Disabling the App Engine Server

I was having a discussion with another admin recently, and he questioned why we were running our process schedulers with Application Engine Server(PSAESRV) enabled. He pointed out that there is very little gained by running PSAESRV, so why have it turned on?

Now, you aren’t completely without loss in turning this off. Depending on what applications you are running and what your system’s needs are, you will have to make that decision for yourself. Check out Doc ID 651970.1 in MOS for a run down on the pros and cons for each method of running App Engines on your process schedulers.

#4 – Demo’s, PUM and PI

In episode 4, Dan and Kyle talk about Demo environments and why the traditional need for Demo’s may change, the PeopleSoft Update Manager, and how to manager PeopleSoft Images. We also discuss the recent WebLogic vulnerability, and ask for input on our upcoming Tools and Documentation podcast.

We want to make this podcast part of the community discussion on PeopleSoft administration. If you have comments, feedback, or topics you’d like us to talk about, we want to hear from you! You can email us at podcast@psadmin.io, tweet us at @psa_io, or use the Twitter hashtag #psadminpodcast.

You can listen to the podcast here on psadmin.io or subscribe with your favorite podcast player using the URL below, or subscribe in iTunes.

Podcast RSS Feed

Show Notes

UMRUG 2015 Fall Meeting Recap

The 2015 fall meeting of the Upper Midwest Regional User Group (UMRUG) was last week. There was lots of great information from Oracle and other users. Here are the highlights:

Opening Keynote: Oracle

Jim Ellis, from Oracle, gave the opening keynote. Much of the presentation was also in the OpenWorld slides.

  • Fluid
    Jim asked the audience how many people used Fluid, or were planning to use Fluid. Only a few people raised their hands. Going foward, Fluid will be the new UI for PeopleSoft. Starting in 8.55, it will be the default navigation. New features will soon be Fluid too.
  • CFO Tool (Cummulative Feature Overview)
    The CFO Tool is now image-based so you can check new features every time an image posts.
  • PeopleTools 8.55
    No release date yet, but lots of hints that it may drop before the end of the year. (Obviously, that’s a non-binding hint!)
  • PUM and Selective Adoption
    Jim emphasized the need to stay current. (This was a theme the entire day – more on that later.)

More emphasis on the PeopleSoft Test Framework with the PUM. With selective adoption and the PUM, the need for automated testing goes up. New PUM features include customization detection and test coverage when selecting patches.

  • 9.1 and 8.55
    Jim didn’t know for sure, but PeopleTools 8.55 should support 9.1 applications.

Technical Roundtable

This is my favorite part of the day; all technical people in a room talking about issues and features.

  • PUM and PI’s and Patching
    This topic took up most of the morning roundtable. Everyone is trying to figure out the best way to stay current. Many people have concerns about applying full images frequently, or they don’t have the resources to apply that often. Most organizations are tying to get current once a year, but a few are trying to get current twice a year.

There were also questions about how to manage demo environments. The discussions are similiar to upcoming episode 4 of The PeopleSoft Administrator Podcast. Take a listen to that if you want a deeper recap.

  • PeopleTools 8.54 Patches
    A few organizations said they patched to 8.54.11-13 and had issues with IE 11 rendering. When IE was in Enterprise mode (aka, Quirks mode), pages had rendering issues. According to the Oracle reps, the PeopleTools team has been working to make the HTML generated standards compliant. In the long term, this is a great change. But it needs changes to IE settings. Or use Chrome.

Also, check the Browser Compatability Guide (746222.1) for details on browser certification.

  • 2-Tier Query
    8.54 broke some queries that ran in 2-Tier query. With 8.54, some new query features were not added to the psqry application, like Default Prompts.
  • SES and search in PeopleTools 8.55
    The Oracle representatives confirmed that a new search tool will be available in 2016. The new software will be Elasticsearch. SES has been taking off Oracle’s price sheet, so that product is essentially done. PeopleTools 8.55 will support SES, and at release time will only support SES. Sometime in 2016 PeopleTools 8.55 will add Elasticsearch support.

