Wednesday, September 1, 2010

Overview of the Compiere Application Dictionary and its Components



The original article was created by Andries L Pretorius on June 2010 at Open Source.



In this article on advanced aspects of Compiere by Andries L Pretorius, author of Compiere 3 Implementation Guide, we will cover:




  • Overview of the Compiere Application Dictionary and its components

  • Adding a custom field in Compiere

  • Setting up a basic document process approval workflow in Compiere



The Compiere Application Dictionary (AD)


The Application Dictionary makes Compiere a truly unique and flexible business framework. Compiere was originally designed from the ground up on a model driven architecture (MDA), as defined by the Object Management Group (OMG). The system design conforms to an open standard in its layered architecture between business, application, and platform logic. MDA separates the business logic modeling, from technology modeling so as to ensure that both can evolve within their own domains, but still keeping within a framework of an open standard (and platform independent) that interconnects the two.



The benefit in the Compiere environment is that through modeling, design, and build the actual deployment time is greatly reduced. The AD also ensures a seamless upgrade of the platform while having little impact on the environment-specific business objects and processes.


The Application Dictionary of Compiere is meta data driven, meaning that contextual data defines the experience. This also means that the end user presentation layer and thus, the Graphical User Interface (GUI) platform have been defined in different technologies (i.e. Java Swing, HTML, and Ajax) and offers endless possibilities.


The Application Dictionaries can be illustrated as shown in:


[singlepic id=267 w=320 h=240 float=center]


To access the Application Dictionary you need to log in as a System Administrator and refer to the sub menu shown in:


We will use the Java Swing (Compiere Standard Edition) user interface for illustration purposes in this section.


[singlepic id=268 w=320 h=240 float=center]






Table and columns


This refers to the fundamental building blocks of the system, and links Compiere data to the underlying Table and Column structures in the database. Illustrated below is the Period table in the AD that links to the underlying table name of C_Period, which you will find in the database:


[singlepic id=269 w=320 h=240 float=center]


If the underlying database already contains the required fields, then by pressing the Create Columns from DB button and having the correct DB Table Name, Compiere will create the columns from the database in the AD.


Within a table, a key column must be created for use as the table identifier:


[singlepic id=270 w=320 h=240 float=center]


Illustrated the key column C_Period_ID. A column links to a System Element, as explained below, and is linked to the underlying table through the Synchronize Column button. In effect, synchronization creates or updates a column to the underlying database.


[singlepic id=271 w=320 h=240 float=center]


System elements


System elements are the common data elements and are used for central terminology references. These system elements link the underlying database columns to business-speak, for instance, in the screenshot in Image 5, C_Period_ID would be translated into the actual period.


[singlepic id=272 w=320 h=240 float=center]


System elements are also used for setting up translations, as well as help comments on column fields.



Validation rules


Field validation rules that are defined in the context of a column field are dynamically verified based on the predefined rules or user context, at time of rendering the data. For instance, when a Business Partner field is displayed for selecting, the Business Partner account must be active and not be a Summary Account as shown in Image 6.


[singlepic id=273 w=320 h=240 float=center]


Based on the example shown in Image 6, a dynamic validation will be set up for the C_BPartner_ID column field (the Business Partner table key identifier) on the Order table, shown in Image 7.


[singlepic id=274 w=320 h=240 float=center]


Reference


A Reference refers to database column field types that are either Data Types (i.e. an Amount, Integer, Date, Time, image, hyperlink, etc.) or a List validation (i.e. user pre-defined dropdowns) or Table validation (i.e. drop-downs for table key columns). An example of a Data Type column would be a period start date. The Column field StartDate in the Period table in the database is defined as reference Date


[singlepic id=275 w=320 h=240 float=center]


An example of a list validation on a Period Control Action (the actions that you can perform on a period) set-up is as shown in Image 9.


The list defined through a Search Key and a Name.


[singlepic id=276 w=320 h=240 float=center]


Search keys are saved in the database.


