Introduction
Client is a large IT services organization. Client wanted their current system to be integrated with their in-house SAP installation for exchange of HR Data. Client is spread over multiple cities and a large number of locations. Client has 200,000+ employees and transport system has to cater to same. Employee hiring, departure and change of location is very high in numbers and frequent. The current transport system had an email-based system to change employee status in the Transport application. All changes will be sent via email from HR to Transport administration and then Transport administration will update the Transport software manually.
Current System overview:
Current system has an on-prem intranet-based SAP HR installation. All employee life cycle events are maintained and updated in SAP HR. HR person on a request from an employee to opt for Transport facility takes a download and sends via email to Transport manager. The transport manager has an interface to enter the employee data into the Transport system.
There are frequent delays in establishing transport facilities for employees leading to a lot of escalations.
Employee address data and contact information data keep getting out of sync between two systems and create confusion.
Anytime there is an emergency and contact information is to be used, frequently it is observed that both the systems have different information, and still contacting employee and their emergency contacts leads to failures.
Key Business/Systems requirements:
- Employee data is updated very frequently.
- A large set of data can be handled accurately
- PII data is handled over the internet with adequate security.
Solution Considerations
- SAP Data export format to be decided. Data elements are to be kept to a minimum to avoid data overload.
- Export only delta of the last extract.
- Data transmission and target data landing zone to be designed in AWS.
- Data transmission security implementation.
- File import and data import/integration and processing in the Transport system.
Implementation Approach:
- Newt Global designed an API plugin for SAP to be implemented in the client on-prem SAP system.
- Newt Global designed a configurable scheduler (where file transmission frequency and timing could be configured).
- Newt Global designed a secure AES 256 encrypted protocol for file transfer with TLS
- The received file in AWS infrastructure is stored in S3 folder. A scheduler configured in the EC2 server picks the file and processes it to update the employee DB in a transport management system.
Deployment Architecture
The newly developed add-in is deployed in AWS. The systems architecture is under:
AWS services used:
The AWS services used were: EBS, EC2, S3 and RDS
Third-Party Services used:
The application used Java, Spring REST service, Spring Microservices, Tomcat, Oracle/Aurora, Swagger, Maven, sl4j, Junit, Bootstrap, JIRA, Stash
Security considerations and implementation
Only the processing EC2 instance has an IAM role for read-only access to the S3 bucket. The S3 bucket is private and cannot be accessed by external services
- Data At rest and In-Transit are encrypted using Transport Layer Security 1.2 (TLS) with an industry-standard AES-256.
- We are authenticating particular Ip Address and Encrypted token-based that providing authorization token to access sap API
- We are trigger emails for success and failure record’s to the admin
Business benefits of the migration:
- The steep reduction in effort, response time, and accuracy
- Almost immediate response to employee needs.
- Redundancy of data removed.