 29252 29262 29272 29082 29262 29262 29272 29282
FMS 9.2 (FS) 29302 29312 29322 29332 29342 29352 29362 29372 29082 29362 29362 29372 29382
Application
PIA HTTPSNon-production PROD
region PROJECT regionDEMO region DEV region TEST region QAT regionDMO SBX DEV Reserved TST Reserved QAT TRN Reserved PRD CFG CNV PRE
Interaction Hub 9.1 (IH) 28001 28011 28021 28031 28041 28051 28061 28071 28081 28061 28061 28071 28081
CS 9.2 (CS) 28101 28111 28121 28131 28141 28151 28161 28171 28081 28161 28161 28171 28181
HCM 9.2 (HR) 28201 28211 28221 28231 28241 28251 28261 28271 28081 28261 28261 28271 28281
FMS 9.2 (FS) 28301 28311 28321 28331 28341 28351 28361 28371 28081 28361 28361 28371 28381
14© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
The goal is to provide developers and testers a platform that is as similar as possible to production. — Load balancing – Use load balancer for all PIA domains— SSL/Certificates – Purchase (wildcard) certificates for all environments— DNS names – Match the DNS name to the environment name, e.g.,
fsdev.domain.com, hrtst.domain.com — Hostnames – Establish a naming convention for the servers, e.g.,
xxx-yyy#.domain.com
xxx = Region Membership = {DEMO, DEV, TEST, QAT, PROD, etc.}yyy = Server Role = {web, app, win}
Consistent setup between regions
Infrastructure designOrganize the PeopleSoft ecosystem
16© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
A region is a logical grouping of environments whose use is similar from a migration and testing perspective
Peoplesoft regionsDEMO DEV TEST QAT PROD PROJECT
HRDMO
HRSBX
FSDMO
FSSBX
CSDMO
CSSBX
IHDMO
IHSBX
HRDEV
FSDEV
CSDEV
IHDEV
HRTST
FSTST
CSTST
IHTST
HRQAT
HRTRN
FSQAT
FSTRN
CSQAT
CSTRN
IHQAT
IHTRN
HRPRD
FSPRD
CSPRD
IHPRD
HRCFGFSCFGCSCFGIHCFGHRSECFSSECCSSECIHSECHRCNVFSCNVCSCNV
etc...
Migration Path
17© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Establish a consistent directory layout to facilitate automation of common tasks such as refreshes and patching. Security and segregation of duties can also be enforced via separate homes. — PS_HOME – Contains the PeopleTools 8.5x.xx binaries. Shared between multiple
application installations in a given region.— PS_CFG_HOME – Contains domain definitions (PIA, app server, process scheduler)
and logs— PS_APP_HOME – Contains all delivered, application-specific files. e.g., SQRs,
COBOL, Crystal reports, etc. — PS_CUST_HOME – Contains customized application-specific files
PeopleSoft homesDirectory layout
18© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Each region would have an individually allocated disk with the following layout:/psft/middleware – WebLogic, Tuxedo, Oracle DB connectivity, and JRockit binaries/psft/psreports – Reports for all environments in the region/psft/pt855 – Contains the PeopleTools 8.55.xx binary files/psft/cfg/xx – All domain configurations: PIA, app, and process scheduler/psft/app/xx – Contains the delivered app-specific files (SQR, COBOL, Crystal, etc.)/psft/cust/xx – Customized app-specific files (SQRs, inbound, outbound, COBOL, etc.)
NOTE: xx represents the application abbreviation, e.g., cs, hr, fs, ih…
The example above is for Posix-style file systems; Windows would follow a similar pattern.
