Vietnam Journal of Computer Science

, Volume 1, Issue 2, pp 129–140 | Cite as

Applying authentication and network security to in-cloud enterprise resource planning system

  • Bao Rong ChangEmail author
  • Hsiu-Fen Tsai
  • Yun-Che Tsai
  • Yi-Sheng Chang
Open Access
Regular Paper


The service-oriented hosts in enterprises like enterprise resources planning (ERP) system have always encountered the crucial problem of unexpected down-time or system failure that will cause data loss and system termination. Failover is a challenge issue that cannot be done successfully between physical hosts. Traditional information security using demilitarized zone approach costs a lot. Therefore, this paper introduces in-cloud enterprise resources planning (in-cloud ERP) deployed in the virtual machine cluster together with access control authentication and network security which can resolve the three problems mentioned above. Access control authentication and network security have been implemented in the cloud computing system to prevent the service-oriented hosts form external fraud, intrusion, or malicious attacks. As a result of the experiments the number of accessing in-cloud ERP is 5.2 times as many as in-house ERP. The total expenditure of in-cloud ERP has decreased significantly to 48.4 % the cost of in-house ERP. In terms of operational speed, the approach proposed in this paper outperforms two well-known benchmark ERP systems, in-house ECC 6.0 and in-cloud ByDesign.


In-cloud enterprise resources planning Access control authentication Biometrics Network security Virtual network 

1 Introduction

Nowadays the service-oriented hosts (e.g. ERP system, websites, databases, AP Server, file servers) in enterprises have often encountered the crucial problem of unexpected down-time or system failure that will cause data error, the termination of production lines, the pause of operating procedures, and even the loss of a huge of important data. Traditionally, a real host is difficult to transfer everything to another host timely and then resume its task as usual, and further data cannot be updated to the latest ones. Apparently software, hardware, and data are the most challenging problems for the failover problem. In this paper, we introduce in-cloud service solutions to the above-mentioned crucial problem to avoid data loss and system termination, as well as make good use of virtual machine (VM) cluster [1, 2, 3] to resolve the failover problem. As for information security, both access control authentication and network security have been implemented in the cloud computing system to prevent the service-oriented hosts form external fraud, intrusion, or malicious attacks. Advantages of in-cloud services include significant decrease of hardware cost, centralized monitoring, rapid and convenient management, dynamic optimization, highly efficient backup, and faster operational speed.

This paper introduces in-cloud enterprise resources planning (ERP) [4, 5] in virtual environment and mobile device users can easily access the in-cloud services via wired or wireless network, as shown in Figs. 1 and 2, with access control authentication and network security [6]. As shown in Fig. 3, a open source ERP, OpenERP [7], has deployed successfully. In addition, its access control authentication [8, 9] has brought into the VM to achieve identity verification, safe sign-in, and attendance audit, as shown in Figs. 4 and 5. Besides, the VMs are also used to establish the firewall and gateway to isolate the virtual (internal) network from Internet where this scheme has secured the OpenERP and its related database enough. This scheme is not similar to traditional intrusion prevention system (IPS) to prevent the system from potential BotNet [10] and malicious attacks [11] using a demilitarized zone (DMZ) between internet and intranet because the latter costs a lot.
Fig. 1

Cloud-mobile computing services via WiFi/3G or Ethernet

Fig. 2

Cloud-based proxmox virtual environment

Fig. 3

OpenERP deployment (

Fig. 4

Access control in a firm

Fig. 5

Access control authentication in cloud

2 Related works

Virtual machine clustering system in cloud is an integration of virtualization, VMs, and virtual services so that it can make existing resources be fully applied, such as VMware ESX/ESXi Server [12], Microsoft Hyper-V R2 [13], or Proxmox Virtual Environment [14]. This system can let users run many operating systems in a single physical computer simultaneously which largely decreases the expense of purchasing PCs. Most important of all, it has the following major functions, including VM live migration, virtual storage live migration, distributed resource scheduling, high availability, fault tolerance, backup and disaster recovery, the transfer from physical machines to VMs, direct hardware accessing, virtual network switching, and so forth. For commercial purpose, it can promote energy efficiency, lower the demand for hardware, and increase the ratio of servers to operators to have a cost reduction. Besides, users can just use so-called low-cost thin client or PDA to link to the cloud platform to complete the routines rather than PCs. Furthermore, thin client has its own simple device architecture, extremely low possibility of malfunction, shutdown by overheating, and attacked by viruses. That mentioned above indeed saves not only cost but also power consumption.