Table Validations are data-defined based on existing referenced key columns and SQL selection. An example of a table reference would be a Document type based on a table validation SQL query. Herewith, a Document type (C_DocType) is defined, but it refers to the appropriate Tenant/client so as to ensure that only the document types for a Tenant are displayed, shown in Image 11.


[singlepic id=277 w=320 h=240 float=center]






Windows, Tabs, and Fields


Compiere generates all of its windows in a standard dynamic way by reference to the defined AD. This AD window thus relates to setting up the Windows, and the Tabs(sub-linked windows) and Fields that are displayed on those Windows. Illustrated here is an example of the Calendar and Period window that defines the structure of the periods within Compiere.


[singlepic id=278 w=320 h=240 float=center]


Windows may be of the following Window Types:




  1. Maintain: Usually used in the context of master data, such as Business Partner or Products.

  2. Query Only: A window type that is used for displaying results in a grid, and is not editable.

  3. Transaction: A window type used for transaction processing , such as an order or an invoice.


The Window Tabs refer to the sub-linked windows of the main window header, or the preceding tab. In the example below, the Calendar window is built by defining the Calendar, applicable Year, Period and Period control, and Non Business Day.


[singlepic id=279 w=320 h=240 float=center]


The window's Fields are populated from the Table and Columns associated with the window.


[singlepic id=280 w=320 h=240 float=center]


Forms


Forms are windows that are not automatically generated through the AD but are static and are usually for custom purposes, based on specific Java code classes.Below is a Form that defines the File Import Loader process.


[singlepic id=281 w=320 h=240 float=center]


Once a Form has been defined, it is linked to the Java classes through the Classname(Swing) and Java Classname for Web UI fields. These classes will contain the source code to build these custom Forms.


Info windows


These are windows that are used for quick searches and information views. Here, is the Info window for viewing invoices. It is defined through an SQL query on a table and then defining the columns within the Info Window.


[singlepic id=282 w=320 h=240 float=center]


Report Views


Where database views may exist within the underlying database, the AD requires the Database views to be defined in the system in order to be accessible. Here, is an example of the Invoice database view for a week:


[singlepic id=283 w=320 h=240 float=center]


To distinguish them from normal tables, Compiere uses the RV_ prefix convention to name a Report View within the underlying database.


Reports and processes


These are used to set up reports (link to a Report view) or a process that can link to a Java code class. Reports and processes may have parameters that define a selection process. Examples of a report would be an invoice enquiry, and an example of a process would be to generate invoices from orders.Here is the actual Report that defines the Invoices per week report.


[singlepic id=284 w=320 h=240 float=center]


Reports may have access restrictions and selection parameters.


If a report is also displayed as a Dashboard (Compiere Enterprise version 3.5 onwards) then an underlying dashboard widget needs to be defined. An example of the Invoice Generate Process, that links to the underlying Java class:


[singlepic id=285 w=320 h=240 float=center]


In windows, Buttons may be linked to processes (i.e. C_Invoice Copy From which copies lines from other invoices on the Invoice windows) and Processes need not all be manually run as such. Processes can be defined as server processes, and can also be scheduled through the Compiere scheduler.






Adding a Custom Field in Compiere 3


The user menu is your default tree, and is accessed through the System Administrator role. You can find the Menu item in the screen tree:


[singlepic id=286 w=320 h=240 float=center]


The above screenshot illustrates a typical window set-up, which is done as follows:




  1. Create a new menu item by clicking on the New button. Enter a name and a description.

  2. Define its action type: A menu item's action type can be a Window, Form,Process, Report, Task, or Workflow. Link an AD item to the menu, which is illustrated above, where window Sales Order is linked to the Sales Order menu item.

  3. Move the menu item in context of the main menu tree for users understanding and access.


It is recommended that you define your own windows, or copy from the existing dictionary, for customizations. Because dictionary (system) defined items may be overwritten during the process of migrating to a new version, it is better to copy a window and customize it in the copied window (or create new). This applies to Java code as well: never change the original source as it may be overwritten during migration.


