by Dan Iverson

Build a PeopleSoft Image – On Your Laptop with Vagabond

YouTube player

You can run PeopleSoft Images on your laptop using three tools that work seamlessly together: VirtualBox, Vagrant, and Vagabond.

  • VirtualBox is virtualization software to run a VM on your laptop (any Intel-based laptop, not Apple Silicon-based Macs)
  • Vagrant is a tool to interact with VirtualBox that can automate VM builds
  • Vagabond is an open source tool that delivers automation to build a PeopleSoft Image.

Download and install VirtualBox and Vagrant on your laptop.

Next, you will need to download Vagabond from GitHub. The preferred way to to download is via git (you can install Git but it’s optional). Without git, you can click on the latest Release and download the zip file.

cd ~/Downloads
# unzip ps-vagabond*.zip if downloading from the Releases
git clone https://github.com/psadmin-io/ps-vagabond.git
cd ps-vagabond

There are two configuration files we need to run Vagabond:

  • config.rb
  • psft_customizations.yaml

Vagabond delivers example versions of each of these files and we can copy the .example files.

cd config
copy-item ./psft_customizations.yaml.example psft_customizations.yaml
copy-item ./config.rb.example config.rb
cd ..

You only need to modify the psft_customizations.yaml file if you are building a Finance or Interaction Hub image. You need to modify the default user to be VP1 instead of PS.

The config.rb file you must modify to make Vagabond work. It needs two pieces of information: your My Oracle Support Credentials, and a Patch ID for the PeopleSoft Image.

MOS_USERNAME="dan@psadmin.io"
MOS_PASSWORD="password"

PATCH_ID="34775556"

Now you are ready to build the PeopleSoft Image.

vagrant up

You will see output from Vagrant displaying the different tasks it handles setting up the VM. Vagrant will download a base Oracle Linux 8 VM, create a new VirtualBox VM, configure the networking, and start provisioning. Provisioning is the set of scripts that Vagabond provides to automate the download and building of PeopleSoft Images. Below is a (simplified) version of the output you will see as Vagabond runs.

Bringing machine 'ps-vagabond' up with 'virtualbox' provider...
==> ps-vagabond: Importing base box 'generic/oracle8'...
==> ps-vagabond: Setting the name of the VM: 34775556
==> ps-vagabond: Configuring and enabling network interfaces...
==> ps-vagabond: Mounting shared folders...
    ps-vagabond: /vagrant => /Users/dan/Downloads/ps-vagabond
    ps-vagabond: /media/sf_34775556 => /Users/dan/Downloads/ps-vagabond/dpks/download
==> ps-vagabond: Running provisioner: networking_setup (shell)...
    ps-vagabond:  ☆  INFO: 
    ps-vagabond:  ☆  INFO: 
    ps-vagabond:  ☆  INFO: ===> Add '192.168.56.34 psvagabond psvagabond.psadmin.local' to your hosts file
    ps-vagabond:  ☆  INFO: 
    ps-vagabond:  ☆  INFO: 
==> ps-vagabond: Running provisioner: storage (shell)...
==> ps-vagabond: Running provisioner: bootstrap-lnx (shell)...
    ps-vagabond: 
    ps-vagabond: 
    ps-vagabond:                                       dP                               dP 
    ps-vagabond:                                       88                               88 
    ps-vagabond:   dP   .dP .d8888b. .d8888b. .d8888b. 88d888b. .d8888b. 88d888b. .d888b88 
    ps-vagabond:   88   d8' 88'  `88 88'  `88 88'  `88 88'  `88 88'  `88 88'  `88 88'  `88 
    ps-vagabond:   88 .88'  88.  .88 88.  .88 88.  .88 88.  .88 88.  .88 88    88 88.  .88 
    ps-vagabond:   8888P'   `88888P8 `8888P88 `88888P8 88Y8888' `88888P' dP    dP `88888P8 
    ps-vagabond:                          .88 
    ps-vagabond:                      d8888P 
    ps-vagabond: 
    ps-vagabond: 
    ps-vagabond:  ☆  INFO: Updating installed packages
    ps-vagabond:  ☆  INFO: Installing additional packages
    ps-vagabond:  ☆  INFO: Disable SELinux for PeopleSoft Images
    ps-vagabond:  ☆  INFO: Downloading patch files
    ps-vagabond:  ☆  INFO: Unpacking DPK setup scripts
    ps-vagabond:  ☆  INFO: Executing Pre setup script
    ps-vagabond:  ☆  INFO: Executing DPK setup script
    ps-vagabond:  ☆  INFO: Install psadmin_plus
    ps-vagabond:  ☆  INFO: Open Firewall Ports
    ps-vagabond: 
    ps-vagabond:  TASK                         DURATION
    ps-vagabond: ========================================
    ps-vagabond:  install_psadmin_plus         00:00:01
    ps-vagabond:  download_patch_files         00:13:36
    ps-vagabond:  unpack_setup_scripts         00:00:41
    ps-vagabond:  execute_pre_setup            00:00:00
    ps-vagabond:  install_additional_packages  00:01:29
    ps-vagabond:  update_packages              00:03:40
    ps-vagabond:  open_firewall_ports          00:00:02
    ps-vagabond:  execute_psft_dpk_setup       01:00:56
    ps-vagabond:  generate_response_file       00:00:00
    ps-vagabond:  disable_selinux              00:00:00
    ps-vagabond: ========================================
    ps-vagabond:  TOTAL TIME:                  01:20:25
    ps-vagabond: 
==> ps-vagabond: Running provisioner: cache-lnx (shell)...
    ps-vagabond:  ☆  INFO: Copying Manifests
    ps-vagabond:  ☆  INFO: Fix DPK App Engine Bug
    ps-vagabond:  ☆  INFO: Pre-load Application Cache
    ps-vagabond: 
    ps-vagabond:  TASK                         DURATION
    ps-vagabond: ========================================
    ps-vagabond:  fix_dpk_bug                  00:00:02
    ps-vagabond:  load_cache                   00:21:03
    ps-vagabond:  download_manifests           00:00:00
    ps-vagabond: ========================================
    ps-vagabond:  TOTAL TIME:                  00:21:05
    ps-vagabond:

