ACL AuditExchange 3 - Acl.com
ACL AuditExchange 3 - Acl.com
ACL AuditExchange 3 - Acl.com
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
TECHNICAL BRIEF<br />
<strong>ACL</strong> <strong>AuditExchange</strong> 3:<br />
Technology for Business Assurance
CONTENTS<br />
Introduction ................................................................................................................................... 3<br />
Why Does Audit need <strong>ACL</strong> <strong>AuditExchange</strong> ................................................................................. 3<br />
How <strong>ACL</strong> <strong>AuditExchange</strong> Can Help ............................................................................................. 3<br />
What’s New in <strong>ACL</strong> <strong>AuditExchange</strong> 3 .......................................................................................... 4<br />
Capability Overview by Platform Component ............................................................................... 5<br />
AX Core Components ........................................................................................................... 5<br />
Optional Components: For Advanced Data Access and Analytic Capability ........................ 6<br />
AX Core Technical Description .................................................................................................... 7<br />
Client Interfaces .................................................................................................................... 7<br />
AX Core Server Modules ...................................................................................................... 7<br />
Communication Ports ......................................................................................................... 10<br />
System Security .................................................................................................................. 11<br />
AX Core and AX Gateway Configuration ............................................................................ 11<br />
Optional Components Technical Description ............................................................................. 12<br />
AX Exception .................................................................................................................. 12<br />
Communication Ports ......................................................................................................... 13<br />
Direct Link ....................................................................................................................... 15<br />
AX Datasource ................................................................................................................ 15<br />
Communication Ports ......................................................................................................... 15<br />
<strong>AuditExchange</strong> Platform: Deployment and Usage Considerations ............................................ 16<br />
Repository Design .............................................................................................................. 16<br />
Data Access ....................................................................................................................... 16<br />
Data Management .............................................................................................................. 16<br />
Security ............................................................................................................................... 17<br />
<strong>AuditExchange</strong> Server Hardware architecture ........................................................................... 18<br />
AX Core .............................................................................................................................. 18<br />
AX Exception ...................................................................................................................... 19<br />
AX Datasource ................................................................................................................... 20<br />
Supported Configurations ................................................................................................... 20<br />
© Copyright 2011 <strong>ACL</strong> Services Ltd. <strong>ACL</strong> and the <strong>ACL</strong> logo are trademarks or registered trademarks of <strong>ACL</strong> Services Ltd. All other trademarks are the property of their respective owners. 2
INTRODUCTION<br />
<strong>ACL</strong> <strong>AuditExchange</strong> is a robust Java platform that is built using the best of<br />
open source technologies and adheres to many industry standards. This<br />
document is intended to provide technical details of the platform, including<br />
its <strong>com</strong>ponents and underlying technical processes, for IT departments to<br />
help assess their requirements for implementation, upgrade, and/or ongoing<br />
maintenance.<br />
There are two releases of <strong>ACL</strong> <strong>AuditExchange</strong> 3: one release supports<br />
Unicode data, and a separate release supports non-Unicode data. This is a<br />
very important distinction for your IT and audit department to consider –<br />
because if an <strong>ACL</strong> Project is opened in a Unicode edition it cannot be<br />
converted back to be opened in a non-Unicode <strong>ACL</strong> Desktop edition.<br />
WHY DOES AUDIT NEED <strong>ACL</strong> AUDITEXCHANGE<br />
All organizations face risk, and your audit department helps mediate your<br />
organization’s risk by testing data to ensure your business controls are<br />
effective – this is known as business assurance. Finance, IT, Operations<br />
and Fraud Prevention are all areas where audit can provide assurance and<br />
eliminate risks that can cost your organization money, and in worse case<br />
scenarios devastate an organization’s reputation.<br />
Reasons why you need to<br />
consider Unicode<br />
» Do you plan to analyze data with<br />
textual characters containing<br />
double-byte data or Cyrillic<br />
languages, such as: Chinese,<br />
Japanese, Korean, Turkish,<br />
Russian, Arabic, Hebrew or any<br />
other Asian or non-Western<br />
European language?<br />
» Do you now or do you plan to<br />
connect to databases or<br />
Enterprise Resource Planning<br />
(ERP) systems (e.g., SAP) that<br />
have Unicode encoding?<br />
If you are unsure, please check<br />
with your audit or IT department,<br />
and also with an <strong>ACL</strong><br />
representative to discuss options<br />
and repercussions.<br />
Here are the challenges audit faces in providing that assurance:<br />
• Data access – getting secure reliable access to your enterprise data when they need it. The largest<br />
organizations may have more than a hundred different ERP or enterprise data systems, and the<br />
smallest organizations may only have a few but face equal challenges getting to those few.<br />
• Managed storage – security is paramount once the data is accessed from the source systems.<br />
Now audit needs a centralized place to store, manage, analyze and distribute any sensitive content<br />
in a controlled or restricted way across the broader audit team and to relevant stakeholders in the<br />
organization. This managed storage must meet or exceed the security requirements imposed by<br />
IT, organizational, regional and/or regulatory security policies.<br />
• Coverage – in facing both increasing business risks and volumes of transactions in the global<br />
economy, Audit is tasked with providing more assurance with the same or less resources; therefore<br />
Audit needs a toolset to help provide more coverage.<br />
HOW <strong>ACL</strong> AUDITEXCHANGE CAN HELP<br />
