Assessment of In-Cloud Enterprise Resource Planning System Performed in a Virtual Cluster

This paper introduces a high-performed high-availability in-cloud enterprise resources planning (in-cloud ERP) which has deployed in the virtual machine cluster. The proposed approach can resolve the crucial problems of ERP failure due to unexpected downtime and failover between physical hosts in enterprises, causing operation termination and hence data loss. Besides, the proposed one together with the access control authentication and network security is capable of preventing intrusion hacked and/or malicious attack via internet. Regarding system assessment, cost-performance (C-P) ratio, a remarkable cost effectiveness evaluation, has been applied to several remarkable ERP systems. As a result, C-P ratio evaluated from the experiments shows that the proposed approach outperforms two well-known benchmark ERP systems, namely, in-house ECC 6.0 and in-cloud ByDesign.


Introduction
The service-oriented packages in enterprises like enterprise resources planning (ERP) system have quite often encountered the occurrence of unexpected downtime or power failure that may cause immediately system operation termination and data loss.Technically speaking, to timely transfer everything from a host to another is difficult and to resume the original task in a new host as usual cannot be guaranteed.Furthermore, in the event of task transfer to a new host, one may encounter that data is not able to upload concurrently to a new host from external data source.Therefore, in this paper, we introduce a novel approach of high reliability for the task transfer between hosts, that is, a high-performed high-availability in-cloud enterprise resources planning (incloud ERP) which has deployed in the virtual machine cluster for tackling the above-mentioned crucial problem.Here, this paper gives a scheme, taking advantage of virtual machine cluster [1][2][3] to deal with the failover problem as well.The proposed approach has built in-cloud ERP [4,5] in the virtual environment so that the client is able to use mobile devices wirelessly and easily to access in-cloud services via Wi-Fi/3G, but identity verification must be carried out through access control authentication [6] in the cloud.Besides, an open source ERP, namely, OpenERP [7], has been deployed successfully, as shown in Figure 1, instead of commercial high-price ERP.Additionally, access control authentication [8,9] as mentioned above has brought into a virtual machine to proceed with identity verification, secured sign-in, and attendance audit, as shown in Figures 2 and 3. Thus, detecting imminent potential BotNet [10], intrusion hacked, and malicious attacks [11] in virtual network can efficiently increase the network security.

Authentication and Network Security for
Cloud-Based ERP 2.1.In-Cloud ERP and Authentication.Virtual machine clustering system in cloud is an integration of virtualization, virtual machines, and virtual services so that it can make existing resources be fully applied, such as VMware ESX/ESXi Server [12], Microsoft Hyper-V R2 [13], or Proxmox Virtual Environment [14].This system can let users run many operating systems in a single physical computer simultaneously which largely decreases the expense of purchasing PCs.The most important of all is that it has the following major functions   4) Sign in at http://localhost:8096 or http://IP:8096 with the browser on virtual machine, pop up a login page of OpenERP, and then sign in to the administrator to install the necessary modules as a result of an interface of user management.(5) Set up AP Server for biometrics security [15].When users sign in, it will collect users' biometric features with capturing devices at client side as evidence of legal or illegal sign-in [16].

Network Security for
In-Cloud ERP.The use of virtual machines to build firewall and gateway receives multiple benefits, that is, easy management, high scalability, and low cost.For example, a virtual machine equipped with pfSense (http://www.pfsense.org/)or Zentyal (http://www.zentyal.com/)system is all quite easy to manage a network system as shown in Figure 4. However ERP databases containing sensitive information are not allowed to access data directly from the external network, instead to set up an intranet one for data access.According to a variety of different virtual machine managements, there are many different approaches to virtual network layout or configuration.For example, if virtual machine management has its own built-in NAT function, IT manager may install an OpenERP [7] into a virtual machine with two network interface cards, one connected to the external network via the bridge mode for internet, whereas the other connected internally via NAT mode for intranet.Without software firewall for protection, the network does not come up with a hardware firewall, apparently leading to less secure environment in which even common network attacks may also cause system crash as shown in Figure 5.In addition to the scenario mentioned above, IT manager does not consider the use of the built-in NAT function in virtualization management and in contrast takes alternative scheme into account employing pfSense or Zentyal to build a software firewall server.This way goes through port forwarding service to redirect http port packets to OpenERP.External network can not access the interior one where port forwarding service is not allowed or set.Besides, its protection against the common network attacks can also ensure that the user interface gains both the security and stability as shown in Figure 6.

