We're pleased to announce the release of our new Report Retention Manager product. After we posted the following blog entry, we had several PeopleSoft customers ask us about providing a product that allows them to more easily manage the retention of all their reports, provide a review step prior to distributing reports widely, and tracking signatures of report results.

Why worry about this?

Good question. As delivered, PeopleSoft provides only one option for setting report expiration settings. However, each report is not created equal in terms of value and usage. Therefore, organizations often incur additional cost in terms of processing load of running and re-running expired reports, storage capacity for storing all reports for a long period of time, and usability in either wading through long lists of drills and ad-hoc reports to find the ones they're interested in. This also doesn't consider the fact that you're not easily identifying and keeping your most important regulatory or control documents (unless you're doing it manually).

The Report Retention Manager automates this and allows you to manage it in the ways that make most sense for your organization.

More about the Product

Without covering everything that's already in the product page, this product takes a little different approach than what was covered in the blog. Instead of hooking the PSRF_REPORT_CREATE application message, we decided to leverage application engine. This is because we are supporting much more robust rules, we want to process higher volumes of reports, and we don't want to be dependent on organizations setting up Integration Broker properly. The product allows you to look at the reports that you've already run to help you make the settings. It also has components that allow end-users to participate in setting retention, reviewing and releasing results, and approving their reports.

Interested in learning more?

We've recorded a demo on the product page, but are also willing to do live demos and even let you try it out with a trial version. Feel free to contact us at Info@GreySparling.com.

Labels: Products

Well, it's official. We've expanded our add-in to provide lots of cool new features for excel output in PeopleSoft.

It's always interesting to see how one of your products gets used at a customer site and the value of it. When we added query features to the product, we knew they were cool (otherwise, why would you spend the time, right?). What we didn't realize how much it could change the way people use PeopleSoft.

What do you mean?

Well, we recently did some travelling to spend some time looking at how customers were using the new features of the product, and here's what we found.

• Requests for new Reports went to near zero.
• End-users were able to cut the time the spent looking for information in half.

Although we realized there would be some impact here, the numbers were surprising. However, this is merely an aspect of scale and is limited to the aspect of reporting. What really surprised us is how the feature of drilling to pages from queries changed the way end-users utilized PeopleSoft.

• End-users used queries in place of PeopleSoft search pages in the application, because the queries gave them a more efficient list of items to work.
• End-users also used our Excel drill menu in place of the PeopleSoft menus wherever possible because it allowed them to get to pages more quickly than using the PeopleSoft-delivered navigation (with the added bonus of passing the context from where they were)

And, finally the metrics: Some end-users at one customer were almost 50% more productive with these features because so much of the time spent using PeopleSoft for them was navigating to pages and finding the list of items that they needed to work. Bringing it all together and streamlining the navigation made a dramatic impact for them (and gave them the additional time to tackle other projects that had been languishing).

Want to learn more?

You can learn more about the product here. In addition, we've put together a flash demo that shows it in action.

Labels: Drilling, nVision, Products, Query, User

Although we've got a bunch of in-process blog entries, it's been much too long since our last posting (especially since our last set of posts weren't really tips or techniques). Although we plan to fix that in the coming days, I thought it might make sense to talk about what we've been up to on the business side of the house (most of which has come out of recent activity meeting with customers).

Excel Add-in Extensions - Part 1
Since we initially created our nVision add-in and began selling and marketing it, we've learned a lot about the PeopleSoft customer base and some of the things that drive evaluating and purchasing software. This deserves its own blog entry, so suffice to say that we've taken these learnings into account with new releases of this product.

The first thing we did was to extend the product to eliminate the need to package up code on the server. Yes, that means that this product has "NO CODE ON THE SERVER". We thought that was pretty funny, considering PeopleSoft's mantra. The benefit of keeping all code in the add-in is that the people evaluating the product can try it without having to change anything in their PeopleSoft environment.

Because we had to add code to manage the interaction between PeopleSoft and excel, a side benefit is that we've also been able to address many common issues customers have to face with the PeopleSoft version, such as proliferation the Ren Server windows (when excel isn't hosted in the browser) and locking of the excel menus (when the spreadsheet is hosted in the browser). This was version 2.0 of the product.

