This paper introduces a high-performed high-availability in-cloud enterprise resources planning (in-cloud ERP) which has deployed in the virtual machine cluster. The proposed approach can resolve the crucial problems of ERP failure due to unexpected downtime and failover between physical hosts in enterprises, causing operation termination and hence data loss. Besides, the proposed one together with the access control authentication and network security is capable of preventing intrusion hacked and/or malicious attack via internet. Regarding system assessment, cost-performance (C-P) ratio, a remarkable cost effectiveness evaluation, has been applied to several remarkable ERP systems. As a result, C-P ratio evaluated from the experiments shows that the proposed approach outperforms two well-known benchmark ERP systems, namely, in-house ECC 6.0 and in-cloud ByDesign.
1. Introduction
The service-oriented packages in enterprises like enterprise resources planning (ERP) system have quite often encountered the occurrence of unexpected downtime or power failure that may cause immediately system operation termination and data loss. Technically speaking, to timely transfer everything from a host to another is difficult and to resume the original task in a new host as usual cannot be guaranteed. Furthermore, in the event of task transfer to a new host, one may encounter that data is not able to upload concurrently to a new host from external data source. Therefore, in this paper, we introduce a novel approach of high reliability for the task transfer between hosts, that is, a high-performed high-availability in-cloud enterprise resources planning (in-cloud ERP) which has deployed in the virtual machine cluster for tackling the above-mentioned crucial problem. Here, this paper gives a scheme, taking advantage of virtual machine cluster [1–3] to deal with the failover problem as well. The proposed approach has built in-cloud ERP [4, 5] in the virtual environment so that the client is able to use mobile devices wirelessly and easily to access in-cloud services via Wi-Fi/3G, but identity verification must be carried out through access control authentication [6] in the cloud. Besides, an open source ERP, namely, OpenERP [7], has been deployed successfully, as shown in Figure 1, instead of commercial high-price ERP. Additionally, access control authentication [8, 9] as mentioned above has brought into a virtual machine to proceed with identity verification, secured sign-in, and attendance audit, as shown in Figures 2 and 3. Thus, detecting imminent potential BotNet [10], intrusion hacked, and malicious attacks [11] in virtual network can efficiently increase the network security.
In-cloud OpenERP deployment.
Access control in a firm.
Access control authentication in cloud.
2. Authentication and Network Security for Cloud-Based ERP2.1. In-Cloud ERP and Authentication
Virtual machine clustering system in cloud is an integration of virtualization, virtual machines, and virtual services so that it can make existing resources be fully applied, such as VMware ESX/ESXi Server [12], Microsoft Hyper-V R2 [13], or Proxmox Virtual Environment [14]. This system can let users run many operating systems in a single physical computer simultaneously which largely decreases the expense of purchasing PCs. The most important of all is that it has the following major functions including virtual machine live migration, virtual storage live migration, distributed resource scheduling, high availability, fault tolerance, backup and disaster recovery, the transfer from physical machines to virtual machines, direct hardware accessing, and virtual network switching. This study introduces Proxmox Virtual Environment as the cloud computing and service platform with the virtual environment. The kernel-based virtual machine (KVM) acts as the main core of virtual machine, and it has installed the kernel of Linux-based operating system. OpenERP is adopted in this study as an ERP application which provides many solutions for open sources software in the future, having it more expandable, making a great progress on cost deduction. The in-cloud ERP is established as follows. (1) Build Proxmox VE virtual machine cluster and through WebPages manage the virtual machine. (2) Create a virtual machine and set up its guest operating system in Proxmox VE virtual machine cluster. (3) Set up OpenERP in virtual machine, inclusive of OpenERP AP, PostgreSQL database, and web interface for end-user. (4) Sign in at http://localhost:8096 or http://IP:8096 with the browser on virtual machine, pop up a login page of OpenERP, and then sign in to the administrator to install the necessary modules as a result of an interface of user management. (5) Set up AP Server for biometrics security [15]. When users sign in, it will collect users’ biometric features with capturing devices at client side as evidence of legal or illegal sign-in [16].
