Clarity PPM SaaS Service Description

BlueOfficial CA PPM Policy
ccppmod1541
BlueOfficial CA PPM Policy
HID_saas_service
This service description applies to all active releases of CA PPM SaaS including 15.x, 14.x, and 13.x.
CA PPM SaaS is a web-based service that provides subscribers with access to the market-leading project and portfolio management system. It is comprised of two core components: CA PPM SaaS application, which is the main focus of this document, and an optional front-end portal (CA SaaS Portal) for authenticating users to the application and other CA SaaS applications.
 
 
2
 
 
Service Delivery Standards
Compliance
The components of CA PPM SaaS are compliant to various standards as follows:
  •  
    SSAE 16 compliant
    : CA PPM SaaS is subject to an annual SSAE 16 compliance audit. The resulting Service Organization Controls (SOC) Report includes the auditor's opinion on the fairness of the presentation of the CA Technologies description of controls that have been placed in operation and the suitability of the design of the controls to achieve the specified control objectives, and the auditor's opinion on whether the specific controls were operating effectively during the period under review. To view CA SaaS Audits and Compliance Reports, see www.ca.com/us/lpg/saas-summary-audit-report.aspx. Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, was finalized by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) in January 2010. SSAE 16 effectively replaces SAS 70 as the authoritative guidance for reporting on service organizations.
  •  
    Section 508
    : The nature and extent to which the CA PPM application enables compliance with the requirements of Section 508 of the Rehabilitation Act of 1973 is detailed in our Voluntary Product Accessibility Template, available upon request.
Availability and Monitoring:
  • An industry-leading SLA of 99.8% service availability is provided.
  • Continuous monitoring of all service components (infrastructure and application) is deployed to proactively identify any component or service trending towards failure or approaching capacity.
    • CA best-of-breed monitoring solutions are deployed.
    • Supplemented with vendor specific diagnostic tools where appropriate.
  • 24x7 staffed network operation center (NOC) to analyze and respond to automated monitoring alerts.
Performance:
Service response times are analyzed and archived daily. This data is used to identify clients that require detailed performance reviews. 
Upon review of performance data or notification from the client of performance concerns, CA Technologies will:
  • Work with the client and perform a detailed user by user, feature by feature review to determine any areas of concern.
  • Work with the client to optimize their configuration.
  • Work with the client to identify any issues within their network or ISP.
  • Should additional infrastructure be required to meet the customer's subscription levels, CA will provide as part of the service.
Support:
CA PPM SaaS includes standard 24x7x365 support for critical incidents. The welcome email, sent to current CA PPM SaaS clients providing service URLs, contains information on how to obtain a CA Technologies Support login. This login can be used to obtain support for any issues or service related questions. The following web sites provide access to detailed information on CA PPM SaaS:
  •  
    Clarity PPM
     Support Knowledge Base: This site provides links to user documentation, support policies, and a knowledge base of documents related to the service.
  •  
    Clarity PPM
     Documentation: This site provides access to the product online help documentation.
  •  
    Clarity PPM
     Customer Resources: This site provides links to current SaaS specific policies and SaaS listings providing current delivery standards for CA Technologies SaaS offerings.
Maintenance:
Maintenance falls into three categories:
  •  
    Monthly
    : Monthly maintenance windows are scheduled at least 3 months in advance and occur one Saturday each month. Maintenance windows are scheduled during local non-business hours. There is limited client input over these scheduled windows as infrastructure maintenance performed during these windows may impact multiple or all clients. Security patches and other operating system updates are applied during these windows. A reminder notification will be sent 7-10 days prior to these maintenance windows. See Monthly Maintenance Window Schedule.
  •  
    Critical Scheduled
    : Periodically, a critical scheduled maintenance involving security or system stability may be required. A 72 hour notice will be provided to customers for these activities. In many cases, maintenance activities can be more flexibly timed to meet customer business needs. CA will provide reasonable accommodations to these types of maintenance periods where possible.