The <strong>ACL</strong> <strong>AuditExchange</strong> platform is designed to over<strong>com</strong>e the challenges that audit faces and in turn<br />
provide more coverage and ultimately the business assurance your organization needs.<br />
• Data access – <strong>ACL</strong> <strong>AuditExchange</strong> provides multiple options for Audit to gain access to the<br />
enterprise data it needs to test in order to provide assurance, without overburdening IT resources<br />
or <strong>com</strong>promising the data systems that IT ensures are available, protected and optimized.<br />
» <strong>ACL</strong> <strong>AuditExchange</strong> and <strong>ACL</strong> Desktop can use native and direct data access to any<br />
existing data system or use a read only view to a data warehouse that IT already has in<br />
place, in an automated or ad hoc manner as required.<br />
» Direct Link is an optional <strong>com</strong>ponent required to access SAP ERP data directly.<br />
© Copyright 2011 <strong>ACL</strong> Services Ltd. <strong>ACL</strong> and the <strong>ACL</strong> logo are trademarks or registered trademarks of <strong>ACL</strong> Services Ltd. All other trademarks are the property of their respective owners. 3
» AX Datasource is an optional <strong>com</strong>ponent that partners with Informatica’s PowerCenter<br />
ETL solution (extract, transform, load) to help gather more <strong>com</strong>plex organizational and data<br />
environments, and to help meet the most sophisticated analytic requirements – continuous<br />
audit and monitoring that provides the ultimate in coverage and business assurance.<br />
• Managed Storage – <strong>ACL</strong> <strong>AuditExchange</strong> provides a managed and secure platform for audit and IT<br />
to ensure and govern which users have access to which data or sensitive content.<br />
• Coverage – <strong>ACL</strong> <strong>AuditExchange</strong> helps audit provide more coverage in a number of ways:<br />
» It reduces the amount of time required for data access, especially if automated processes<br />
are established. This frees up specialized data auditors to utilize their skills in other areas.<br />
» The managed platform allows data that is required for many audit tests to be re-used and<br />
re-purposed, whilst providing maximum security and flexibility for sharing and distribution<br />
when required.<br />
» Lastly, the optional <strong>com</strong>ponent AX Exception allows the data analytic experts in audit to<br />
prepare the analytic tests to find transactions that exceed your business controls and then<br />
distribute to business stakeholders for review and follow-up based on your organizations<br />
remediation process for high risk business areas.<br />
WHAT’S NEW IN <strong>ACL</strong> AUDITEXCHANGE 3<br />
New architectural features for IT to consider:<br />
• Oracle 10 & 11 is now supported as a database for AX Core and AX Exception.<br />
• Single Sign On is supported for the <strong>AuditExchange</strong> platform using Integrated Windows<br />
Authentication, which extends to any 3rd Party SSO Solution that uses the same.<br />
• Unicode or non-Unicode data can now be analyzed and stored using the platform.<br />
• 64-bit server architecture is supported and re<strong>com</strong>mended, but the analytic engine is still a 32-bit<br />
application that requires 32-bit drivers.<br />
New features for the specialist auditor using AX Core Client:<br />
• AX Core Client (formerly AX GatewayPro) now contains an editor to view and edit existing AX<br />
analytics and <strong>ACL</strong> Desktop scripts.<br />
• AX Core Client can now run or schedule AX Analytics in the Library.<br />
• AX Core Client can now create Master, Linked or Standalone <strong>ACL</strong> Tables by copying.<br />
• AX Core Client can now create Master, Linked or Standalone AX Analytics by copying.<br />
• AX Analytics now support an encrypted password parameter.<br />
• A single AX Analytic can now publish multiple result tables to AX Exception.<br />
New features for the broader audit team using AX Gateway:<br />
• <strong>ACL</strong> Tables can now be opened in Microsoft Excel from AX Gateway.<br />
• A new menu and home page for improved navigation and easier access to working items.<br />
New features for the business stakeholders using AX Exception:<br />
• Attachments can now be uploaded to a single or batch of exceptions.<br />
• User Interface improvements for easier navigation and filtering.<br />
• Usability improved for editing, scrolling and selecting exceptions for remediation.<br />
© Copyright 2011 <strong>ACL</strong> Services Ltd. <strong>ACL</strong> and the <strong>ACL</strong> logo are trademarks or registered trademarks of <strong>ACL</strong> Services Ltd. All other trademarks are the property of their respective owners. 4
CAPABILITY OVERVIEW BY PLATFORM COMPONENT<br />
AX Core Components<br />
Following is a capability overview of each <strong>com</strong>ponent of the <strong>ACL</strong> <strong>AuditExchange</strong> platform. As your audit<br />
department be<strong>com</strong>es more sophisticated in its analytic capabilities, it will need more of the optional<br />
<strong>com</strong>ponents in order to meet increasing assurance needs.<br />
AX Core — the hub of <strong>AuditExchange</strong><br />
AX Core is the hub of <strong>ACL</strong>’s business assurance platform. It contains both the AX Core application<br />
server and the AX Core database server, though it is re<strong>com</strong>mended they be distributed to optimize<br />
performance. AX Core stores and manages all audit content, regardless of file type, including<br />
associated audit documents. Leveraging server security and speed, AX Core provides powerful analytic<br />
processing capabilities and the ability to easily schedule and automate analysis in a secure<br />
environment.<br />
AX Core Client is the thin client user interface that supports specialized data analysts, and provides<br />
administrative setup of your audit projects in the repository, management of users and content<br />
permissions, and manual loading of audit content to the AX Core to support remote and ad hoc analysis.<br />
The AX Core Client requires an instance of <strong>ACL</strong> Desktop in order to startup.<br />
<strong>ACL</strong> Desktop Edition<br />
<strong>ACL</strong> Desktop is recognized worldwide as the leading PC-based data analysis software for audit and<br />
financial professionals. Providing a unique and powerful <strong>com</strong>bination of data access, analysis and<br />
integrated reporting, <strong>ACL</strong> Desktop enables you to gain immediate visibility into transactional data critical<br />
to your organization. Whether as a standalone tool, or as part of the more powerful <strong>AuditExchange</strong><br />
solution, <strong>ACL</strong> Desktop allows you to analyze entire data populations in search for transactional<br />
anomalies. <strong>ACL</strong> Desktop provides the tool for remote and ad hoc analysis, as well as the development<br />
environment to create analytics and prepare data for loading to AX Core.<br />
AX Gateway<br />
AX Gateway is an optional web-based server and client which allows your audit specialists to share<br />
work that is tasked to the broader, less specialized audit staff in a secure manner, and provides easy-touse<br />
analysis capabilities. The AX Gateway web server is embedded and installed in AX Core, but it may<br />
require separate activation if licensed separately. AX Gateway now allows users to open <strong>ACL</strong> tables in<br />
Excel 2003, 2007 or 2010, but the optional Add-ins are required to do this.<br />
AX Add-ins for Microsoft Office<br />