2.2. Network Security for In-Cloud ERP
The use of virtual machines to build firewall and gateway receives multiple benefits, that is, easy management, high scalability, and low cost. For example, a virtual machine equipped with pfSense (http://www.pfsense.org/) or Zentyal (http://www.zentyal.com/) system is all quite easy to manage a network system as shown in Figure 4. However ERP databases containing sensitive information are not allowed to access data directly from the external network, instead to set up an intranet one for data access. According to a variety of different virtual machine managements, there are many different approaches to virtual network layout or configuration. For example, if virtual machine management has its own built-in NAT function, IT manager may install an OpenERP [7] into a virtual machine with two network interface cards, one connected to the external network via the bridge mode for internet, whereas the other connected internally via NAT mode for intranet. Without software firewall for protection, the network does not come up with a hardware firewall, apparently leading to less secure environment in which even common network attacks may also cause system crash as shown in Figure 5. In addition to the scenario mentioned above, IT manager does not consider the use of the built-in NAT function in virtualization management and in contrast takes alternative scheme into account employing pfSense or Zentyal to build a software firewall server. This way goes through port forwarding service to redirect http port packets to OpenERP. External network can not access the interior one where port forwarding service is not allowed or set. Besides, its protection against the common network attacks can also ensure that the user interface gains both the security and stability as shown in Figure 6.
Application pfSense establishing firewall and gateway in cloud.
A built-in NAT function in virtualization management.
3. High Availability for In-Cloud ERP3.1. Virtual Machine High Availability
(1) Consider virtual machine live migration. When an execution error occurs at a node and causes an interruption, virtual machines at that node can be migrated themselves to the other nodes in which the left tasks of the failure node are also to be continued herein. A prerequisite is to ask for a shared storage as well as two units or more servers, for example, a Proxmox VE system as shown in Figure 7. (2) Virtual storage live migration is as follows. The system provides HA in virtual machines and accordingly HA will also support virtual storage as well. Generally, connecting a shared storage (e.g., SAN), the system may achieve the purpose of reaching a low downtime. When an execution error occurs at a node and causes an interruption, virtual storage at that node can be migrated itself to the other nodes to resume the left tasks of the failure node. (3) Distributed resource scheduling is as follows. Virtual machine management system such as Hyper-V [13] imports nonuniform memory access (NUMA) mechanism for the resources allocation, in which computing cores and memory are divided into nodes, and each virtual machine attaches the corresponding node in accordance with the amount of the allocation of resources. That is, the resources of a virtual machine may be allocated from different server hardware resources as shown in Figure 8. (4) Fault tolerance is as follows. The main principle of reaching a zero downtime such as VMware vSphere [12] is that when a primary virtual machine is running, the system automatically generates a redundant virtual machine, totally equal to the primary one, located in other servers to synchronize the task. Once the system detects the primary virtual machine failure, the running task is immediately transferred to the redundant virtual machine; this redundant virtual machine becomes the primary virtual machine at once, and the system will replicate another redundant virtual machine once again as shown in Figure 9.
HA optional setting of VM in Proxmox VE.
Hardware resources allocation based on NUMA in Hyper-V R2.
Fault tolerance mechanism by VMware vSphere.
3.2. Network High Availability
With link aggregation control protocol (LACP) [17], network interface cards can utilize network bounding techniques that will combine multiple network interface cards together, and in the meantime set the parameters of network interface card related to the HA function. For example, Linux systems can use the software ifenslave to gain fault-tolerant features in the combined network interface cards. That is, as one of network interface cards fails, work load will automatically switch to another one to carry on the successive networking tasks as shown in Figure 10.
Realizing the architecture of network HA.