Enterprise resources planning (ERP) is an enterprise resource management system that is a combination of enterprise management concepts, business processes, basic data, human and material resources, and computer hardware and software. ERP is an advanced business management model, that is also able to elevate business benefits. Having an overall balance, coordinating every management department, developing market-oriented activities, improving core competitiveness, and even attaining the best business benefits are the key functions. Cloud computing is highly beneficial for ERP. It is not necessary to modify or redesign the old system for transferring the original ERP to the cloud platform, but all we need to do is simple transformation. The system will lessen the cost of redevelopment of programs, as well as there is no necessity for staffs to be retrained or to get accustomed to a new environment. In other words, we can create a similar system-dependent environment based on the virtualization technology, but it will actually become a more efficiently brand-new architecture. Staffs in enterprises operate at the same ERP as usual, and they conduct Web remote connection operation via the end-user devices like smart phones and tablets. With excellent flexibility and mobility, it broaden the working range from only offices to almost everywhere. This study introduces the open software, Proxmox Virtual Environment [14] hypervisor, as the cloud computing and service platform with the virtual environment. The kernel-based virtual machine (KVM) acts as the main core of VM, and it has installed the kernel of Linux-based operating system. OpenERP [7] is adopted in this study as an ERP application which provides many solutions for open-source softwares in the future, having it more expandable, making a great progress on cost deduction.

3 Method and procedure

3.1 Virtual machine management and OpenERP in the cloud

The following procedure will give us an insight to understand how to set up a private cloud using the Proxmox VE hypervisor as well as to install OpenERP in the cloud.
  1. (1)

    Build Proxmox VE virtual machine cluster, and through WebPages manage the VM. The webpages of login and management are shown individually in Figs. 6 and 7.

  2. (2)

    Create a VM and set up its guest operating system in Proxmox VE virtual machine cluster.

  3. (3)

    Set up OpenERP in VM, inclusive of OpenERP AP, PostgreSQL database, and web interface for end-user. Installation process is shown in Fig. 8 and the installation has completed as shown in Fig. 9.

  4. (4)

    Sign in at http://localhost:8096 or http://IP:8096 with the browser on VM, pop up a login page of OpenERP as shown in Fig. 10, and then login to administrator to install the necessary modules as a result of an interface of user management as shown in Fig. 11.

  5. (5)

    Set up AP server for biometric measures security [15]. When users sign in, it will collect users’ biometric features with capturing devices at client side as the evidence of legal or illegal sign-in [16].

Fig. 6

Login to Proxmox VE virtual machine clustering server

Fig. 7

Management webpage of Proxmox VE virtual machine clustering server

Fig. 8

Installation for OpenERP system

Fig. 9

OpenERP installation success

Fig. 10

Remote login to OpenERP system

Fig. 11

An interface of user management in OpenERP

3.2 Enhancement of network security

Traditional information technology (IT) network management is a kind of the rather complicated work, which has concerned the difficulty of management increased by not only numerous servers, but also a large number of network cables. At this moment the benefits of virtualization will be immediately apparent because the layout or configuration of original complex network is sneaked and the original complex network becomes part of a virtual network, as well as the original servers can be consolidated into the virtual machines. Therefore, IT manager only needs to consider the inside and outside of the network configuration and security issues. The use of VMs to build firewall and gateway receives multiple benefits, that is, easy management, high scalability and low cost. For example, a VM equipped with pfSense [17] or Zentyal [18] system is all quite easy to manage a network system as shown in Fig. 12.
Fig. 12

Application pfSense establishing firewall and gateway in cloud

IT manager has to establish an external network interface because the web interface for an OpenERP [7] system needs to provide all kind of users from different domains. However, ERP databases containing sensitive information are not allowed to access its data directly from the external network, instead to set up an intranet one for data access. According to a variety of different VM managements, there are many different approaches to virtual network layout or configuration. For example, if virtual machine management has its own built-in NAT function, IT manager may install an OpenERP [7] into a VM with two network interface cards: one connected to the external network via the bridge mode for internet, whereas the other connected internally via NAT mode for intranet. Without software firewall for protection, the network does not come up with a hardware firewall, apparently leading to less secure environment in which even common network attacks may also cause system crash as shown in Fig. 13.
Fig. 13

A built-in NAT function in virtualization management establishing network architecture