  •  
    Unplanned
    : Unplanned downtime is any loss of production system availability that does not have at least 72 hours advance notice to clients. These downtimes are generally system fault type issues but can also be proactive, emergency maintenance performed to prevent a system failure from occurring. Notices of service interruption will be sent as soon as the maintenance is scheduled or monitoring has determined a client’s system is unavailable; a minimum of 24 hour notice is provided when practical. These types of downtime count against the client’s uptime SLA and, therefore, are infrequent.
Security
Security Framework
CA Technologies continuously improves the security framework by doing the following:
  • Risk management drives policy creation
  • Policy shapes architecture
  • Architecture drives engineering solutions
  • Solutions are sustained by operations and administration.
  • Operations and administration efforts are monitored for performance and compliance (depending on risk)
  • Performance/compliance test results drive policy improvements
 image2017-1-11 15:39:34.png 
Architectural Security
  •  
    Auditing
    : CA PPM SaaS security architecture is comprised of controls and security measures across facility, network, and server infrastructure which are audited annually under SSAE16 standards. Refer to the previous Certification and Compliance section for further SSAE16 details.
  •  
    Encryption
    : All web traffic is protected by SHA256 bit TLS 1.0, 1.1, or 1.2 encryption and 2048 bit RSA public keys. The CA PPM SaaS application encrypts user session data. CA PPM SaaS email services supports TLS encryption.
  •  
    Software
    : A suite of security software components are deployed including threat management and anti-virus to provide server security.
  •  
    Firewalls
    : In addition, “stateful” inspection firewalls are in place; these firewalls stop all incoming traffic, analyze it, and prevent standard internet attacks. Application servers are located in a demilitarized zone (DMZ), which is separated from the service database servers by a firewall. Only the necessary ports are opened between the DMZ and the internal trusted network.
  •  
    SQL Injections and XSS
    : The application manages illegal SQL injections by enforcing content-validation rules and Web use prepared statements exclusive to the application itself almost exclusively in the CA PPM application. CA PPM also enforces XSS user input validation and XSS user input restrictions.
  •  
    Authentication
    : Customer may utilize a standard user name/password authentication scheme. Optionally a federated single sign-on (SSO) authentication is available for customers with the capability of producing SAML authentication packages; refer to the Integration section for more details. Federated SSO allows for greater customer control for access methods and timing.
  •  
    Authorization
    : Within the CA PPM SaaS application, over 550 individual rights/roles/groups can be used to secure application functionality and data records. Additionally, standard audit trail functionality can be configured for most objects and attributes to capture creation, edits, and deletions of selected data records or attributes.
Security Scans
CA Technologies contracts with an independent, third party vendor to evaluate and validate the security of our service on an ongoing basis. Critical and high risks are identified, validated, and remediated before production systems are made available. Medium risks are evaluated and resolved on a priority basis. Ongoing scans are performed to ensure that no new risks have been introduced. Two types of scans are performed:
  •  
    Vulnerability Scans
    : Vulnerability tests are performed weekly
  •  
    Penetration Scans
    : Penetration tests are performed as each new release of the service is being made available and no less than annually
Application Security and User Management
  •  
    Data integrity
    : CA PPM SaaS customers are deployed in a stateless application environment connected to Oracle database instances. With failover at the application tier, the application data model is designed to guarantee data integrity by modeling data transactions into transaction units that are saved (committed) to the database in one batch. In the event a database instance goes offline, the pending transactions resume once the database is restored.
  •  
    Data segregation
    : Customer data is segregated in separate logical databases that may reside on the same physical Oracle database server. All customer configurations and customer data are stored in the database.
  •  
    User authentication
    : Users can authenticate to CA PPM SaaS by using a username and password combination. In addition to internal authentication, CA Technologies also provides the option to use Federated SSO for user authentication. Some non-web browser client applications, such as Microsoft Project, can be accessed from within the application and do not require additional logon. Where these applications are accessed from outside the application, username and password are required.
For customers that do not have Federated SSO implemented, a login to CA PPM SaaS environment is required to manage passwords. CA Technologies does not currently support direct LDAP integration because exposing client directory data outside the firewall exposes clients to unacceptable security risks and the establishment of a business to business VPN tunnel to ship directory data exposes CA PPM SaaS and its clients to unacceptable security risks. Users of CA PPM SaaS can be added, deactivated, or modified through the user interface on the CA SaaS Portal or via a WSDL based interface. New users can optionally receive an email notification with instructions for how to log on to the CA PPM service.