3.3. Storage High Availability
In general, storage device of iSCSI or NAS is able to provide hard drive array (RAID) function. If the system needs to consider both cost and performance and fault tolerance solution, type of RAID 0+1 disk array is suggested to organize hard drive array, as shown in Figure 11. In addition, iSCSI or NAS storage device also probably risks the failure incident and hence the storage device needs to consider HA. At present, the storage device manufacturers have incorporated synchronous backup mechanism, but on the contrary the traditional storage devices may not have this feature, where an additional server is required for implementing the synchronization between the primary storage and the secondary one as shown in Figure 12. According to HA of virtual machine, network, and storage as mentioned above, a diagram of in-cloud platform with high availability is illustrated in Figure 12. With the minimum facility required for HA structure, the system needs at least two high-performance computing servers, two high-speed network switches, and two high-reliability storages to establish an in-cloud platform with HA.
RAID 0+1 system diagram.
Implementation of an in-cloud platform with HA.
4. ERP System Assessment
According to the functional mean time in average functional access time for each ERP application platform on (1), we derived the respective each platform mean time equation (2). After that a performance index is defined on (3) and sequentially normalized to be a value ranging from 0 to 1 on (4), where we refer to this as a normalized performance index corresponding to each ERP application platform. In (1), FATi is a functional access time for a specific function (e.g., Create New Customer Master Data, Create New Material Master, Create Sales Order, or Search Function) running in an ERP application, and accordingly FMTj represents a functional mean time for various functions. In (2), PMTk stands for a platform mean time for a variety of ERP applications (e.g., ECC6.0 [18], ByDesign [19], or OpenERP), and the coefficients λ1,λ2,…,λM act as a weighted average. In (3), PIk means a performance index for a specific ERP application platform. In addition, there are two more performance indexes that are also applicable, where PI¯k in (4) represents a normalized performance index for a specific ERP application platform, and PI⃡k in (5) stands for an intervalized performance index. Consider(1)FMTj=∑i=1NFATiN,j=1,2,3,…,M,(2)PMTk=∑j=1MλjFMTj∑jMλj,k=1,2,3,…,Ls.t.∑jMλj=1,0≤λj≤1,(3)PIk≡1PMTk·Scale,k=1,2,3,…,L,Scale=104,(4)PI¯k=PIkPIkMAX,k=1,2,3,…,L,(5)PI⃡k=PIk-PIkMINPIkMAX-PIkMIN,k=1,2,3,…,L.The ERP cost about capital expenditure, operational expenditure, and business agility has broken into 3 items that are software cost, monthly cost, and downtime cost, respectively. In particular, the downtime cost for each ERP application platform will be proportional to both the ratio of VM density (minor part) and the ratio of ERP performance index (major part). Here, IT manager proceeds to the trial of ERP system as planned for a period of two years where we assume an unexpected downtime may occur once per year and the downtime cost of ECC6.0 is roughly estimated US$ 1000 at a time. Moreover, a formula for calculating the ERP system expenditure has been derived on (6) where VMDECC6.0 represents a VM density of a kind of virtual machine manager applied to ECC6.0 and VMDk to the other ERP application platforms. PIECC6.0 stands for ECC6.0 performance index and PIk for the other ERP performance indexes. For the second term in (6), costmonthly presents the operational expenditure month by month. There is no the cost of software package for OpenERP due to open source software. However, the cost of software package for ECC6.0 in service charge (approximate US$ 164,884 per year) is greater than that of ByDesign (approximate US$ 24,733 per year). Consider the following:(6)CostERPk=α·VMDkVMDECC6.0+β·PIkPIECC6.0·costdowntimeatECC6.0+costmonthly·period+costsoftware,k=1,2,3,…,Ls.t.0≤α≤1,0≤β≤1,α+β=1.The assessment for the various ERP software packages is evaluated according to the so-called cost-performance ratio CPratiok defined on (7), where PIk represents the performance index as shown in (3) for the simplification in computation and CostERPk stands for the operation cost as shown in (6). Consider(7)CPratiok=PIkCostERPk,k=1,2,3,…,L.
5. Experimental Results and Discussion
There are a few experiments and a discussion presented in the following subsessions.
