Mathematical and Computational Topics in Design StudiesView this Special Issue
Assessment of In-Cloud Enterprise Resource Planning System Performed in a Virtual Cluster
This paper introduces a high-performed high-availability in-cloud enterprise resources planning (in-cloud ERP) which has deployed in the virtual machine cluster. The proposed approach can resolve the crucial problems of ERP failure due to unexpected downtime and failover between physical hosts in enterprises, causing operation termination and hence data loss. Besides, the proposed one together with the access control authentication and network security is capable of preventing intrusion hacked and/or malicious attack via internet. Regarding system assessment, cost-performance (C-P) ratio, a remarkable cost effectiveness evaluation, has been applied to several remarkable ERP systems. As a result, C-P ratio evaluated from the experiments shows that the proposed approach outperforms two well-known benchmark ERP systems, namely, in-house ECC 6.0 and in-cloud ByDesign.
The service-oriented packages in enterprises like enterprise resources planning (ERP) system have quite often encountered the occurrence of unexpected downtime or power failure that may cause immediately system operation termination and data loss. Technically speaking, to timely transfer everything from a host to another is difficult and to resume the original task in a new host as usual cannot be guaranteed. Furthermore, in the event of task transfer to a new host, one may encounter that data is not able to upload concurrently to a new host from external data source. Therefore, in this paper, we introduce a novel approach of high reliability for the task transfer between hosts, that is, a high-performed high-availability in-cloud enterprise resources planning (in-cloud ERP) which has deployed in the virtual machine cluster for tackling the above-mentioned crucial problem. Here, this paper gives a scheme, taking advantage of virtual machine cluster [1–3] to deal with the failover problem as well. The proposed approach has built in-cloud ERP [4, 5] in the virtual environment so that the client is able to use mobile devices wirelessly and easily to access in-cloud services via Wi-Fi/3G, but identity verification must be carried out through access control authentication  in the cloud. Besides, an open source ERP, namely, OpenERP , has been deployed successfully, as shown in Figure 1, instead of commercial high-price ERP. Additionally, access control authentication [8, 9] as mentioned above has brought into a virtual machine to proceed with identity verification, secured sign-in, and attendance audit, as shown in Figures 2 and 3. Thus, detecting imminent potential BotNet , intrusion hacked, and malicious attacks  in virtual network can efficiently increase the network security.
2. Authentication and Network Security for Cloud-Based ERP
2.1. In-Cloud ERP and Authentication
Virtual machine clustering system in cloud is an integration of virtualization, virtual machines, and virtual services so that it can make existing resources be fully applied, such as VMware ESX/ESXi Server , Microsoft Hyper-V R2 , or Proxmox Virtual Environment . This system can let users run many operating systems in a single physical computer simultaneously which largely decreases the expense of purchasing PCs. The most important of all is that it has the following major functions including virtual machine live migration, virtual storage live migration, distributed resource scheduling, high availability, fault tolerance, backup and disaster recovery, the transfer from physical machines to virtual machines, direct hardware accessing, and virtual network switching. This study introduces Proxmox Virtual Environment as the cloud computing and service platform with the virtual environment. The kernel-based virtual machine (KVM) acts as the main core of virtual machine, and it has installed the kernel of Linux-based operating system. OpenERP is adopted in this study as an ERP application which provides many solutions for open sources software in the future, having it more expandable, making a great progress on cost deduction. The in-cloud ERP is established as follows. (1) Build Proxmox VE virtual machine cluster and through WebPages manage the virtual machine. (2) Create a virtual machine and set up its guest operating system in Proxmox VE virtual machine cluster. (3) Set up OpenERP in virtual machine, inclusive of OpenERP AP, PostgreSQL database, and web interface for end-user. (4) Sign in at http://localhost:8096 or http://IP:8096 with the browser on virtual machine, pop up a login page of OpenERP, and then sign in to the administrator to install the necessary modules as a result of an interface of user management. (5) Set up AP Server for biometrics security . When users sign in, it will collect users’ biometric features with capturing devices at client side as evidence of legal or illegal sign-in .
