NDS Integration for PeopleSoft
Articles and Tips: article
01 Jun 1999
Today, the receptionist who sat bored at the front desk for five gum-filled days was fired. You don't know why. You only know that this termination, or term, will cost you in the Information Technology (IT) department and your coworkers in the human resource (HR) department a little time. Your HR coworkers will update the employee's record in the PeopleSoft Human Resource Management System (HRMS) to a termination status. If your HR coworkers follow procedures, they will inform you and others in the IT department that this "term" is legitimate. You will then delete the bubble-blowing receptionist's Novell Directory Services (NDS) and e-mail accounts.
Although this database cleaning will cost you probably only five or ten minutes, wouldn't it be nice if the NDS account disappeared when HR terminated the PeopleSoft record? Wouldn't it be convenient if the e-mail account also vanished into thin cyber-air? This level of convenience is possible, and what makes it possible isn't magic. It's NDS Integration for PeopleSoft.
NDS Integration for PeopleSoft is both a Novell business product and a Novell Consulting offering that integrates the PeopleSoft HRMS and NDS databases. PeopleSoft is a leading provider of Enterprise Resource Planning (ERP) applications geared toward a range of private and public industries, including government, higher education, and healthcare. (For more information about PeopleSoft, visit the PeopleSoft web site at http://www.peoplesoft.com.) PeopleSoft HRMS is a business-process solution that works with any PeopleSoft industry-specific application to help manage people data, the information that HR maintains about people working at your company. (For example, people data includes employees' names, addresses, birth dates, salaries, and information about benefits and retirement plans.)
NDS Integration for PeopleSoft integrates your company's PeopleSoft HRMS and NDS databases through software components that Novell consultants install on network clients and servers. Before installing and configuring these components, Novell consultants work closely with your company's IT and HR personnel to understand the business and network processes related to maintaining your company's people data. For example, Novell consultants study the processes surrounding hiring, firing, and transferring employees; the policies for creating new NDS accounts; and the people data to which employees and HR managers will most likely want access.
When the Novell consultants are satisfied that they understand those business processes and your company's network operations, these consultants configure a customized NDS Integration for PeopleSoft solution for your company. NDS Integration for PeopleSoft offers components that provide the following benefits:
User account automation and data synchronization
Self-service access to PeopleSoft data
Single username and password (for web clients) and single login (for PeopleSoft clients)
Novell Consulting sells these components separately, enabling you to choose the benefits your company needs. The single sign-on and self-service components are available today. The user account automation and data synchronization components will be available soon. (For pricing and availability information, see http://consulting.novell.com/solutions/ndsint_ps.html.
In addition, Novell consultants are "continuously developing [NDS Integration for PeopleSoft] components based on customers' needs," states Todd Powell, Novell product manager, "and we keep rolling in these newly developed components." In other words, Powell explains, "If [customers] want it, we'll build it."
With NDS Integration for PeopleSoft, HR won't need to tell you that the receptionist has been fired. You'll probably still hear about the receptionist's sticky exit through the rumor network, but you won't have to touch the data network--nor will anyone else in IT. Instead, HR will terminate the receptionist's employee record in the PeopleSoft database. NDS Integration for PeopleSoft will then trigger a process that will ensure that the receptionist's NDS and e-mail accounts are automatically deleted or disabled (depending on the policies you have defined in NDS). Likewise, when HR creates a record in the PeopleSoft database for the newly hired receptionist, NDS Integration for PeopleSoft will trigger a process that ensures that the NDS and e-mail accounts are created for the new employee.
NDS Integration for PeopleSoft can also trigger processes that update information in NDS. NDS Integration for PeopleSoft triggers these update processes when employees or HR managers change particular fields in PeopleSoft employee records (fields to which you have granted employees and HR managers rights in NDS). NDS Integration for PeopleSoft synchronizes PeopleSoft data that you explicitly choose to synchronize with NDS--that is, data you choose to make "NDS aware."
You can also choose to synchronize your company's e-mail directory with the PeopleSoft database. NDS Integration for PeopleSoft then triggers processes that update corresponding data fields in an e-mail directory.
As part of their initial consulting services, Novell consultants work with your company's IT and HR personnel to determine which PeopleSoft data you would like to synchronize with NDS. Novell consultants also help you determine which data fields in your e-mail directory you want to synchronize with NDS. (When the user account automation and data synchronization component is first available, it will support GroupWise versions 5.2 and above. Soon after, this component will also support Lotus Notes and Microsoft Exchange.)