5.1. High-Availability Testing
First in order to verify the high availability of the network, after the network used the function of network bonding, IT manager removed one of the network cables from an edge switch for a few seconds to check whether or not the network satisfies fault tolerance at this situation. After a test of ping command for 50 times, as a result, the connection quality is good because there is no packet loss during the cable removal, achieving the goal of network high availability as shown in Figure 13. Next, in order to verify whether the servers and storage devices achieve high availability, IT manager shuts down a server on which a virtual machine was currently running, while the server-mounted storage device will correspondingly fail. Test results show that failover completed successfully because the virtual machine correctly transferred (migrated) to another server as shown in Figure 14.
Ping command to check the network quality.
Failover using a virtual machine migration.
Before VM migration
After VM migration
5.2. Access Control Authentication and ERP Testing
Users sign in at http://IP:8096 with the browser on an Android smart phone to sign in in-cloud ERP remotely via 3G/WiFi as shown in Figure 15 and next based on biometric measures the process of access control authentication [20, 21] is activated to capture human face and fingerprint at mobile device, deliver them to back-end server for identification, and then return the result back to mobile device. It takes about 2 seconds for identity verification as shown in Figure 16. After that we begin to test ERP routines. Users sign in at http://IP:8096 with the browser on a personal computer to sign-in in-cloud ERP remotely via 3G/WiFi and then go for access control authentication at PC. After that, we begin to test ERP routines on PC as shown in Figures 17 and 18.
Sign-in in-cloud OpenERP at smart phone.
List of products
Sales order
Face recognition and fingerprint identification at smart phone.
Capture images
Identification
List of products of in-cloud OpenERP as sign-in at PC.
Sales order of in-cloud OpenERP as sign-in at PC.
5.3. Network Security Testing
Without checking the instructions in the input field, testing tool has been forced to insert illegal SQL statements to access the sensitive information in database. This is a scenario for the simulation of malicious attacks into a sensitive database. Therefore, two SQL Injection checking tools, open source software, are applicable for testing SQL Injection, where the fist tool is Java-based development jSQL Injection 12 and the second one is NET-based development SQL Power Injector. With this tool to launch a series of automatic attacks into the presentation part of the web interface, IT manager is able to check whether or not outsider can directly access the database content. As a result, there is no SQL Injection vulnerability displayed in the testing tool and none of target database was found in the rectangular box as shown in Figures 19 and 20.
Test of SQL Injection attack using jSQL Injection v0.4.
Test of SQL Injection attack using SQL Power Injector 1.2.
5.4. System Assessment
According to the experiments of online testing in the daily use of ERP in enterprise within a week, it was found that the growth rate of use of in-cloud ERP increased dramatically, approximately 5.2 times than a stand-alone ERP. In terms of the hardware cost in Taiwan, it costs the user $1,002.5 on the hardware equipment for a stand-alone ERP, that is, in-house ERP, in which the additional cost will be paid for air conditioning with monthly fee of $18.4, space rent of $26.7, and hardware equipment maintenance fee of $16.7. In regard to the amortization schedule using monthly payment for a period of two years, it costs $2,486.3 for monthly expenditure. In other words, it costs an average monthly usage fee of $103.6. In contrast, renting an in-cloud ERP service in virtual environment only needs about $50.1 monthly payment and it saves 1.07 times the cost of in-house ERP, that is, reducing the monthly expenditure a lot. In addition to the monthly expenditure, we have to consider the cost of software package for ERP applications. Prices of them usually vary with different levels of functionality for a series of ERP products or various brands in the market. In particular, the high-level and complicated version of ERP commerce product, for example, Sap or Oracle, is more expensive than the standard one. As shown in Table 1, the comparison of the number of access in ERP system and the monthly expenditure for ERP, the proposed in-cloud ERP, is exclusively superior to the in-house ERP. Two well-known benchmark ERP systems, ECC 6.0 [18] and ByDesign [19], are used to compete with the proposed one. According to ERP functional performance, that is, the operational speed of various ERP functions, the proposed approach defeats the others as listed in Table 2. Finally, given three typical instances, the cost-performance ratio for ERP system assessment has been evaluated and clearly the proposed one beats the others as listed in Table 3.