Adding a new field to a window and database


In this section we are going to illustrate how the System Administrator would go about adding a new field to the database. As an illustration, we are going to add a probability reference field that can be used to measure a predefined set of outcomes on an order to the Sales Order window.




  1. Find the context by Zooming to the Table from the Window. Open and find the Sales Order window in the Window, Tab, and Field menu item when logged in as System Administrator:

  2. [singlepic id=287 w=320 h=240 float=center]


  3. Zoom from the window into the underlying Table and Column window.Order records are maintained in the database in the C_Order table:

  4. [singlepic id=288 w=320 h=240 float=center]





  5. Next we refer the Column tab, and create a new column in the table(see the field naming conventions below). The new column must be as a System Element defined and hence we need to create a System Element prior to using it as a Column in the Table:

  6. [singlepic id=289 w=320 h=240 float=center]


  7. Once the System Element has been defined, we set up the Column as follows:

  8. [singlepic id=290 w=320 h=240 float=center]


  9. Create a new Reference key as follows:

  10. [singlepic id=290 w=320 h=240 float=center]


    Because this is a custom list, we choose a validation type of List Validation, and a value format of L, indicating that any letters are allowed. For a full list of these conventions, refer to the help documentation in the system by pressing F1.


  11. We then define the Reference key's list validation options as follows:

  12. [singlepic id=291 w=320 h=240 float=center]


  13. The finalized column (and thus the ultimate window field) set-up is thus shown as follows:


[singlepic id=292 w=320 h=240 float=center]


We finalize the set-up of the field by indicating:




  1. Field naming conventions: Compiere recommends that customer-specific table and database column names be prefixed by EXT_, XX_, or CUST_, or the four letter entity registered with Compiere, such as SAAC_. This would also apply to indexes and constraints. The reason for this is that these entities are ignored in the migration process.

  2. Length of field: Because we know that for this particular field there is going to be only one character we define a length of 1.

  3. Default logic: We assume U, based on our list being Unknown.

  4. Mandatory UI: Indicates that this field will be mandatory in the window, but not at database level.

  5. Updatable: Indicates that the field is editable.

  6. Always Updatable: Indicates that the field is always updatable, regardless of document status.





Final step in column creation—Create / Synchronize with the database


The final step in the process of creating a field is to make sure that it is synchronized to the underlying database from the AD. Scroll down on the column tab to find the Synchronize Column button, as shown in the example below:


[singlepic id=293 w=320 h=240 float=center]


Adding our custom field to the Order window


Back in the menu item Window, Tab, and Field (find the Sales Order window) > Tab (header/top level):




  1. Click on the Create Fields button to add the field to the database:

  2. [singlepic id=294 w=320 h=240 float=center]


  3. Change the desired sequence of the field to the correct position in the list of fields:

  4. [singlepic id=295 w=320 h=240 float=center]


  5. Re-open the appropriate Sales Order window to display the field:

  6. [singlepic id=296 w=320 h=240 float=center]





    Setting Up a Basic Document Workflow in Compiere 3


    Compiere's workflow processes form an integral part of the system. In this section we are going to learn how to setup a basic approval workflow for a document within Compiere.


    The system definitions are as follows:




    • A workflow is made up of a node and transitions.

    • A node refers to a piece of work.

    • A transition is the action to get to the next node, based on a logical condition.

    • The workflow process is the active workflow and an activity for the processing of the active node (an activity also may have multiple parallel processes).

    • A workflow also has an active State. A Workflow State refers to whether the workflow is running, not running, not started, completed, aborted, or terminated.

    • Nodes also have Owners or Responsible persons.


    [singlepic id=297 w=320 h=240 float=center]


    Illustrative workflow example


    We are going to set up a workflow between two roles, whereby the Gardenworld Purchasing role will capture a Purchase Order and the order will be approved by the Gardenworld User role. This type of approval requires a flag, and Compiere has a built in IsApproved database field that is used for this purpose.