To access the PeopleSoft Image from a browser, you first need to add a hosts entry. In the output, you’ll see the text you need to add to the file.

For Windows, the file is located at C:\Windows\System32\drivers\etc\hosts, and Mac/Linux the file is /etc/hosts. From our example above, you would add this line to the file:

192.168.56.34 psvagabond psvagabond.psadmin.local

Then you can access the PeopleSoft Image at http://psvagabond.psadmin.local:8000/ps/signon.html

A few tips for working with Vagrant VMs. It’s very easy to take a snapshot as a backup of the VM. I always take a snapshot right after building the image.

vagrant snapshot save build

If you need to stop or start the VM, use these commands:

vagrant halt        # stop the VM
vagrant up          # start the VM
vagrant suspend     # pause the VM
vagrant resume      # unpause the VM

You can also SSH into the VM if you want to access the server:

vagrant ssh
by Dan Iverson

Themes for PeopleTools 8.60

We have released new branding themes for PeopleTools 8.60! The new themes use colors that better match the new Redwood UI color palette, and the underlying stylesheets use the new CSS variables in 8.60.

There are 10 colors to choose from in this release.

But, it’s also very easy to change the colors, or even make your own based on this project. Starting with PeopleTools 8.60, there are new CSS variables to simplify branding changes. There are only 2 color variables used in this project:

:root {
  --pt-banner-background-color: #1374BA; /* Primary */
  --pt-border-contrast-color: #2C526E; /* Accent */
  --pt-strip-height: 0px;
}

You can modify these colors to suit your needs and make the themes match your own branding requirements. The --pt-strip-height variable is to hide the Redwood color strip in the default theme.

The goal of our themes is to simply change the header color (for Fluid and Classic) so you know which environment you are working in. But you can take these new CSS variables and change so much more.

To install the themes, download the IO_STYLE_REDWOOD.zip file from Github and use the Data Migration Workbench to import the project. You can read more about the project and how install it on GitHub.

by Dan Iverson

psadmin.conf 2023 Registration is Open!