User passwords are managed either in the CA SaaS Portal, the CA PPM application or in the customer’s environment if the customer is using Federated SSO.
  •  
    Permissions
    : Additional application security is provided through role-based and OBS-based (organizational breakdown structure) permissions. Using these permission schemes, the CA PPM application can be configured to allow or deny access to features and data in accordance with any business need. CA Technologies also implements best practices in guarding from outside threats. Each customer’s data and configurations are stored in a dedicated database schema with security rights restricted at the database level. Web services are not shared between clients.
Session Management
The CA PPM service uses a session-based cookie that carries a token for accessing the session data that is transient in the cache (for a single application environment), or in the database (for a clustered environment). The only data that is kept in the cookie is the authentication token, which is a value in the database. Session data that is keyed off the cookie includes the user’s profile (username, language choice, locale choice, and time zone), global access rights of the user, and other shopping cart-like data.
Data Center Security
CA data centers have multiple levels of security to protect customer information. This protection includes physical and logical security measures.
PHYSICAL SECURITY
All data centers have highly restricted access and use the following physical security measures:
  •  
    Physical Access
    : All areas of each data center are monitored using CCTV, and all access points are controlled. The center is staffed with security officers around the clock to augment physical security features.
  •  
    Visitors Access
    : No public visitor access to the data centers without prior knowledge and approval of the CA SaaS infrastructure team is permitted. Approved visitors are required to present a government issued picture ID upon entry to verify their identity and access privileges. They are then escorted to the appropriate locations within the data center by security staff. Access history is recorded for audit.
  •  
    CA Security Personnel
    : CA Technologies maintains a department of security engineers. New security employees and contractors are all subjected to background checks. Security policies along with data retention and destruction policies are in place and published.
LOGICAL SECURITY
The following security methods are employed:
  •  
    Hacker Monitoring
    : The systems are monitored 24 x 7 by an enterprise network intrusion protection solution. Audit logs are sent to a centralized CA Audit system and are reviewed daily to ensure that there is no unusual activity.
  •  
    Virus Protection
    : All CA Technologies servers are protected by commercial Anti-Virus software. The environment undergoes regular vulnerability scans to protect against both internal and external network threats. Files being uploaded to the service are scanned for threats before being saved.
  •  
    Ports
    : Only specific ports are opened for data traffic. Application data, including interface data, is directed through port 443.
  •  
    Application Security
    : During the development and QA stages, the application undergoes security review and testing.
  •  
    Server Hardening
    : All servers are hardened in accordance with industry best practices. By running only the necessary services, CA Technologies reduces its exposure to operating-system-level security issues. Servers undergo weekly vulnerabilities scans and standard quarterly maintenance.
  •  
    Server Patching
    : Security patches are applied monthly and emergency patches are applied as quickly as practical.
  •  
    Segregated Customer Data
    : Data is currently segregated within dedicated schema instance and security is enforced at the database level so that no cross schema access is available. Customers do not have logical access to database servers.
  •  
    Protection Controls
    : Unauthorized access to servers and changes to the operating system are monitored. CA Configuration Automation© is used to manage changes to the configuration of the application.
  •  
    Data Sanitization
    : Data storage devices are sanitized when a CA PPM service contract has expired, hardware breaks, or customers ask for sanitization to be performed. Customer data is only stored on network data storage, so there is no process necessary for other media (for example, tape, USB, CD, DVD). Retired storage devices are securely destroyed.
Data Management
CA Technologies performs regular backups of all customer data and configurations to create service recovery points. These recovery points are utilized by the defined business continuity and disaster recovery plans and can also be utilized, along with additional client requested recovery points, to restore the service to a previous state upon client request.
Service Backup and Restore
Service backups are managed as follows:
  • Recurring backups: A recovery point is automatically generated every 24 hours and consists of a full backup of all customer data and configuration.
  • Retention period: Recurring backups are retained for 7 days. Backups past the retention period are programmatically deleted.
