ISSN(Online): 2395-xxxx

International Journal of Innovative Research in Computer

and Electronics Engineering
Vol. 1, Issue 5, May 2015

Cloud Based Enterprise Resource Planning

Using Software As A Service
Sujatha A1, Jayasudha R2, Prof Srinivasan. R3
M.Tech (IT) Student, Department of IT, PSV College of Engg & Tech, Krishnagiri, TN.India1
Assistant Professor, Department of IT, PSV College of Engg & Tech, Krishnagiri, TN,India 2
Head of Department , Department of IT, PSV College of Engg & Tech, Krishnagiri, TN, India 3

ABSTRACT: Decentralized access control is one of important schemes for secure data storage in clouds that supports
anonymous authentication. In the proposed scheme, the cloud verifies the authenticity of the series without knowing the
users identity before storing data. We have designed the complete enterprise resource planning using a SaaS based
Technology Workday. We have addressed the Core HR transactions from Hire to terminate using this SaaS technology.
Tailored the Business Process rules, Security and Compensation package as per the client requirement used this SaaS,
as Upgrade will not be a hassle for the client and it will be owned by the Software vendor. We can access the
application through mobile from wherever you are.

KEYWORDS: Cloud Computing, Access Control, Architecture, Services, Hardware Virtualization.

I. INTRODUCTION
Cloud computing is a computing model in which hardware, platform, infrastructure and software are
characterized and conveyed as an administration instead of an item. Cloud computing is rising up out of late
advances in innovations, for example, hardware virtualization, Web administrations, dispersed computing,
utility computing and framework automation. Cloud computing exploits hardware virtualization to securely and
powerfully distribute physical resources, for example, computational power, stockpiling, and systems to the
clients. Cloud resources are conveyed to the end-clients through Web administrations. This basic model brings
about alluring peculiarities like Elasticity, Cost Effectiveness, Pay-as-you-go Pricing model, Global-Scale
Accessibility and Usability and Easy Maintenance. Elasticity is accomplished by designating physical resources
rapidly to the consumers as per their needs and cloud administrations can scale on-demand. Resource imparting
enhances utilization of physical resources and along these lines decreases the associated expense, consequently
we can say it is expense adequacy. Cloud administrations have consumption-based metering and charging; this
property makes them more moderate for little organizations and new businesses which are called Pay-as-you-go
Pricing Model. Worldwide scale Accessibility and Usability is a good peculiarity; Cloud consumers have entry
to a basically boundless physical resource pool through Web. The an alternate gimmick of cloud is Easy
Maintenance, all non-functional prerequisites of IT, for example, upkeep of hardware and software, are tended
to by cloud providers, in this way consumers can concentrate on their functional business necessities. To better
comprehend the extent of cloud computing and related concepts and advances, in this section we exhibit
taxonomy of cloud. In a cloud-show there are four principle members they are cloud provider, cloud consumer,
Cloud broker and Cloud Broker
Cloud administration consumer is an individual or application who gets to a cloud administration. A cloud
broker is an element that intervenes between cloud providers and cloud consumers. The goal of an administration
broker is to give the cloud consumer an administration that is more suitable for its needs. This is possible by
streamlining and enhancing the administration and contract, amassing different cloud administrations or giving worth
included administrations. One can consider cloud brokers as a unique cloud provider. A cloud auditor is an autonomous
gathering who looks at a cloud administration stack to give an assessment on security, protection and
accessibility level of the corresponding cloud benefits and guarantees that the corresponding Slas (Service Level
Agreement) are satisfied. The subtle elements and extent of evaluating methodology is regularly pointed out in
the administration contract.
Copyright to IJIRCEE

