Offshore Dev Resources and Secure Networks

[jdel6654]

The company for which I work has a requirement to have 2 secure networks - 1 for employees and 1 for contract employees (some offshore). My company has found that having two totally separated networks eliminates a significant amount of work securing the internal network and server infrastructure.

Now my company is implementing E1 and is utilizing contract E1 developers. Knowing that we have to share security and object librarian causes issues for the separate networks. We do not allow any ports to be opened. As a result, we have deployed a nearly completely redundant set of E1 servers, except for the deployment server.

The question is now that we need to move to production, how do we share the databases with separate networks? We have been given 3 options:

A. Two totally separate E1 installations - 2 dep servers and use Boomerang to move any and all changes (dev mods, versions, dd changes etc.) to the production network.

B. Two totally separate E1 installations but use commercial db replication to move most system and OL db data one-way. Use a fat client to pull mods from the contractor network to the production E1 installation.

C. Change the company policy to open ports.


So the polls is: which option would you recommend -or- seen in use?

 

[Rolf Kloth]

--Apple-Mail-1--703910829
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=iso-8859-1


Rolf Kloth

Mail: [email protected]
HomePage: www.RolfKloth.de
Skype: rolf_kloth





Am 22.11.2009 um 21:15 schrieb jdel6654:

- 1 for employees and 1 for contract employees (some offshore). My compan y has found that having two totally separated networks eliminates a signif icant amount of work securing the internal network and server infrastructu re.
s. Knowing that we have to share security and object librarian causes issu es for the separate networks. We do not allow any ports to be opened. As a result, we have deployed a nearly completely redundant set of E1 server s, except for the deployment server.
the databases with separate networks? We have been given 3 options:
ng to move any and all changes (dev mods, versions, dd changes etc.) to th e production network.
on to move most system and OL db data one-way. Use a fat client to pull mo ds from the contractor network to the production E1 installation.
post contains the poll as shown below. To vote, please visit the JDEList Forums.
ay

--Apple-Mail-1--703910829
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=iso-8859-1

: space; -webkit-line-break: after-white-space; ">
<div>
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; color : rgb(0, 0, 0); font-family: Helvetica; font-size: medium; font-style: nor mal; font-variant: normal; font-weight: normal; letter-spacing: normal; li ne-height: normal; orphans: 2; text-align: auto; text-indent: 0px; text-tr ansform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit- border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -web kit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -web kit-text-stroke-width: 0px; "><span class=3D"Apple-style-span" style=3D"bo rder-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font -size: medium; font-style: normal; font-variant: normal; font-weight: norm al; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spac ing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adju st: auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: break -word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "> <span class=3D"Apple-style-span" style=3D"border-collapse: separate; color : rgb(0, 0, 0); font-family: Helvetica; font-size: medium; font-style: nor mal; font-variant: normal; font-weight: normal; letter-spacing: normal; li ne-height: normal; orphans: 2; text-indent: 0px; text-transform: none; whi te-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal- spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decoratio ns-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-wi dth: 0px; "><div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div>Rolf Kloth</div><div>
</ I work has a requirement to have 2 secure networks - 1 for employees and 1 for contract employees (some offshore). My company has found that havi ng two totally separated networks eliminates a significant amount of work securing the internal network and server infrastructure.

Now my co mpany is implementing E1 and is utilizing contract E1 developers. Knowing that we have to share security and object librarian causes issues for the separate networks. We do not allow any ports to be opened. As a result, we have deployed a nearly completely redundant set of E1 servers, except for the deployment server.

The question is now that we need to mov e to production, how do we share the databases with separate networks? We have been given 3 options:

A. Two totally separate E1 installat ions - 2 dep servers and use Boomerang to move any and all changes (dev mo ds, versions, dd changes etc.) to the production network.

B. Two totally separate E1 installations but use commercial db replication to mo ve most system and OL db data one-way. Use a fat client to pull mods from the contractor network to the production E1 installation.

C. Chan ge the company policy to open ports.


So the polls is: which op tion would you recommend -or- seen in use?
This post contains the poll as shown below. To vote, please visit the <a href=3D"http://www.jdelist.com/ubb">JDEList Forums</a>.
<table border=3D"0" width=3D"75%" align=3D"center">

<table width=3D"95%" align=3D"center" cellpadding=3D"1" cellspacing=3D"1" style=3D"background: #c0c0c0;">

<table cellpadding=3D"3" cellspacing=3D"1" width=3D"100%" style=3D"backgro und: #808080;">
<td colspan=3D"2" style=3D"font-family: Verdana, Helvetica, sans-serif; fo nt-size: 9pt; font-weight: bold; color: #ffffff; background: #809fc6;">
How do you run E1 with a secure network and offshore resources?