  • Storage policies:
    • Backups reside only on network storage within an authorized CA Technologies data center
    • Removable media is not used to store backup files
    • Backup copies cannot be provided to customers or other third parties
    • Storage devices or media removed from service are sanitized as follows:
      • Overwriting the media using DOD accepted software or,
      • Degauss of the media or,
      • Physically destroying the media rendering it unusable
  • Customer defined recovery points: Customers may define additional recovery points as needed. Customer defined recovery points can be retained for as long as required; the standard retention periods for these recovery points, in days, are 30, 60, 90, or indefinitely until deletion is requested. CA Technologies will maintain up to 5 customer defined recovery points in addition to the recurring backups defined above.
  • Customer restore requests: Customers may request a restore to any recovery point within the retention period or any available customer defined recovery point. All restore requests are processed as a complete environmental restore; restores of selective data instances cannot be requested as part of the standard service. When a customer requests a recovery, the restored system will be unavailable for a predetermined amount of time, which will be communicated to the customer.
Disaster Recovery and Business Continuity
In a disaster or other unrecoverable failure, CA Technologies recovers to the most recent recovery point available. For most recovery scenarios, minimal or no customer action is required. The backups that comprise each available recovery point are replicated nightly to a geographically separate data center that acts as an alternative recovery site for the primary data center.
Recoveries are usually performed as a result of any hardware or software failure. Because of high availability and redundancy there should be zero loss of data in this scenario, but in rare cases, data may be lost up to the last available recovery point. CA Technologies uses all commercially reasonable efforts to recover from any system failure event as follows:
• Recovery Point Objective: 1 hour
• Recovery Time Objective: 4 hours
Disaster to the CA Technologies corporate network in New York will not affect service for any customer. Secondary services, such as domain name services will be routed through the secondary CA Technologies network in Illinois.
Data Delivery
As noted above, ongoing client data retrieval is provided for via a web based user interface (including reports and dashboards) or WSDL based API’s. Terminating clients have the following options to receive their data:
• API data extractions via HTTPS producing XML formatted flat files. See the user guide XOG Developer Guide for technical details.
• Oracle data pump generated file containing all tables with client data.
• Oracle data pump generated file of the client’s entire CA PPM database schema. This option requires a valid, perpetual CA PPM license.
Application
CA PPM SaaS is based on a J2EE application and has the following architectural details:
  • To ensure high-performance and availability, the application runs on multiple Apache Tomcat application servers connecting to Oracle back-end databases via DataDirect JDBC drivers.
  • The application utilizes load balancing between a minimum of two Linux application servers using hardware based SSL acceleration.
  • The underlying J2EE application server controls Web, integration, business logic and persistence services providing common application functions such as caching, security, globalization, configuration and workflow.
  • The service is accessed through a secure web interface.
  • Customers are deployed in a stateless application. With failover at the application tier, the data model is designed to guarantee data integrity. Data transactions are modeled into transaction units that are saved (or committed) to the database in one batch. In the event a database instance goes offline, the pending transactions resume once the database is restored.
  • The application limits the amount of network resources consumed by compressing the data sent to the browser from the server using Java compression functionality. The browser can then uncompress the data stream using built-in gzip functionality.
Version and Release Management
Technical upgrades to CA PPM SaaS are included as part of the base subscription. CA Technologies will notify customers when CA PPM SaaS is required to be upgraded for supportability and stability purposes and will work with clients to accommodate their business needs in regards to scheduling these upgrades. Clients can also proactively request upgrades and updates to receive new functionalities or defect resolutions.
New service versions, including new functionality, are released one to two times per year. Updated versions of the service are released approximately monthly and are the method of patch delivery for identified defects and vulnerabilities. For full support clients are expected to stay on the current version of the service (GA) or one version back (GA-1); older versions of the service are not eligible for patching.
Data Integrity and Management
Data between the client and database may be interrupted when an application server fails and the session is lost. Transactions complete if they are submitted before the application server goes down. If the database goes offline, the transactions complete once the database is restarted. The CA PPM application data model was designed to guarantee data integrity by modeling data transactions into transaction units that are saved (committed) to the database in one batch. Inside of PL/SQL stored procedures and the CA Technologies JDBC-based application code, this happens using the TRANSACTION/COMMIT Oracle constructs/commands. All jobs and tasks that were cut off during the failure resume once the servers are activated.
