openerp-community team mailing list archive

Thread
Date
Re: OpenERP CMS: How is server separation implemented?

To: Markus Schneider <markus.schneider@xxxxxxxxxx>, openerp-community@xxxxxxxxxxxxxxxxxxx
From: Fabien Pinckaers <fp@xxxxxxxxxxx>
Date: Fri, 17 Jan 2014 21:43:28 +0100
In-reply-to: <52D94FF8.2080402@initos.com>
Hi,

The future of management softwares is to have your enterprise connected to
the external world.

In that regard, OpenERP v7 is already hugely connected to external systems
or persons: EDI (connection between OpenERP and OpenERP), API (connection
between OpenERP and third-party tools), portal (access for your customers
and suppliers), email gateway (connect communications), eCommerce
connectors, bank interfaces, shipping connectors, mobile apps, ...

CMS & eCommerce are just one more step forward into this direction. (a huge
step)

So, CMS and eCommerce are just normal OpenERP modules. There are no
interfaces, they are integrated exactly like the sale and inventory
application are integrated.

But this integration is probably the most important one we did over the
past years. I analysed a lot of businesses in order to detect waste in
their operations. And you know what: the frontend-backend interfaces are
the biggest waste of time and inefficiency in most companies; even more
than the sale-inventory integration, sale-accounting or a sale-projet
integration. So, we have to go into this direction if we want to provide
great values to our customers.


As we explained during the previous community days, it's not just a CMS or
an eCommerce; we are doing the frontend of all our applications. So, every
application will become better because of the ability to have a frontend
for prospects, customers or suppliers. Some examples:
  - the frontend of sale is the eCommerce
  - the frontend of event is an eventbrite-like website
  - the frontend of hr_recruitment is the "Jobs" page and the application
form,
  - the frontend of HR is the page "Our Team", automatically updated, ...

An 'event management' application without the ability to promote or sell
events was worth nothing. A 'recruitment' application without the ability
to publish jobs offer and get applicants was not really complete. With the
frontend, OpenERP reached a level of quality in its apps that no other
competitor is able to reach.

You have to see the 'website' module of v8 like the new Web Client of v7; a
real game changer. The web client allowed so many things to reach a higher
level of quality of all apps (kanban views, open chatter, strong
useability, ...) This will be the same with the frontend; it will open the
door to great improvements to all existing apps, including some you may not
even think of.

As an example, we just did a quick prototype to illustrate my point. Check
this video, a new way of doing quotations:

https://drive.google.com/file/d/0B5BDHVRYo-q5SDZFcEJmTXFyNTA/edit?usp=sharing

This is so cool. I bet it improves quotes success rate by at least 20%! Can
you imagine such a feature with the CMS?

Some other examples: the new report engine is based on the CMS (no more
need of openoffice report designer or others), the new email template
builder is based on CMS (much better than the mailchimp one), ...


* So, what about the security? *

You can choose between:
1/ having a fully integrated solution on the same server: frontend+backend
or
2/ deploy separatly the frontend and the backend (and use modules like
base_synchro to sync them)

In my opinion, most companies will go for the 1/ option because it's so
powerful that it counter-balance every other arguments in favor of
splitting physical servers.

It's a bit like the Facebook privacy; everyone complains against it but at
the end, everyone uses Facebook because it's much more efficient to
communicate or share photos. --> Some may complain on putting the frontend
and the backend on the same physical server, but the advantages are so huge
that nearly all companies will go for this solution.

* Is a single server less secure than two different servers? *

I am not even sure that separating different servers with a synchronization
between them offers a better security.
Mostly because there are so much connections with the ERP and external
applications (emails, bank interfaces, customer portal, edi, mobile apps,
...) that you already need to have your OpenERP accessible online.


Having one server to secure is much easier than having two different
technologies to secure. Let's compare these two scenarios:

Case 1: 2 servers, with a magento-openerp connector
  - Magento
  - OpenERP

Case 2: eCommerce and backend on OpenERP
  - just OpenERP

Here are the possibilities:
  - if OpenERP has security holes, both 1 and 2 use cases are very bad.
  - if OpenERP has security holes, only use case 1 is very bad.
So, use case 2 has probably less security holes :)


IMHO, it's more important to think about how to secure OpenERP even more
rather than trying to allow to deploy frontend+backend on different servers
with interfaces between both.