Software layoutDirectory layout
19© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Examples to illustrate the concept:
EnvironmentsDirectory layout
Environment Region PS_CFG_HOME PS_APP_HOME PS_CUST_HOMEIHDMO DEMO /psft/cfg/ih /psft/app/ih/IHDMO n/a*
FSDMO DEMO /psft/cfg/fs /psft/app/fs/FSDMO n/a*
IHDEV DEV /psft/cfg/ih /psft/app/ih/IHDEV /psft/cust/ih/IHDEV
FSDEV DEV /psft/cfg/fs /psft/app/fs/FSDEV /psft/cust/fs/FSDEV
IHTST TEST /psft/cfg/ih /psft/app/ih/IHTST /psft/cust/ih/IHTST
FSTST TEST /psft/cfg/fs /psft/app/fs/FSTST /psft/cust/fs/FSTST
IHQAT QAT /psft/cfg/ih /psft/app/ih/IHQAT /psft/cust/ih/IHQAT
FSQAT QAT /psft/cfg/fs /psft/app/fs/FSQAT /psft/cust/fs/FSQAT
IHPRD PROD /psft/cfg/ih /psft/app/ih/IHPRD /psft/cust/ih/IHPRDFSPRD PROD /psft/cfg/fs /psft/app/fs/FSPRD /psft/cust/fs/FSPRD
* The demo environments do not include any customizations and therefore do not require a PS_CUST_HOME directory.
20© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
In this design, the shared disk is mounted on multiple servers. Reliability is the highest priority for the mounted file system.Options:— Highly Available NFS— Clustered File System such as Oracle Cluster File System (OCFS)— Elastic File System (Amazon Web Services offering with using EC2)
References:— http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2011281.pdf — http://www.oracle.com/us/technologies/linux/025995.htm — https://aws.amazon.com/efs/
Shared diskDirectory layout
21© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Document the shape for the VMs per region
Server templatesRegion Tier Memory (GB) vCPUs VM server countDEMO Web 8 2 1
AppBatch 8 2 1
DEV Web 8 2 1
AppBatch 16 4 1
TEST Web 8 2 1
AppBatch 16 4 1
QAT Web 24 4 3
AppBatch 48 8 4
PROD Web 24 4 3
AppBatch 48 8 4
PROJECT Web 16 4 1
AppBatch 48 4 1
22© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Document the size for the domains per region
Domain sizingRegion Application
PSAPPSRVprocess count(Per domain)
JOLT listenerhandlers(Per domain)
JOLT listener maxclients per handler(Per domain)
PubSub handlers
(Per domain)
Domain count (Max one domainper server per app)
DEMO All Min=Max=2 Min=2Max=2
20 Min=Max=3 for pub, sub, and broker
1
DEV All Min=Max=2 Min=2Max=2
20 Min=Max=3 for pub, sub, and broker
1
TEST All Min=Max=2 Min=2Max=2
20 Min=Max=3 for pub, sub, and broker
1
QAT FS Min=Max=3 Min=25Max=25
20 Min=Max=3 4
IH Min=Max=6 Min=Max=5
CS Min=Max=8 Min=Max=5
HR Min=Max=6 Min=Max=5
23© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Document the size for the domains per region (continued)
Domain sizing (continued)Region Application
PSAPPSRVprocess count(Per domain)
JOLT listenerhandlers(Per domain)
JOLT listener maxclients per handler(Per domain)
PubSub handlers
(Per domain)
Domain count (Max one domainper server per app)
PROD FS Min=Max=3 Min=25Max=25
20 Min=Max=3 4
IH Min=Max=6 Min=Max=5
CS Min=Max=8 Min=Max=5
HR Min=Max=6 Min=Max=5
PROJECT All Min=Max=4 Min=5Max=5
20 Min=Max=3 1
24© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
VMs are associated with an individual region. PeopleSoft domains are build and run on the server associated with their region assignment.