Client Access
User access to CA PPM SaaS requires only a supported web browser as noted in current the release notes. Depending on processing requirements, there are additional client workstation technologies that customers can use:
  •  
    XML Open Gateway (XOG)
    : A CA PPM Web service used for data import and export between external systems and CA PPM SaaS via HTTPS. Direct WSDL calls may also be initiated to service using a client developed SOAP call.
  •  
    REST APIs
    : Web-based and interactive API documentation where authorized engineers can execute API commands against a CA PPM instance.
  •  
    Microsoft Project/Open Workbench
    : These scheduling tools allow for a two way interface of project plan data that is created or edited offline and subsequently uploaded to CA PPM SaaS.
Direct access to CA SaaS environment servers using a VPN, remote desktop, or any other connection method is not permitted.
Integration
The CA Technologies approach to integration is through the supply of an integration toolkit that enables field integrations to be performed easily. This toolkit consists of the XOG XML Web Services interface and GEL Scripting capabilities of the process management functionality. Clients may build integrations themselves, engage CA Services to build integrations for them, or deploy any of the standard integrations described in the user guides; the work to build, deploy, or configure integrations is not part of the CA PPM SaaS subscription. The following are the different integration methodologies provided:
  • Simple Object Access Protocol (SOAP)
  • XML Open Gateway (XOG) client
  • REST APIs (limited to authorized engineers)
  • SFTP Drop-off combined with GEL (Generic Execution Language) enabled processes
  • Federated single sign-on
WSDL via SOAP
Custom SOAP integrations can be set up between CA PPM SaaS and a customer's third-party solutions. Third-party SOAP integration toolkits include Apache AXIS and Microsoft Visual Studio (.NET Framework) for Windows. Direct SOAP integration is performed over standard HTTPS port using the CA PPM SaaS Web Service Description Language (WSDL.)
XML Open Gateway (XOG)
XOG is the CA PPM application web service client interface, available on the same HTTPS port as the CA PPM service HTML Web browser interface. XOG uses SOAP, an open-standard, human-readable, XML-based protocol for communication. Using XOG, it is possible to read and write data objects from the application, execute queries, and execute other server-side actions. XOG includes a full Web Service Description Language (WSDL) file that is downloadable from the CA PPM application. The WSDL describes where and how to invoke it, the URL to use, and available messages (complete with full XML schema).
CA Technologies recommends customers use the import/export functionality in XOG for promoting changes between Development, Test, and Production environments. Customers are responsible for promoting the changes themselves.
XOG is secure in the CA PPM service environment for the following reasons:
  •  
    Web service
    : Because the XOG client communicates over HTTPS using a web service, there are no extra ports or sockets to secure.
  •  
    Authentication
    : XOG must use an authenticated CA PPM application user to access the application. XOG is not SSO aware and, therefore, always requires a user name and password to authenticate.
  •  
    Access rights
    : The CA PPM application user must have access to the data in the CA PPM service exactly like the user would have inside of the CA PPM application.
REST APIs
CA PPM REST APIs allow authorized engineers to build more flexible integrations that should be compatible with future product releases. The REST API feature includes:
  • REST APIs for project and task objects including a core set of project and task attributes.
  • Web-based and interactive API documentation where authorized engineers can execute API commands against a CA PPM instance.
  • Integration Studio object that provides an area where authorized engineers can configure and track any integration with CA PPM. The CA Agile Central (Rally) integration utilizes the Integration object and provides an example on how to configure an integration using this new object.
SFTP Access
SFTP access provides customers an asynchronous and scheduled way to integrate with their applications using flat files via a secure drop-off/pickup location. Each instance of CA PPM SaaS has a dedicated folder that is accessible via directly the PPM SaaS application layer and via SFTP. The folders are used and supported to temporally store XML files or other flat text file formats when exchanging data into and out of the service. Clients are responsible for archiving files once they have been processed.
A single account is provided to utilize this service. Upon a ticketed request, clients with the capability to utilize SSH keys can setup password-less SFTP.