AX Add-ins for Microsoft Office are an optional <strong>com</strong>ponent that provides the ability to Open, Save or<br />
Insert URLs to/from AX Core content within six Microsoft Office applications: Excel, Outlook, Word,<br />
PowerPoint, Project or Visio. AX Add-ins are required for Gateway users to open <strong>ACL</strong> tables directly to<br />
Excel in <strong>AuditExchange</strong> 3.<br />
© Copyright 2011 <strong>ACL</strong> Services Ltd. <strong>ACL</strong> and the <strong>ACL</strong> logo are trademarks or registered trademarks of <strong>ACL</strong> Services Ltd. All other trademarks are the property of their respective owners. 5
Optional Components: For Advanced Data Access and Analytic Capability<br />
AX Exception — quickly correct fraud, error and inefficiency<br />
An add-on <strong>com</strong>ponent to <strong>ACL</strong> <strong>AuditExchange</strong>, AX Exception is a web-based application that offers the<br />
ability to immediately manage the distribution, assignment, escalation and remediation of each<br />
exception found during data analysis testing – limiting the impact of fraud, error and inefficiencies on the<br />
organization. This <strong>com</strong>ponent requires the most sophisticated analytic capability targeted at audit<br />
departments that are ready to transition from continuous audit, where the audit team investigates all<br />
results, to continuous monitoring where investigation is turned over to business stakeholders using the<br />
AX Exception system.<br />
Direct Link — Seamless access to SAP ERP table data<br />
The Direct Link solution provides <strong>ACL</strong> Desktop and <strong>AuditExchange</strong> users direct and secure access to<br />
SAP ® ERP data when it’s needed without having to rely on busy IT resources. Direct Link has achieved<br />
SAP interface certification designation for all SAP ERP releases. Direct Link requires the installation of:<br />
a Direct Link SAP Add-on <strong>com</strong>ponent on the SAP system(s); a Direct Link client on the <strong>ACL</strong> Desktop(s);<br />
and an AX Link client on the <strong>AuditExchange</strong> server(s).<br />
AX Datasource — Direct access to enterprise data types<br />
Powered by Informatica ® PowerCenter ® , the worldwide market leader in Extract, Transform and Load<br />
(ETL) technology, AX Datasource provides access to more enterprise data types than any other<br />
technology on the market. It also supports automated data extracts and the ability to mask sensitive<br />
data, allowing for faster and more <strong>com</strong>prehensive repetitive and continuous analysis.<br />
Figure 1: <strong>AuditExchange</strong> Platform Summary<br />
© Copyright 2011 <strong>ACL</strong> Services Ltd. <strong>ACL</strong> and the <strong>ACL</strong> logo are trademarks or registered trademarks of <strong>ACL</strong> Services Ltd. All other trademarks are the property of their respective owners. 6
AX CORE TECHNICAL DESCRIPTION<br />
Client Interfaces<br />
AX Core Client<br />
Formerly named AX GatewayPro, AX Core Client is a thin client Java<br />
application that provides the user interface for managing the content,<br />
security, and users of AX Core. It <strong>com</strong>es with its own Java Runtime<br />
Environment (JRE), so a separate JRE need not be installed on each user’s PC.<br />
<strong>ACL</strong> Desktop Edition<br />
<strong>ACL</strong> Desktop Edition runs on a user’s PC, where it provides a user<br />
interface and analytic engine for ad hoc or remote data analysis. <strong>ACL</strong><br />
Desktop is also the environment for developing analytics that can be run<br />
and scheduled in AX Core.<br />
When accessing server-side data and performing ad hoc desktop analysis or running scripts locally,<br />
<strong>ACL</strong> Desktop accesses server resources using AX Core Desktop Connector (see “AX Core Server<br />
Modules” below) over TCP/IP, using default port 10000. While connected to the server, the data<br />
remains on AX Core for security, and <strong>ACL</strong> <strong>com</strong>mands are processed server-side, using server<br />
resources. This is also the re<strong>com</strong>mended way to utilize existing <strong>ACL</strong> Desktop scripts without the<br />
necessary conversion or migration to AX analytics if not required for distribution to other users or<br />
automation.<br />
Important: For the Unicode release, a different edition of <strong>ACL</strong> Desktop is required, so existing customers<br />
may need to replace their existing <strong>ACL</strong> Desktop client if their organization requires analysis of Unicode<br />
data.<br />
AX Gateway<br />
AX Gateway is the optional browser-based interface that supports Internet<br />
Explorer 6, 7, and 8. Internet Explorer connects to AX Core using https<br />
(http over SSL). AX Gateway is used to open <strong>ACL</strong> data tables in Excel for<br />
secondary analysis or reporting, but requires AX Add-ins.<br />
AX Core Server Modules<br />
AX Core is <strong>com</strong>posed of the following six server modules.<br />
1. AX Core (application server)<br />
AX Core is central to the <strong>ACL</strong> <strong>AuditExchange</strong> platform, providing the following:<br />
• <strong>AuditExchange</strong> repository – storage and retrieval of analytics, tables, <strong>ACL</strong> projects, data files, and<br />
any associated audit documents, for example MS® Word (.doc, docx), Excel® (.xls, .xlsx), .pdf, or<br />
other media files.<br />
• <strong>AuditExchange</strong> user management, including user setup and managing permissions on repository<br />
content.<br />
© Copyright 2011 <strong>ACL</strong> Services Ltd. <strong>ACL</strong> and the <strong>ACL</strong> logo are trademarks or registered trademarks of <strong>ACL</strong> Services Ltd. All other trademarks are the property of their respective owners. 7
• Quartz scheduler - Quartz is used by AX Core to run and schedule AX analytics for automation,<br />
and continuous audit and monitoring.<br />
• Analytic engine for AX analytic and <strong>ACL</strong> script execution.<br />
• Central Authentication Service (CAS) is used by <strong>AuditExchange</strong> to provide form-based<br />
username/password authentication or silent, also known as integrated windows authentication.<br />
Authentication is described in later sections.<br />
• Analytic engine executes any <strong>com</strong>mands, functions or scripts in <strong>ACL</strong> Desktop when an <strong>ACL</strong><br />
Project is opened in AX Core Client from the server and the source data .fil file remains on the<br />
server.<br />
2. AX analytic server<br />
The analytic server is the execution environment for analytics initiated through AX Core. <strong>ACL</strong><br />
<strong>AuditExchange</strong> allows you to move analytic processing off of the AX Core server, and only the smallest<br />
of audit departments with light audit usage should consider not deploying this distributed server in their<br />
hardware architectural configuration. By configuring one or more analytic servers, you can schedule<br />
many long running, data intensive analytics, or even run analytics during working hours, without<br />
impacting the AX Core server. By moving analytic processing away from the AX Core server, AX Core<br />
will be able to dedicate its resources to handing end user requests from AX Gateway and AX Core<br />
Client. AX Gateway and AX Core Client will be more responsive, providing increased productivity and a<br />
better user experience.<br />
Analytic servers are easily installed and configured. Once the software is installed, the AX Core<br />
administration console provides the ability to add, remove, and configure analytic servers. Each analytic<br />
server can be configured with a maximum number of concurrent analytics, allowing each server to be<br />