2.2. Network Security for In-Cloud ERP
The use of virtual machines to build firewall and gateway receives multiple benefits, that is, easy management, high scalability, and low cost. For example, a virtual machine equipped with pfSense (http://www.pfsense.org/) or Zentyal (http://www.zentyal.com/) system is all quite easy to manage a network system as shown in Figure 4. However ERP databases containing sensitive information are not allowed to access data directly from the external network, instead to set up an intranet one for data access. According to a variety of different virtual machine managements, there are many different approaches to virtual network layout or configuration. For example, if virtual machine management has its own built-in NAT function, IT manager may install an OpenERP  into a virtual machine with two network interface cards, one connected to the external network via the bridge mode for internet, whereas the other connected internally via NAT mode for intranet. Without software firewall for protection, the network does not come up with a hardware firewall, apparently leading to less secure environment in which even common network attacks may also cause system crash as shown in Figure 5. In addition to the scenario mentioned above, IT manager does not consider the use of the built-in NAT function in virtualization management and in contrast takes alternative scheme into account employing pfSense or Zentyal to build a software firewall server. This way goes through port forwarding service to redirect http port packets to OpenERP. External network can not access the interior one where port forwarding service is not allowed or set. Besides, its protection against the common network attacks can also ensure that the user interface gains both the security and stability as shown in Figure 6.
3. High Availability for In-Cloud ERP
3.1. Virtual Machine High Availability
(1) Consider virtual machine live migration. When an execution error occurs at a node and causes an interruption, virtual machines at that node can be migrated themselves to the other nodes in which the left tasks of the failure node are also to be continued herein. A prerequisite is to ask for a shared storage as well as two units or more servers, for example, a Proxmox VE system as shown in Figure 7. (2) Virtual storage live migration is as follows. The system provides HA in virtual machines and accordingly HA will also support virtual storage as well. Generally, connecting a shared storage (e.g., SAN), the system may achieve the purpose of reaching a low downtime. When an execution error occurs at a node and causes an interruption, virtual storage at that node can be migrated itself to the other nodes to resume the left tasks of the failure node. (3) Distributed resource scheduling is as follows. Virtual machine management system such as Hyper-V  imports nonuniform memory access (NUMA) mechanism for the resources allocation, in which computing cores and memory are divided into nodes, and each virtual machine attaches the corresponding node in accordance with the amount of the allocation of resources. That is, the resources of a virtual machine may be allocated from different server hardware resources as shown in Figure 8. (4) Fault tolerance is as follows. The main principle of reaching a zero downtime such as VMware vSphere  is that when a primary virtual machine is running, the system automatically generates a redundant virtual machine, totally equal to the primary one, located in other servers to synchronize the task. Once the system detects the primary virtual machine failure, the running task is immediately transferred to the redundant virtual machine; this redundant virtual machine becomes the primary virtual machine at once, and the system will replicate another redundant virtual machine once again as shown in Figure 9.
3.2. Network High Availability
With link aggregation control protocol (LACP) , network interface cards can utilize network bounding techniques that will combine multiple network interface cards together, and in the meantime set the parameters of network interface card related to the HA function. For example, Linux systems can use the software ifenslave to gain fault-tolerant features in the combined network interface cards. That is, as one of network interface cards fails, work load will automatically switch to another one to carry on the successive networking tasks as shown in Figure 10.
3.3. Storage High Availability
In general, storage device of iSCSI or NAS is able to provide hard drive array (RAID) function. If the system needs to consider both cost and performance and fault tolerance solution, type of RAID 0+1 disk array is suggested to organize hard drive array, as shown in Figure 11. In addition, iSCSI or NAS storage device also probably risks the failure incident and hence the storage device needs to consider HA. At present, the storage device manufacturers have incorporated synchronous backup mechanism, but on the contrary the traditional storage devices may not have this feature, where an additional server is required for implementing the synchronization between the primary storage and the secondary one as shown in Figure 12. According to HA of virtual machine, network, and storage as mentioned above, a diagram of in-cloud platform with high availability is illustrated in Figure 12. With the minimum facility required for HA structure, the system needs at least two high-performance computing servers, two high-speed network switches, and two high-reliability storages to establish an in-cloud platform with HA.