Excel Add-in Extensions - Part 2
At Collaborate, we also met with a bunch of PeopleSoft customers who wanted better formatting for their queries (even something as simple as column widths is problematic). Funny enough, the infrastructure we just developed for "no code on the server" also allows us to solve some problems with Query and add some pretty cool enhancements, such as:

• Query Context: desribing the query (record names, field names, SQL)
• fixing number formatting
• fixing column witdth
• other formatting, such as putting in company logos, etc.
• subtotalling
• automatically adding auto-filters
• drilling from queries to other queries or pages

Therefore, we've held off distributing code snippets from Collaborate to add many of these features to our add-in (version 3 of the product). We expect to release it before the end of next week (less than 1 month from the release the prior release), so look for an announcement on that (if you want to try it out as soon as it's available, feel free to contact us at info@greysparling.com ).

Desktop Single Signon Extensions - Part 1
This one also falls under the category of doing 2 things at once. As many blog readers know, we have a desktop single signon product that takes their windows credentials, determines what their PeopleSoft userid is, and automatically signs them into the web application. This product has been receiving rave reviews (even from folks we worked with at PeopleSoft who were our biggest critics... they know who they are ;-)

Anyway, we had just finished beta-testing a new release that adds support for the client/server tools. This means that customers who deploy the windows tools (such as PS/Query, PS/nVision and app designer) can take advantage of this as well. However, due to considerations with PeopleTools, this version only worked when the initial authentication was done through the app server (we could get into a long discussion as to why we decided to do this, but we'll leave that for another blog entry as well).

Desktop Single Signon Extensions - Part 2
Anyway, we had one customer who wanted to use this as a way to demonstrate to their auditors that they have appropriate safeguards against passwords etc (since the network userid and password are the only point of failure from that perspective). Unfortunately, one cannot perform upgrade actions (such as moving code from development to test) with a 3-tier connection.

Therefore, again, we found ourselves completing one release and quickly turning around and developing the next one (true 2-tier desktop single signon). We're finally ready to release that (but were pretty busy doing this to meet a customer's schedule).

PeopleSoft Reviews
Finally, we've been very busy taking the PeopleSoft Experts Corner to customers for quick, high-value consulting engagements. We call them PeopleSoft Reviews, and consist of 2 days onsite, with prep work and a follow-on findings report. It's a great value for folks who want guidance with respect to:

• Their most pressing PeopleSoft issues
• Improving how they develop, administer, and support their PeopleSoft application
• Planning their next set of development initiatives

We had a bunch of these leading up to Collaborate (focusing on things from Performance tuning, Development practices, Security practices, and Reporting practices). Much of the value to customers for this type of engagement is a formal "findings report, " which is essentially a roadmap of recommendations targeted to the individual customer. Because of this, we've been very busy writing them and packaging up code snippets that support our recommendations.

We're in the process of finalizing our schedule for this summer, so if you're interested in having us come onsite to provide recommendations for you, feel free to contact us at info@greysparling.com Here's a brochure that describes some of the things we can do for you.

Labels: 2007, Events, Products

Many PeopleSoft Customers literally have forests of trees that they need to maintain to support their various needs. Many times these trees are needed to support several different reporting structures over their data. Keeping these trees up to date over time can be a very expensive and time consuming process.

For example, insurance companies are required by law to maintain two different account structures: one for standard GAAP reporting and one for the statuatory reporting required by licensing entities. This means that at a minimum, two trees have to be updated each time a new account is added to the system.

Tree Maintenance Snapon

Over the past few months, we've had several companies ask us to help them reduce the time and effort needed to maintain their trees as well as reducing the inaccuracies that occur in their reports because of tree maintenance errors. We're just wrapping up development on a product meeting these needs, the Grey Sparling Tree Maintenance Snapon

Intriguing... So what does it do?

Great question! This product helps organizations better keep their trees up to date through the following:

• By identifying all the trees that should contain a given value and whether those trees actually contain them
• By helping users to pick where the values should be added to the tree and using some ingenious logic to try to apply the selection to multiple trees
• By exposing this functionality at the point where the valid values supporting a tree are maintained
• And, by allowing the same functionality to be leveraged after the fact, by enabling a user to add values to trees by generating a list of trees that should contain a value (and doesn't) after the fact

Here's a brochure that discusses it.

If you're interested in seeing how the product works, we've put together a short demo of it in action.

Okay... We've finally put up the product pages as well... Here's where you can learn more about it.

Labels: 2007, Products, Tree_Manager

With the interest we've gotten with the PSIDE Helper, we decided to put together another product that solves a niche need. This is nVision Context Helper.

What is it?
This tool shows you the context of any number in an nVision report (report instance or drilldown result). We've packaged it as an excel add-in that adds a menu item into Excel that can be used in place of the DrillToPIA.XLA.