configured based on capability and performance. If the analytic servers are processing their maximum<br />
number of concurrent analytics, any further analytics are automatically queued by AX Core until an<br />
available core processor be<strong>com</strong>es free.<br />
Performance Information<br />
When an analytic is run or triggered via schedule, an <strong>ACL</strong>Script.exe process is launched. The<br />
<strong>ACL</strong>Script.exe process exits when the analytic script finishes.<br />
To reduce load on the AX Core server, one or more analytic servers should be used. Analytic servers<br />
are dedicated to running analytics. When at least one AX Analytic server is deployed separate from AX<br />
Core, AX Core stops processing analytics and only governs dispatching queued analytics until an<br />
available core processor is available on the AX Analytic server.<br />
System resource usage by the analytic server depends on how many analytics are concurrently run, the<br />
<strong>ACL</strong> <strong>com</strong>mands used, and the amount of data being analyzed. Another factor impacting performance is<br />
for analytic script authors to perform an extract on the data, so that subsequent scripting <strong>com</strong>mands are<br />
not congesting throughput from the source data to the analytic server. Even though an <strong>ACL</strong>Script.exe<br />
process is single-threaded, multiple CPU cores are taken advantage of if running multiple analytics<br />
simultaneously governed by AX Core. The Windows operating system determines which CPU core is<br />
assigned to an <strong>ACL</strong>Script.exe process. Analytics should be scheduled to make efficient use of server<br />
resources. The analytic server will benefit from fast CPUs and fast disk I/O throughput, but running<br />
many analytics simultaneously can affect performance, particularly when analyzing large data sets. For<br />
heavy analytic usage against large data sets, a Storage Area Network or Network Attached Storage<br />
application with fibre channel is re<strong>com</strong>mended.<br />
© Copyright 2011 <strong>ACL</strong> Services Ltd. <strong>ACL</strong> and the <strong>ACL</strong> logo are trademarks or registered trademarks of <strong>ACL</strong> Services Ltd. All other trademarks are the property of their respective owners. 8
3. AX Core desktop connector<br />
The AX Core desktop connector is embedded within AX Core. It provides <strong>com</strong>munication for data<br />
access between AX Core and the <strong>ACL</strong> Desktop client interfaces, using an aclse.exe process.<br />
When AX data tables or <strong>ACL</strong> projects/AX analytics are exported from AX Core, the default behavior is<br />
for data files (.fil) to remain on the server machine (although exporting of data files for offline work is<br />
supported). Using <strong>ACL</strong> Desktop’s ability to connect to AX Core desktop connector, <strong>AuditExchange</strong><br />
allows remote access to data files residing in the AX Core repository. Sensitive data files remain on the<br />
server. This type of usage might be favored by your audit or IT department in order for your audit<br />
department to meet your organizational or regulatory security policy.<br />
Database Access<br />
The AX Core desktop connector supports direct access to Oracle, DB2 ® and SQL Server databases.<br />
When reading data from the direct database interfaces, the database provides only raw data via SQL<br />
SELECT statements, as the data analysis is performed by <strong>ACL</strong>’s analytical algorithms, not SQL<br />
statements. Direct database access in this mode uses native, RDBMS vendor-provided drivers to<br />
connect to the database, inheriting security and functionality such as tie-ins to Active Directory and<br />
support for clusters from the drivers. Using the vendor-provided drivers also means that the AX Core<br />
desktop connector can function in any database topology supported by the vendor, such as accessing<br />
OS/400-based DB2 data using DB2 Connect from a Windows server.<br />
Performance Information<br />
Each connection from the <strong>ACL</strong> Desktop Edition client to the AX Core desktop connector creates a new<br />
aclse.exe process on the AX Core server machine. The aclse.exe process exits when the <strong>ACL</strong> Desktop<br />
connection is closed.<br />
Server resource usage by the <strong>ACL</strong> server depends on how many <strong>ACL</strong> Desktop users are connected,<br />
which <strong>ACL</strong> <strong>com</strong>mands are executed, and the size of the data being analyzed. Even though an aclse.exe<br />
process is single-threaded, multiple CPU cores are taken advantage of since each <strong>ACL</strong> Desktop<br />
connection creates an aclse.exe process. The Windows operating system determines which CPU core<br />
is assigned to an aclse.exe process.<br />
While <strong>ACL</strong> Desktop is connected to the AX Core server, <strong>ACL</strong> <strong>com</strong>mands are executed by the AX Core<br />
desktop connector. This impacts server resources since CPU cycles, disk I/O, and memory are<br />
consumed by each aclse.exe process. Depending on the <strong>ACL</strong> <strong>com</strong>mand executed, and the size of data<br />
file, aclse.exe processes can consume significant CPU cycles and disk I/O. Memory is less of a concern<br />
since each aclse.exe has a relatively low memory requirement of a few MBs, plus an additional (up to)<br />
5MB while sorting data (configurable up to 100MB for improving sort performance at the expense of<br />
memory). As more users open and work with AX Core repository data files, more AX Core server<br />
resources are consumed.<br />
The AX Core server will benefit from fast CPUs and fast disk I/O throughput. Understanding your audit<br />
department’s usage requirements will help IT deploy the appropriate hardware configuration to optimize<br />
performance.<br />
© Copyright 2011 <strong>ACL</strong> Services Ltd. <strong>ACL</strong> and the <strong>ACL</strong> logo are trademarks or registered trademarks of <strong>ACL</strong> Services Ltd. All other trademarks are the property of their respective owners. 9
4. Geronimo Application Server<br />
Apache Geronimo is an enterprise Java application server, providing similar services and functionality<br />
as IBM Websphere and Oracle Weblogic. AX Core, AX Core Client, AX Gateway, AX Core<br />
administration, AX Exception, and AX Exception administration all run within the Geronimo Application<br />
Server.<br />
5. Tomcat Web Server<br />
In AX3, AX Gateway is an optional <strong>com</strong>ponent. For new installations, the Gateway web server is<br />
included in the AX Core Geronimo application server, and although it is only one installation, it does<br />
require separate activation from AX Core. For customers upgrading from AX2.x no extra steps are<br />
required to activate Gateway.<br />
6. AX Core database<br />
The AX Core database can be either Oracle or PostgreSQL. For PostgreSQL, the PostgreSQL server<br />
and the AX Core database can be installed and configured by the AX Core installer. For organizations<br />
that require Oracle, an Oracle DBA is first required to create a schema for AX use, and the DBA will<br />
provide connection information that the AX Core installer can use when creating AX Core database<br />
tables, stored procedures, etc.<br />
The AX Core database holds the AX Core repository content, with the exception of data files (.fil). Data<br />
files are stored outside the database due to their potential size, and because the AX Core desktop<br />
connector and the <strong>AuditExchange</strong> analytic engine require direct access to the data files.<br />