    Compiere has standard document workflows and transitions that are predefined within its workflow processes. These nodes are DocStart, DocPrepare, DocComplete, and DocAuto (automatic approval). What this means is that workflow processes already manage the transitions of documents, with the System being the Owner of these workflow nodes.




    Defining a custom node in a workflow


    We use the workflow editor to define a new node.




    1. Open the Workflow editor window, and find the Order process Process_Order. Right-click in the editor, and then add an additional new node called Order Approval:

    2. [singlepic id=298 w=320 h=240 float=center]


    3. We need to define where the transition is going to take place by defining the originating node (Document prepare) and the next node (Document complete):

    4. [singlepic id=299 w=320 h=240 float=center]


    5. Click on the upper-right Zoom button to zoom to the actual workflow process, and find the newly-created node:

    6. [singlepic id=300 w=320 h=240 float=center]


    7. Define the node's owner by creating a workflow owner. Right-click on the workflow owner field:

    8. [singlepic id=301 w=320 h=240 float=center]


    9. The node's workflow owner is set to be role-based, as follows:

    10. [singlepic id=302 w=320 h=240 float=center]


    11. The Node for Approval can be summarized as follows:

    12. [singlepic id=303 w=320 h=240 float=center]


    13. Define the Transition of the node through a condition:

    14. [singlepic id=304 w=320 h=240 float=center]






    The condition we set up for the document workflow to transition to Document Complete is as follows:


    [singlepic id=305 w=320 h=240 float=center]



    Testing the workflow


    We can now illustrate the workflow by creating an order and ensuring that it gets approved correctly.




    1. We log in as the GardenWorld Purchasing role, as follows:

    2. [singlepic id=306 w=320 h=240 float=center]


    3. Create a Purchase Order, and then click on the Complete button. The Order will be placed in an In Progress status, because the workflow's next node is document approval:

    4. [singlepic id=307 w=320 h=240 float=center]


    5. We log off, and then log back in to the system with the GardenWorld User role (workflow owner):

    6. [singlepic id=308 w=320 h=240 float=center]


    7. Find the Workflow Activities menu item, and then approve the document, as follows:

    8. [singlepic id=309 w=320 h=240 float=center]


    9. The Document will be approved when the owner sets the approval status to Yes:

    10. [singlepic id=310 w=320 h=240 float=center]



    Summary


    We have covered certain aspects with regards to Compiere in this three-part article series—namely the Application Dictionary (AD) and Workflows, as follows:



    • We gave you an overview of the Compiere Application Dictionary components.

    • We illustrated how to add a menu item and a custom list field to a Compiere window by using the AD components.

    • We gave you an overview of the Compiere Workflow processes, and illustrated how this is set up.

Tuesday, August 3, 2010

Shakira - Waka-Waka RingTone

Well, this might be a few months too late, since the World Cup 2010 has been completed with Spain as the champion - a very well deserved win for the La Furia Rojas. Nevertheless, I will post this ringtone in case people are still searching for one.




[podcast]http://sentana.net/ruben/audio/Shakira_WakaWaka_(Porque_Esto_Es_Africa).mp3[/podcast]

Enjoy... :-)

Friday, July 23, 2010

How to Configure Linux for Children

Today I found this article originally posted by Tavis J. Hampton, and I think this worth to be shared around (especially when today is Children's Day in Indonesia).

---

Many people still cling to the notion that Linux is for 30-year-old male geeks. While that may be true, there are plenty of other people of all ages, ethnicities, and genders who enjoy Linux and other free and open source software.

For the most part, the operating systems a child uses are determined by the child’s parents and school. As the parent and Linux user yourself, you may prefer your child to use Linux at home.

One feature of Linux desktop environments like KDE and Gnome is that they are extremely customizable. You can have one panel, two panels, or no panel at all. Just as easily as icons, menus, and widgets can appear, they can also disappear.