You can now register for psadmin.conf 2023! Click here to see more information and register.

psadmin.conf is a conference specifically for PeopleSoft Administrators. The conference features talks from expert admins on a variety of topics, as well as hands-on training from Oracle ACEs. The goal of the conference is to expand your knowledge of PeopleSoft Administration and network with admins from around the country.

Registration is limited to 50 attendees, so register early to ensure your spot!


by Dan Iverson

Using MITMProxy to Debug Elasticsearch and IB

There are times when troubleshooting you want to see what data was transmitted between two systems. When working with HTTP calls with Elasticsearch or Integration Broker targets, it can be helpful to see the data that was in the HTTP transaction. Seeing the data can often help resolve issues. Using MITMProxy, we can inspect HTTP traffic between two systems. In this post, I’ll show you how to use MITMProxy between PeopleSoft and Elasticsearch, and with the PeopleSoft Integration Broker.

Installation

You can download the MITMProxy binaries right from their website https://mitmproxy.org, or you can install from a package manager.

Powershell

choco install mitmproxy -y

Bash

python3 -m pip install mitmproxy

Reverse Proxy Mode

The first example we will walk through using a Reverse Proxy to inspect callback requests from Elasticsearch to PeopleSoft. The callback process is where Elasticsearch asks PeopleSoft what security a user has so that it can filter out results the user shouldn’t see.

First, we need to start up MITMProxy. To make it easier to view our HTTP transactions, we use the mitmweb executable. mitmweb provides a simple GUI for viewing each HTTP request and response that is captured.

To enable Reverse Proxy mode, we pass in the the mode and our target endpoint. For the Elasticsearch callback, that would be our Integration Broker web server.

Powershell

cd 'C:\Program Files\mitmproxy\bin'
.\mitmweb --mode reverse:http://ib.psadmin.io:8000

When MITM starts, a UI available at http://localhost:8081. You can open that URL in a browser and see an empty screen waiting for transactions.

Updating the Callback URL

In our case, we are going to inspect the call back from Elasticsearch to PeopleSoft. To do that we open the Search Instance page and update our Callback URL to point to MITMProxy.

Callback URL: http://mitmproxyserver.psadmin.io:8080/PSIGW/RESTListeningConnector/PSFT_HR

This URL is stored inside the metadata for each index. After you update the Callback URL and save, you must click the “Update Deployed Definitions” button. This will send the new Callback URL to Elasticsearch.

Inspecting Callback Traffic

Next, execute a search in PeopleSoft. I’ll search for a page using the Navigation searche. As soon as we have results in the search bar, you can look at your MITMProxy UI and see that it captured traffic.

The PeopleSoft plugins for Elasticsearch caches security attributes for 2 hours to help with performance. If you don’t see a callback transaction, try executing a search on a different index to get a callback transaction.

In MITMProxy, open the transaction and click on the “Response” tab. There you will see the JSON that PeopleSoft returned to Elasticsearch. This infomation is used to pair down the search results so that users only see the data they are allowed to view.

{
    "ORCL_ES_CALLBACK_RESP": {
        "ORCL_ES_ATTRIBUTES": [
            "S:Admin"
        ]
    }
}

Transparent Proxy Mode

In the example above, we ran MITMProxy in a reverse proxy so that it only forwarded data to one endpoint. You can also run MITMProxy in transparent proxy mode. This can be useful when trying to debug Integration Broker issues.

To start MITMProxy as a transparent proxy, we simply launch the mitmweb executable.

Powershell

cd 'C:\Program Files\mitmproxy\bin'
.\mitmweb

Configure Integration Broker Proxy

To capture IB traffic with MITMProxy, we need to update the integrationGateway.properties file to route traffic through a proxy. Edit the the ig.proxy* lines to point to our MITMProxy instance.

ig.proxyHost=mitmproxyserver.psadmin.io
ig.proxyPort=8080

You need to restart the web server after making these changes.

Test IB Node

To test our proxy connection, create a new node under “PeopleTools > Integration Broker > Integration Setup > Node Definitions”.

  1. Name: GETTEST.
  2. Description: Test GET Request
  3. Node Type: External
  4. Default User ID: PS
  5. Connector ID: HTTPTARGET
  6. HTTPPROPERTY – Method: GET
  7. PRIMARYURL: http://httpbin.org/get

You can save the Node after adding those minimal settings. The node will make a GET HTTP request to a simple REST end point. We are using HTTP instead of HTTPS for now.

