Secure external access to Odoo

Tämän kirjallisuustutkimuksena toteutettavan opinnäytetyön tavoitteena on tutkia kuinka Odoo-toiminnanohjausjärjestelmän (ERP) käyttöönotto toteutetaan turvallisesti ulkoisten toimijoiden kanssa. Lisäksi tavoitteena on löytää parhaita käytänteitä, miten ulkoiset käyttäjät liitetään ERP:iin vaarantamatta yrityksen ydintietoa. Työn toimeksiantaja on suomalainen teollisuusalan yritys, jolla on käytössä avoimen lähdekoodin ERP-järjestelmä Odoo. Yrityksessä on tulevaisuudessa vahva tarve laajentaa Odoon toiminnallisuuksia siten, että myös ulkoiset toimijat kuten partnerit, toimittajat sekä asiakkaat saadaan integroitua osaksi yrityksen Odoota. Teoriaosuudessa perehdytään ERP-järjestelmien tarkoitukseen, etuihin ja haittapuoliin sekä eri toimitus- sekä hankintamalleihin. Lisäksi luodaan lyhyt katsaus tietoturvaan, keskittyen etenkin sovellusten ja tietokantojen tietoturvaan. Lisäksi tarkastellaan myös ERP-tietoturvamenetelmiä. ERP:n arkkitehtuurimalli yhdessä sovellus- ja tietokantaturvamekanismien kanssa nähdään ratkaisevaksi tietoturvahaasteisiin vastaamisessa. Kolmitasoinen arkkitehtuurimalli, jota myös Odoo tukee, nähdään turvallisempana ratkaisuna kuin yksi- tai kaksitasoiset mallit. Koska yritykset toimivat tänä päivänä verkostoissa, joissa liiketoimintapartnerit ovat osa ERP-järjestelmää, tarvitaan uudenlaisia tapoja mahdollistamaan pääsy ERP:iin mutta kuitenkin samalla suojaamaan yrityksen ydindataa. Perinteiset ERP-tietoturvamekanismit eivät välttämättä enää riitä. Tarvitaan uusia ratkaisuja, joilla ERP:n turvallinen ulkoinen käyttö voidaan mahdollistaa. Nämä parhaat käytänteet ovat vasta muovautumassa.The aim of this thesis is to investigate based on the literature review that how to implement Odoo enterprise resource planning system (ERP) securely with external connectivity. Additionally, the target was to form an understanding of the best practises available to create the external connections in ERP without risking the core data of the company. The commissioner of this thesis is a manufacturing company in Finland which is using open source ERP called Odoo. In the future there is a strong need to enable connectivity also with external partners meaning that several modules from the same ERP application need to be enabled for external usage. The theory framework is introducing main purpose of ERP systems, its advantages, disadvantages, different delivery models and acquisition options. Information security on high level is introduced with focus on application, database and ERP specific security aspects. The architectural structure of ERPs, together with application and database security mechanisms, are seen crucial to respond to security challenges. The three tier architecture model, supported also by Odoo, is seen more secure than one or two tier models. As companies today are operating over the traditional company borders, secure business partner access to enterprise data is needed. Traditional security methods of ERP have to be re-considered to enable usage also with external connections to fulfil the security needs of companies. It seems that at the moment the best practise security mechanisms for web ERPs are not yet widely established

The Glasgow raspberry pi cloud: a scale model for cloud computing infrastructures

Data Centers (DC) used to support Cloud services often consist of tens of thousands of networked machines under a single roof. The significant capital outlay required to replicate such infrastructures constitutes a major obstacle to practical implementation and evaluation of research in this domain. Currently, most research into Cloud computing relies on either limited software simulation, or the use of a testbed environments with a handful of machines. The recent introduction of the Raspberry Pi, a low-cost, low-power single-board computer, has made the construction of a miniature Cloud DCs more affordable. In this paper, we present the Glasgow Raspberry Pi Cloud (PiCloud), a scale model of a DC composed of clusters of Raspberry Pi devices. The PiCloud emulates every layer of a Cloud stack, ranging from resource virtualisation to network behaviour, providing a full-featured Cloud Computing research and educational environment

Dynamic virtual private network provisioning from multiple cloud infrastructure service providers

