The LawsonGuru Letter is a free periodic newsletter containing provocative commentary about issues important to the Lawson Software community. The LawsonGuru Letter is published by-and is solely the opinion of-John Henley of Decision Analytics. Visit Decision Analytics at http://www.danalytics.com. For subscription information, see the bottom of this message.
The LawsonGuru Letter is not affiliated with Lawson Software.
In this issue:
1. Guest Spot: Transactional and LAUA Auditing within Lawson
2. Reader Feedback
3. Worthwhile Reading
4. Survey: Lawson & Intentia
5. Lawson Tips & Tricks
Reader feedback reached a peak this month regarding a few key Lawson events, namely CUE 2005 and the Lawson/Intentia merger. I've included a sampling of your responses in this issue. Thanks so much to all of you who responded! Your comments are always encouraged--send them to mailto:firstname.lastname@example.org.
This month I'm turning the Guest Spot over to Ray Schloss. Many of you know Ray from his days at Lawson; he's know working with Machensoft, and his article introduces Machensoft's ESBus product. ESBus is an intriguing solution to some of Lawson's security and auditing gaps.
So that we can all take a breather for summer vacations, etc., we'll return to the the reporting series in a couple of months. Happy Summer!
1. Guest Spot: Transactional and LAUA Auditing within Lawson
(by Ray Schloss, Machensoft)
Many IT shops are facing increasing pressure to provide robust transactional and security auditing for their enterprise applications. Whether this is driven by statutory regulations such as Sarbanes-Oxley or HIPAA, business partner requirements such as government or financial institutions, or just the sweeping trend to put in place “best practices”, the challenges remain the same. How do you find out who is doing what within the Lawson system, and even more challenging, is there a way to see a “point-in-time” for any transaction (i.e. What was the customer’s AR10.1 credit limit before Mary changed it last Tuesday?)
One of the problems with this has always been that Lawson interacts with the database with a single login. This master login is used regardless of the LID or Portal user, regardless of the application or token, Drill-AroundTM , DME query, etc. Since there’s but one login, any attempt to use standard relational database logging has been futile –the master login is the user that changes everything.
In Version 8.1, Lawson promises to bring all of us screeching into the 1990’s by finally passing along the true user’s credentials to the database. But alas, challenges remain. Lawson is a transactional system, with a database designed for transactional and storage efficiency (primarily normalized). This means that any of the larger and more audit-desirable transaction such as HR11.1 (Employee) or RQ10.1 (Requisition) can actually touch well over 50 different tables in the database. Creating a complete log for a complex Lawson transaction entails a mind-numbing amount of setup and configuration to get the reports in place.
New types of software are available that provide remarkable solutions to enterprise application challenges such as transactional auditing. Two of these, Event Management Systems (EMS) and Enterprise Service Bus (ESB) architecture, are considered by some analysts as the future of enterprise applications.
An Event Management System can create actionable transaction events for systems like Lawson without having to make any modifications to the base source code. These transaction events, which are accompanied by all the pertinent user information and transactional data, are then passed into an Enterprise Service Bus.
The Enterprise Service Bus is a system that knows how to accept a wide variety of transactional events and apply actions to them, be that real-time integration between different systems, data augmentation or modification, security validation, or of course, real-time enterprise transactional auditing.
A company called MachenSoft has brought to market a product called ESBusTM , providing this unique combination of an Enterprise Service Bus and an Event Management System, fully compatible with all Lawson systems from version 7x and greater (LID or Portal). ESBus capitalizes on a proven Service Oriented Architecture (SOA) today, and is completely Java-based, allowing it to be run on any operating system that can run a Java Virtual Machine/servlet container. As a true middleware EAI application, ESBus is independent of changes in the applications which it serves, and as a multi-threaded system it is capable of outperforming Business Component Integrator (BCI) many times over.