In addition to the scenario mentioned above, IT manager does not consider the use of the built-in NAT function in virtualization management, and in contrast takes alternative scheme into account employing pfSense [17] or Zentyal [18] to build a software firewall server. This way goes through port forwarding service to redirect http port packets to OpenERP. External network cannot access the interior one where port forwarding service is not allowed or set. Besides protection against the common network attacks, it can also ensure that the user interface gains both the security and stability as shown in Fig. 14.
Fig. 14

Application pfSense establishing network architecture

4 Experimental results and discussion

4.1 Smart phone remote login testing and access control authentication

Users sign in at http://IP:8096 with the browser on an Android smart phone to sign in in-cloud ERP remotely via 3G/WiFi. Next based on biometric measures the process of access control authentication is activated to capture human face and fingerprint at mobile device, deliver them to back-end server for identification, and then return the result back to mobile device. It takes about 2 s for identity verification as shown in Fig. 15. After that we begin to test ERP routines as shown in Fig. 16.
Fig. 15

Access control authentication via face and fingerprint identification at a smart phone

Fig. 16

to in-cloud OpenERP system on a smart phone

4.2 Personal computer remote login testing and test of network security on ERP database

Users sign in http://IP:8096 with browser on a personal computer to sign in in-cloud ERP remotely via 3G/WiFi and then go for access control authentication at PC. After that we begin to test ERP routines as shown in Fig. 17. In terms of network security, IT manager has to check whether or not the weakness of the web design of the VM management exists because it might lead to the malicious attacks caused by SQL Injection attack. Without checking the instructions in the input field, testing tool has been forced to insert illegal SQL statements to access the sensitive information in database. This is a scenario for the simulation of malicious attacks into a sensitive database. Therefore, two Open Source SQL Injection checking softwares are used as the testing tool: Java-based development jSQL Injection and .NET-based development SQL Power Injector. With this tool to launch a series of automatic attacks into the presentation part of the web interface, thereby IT manager is able to check whether or not outsider can directly access the database content. As a result, there is no SQL Injection vulnerability displayed in the testing tool and the following figures also show that no database was found in the target, as shown in Figs. 18 and 19.
Fig. 17

to in-cloud OpenERP system on a personal computer

Fig. 18

Simulation of SQL Injection attack using jSQL Injection v0.4

Fig. 19

Simulation of SQL Injection attack using SQL Power Injector 1.2

4.3 Assessment and discussion

According to the experiments of online testing in the daily use of ERP in enterprise within a week, it was found that the growth rate of the use of in-cloud ERP increased dramatically approximate 5.2 times than the stand-alone ERP. In terms of the hardware cost in Taiwan, it costs the user $1,002.5 on the hardware equipment for a stand-alone ERP, i.e. in-house ERP, in which the additional cost will be paid for air conditioning monthly fee of $18.4, space rent of $26.7, and hardware equipment maintenance fee of $16.7. In regard with the amortization expensive per month for a period of 2 years, the total expenditure costs $2,486.3. In other words, it costs an average monthly usage fee of $103.6. In contrast, renting an in-cloud ERP service in virtual environment only needs about $50.1 monthly payment and it saves 1.07 times the cost of in-house ERP, i.e., reducing the total expenditure a lot. As shown in Table 1, a comparison of the number of accesses and the total expenditure for ERP, the proposed in-cloud ERP is exclusively superior to in-house ERP.
Table 1

A comparison of the number of accesses and total expenditure

ERP assessment

Case A: in-house ERP

Case B: in-cloud ERP

Ratio (B/A) (%)

Number of access (times/day)




Total expenditure (US dollars/month)




According to the electricity specification indicated on the casing of mobile phone battery, for example Sony Ericsson Xperia Ray, battery capacity has marked 1,460 mAh with operating rate voltage 3.7 V; in other words, it can theoretically deliver the power operational rate about 5.402 Wh, as listed in Table 2, when it works continuously and exhaustively. As a result, the measured highest rating of power consumption 5.6721 Wh at Android mobile phone tested by software ZDbox [19] is a little bit higher than the theoretical one as indicated in Table 2.
Table 2

Mobile phone power consumption estimation


Theoretical power consumption

Measured power consumption

Battery capacity (mAh)



Voltage (V)

3.7 V

3.76–3.88 V

Watt hour

1.46 A \(\times \) 3.7 V \(=\) 5.402 Wh (battery enclosure marked 5.5 Wh)

1.46 A \(\times \) 3.82 V \(=\) 5.577 Wh

The necessary data about CPU electricity as mentioned above, while ERP appliction is running in a PC, will be summarized herein in Table 3. As a result, ERP in cloud, the power consumption is about 681.264 W while ERP application is running in a PC.
Table 3

