This chapter contains the following topics:
JD Edwards World is a full-featured, reliable Enterprise Resource Planning (ERP) software product with a long track record of efficient transaction processing capability and low Total Cost of Ownership (TCO).
JD Edwards World is written mainly in IBM RPG, CL, and SQL languages and runs exclusively on IBM hardware, currently the Power Systems line of computers with the IBM i for Business operating system. The computing model is centralized, with all programs running on the IBM i server. Client applications communicate via the native 5250 interface, whether through Windows clients or through a Web browser. The JD Edwards World product operates within the IBM i environment, and it depends on a secure configuration at the operating system level.
In recent releases, the JD Edwards World product has expanded beyond traditional RPG- based, centralized mainframe applications. We have implemented server-side, Java-based applications such as Web Enablement (with the Seagull LegaSuite GUI), Service Enablement (Web services), JD Edwards World JDBC Driver and Electronic Document Delivery (EDD). Each of these features comes with its own set of security considerations.
Note:
In this guide, the phrase IBM i refers to the IBM i for Business operating system and the server it runs on. This operating system may be running on hardware servers named iSeries, i5, or Power Systems. The IBM i operating system is the current version of the operating system originating on the IBM AS/400 server.This security guide provides guidelines and recommendations for installing, configuring, and monitoring Oracle's JD Edwards World product to make it more secure in customer environments. This is a practical guide for technical users, installers, and system administrators who implement and maintain the JD Edwards World system. This document discusses guidelines for how to address security at a customer implementation, including hardening of the IBM i operating system environment, hardening of the JD Edwards World security applications, and other system hardening configuration recommendations.
We cannot address every security scenario that might be applicable to a particular implementation and environment; therefore, this document provides basic recommendations for securing JD Edwards World. We recommend that before implementing your World system you fully test the security setup in a non-production environment to ensure proper functionality and integrity.
In today's environment, a properly secured computing infrastructure is critical. As companies expand, so does the complexity of their business processes. In an internet environment, the risks to valuable and sensitive data are greater than ever before. In addition, a company's computing infrastructure grows as more third-party products are integrated with its enterprise software. As a result, this type of environment can create potential security gaps. This security guide will help you ensure that JD Edwards World and the various components involved in a JD Edwards World setup are properly secured.
You must secure each JD Edwards World environment in alignment with your company's enterprise security policies. Those policies should be created based upon your established security model. When securing a JD Edwards World environment, you should take a comprehensive approach that agrees with your overall corporate security policies, guidelines, and business requirements. This guide covers guidelines and recommendations for securing a JD Edwards World environment based on security features available as of JD Edwards World Release A9.3.
This guide is not intended to replace the JD Edwards World technical documentation delivered with the product. It provides references to relevant information in JD Edwards World technical documentation guides. Readers of this guide should have a good understanding of the JD Edwards World system. Implementing JD Edwards World security requires an in-depth understanding of many disciplines, including IBM i security administration, JD Edwards World security administration, and network security administration.