ESBus software acts very much like a bus in the “real” world by picking up data and dropping it off where it needs to go. It can also change the data’s “seating assignment” along the way if necessary (like triggering a workflow process, restructuring data types, changing data elements, writing an audit history, performing a calculation, etc).
In the case of Lawson, an example bus route may look like this: a client wants to ensure that any changes made to a customer record via AR10.1 that would place an account on “hold” status would immediately update their legacy mainframe delivery application as well as send an email off to the Salesperson responsible for that account. This ensures that no additional products or services are delivered to the customer until the account is taken off of hold status in the Lawson system. ESBus, in this case, recognizes that a change is being made to AR10 transaction that affects a customer’s hold status. ESBus grabs the transactional data and immediately sends the “hold” command to the legacy application as well as sending the email off to the Salesperson so they can manage the account. The result? The company saves time and money around collections and the Salesperson is immediately notified so they can be proactive in resolving the situation.
ESBus provides the following out-of-the-box functionality for Lawson systems:
- Real-time auditing for any Lawson transaction without the need to make changes to the base COBOL or RPG source code
- Was/Is (Point-In-Time) transactional reporting
- Proactive LAUA Change Reports
- Real-Time integration between Lawson and non-Lawson systems (again, no User Exits or source code mods required)
- Session Management for Lawson’s PortalTM ;
- Robust Process Automation
Back to Auditing
Here is an example of the point-in-time auditing history that is made available with ESBus. You can determine the user, date and time-stamp, as well as the IP address, AGS, DME or IDA call that initiated the transaction. The red font shows the fields to which a change has been made:
This screenshot shows an example of a report that is proactively emailed when a change is made to LAUA:
If you are interested in more information on how MachenSoft ESBus can help with your applications, visit their website at www.machensoft.com or call 877.867.1174.
2. Reader Feedback
Earlier this month, we heard about the proposed merger of Lawson and Intentia; I sent out a special edition of the LawsonGuru Letter detailing my thoughts about this merger (see http://www.danalytics.com/guru/letter/archive/2005-intentia_merger_1.htm). Here are your comments:
“Your article about the Lawson-Intentia merger was quite interesting. You have some interesting points, especially the "turning the ship" metaphor. How appropriate.
I suspect that Intentia has been hamstrung by Swedish work regulations from completely offshoring their development work. After the merger, they can easily offshore all remaining Swedish development work to Xansa in India. That will certainly help the bottom line.
The day before the Intentia announcement, Lawson filed an SEC documetn about an exclusive deal with IBM for pushing WebSphere. This means continuing lack of support for Tomcat users. WebSphere is expensive, so using it will increase expenses for Lawson clients. Typical of Lawson, they slipped this in, then covered it up by making the Intentia announcement the very next day.”
“Being an independent consultant, mostly assisting Lawson customer with GL Financial Report Writer and Enterprise Reporting for the past ten years, it is with great interest that I read your newsletter regarding the merger. I agree with your comments about the impact this might have on Lawson’s Project Landmark. I was also happy to see Richard Lawson involved at CUE2005 and with the new company.
Here’s a crazy idea. I wonder if the intent of the merger is to increase the customer base and pump up the balance sheet in order to make the combined company attractive bait for an even bigger fish.”
“Interestingly also - Intentia software has all business logic of their own software based on Java, and this article (http://www.informationweek.com/story/showArticle.jhtml?articleID=163101208) says that Lawson will rewrite everything in Java as well. I guess it's time to brush up those Java skills :-)”
“That was a great article you wrote about the merger. Way to keep a cool head when all about you are losing theirs.”
“Thanks for your concise overview. I'm curently reviewing the Intentia site in an attempt to understand their interface and design methodology. I understand that you're saying Lawson will drive with their new technology focus so it should be interesting. Thanks again.”
CUE 2005 was held in May in San Diego; some liked it, some didn't:
“One like, one dislike and one suggestion:
- I did like the Hackett discussion on metrics. Some before and after measurements can help validate (or refute) decisions that cost big dollars and hours.