Because it looks at the nVision results in Excel to identify the context, this tool has no server code that needs to be installed and configured. Register the add-in to excel, and you're up and running.

From a user's perspective, they merely select a cell in their nVision report and use the menu to get more information about that cell (GSDrill --> About this Cell).



Benefits
In other words, if your users or auditors ever wonder what went into a number in a report, this tool will tell them. It understands and displays criteria in the report, filters applied by scopes, report requests, and the act of drilling. It provides transparency to end-users that isn't possible with other tools.

More Information
We've put together a product page and flash demo, if you want to see it in action. We've also added this as a standard feature to the nVision drillling Snap-on.

Labels: nVision, Products

Wish Application Designer were easier to use? Everyone always does.

What's funny to me is that ever since I started using PeopleTools (PeopleTools 2!), each major release has been so much better than the last that I couldn't stand to use the older version. But the exact same release that would make me so happy when it came out was the same one that I couldn't stand a few years later.

There are ways of breathing new life into Application Designer though. We've just released a new product, the Grey Sparling PSIDE Helper, that does just that. It's probably easiest to just watch the Flash demo to see how it works. Suffice to say that if you enjoy being able to press Control-J in a PeopleSoft page to learn which definitions is being used so that you can then open it in Application Designer, then you'll really like this.

Labels: Products

For those who know about Report Manager, it's the PeopleSoft-delivered means of finding and accessing reports. For those who support people who use Report Manager, there are quite a few significant usability issues with it.

Issues? What issues?
The main issue with Report Manager is that it doesn't know very much about the reports that it manages, which means that it's limited from the start. It also has limited features to allow configuration of the behavior of this product. Because it's the primary means by which users access reports, these limitations have significant ramifications with the user satisfaction, adoption and productivity in reporting.

Unfortunately, most BI tools aren't a whole lot better in terms of managing and accessing reports.

So, how do you fix it?
Grey Sparling fixed it by doing three main things:

1. We capture the information that describes the content of a report.
2. We allow you to use that information in combination with information in your PeopleSoft application to provide a rich user interface for organizing, finding, and describing the reports.
3. We allow you to configure the behavior of organizing, accessing, and using reports.

The end-result is a product named Report Explorer, which is revolutionary in how it solves these problems.

What do you mean, revolutionary???

The reason its revolutionary is that it is the only product that uses artifacts in your business application to help describe and organize reports in business terms. It's also revolutionary in the amount of control you have over the behavior of the user interface.

So, how do I learn more?

I'm glad you asked. We've recorded a demo that shows the product in action here. We've also put out a marketing brief that describes it here. Finally, if you want to talk with us about it in person, our contact information can be found here.

Labels: Products, Report_Manager

(Sept. 20 update: since writing this we have created a Desktop Single Signon snap-on product that works with PeopleSoft Enterprise. Here's the announcement and here is the product page).

Single signon is widely desired, yet not widely understood. As usual with PeopleSoft, there isn't one simple answer, but the good news is that it's not that hard to get what you want. The biggest challenges are political rather than technical.

So, let's start by listing a few of the different common definitions of single signon. What most people mean (and want) is that a user signs on once in the morning and is then granted access to all other applications based on that signon. No additional login screens, etc.

Another common definition is that there is only one place for a user to authenticate with. No need to remember 17 different passwords from systems that have different rules about how often to change the password and how long it has to be. The drawback here is that the user still has to authenticate for each system that they access. I'll refer to this style as "single password".

Note that I use the word "authenticate" rather than saying "fill in their username and password". Although most environments are based on username and passwords, the best run environments go beyond just username/password in order to validate the user (think SecureID token).

One interesting wrinkle to all of this is somewhat PeopleSoft specific. PeopleSoft supports a notion of single signon between PeopleSoft instances.

If you have PeopleSoft HR, Financials, CRM, and EPM, then you actually have four different environments, not just four different product lines in one environment. There are some advantages to this loosely coupled model, but unified administration wasn't one of them. We actually made some progress at this at PeopleSoft towards the end, but it still never got to be as simple as administering one large system.

Given those four separate environments, PeopleSoft supported single signon between them. If a user logged into, say, Financials and then followed a link to the HR system they would not have to signon again. You do need to configure each system to trust each other (you don't want someone with access to a demo CRM system to be able to access your production Financials), but that is not difficult at all. PeopleBooks has good information on how to do this.