4. ERP System Assessment
According to the functional mean time in average functional access time for each ERP application platform on (1), we derived the respective each platform mean time equation (2). After that a performance index is defined on (3) and sequentially normalized to be a value ranging from 0 to 1 on (4), where we refer to this as a normalized performance index corresponding to each ERP application platform. In (1), is a functional access time for a specific function (e.g., Create New Customer Master Data, Create New Material Master, Create Sales Order, or Search Function) running in an ERP application, and accordingly represents a functional mean time for various functions. In (2), stands for a platform mean time for a variety of ERP applications (e.g., ECC6.0 , ByDesign , or OpenERP), and the coefficients act as a weighted average. In (3), means a performance index for a specific ERP application platform. In addition, there are two more performance indexes that are also applicable, where in (4) represents a normalized performance index for a specific ERP application platform, and in (5) stands for an intervalized performance index. ConsiderThe ERP cost about capital expenditure, operational expenditure, and business agility has broken into 3 items that are software cost, monthly cost, and downtime cost, respectively. In particular, the downtime cost for each ERP application platform will be proportional to both the ratio of VM density (minor part) and the ratio of ERP performance index (major part). Here, IT manager proceeds to the trial of ERP system as planned for a period of two years where we assume an unexpected downtime may occur once per year and the downtime cost of ECC6.0 is roughly estimated US$ 1000 at a time. Moreover, a formula for calculating the ERP system expenditure has been derived on (6) where represents a VM density of a kind of virtual machine manager applied to ECC6.0 and to the other ERP application platforms. stands for ECC6.0 performance index and for the other ERP performance indexes. For the second term in (6), costmonthly presents the operational expenditure month by month. There is no the cost of software package for OpenERP due to open source software. However, the cost of software package for ECC6.0 in service charge (approximate US$ 164,884 per year) is greater than that of ByDesign (approximate US$ 24,733 per year). Consider the following:The assessment for the various ERP software packages is evaluated according to the so-called cost-performance ratio defined on (7), where represents the performance index as shown in (3) for the simplification in computation and stands for the operation cost as shown in (6). Consider
5. Experimental Results and Discussion
There are a few experiments and a discussion presented in the following subsessions.
5.1. High-Availability Testing
First in order to verify the high availability of the network, after the network used the function of network bonding, IT manager removed one of the network cables from an edge switch for a few seconds to check whether or not the network satisfies fault tolerance at this situation. After a test of ping command for 50 times, as a result, the connection quality is good because there is no packet loss during the cable removal, achieving the goal of network high availability as shown in Figure 13. Next, in order to verify whether the servers and storage devices achieve high availability, IT manager shuts down a server on which a virtual machine was currently running, while the server-mounted storage device will correspondingly fail. Test results show that failover completed successfully because the virtual machine correctly transferred (migrated) to another server as shown in Figure 14.
(a) Before VM migration
(b) After VM migration
5.2. Access Control Authentication and ERP Testing
Users sign in at http://IP:8096 with the browser on an Android smart phone to sign in in-cloud ERP remotely via 3G/WiFi as shown in Figure 15 and next based on biometric measures the process of access control authentication [20, 21] is activated to capture human face and fingerprint at mobile device, deliver them to back-end server for identification, and then return the result back to mobile device. It takes about 2 seconds for identity verification as shown in Figure 16. After that we begin to test ERP routines. Users sign in at http://IP:8096 with the browser on a personal computer to sign-in in-cloud ERP remotely via 3G/WiFi and then go for access control authentication at PC. After that, we begin to test ERP routines on PC as shown in Figures 17 and 18.