Initially, the data synchronization that NDS Integration for PeopleSoft provides works only in one direction: PeopleSoft to NDS to e-mail directory. However, ultimately, Novell Consulting plans to allow for bidirectional data synchronization: e-mail directory to NDS to PeopleSoft. For example, when an e-mail application, such as GroupWise, updates NDS and modifies NDS database fields that you have explicitly requested to synchronize with the PeopleSoft database, NDS Integration for PeopleSoft will be able to push that data through to the PeopleSoft database.
HOW DOES IT WORK?
When an employee record in the PeopleSoft database is created, modified, or terminated, two major architectural agents work behind the scenes to enable user account automation and data synchronization among PeopleSoft, NDS, and your company's e-mail directory:
PeopleSoft Services Agent (PSA), which is a collection of software processes and components
Account Synchronization Agent (ASA), which is a collection of components
The software processes and components that comprise these agents run on one or more of three servers. (See Figure 1.)
Figure 1: NDS Integration for PeopleSoft components run on one of three servers?a NetWare 5 server, a server running PeopleSoft 6 or higher, and a server running Win32.
A NetWare 5 server
A database server running PeopleSoft 6 or higher
A server running Microsoft Win32, which Novell recommends you run on top of Windows NT 4 or higher with Service Pack 3 or higher
The software processes and components that comprise PSA run on the PeopleSoft database server. Among its other functions, PSA maintains a queue of all the changes to the PeopleSoft database about which NDS should be aware. (In PeopleSoft terminology, this queue is called a worklist.)
Specifically, when a PeopleSoft employee record is created or terminated, a PeopleSoft process called Workflow initiates an Add or Disable event, which triggers PSA to list that event in the NDS Integration for PeopleSoft queue. Likewise, when NDS-aware data in an existing PeopleSoft record is changed, Workflow initiates an Update event, which triggers PSA to list the Update event in the queue.
The events listed in the queue are then processed by ASA. Most of the ASA components run on the Win32 server, which functions as a gateway between the NetWare 5 and PeopleSoft servers. The ASA components include (but are not limited to) the following: an NDS agent or broker and the NDS Integration for PeopleSoft snap-in module for the NetWare Administrator (NWADMIN) utility.
An NDS broker runs on the Win32 server and communicates with the PeopleSoft database through a PeopleSoft application programming interface (API) called PeopleSoft Message Agent, which also runs on the Win32 server. (See Figure 1.) Interfacing with the PeopleSoft Message Agent, the NDS broker periodically checks the NDS Integration for PeopleSoft queue. When the NDS broker finds an Add, Disable, or Update event listed in the queue, the NDS broker and other ASA components process the event after consulting policies that are stored in NDS.
To define these NDS policies, you use the Policy Manager, which you create using the NDS Integration for PeopleSoft snap-in for the NWADMIN utility. These policies dictate how, when, and where NDS Integration for PeopleSoft should create, delete, or modify NDS and e-mail accounts. The policies you create clarify details such as the following:
How to generate a username and password for new NDS accounts
What rights and privileges to assign to newly created NDS User objects
Whether or not to create an e-mail account when HR creates a new hire in PeopleSoft
In other words, based on the policies you define in NDS, ASA determines how to process a PeopleSoft event, which the NDS broker (a component of ASA) finds listed in the NDS Integration for PeopleSoft queue. For example, suppose that Harold HR guy creates a new employee record in PeopleSoft for employee Ed, the new receptionist. When Harold creates this record, PeopleSoft Workflow initiates an Add event, which in turn triggers PSA to list that Add event in the NDS Integration for PeopleSoft queue. When the NDS broker learns about the Add event, the broker and other ASA components process that event by creating an NDS account and an e-mail account for Ed according to predefined NDS policies.
Because Ed's new company uses the user account automation and data synchronization component of NDS Integration for PeopleSoft, receptionist Ed will have network and e-mail accounts before he has read even half of the employee handbook. When Ed finishes reading the employee handbook, he will be able to log in to the network and get to work--he loses no time (and the company, therefore, wastes no money) waiting for his network and e-mail accounts. If the company has implemented the NDS Integration for PeopleSoft self-service component, Ed may also be able to view and correct any errors on his employee record before the end of his first day.
NDS Integration for PeopleSoft offers self-service access to PeopleSoft data from a GroupWise client or a web browser. To enable this self-service access, you use the Forms Wizard, a 32-bit application that is included with NDS Integration for PeopleSoft, to create HTML forms. (For more information about creating self-service forms, see "Helping Others Help Themselves.") You control users' rights to view and use these forms through NDS. In addition, you can use the Forms Wizard to specify whether users can only view the information in a field or whether they can modify that information.