www.ijircee.com

ISSN(Online): 2395-xxxx

International Journal of Innovative Research in Computer

and Electronics Engineering
Vol. 1, Issue 5, May 2015

II. RELATED WORK

In [1] open systems such as cloud computing platforms, delegation transfers privileges among users across
different administrative domains and facilitates information sharing. We present an independently verifiable delegation
mechanism, where a delegation credential can be verified without the participation of domain administrators. Our
protocol, called role-based cascaded delegation (RBCD), supports simple and efficient cross-domain delegation of
authority. RBCD enables a role member to create delegations based on the dynamic needs of collaboration. In [2]
Cloud storage enables users to remotely store their data and enjoy the on-demand high quality cloud applications
without the burden of local hardware and software management. Though the benefits are clear, such a service is also
relinquishing users' physical possession of their outsourced data, which inevitably poses new security risks toward the
correctness of the data in cloud.In order to address this new problem and further achieve a secure and dependable cloud
storage service, we propose in this paper a flexible distributed storage integrity auditing mechanism, utilizing the
homomorphic token and distributed erasure-coded data.
In [3] an important problem in public clouds is how to selectively share documents based on fine-grained
attribute-based access control policies (acps). An approach is to encrypt documents satisfying different policies with
different keys using a public key cryptosystem such as attribute-based encryption, and/or proxy re-encryption. A direct
application of a symmetric key cryptosystem, where users are grouped based on the policies they satisfy and unique
keys are assigned to each group, also has similar weaknesses. We observe that, without utilizing public key
cryptography and by allowing users to dynamically derive the symmetric keys at the time of decryption, one can
address the above weaknesses. In [4] File distribution and storage in a cloud storage environment is usually handled by
storage device providers or physical storage devices rented from third parties.Files can be integrated into useful
resources that users are then able to access via centralized management and virtualization. Nevertheless, when the
number of files continues to increase, the condition of every storage node cannot be guaranteed by the manager. High
volumes of files will result in wasted hardware resources, increased control complexity of the data center, and a less
efficient cloud storage system.
III. PROBLEM DEFINITION
We need to own the software and take care of maintenance. The data will be available in the service providers
premises and is prone to data hackers. Every year, the software provider can release a new version and it is our
responsibility to upgrade our system along with the data to cope up with the new version. Security is a big concern here
as the data is available to most of the developers who supports the system. Time and money involved in supporting and
enhancing will be very high, where we dont have any other option.
We need to upgrade our application to the new version of the software provided else support will be stopped
by the vendor. We need to have frequent down times as maintenance will be undergoing. Amount of money and time
involved will be very high. Prone to data hackers. As all the data will be maintained in one place, there is a high risk of
data loss and need to have a mitigation plan for natural calamities etc.
We are providing the complete HR solution with the Cloud based SaaS solution Workday. We will be
designing the organization structure and Locations or any other Organization types based on the clients requirement.
We will be setting the business process for all the client actions right from Hiring an employee to Terminating an
employee. So, the actions are fully controlled and the security will be imposed in two ways based on Who sees what
and Who approves what. Only the person assigned with a particular role will be able to act on the transactionWe
dont have access to the database as it is handled at the centralized place. Setting up the Compensation for the new hires
is also done by the Eligibility rules, Compensation plan, Compensation grade and the Compensation Package. Once the
Business Process flows are setup, we can start with our day to day activities and also, the managers can see the reports
from their Home Page about all the activities like Performance, Team member details, Profit and Loss of the
organization.

Copyright to IJIRCEE

www.ijircee.com

ISSN(Online): 2395-xxxx

International Journal of Innovative Research in Computer

and Electronics Engineering
Vol. 1, Issue 5, May 2015

IV. IMPLEMENTATION AND RESULT

A: Location Hierarchy and Locations
Locations are an attribute associated with a worker in a position, and can also be used for assets. Locations
reflect a worker's work location rather than an area of responsibility. Locations can be structured as a hierarchy
whereby Location A can be the superior of Location B. Location hierarchies have organizational roles and can include
locations for grouping purposes. Location hierarchies can also be structured as a hierarchy whereby Location Hierarchy
X can be the superior of Location Hierarchy Y.
B: Custom Organization
You can use custom organizations to group workers into logical constructs that are not defined by Workdayprovided organization types.Use the Maintain Organization Types task to define custom organization types. You can
configure a custom organization to be a worktag in financial transactions, and assign a worker to the custom
organization in organization assignment so that the custom organization defaults as a worktag into transactions that
involve the worker. You can mark up to 10 custom organization types as a financial worktag. In addition to their use in
business process routing, worktags can also be used as a dimension in reporting. If a custom organization is configured
to be allowed in Change Organization Assignment, then it cannot be assigned via membership or Assign Worker tasks.

Image: System architecture

C: Organization Roles, Members and Org Assignments

Roles enable security control for role-enabled objects, such as Organizations, Service Centers, and Spend
Categories. Roles include responsibilities such as Manager, Recruiter, and HR Partner. The Maintain Assignable Roles
task identifies the security groups that can assign each role. You can assign a role to any level in a hierarchy. If a role is
not assigned directly, the position assigned to the role is inherited from the superior. Workday's model of assigning a
role to a position, rather than to a specific worker, considerably simplifies role maintenance in the position management
staffing model, as roles do not have to be updated manually every time a worker moves out a position.