ERP access frequency and its operational cost.
Testing item
Case A: in-house ERP
Case B: in-cloud ERP
Ratio of Case B to Case A
Number of access (times/day)
63
328
5.206
Monthly expenditure (US dollars/month)
103.6
50.1
0.484
ERP operational speed (unit: minute, second).
Function
ECC 6.0 (in-house ERP)
ByDesign (in-cloud ERP)
OpenERP (in-cloud ERP)
Create New Customer Master Data
7.17 min
4.67 min
3 min
Create New Material Master
12.67 min
10 min
8.5 min
Create Sales Order
5.33 min
2 min
1.5 min
Search Function
2.17 min
5 sec
2 sec
Average
6.83 min
4.19 min
3.26 min
ERP cost-performance ratio (cost unit: US$).
ERP
Performance index
Operation cost
C-P ratio
Operation cost
C-P ratio
Operation cost
C-P ratio
α=0.2, β=0.8
α=0.5, β=0.5
α=0.8, β=0.2
ECC 6.0 (in-house ERP)
146341
334,254
0.44
334,254
0.44
334,254
0.44
ByDesign (in-cloud ERP)
238806
53,679
4.45
53,300
4.48
52,921
4.51
OpenERP (in-cloud ERP)
306905
4,958
61.90
4,300
71.38
3,641
84.29
5.5. Discussion
It has been noted that the performance indexes for three models have been listed in Table 3 and they are invariant and are not varied with the parameters, namely, α and β. In Figure 21, the operational cost for our proposed approach has varied with quantity of parameters and goes down dramatically when the value of parameter α is bigger than that of parameter β. Accordingly, C-P ratio for the proposed approach definitely goes up at that situation. As a consequence, according to C-P ratio, our proposed approach outperforms the others even in all different cases, where C-P ratio varied with the quantity of parameters as shown in Figure 22. Compared with the proposed one, namely, in-cloud OpenERP, the C-P ratio of another in-cloud ERP system, that is, in-cloud ByDesign, has slightly increased a little bit as it varied with parameters. This has verified that our proposed approach has been realized successfully and performed significantly for an in-cloud ERP system.
Operational cost varied with the quantity of parameters.
C-P ratio varied with the quantity of parameters.
6. Conclusion
This paper introduces a high-performed high-availability in-cloud enterprise resources planning (in-cloud ERP) deployed in the virtual machine cluster together with access control authentication and network security. The proposed one can resolve the problem of unexpected system failure to cause operation terminated and data loss as well as intrusion hacked and/or malicious attack via internet. In addition, according to the cost-performance (C-P) ratio, the system assessment shows that the proposed approach in this paper outperforms two well-known benchmark ERP systems, in-house ECC 6.0 and in-cloud ByDesign. This has verified that our proposed approach has been realized successfully and performed significantly for an in-cloud ERP system.
Conflict of Interests
The authors declare that there is no conflict of interests regarding the publication of this paper.
Acknowledgment
This work is supported by the National Science Council, Taiwan, under Grant no. NSC 100-2221-E-390-011-MY3.