Note that the word LDAP has not yet been mentioned. LDAP is just a common place for storing user information (such as their password, their email address, etc.). By itself, it doesn't provide single signon. It only simplifies getting single signon working by having a standards-based common location for storing user credentials.

We made some big bets on LDAP support in PeopleSoft 8. When that came out back in 2000, there weren't really too many enterprise application vendors that supported LDAP. Of course, all of our customers in Higher Education had been telling us to do this for years (especially the University of Michigan). We even had fantasies about dropping our internal authentication support and using LDAP as the out of the box authentication mechanism for PeopleTools 9.

One problem that we had though was that when our field was trying to explain to other customers how this stuff worked, that the concept of single signon and LDAP got confused. Even to the point where the single signon section in PeopleBooks had to be changed to explain that they are not the same thing.

So, out of the box, you can get support for "single password" from the desktop level if your desktop signon uses a backend that supports LDAP (such as Microsoft Active Directory). The first time that the user accesses PeopleSoft they get prompted for their password again, but then (via the PeopleSoft single signon) the user can access all of your PeopleSoft systems.

If you want to go beyond this and have desktop level single signon, then you'll need to do some customization. A common way of doing this is to have a Windows server running IIS that acts as a proxy server to PeopleSoft. You setup IIS to use NTLM authentication for the proxy link, which will cause Internet Explorer to send in the user's desktop signon information. Then you create a little bit of signon PeopleCode that will check the custom HTTP header that IIS will attach to the request with the user's domain and login ID.

If you do this make ABSOLUTELY sure that you validate requests with this header come through the IIS server. Otherwise you've just opened up access to your entire PeopleSoft system to anyone that knows how to create an HTTP request with a custom header (which is painfully easy). This is because the IIS server just passes back the domain and username, but does not cryptographically secure it.

The nice thing is that this is not just limited to Internet Explorer. Recent versions of Mozilla based browsers (Mozilla 1.6+, Netscape 7.2+, Firefox 0.8+) also have support for Microsoft's NTLM protocol. If the user is on a different platform than Windows, then their desktop signon won't be passed along, but at least they won't be locked out.

If you want to do this type of Windows desktop single signon, but don't want/can't have an IIS proxy server, then you'll want to look at using jCIFS for that.

How about if you don't want to use the Windows login as the basis for desktop single signon. Is that even possible with PeopleSoft applications?

Sure. It takes a little bit more work, but it's possible. You'd have to install something locally on the client machine that get the user's credentials once, and then passes that along to somewhere where the PeopleSoft server can validate it. Either by passing it along in the browser headers or some other way. If you're interested in this, take a look at Steve Friedl's Illustrated Guide to SSH Forwarding. Using SSH as a mechanism for desktop single signon for PeopleSoft applications strikes me as an interesting idea.

Well, there's more to be said on this topic, but this has been sitting in the queue for too long, so I'm publishing what I've got. Please comment if you're interested in hearing more (as well as what you'd like to hear).

Labels: Products, Security

(update : here are slides from our version control with PeopleSoft presentation at OpenWorld 2007)

As Larry mentioned in a post a few months back, we never managed to actually ship version control for PeopleTools. It had become a joke within the PeopleTools Product Management group that getting your feature prioritized below version control was a good way for it to never see the light of day.

But why is version control for PeopleTools objects so hard? Why were we even planning on building version control at all when there are so many other tools out there?

Well, the main reason is that a large majority of the application exists as meta-data within the database, and not in the form of text files that most version control systems expect. We did some internal benchmarking of the lines of code across our entire suite of applications and toolset and came in at approximately 10% of SAP. We were around 18 million LOC, SAP was somewhere north of 160 million (I never figured out the Oracle number). Of course, that was only counting actual lines of code, not all of the meta-data that lived in the database.

There are lots of benefits to being meta-data driven (a topic for another blog post someday), but lots of choices for version control are not one of them :-) And people do want to version control their application definitions, whether they are defined as code or as data. Hence, the long standing desire for version control for PeopleTools definitions. The change control feature that was shipped in PeopleTools 7 was better than nothing, but that's not saying much. There's a reason that you won't find many PeopleSoft customers using that.

A lot of people don't realize that version control is a tough problem to solve. Eric Sink of SourceGear has written an excellent "Source Code HOWTO" that provides the best coverage of the topic that I've seen. It treats you like you are smart, but not familiar with source code control and gets into a good level of detail without overwhelming you.