Server associationsDEMO DEV TEST PROJECT
Web Serverdemo‑web1.domain.com— CSDMO— HRDMO
— FSDMO— IHDMO
AppBatch Serverdemo‑app1.domain.com— CSDMO— HRDMO
— FSDMO— IHDMO
Web Serverdev‑web1.domain.com— CSDEV— HRDEV
— FSDEV— IHDEV
AppBatch Serverdev‑app1.domain.com— CSDEV— HRDEV
— FSDEV— IHDEV
Windows Server for PSNTdev‑win1.domain.com— CSDEV— HRDEV
— FSDEV
Web Servertest‑web1.domain.com— CSTST— HRTST
— FSTST— IHTST
App Servertest‑app1.domain.com— CSTST— HRTST
— FSTST— IHTST
Windows Server for PSNTtest‑win1.domain.com— CSTST— HRTST
— FSTST
Web Serverproj‑web1.domain.com— CSCNV— CSCFG— CSSEC
— HRCNV— HRCFG— HRSEC…
AppBatch Serverproj‑app1.domain.com— CSCNV— CSCFG— CSSEC
— HRCNV— HRCFG— HRSEC…
Windows Server for PSNTproj‑win1.domain.com— TBD
Windows Server for PSNTdemo‑win1.domain.com— CSDMO— HRDMO
— FSDMO
25© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Multi‑server regionsServer associations
QAT QAT PROD PROD
Web Server 1qat‑web1.domain.com— CSQAT1— HRQAT1
— FSQAT1— IHQAT1
Web Server 2qat‑web2.domain.com— CSQAT2— HRQAT2
— FSQAT2— IHQAT2
Web Server nqat‑webn.domain.com— CSQATn— HRQATn
— FSQATn— IHQATn
AppBatch Server 1qat‑app1.domain.com— CSQAT1— HRQAT1
plus
PSUNX— FSQAT1— IHQAT1
AppBatch Server 2qat‑app2.domain.com— CSQAT2— HRQAT2— FSQAT2 plus
PSUNX— IHQAT2
AppBatch Server 3qat‑app3.domain.com— CSQAT3
plus PSUNX
— HRQAT3— FSQAT3— IHQAT3
AppBatch Server nqat‑appn.domain.com— CSQATn— HRQATn— FSQATn
— IHQATn plus PSUNX
Windows Server for PSNTqat‑win1.domain.com— CSQAT— HRQAT
— FSQAT
Web Server 1prod‑web1.domain.com— CSPRD1— HRPRD1
— FSPRD1— IHPRD1
Web Server 2prod‑web2.domain.com— CSPRD2— HRPRD2
— FSPRD2— IHPRD2
Web Server nprod‑webn.domain.com— CSPRDn— HRPRDn
— FSPRDn— IHPRDn
AppBatch Server 1prod‑app1.domain.com— CSPRD1— HRPRD1
plus
PSUNX— FSPRD1— IHPRD1
AppBatch Server 2prod‑app2.domain.com— CSPRD2— HRPRD2— FSPRD2 plus
PSUNX— IHPRD2
AppBatch Server 3prod‑app3.domain.com— CSPRD3
plus PSUNX
— HRPRD3— FSPRD3— IHPRD3
AppBatch Server nprod‑appn.domain.com— CSPRDn— HRPRDn— FSPRDn
— IHPRDn plus PSUNX
Windows Server for PSNTprod‑win1.domain.com— CSPRD— HRPRD
— FSPRD
26© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Database platform choiceOn premise Cloud/PaaS
Oracle Database 12c
Oracle Database 11g
Microsoft SQL server
IBM DB2
Oracle Cloud Database
Amazon Relational Database Service (RDS)
Microsoft SQL Azure
27© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
One Container Database (CDB) per region. PS environments would be separate Pluggable Databases (PDBs).
Oracle 12c multitenant DEMO
DEMOCDB12102— CSDMO— CSSBX— HRDMO— HRSBX— FSDMO— IHDMO— IHSBX— IHSYS…
DEV
DEVCDB12102— CSDEV— HRDEV— FSDEV— IHDEV
TEST
TESTCDB12102— CSTST— HRTST— FSTST— IHTST
QAT
QATCDB12102— CSQAT— HRQAT— FSQAT— IHQAT
PROD
PRODCDB12102— CSPRD— HRPRD— FSPRD— IHPRD
PROJECT
PROJCDB12102— CSCFG— CSCNV— CSSEC— HRCFG— HRCNV— HRSEC— FSCNV— etc...