Click “Ping Node” and wait for a response. Once the ping is done, you can opent the MITMProxy UI and look at the transaction. There should be one row for our Ping test. While there isn’t much data for this test, we have MITMProxy hooked up to the IB and it’s ready for you to start using.

HTTPS

For our tests so far, we have been using HTTP endpoints. Your IB and Elasticsearch should have HTTPS in place, so to add MITMProxy to the mix requires a few extra steps. We need to trust the MITMProxy certificate so that our application doesn’t reject the HTTPS connection due to trust issues.

When MITMProxy is started, it also runs a simple web page that can be viewed if your browser is configured to route traffic through MITMProxy. For Firefox, you can enable the Proxy under Settings > Network Settings > Settings > Manual Proxy Configuration. Then enter your MITMProxy server and port 8080. Your browser will now route all traffic through MITMProxy.

Once your browser is using MITMProxy, you can go to the page http://mitm.it. You will be shown a webpage where you can download the MITMProxy certificates. We need to load this certificate into pskey on our web servers. Download the Linux certificate even if you are on Windows (mitmproxy-ca-cert.pem) since it is in the correct format for pskey. Open the certificate and copy/paste the content onto your web server. I saved my file to /tmp/mitm.pem (or c:\temp\mitm.pem for Windows).

On your web server, use the keytool tool included with Java to import and trust the MITMProxy cert into pskey.

Bash

export domain=WEBSERVER01
keytool -importcert -alias mitmproxy -storepass password -keystore $PS_CFG_HOME/webserv/$domain/piaconfig/keystore/pskey -trustcacerts -file /tmp/mitm.pem

Owner: O=mitmproxy, CN=mitmproxy
Issuer: O=mitmproxy, CN=mitmproxy    
...

Trust this certificate? [no]:  yes
Certificate was added to keystore

Powershell

$domain="WEBSERVER01"
keytool -importcert -alias mitmproxy -storepass password -keystore $env:PS_CFG_HOME\webserv\$domain\piaconfig\keystore\pskey -trustcacerts -file c:\temp\mitm.pem

Owner: O=mitmproxy, CN=mitmproxy
Issuer: O=mitmproxy, CN=mitmproxy    
...

Trust this certificate? [no]:  yes
Certificate was added to keystore

HTTPS Node Test

Open the GETTEST node definition and update the URL to use https instead of http. Click “Ping Node” to retest with HTTPS.

“Server TLS handshake failed. Certificate verify failed: IP address mismatch”

You may receive an IB error when testing the HTTPS URLs. This can be expected with HTTPS. Many sites are improving their HTTPS support with Certificate Pinning, which helps prevent against “man in the middle” (MITM) attacks. Depending on the integration you are debugging, you may be able to work with HTTPS, or you may have to revert to HTTP for initial integration debugging before adding HTTPS back into the mix.

Application Server

You can also add MITMProxy to the application server configuration. In the psappsrv.cfg file there are two Proxy config lines used by the Java layer that runs inside the application server.

Proxy Host=mitmserver.psadmin.io
Proxy Port=8080

You will need to reconfigure the application server after updating these values.

by Dan Iverson

Portal Registry Migration Fix

Structure and Content

Sometimes when migrating Portal Registry objects I find that they do not show up in the Navigator, or even Structure and Content, until I clear cache, run VERSION, or even make a nominal change to the Portal Registry. We talked about this on the podcast in episode #303. I took Kyle’s idea of adding a sibling record in Structure and Content and traced what SQL was changing when saving the sibling record. There were INSERT statements for the new CREF, but there are also some important VERSION updates.

  1. Update overall VERSION to track the new changes
  2. Update the VERSION specifically for the Portal Registry object types
  3. Update the VERSION for the parent Portal Registry folder (in my case, the Root folder)

Below is a script I use with Phire; we execute this script after the object migration to make sure our new CREFs are visible.