That writeup really highlights the amount of work that goes into building a version control system. If you read it, then you'll realize that PeopleSoft needed to either provide this functionality or be able to hook into a system that did.

Aside from the normal challenges of being dependent on 3rd party stuff in your shipping products, the other challenge of integrating in an "off the shelf" version control system is that they version lines of text, as opposed to data. Not an insurmountable problem, but definitely a challenge.

One thing that some customers did was to use Quest Stat for project management. Stat handles versioning of PeopleTools objects quite well, although they never got as much traction as they might have because Stat handles a lot of things in addition to version control, so it was overkill for a lot of folks.

What we've been doing internally for our own source code management within Grey Sparling is to convert PeopleTools objects to and from their delivered representations into text formats that we can check into Subversion, which is the source code control system that we use (we also use Trac, which can sit on top of Subversion to provide additional functionality). This has saved me personally on a number of instances from overwriting other people's changes in our development work.

In a nutshell, we export a project, slice up the export file pretty heavily into it's constituent parts, do a lot of sorting and other manipulation so that each line of text matches up with a specific data attribute that is "interesting" from a source code control perspective. This depends on PeopleTools 8.4x (the older project export files were in a binary format).

So now I can browse what changes were checked in, diff those changes from previous versions, etc. via my Blackberry while I'm out at the beach via the internet. All I need to do is actually go to the beach :-)

We also use Subversion/Trac for managing other non-PeopleTools definitions as well. Highly recommended.

It's funny when we tell people that we know that we've built version control for PeopleTools. They generally freak out a bit, knowing that if we were to ship this it would cause the world to come to an end :-)

Unfortunately I have no source code snippets to share in this posting on what we've put together so far. It's still in such a rough state that you have to really understand how it all works in order to use it. Which is OK for us, since we're still a small company, but since it's just something for internal use right now and not an actual product that we're selling, it doesn't rise up to the top of the priority list.

If you catch me in person at an event sometime ask me about it and I'll try to explain more and/or give a demo (assuming I don't get around to blogging more about it in the meantime).

Labels: PeopleCode, Products

Our apologies to our loyal blog readers for the lack of content in the past few weeks. Grey Sparling Solutions has had all hands on deck for a go-live for a large financial institution with our Reporting Security and Distribution PeopleSoft Solutions Extender. Taking the lead from Joel Spolsky, a blogger that we at Grey Sparling Solutions follow, we thought it might make sense to discuss a little about the product and how the customer plans to use it.

Background
As with most financial services institutions, financial reporting is a very important aspect of their ERP solution. This customer has several thousand financial reports that they need to run periodically, and need to secure and distribute to many users. The process of securing and distributing the reports is a very challenging problem for them (and in an era where controls need to be easily audited, the lack of good report security and distribution functionality in ERP systems is a challenge for them).

Additionally, most of the people receiving reports do not use the ERP system other than to look at reports and drill into results. Therefore, the customer would prefer that reports are distributed through email. However, many of these users receive several reports at once, and the customer would like the links to the reports to be consolidated into a single report.

The solution
The Report Security and Distribution PeopleSoft Solution Extender (we recently renamed it from the process scheduler extender) is what this customer is utilizing. This extender has the following major components:

• A means of defining the security rules: as in which users should have access to what data.
• A means of defining the reports to be run and linking in the security rules to ensure that the report data is filtered appropriately and the results are distributed to the right people. The filtering and routing happens automatically.
• A means of graphically organizing the nVision reports into jobs to be run on different schedules and organized appropriately. This allows the administrator to see the complete jobstream and all the times different reports are to be run in a single graphical view.
• A means of defining and personalizing the content of the emails with information in the ERP system. This allows robust, highly formatted emails to be generated with highly descriptive information about each report in the email itself.
• A means of generating the emails on a pre-defined schedule. This allows the reports to be distributed in bulk, with multiple reports in a single email.
• A means of auditing which users have access to which data and which reports. This allows the customer to determine whether the right people are getting the right data (which makes auditing for compliance purposes very easy).

Next Steps

Once this go-live is completed, the customer will implement the report manager part of the extender, which will provide a robust means of organizing and accessing the reports outside of email (through a browser). The users will be able to find reports based on the data in the reports, as well as setting up favorite reports that they won't have to search to find. In addition, we will track which users have viewed which reports at what times (which allows the organization to understand which parts of the business are a compliance risk, because without reviewing the financial reports, they are probably not enforcing the appropriate controls in that area).

Labels: Events, Products