- I did not like wiping out my weekend for travel. The travel day should be Monday with the conference Tues thru Thursday.
- Suggestion - don't just toggle from San Diego to Orlando. Washington DC happens to have a new convention center plus local attractions no other area can match. In addition, the great majority of those attractions are free (Smithsonian, zoo, national monuments) and varied to attract all sorts of interests.”
“I did not care for the personal development sessions. I thought the Lawson sessions were adequate but weak for advanced users.
We do not pay high dollar registration fees to get personal development. I can do that at home. I DO pay to get quality information from the sessions.
I was disappointed in the sessions. I think perhaps half of the ones I attended were useful information to me. We have used Lawson for 7 years and consider myself an advanced user. I believe our new users found it more useful than I did. Sessions for more advanced use of Lawson applications would be welcomed by this user.
While I like the Digital Concourse concept I did not think it was deployed well. The message that you were required to enroll for sessions on line to guarantee a spot in class was not communicated clearly. Then, there is always the issue that once you there and one member of your team attends a great session and you find the session you signed up for isn't what you thought, you change your mind. If you are always able to get into the
session of your choice, whether you sign up or not, then the pre-registration is worthwhile. But I found classroom monitors checking your sign up sheet to be a negative. It did not convey the "partnership" that we continue to hear from Lawson.
Also, Digital Concourse has some issues with their server. Not being able to access for several weeks was a huge negative. Also, we had issues getting the session information to display the same format each time we attempted login. They need to correct the access issue as well as format consistency.
I agree with the guru's statements regarding the opening sessions. I would prefer the labs be open than to be spoon fed some of this marketing. The labs provide an excellent use of time.”
“San Diego is a nice location. Mother's Day weekend was not a nice time. However, I would give this year's CUE a 7 on a scale of 1-10. If you excluded the "Blue Zone" and opening sessions, that would be more like an 8 1/2. Simply skipping the Hackett Group presentation would have earned them another 1/2 point. About two sentences from Dean Hager concerning that deal would have been sufficient.
For my part, the "Blue Zone" was a major distraction and waste of time and money. I've attended three of the last four CUEs (missed Atlanta), and this was by far the worst keynote speaker they've had. I attend CUE to learn about Lawson, though I don't mind a little entertainment on the side. Dan Buettner and the "Blue Zone" provided neither of these. Don't misunderstand. The guy's presentation was very good. However, it was something I expected more to see on PBS than at CUE.
I know a lot of folks like the pre-registration idea for the academies. I was caught up in the middle of an upgrade until the last week or so before CUE, so I missed it. That was a mistake on my part. However, I think Lawson could have done a couple of things that would have improved on this idea.
First, Lawson could have better informed CUE registrants of the process. A lot of us are drowning in bugs and patches (news flash--NOT!). Lawson needed to have been more aggressive in their notifications to be sure everyone understood he wouldn't be getting into these sessions if not pre-registered. The other thing that would have made this situation better, would have been to add more sessions for those that filled up early.
A bit more planning could have been used to ensure the Lab area was properly staffed. There were multiple times when every person who knew something about a particular area was either giving a presentation, at lunch or otherwise occupied. If Lawson didn't have enough of their own employees for this purpose, they should consider making some kind of arrangement with some of their partners to assist. Many of them have people who are easily as expert in many areas as Lawson's own.
As always, I did learn a great deal of useful information at this year's CUE. I liked the fact that they offered a few sessions after lunch on Wednesday. Many of us waited until the next day to get a flight home, so it was good to have one more chance to pick up something useful. The vast majority of sessions I attended were very informative. The convention center was well-suited for the task.”