-- Update overall VERSION for SYS and PRSM types
update PSVERSION set VERSION = VERSION + 1 where OBJECTTYPENAME in ('SYS','PRSM');

-- Update VERSION for Portal Registry objects
UPDATE PSLOCK SET VERSION = VERSION + 1 WHERE OBJECTTYPENAME = 'PRDM';
UPDATE PSLOCK SET VERSION = VERSION + 1 WHERE OBJECTTYPENAME = 'PRSM';

-- Update CREF Parent - Change PORTAL_OBJNAME as needed
UPDATE PSPRSMDEFN SET VERSION = (select VERSION from PSLOCK where OBJECTTYPENAME = 'PRSM'),  LASTUPDDTTM = TO_TIMESTAMP(sysdate,'YYYY-MM-DD-HH24.MI.SS.FF')  WHERE PORTAL_NAME = 'EMPLOYEE' AND PORTAL_REFTYPE = 'F' AND PORTAL_OBJNAME = 'PORTAL_ROOT_OBJECT';

commit;

Thanks for Andy Dorfman for catching a change in my original SQL. The first statement should include both the SYS and PRSM types.

by Dan Iverson

psadmin.io Themes for PeopleTools 8.59

We are releasing our newest version of our Themes for PeopleSoft 8.59 (and 8.58). We use these stylesheets on our non-production environments so that users can easily recognize which environment they are in, and most important, know they aren’t in production.

The Themes are released as an Application Data Set that you can easiliy import into your applications. The ADS project includes stylesheets and Branding Themes.

Importing Themes

Download the new themes from the Github respository. Under the Releases, you can download the lastest IO_STYLE_859.zip release. Unpack the zip file to your Data Migration File Location.

You use the Data Migration Workbench’s “Load Project From File” feature to import the themes and stylesheets.

Assigning Themes

To set the main theme for your system,

  1. Navigate to PeopleTools > Portal > Branding > Branding System Options
  2. Select the IO_ theme of your choice.
  3. You will also need to add a stylesheet for Classic Plus. Add the cooresponding IO_<color>_859_PTCP_SS as an additional stylesheet.

  1. If you have set Theme Assignments, you can update those as well under PeopleTools > Portal > Branding > Assign Branding Themes

SQL for Refreshes

Typically, the IO_STYLE_859 is load into production but not used. During your refresh, you can use the following SQL to configure your new environment to use a theme.

UPDATE sysadm.psoptions
SET
    ptbrandtheme = 'IO_GREEN_859_THEME',
    themestyletype = 'PTCP';

TRUNCATE TABLE sysadm.psoptionsaddl;

INSERT INTO sysadm.psoptionsaddl 
VALUES (
    'C',
    'CSS',
    'IO_GREEN_859_PTCP_SS',
    0
);

Colors

If you are just starting these stylesheets for your non-production environments, here is a suggestion for how to color code environments. This is how I use the colors:

Environment Color
Development 1 Green
Development 2 Teal
Development 3 Blue
Test Red
UAT/QA Grey
Sandbox Brown
Project 1 Purple
Project 2 Pink
Project 3 Yellow

I used https://colordesigner.io/ to help build the color schemes.

Orange

Primary Dark Light Accent
#FF8100 #FF5100 #FFAA00 #004757

Red

Primary Dark Light Accent
#94090D #5C0002 #D40D12 #1dfff9

Green

Primary Dark Light Accent
#097609 #075807 #70AF1A #591aaf

Purple

Primary Dark Light Accent
#553285 #36175E #9768D1 #a2d168

Blue

Primary Dark Light Accent
#0074D9 #00448D #7ABAF2 #f2b27a

Teal

Primary Dark Light Accent
#009798 #227273 #9DF3F4 #f49e9d

Yellow

Primary Dark Light Accent
#CCCC04 #8d8d03 #FFFF52 #5252ff

Brown

Primary Dark Light Accent
#A36F44 #6B4732 #F7DEB2 #b2cbf7

Pink

Primary Dark Light Accent
#AA3366 #552233 #CC5599 #55cc88

Grey

Primary Dark Light Accent
#707070 #3B3B3B #BABABA #FD7400

by Dan Iverson

PeopleTools 8.59 UI Changes

To start out, the User Interface (UI) changes in PeopleTools 8.59 are very good! There is a difference between seeing screenshots and using the application. The improvements to search make it a great navigation tool and navigating the system is more fun with updates to the Navigator and the new Quick Access Bar. I am excited to use applications on PeopleTools 8.59 after getting some hands-on time with the changes.