For that reason, you may find it necessary to set parameters for your children when using Linux. Whether you need tools to lockdown the desktop or filter Internet content, there is free software out there to help you. What follows is a short guide to preparing a Linux desktop for a child, complete with game recommendations.

Desktop Restrictions

Even if your child has his own computer, he may become very frustrated when he accidentally deletes the icon he wants to use. You can prevent such accidents with desktop restrictions.

KDE has a Kiosk Admin system that is controlled in the kdeglobals configuration file. You can find the file at ~/.kde/share/config/kdeglobals. Kiosk settings are added using keys in the following format:

     [KDE Action Restrictions][$i]
     action/=false

For example, if you want to disable print properties so that children can print but cannot change or add printers, you would enter:

     print/properties=false

A complete list of available keys, including plasma keys is available at: KDE Techbase.



Gnome has a similar feature for desktop restrictions called “lockdown”. The keys for Gnome lockdown are found in gconf. The easiest way to edit gconf keys is with gconf-editor. If, for example, you want to lock down the panel, you would edit the following key:

     apps -> panel -> global ->locked_down and set the value to “true” to enable it.

For a detailed list of lockdown functions, visit the Gnome Desktop Administrator’s Guide.

[singlepic id=265 w=320 h=240 float=center]

One important thing to remember is that these restrictions will primarily prevent your child from accidentally modifying the desktop settings. Children who attempt to do so intentionally will more than likely be smart enough to figure it out, and that is an issue requiring parental attention, not increased restrictions. For very young children, however, this is an excellent way to keep things in order.



Internet Restrictions

There are a couple of methods for filtering the Internet for your child. One is to essentially block all sites and only whitelist the ones you want your child to visit. Young children will probably only have a few sites they like anyway. The second method is to use a more traditional filter to block sites you deem inappropriate. Filters like these are not 100% effective, but they should prevent a lot of accidental visits to inappropriate sites.

An example of a Firefox extension that can be configured to use either method is ProCon Latte.

Like desktop restrictions, an Internet filter will not stop older children from purposely visiting sites you believe are inappropriate, but it will reduce accidental visits.

Aside from filtering content, you can also filter ads with browser extensions. This will prevent children from following ads that may lead them to sites asking for personal information. Adblock Plus is available for Firefox and Adblock for Google Chrome.



Fun Stuff

Kids ultimately will use their computers for fun and learning, so here is a brief list of games and learning activities for kids. It is not a complete list, but should give you an idea of the wide range of games and activities available for children.

[singlepic id=266 w=320 h=240 float=center]

  • Super Tux Kart (Racing)

  • Secret Maryo Chronicles (Super Mario clone)

  • GCompris (Educational game suite)

  • Pink Pony (Trone clone with ponies)

  • KTuberling (a.k.a. Potato Guy)

  • Bouncy the Hungry Rabbit

  • Fizzball (commercial game)

  • Acorn Drop

  • Jammer the Gardener

  • TuxPaint (art)


  • As you can see, with just a little work on your part, Linux can be educational, safe, and fun for your children.

    ---

    Tuesday, July 13, 2010

    Speed up your Ubuntu machine boot time

    If you are using Ubuntu 10.04, you may already know that one of its feature is to be able to boot faster. Here's an article on how to enable your Ubuntu to do so. Original post is located here.

    ---

    [singlepic id=264 w=160 h=120 float=left]Are you desperately searching for ways to finally reach that elusive 10 second boot time? You certainly heard that Ubuntu 10.04 has the capability of doing just that right? It can…but you have to help it along. One of the ways you can help your boot time is removing unnecessary services and drivers that are loaded at boot time. Fortunately, this isn’t something you have to manually do. How is this? There is a tool that can help the Grub boot loader learn what it is you need at start up. This tool is called profile.

    Profile is not a tool you install, or run from the command line. Instead, profile is an option you add to your grub configuration file to inform the boot loader you want to create a profile during the next boot loading sequence. In this article I am going to show you how to profile your grub boot sequence for a faster boot process.

