PeopleSoft process scheduler is one of the most critical part in batch scheduling. Because most of the critical job is running under Batch server.
Pretty enough to say about Batch server,Now this post is all about how good Peoplesoft security is in place to post the reports.
We all know after the process went to success reports will get posted to report repository, so we know how the process are picked up and processed in sequential manner.
Let me give small heads up , whenever you run the process from front end ,Application server will issue a request and hence 3 process scheduler tables will get updated, Every 10 seconds Batch server will check for these 3 core tables and if it finds the new request then it will start processing the request, once it finishes this will generate the report output in LOG_OUPUT directory.
Now How reports are getting posted ?
Here is the weak security we are providing (if in case if you select http protocol) to most critical report repository.
Do you know how?
1.once PSAESRV server completes the request and generates the report in LOG_OUTPUT directory.
2.PSDSTSRV server will pick the report and ready to transfer the report in report repository which is present in webserver machine.
So here is the question what authentication we are giving to put the report in webserver machine report repository?
if you see the below snapshot we are just giving the server name ,port number and the site name.
Authentication field is empty, but still reports are posted.How?
The answer is we are not providing any authentication.
So how webserver machine will allow the reports to place in repository?
Behind the scenes SCHEDULER TRANSFER servlet which is running in webserver machine (its a java api servlet ) and its open to all.
PSDSTSRV server will pick the report and it will contact SCHEDULER TRANSFER servlet in clear text and without authentication , because already servlet is opened for all clients.
So once the PSDSTSRV server sends the report , SCHEDULER TRANSFER (running in webserver) will recieve the report and place the reports under report repository folder.
This is why Oracle is recommending to provide full access to report repository folder for the user who is starting WEBSERVER .
So Peoplesoft has not provided the security ?
The answer is no Peoplesoft is recommending to go for HTTPS/FTP,XCOPY protocol instead of HTTP, Because in HTTP protocol Scheduler Transfer will allow all the incoming reports.
You can also develop a java code to contact Scheduler transfer and post or retrieve the reports because it is open to all the clients.
But if you are using HTTPS protocol there will be a certificate installed in both Process scheduler and Webserver , so all the incoming connection will come with digital certificate and it should match with certificate placed in Webserver (i.e.,Scheduler Transfer). So no one except PSDSTSRV with valid certificate cannot place the reports in Report repository folder.
So are you using HTTP protocol in production environment, this is the risk involved and change it back to HTTPS protocol.
Cheers!!!!!!
Pretty enough to say about Batch server,Now this post is all about how good Peoplesoft security is in place to post the reports.
We all know after the process went to success reports will get posted to report repository, so we know how the process are picked up and processed in sequential manner.
Let me give small heads up , whenever you run the process from front end ,Application server will issue a request and hence 3 process scheduler tables will get updated, Every 10 seconds Batch server will check for these 3 core tables and if it finds the new request then it will start processing the request, once it finishes this will generate the report output in LOG_OUPUT directory.
Now How reports are getting posted ?
Here is the weak security we are providing (if in case if you select http protocol) to most critical report repository.
Do you know how?
1.once PSAESRV server completes the request and generates the report in LOG_OUTPUT directory.
2.PSDSTSRV server will pick the report and ready to transfer the report in report repository which is present in webserver machine.
So here is the question what authentication we are giving to put the report in webserver machine report repository?
if you see the below snapshot we are just giving the server name ,port number and the site name.
Authentication field is empty, but still reports are posted.How?
The answer is we are not providing any authentication.
So how webserver machine will allow the reports to place in repository?
Behind the scenes SCHEDULER TRANSFER servlet which is running in webserver machine (its a java api servlet ) and its open to all.
PSDSTSRV server will pick the report and it will contact SCHEDULER TRANSFER servlet in clear text and without authentication , because already servlet is opened for all clients.
So once the PSDSTSRV server sends the report , SCHEDULER TRANSFER (running in webserver) will recieve the report and place the reports under report repository folder.
This is why Oracle is recommending to provide full access to report repository folder for the user who is starting WEBSERVER .
So Peoplesoft has not provided the security ?
The answer is no Peoplesoft is recommending to go for HTTPS/FTP,XCOPY protocol instead of HTTP, Because in HTTP protocol Scheduler Transfer will allow all the incoming reports.
You can also develop a java code to contact Scheduler transfer and post or retrieve the reports because it is open to all the clients.
But if you are using HTTPS protocol there will be a certificate installed in both Process scheduler and Webserver , so all the incoming connection will come with digital certificate and it should match with certificate placed in Webserver (i.e.,Scheduler Transfer). So no one except PSDSTSRV with valid certificate cannot place the reports in Report repository folder.
So are you using HTTP protocol in production environment, this is the risk involved and change it back to HTTPS protocol.
Cheers!!!!!!
No comments:
Post a Comment