BeloglazovA.BuyyaR.Energy efficient allocation of virtual machines in cloud data centersProceedings of the 10th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing (CCGrid '10)May 201057757810.1109/ccgrid.2010.452-s2.0-77954925596LaurikainenR.LaitinenJ.LehtovuoriP.NurminenJ. K.Improving the efficiency of deploying virtual machines in a cloud environmentProceedings of the International Conference on Cloud Computing and Service Computing (CSC '12)November 201223223910.1109/CSC.2012.432-s2.0-84874082220SotiriadisS.BessisN.XhafaF.AntonopoulosN.Cloud virtual machine scheduling: modelling the cloud virtual machine instantiationProceedings of the 6th International Conference on Complex, Intelligent, and Software Intensive Systems (CISIS '12)July 201223324010.1109/CISIS.2012.1132-s2.0-84866605659TiansheY.-S.ChoiJ.XiZ.SunY.-H.OuyangC.-S.HuangY.-X.Research of enterprise resource planning in a specific enterpriseProceedings of the IEEE International Conference on Systems, Man and Cybernetics (SMC '06)October 2006Taipei, Taiwan41842210.1109/ICSMC.2006.3844182-s2.0-34548119549de CarvalhoR. A.MonneratR. M.Development support tools for enterprise resource planning2008105394510.1109/MITP.2008.1002-s2.0-52949152942WuH.DingY.YaoL.WinerC.Network security for virtual machine in cloud computingProceedings of the 5th International Conference on Computer Sciences and Convergence Information Technology (ICCIT '10)December 2010182110.1109/ICCIT.2010.57110222-s2.0-79952671882ChangB. R.TsaiH.-F.ChenC.-M.High-performed virtualization services for in-cloud enterprise resource planning system201454614624ZhaoJ.-G.LiuJ.-C.FanJ.-J.DiJ.-X.The security research of network access control systemProceedings of the 1st ACIS International Symposium on Cryptography, and Network Security, Data Mining and Knowledge Discovery, E-Commerce & Its Applications, and Embedded Systems (CDEE '10)October 2010Qinhuangdao, China28328810.1109/CDEE.2010.622-s2.0-79959240181MetzC.AAA protocols: authentication, authorization, and accounting for the internet199936757910.1109/4236.8070152-s2.0-0004909437ZhangL.PersaudA. G.JohnsonA.GuanY.Detection of stepping stone attack under delay and chaff perturbationsProceedings of the 25th IEEE International Performance, Computing, and Communications Conference (IPCCC '06)April 200624725610.1109/.2006.16294142-s2.0-33751045160YangH.-Y.XieL.-X.XieF.A new approach to network anomaly attack detection20084317321ChangB. R.TsaiH.-F.ChenC.-M.Evaluation of virtual machine performance and virtualized consolidation ratio in cloud computing system2013431922002-s2.0-84877002110ChangB. R.TsaiH.-F.ChenC.-M.LinZ.-Y.HuangC.-F.Assessment of hypervisor and shared storage for cloud computing serverProceedings of the 3rd International Conference on Innovations in Bio-Inspired Computing and Applications (IBICA '12)September 2012677210.1109/IBICA.2012.682-s2.0-84870716924StewartK. E.HumphriesJ. W.AndelT. R.An automated virtualization performance analysis platform20129325726510.1177/15485129103918282-s2.0-84868647376WaymanJ. L.Biometrics in identity management systems200862303710.1109/MSP.2008.282-s2.0-41949138126ChangB. R.HuangC.-F.TsaiH.-F.LinZ.-Y.Rapid access control on ubuntu cloud computing with facial recognition and fingerprint identification2012321761902-s2.0-84871218604ImaizumiH.NagataT.KunitoG.YamazakiK.MorikawaH.Power saving mechanism based on simple moving average for 802.3ad link aggregationProceedings of the IEEE Globecom WorkshopsDecember 20091610.1109/GLOCOMW.2009.53607352-s2.0-77951193837DoedtM.SteffenB.Requirement-driven evaluation of remote ERP-system solutions: a service-oriented perspectiveProceedings of the 34th IEEE Software Engineering Workshop (SEW '11)June 2011576610.1109/SEW.2011.142-s2.0-84860008705ElragalA.KommosM. E.In-house versus in-cloud ERP systems: a comparative study201220121365995710.5171/2012.659957ChangC.-C.HuangY.-C.TsaiH.-C.Design and analysis of chameleon hashing based handover authentication scheme for wireless networks2014511071162-s2.0-84891551778LiuT.-H.WangQ.ZhuH.-F.A Multi-function Password Mutual Authentication Key Agreement Scheme with privacy preserving201452163174