    How this works

    When you boot up your machine Grub does a search for all the necessary drivers to load. This takes time. Instead of making Grub search for these drivers, the profiling actually makes Grub remember every driver necessary to work, thereby cutting down all of the driver load times.

    This is a proven technique that can help the boot process. It has actually been around since Ubuntu 6.04, so it has been tested and tested and does work. I will make this normal disclaimer. Even though Grub profile works, anytime you deal with your bootloader you take the chance that you can render your machine unbootable. So you use this tool at your own risk. Don’t take that to mean profile is a dangerous tool and your machine will wind up bricked and mocking you…that is just to say should something happen, you were warned.



    How to add profiling

    To do this you are going to have to modify your /etc/default/grub file. The edits are not challenging at all. So, open up a terminal window and get ready to work.

    The line you are looking for is:

         GRUB_CMDLINE_LINUX_DEFAULT=”quiet splash”

    This is the line that gives the options to Grup upon boot. You need to add one more option to that line so it now looks like:

         GRUB_CMDLINE_LINUX_DEFAULT=”quiet splash profile”

    Save that file and then issue the command:

         sudo update-grub2

    You are ready to reboot your machine.

    During this next boot time you will see a noticeable SLOW DOWN. This is normal because Grub is now running the profile. This is quite necessary.

    Once the boot up is complete, open up that /etc/default/grub file, remove the profile entry you just added, and re-run the command sudo update-grub2. Now reboot your machine again and see if you don’t notice a distinct speed increase in your boot times.

    Final thoughts

    There are so many ways to speed up the boot process of your Ubuntu Linux machine. This process, however, is one of the ones that will truly speed up the process and is tested and safe to use. You should gain some noticeable increases and should even speed up after 2 or 3 more start ups.

    ---

    Thursday, July 8, 2010

    Upgrading to Wordpress 3.0

    wordpress-logo.jpgWordpress 3.0 has been out for almost one month now. This new version 3.0 has many new features that are listed in the following page.

    I have tried to upgrade my Wordpress on the day it was released, but I got into a problem with locales.php file. I suspect it has something to do with one of my plugins, but since I can't even logged in to my administrator page, I decidec to revert back to version 2.9.2 until the plugins are supported. And apparently, I was not the only one facing the problem. Here's a report about others who have encountered some kind of problems when upgrading.



    Here are a few links on how to upgrade to Wordpress version 3.0:
    1. Updating WordPress. This is from Wordpress.org itself, the official guide to upgrade.

    2. WordPress 3.0 Upgrade: What to Expect

    3. 3 Tips to Ensure a Seamless WordPress Upgrade


    Good luck!

    Ailurus - A Useful Ubuntu Tweak Alternative For Beginners

    Just found this article that showcase a simple program to help newbies configure their Ubuntu system. I personally haven't tried it yet, but it seems to be able to help the basic needs of configuring your Ubuntu without using multiple GUIs or even using command lines to change the configuration files.

    The original post is located here.

    ---

    Ailurus is cross-Linux-distribution GPL software, which aims at making Linux easier to use for beginners. Rather than a Ubuntu Tweak alternative, Ailurus is the kind of app you can use along Ubuntu Tweak. Ailurus is available for Ubuntu, Fedora and Mint while Ubuntu Tweak is a dedicated Ubuntu only application.

    [singlepic id=263 float=center]

    Ailurus Features

    • 'Study Linux' feature included in Ailurus is pretty good at teaching the Linux basics to beginners. You can even set it to display Linux tips each time you login to your system.

    • Install many useful applications easily.

    • Enable a number of third party repositories quite easily.

    • Display of basic hardware information which is so useful at times.

    • Clean APT/YUM cache.

    • Backup and recover APT/YUM status.

    • Change GNOME settings. Ailurus invokes GConf API, to change GNOME settings.

    • Easily enable Gnome Control Center using Ailurus.