(a) List of products
(b) Sales order
(a) Capture images
5.3. Network Security Testing
Without checking the instructions in the input field, testing tool has been forced to insert illegal SQL statements to access the sensitive information in database. This is a scenario for the simulation of malicious attacks into a sensitive database. Therefore, two SQL Injection checking tools, open source software, are applicable for testing SQL Injection, where the fist tool is Java-based development jSQL Injection 12 and the second one is NET-based development SQL Power Injector. With this tool to launch a series of automatic attacks into the presentation part of the web interface, IT manager is able to check whether or not outsider can directly access the database content. As a result, there is no SQL Injection vulnerability displayed in the testing tool and none of target database was found in the rectangular box as shown in Figures 19 and 20.
5.4. System Assessment
According to the experiments of online testing in the daily use of ERP in enterprise within a week, it was found that the growth rate of use of in-cloud ERP increased dramatically, approximately 5.2 times than a stand-alone ERP. In terms of the hardware cost in Taiwan, it costs the user $1,002.5 on the hardware equipment for a stand-alone ERP, that is, in-house ERP, in which the additional cost will be paid for air conditioning with monthly fee of $18.4, space rent of $26.7, and hardware equipment maintenance fee of $16.7. In regard to the amortization schedule using monthly payment for a period of two years, it costs $2,486.3 for monthly expenditure. In other words, it costs an average monthly usage fee of $103.6. In contrast, renting an in-cloud ERP service in virtual environment only needs about $50.1 monthly payment and it saves 1.07 times the cost of in-house ERP, that is, reducing the monthly expenditure a lot. In addition to the monthly expenditure, we have to consider the cost of software package for ERP applications. Prices of them usually vary with different levels of functionality for a series of ERP products or various brands in the market. In particular, the high-level and complicated version of ERP commerce product, for example, Sap or Oracle, is more expensive than the standard one. As shown in Table 1, the comparison of the number of access in ERP system and the monthly expenditure for ERP, the proposed in-cloud ERP, is exclusively superior to the in-house ERP. Two well-known benchmark ERP systems, ECC 6.0  and ByDesign , are used to compete with the proposed one. According to ERP functional performance, that is, the operational speed of various ERP functions, the proposed approach defeats the others as listed in Table 2. Finally, given three typical instances, the cost-performance ratio for ERP system assessment has been evaluated and clearly the proposed one beats the others as listed in Table 3.
It has been noted that the performance indexes for three models have been listed in Table 3 and they are invariant and are not varied with the parameters, namely, and . In Figure 21, the operational cost for our proposed approach has varied with quantity of parameters and goes down dramatically when the value of parameter is bigger than that of parameter . Accordingly, C-P ratio for the proposed approach definitely goes up at that situation. As a consequence, according to C-P ratio, our proposed approach outperforms the others even in all different cases, where C-P ratio varied with the quantity of parameters as shown in Figure 22. Compared with the proposed one, namely, in-cloud OpenERP, the C-P ratio of another in-cloud ERP system, that is, in-cloud ByDesign, has slightly increased a little bit as it varied with parameters. This has verified that our proposed approach has been realized successfully and performed significantly for an in-cloud ERP system.
This paper introduces a high-performed high-availability in-cloud enterprise resources planning (in-cloud ERP) deployed in the virtual machine cluster together with access control authentication and network security. The proposed one can resolve the problem of unexpected system failure to cause operation terminated and data loss as well as intrusion hacked and/or malicious attack via internet. In addition, according to the cost-performance (C-P) ratio, the system assessment shows that the proposed approach in this paper outperforms two well-known benchmark ERP systems, in-house ECC 6.0 and in-cloud ByDesign. This has verified that our proposed approach has been realized successfully and performed significantly for an in-cloud ERP system.
Conflict of Interests
The authors declare that there is no conflict of interests regarding the publication of this paper.
This work is supported by the National Science Council, Taiwan, under Grant no. NSC 100-2221-E-390-011-MY3.