Figure 2: The <form method=> tag line determines if the self-service form is for web browsers or for GroupWise clients.
NDS Integration for PeopleSoft includes ten basic HTML forms that allow users to access their PeopleSoft data. These generic forms enable access to PeopleSoft data such as the following: personal address and phone number, social security number, beneficiary data, emergency contacts, and compensation data.
You can use these generic forms as they are, or you can customize them. For example, you can change the font style and size, add graphics, or insert your company logo. You can also create additional forms to enable access to other PeopleSoft data.
To control users' rights to access and use the NDS Integration for PeopleSoft self-service forms, you use the form's corresponding NDS object. Depending on the options you select when you create the form, the Forms Wizard creates this NDS object automatically, or you create it manually. When a user tries to access a self-service form, both the GroupWise and web-based clients check NDS to determine if the user has been granted rights to the form's NDS object. (See "Helping Others Help Themselves.")
USING THE GROUPWISE CLIENT
As you might expect, the way users access self-service forms from a GroupWise client differs from the way users access self-service forms from a web browser. To access PeopleSoft data via self-service forms, GroupWise clients run a customized third-party object (C3PO) application that Novell Consulting created. (This C3PO application is included with NDS Integration for PeopleSoft.) When you install this C3PO application, a Request Form button appears on the GroupWise control bar. If users click the Request Form button, they see a Form dialog box that displays all of the self-service forms to which they have NDS rights. When users select a form, the C3PO application sends a message to a GroupWise client broker, another ASA component that runs on the Win32 server. (See Figure 1.)
This client broker in turn communicates with the PeopleSoft database (via the PeopleSoft Message Agent) to retrieve the user's HR information from his or her PeopleSoft record. The client broker uses this information to complete the fields on the requested form, and the completed form appears as a new object in the user's GroupWise universal mailbox. When users double-click this object, an HTML viewer displays the form.
USING THE WEB CLIENT
Users who want to access PeopleSoft data from a web browser simply enter the URL to your company's Personal Identity Center. (See Figure 3.) The Personal Identity Center is a Java-based application that enables web users to access NDS Integration for PeopleSoft services. For example, the Personal Identity Center provides links to tools that can search the NDS tree and links to self-service forms. This Personal Identity Center and the services to which it provides links are made possible through a Java servlet running on the NetWare 5 server. (For more information about Java servlets, see the related article.)
Figure 3: The Personal Identity Center is a Java-based application that enables web users to access NDS Integration for PeopleSoft services.
When users click the self-service button on the Personal Identity Center, they see a list of the forms to which they have NDS rights. When users select a particular form, the Java servlet requests the PeopleSoft information required to complete that form. The servlet sends this request to an ASA web client broker via Common Object Request Broker Architecture (CORBA) agents running on the NetWare 5 and Win32 servers. (See Figure 1.)
The web client broker communicates with the PeopleSoft database (via the PeopleSoft Message Agent) to retrieve the user's HR data from PeopleSoft. The client broker uses this data to complete the fields on the requested form and sends the completed form to the user's browser, which in turn displays the form.
If Ed's company is using the self-service component of NDS Integration for PeopleSoft, Ed can log in to the network, open his browser, and access the Personal Identity Center on his company's intranet. From this site, Ed can access the self-service forms to which he has been granted rights in NDS. Using these forms, Ed can check and correct the information HR has entered in his employee record.
ONE USERNAME, ONE PASSWORD
When Ed clicks on the link to the web-based self-service forms, a login dialog box prompts him to enter the credentials that verify his right to access his HR information stored in the PeopleSoft database. Ed doesn't need a separate set of credentials to use these self-service forms. Rather, Ed can use his NDS username and password. Using NDS credentials to access PeopleSoft data from a web browser is made possible through a Java class in the servlet running on the NetWare 5 server.
This Java class uses PeopleSoft employee ID numbers as links between NDS and the PeopleSoft database. When users enter their NDS username and password to access their PeopleSoft data, the Java class in the servlet validates those credentials in NDS. Next, the Java class makes that user's employee ID number (stored in NDS) available to the PeopleSoft database, enabling the user to access the PeopleSoft database--without having to remember and enter a PeopleSoft employee ID. (For more information about Java classes, see the related article.)
NetWare 5 User objects already include employee ID fields. However, NetWare 4 User objects do not. If you are running NetWare 4, NDS Integration for PeopleSoft extends the NDS schema to create an employee ID field. NDS Integration for PeopleSoft also includes a utility that helps you ensure that the PeopleSoft employee IDs are mapped and copied to the appropriate NDS User objects.
