Welcome
to the final part of this series. Here we look at some real life scenarios about
how integration work with SaaS based applications. I have taken Kronos, a
leading Workforce Management solution provider, as an example to help us in
understanding the concepts. We also touch upon access control integrations as a
scenario.
A Kronos example
Let us take a workforce management
example in Kronos to understand how it all plays out in a real-life scenario.
In a typical workforce management
implementation, the scene is not so straight forward as depicted in the figure
above. The first thing that strikes is the hybrid integration architecture that
is chosen here. We see a conventional flat file integration through a
middleware (optional) and an API data interchange, both in the same context.
How is this chosen? Let's look back at the integration considerations.
A workforce management system,
which in this case is Kronos, liaises with various external entities such as
HR, payroll, store planning, enterprise business intelligence (BI), and time recording
devices, which are in some cases, supplied by a different vendor. Not all data
are the same. Not all carry the same weight in terms of size and priority. So, picking
one integration solution for the mix may not be an optimal solution. The ones
that are heavy in volume and lower in priority (priority here is assumed to be
urgency) can be interfaced through the traditional integration architecture (Extract,
Transform, Load (ETL) or a flat file through middleware) with a minor tweak.
The slight change here will be that an additional layer of security must be
given to the data using encryption technologies such as Pretty Good Privacy (PGP)
as these may be transmitted to the cloud via public internet channels.
On the other hand, data that is lighter and need to be interfaced real-time or near real-time can be transmitted through Kronos exposed XML API framework. The XML requests and responses get transmitted through secured http links between the client and the Kronos application servers. Along with every such request, a session cookie has to be sent to duly authenticate the request, thus ensuring data and access controls.
Identity management in cloud
Integration is not always just about business data. Identity management and access control are extremely critical integration components that needs to be dealt with utmost care. Needless to say, when dealing with cloud, security is paramount.
The above illustration shows the
entry point architecture for a Kronos SaaS application. Cloud is accessible
from almost anywhere in the world. This exposes the applications that are
hosted on the cloud to hackers and eavesdroppers. Kronos or any other human
capital management (HCM) system carries quite some personally identifiable information
that needs to be protected. In the illustration, once can see how a cloud
system authenticates an entry attempt via different channels. Cloud can be
integrated with various authentication mechanisms such as Security Assertion
Markup Language (SAML) and Lightweight Directory Access Protocol (LDAP),
enabling single sign-on from the organization's network with firewalls opening
up for specific URL entries. Similarly, externally accessible devices can be
made to authenticate through application-specific authentication mechanisms.
Conclusion
With the cloud fever catching up
with many organizations, the need is to first tackle multiple challenges. The
topics discussed above are few among the many challenges. To summarize, integration
models with cloud need to be carefully chosen and discussed to vet out all
possible current and future scenarios.
All considerations listed here
may need to be looked upon when arriving at key architectural decisions. The
final architectural decisions still needs to be analyzed and fitted based on
the organization's IT landscape and orientation towards cloud.
*****End of Part-3 and the series*****
Link to part 2: http://www.infosysblogs.com/oracle/2017/03/integration_on_cloud_-_a_study.html