Migration Path
28© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
What are the most common DB tasks for PeopleSoft? How can a DB platform choice simplify operations?
Cloning:— Refresh one PS environment from another— Build new PS environments based on existing environmentsBackup/recovery:— Automate backups— Quickly restore databases after a failurePatching:— Applying periodic security patches— Minor version updates
Database tasks
29© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
— Oracle 12c multitenant: On premise installation or DBaaS from Oracle Cloud, AWS RDS
Clone in minutesGoal
Reference: Oracle Magazine April 2014: Oracle 12c Multitenant Overview: http://www.oracle.com/technetwork/issue-archive/2014/14-mar/o24asktom-2147206.html
Provision databases rapidlyExisting database architecture:Multiple steps to clone a database
Oracle multitenant:Single step to clone a database
Before After
30© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
— Database‑as‑a‑Service (DBaaS):- Oracle Cloud Database Backup: Tie into cloud backup with Recovery Manager (RMAN) for backup
and recovery- Amazon Web Services RDS: Take DB snapshots and spin up a separate instance- Microsoft SQL Azure: Take snapshots and perform point‑in‑time restore
Clone in minutes (continued)Goal
31© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Simplify backup & recoveryGoal
— Oracle 12c multitenant: On premise installation or DBaaS from Oracle Cloud, AWS RDSBackup many databases as one
Existing database architecture:Backup multiple databases
Oracle multitenant:Backup one multitenant container database
Before After
Reference: Oracle Magazine April 2014: Oracle 12c Multitenant Overview: http://www.oracle.com/technetwork/issue-archive/2014/14-mar/o24asktom-2147206.html
32© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
— Database‑as‑a‑Service (DBaaS): Oracle Cloud, AWS RDS, Microsoft SQL AzureAll three DBaaS offerings offer automated backup scheduling and point‑in‑time recovery options
Simplify backup & recovery (continued)Goal
33© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Simplify patchingGoal
— Oracle 12c multitenant: On premise installation or DBaaS from Oracle Cloud, AWS RDSManage many databases as one
Existing database architecture:Patch and upgrade multiple databases
Oracle multitenant:Patch and upgrade one multitenant containerdatabase
Before After
Reference: Oracle Magazine April 2014: Oracle 12c Multitenant Overview: http://www.oracle.com/technetwork/issue-archive/2014/14-mar/o24asktom-2147206.html
34© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
— Database‑as‑a‑Service (DBaaS):- Oracle Cloud Database:
— User‑controlled patching performed through the DB Cloud Service Console- AWS RDS (Oracle DB or SQL Server):
— Automatic application of minor‑version upgrades— User‑controlled major‑version upgrades
- Microsoft SQL Azure: — Patching handled by Microsoft Azure with no down‑time— User‑controlled patching options also available
Simplify patching (continued)Goal
Automation
Avoid repetitive manual tasks
36© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Remember the first two goals:1. Deploy/refresh PS environments in minutes‑to‑hours, not days‑to‑weeks2. Automate repetitive administrative tasks
Automate PS build and patching
37© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Starting with PeopleTools 8.55, Deployment Packages (DPKs) are the delivery mechanism.