Virtual Machine High Availability.
(1) Consider virtual machine live migration.When an execution error occurs at a node and causes an interruption, virtual machines at that node can be migrated themselves to the other nodes in which the left tasks of the failure node are also to be continued herein.A prerequisite is to ask for a shared storage as well as two units or more servers, for example, a Proxmox VE system as shown in Figure 7.
(2) Virtual storage live migration is as follows.The system provides HA in virtual machines and accordingly HA will also support virtual storage as well.
Generally, connecting a shared storage (e.g., SAN), the system may achieve the purpose of reaching a low downtime.When an execution error occurs at a node and causes an interruption, virtual storage at that node can be migrated itself to the other nodes to resume the left tasks of the failure node.
(3) Distributed resource scheduling is as follows.Virtual machine management system such as Hyper-V [13] imports nonuniform memory access (NUMA) mechanism for the resources allocation, in which computing cores and memory are divided into nodes, and each virtual machine attaches the corresponding node in accordance with the amount of  the allocation of resources.That is, the resources of a virtual machine may be allocated from different server hardware resources as shown in Figure 8. (4) Fault tolerance is as follows.The main principle of reaching a zero downtime such as VMware vSphere [12] is that when a primary virtual machine is running, the system automatically generates a redundant virtual machine, totally equal to the primary one, located in other servers to synchronize the task.Once the system detects the primary virtual machine failure, the running task is immediately transferred to the redundant virtual machine; this redundant virtual machine becomes the primary virtual machine at once, and the system will replicate another redundant virtual machine once again as shown in Figure 9.

Network High Availability.
With link aggregation control protocol (LACP) [17], network interface cards can utilize network bounding techniques that will combine multiple network interface cards together, and in the meantime set the parameters of network interface card related to the HA function.For example, Linux systems can use the software ifenslave to gain fault-tolerant features in the combined network interface cards.That is, as one of network interface cards fails, work load will automatically switch to another one to carry on the successive networking tasks as shown in Figure 10.

Storage High Availability.
In general, storage device of iSCSI or NAS is able to provide hard drive array (RAID) function.If the system needs to consider both cost and performance and fault tolerance solution, type of RAID 0+1 disk array is suggested to organize hard drive array, as shown in Figure 11.In addition, iSCSI or NAS storage device also probably risks the failure incident and hence the storage device needs to consider HA.At present, the storage device manufacturers have incorporated synchronous backup mechanism, but on the contrary the traditional storage devices may not have this feature, where an additional server is required for implementing the synchronization between the primary storage and the secondary one as shown in Figure 12.According to HA of virtual machine, network, and storage as mentioned above, a diagram of incloud platform with high availability is illustrated in Figure 12.With the minimum facility required for HA structure, the system needs at least two high-performance computing servers, two high-speed network switches, and two highreliability storages to establish an in-cloud platform with HA.

ERP System Assessment
According to the functional mean time in average functional access time for each ERP application platform on (1), we derived the respective each platform mean time equation (2).After that a performance index is defined on (3) and sequentially normalized to be a value ranging from 0 to 1 on (4), where we refer to this as a normalized performance index corresponding to each ERP application platform.In (1), FAT  is a functional access time for a specific function (e.g., Create New Customer Master Data, Create New Material Master, Create Sales Order, or Search Function) running in an ERP application, and accordingly FMT  represents a functional mean time for various functions.In (2), PMT  stands for a platform mean time for a variety of ERP applications (e.g., ECC6.0 [18], ByDesign [19], or OpenERP), and the coefficients  1 ,  2 , . . .,   act as a weighted average.In (3), PI  means a performance index for a specific ERP application platform.In addition, there are two more performance indexes that are also applicable, where PI  in (4) represents a normalized performance index for a specific ERP application platform, and ← → PI  in (5) stands for an intervalized performance index.Consider The ERP cost about capital expenditure, operational expenditure, and business agility has broken into 3 items that are software cost, monthly cost, and downtime cost, respectively.In particular, the downtime cost for each ERP application platform will be proportional to both the ratio of VM density (minor part) and the ratio of ERP performance index (major part).Here, IT manager proceeds to the trial of ERP system as planned for a period of two years where we assume an unexpected downtime may occur once per year and the downtime cost of ECC6.0 is roughly estimated US$ 1000 at a time.Moreover, a formula for calculating the ERP system expenditure has been derived on (6)  )) ⋅ cost downtime at ECC6.0 + cost monthly ⋅ period + cost software ,  = 1, 2, 3, . . ., The assessment for the various ERP software packages is evaluated according to the so-called cost-performance ratio CP ratio  defined on (7), where PI  represents the performance index as shown in (3) for the simplification in computation and Cost ERP  stands for the operation cost as shown in (6).Consider

Experimental Results and Discussion
There are a few experiments and a discussion presented in the following subsessions.

High-Availability Testing.
First in order to verify the high availability of the network, after the network used the function of network bonding, IT manager removed one of the network cables from an edge switch for a few seconds to check whether or not the network satisfies fault tolerance at this situation.After a test of ping command for 50 times, as a result, the connection quality is good because there is no packet loss during the cable removal, achieving the goal of network high availability as shown in Figure 13.Next, in order to verify whether the servers and storage devices achieve high availability, IT manager shuts down a server on which a virtual machine was currently running, while the servermounted storage device will correspondingly fail.Test results show that failover completed successfully because the virtual machine correctly transferred (migrated) to another server as shown in Figure 14.