R. Laurikainen, J. Laitinen, P. Lehtovuori, and J. K. Nurminen, “Improving the efficiency of deploying virtual machines in a cloud environment,” in Proceedings of the International Conference on Cloud Computing and Service Computing (CSC '12), pp. 232–239, November 2012.View at: Publisher Site | Google Scholar
S. Sotiriadis, N. Bessis, F. Xhafa, and N. Antonopoulos, “Cloud virtual machine scheduling: modelling the cloud virtual machine instantiation,” in Proceedings of the 6th International Conference on Complex, Intelligent, and Software Intensive Systems (CISIS '12), pp. 233–240, July 2012.View at: Publisher Site | Google Scholar
Y.-S. Tianshe, J. Choi, Z. Xi, Y.-H. Sun, C.-S. Ouyang, and Y.-X. Huang, “Research of enterprise resource planning in a specific enterprise,” in Proceedings of the IEEE International Conference on Systems, Man and Cybernetics (SMC '06), pp. 418–422, Taipei, Taiwan, October 2006.View at: Publisher Site | Google Scholar
B. R. Chang, H.-F. Tsai, and C.-M. Chen, “High-performed virtualization services for in-cloud enterprise resource planning system,” Journal of Information Hiding and Multimedia Signal Processing, vol. 5, no. 4, pp. 614–624, 2014.View at: Google Scholar
J.-G. Zhao, J.-C. Liu, J.-J. Fan, and J.-X. Di, “The security research of network access control system,” in Proceedings of the 1st ACIS International Symposium on Cryptography, and Network Security, Data Mining and Knowledge Discovery, E-Commerce & Its Applications, and Embedded Systems (CDEE '10), pp. 283–288, Qinhuangdao, China, October 2010.View at: Publisher Site | Google Scholar
L. Zhang, A. G. Persaud, A. Johnson, and Y. Guan, “Detection of stepping stone attack under delay and chaff perturbations,” in Proceedings of the 25th IEEE International Performance, Computing, and Communications Conference (IPCCC '06), pp. 247–256, April 2006.View at: Publisher Site | Google Scholar
H.-Y. Yang, L.-X. Xie, and F. Xie, “A new approach to network anomaly attack detection,” Fuzzy Systems and Knowledge Discovery, vol. 4, pp. 317–321, 2008.View at: Google Scholar
B. R. Chang, H.-F. Tsai, and C.-M. Chen, “Evaluation of virtual machine performance and virtualized consolidation ratio in cloud computing system,” Journal of Information Hiding and Multimedia Signal Processing, vol. 4, no. 3, pp. 192–200, 2013.View at: Google Scholar
B. R. Chang, H.-F. Tsai, C.-M. Chen, Z.-Y. Lin, and C.-F. Huang, “Assessment of hypervisor and shared storage for cloud computing server,” in Proceedings of the 3rd International Conference on Innovations in Bio-Inspired Computing and Applications (IBICA '12), pp. 67–72, September 2012.View at: Publisher Site | Google Scholar
B. R. Chang, C.-F. Huang, H.-F. Tsai, and Z.-Y. Lin, “Rapid access control on ubuntu cloud computing with facial recognition and fingerprint identification,” Journal of Information Hiding and Multimedia Signal Processing, vol. 3, no. 2, pp. 176–190, 2012.View at: Google Scholar
C.-C. Chang, Y.-C. Huang, and H.-C. Tsai, “Design and analysis of chameleon hashing based handover authentication scheme for wireless networks,” Journal of Information Hiding and Multimedia Signal Processing, vol. 5, no. 1, pp. 107–116, 2014.View at: Google Scholar
T.-H. Liu, Q. Wang, and H.-F. Zhu, “A Multi-function Password Mutual Authentication Key Agreement Scheme with privacy preserving,” Journal of Information Hiding and Multimedia Signal Processing, vol. 5, no. 2, pp. 163–174, 2014.View at: Google Scholar