Copyright to IJIRCEE

www.ijircee.com

ISSN(Online): 2395-xxxx

International Journal of Innovative Research in Computer

and Electronics Engineering
Vol. 1, Issue 5, May 2015

D: Security Group
The context type of each security group is determined automatically by the security group type with which it is
associated, and cant be changed. The name of the security group type indicates different types of row-level access to
secured items. Example: A user-based security group is automatically unconstrained, but a role-based security group
(constrained) is constrained by organization access.
Unconstrained: All users in the security group have access to all data instances secured by the security group, similar to
having access to all rows in systems based on traditional relational database architecture.
Constrained: All users in the security group have contextual access to a subset of data instances (rows) which the
security group can access. Users' access to individual instances is governed by either:
Individual Role
Organization
Mixed: Users in the security group don't have uniform access to data instances. This applies to these security group
types:
Intersection security groups (a subset of 2 or more security groups).
Aggregation security groups (a superset of 2 or more security groups).
E: Business Process Setups
A business process in Workday is a set of tasks that people initiate, act upon, and complete in order to
accomplish a desired business objective. When a business process is initiated, Workday routes the tasks to the
responsible roles (users who are capable of completing the tasks based on their membership in security groups) and
enforces security and business rules throughout the business process.
Any user with the appropriate role can initiate a business process. Once initiated, the business process notifies
users in the responsible roles as it processes each step and receives feedback when each step is complete, so it can
move on to the next step.
All business processes are based on a business process definition; you can't create a business process in
Workday without first defining it. Workday's default business processes are delivered definitions and can be
customized to meet your needs. You can copy the business process to any supervisory organization and tailor it as
necessary, creating different versions of the same business process for different organizations. The business process
logic is inherited, so a subordinate organization uses the business process definition of the superior organization unless
you specify a custom definition for the subordinate organization.
V. CONCLUSION AND FUTURE WORK
We have designed the complete enterprise resource planning using a SaaS based Technology Workday. We
have addressed the Core HR transactions from Hire to terminate using this SaaS technology. Tailored the Business
Process rules, Security and Compensation package as per the requirement. Used this SaaS, as Upgrade will not be a
hassle for the client and it will be owned by the Software vendor. We can access the application through mobile from
wherever you are.
Future Enhancement We can establish the HCM complete setup for multiple Countries
REFERENCES.
1

2
3
4

A. Sahai and B. Waters, Fuzzy Identity-Based Encryption, in Proceedings of Advances in Cryptology - EUROCRYPT
05, ser. LNCS, vol. 3494. Springer, 2005, pp. 457473.
B. Wang, S. S. M. Chow, M. Li, and H. Li, Storing Shared Data on the Cloud via Security-Mediator, in International
Conference on Distributed Computing Systems - ICDCS 2013. IEEE, 2013.
B. Alomair and R. Poovendran, Information Theoretically Secure Encryption with Almost Free Authentication, J. UCS,
vol. 15, no. 15, pp. 29372956, 2009.
C.-K. Chu and W.-G. Tzeng, Identity-Based Proxy Re-encryption Without Random Oracles, in Information Security
Conference (ISC 07), ser. LNCS, vol. 4779. Springer, 2007, pp. 189202.

Copyright to IJIRCEE

www.ijircee.com

ISSN(Online): 2395-xxxx

International Journal of Innovative Research in Computer

and Electronics Engineering
Vol. 1, Issue 5, May 2015
5

6
7
8
9
10
11
12
13

14

C.-K. Chu, J. Weng, S. S. M. Chow, J. Zhou, and R. H. Deng, Conditional Proxy Broadcast Re-Encryption, in
Australasian Conference on Information Security and Privacy (ACISP 09), ser. LNCS, vol. 5594. Springer, 2009, pp.
327342.
C. Wang, S. S. M. Chow, Q. Wang, K. Ren, and W. Lou, Privacy- Preserving Public Auditing for Secure Cloud Storage,
IEEE Trans. Computers, vol. 62, no. 2, pp. 362375, 2013.
D. Boneh, X. Boyen, and E.-J. Goh, Hierarchical Identity Based Encryption with Constant Size Ciphertext, in
Proceedings of Ad- vances in Cryptology - EUROCRYPT 05, ser. LNCS, vol. 3494. Springer, 2005, pp. 440456.
D. Boneh, R. Canetti, S. Halevi, and J. Katz, Chosen-Ciphertext Security from Identity-Based Encryption, SIAM Journal
on Com- puting (SIAMCOMP), vol. 36, no. 5, pp. 13011328, 2007.
D. Naor, M. Naor, and J. Lotspiech, Revocation and Tracing Schemes for Stateless Receivers, in Proceedings of
Advances in Cryptology - CRYPTO 01, ser. LNCS. Springer, 2001, pp. 4162.
D. Boneh, C. Gentry, and B. Waters, Collusion Resistant Broad- cast Encryption with Short Ciphertexts and Private
Keys, in Proceedings of Advances in Cryptology - CRYPTO 05, ser. LNCS, vol. 3621. Springer, 2005, pp. 258275.
D. Boneh and M. K. Franklin, Identity-Based Encryption from the Weil Pairing, in Proceedings of Advances in
Cryptology - CRYPTO 01, ser. LNCS, vol. 2139. Springer, 2001, pp. 213229.
D. Boneh, C. Gentry, B. Lynn, and H. Shacham, Aggregate and Veriably Encrypted Signatures from Bilinear Maps, in
Proceedings of Advances in Cryptology - EUROCRYPT 03, ser. LNCS, vol. 2656. Springer, 2003, pp. 416432.
F. Guo, Y. Mu, and Z. Chen, Identity-Based Encryption: How to Decrypt Multiple Ciphertexts Using a Single
Decryption Key, in Proceedings of Pairing-Based Cryptography (Pairing 07), ser. LNCS, vol. 4575. Springer, 2007, pp.
392406.
F. Guo, Y. Mu, Z. Chen, and L. Xu, Multi-Identity Single-Key Decryption without Random Oracles, in Proceedings of
Informa- tion Security and Cryptology (Inscrypt 07), ser. LNCS, vol. 4990. Springer, 2007, pp. 384398.

Copyright to IJIRCEE

www.ijircee.com

10