The AX Core database also holds <strong>ACL</strong> <strong>AuditExchange</strong> user and role information, which ac<strong>com</strong>modates<br />
AX Core and AX Exception (optional <strong>com</strong>ponent).<br />
Important: For Oracle and the Unicode release of <strong>AuditExchange</strong>, an Oracle instance with the database<br />
character set and the national character sets set to either UTF-8 or UTF-16 is required.<br />
The AX Core database is re<strong>com</strong>mended to be installed on a separate server from AX Core for all but<br />
the smallest of audit departments and resulting usage.<br />
7. AX Core administration<br />
It provides remote access to AX Core configuration settings, including configuration of analytic servers.<br />
These are the same settings that are noted below as are set within the acl<strong>AuditExchange</strong>.xml file. This<br />
console is accessed using a web browser.<br />
Communication Ports<br />
Default Port Component – Protocol Encryption Remote connectivity required?<br />
4201 Geronimo EJB - Remote Method SSL<br />
Yes – AX Core Client<br />
Invocation (RMI)<br />
5432 PostgreSQL Database – custom Supported Yes(*) – AX Exception<br />
8443 Geronimo Web Server – https SSL Yes – AX Gateway (web browser) &<br />
AX Core Client & AX Datasource<br />
importer<br />
© Copyright 2011 <strong>ACL</strong> Services Ltd. <strong>ACL</strong> and the <strong>ACL</strong> logo are trademarks or registered trademarks of <strong>ACL</strong> Services Ltd. All other trademarks are the property of their respective owners. 10
Default Port Component – Protocol Encryption Remote connectivity required?<br />
10000 <strong>ACL</strong> server – custom TwoFish 128bit Yes – <strong>ACL</strong> Desktop<br />
1099 Geronimo Naming – JNDI None No<br />
1527 Geronimo System Database - custom None No<br />
8009 Geronimo Web Server – AJP None No<br />
8080 Geronimo Web Server – http None No<br />
9999 Geronimo Management – JMXMP None No<br />
61613 Geronimo Messaging – Stomp None No<br />
61616 Geronimo Messaging – OpenWire None No<br />
* Remote connectivity to the AX Core database is required if AX Exception is running on a separate<br />
machine.<br />
Note: Your IT will stipulate which port is required when Oracle is used as the AX Core database server.<br />
System Security<br />
The following system accounts are required by AX Core and are optionally created by the AX Core<br />
server installation (if not already existing):<br />
• A Geronimo service account<br />
• An AX database service account for PostgreSQL or Oracle<br />
Additionally, AX Core requires a PostgreSQL user account (also specified during the AX Core<br />
installation).<br />
The table below notes how the AX Core system performs specific background actions:<br />
Action<br />
Scheduled AX Analytic<br />
“Run Now” AX Analytic<br />
AX Core desktop connector session<br />
(initiated via <strong>ACL</strong> Desktop Edition)<br />
Run By<br />
Geronimo service account<br />
Geronimo service account<br />
Logged in user<br />
AX Core and AX Gateway Configuration<br />
The following files contain configuration settings for the AX Core and AX Gateway servers. Notable<br />
settings are described for each of them below.<br />
acl<strong>AuditExchange</strong>.xml:<br />
• AX Core data directory – The file path where <strong>AuditExchange</strong> stores repository data files (.fil).<br />
• AX Core file transfer directory – The file path used for temporary file storage during upload and<br />
download operations.<br />
• AX Core analytic engine working directory – The file path used by AX Core as the default<br />
location for storing <strong>ACL</strong> table data files (.fil). For each user that connects to AX Core via the AX<br />
Core desktop connector from the <strong>ACL</strong> Desktop client, a directory is created here named after the<br />
user’s name.<br />
• AX Core analytic engine port number – The port number used by the AX Core desktop<br />
connector (<strong>ACL</strong>SE) service.<br />
© Copyright 2011 <strong>ACL</strong> Services Ltd. <strong>ACL</strong> and the <strong>ACL</strong> logo are trademarks or registered trademarks of <strong>ACL</strong> Services Ltd. All other trademarks are the property of their respective owners. 11
• Default domain – The Active Directory domain to use by default if a user does not specify a<br />
domain when they log in.<br />
• AX Exception data upload URL – The URL that AX Core uses to publishing exception results to<br />
AX Exception. This text box is only displayed if AX Exception is installed.<br />
• AX Datasource address – The IP address of the AX Datasource server. This text box only<br />
requires a value if AX Datasource is used to automatically send data extracts to the AX Core<br />
repository.<br />
aclDatabase.xml:<br />
• Contains the hostname or IP address of the AX Core database server, the database driver type<br />
(Oracle or PostgreSQL), along with the database username and password. Because<br />
aclDatabase.xml contains sensitive user and password information, it is automatically encrypted by<br />
AX Core. Once encrypted, the settings cannot be modified except by recreating the file.<br />
aclQuartz.properties:<br />
• Contains configuration for the Quartz scheduler.<br />
aclSchedulerCluster.xml<br />
• Controls the number of concurrent analytics which can be executed by AX Core. This file also<br />
contains the settings for analytic servers.<br />
aclScriptEngine.xml<br />
• Contains configuration settings for the analytic engine, such as the path to the ASCLScript.exe<br />
axGateway.properties:<br />
• Temporary work directory when opening an <strong>ACL</strong> data table in Excel.<br />
• The Excel template file to use when opening an <strong>ACL</strong> data table in Excel.<br />
• Maximum number of items displayed within the Recent Work screen – default 25.<br />
• Number of days past to display Recent Work items – default value 7.<br />
• Maximum single file upload size into the repository.<br />
» Default is 2Gb<br />
» Maximum is 2Gb<br />
• Maximum number of items returned by a Search – default value 50.<br />
» If Search query returns more than this maximum, user will be prompted to refine their<br />
search.<br />
OPTIONAL COMPONENTS TECHNICAL DESCRIPTION<br />
AX Exception<br />
AX Exception is a browser-based application providing audit exception<br />
remediation workflow, reporting, and notification. Exceptions are fed into<br />
AX Exception from scheduled analytics running in AX Core. Internet<br />
Explorer connects to AX Exception using https (http over SSL).<br />
© Copyright 2011 <strong>ACL</strong> Services Ltd. <strong>ACL</strong> and the <strong>ACL</strong> logo are trademarks or registered trademarks of <strong>ACL</strong> Services Ltd. All other trademarks are the property of their respective owners. 12
Analytics scheduled to run in AX Core can be configured to publish exceptions to AX Exception. AX<br />
Core opens an https connection to the AX Exception server and the publish operation transfers<br />
exception data (records), parameter values, and metadata.<br />
AX Exception Administration<br />
It provides AX Exception user management, allowing initial creation of users, as well as ongoing<br />
management of entity and role assignment to each user. The Entity determines which data a user is<br />
allowed to view, and the role determines which actions they can undertake in the remediation workflow.<br />
This <strong>com</strong>ponent is accessed using a web browser.<br />
Geronimo Application Server<br />
Apache Geronimo is an enterprise Java application server, providing similar services and functionality<br />
as IBM Websphere and Oracle Weblogic. AX Exception runs within the Geronimo Application Server.<br />