If you are not convinced, no problem! Just use OpenERP eCommerce on one
server and OpenERP ERP on another one. It works exactly like
Magento-OpenERP and it's even easier to sync as the DB schema is the same.
(and you can reuse the base_synchro module)


As a summary: it's not the CMS or eCommerce that is a real game changer.
It's the fact that we integrate frontend and backend!

This will open new possibilities we don't even think of today.
Great value for customers and no other competitor will be able to follow us
on these area because OpenERP is the only one to have this "Integrated
Business Apps" approach.

Fabien
OpenERP Founder


On Fri, Jan 17, 2014 at 4:44 PM, Markus Schneider <
markus.schneider@xxxxxxxxxx> wrote:

> Hi,
>
> On 17.01.2014 10:16, W. Martin Borgert wrote:
> > On 2014-01-11 11:20, Fabien Pinckaers wrote:
> >> We just released a few videos to showcase the CMS and eCommerce apps of
> >> OpenERP v8. You can get a direct access here:
> >>     https://www.openerp.com/teaser?v=all
> >
> > Very nice! I wonder, how a typical server separation is done?
> >
> > I assume, that normally one has two systems:
> >
> >  A. An ERP system in the company, probably with no direct
> >     internet access, but only accessible from approved clients.
> >     If the internet connection to the outside world breaks, one
> >     can still use the ERP, because its local. You may have data
> >     in the ERP that you would not (be allowed to) copy to
> >     servers outside of the company.
> >
> >  B. A CMS in a data center with public internet connection. This
> >     contains all the public information, but only the absolute
> >     minimum of client data, so that the damage of someone
> >     copying the database would be limited. If the companies
> >     internet connection breaks, the CMS is still visible to the
> >     world.
>
> No it is just A and B in one system. Security is always a matter, but if
> you are a eCommerce System than all your sensible customer data are also
> in shop system.
> General the problem on security comes from inside your company as well.
> So the idea to have erp system and internet seperated works only in a
> world without eCommerce, email and customer portals. I don't need this
> you are wrong with OpenERP ;)
>
> > How is this implemented in OpenERP? Is synchronisation between
> > both systems done on request or in regular intervals? How do you
> > make sure, that no sensitive data from the ERP ever gets to the
> > CMS, which is exposed to the world? Per table? Per application?
>
> This is a other issue. And the practice ( in example openerp.com ) has
> fail in that.
> As a partner our company address is listed on openerp.com but some stuff
> add mobile number of our ceo and the mail for incoming invoice to our
> address. So far fine, But as a result the information was shown public
> on openerp.com because it is only one system.
>
> This is not a failure of system but a human failure. I have no idea to
> prevent such problems but i interested to know what have OpenERP think
> about that problem.
>
> Greetings
>
> Markus
>
> > TIA!
> >
> > _______________________________________________
> > Mailing list: https://launchpad.net/~openerp-community
> > Post to     : openerp-community@xxxxxxxxxxxxxxxxxxx
> > Unsubscribe : https://launchpad.net/~openerp-community
> > More help   : https://help.launchpad.net/ListHelp
> >
>
> --
> Dipl.-Comp.-Math. Markus Schneider
> Softwareentwickler
>
> initOS GmbH & Co. KG
> An der Eisenbahn 1
> 21224 Rosengarten
>
> Mobil:   +49 (0)172 2303699
> Phone:   +49 (0)4105 5615613
> Fax:     +49 (0)4105 5615610
>
> Email:   markus.schneider@xxxxxxxxxx
> Web:     http://www.initos.com
>
> Geschäftsführung:
> Dipl. Wirt.-Inf. Frederik Kramer & Dipl.-Ing. (FH) Torsten Francke
> Haftende Gesellschafterin: initOS Verwaltungs GmbH
>
> Sitz der Gesellschaft: Rosengarten – Klecken
> Amtsgericht Tostedt, HRA 201840
> USt-IdNr: DE 275698169
> Steuer-Nr: 15/205/21402
>
Follow ups

Re: OpenERP CMS: How is server separation implemented?
From: Markus Schneider, 2014-01-18
Re: OpenERP CMS: How is server separation implemented?
From: W. Martin Borgert, 2014-01-17
References

OpenERP CMS & eCommerce
From: Fabien Pinckaers, 2014-01-11
OpenERP CMS: How is server separation implemented?
From: W. Martin Borgert, 2014-01-17
Re: OpenERP CMS: How is server separation implemented?
From: Markus Schneider, 2014-01-17