The Cloud infrastructure service providers currently provision basic virtualized computing resources as on demand and dynamic services but there is no common framework in existence that allows the seamless provisioning of even these basic services across multiple cloud service providers, although this is not due to any inherent incompatibility or proprietary nature of the foundation technologies on which these cloud platforms are built. We present a solution idea which aims to provide a dynamic and service oriented provisioning of secure virtual private networks on top of multiple cloud infrastructure service providers. This solution leverages the benefits of peer to peer overlay networks, i.e., the flexibility and scalability to handle the churn of nodes joining and leaving the VPNs and can adapt the topology of the VPN as per the requirements of the applications utilizing its intercloud secure communication framework

The Family of MapReduce and Large Scale Data Processing Systems

In the last two decades, the continuous increase of computational power has produced an overwhelming flow of data which has called for a paradigm shift in the computing architecture and large scale data processing mechanisms. MapReduce is a simple and powerful programming model that enables easy development of scalable parallel applications to process vast amounts of data on large clusters of commodity machines. It isolates the application from the details of running a distributed program such as issues on data distribution, scheduling and fault tolerance. However, the original implementation of the MapReduce framework had some limitations that have been tackled by many research efforts in several followup works after its introduction. This article provides a comprehensive survey for a family of approaches and mechanisms of large scale data processing mechanisms that have been implemented based on the original idea of the MapReduce framework and are currently gaining a lot of momentum in both research and industrial communities. We also cover a set of introduced systems that have been implemented to provide declarative programming interfaces on top of the MapReduce framework. In addition, we review several large scale data processing systems that resemble some of the ideas of the MapReduce framework for different purposes and application scenarios. Finally, we discuss some of the future research directions for implementing the next generation of MapReduce-like solutions.Comment: arXiv admin note: text overlap with arXiv:1105.4252 by other author

Unified radio and network control across heterogeneous hardware platforms

Experimentation is an important step in the investigation of techniques for handling spectrum scarcity or the development of new waveforms in future wireless networks. However, it is impractical and not cost effective to construct custom platforms for each future network scenario to be investigated. This problem is addressed by defining Unified Programming Interfaces that allow common access to several platforms for experimentation-based prototyping, research, and development purposes. The design of these interfaces is driven by a diverse set of scenarios that capture the functionality relevant to future network implementations while trying to keep them as generic as possible. Herein, the definition of this set of scenarios is presented as well as the architecture for supporting experimentation-based wireless research over multiple hardware platforms. The proposed architecture for experimentation incorporates both local and global unified interfaces to control any aspect of a wireless system while being completely agnostic to the actual technology incorporated. Control is feasible from the low-level features of individual radios to the entire network stack, including hierarchical control combinations. A testbed to enable the use of the above architecture is utilized that uses a backbone network in order to be able to extract measurements and observe the overall behaviour of the system under test without imposing further communication overhead to the actual experiment. Based on the aforementioned architecture, a system is proposed that is able to support the advancement of intelligent techniques for future networks through experimentation while decoupling promising algorithms and techniques from the capabilities of a specific hardware platform

PhyNetLab: An IoT-Based Warehouse Testbed

Future warehouses will be made of modular embedded entities with communication ability and energy aware operation attached to the traditional materials handling and warehousing objects. This advancement is mainly to fulfill the flexibility and scalability needs of the emerging warehouses. However, it leads to a new layer of complexity during development and evaluation of such systems due to the multidisciplinarity in logistics, embedded systems, and wireless communications. Although each discipline provides theoretical approaches and simulations for these tasks, many issues are often discovered in a real deployment of the full system. In this paper we introduce PhyNetLab as a real scale warehouse testbed made of cyber physical objects (PhyNodes) developed for this type of application. The presented platform provides a possibility to check the industrial requirement of an IoT-based warehouse in addition to the typical wireless sensor networks tests. We describe the hardware and software components of the nodes in addition to the overall structure of the testbed. Finally, we will demonstrate the advantages of the testbed by evaluating the performance of the ETSI compliant radio channel access procedure for an IoT warehouse

An Integrated System Using Open source Nethserver OS; A Case Study of Kessben University College Local Area Network

An integrated system refers to a collection of software’s on a computer system that provides services to users on a network like a Local area network. These services are used by an organization in their day to day operations. The services include Email, Web service, File sharing, DHCP, DNS, Secure shell, and several others. This research seeks to implement a suite of these applications on a single computer architecture using Kessben University College local area network as a case study. Small and large organizations can benefit from such integrated systems because of reduced operating costs and the provision of an increase in business agility. This paper also proposes and explores additional services like remote network control software using open source Guacamole which is based on HTML5 technology. The advantages of integrated systems go beyond cost. Systems and network administrators will have a single point of system to control and monitor other systems for quality of service. This design ensures an improved network access to the services by implementing strong firewall designed to control inbound and outbound