  • The goal for Elasticsearch is to be a drop-in replacement for SES. Most of the work to set up and customize search indexes will carry forward to Elasticsearch.

    This should go without saying, but this information isn’t official. The Oracle reps were attending the conference and giving out as much information as they could, but none of these details are binding.

    PeopleTools Platform and Cloud Architecture Update

    Oracle presented and was like the OpenWorld session. There were lots of updates covered including certification changes and new 8.55 enhancements.

    Here are the highlights for the certification changes:

    • PeopleTools 8.55 will support Java 7, not Java 8.
    • The Microsoft Edge browser will gained support in PeopleTools 8.54.16, and 8.53 will get support in an upcoming patch
    • SES 11.2.2.2 will get Oracle Database 12.0.1.2 support on Windows soon
    • Elasticsearch support in PeopleTools 8.55 sometime in 2016
    • Crystal is not supported in PeopleTools 8.55 (even for 9.1 applications)
    • Excel 2016 support in PeopleTools 8.55 (but not Word 2016 at release)

    PeopleTools 8.55 makes large changes to the server infrastructure and builds on existing features. The highlights:

    • The new Deployment Kits (DPK’s) will focus on making consistent and stable environments.
    • DPK’s will use Puppet and Automated Configuration Management (ACM) to automate deployments to the PUM. You can also use DPK’s in your own environments.
    • In 8.55, the PUM will let you use different VM platforms instead of VirtualBox
    • Tools patches in 8.55 will be a DPK using a single configuration file (via Puppet)
    • The ACM will perform all PIA configuration (for DPK’s)
    • The new PUM DPK’s will have a VirtualBox shell, but you don’t have to use it
    • 8.55 Beta customers were able to spin up new environments in less than an hour using DPKs – exciting!
    • The ACM will ship with 25 plug-ins, but you can write your own to extend the tool
    • Push notifications in 8.55 gain the ability to send native notifications to mobile devices (iOS/Android)

    PeopleTools 8.55 is looking to be a big shift in how administrators will work on the system. I’m excited to try the DPK’s and see how Puppet integrates with PeopleTools. We use the the beta version of ACM (in 8.53) and like it.

    PeopleSoft Update Manager Panel

    The last session I attended was a panel on the PUM and how organizations are adjusting to the Selective Adoption support model. The short version of the panel was: everyone is trying to figure out what works best. A few organizations have applied full images, but most were in the planning stage.

    One organization was trying to apply images twice a year, but they have a large QA team and the development staff to handle the workload. But, they also removed, or re-wrote customizations so they didn’t conflict with delivered code. The rest of the panelists said they plan to get current once a year. That fits with majority of the people in the Technical Roundtable.

    There were good suggestions from the panelists that you may want to adopt:

    • Review the latest PI (PeopleSoft Image) when released. There may be bug fixes in the PI you didn’t know about.
    • Oracle recommends you stay within 8-12 months of the latest image
    • Use the CFO tool to find new features in the images you may want. You can apply the latest image and not enable new features if you’re not ready.
    • Moving to regular release (monthly, quarterly, etc) helps your team incorporate bug fixes from the latest PI
    • Need more testing with selective adoption – especially automated testing
    • Developers must understand the importance of bolt-on customizations to reduce conflicts when appling images. This may be a cultural change, but it will benefit the organization in the long run.

    Closing

    This was a great meeting, and thanks to QUEST and the UMRUG volunteers for putting on the conference.

    Maintenance Page with Backdoor Login

    A standard requirement when doing PeopleSoft maintenance is to change the normal sign in page. When the system is offline, we often like to display a maintenance page that informs users that the system will be down and prevents them from logging in. This is done easily enough by changing the signin.html page, adding a message and removing the login form.

    However, there is one more requirement that is a little tricky. Once the maintenance is complete, there are often tasks that need to be completed before handing the system back to the end users. These can be configuration changes, running batch processes or simply completing validation that everything was applied correctly and is in working order. How can the core team sign on to the system and complete these tasks, all while preventing end user access?