Measured data in average for CPU


Measured data


1.09 V


1.66 A


1.66 A \(\times \) 10 % \(\times \) 1.09 V \(\times \) 3,600 \(=\) 651.384 W

When there are ten clients connected to a VM in Proxmox VE hypervisor, we can collect and organize the VM workload with Proxmox VE management tools at the master site to look at the information about CPU, memory, and bandwidth, depending on the number of simultaneous calls, as shown in Fig. 20 and listed in Table 4.
Fig. 20

Monitoring the VM workload in Proxmox VE

Table 4

Stress test of VM workload



Clients number



20 Kbps

CPU usage

30 % of 1CPU

Memory usage

802 MB

Two remarkable benchmark ERP platforms, ECC 6.0 [20] and ByDesign [21], are included in a comparative study for ERP performance evaluation where the most concerned measure in term of ERP operational speed is the response time for four operations: Create New Customer Master Data, Create New Material Master, Create Sales Order, and Search Function. As listed in Table 5, the comparison of performance with three different ERP systems, in-House ECC 6.0, in-cloud ByDesign, and in-cloud OpenERP, is consequently shown that the method we proposed here outperforms the others due to shorter response time in ERP operation.
Table 5

Performance comparison of ERP systems according to the operational speed

Operational speed

ECC 6.0 (in-house ERP)

ByDesign (in-cloud ERP)

OpenERP (in-cloud ERP)

Create new customer master data (mins)




Create new material master (mins)




Create sales order (mins)




Search function

2:10 mins

5 s

2 s

However, the response time to several operational functions is measured individually as listed in Table 5, and the rating of three different ERP systems is the most concerned issue for the enterprise and its summary is listed in Table 6.
Table 6

The rating of three different ERP systems


ECC 6.0 (in-house ERP)

ByDesign (in-cloud ERP)

OpenERP (in-cloud ERP)

Total expenditure




Response time




User interface












According to the assessment of several ERP systems as mentioned above, the in-cloud OpenERP system can perform very well with Proxmox VE hypervisor to show the following advantages: (a) reduction of the total expenditure on hardware/software, IT equipment, and manpower for IT maintenance, (b) high elasticity for supporting mobile computing to fast response to the requests from clients so as to elevate the business competition, and (c) both distributed storage and centralized computation to increase data backup for achieving system reliability as well as enhancing data security.

5 Conclusions

This paper introduces in-cloud ERP deployed in the VM cluster together with access control authentication and network security. This scheme can resolve three problems: (a) unexpected down-time or system failure that will cause data loss and system termination, (b) failover cannot be done successfully between physical hosts, and (c) traditional information security using DMZ approach costs a lot. It turns out for easing data management, quickly responding to users’ demands, making the products to be relatively outstanding among many enterprises, and obtaining the maximum benefit. Access control authentication and network security have been designed in the cloud computing system to prevent the service-oriented hosts form external fraud, intrusion, or malicious attacks. As a result, according to the experiments the proposed approach in this paper outperforms two well-known benchmark ERP systems, in-house ECC 6.0, and in-cloud ByDesign.



This work is supported by the National Science Council, Taiwan, Republic of China, under Grant Number NSC 100-2221-E-390 -011 -MY3.