AX Exception database<br />
The AX Exception database can be either Oracle or Microsoft SQL Server. For SQL Server, the AX<br />
Exception database can be installed and configured by the AX Exception installer. For Oracle, an Oracle<br />
DBA is first required to create a schema for AX use, and the DBA will provide connection information<br />
that the AX Exception installer can use when creating AX Core database tables, stored procedures, etc.<br />
The AX Exception database stores information for the AX Exception application, with the exception of<br />
users and roles. Users and roles are shared with AX Core via the AX Core database.<br />
The AX Exception database should be installed on a separate machine from AX Exception. Encryption<br />
of the <strong>com</strong>munications between AX Exception and the database is controlled by database server<br />
configuration.<br />
Important: For Oracle and the Unicode release of <strong>AuditExchange</strong>, an Oracle instance with the database<br />
character set and the national character sets set to either UTF-8 or UTF-16 is required.<br />
Communication Ports<br />
Default Port Component – Protocol Encryption Remote connectivity required?<br />
1433 SQL Server – custom supported No<br />
8443 Geronimo Web Server – SSL Yes - AX Exception (web browser)<br />
https<br />
1099 Geronimo Naming – JNDI None No<br />
1527 Geronimo System Database None No<br />
– custom<br />
8009 Geronimo Web Server – AJP None No<br />
8080 Geronimo Web Server – http None No<br />
9999 Geronimo Management – None No<br />
JMXMP<br />
61613 Geronimo Messaging – None No<br />
Stomp<br />
61616 Geronimo Messaging –<br />
OpenWire<br />
None No<br />
© Copyright 2011 <strong>ACL</strong> Services Ltd. <strong>ACL</strong> and the <strong>ACL</strong> logo are trademarks or registered trademarks of <strong>ACL</strong> Services Ltd. All other trademarks are the property of their respective owners. 13
© Copyright 2011 <strong>ACL</strong> Services Ltd. <strong>ACL</strong> and the <strong>ACL</strong> logo are trademarks or registered trademarks of <strong>ACL</strong> Services Ltd. All other trademarks are the property of their respective owners. 14
Direct Link <br />
Direct Link provides direct access to SAP data from <strong>AuditExchange</strong><br />
analytics via the <strong>AuditExchange</strong> analytic engine. Communications to an<br />
SAP system can be configured for encryption.<br />
Note: There is an additional <strong>com</strong>ponent of Direct Link that must be installed on each SAP server that is<br />
to be accessed by <strong>AuditExchange</strong> or <strong>ACL</strong> Desktop.<br />
AX Datasource<br />
<strong>ACL</strong> embeds Informatica® PowerCenter® within the AX Datasource<br />
application for specific use with the <strong>AuditExchange</strong> platform in order to<br />
source data from various formats within an organization for audit usage<br />
within the AX Core repository.<br />
In addition to the <strong>com</strong>ponents described below, there are several data connectors that are available to<br />
provide format-specific connectivity to a variety of business applications.<br />
Informatica PowerCenter Client<br />
The PowerCenter client connects to PowerCenter server and is used to setup data mappings, workflows<br />
and tasks for extracting data from hundreds of different data sources.<br />
Informatica PowerCenter Server<br />
PowerCenter provides data extract and transformation capabilities from hundreds of different data<br />
sources. Data is extracted to data files in a format that is <strong>com</strong>patible with <strong>ACL</strong> Desktop Edition, the AX<br />
Core desktop connector, and the <strong>AuditExchange</strong> analytic engine. Extracted data files are then imported<br />
into AX Core using the AX Datasource importer.<br />
AX Datasource Importer<br />
This <strong>com</strong>ponent resides on the AX Core server and allows PowerCenter data extracts to be<br />
automatically imported into AX Core. Data files and metadata are transferred to AX Core securely using<br />
https.<br />
Communication Ports<br />
Default Port Component – Protocol Encryption Remote connectivity required?<br />
6001 Informatica PowerCenter Node – custom None Yes – PowerCenter client<br />
6002 Informatica PowerCenter Service None No<br />
Manager – custom<br />
6005(+) Informatica PowerCenter Services –<br />
custom<br />
None Yes – PowerCenter client<br />
+ Depending on services configuration, PowerCenter may use default ports 6005-6015<br />
© Copyright 2011 <strong>ACL</strong> Services Ltd. <strong>ACL</strong> and the <strong>ACL</strong> logo are trademarks or registered trademarks of <strong>ACL</strong> Services Ltd. All other trademarks are the property of their respective owners. 15
AUDITEXCHANGE PLATFORM: DEPLOYMENT AND USAGE<br />
CONSIDERATIONS<br />
Repository Design<br />
<strong>ACL</strong> <strong>AuditExchange</strong> 3 is designed to reflect how auditors work and organize their information – around<br />
the concept of the Audit Engagement. Engagements are constructs that allow the audit team to organize<br />
their audit resources, including working papers, associated audit documentation, data sets and analytics<br />
in a manner consistent with their audit objectives for discrete audit projects. Within Engagements are<br />
the Activities that audit teams can follow to efficiently execute according to their audit plans.<br />
There are two sections to the AX Core repository, a Working directory and a Library. The Working<br />
directory is the place where each audit engagement is planned and carried out.<br />
All key elements of the audit engagement are kept together within the repository – Data tables,<br />
<strong>AuditExchange</strong> analytics, all planning and explanatory documentation and all resulting audit evidence.<br />
<strong>ACL</strong> <strong>AuditExchange</strong> supports storage of all electronic file formats in addition to all <strong>ACL</strong> file types.<br />
The Library directory provides an area for data or analytic specialists to store and apply further<br />
restrictions on access to highly sensitive but re-usable audit resources, such as Master data and Master<br />
analytics.<br />
Data Access<br />
The AX Core desktop connector features the broad range of <strong>ACL</strong> data access capabilities. These<br />
capabilities permit end-user access to a wide range of data sources for investigative and exploratory<br />
analysis. Typically, this step is a precursor to repetitive and continuous analysis that is best enabled by<br />
the AX Datasource add-on module discussed in the previous section. The following describes the data<br />
access approaches available from within the AX Core desktop connector.<br />
File System Access<br />
The AX Core desktop connector and <strong>ACL</strong> Desktop Edition support fixed and variable record length<br />
(CR/LF) files stored on network drives accessible by the server machine. These include direct-connect<br />
disks, network file systems (NFS) or SMB shared file systems and storage area networks (SANs).<br />
Textual report, or “print image,” formats are also supported on these <strong>ACL</strong> platforms. <strong>ACL</strong> can, in many<br />
cases, automatically determine tabular data within a textual report file, and use it for further analysis.<br />
Internally, <strong>ACL</strong> uses a fixed-record length format for temporary and imported data storage.<br />
Data Management<br />
AX Core/AX Core Client<br />
When an <strong>ACL</strong> table is imported into the AX Core repository through AX Core Client, the table definition<br />
(layout) information is stored within the AX Core repository database and the data file itself is stored<br />