    I recently came up with a bit of JavaScript that gave us a backdoor to the system during our last PeopleTools upgrade. What the script does is hide the login form on the sign in page, preventing login.  The trick was that our core team knew the key to the backdoor. After the sign in page would load, when they pressed Ctrl+Space the login form would be reveled. The combination of keys was only known to the team, so they were the only ones able to get in. Keep in mind if you had some crafty end users this could obviously be worked around, but it did the trick for us.

    The JavaScript and HTML to accomplish this is listed below.  Adding the script and HTML changes to your signin.html page is pretty straight forward. First include the file containing the JavaScript, or write it inline. You then need to wrap your login form elements in a <div> with an id=loginbox. I would suggest starting before the <div> containing ptLabelUserid and ending after the <div> containing the submit button. Lastly, you need to add hideLogin(true); to the body onload attribute.

    Keep in mind the key doesn’t have to be Ctrl+Space, it can be any key combination really.You will see in the comments of the script a link to information about other keycodes that can be used.

    Updated: 10/11/2016
    Instead of hard coding a true value for your hideLogin() parameter, why not use a Custom Property set in the Web Profile? You can create any Custom Property you would like, for example: login.isLoginHidden and set to true. Then reference the property in your signin.hmtl page like this: hideLogin("<%=login.isLoginHidden%>"). This will allow you to toggle the hide login functionality by updating the web profile and bouncing the server.

    Click here to see a working demo. Enjoy!


    Elasticsearch

    At OpenWorld, Oracle announced that PeopleTools 8.55 will support Elasticsearch with the Search Framework. Elasticsearch will most likely be the long-term replacement for SES. The only timeframe announced is 2016 for Elasticsearch support, so it won’t be available when PeopleTools 8.55 is released. So, don’t shut down that SES server yet! Elasticsearch is an open source search software. You can download Elasticsearch now and start playing with it today. For more info on PeopleTools 8.55 and discussion on Elasticsearch, check out The PeopleSoft Administrator Podcast episode 2.

    Update – May 1, 2015 Check out Episode 25 of The PeopleSoft Administrator Podcast to learn more about Elasticsearch.

    #3 – HTTPS and WebLogic

    In episode 3 of The PeopleSoft Administrator Podcast, Dan and Kyle talk about HTTPS. We discuss what HTTPS is and how to implement HTTPS with WebLogic. Dan shares how to mitigate against the newer SSL attacks, and tips and tricks to help manage certificates and simplify configuring HTTPS. We also review some of our PeopleTools 8.55 predictions after the OpenWorld presentations were released.

    We want to make this podcast part of the community discussion on PeopleSoft administration. If you have comments, feedback, or topics you’d like us to talk about, we want to hear from you! You can email us at podcast@psadmin.io, tweet us at @psa_io, or use the Twitter hashtag #psadminpodcast.

    You can listen to the podcast here on psadmin.io or subscribe with your favorite podcast player using the URL below, or subscribe in iTunes.

    Podcast RSS Feed

    Links from this episode:

    #2 – PeopleTools 8.55

    A special Tuesday release! Episode 2 of the PeopleSoft Administrator Podcast is all about PeopleTools 8.55. Dan and Kyle discuss the announcements at OpenWorld and the Planned Features document about PeopleTools 8.55, and make some guesses about some new features.

    We want to make this podcast part of the community discussion on PeopleSoft administration. If you have comments, feedback, or topics you’d like us to talk about, we want to hear from you! You can email us at podcast@psadmin.io, tweet us at @psa_io, or use the Twitter hashtag #psadminpodcast.

    You can listen to the podcast here on psadmin.io or subscribe with your favorite podcast player using the URL below, or subscribe in iTunes.

    Podcast RSS Feed

    SES Troubleshooting

    The SES, Secure Enterprise Search, is used by PeopleSoft 9.2 as it’s search engine. There are lots of great resources for setting up the SES, but I want to share one troubleshooting tip that has resolved many of our SES issues.