  1. 1.
    Beloglazov, A., Buyya, R.: Energy efficient allocation of virtual machines in cloud data centers. In: Proceedings 10th IEEE/ACM international conference on cluster, cloud and grid, computing, pp. 577–578 (2010)Google Scholar
  2. 2.
    Laurikainen, R., Laitinen, J., Lehtovuori, P., Nurminen, J.K.: Improving the efficiency of deploying virtual machines in a cloud environment. In: Proceedings 2012 international conference on cloud and service, computing, pp. 232–239 (2012)Google Scholar
  3. 3.
    Sotiriadis, S., Bessis, N., Xhafa, F., Antonopoulos, N.: Cloud virtual machine scheduling: modelling the cloud virtual machine instantiation. In: Proceedings sixth international conference on complex, intelligent and software intensive systems, pp. 233–240 (2012)Google Scholar
  4. 4.
    Yang, T.-S., Choi, J., Zheng, X., Sun, Y.-H., Ouyang, C.-S., Huang, Y.-X.: Research of enterprise resource planning in a specific enterprise. In: Proceedings 2006 IEEE international conference on systems, man, and cybernetics, pp. 418–422 (2006)Google Scholar
  5. 5.
    de Carvalho, R.A., Monnerat, R.M., Sun, Y.-H., Ouyang, C.-S., Huang, Y.-X.: Development support tools for enterprise resource planning. IT Prof. Mag. 10(5), 39–45 (2008)CrossRefGoogle Scholar
  6. 6.
    Wu, H.-Q., Ding, Y., Winer, C., Yao, L.: Network security for virtual machine in cloud computing. In: Proceedings 5th international conference on computer sciences and convergence information technology, pp. 18–21 (2010)Google Scholar
  7. 7.
    OpenERP, open source business applications: (2013)
  8. 8.
    Zhao, J.-G., Liu, J.-C., Fan, J.-J., Di, J.-X.: The security research of network access control system. In: Proceedings first ACIS international symposium on cryptography and network security, data mining and knowledge discovery, E-commerce & its applications and embedded systems, pp. 283–288 (2010)Google Scholar
  9. 9.
    Metz, C.: AAA protocols: authentication, authorization, and accounting for the Internet. IEEE Internet Comput. 3(6), 75–79 (1999) Google Scholar
  10. 10.
    Zhang, L.-F., Persaud, A.G., Johnson, A., Yong, G.: Detection of stepping stone attack under delay and chaff perturbations. In: Proceedings 25th annual international performance\(, \) computing, and communications conference, p. 256 (2006)Google Scholar
  11. 11.
    Yang, H.-Y., Xie, L.-X., Xie, F.: A new approach to network anomaly attack detection. In: Proceedings fifth international conference on fuzzy systems and knowledge, discovery, pp. 317–321 (2008)Google Scholar
  12. 12.
    Chan, B.R., Tsai, H.-F., Chen, C.-M.: Evaluation of virtual machine performance and virtual consolidation ratio in cloud computing system. J. Inf. Hiding Multimed. Signal Process. 4(3), 192–200 (2013)Google Scholar
  13. 13.
    Chang, B.R., Tsai, H.-F., Chen, C.-M., Lin, Z.-Y., Huang, C.-F.: Assessment of hypervisor and shared storage for cloud computing server. In: Proceedings the 3rd international conference on innovations in bio-inspired computing and applications, pp. 67–72 (2012)Google Scholar
  14. 14.
    Chang, B.R., Tsai, H.-F., Lin, Z.-Y., Chen, C.-M., Huang, C.-F.: Adaptive performance for VVoIP implementation in cloud computing environment. Lecture Notes Artif. Intell. 7198(3), 356–365 (2012)Google Scholar
  15. 15.
    Wayman, J.L.: Biometrics in identity management systems. IEEE Secur. Priv. 6(2), 30–37 (2008)CrossRefGoogle Scholar
  16. 16.
    Chang, B.R., Huang, C.-F., Tsai, H.-F., Lin, Z.-Y.: Rapid access control on Ubuntu cloud computing with facial recognition and fingerprint identification. J. Inf. Hiding Multimed. Signal Process. 3(2), 176–190 (2012)Google Scholar
  17. 17.
    pfSense.: (2013)
  18. 18.
    Zentyal.: (2013)
  19. 19.
  20. 20.
    Doedt, M., Steffen, B.,: Requirement-driven evaluation of remote ERP-system solutions: a service-oriented perspective. In: Proceedings 2011 34th IEEE software engineering, workshop, pp. 57–66 (2011)Google Scholar
  21. 21.
    Elragal, A., Kommos, M.E.: In-house versus in-cloud ERP systems: a comparative study. J. Enterp. Res. Plan. Stud. 2012, (13). Article ID 659957 (2012)Google Scholar

Copyright information

© The Author(s) 2014

This article is published under license to BioMed Central Ltd. Open Access This article is distributed under the terms of the Creative Commons Attribution License which permits any use, distribution and reproduction in any medium, provided the original author(s) and source are credited.

Authors and Affiliations

  • Bao Rong Chang
    • 1
    Email author
  • Hsiu-Fen Tsai
    • 2
  • Yun-Che Tsai
    • 1
  • Yi-Sheng Chang
    • 1
  1. 1.Department of Computer Science and Information EngineeringNational University of KaohsiungKaohsiungTaiwan
  2. 2.Department of Marketing ManagementShu Te UniversityKaohsiungTaiwan

Personalised recommendations