PS code, middleware, and (Oracle) database can all be provisioned on bare metal or virtual servers via DPKs — Run from command line— Scriptable— Customizable— Controlled with Puppet
PeopleSoft deployment packages
38© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
The delivered properties used by Puppet are found in a series of psft_*.yaml files— psft_configuration.yaml: PS domain properties, PS users, passwords, etc.— psft_deployment.yaml: Properties used to deploy Tuxedo, WebLogic, Oracle DB
client— psft_unix_system.yaml: Set up OS users, groups, sysctl parameters, ulimit, etc. — psft_ses.yaml: Properties Secure Enterprise Search
DPK modifications
39© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
To modify default properties, change the file psft_customizations.yaml.— Example for Financials development (FSDEV) environment:peoplesoft_base: “/psft”db_platform: ORACLEps_home_location: “/psft/pt855”inventory_location: “/psft/middleware/oracle/oraInventory”oracle_client_location: “/psft/middleware/oracle/12.1.0.2”jdk_location: “/psft/middleware/jdk1.7.0_95”weblogic_location: “/psft/middleware/weblogic”tuxedo_location: “/psft/middleware/tuxedo”db_name:FSDEVdb_user: VP1db_user_pwd: <some‑pw>ps_config_home: “/psft/cfg/fs/FSDEV”ps_app_home:location: “/psft/app/fs/FSDEV”
DPK modifications (continued)
Reference: My Oracle Support Doc ID 1641843.2
40© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
PeopleSoft delivers Automated Configuration Management (ACM) to simplify the configuration of environments after a refresh.
Delivered templates include:— Integration Broker— Web Profile— Process Scheduler — SES configuration
ACM can be run via command line, enabling the configuration to be added as a scriptable step in a refresh.
Automate PeopleSoft configuration
41© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
The ACM templates and customized YAML files should be treated as source code (Infrastructure as Code) and versioned appropriately. This allows for tracking and replication of infrastructure setups.
Version control for ACM and puppet files
ACM-FSDEV.txt
ACM-HRDEV.txt
psft_customizations.yaml
ACM-HRTST.txt
ACM-FSTST.txt
Developer enablementAllow developers to do what they do best
43© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Remember the third goal:…3. Empower developers to handle common tasks…
Developer enablement
44© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
— Problem:- Developers need to stage files or access files produced by PeopleSoft- Developers need to access trace files
— Options:- Establish a Samba server on the AppBatch to expose the inbound/outbound directories.
Developers can securely mount the Linux directories as Windows drives on their desktops and directly access files.
- Establish a periodic/cron job to move trace files (*.tracesql, etc.) every few minutes to an accessible location
Access to inbound/outbound directories, trace files
45© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
— Problem:- Developers/testers need to exercise outbound email functionality without sending emails to ‘real’
users— Option:
- Establish a distribution email list for PS developers- Create a Perl (or similar) script to act as a local SMTP server and change the ‘to’ address to the
distribution list before forwarding the email message- Run the Perl script as a service on a local machine- Point the app and batch domains at the local Perl SMTP server (psappsrv.cfg and psprcs.cfg)
See Appendix for an example Perl script
Intercept outbound PeopleSoft email
46© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
— Problem:- Developers have to request app domain cache clear
— Option:- Use PHP and a shell script to execute the psadmin utility command line option to clear cache:
PHP (clear-cache.php):<?php
$output = shell_exec(‘sh /home/psoft/clear-cache.sh’);echo “<pre>$output</pre>”;
?>Script (/home/psoft/clear-cache.sh):
#!/bin/shsudo -i -u psoft psadmin –c purge –d APPDOMAIN –noarch –log “cache purge”
Modify sudoers file (using visudo):www-data ALL=NOPASSWD: /home/psoft/clear-cache.sh
Facilitate app domain cache clear via web page
Change controlEstablish a reliable process to update production
48© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Remember the fourth goal:…4. Standardize the process of releasing changes to production
Change control
49© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
The migration path is the ‘pipeline’ to production. Changes should only flow in one direction.