    Behind the scene, SES relies on the Feed Publishing Framework to get data from PeopleSoft. The Feed Publishing Framework takes a query and generates an RSS feed. That RSS feed is what the SES reads to get new data.

    Check the Feed!

    When you run into issues setting up the SES, one “trick” I use is to view the feed directly. I say “trick” because this might be unknown or forgotten by people, but we are only the RSS feed with the SES user account. By looking at the feed in a browser, we can immediately identify security issues or bad configuration.

    Viewing the Feed

    To view the feed, we need to log into the SES console and get the URL for the search index, and the User ID that SES will use to access the feed. For the search index URL,
    click on the “Sources” tab and select the “Edit” option for the search index you want to test. In the “User Defined Source” page, you will see a URL in the “Configuration URL” box. Copy this URL into a new browser session (I use a Chrome Private Browsing session; want to log in as a new user and don’t want to mix our browser cookies with any you have stored).

    After you paste the URL into a new browser window and hit Enter, you are prompted for a username and password. Enter the username from the “User Defined Source” page, and it’s appropriate password. You do not want to log in with your personal account; the purpose of this exercise is to log with the account the SES uses.

    After you authenticate as the SES user, you will see an RSS feed (an XML file with special tags). In the RSS file, you should see a feedLocation tag with a URL inside. Copy this new URL and paste it into a new tab in your browser (I use a new tab because I want the new URL to use our SES user cookie).

    After you paste the new URL and hit Enter, you should see another RSS file. Depending on the index you picked, and how many times it has been crawled, you may see one or more entries in the feed. For our testing, find the first link tag and copy the URL inside that entry. Copy the URL and paste it into a new tab in your browser.

    After you paste the URL and hit Enter, you should see a final RSS feed. During my testing, this last page is where you will most likely encounter errors. The last file is actual data PeopleSoft publishes to the SES with the Feed Publishing Framework. If you can’t access the last RSS URL, you mostly likely have a security issue for the SES user account.

    You can repeat this process using your personal account, or the account of a super user to help identify what security is missing. If you can view the RSS file using the SES account, then your SES account has proper security. The steps we followed to open the URLs is what the SES follows when it tries to crawl the feed. If you run into any errors opening feeds, the SES will encounter the same errors.

    #1 – Decoupled Homes

    I’m really happy to announce a new project we are launching today:

    The PeopleSoft Administrator Podcast

    Kyle Benson and I sit down and talk about all things PeopleSoft Admin. Kyle and I would meet for lunch every few weeks to talk about our latest issues at work and the latest features in PeopleTools. After a year of this, we thought it would be fun to record our conversations and share them.


    In episode 1 of the PeopleSoft Administrator Podcast, we talk about decoupled homes and how to use them. They discuss the advantages of using them, how they manage each home and why you should look at using decoupled homes.

    We want to make this podcast part of the community discussion on PeopleSoft administration. If you have comments, feedback, or topics you’d like us to talk about, we want to hear from you! You can email us at podcast@psadmin.io, tweet us at @psa_io, or use the Twitter hashtag #psadminpodcast.

    You can listen to the podcast here on psadmin.io or subscribe with your favorite podcast player using the URL below, or subscribe in iTunes.

    Podcast RSS Feed

    Links from this episode:

    WebLogic Security Alert

    Oracle released a WebLogic security alert (CVE-2015-4852) yesterday that affects the T3 and T3S protocol. The patch will be released soon, but there are some steps you can take to mitigate the vulnerability.

    If you aren’t familiar with the T3 protocol, it is used to communicate between the JVM and WebLogic. It is proprietary to WebLogic can improve performance for java applications that use JDBC connections.

    From Oracle’s post on the vulnerability:

    Oracle WebLogic Server, versions 10.3.6.0, 12.1.1.0, 12.1.2.0, 12.1.3.0 are affected.

    • Mitigation recommendations are available at MOS Note 2076338.1, and will be updated as new information becomes available.
    • Creation of Oracle WebLogic Server patches is in progress. Patch Availability information will be updated at MOS Note 2075927.1