within the Windows file system under an <strong>AuditExchange</strong>-managed directory structure.<br />
**Note: It is up to the administrator of the Windows server where <strong>AuditExchange</strong> is stored to ensure<br />
appropriate security access is applied to these Windows directories.<br />
<strong>AuditExchange</strong> supports the re-use of data within the repository via copying and linking the table across<br />
Engagements – both within the Working area and between the Library and Working areas. When a data<br />
© Copyright 2011 <strong>ACL</strong> Services Ltd. <strong>ACL</strong> and the <strong>ACL</strong> logo are trademarks or registered trademarks of <strong>ACL</strong> Services Ltd. All other trademarks are the property of their respective owners. 16
table is copied and linked through the AX Core Client interface, only a link between master table and<br />
link table is created; similar to a shortcut in Windows, it does not make a separate copy of the<br />
underlying data file. The AX Core repository manages a single copy of this data file and maintains a<br />
referential link to all places that the master table is linked.<br />
When a user double-clicks on a data table from within the AX Core Client interface, the table definition<br />
will be exported into an <strong>ACL</strong> project format so that it can be viewed using the <strong>ACL</strong> Desktop Edition<br />
interface. At this time, the user will be prompted as to whether or not they wish to create a local copy of<br />
the data file itself, or whether or not they want to leave the data on the server and under the<br />
management of <strong>AuditExchange</strong> (the default is to have the data remain on the server).<br />
Running an Analytic<br />
<strong>ACL</strong> <strong>AuditExchange</strong> analytics can be run against any data table that is within the Data folder of the<br />
Activity where the analytic resides. Any data table that is generated as an output of the analytic can<br />
either be posted to the AX Core repository as a result (using the //RESULT syntax) or directly within the<br />
Data folder of the same Activity (using the //DATA syntax).<br />
Refreshing Data<br />
It is re<strong>com</strong>mended that the refresh of data within the repository (outside of refreshing data using AX<br />
Datasource) be ac<strong>com</strong>plished through the use of analytics. By specifying that the resulting data table(s)<br />
from an analytic be copied back to the Data folder within the Activity (if the data table already exists<br />
there), the underlying data file will be overwritten when the table definition is overwritten as well.<br />
Back-up and Archive of Repository Data<br />
Currently neither of these functions is automatically ac<strong>com</strong>plished by <strong>AuditExchange</strong>. Archiving of the<br />
AX Core database and the Windows file directories housing the data files should be coordinated with<br />
your network administrator. <strong>ACL</strong> re<strong>com</strong>mends a cold backup: that is turn off the AX Core services to<br />
ensure no system activity is in progress and therefore data is static.<br />
Security<br />
Authentication<br />
User Accounts<br />
<strong>AuditExchange</strong> platform user authentication is supported via Microsoft Active Directory. A user must be<br />
a valid Windows domain user. <strong>AuditExchange</strong> supports forests of trusted Active Directory domains.<br />
Users can then be added to the <strong>AuditExchange</strong> user list. <strong>AuditExchange</strong> does not store any passwords<br />
within our system, authentication is confirmed via the Windows API each time a user attempts to login to<br />
the system, but <strong>AuditExchange</strong> does not interface directly with Active Directory itself.<br />
If an organization does not employ Active Directory as their network authentication system,<br />
<strong>AuditExchange</strong> supports creation and use of local users on the AX Core server machine.<br />
Single Sign On<br />
AX Core integrates with the Central Authentication Service (CAS), which is installed with AX Core, and<br />
can be configured for form-based or silent integrated Windows authentication. If configured to use form-<br />
© Copyright 2011 <strong>ACL</strong> Services Ltd. <strong>ACL</strong> and the <strong>ACL</strong> logo are trademarks or registered trademarks of <strong>ACL</strong> Services Ltd. All other trademarks are the property of their respective owners. 17
ased authentication, users must enter a username and password to logon to an <strong>AuditExchange</strong><br />
application.<br />
Silent authentication does not require the user to enter a username or password, it uses integrated<br />
Windows Authentication and Kerberos to validate the user who is accessing an <strong>AuditExchange</strong><br />
application. The same user account that is logged into the PC is also the user account which is silently<br />
authenticated to access <strong>AuditExchange</strong>. Only Active Directory users are able to use silent<br />
authentication, and CAS must be registered on the Active Directory domain controller as a Service<br />
Principal Name (SPN). If silent authentication is configured, local user accounts can still be used, but<br />
they will require username and password entry.<br />
Application Security<br />
Security is maintained centrally in the AX Core for the entire AX platform. Application security is rolebased,<br />
with two primary roles supported.<br />
Users can either be an Administrator or a User of the AX Core system. Administrators are able to see<br />
and manage all Engagements and their contents within the AX Core repository.<br />
Users are only able to access Engagements or associated Activities for which they have been granted<br />
permissions. Permissions to an Engagement or Activity are either:<br />
• Full: Includes permission to create, modify and delete content or structure within a particular<br />
Engagement or Activity. This includes the ability to run and schedule any Analytics within the<br />
Activity. Anyone with Full permission to the Engagement may grant additional users permission to<br />
that Engagement.<br />
• Read Only: Includes permission to view all content within the Engagement or Activity. Does not<br />
include the ability to run Analytics.<br />
When a new Engagement is created (in the Working area), the creator has Full permissions by default.<br />
They must add any additional users (Full or Read Only) to the Engagement manually to share it with<br />
other users. Users that are added to the Engagement level will automatically inherit the same<br />
permissions for all Activities within the Engagement. These permissions can be modified at the Activity<br />
level.<br />
Only Administrators are able to create new Engagements within the Library. They may subsequently<br />
grant additional users (non-Administrators) either Full or Read Only permission to the Engagements<br />
within the Library.<br />
AUDITEXCHANGE SERVER HARDWARE ARCHITECTURE<br />
AX Core<br />
AX Core hardware requirements will be unique for each installation based on usage and data storage<br />
needs. Each running analytic, <strong>ACL</strong> Desktop user, AX Core Client user, AX Gateway user, and AX<br />
Datasource import, will consume AX Core server resources.<br />
• <strong>ACL</strong> re<strong>com</strong>mends a distributed hardware architecture including the AX Core server, AX Database<br />
server, and the storage location of source (.fil) data files for all but the smallest of number of<br />
users/audit teams and/or light analysis requirements.<br />
• SAN or NAS Storage: for heavy data analytic requirements, the AX Database server and source<br />