<span style=3D"font-size: 8pt; font-family: Verdana, Helvetica, sans-serif
<td width=3D"10%" style=3D"background: #E6E6E6; color: #000000;" align=3D" <input type=3D"checkbox" name=3D"option-231" style=3D"font-family: Verdana , Helvetica, sans-serif ; background-color: ; color: ; font-size: 9pt;" va <td width=3D"90%" style=3D"font-family: Verdana, Helvetica, sans-serif; ba ckground: #f7f7f7; color: #000000;">
Two totally separate E1 installations with Boomerang
<td width=3D"10%" style=3D"background: #E6E6E6; color: #000000;" align=3D" <input type=3D"checkbox" name=3D"option-231" style=3D"font-family: Verdana , Helvetica, sans-serif ; background-color: ; color: ; font-size: 9pt;" va <td width=3D"90%" style=3D"font-family: Verdana, Helvetica, sans-serif; ba ckground: #f7f7f7; color: #000000;">
Two totally separate E1 installations with commercial replication 1-way
<td width=3D"10%" style=3D"background: #E6E6E6; color: #000000;" align=3D" <input type=3D"checkbox" name=3D"option-231" style=3D"font-family: Verdana , Helvetica, sans-serif ; background-color: ; color: ; font-size: 9pt;" va <td width=3D"90%" style=3D"font-family: Verdana, Helvetica, sans-serif; ba ckground: #f7f7f7; color: #000000;">
Open the Ports
<td style=3D"font-family: Verdana, Helvetica, sans-serif; color: #000000;" colspan=3D"2" align=3D"center">
Votes accepted from 11/22/2009 00:00 AM to No end specified


You must vote before you can view the results of this poll



=3D"http://www.jdelist.com/ubb/showflat.php?Cat=3D&Board=3DOW&Numb <font face=3D"Verdana, Arial" size=3D"-2">This is the JDELIST EnterpriseOn e Mailing List.
JDELIST is not affiliated with JDEdwards=AE.
To unsubscribe from this list via email, <a href=3D"mailto: jdelist_remo [email protected]?Subject=3DUnsubscribe&Body=3DSirs,

Please rem ove this address from the JDELIST EnterpriseOne Mailing Li
--Apple-Mail-1--703910829--

 

[peterbruce]

My organisation has a policy to keep production systems separate from test and development systems. So we actually have two separate installations, one for production and the other for development and testing. We were using product packaging to transport/implement changes into production. We now use Boomerang to do this.

We use a combination of in house and contract developers. Though this is mostly in house (me along with CNC and admin - I have annual "discussions" with auditors and need to keep a well documented change process).

 

[jdel6654]

Peter,

How much customization did you have? How many objects were custom or newly created? Were your developers offshore developers only?

Also, what about your functional contractors working on-site?

 

[kylepyro]

You can't really weigh in on a security question in a meaningful way w/o understanding what is at risk. If you were securing Nuclear Launch Codes or millions of credit card transactions you'd get one answer. If you're securing the number of bushels of corn in your warehouses, you'd get another.

Security is always a function of what is at risk, what are the threats and what does being "secure" cost.

 

[peterbruce]

jdel6654,

To answer your questions:

1) How much customization did you have?
A:Not a great deal - mostly interfaces with other systems.

2) How many objects were custom or newly created?
A: Probably about the 100 mark for JDE Objects, maybe more.

3) Were your developers offshore developers only?
A: No. As I said in my post, I do most of the development. Offshore developers would log into our test/development system with pre arranged user ids, I think it was via a vpn. The last time was some time ago. I took care of the change management processes.

4) What about your functional contractors working on-site?
A: Once again they haad there own specific user ids and I took care of the change management processes.

 

[jdel6654]

No, actually, I think, generally speaking, it is possible to weigh in. Our company is a mid-size manufacturer - most likely like the other E1 installs discussed on this site. Let's just say we don't have anything to do with the defense industry.

 

[Ralph de Joode]

We using an off shore company for dev and 1st line support.

Currently we have a dev, PY and production system. The offshore company has only acces to the Dev & PY env. When they program they create it in the dev enviroment and with a package build its installed in the PY enviroment. When the user test and accept it, its going in a package build to production.

If you have any questions please ask.

Regards,
Ralph

 

[jdel6654]

Ralph,

Thanks for your info. Do you use separate networks for the offshore developers?