    How to install Latest Ailurus 10.06.93 in Ubuntu Lucid, Karmic?
    • Open Terminal (Applications - Accessories - Terminal) and copy-paste the following lines one by one into Terminal.


    •      sudo add-apt-repository ppa:ailurus
           sudo apt-get update

    • Done. Now install latest Ailurus in Ubuntu Lucid 10.04.


    •      sudo apt-get install ailurus

    • Done. Launch Ailurus. Goto Applications - System Tools - Ailurus.


    Ailurus for Fedora and other distros can be downloaded from here.

    ---

    Thursday, January 14, 2010

    Securing Data in The Cloud

    I just found an interesting article about securing your data in the cloud. Now that cloud computing has gained quite a number of followers, it will be good to understand the additional necessary steps to ensure your confidential data are secured in a cloud computing environment.

    The original article can be found here.

    ---

    Storing data in the cloud is arguably the most important aspect of public cloud resources, but it is rarely treated as such. Two practical steps to take when securing cloud data are:


    • Protect your data in a real world environment.
    • Meet compliance requirements.




    What are the issues?
    There are two primary issues that we have to deal with when talking about data security in a public cloud:


    • Protection of the data: Dealing with the confidentiality, integrity, and availability (CIA) criteria. Answering the important questions, such as, "What is the risk to the data? Are the controls in place adequate to mitigate the risk?"
    • Location of the data: Dealing with the physical location of the "bits" and answering questions like, "Do I know where the data resides? Does this violate any of my compliance requirements?"


    Location is often doubly important because we do not think about it; it may easily slip by unnoticed and have significant impact if a data loss ever occurs.

    An example is the conflict between the U.S. Patriot Act and Canadian laws on the privacy of certain personal information. The U.S. government says if there is a compelling reason, they are able to see data in their jurisdiction. Canadian laws say that the data of certain Canadian citizens is protected and cannot be disclosed. If you handle Canadian data (i.e., data that is protected), then you had better be sure it is not physically located on systems in the U.S. Note that this is something providers will need to ensure via contracts.



    Where to start: Data classification
    If you don't take time to understand your data, then you are setting yourself up for failure in a public cloud environment. Therefore, securing data must begin with data classification.

    Here are some steps to follow:


    1. Identify the data that will be processed or stored in the cloud.
    2. Classify the information in regards to sensitivity towards loss of the CIA criteria. This would include identifying regulatory requirements for the data.
    3. Define the rules by which particular information classes of instances must be stored, transmitted, archived, transported and destroyed. Many handling requirements result from contractual or regulatory requirements.


    A thought on physical location
    As stated earlier, if there are restrictions on the physical location of data, you'll need to find a provider that can handle them. Amazon Web Services uses regions, and many of the other cloud providers offer similar structures. However, you need to ensure the service-level agreements meet your locality requirements.



    Protecting data in the cloud
    In the cloud, your data can be in any of the following locations:


    • Local storage of the virtual machine (i.e., processing engine). Data is tied to the virtual machine location and state.
    • Persistent data store (i.e., Amazon EBS or S3, Azure SQL, etc.). Data is independent of virtual machine location and state.
    • In transit on the wire.


    You will also need to use one of the following methods to meet your data protection requirements:


    • File system and share access control lists: This would be using the access control mechanisms in the offering to ensure appropriate restrictions on the data. This would be used in all cases, but it would not protect from malicious IT staff at the provider.
    • Encryption with a mixture of public and private key solutions: This would most likely be used to protect against malicious IT staff at the provider.
    • Transport level encryption: This would be used as a matter of course whenever sensitive information was being passed or transmitted.


    In closing
    I strongly insist that everyone classifies their data. Once that is done, there are a couple of cloud issues you need to think about:


    • Is my data stored where is should be?
    • If there are any physical location limits, are those met?
    • Am I protecting against malicious IT staff?


    The rest should be basic security practices, much like those used in your non-cloud environment. There is nothing obscure about securing data in the cloud. Just remember that "good security is good security" and you should be good to go.

    ---