data files are re<strong>com</strong>mended to be stored in a SAN or NAS with fibre channel or otherwise fast/large<br />
throughput. Throughput is the single biggest bottleneck in the hardware along with disk i/o speed.<br />
© Copyright 2011 <strong>ACL</strong> Services Ltd. <strong>ACL</strong> and the <strong>ACL</strong> logo are trademarks or registered trademarks of <strong>ACL</strong> Services Ltd. All other trademarks are the property of their respective owners. 18
• Disk space: <strong>ACL</strong> table data files (<strong>ACL</strong> .fil files) are stored by AX Core as regular disk files, and all<br />
other data and metadata is stored in the AX Core database. Disk space needs are directly<br />
proportional to the size and amount of data stored in the AX Core repository.<br />
• Disk performance: AX Core, particularly the AX analytic engine will perform better using disk<br />
hardware with fast read and write times. Disks on a SAN are supported, but performance will be<br />
dependent on network and SAN specifications.<br />
• Processors: AX Core will utilize multiple processors when handling AX Gateway and AX Core<br />
Client user sessions. Analytics are executed by the AX analytic engine and the Windows OS will<br />
schedule each AX analytic engine process on a separate CPU core as needed.<br />
• Memory: The memory requirements of AX Core itself are not large, but as more users access AX<br />
Core, and analytics are scheduled, memory usage will increase accordingly.<br />
Suggested Hardware Configurations<br />
Users Analytic Usage Analytic Server(s) Suggested Hardware<br />
5 Light Not needed 2 CPU cores, 4GB memory, 200+ GB Disk Space(*)<br />
5 Moderate Re<strong>com</strong>mended 2 CPU cores, 4GB memory, 200+ GB Disk Space(*)<br />
5 Heavy Yes 2 CPU cores, 4GB memory, 200+ GB Disk Space(*)<br />
20 Light Re<strong>com</strong>mended 4 CPU cores, 4GB memory, 500+ GB Disk Space(*)<br />
20 Moderate -<br />
Heavy<br />
Yes<br />
4 CPU cores, 4GB memory, 500+ GB Disk Space(*)<br />
20+ Varying Yes 4+ CPU cores, 4+GB memory, 500+ GB Disk Space(*)<br />
* Disk space requirements depend largely on the size and number of files stored in the AX Core<br />
repository.<br />
Note: If the AX Core database is PostgreSQL, and is located on the AX Core server, there should be at<br />
least double the amount of memory and CPU cores allocated.<br />
Analytic Usage<br />
Light – Infrequent analytics being run by users, and/or a small number, (e.g. less than 5), of shortduration<br />
analytics scheduled to run periodically at night.<br />
Moderate – Users run short-duration analytics frequently. A small number, (e.g. 5–10), of analytics of<br />
mixed duration are scheduled to run – most at night, some concurrently. Once you’ve reached moderate<br />
analytic usage, it’s time to consider using an analytic server to reduce the load on the AX Core server.<br />
Heavy – Analytics of varying duration are run by users at any time. Many analytics scheduled to run<br />
periodically on varying schedules, some concurrently, some are long-running, (e.g. 2 hours or more).<br />
With heavy analytic usage, <strong>ACL</strong> strongly re<strong>com</strong>mends setting up one or more analytic servers in<br />
addition to your main AX Core server.<br />
AX Exception<br />
Users Suggested Hardware<br />
5 2 CPU cores, 4GB memory<br />
20 2 CPU cores, 8GB memory<br />
20+ 4+ CPU cores, 8+GB memory<br />
Note: If the AX Exception database is located on the same server, there should be at least double the<br />
amount of memory and CPU cores allocated.<br />
© Copyright 2011 <strong>ACL</strong> Services Ltd. <strong>ACL</strong> and the <strong>ACL</strong> logo are trademarks or registered trademarks of <strong>ACL</strong> Services Ltd. All other trademarks are the property of their respective owners. 19
AX Datasource<br />
• A quad-core processor, or two dual-core processors, at 2.5 GHz or faster (quad-core processor<br />
re<strong>com</strong>mended).<br />
• When installing Informatica PowerCenter, you are limited by licensing restrictions to a four-core<br />
processor server.<br />
• 8 GB of RAM.<br />
• At least 3 GB of disk space for the PowerCenter and AX Datasource application <strong>com</strong>ponents.<br />
• Significant additional disk space may be required to store data extracts, for configurations where<br />
this server is being used to host data. Please see following paragraphs for Supported<br />
Configurations.<br />
Supported Configurations<br />
All on One Server<br />
AX Core, AX Exception, and AX Datasource can be installed on a single server machine. This<br />
configuration is re<strong>com</strong>mended only for installations with a small number of users, (e.g. 5 users or less)<br />
with only light analytic usage requirements.<br />
Multiple Servers<br />
• AX Core, AX Exception, and AX Datasource can each be installed on its own dedicated server,<br />
which is re<strong>com</strong>mended for installations with more than 5 users or with moderate to heavy analytic<br />
usage.<br />
• Multiple AX Core servers can be installed, but they cannot share content. Each AX Core server will<br />
have its own content repository.<br />
• Multiple AX Core servers can publish transactions to a single AX Exception. In this case, AX<br />
Exception will be configured to use the database from one of the AX Cores for user and role<br />
information. The other AX Core servers will have their own database, with their own user and role<br />
information.<br />
• Multiple AX Datasource servers can be configured to import data to a single AX Core.<br />
• AX Core does not support publishing to multiple AX Exception servers. The AX Core publish<br />
operation can only be configured with a single URL for publishing to a single AX Exception server.<br />
_____________________________<br />
For technical support and contact information, visit the <strong>ACL</strong> Support Center:<br />
www.acl.<strong>com</strong>/supportcenter<br />
© Copyright 2011 <strong>ACL</strong> Services Ltd. <strong>ACL</strong> and the <strong>ACL</strong> logo are trademarks or registered trademarks of <strong>ACL</strong> Services Ltd. All other trademarks are the property of their respective owners. 20
<strong>ACL</strong> Headquarters<br />
T +1 604 669 4225<br />
F +1 604 669 3557<br />
• acl.<strong>com</strong><br />
info@acl.<strong>com</strong><br />
About <strong>ACL</strong> Services Ltd.<br />
<strong>ACL</strong> Services Ltd. is the leading global provider of business assurance technology for audit and<br />
<strong>com</strong>pliance professionals. Combining market-leading audit analytics software with centralized content<br />
management and exception reporting, <strong>ACL</strong> technology provides a <strong>com</strong>plete end-to-end business<br />
assurance platform that is flexible and scalable to meet the needs of any organization.<br />
Since 1987, <strong>ACL</strong> technology has helped organizations reduce risk, detect fraud, enhance profitability,<br />
and improve business performance. <strong>ACL</strong> delivers its solutions to 14,700 organizations in over 150<br />
countries through a global network of <strong>ACL</strong> offices and channel partners. Our customers include 98<br />
percent of Fortune 100 <strong>com</strong>panies, 89 percent of the Fortune 500 and over two-thirds of the Global 500,<br />
as well as hundreds of national, state and local governments, and the Big Four public accounting firms.<br />
© 2011 <strong>ACL</strong> Services Ltd.<br />
TB/AX2/02072011<br />
<strong>ACL</strong> Services Ltd. <strong>ACL</strong> and the <strong>ACL</strong> logo are trademarks or registered trademarks of <strong>ACL</strong> Services Ltd. All other trademarks are the property of their respective owners.