I have compiled is a list of changes and improvements that I think have the biggest impact, including some that were not talked about by the PeopleTools team.

Quick Access Bar

I really like this new Quick Access Bar. On the homepage, it sits on the left-hand side of the page and your favorites and recent places are just a click away. Getting these two collections of links out of the NavBar is a good change.

The Quick Access Bar is only the home page. I found myself wishing the Quick Access Bar was static on every page. I’m sure that would be some UI issues with Nav Collections, Work Centers, etc, but I think a persistent Quick Access Bar would be quite useful.

Breadcrumbs

In the Navigator, I’m excited that breadcrumbs are back! I think the way breadcrumbs are implemented is well done. In previous versions of the Navigator, there was a “Back” and “Top” buttons that you could use to move up the folder paths. This was functional but you don’t always know where you are in the Navigator. To be fair, the intent with Fluid Navigation is to use Nav Collections, Tiles, and Work Centers instead of the Navigator, but the Navigator still gets lots of use.

The breadcrumbs in 8.59 replace the “Back” and “Top” buttons.

I like this much better because you can go back to any point in the navigation hierarchy with just a click.

Alphabetical Sorting

The Navigator can now be sorted alphabetically, or use the original sorting. This does return another feature from previous versions of PeopleTools, but it’s a welcome change. I’ve worked at organizations that spend time customizing the Menu to be alphabetical. As a frequent user of the PeopleTools folder, I appreciate that both sorting options are offered.

I also like that the alphabetical sorting option has groupings for each letter to make it easier to find the folders you are looking for.

New Icons

The icons throughout the Homepage, Search Bar, NavBar and Quick Access Bar have a new clean, and simple look. The icons for folders and content references are distinct and the use of color is helpful. The icons are also present in the search results and a Recent Items icon in the search bar helps you easily find what you are looking for.

I would like to see this icon style adopted by the default tile images to provide a stronger brand feeling.

Search Bar

On the Homepage, the Search Bar is featured at the top. I like the ever-present search bar; it is quicker to use and having the search bar waiting for you feels more like a search-driven UI. The menu search seems much faster, the type-ahead searching is responsive, and the ability to enable Real Time Indexing on the Recent Places items is very useful.

Notifications and Fluid Search Results

Notifications are now prominent on the Homepage in their own right-hand pane. I think this is a great change that will hopefully drive more adoption for notifications within PeopleSoft. Clicking on a notification will bring you to the page that needs your attention. But you can also view all of your Notifications as a collection. This new view has some interesting UI changes in 8.59 that are good and bad.

First, in the header, there are new forward/back buttons that will take you through the list of work. These exist elsewhere in 8.59 on Fluid Pages. (The Real Time Indexing page is where I also saw this behavior). The continues a trend in PeopleTools where action buttons are moved into the Header. In classic pages, the action buttons are mostly at the bottom of the content page. I like the forward/back buttons when working through a list.

Second, the normal header buttons are hidden behind the Action Menu. I don’t like this. If I’m working through a list of notifications and I’m done, my next action is to go somewhere else in the system (or log off). The Home, Search, and NavBar buttons are now buried under an extra click. I feel the Home and Search buttons should always be visible to users; the NavBar makes sense to hide if you short on space in the Header.

Third, from time to time the left also minimizes to a yellow bar on the left-hand side. This doesn’t seem to replace the little “tab” when collapsing the left-hand pane in Nav Collections, it does seem to show when the page is wider than your browser to give you some extra screen real estate. The inconsistency is throwing me off, but maybe that’s because this is all new.

[UPDATE: 4/13/2021]

I can’t believe I posted this blog post without calling out the Process Monitor changes!

Process Monitor

The Process Monitor has the most changes I have seen since working with PeopleSoft! (8.4 was just released when I started my career). There is now “Clear” button to remove any filters you have added, and “Reset” button to set the Process Monitor back to default settings. Both buttons are long overdue!

There is a new field on the Process Monitor grid that gives you quick access to pages under the Details page. You don’t save any clicks, but the Action menu is faster than loading a subpage and clicking another link.

