The purpose of this post is to discuss ADempiere, iDempiere, open source ERP and security. If you go into a board room and announce that you are going to run your entire company’s business using open source ERP and cloud hosting, you might raise a couple of eyebrows and generate some comments. They would be wise to ask questions. After all, your ERP houses some of your organization’s greatest competitive advantages including vendors, pricing, operational efficiencies, among others. Let’s talk through some of the common questions and concerns. If you have more questions, do not hesitate to ask.
Question: Can you securely host an ERP system in the cloud? The answer is yes. To defend this answer, we will use Amazon’s AWS (Amazon Web Services) as an example cloud hosting platform. There are two components to this answer:
- Use of common security hardware: A best practice is to place two or more firewalls between the world and your private data. AWS allows you to accomplish this concept. The first line of defense is the AWS security group concept. This tool allows you to dictate what IPs can access a given server. Above and beyond the AWS security group is the AWS VPC concept. Using VPC, you can create a myriad of subnets and firewalls to ensure your private data stays secure.
- Use of best practices: there is much written about how AWS helps you secure your private data. Best practices includes maintaining non-descript data center locations, limiting human access on a need to access basis, supporting multi-factor authentication, using role-based access to limit the use of passwords, and more.
The real question is: do you or does your integrator have the technical know-how to make use of the features to ensure your data stays private? This question is valid regardless of where you host your ERP (in-house or in the cloud). Here is common scenario that you should avoid. What is wrong with the following picture?
Answer: it opens up iDempiere (port 8080) to the whole world. Anyone who knows the IP and is good at guessing weak passwords can compromise your system and financial data. ERP is different than a normal website. With websites, you hope everyone finds you. With ERP, you want a select few people to see the login screen. A best practice is to expose a firewall like PFSense to the outside world. Users must first create a browser-based or OpenVPN tunnel to gain access to your cloud network. Then, users can log into iDempiere or ADempiere.
The scenario defined in the above picture is acceptable for creating an iDempiere proof of concept or defining a happy path scenario in Gardenworld because you load limited data during this process; however, when critical data enters the ERP, hide it!!!
Question: How do you expose data in your ERP to people outside of your firewall? It is common to use CMS tools like Drupal, Joomla, and WordPress as a gateway to your more sensitive data in your ERP. You can make webservices calls from your CMS to iDempiere through a firewall. This is a somewhat advanced topic; however, it is worth mentioning for future discussion.
Question: Is ADempiere or iDempiere secure? The question of which are more secure: open or closed source systems is a hotly debated topic. There are valid arguments on both sides of the table. My opinion comes from a utility perspective. I have spent the better part of my last ten years reading and developing Compiere, ADempiere and iDempiere code. I love the fact that with any process, I can read the code to determine how the application works. It is hard for secrets to hide; and, I am just one set of eyes. There are people like me all over the world who earn their living by implementing and supporting open source ERP. This style of transparency creates an open and honest community in my experience.
Here is a example to support the transparency point. When you click on the iDempiere Copy Product button from the Product window, it calls on code named CopyProduct.java. This code is available for the whole world to see. Not only that, every version of this code is available for the world to see. Not only that, every change is tracked by user account. Not only that, every external change must be merged in by the project’s stewards. I am curious to know if Microsoft’s Dynamics code is as heavily scrutinized. It is certainly not as easily viewable.
Question: Because it is open source, can just anyone commit code? No. The iDempiere code change process is tightly protected by a few developers that have been with the community for many years. You need to earn you way into the group.
Question: your question goes here….
I hope this helps!!
Why consider Open Source ERP
Open source ERP gives you every opportunity to prove or disprove its ability to support your company’s ERP needs on a timeline that satisfies your organizational needs. With open source ERP, you do not face the same financial constraints nor do you face the same conflicts of interest as with commercial ERP. Instead, you invest in the appropriate skills and knowledge for your people and processes. Best of all – if open source ERP cannot solve your company’s needs, you can safely justify spending the additional $2K to $5K per person per year for life of your commercial ERP to help drive your organization’s success.
ADempiere vs iDempiere vs Openbravo vs Compiere
Please note that ADempiere, iDempiere and Openbravo are forks or copies from Compiere. Therefore, they have similar abilities mentioned above. The biggest difference is that ADempiere and iDempiere are pure open source. There are no features held behind a commercial or paid license.
About Chuck Boecking: I am an ERP educator. I believe that open source ERP have achieved mainstream capabilities, and as a result, more companies can create greater efficiency across their organization. I started using the iDempiere code base in 2003. Back then, it was called Compiere. In 2006, I started my first multi-million dollar installation. Since then, ADempiere has helped me create great success with distribution and manufacturing companies all over the world. My vision of success is to find companies that can best use open source ERP to help them achieve a single, global instance that drives a discontinuous increase in profitability. I believe that organizations win when they own their technology.
If you have questions, comments or concerns, let me know. I definitely want your feedback.
You can contact me by phone using 512.850.6068.
My email is firstname.lastname@example.org.
You can complete the form on this page.
Thank you for taking the time. I look forward to speaking with you.