“The meeting was well attended, and it was extremely well coordinated. Registration was smooth and the meals were the best "conference food" I have ever tasted. Fabulous job. However, there was an aura of uneasiness in the air. Something just wasn't "right." Something didn't "click" and I can't quite put my finger on it. I went to the keynotes expecting the Lawson Cheer Squad to pump me up. Didn't happen. I went to the receptions expecting to network with other Lawson Administrators. Didn't happen. I even visited the Hospitality Desk in my hotel asking for pertinent information. Didn't happen. I went to the sessions seeking information I could put in place as soon as I got home. Yeah! That part worked famously!
I think that the fact that the keynote sessions were re-arranged at the last minute was very telling. Conferences of this type are planned down to the minute and the minutiae. That was obvious with everything else we did -- transportation, facility, meals, sessions, entertainment. And yet, something made them re-arrange the most important 2 hours of the entire event. Hmmmmmmmm.”
And, finally, regarding my views on Lawson's Project Landmark in the June issue (see http://www.danalytics.com/guru/letter/archive/2005-06.htm):
- QUOTE OF THE ISSUE –
“Never interrupt your enemy when he is making a mistake.”
-- Napoleon Bonaparte
3. Worthwhile Reading
Tools to Master the Sarbanes-Oxley Challenge
The demands of Sarbanes-Oxley compliance may prove to be the medicine enterprises need to improve their processes and controls, but at the moment, most organizations feel only pain as they have had to scramble to meet implementation requirements.
Application Development Trends, June 2005
The rise and fall of Krispy Kreme is a cautionary tale of ambition, greed, and inexperience.
CFO Magazine, June 2005
Steak Done Well
In the beginning, Outback Steakhouse was just three guys who had recently left their jobs at big food chains, with the idea that they could come up with something better on their own.
Fortune Small Business, June 2005
The Post-PeopleSoft Landscape and the Future of ERP
Oracle's acquisition of PeopleSoft is not the dawn of a scary new era for CIOs; it's the twilight of the old ERP age. It may also be an opportunity to create an ERP future that adds value, not cost, to your business.
CIO Magazine, June 1, 2005
4. Survey: Lawson & Intentia?
It's being touted by both parties as a "merger of equals". You've read my views. How do you feel about "the New Lawson"? Will it be a winner? Or a loser? Send your thoughts to mailto:email@example.com, and I'll publish them--anonymously of course.
5. Lawson Tips & Tricks
Share your tips. Send them to mailto:firstname.lastname@example.org.
(This month's tip comes from Pat Patterson at Akron General Medical Center.)
Invoking Logout Button (Internet Explorer only)
These procedures will allow you to incorporate the Logout button using Internet Explorer. The Mozilla derivatives (Netscape, Mozilla) cannot pick up the Logout button.
Update any roles/*.xml files you wish to have the Logout button implemented by either adding the <LOGOUT/> tag or uncommenting the tag if it is commented out.
In the init() function from the $WEBDIR/lawson/portal/logon.htm page, add the line document.execCommand("ClearAuthenticationCache","false"); and remove the if part of the status = 401 check. The logic should read:
var x = parent.httpRequest("/servlet/Profile",null,null,null,"LAWSON","LOGOUT")
Make sure you save a copy of your modified files before and after you make these changes, since they will likely be overwritten by new Lawson deliverables and patches.
The LawsonGuru Letter is a free periodic newsletter containing provocative commentary about issues important to the Lawson Software community. The LawsonGuru Letter is published by--and is solely the opinion of--John Henley of Decision Analytics. Visit Decision Analytics at http://www.danalytics.com.To subscribe, send an email to: mailto:email@example.com To be removed from the subscription list, send to: mailto:firstname.lastname@example.org
© Copyright 2003, Decision Analytics. All rights reserved. Please share The LawsonGuru Letter in whole or in part as long as copyright and attribution are always included.
Decision Analytics is an independent consultancy, focusing on Lawson technical projects, and specializing in customization/modification, data conversion, and integration/interfaces (including BCI/Mercator). Please visit http://www.danalytics.com for more information.
Decision Analytics. Integrating Lawson with the Real World.