These are good changes and it’s nice to see a page that is used by so many users given some love. I’d call it Process Monitor 1.1. The PeopleTools team could take some more cues from the Process Monitor 2.0 project.

by Dan Iverson

psadmin.conf 2021 Registration is Open!


We are excited to announce that registration for psadmin.conf 2021 is open! This year, psadmin.conf will be a virtual conference held on May 10-12, 2021.

psadmin.conf is a conference specifically for PeopleSoft Administrators. The conference features talks from expert admins on topics like PeopleSoft automation, open source tools to simplify your job, and success stories on upgrades and patching. This year, the conference offers you the option to sign up for 1, 2, or 3 hands-on guided labs that you won’t get anywhere else. The goal of the conference is to expand your knowledge of PeopleSoft Administration and network with PeopleSoft admins from around the world.

This year, you can choose to sign up for up to 3 Guided Labs that interest you. There are multiple labs to choose from this year:

  • Rundeck and PeopleSoft
  • Clustering PeopleSoft Applications
  • Introductory DPK
  • Intermediate DPK

We are also accepting session proposals until March 19th. Our favorite part of psadmin.conf is hearing from PeopleSoft Admins and how they solved a problem, built a fun tool to make life easier, or why they started working with a new technology. As PeopleSoft Admins, we are always looking to improve how we manage our environments and the best way to learn is from others.

Head over to psadmin.io/conference to view the Lab descriptions, register, view the agenda, and get more details on the event. We will publish a detailed agenda and session descriptions in early April after the Call for Proposals has closed.

We’re excited to see you in May! dan and kyle

by Kyle Benson

Upcoming Speaking Sessions

Hello there! Just a quick update to let you know Dan and Kyle have some upcoming speaking sessions. These are some great sessions, so make sure to register and check them out!

by Kyle Benson

Environment Template Security in Cloud Manager

Now that Cloud Manager is here, we have self-service ability to create PeopleSoft environments in OCI. Cue Uncle Ben… “With great power comes great responsibility.” Having a self-service portal that allows for the creation of these environments is fantastic, but how do we put some controls around this awesome power? This is where Environment Template security comes in to play.

To create an Environment in Cloud Manager, you first need an Environment Template. This template is created using some General Details, a Topology, and finally Security. It is this security detail that will help us control who can use these templates to create environments in the future. When you are creating a template, you will see the following section 3 – Define Security in the wizard. Let’s break down what our options are.

Assign Template to Zone(s)

Templates can be assigned to a single or multiple Zones. As of Image 11, there are currently three zones to choose from:

  • Development
  • Test
  • Production

A Zone is just “a logical grouping of environments,” according to Oracle’s Cloud Manager FAQ. At this time, it doesn’t serve any other purpose outside of helping you organize your environments. I could see a level of security being added to Zones in the future. If not by Oracle, maybe a custom bolt-on?

Assign Template to Role(s)

Templates can also be assigned to PeopleSoft security Roles. Any user that has a Role specified in this section will have the ability to create an Environment based on this template. Cloud Manager delivers three roles intended to be used with templates:

  • Cloud Administrator (PACL_CAD)
  • Cloud PeopleSoft Administrator (PACL_PAD)
  • Self-Service User (PACL_SSC)

As you would expect with PeopleSoft security, you are free to create and use your custom roles here. I think the delivered roles make it clear how Oracle sees the breakdown of potential users. Users who admin OCI resources, users who admin PeopleSoft, and users of PeopleSoft who might want ad-hoc environments(thinking developers or maybe even business staff looking for demos). I could see the OCI and PS admin roles combined often. Also, the self-service user might be split out into a technical and functional role or disabled altogether. Each organization will have to review this for themselves and come up with a good policy. Just keep in mind, you can add multiple roles to each template.

Creating Environments

Once the security and other details are added to a template, it will be available to use when creating an Environment.

Only the templates the user has access to will be in the Template Name dropdown. The Zone dropdown will also be populated with available zones from the selected template. If a single zone were added, this would be auto-selected and read-only.

Overall, I feel that Environment Template security offers a lot of control. It gives us enough control to provide a level of self-service environment deployments if desired. I do look forward to seeing actual functionality added to Zones. It might be easier to manage this security if we could somehow control access by zone versus strictly individual template security.