Access Control Authentication and ERP Testing.
Users sign in at http://IP:8096 with the browser on an Android smart phone to sign in in-cloud ERP remotely via 3G/WiFi as shown in Figure 15 and next based on biometric measures the process of access control authentication [20,21] is activated to capture human face and fingerprint at mobile device, deliver them to back-end server for identification, and then return the result back to mobile device.It takes about 2 seconds for identity verification as shown in Figure 16.After that we begin to test ERP routines.Users sign in at http://IP:8096 with the browser on a personal computer to sign-in in-cloud ERP remotely via 3G/WiFi and then go for access control authentication at PC.After that, we begin to test ERP routines on PC as shown in Figures 17 and 18.

System Assessment.
According to the experiments of online testing in the daily use of ERP in enterprise within a week, it was found that the growth rate of use of in-cloud ERP increased dramatically, approximately 5.2 times than a standalone ERP.In terms of the hardware cost in Taiwan, it costs the user $1,002.5 on the hardware equipment for a standalone ERP, that is, in-house ERP, in which the additional cost will be paid for air conditioning with monthly fee of $18.4,space rent of $26.7, and hardware equipment maintenance fee of $16.7.In regard to the amortization schedule using monthly payment for a period of two years, it costs $2,486.3for monthly expenditure.In other words, it costs an average monthly usage fee of $103.6.In contrast, renting an in-cloud ERP service in virtual environment only needs about $50.1 monthly payment and it saves 1.07 times the cost of in-house ERP, that is, reducing the monthly expenditure a lot.In addition to the monthly expenditure, we have to consider the cost of software package for ERP applications.Prices of them usually vary with different levels of functionality for a series of ERP products or various brands in the market.In particular, the high-level and complicated version of ERP commerce product, for example, Sap or Oracle, is more expensive than  the standard one.As shown in Table 1, the comparison of the number of access in ERP system and the monthly expenditure for ERP, the proposed in-cloud ERP, is exclusively superior to the in-house ERP.Two well-known benchmark ERP systems, ECC 6.0 [18] and ByDesign [19], are used to compete with the proposed one.According to ERP functional performance, that is, the operational speed of various ERP functions, the proposed approach defeats the others as listed in Table 2. Finally, given three typical instances, the cost-performance ratio for ERP system assessment has been evaluated and clearly the proposed one beats the others as listed in Table 3.
5.5.Discussion.It has been noted that the performance indexes for three models have been listed in Table 3 and they are invariant and are not varied with the parameters, namely,  and .In Figure 21, the operational cost for our proposed approach has varied with quantity of parameters and goes down dramatically when the value of parameter  is bigger than that of parameter .Accordingly, C-P ratio for the proposed approach definitely goes up at that situation.As a consequence, according to C-P ratio, our proposed approach outperforms the others even in all different cases, where C-P ratio varied with the quantity of parameters as shown in Figure 22.Compared with the proposed one, namely, incloud OpenERP, the C-P ratio of another in-cloud ERP system, that is, in-cloud ByDesign, has slightly increased a little bit as it varied with parameters.This has verified that our proposed approach has been realized successfully and performed significantly for an in-cloud ERP system.

Conclusion
This paper introduces a high-performed high-availability incloud enterprise resources planning (in-cloud ERP) deployed in the virtual machine cluster together with access control authentication and network security.The proposed one can resolve the problem of unexpected system failure to cause operation terminated and data loss as well as intrusion hacked and/or malicious attack via internet.In addition, according to the cost-performance (C-P) ratio, the system assessment shows that the proposed approach in this paper outperforms two well-known benchmark ERP systems, inhouse ECC 6.0 and in-cloud ByDesign.This has verified that
the company Devices for collecting face and fingerprint images Pass your authentication before entering the company

Figure 2 :
Figure 2: Access control in a firm.

Figure 3 :
Figure 3: Access control authentication in cloud.

Figure 10 :
Figure 10: Realizing the architecture of network HA.

Figure 13 :
Figure 13: Ping command to check the network quality.

Figure 14 :
Figure 14: Failover using a virtual machine migration.
(a) List of products (b) Sales order

Figure 15 :
Figure 15: Sign-in in-cloud OpenERP at smart phone.

Figure 16 :
Figure 16: Face recognition and fingerprint identification at smart phone.

Figure 17 :
Figure 17: List of products of in-cloud OpenERP as sign-in at PC. .

Figure 18 :
Figure 18: Sales order of in-cloud OpenERP as sign-in at PC.

Figure 20 :Figure 21 :
Figure 20: Test of SQL Injection attack using SQL Power Injector 1.2.

Table 1 :
ERP access frequency and its operational cost.