Migration path
DEV TEST QAT PROD
50© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Region purposeRegion Primary activities Primary audience
Refresh frequency (Form production)
DEV — Development— Unit testing— Testing of Oracle-
delivered patches/features
Developers Infrequently/on-demand
TEST Business user testing and verification
Business Users Monthly
QAT Final quality assurance testing just prior to migrations to production
QA Testers Tech Services
Semi-weekly
PROD Production All end-users N/A
51© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Sample change control scheduleMon Tues Wed Thurs Fri Sat Sun
Week 1
9am:Biz/Dev/Ops status meeting; review previous release
9am:Biz/Dev/Ops status meeting; review issue tracking system
Phase activities:Development/unit testing in DEV region (Developers)User testing in TEST region (Business Users)Migrations done between DEV and TEST (Operations)
Quality Assurance/User Acceptance Testing in QAT region
Perform production maintenance in PROD
Mon Tues Wed Thurs Fri Sat Sun
Week 2
9am:Biz/Dev/Ops status meeting; review issue tracking system
5pm:Deadline to identify candidate items for release
All day:Refresh QAT and migrate candidate items
9am:QA team confirms final items for release
6am-noon:PRODUCTION maintenance window
52© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
— Business Users have visibility and input into development priorities— Developers have a reliable release schedule to plan development efforts— Testers understand what is in the pipeline for verification— Operations can plan application-specific and non-application maintenance in a
reliable manner
Organization interaction
Questions
Thank youBrennan FolmerDirector/[email protected]
Join the conversation@KPMG_U.S.#KPMGoow
Appendix
56© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Prerequisites:— Install a Perl run-time (ActivePerl for Windows, various distributions for Linux)— Install the SMTP-Perl and Net-DNS packagessmtp-redirect.pl
Intercept outbound PS email
############################################################### Description: This script listens for incoming SMTP # traffic, accepts the message, and resends # the message after switching the recipient's # address with the command line parameters## Note: This software is provided as-is with no warranty of any kind. ## Usage: # smtp-redirect.pl <port> [email protected][,[email protected]]## Replace mail.domain.com with a valid SMTP server, and domain.com as appropriate############################################################### # Retrieve the command line arguments and validate them$port = $ARGV[0];$to = $ARGV[1]; if (!$port || !$to) {
print "Usage: $0 port user1\@domain.com[,user2\@domain.com,user3\@domain.com]\n";print "Use a port > 1024. This will NOT send outside of *domain.com\n";exit;
}
57© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Intercept outbound PS email (continued)if ($port !~ /^(\d+)$/) {
die "$port is not a valid port number\n"; } if ($to !~ /^(.*?)\@(.*)$/ig) {
die "$to is not a valid email address (should be user\@domain.com or user1\@domain.com,user2\@domain.com\n" ; } print "Listening on port $port, sending ALL MAIL to: "; # Validate that the TO addresses all match the proper domainforeach $addr (split(",",$to)) {
if ($addr !~ /(.*)\@*domain\.com$/) { die "$addr is not in domain.com domain, I will not send mail there.\n"; }else { print "$addr "; }
} print "\n\r\n"; use Carp;use Net::SMTP::Server;use Net::SMTP::Server::Client;use Net::SMTP::Server::Relay;use Net::SMTP; # Initiate an SMTP server on the local machine to listen for incoming traffic$server = new Net::SMTP::Server("localhost",$port) || croak("Unable to handle client connection: $!\n");
58© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
Intercept outbound PS email (continued)# Process incoming client requestswhile($conn = $server->accept()) {
print "new client\n";
my $client = new Net::SMTP::Server::Client($conn)||croak("Unable to handle client connection: $!\n");
print "about to ->process\n";
$client->process|| next;
print "processed..\n";
++$i;
# Configure the destination SMTP server$smtp = Net::SMTP->new('mail.domain.com', debug => 1);
# Set the FROM address (unchanged from the incoming message)$smtp->mail($client->{FROM});
# Set the TO address(es) from the command line argumentsforeach $addr (split(",",$to)) {
$smtp->to($addr);}
# Include the original message. The original TO addresses are also included at the top of the message.$smtp->data("*********************\nOriginal TO address(es): $client->{TO}[0] \n*****************\n\n $client->{MSG}");$smtp->dataend();
# End the SMTP session (send the mail)$smtp->quit;
print ":[$i] $client->{FROM} -> ".join(",",@{$client->{TO}})."..\n";}
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 589652
The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates.
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates.
kpmg.com/socialmedia