In-house and third-party developers can also use this Java class "to enable their applications to be NDS aware," says Novell senior consultant and architect Dave Horne. By "NDS aware" applications, Horne means applications to which users can gain access using only their NDS credentials. In fact, Novell has worked with third-party vendors to apply this technology to two other HR applications: the Employee Builder Series (EBS), a performance management system from Austin-Hayne Corp. (http://www.austin-hayne.com), and a time-and-attendance module for ClickHR from Interactive Corporate Communications Inc. (http://www.interactivecorp.com).
Novell has used the Java class component of the NDS Integration for PeopleSoft servlet to make all of these applications NDS aware. Diana Christides, Novell's director of people data and systems, finds that this technology makes her life easier. Christides says, "We no longer have to hand each of our managers an ID number and password for each application. Managers just use their NDS credentials."
LOG IN ONCE AND FOR ALL
In addition to enabling users to enter their NDS credentials to access the web-based self-service component, NDS Integration for PeopleSoft provides a single sign-on for PeopleSoft administrators and users. (PeopleSoft administrators and users have PeopleSoft accounts and use the PeopleSoft client to access the business functionality of PeopleSoft.) To access their PeopleSoft accounts, PeopleSoft administrators and users log in once to the network, and thereafter, they can use their PeopleSoft account any time--without having to log in again to NDS or to PeopleSoft. This single login is possible because NDS Integration for PeopleSoft uses NetWare 5's secret store technology.
In general, secret store technology enables you to store users' access credentials for other applications securely in NDS. Secret store technology extends the NDS schema to store users' secrets (that is, credentials to third-party applications) as properties of NDS User objects. If credentials for a third-party application are in the NDS secret store, users will not have to reenter those credentials. Credentials are entered in secret store in one of two ways:
Using a snap-in module to the NWADMIN utility, you enter the users' credentials in NDS secret store.
When accessing an application for the first time, users complete the login screen by entering their credentials, which are then automatically sent to and stored in NDS secret store.
A file on the client side of an application must be modified to enable the application to retrieve users' credentials from NDS. This file calls NDS to verify the user has an authenticated connection to the network and to retrieve the secret.
In the case of PeopleSoft, Novell Consulting has modified an existing PeopleSoft file. When a user double-clicks the PeopleSoft icon on the desktop, the PeopleSoft client calls this file. The file checks NDS for the user's credentials in secret store. If NDS finds the user's credentials, those credentials are used to authenticate the user to PeopleSoft. If secret store is empty for that user, the user is prompted to enter his or her credentials. (For more information about NetWare 5's secret store technology, see "With NICI, It's All Holes Barred," NetWare Connection, Dec. 1998, p. 15. You can download this article from http://www.nwconnection.com/past.)
A MINUTE SAVED IS A DOLLAR EARNED
Regardless of which NDS Integration for PeopleSoft components you choose, one thing is certain: NDS Integration for PeopleSoft will help your company save time and money. How much money will your company save? Naturally, the potential savings vary from company to company. However, on its web site, Novell Consulting has posted a Return on Investment (ROI) calculator for NDS Integration for PeopleSoft. (See Figure 4.) The ROI calculator can help you estimate the ROI for your company. (You can access the ROI calculator at http://consulting.novell.com/solutions/roi.htm.)
Figure 4: The Return on Investment (ROI) calculator helps you estimate how much money your company can save by implementing NDS Integration for PeopleSoft components.
The ROI calculator helps you estimate savings based on the hypothetical implementation of one or all of the standard NDS Integration for PeopleSoft components. For each component, you are asked to estimate how much money your company spends now performing tasks related to that component. The calculator then estimates your company's annual savings.
By default, the calculator offers Novell Consulting's own conservative estimates. For example, under the Employee Self-Service heading, Novell Consulting estimates that your company spends about $25 each time an employee calls HR with a question about his or her own information. Imagine how many of a company's 500 or more employees call HR each week to figure out how many vacation hours they've accrued or to change their telephone number or address. Although the cost of a single phone call is deceptively low, $25 per call adds up quickly, even if HR handles as few as 10 calls per week.
Novell Consulting also conservatively estimates that you spend $15 each time you create, delete, or change an NDS account. Again, $15 per account may not sound like a lot if you're working at a company with fewer than 100 employees. But imagine how many employees are hired, terminated, and transferred each week at a company with 500 or more employees. When you imagine that number, you can see how quickly $15 here and there can add up--and how quickly NDS Integration for PeopleSoft will pay for itself.
Linda Kennard works for Niche Associates, which is based in Sandy, Utah.
* Originally published in Novell Connection Magazine
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.