The option to utilize the SFTP service is intended to support legacy integrations where the use of a direct integration method such as WSDL via HTTPS is not possible. Where possible, a direct integration is the preferred method.
PPM SaaS supports the following cypher protocols when using SFTP:
  • aes128-ctr
  • aes192-ctr
  • aes256-ctr
  • arcfour256
  • arcfour128
  • hmac-sha1
  • hmac-ripemd160
Federated Single Sign-On
The federated single sign-on (SSO) integration allows customers to create a trusted relationship with CA PPM SaaS. This relationship has the following benefits:
  •  
    Seamless integration between networks and environments
    : Users can move between their intranet and the various production, development, and test CA PPM SaaS environments with a single click.
  •  
    Uniform user authentication
    : Password management is centralized within the current client network. All password construction, change intervals, multi factor authentication and so on, is controlled by the existing client network.
  •  
    Access restricted to client network
    : By selecting an optional setting to force all users to authenticate via federated SSO, it is possible to restrict access to the CA PPM SaaS service to only traffic originating from the client network.
Federated SSO is feasible only if a user authentication solution is currently deployed that supports the generation of a SAML 2.0 assertion.
Federated SSO is safe in the CA PPM SaaS environment for the following reasons:
  •  
    SAML
    : Security Assertion Markup Language (SAML) is a proven secure protocol for handling SSO.
  •  
    Password Management
    : Passwords do not need to be managed in the CA PPM service and this means fewer places for security breaches.
Advanced Reporting
In addition to real-time reporting using the CA PPM Studio, CA Technologies also provides Advanced Reporting. Advanced Reporting allows you to create an ad hoc view of CA PPM SaaS data that you can save as a report and share using different formats. You configure each ad hoc view and its corresponding report by selecting the data that you want to include. You can run a report immediately or you can set up a schedule. In either case, you control the output method and format.
The CA PPM SaaS Data Warehouse is the main data source for Advanced Reporting. The Data Warehouse schema is optimized specifically for reporting. The schema includes the Investment, Resource, Portfolio, Timesheet, and Project data. The Data Warehouse is populated at scheduled intervals by jobs that load the relevant data from the CA PPM SaaS database to the Data Warehouse. The Data Warehouse can be extended to include custom objects and attributes.
For more information about how the Advanced Reporting components are configured to work with CA PPM SaaS environments, see the CA PPM Jaspersoft Report Development Guide for SaaS available on the support.ca.com site.
The CA PPM application comes with standard reporting features as follows:
  • Ad hoc Views (create ad hoc reports)
  • Domain Access (edit and create Domains)
  • Advanced Reporting Studio Access (create reports to deploy in CA PPM SaaS)
The Advanced Reporting feature lets you build views and reports against project and other investment data to drive organizational intelligence. Advance Reporting has the following benefits for your users:
  • Easy to use, interactive reports that run within CA PPM SaaS are available.
  • Filter options and report results appear in the same window, with support for cascading filters.
  • More scheduling options are available.
  • You can email reports, export reports, and save the report in the Advanced Reporting repository.
    • Specify email addresses, using up to a maximum of 200 characters. Separate email addresses with commas. You can also enter email aliases, which we recommend if you are sending the report to a large number of users.
    • Export reports to a maximum of two formats (for example, PowerPoint and Word or PDF and Excel).
  • You can create report and style templates.
  • You can develop reports in CA PPM SaaS against the Data Warehouse or the CA PPM SaaS transactional database.
Data Warehouse
The Data Warehouse provides a schema that is optimized specifically for analytics. A set of CA PPM SaaS jobs extract, transform, and load the data from CA PPM SaaS to the Data Warehouse. The advantages of the Data Warehouse include:
  • Simplification of the data model that makes end user reporting easier. This feature reduces the demand for custom report development.
  • Reducing the stress and traffic on the CA PPM SaaS transactional database. This reduction is possible because the Data Warehouse resides on a separate database server.
The Data Warehouse addresses several data and reporting challenges that users experienced when working directly with the CA PPM SaaS transactional database.
  •  
    Reports run against transactional data
    : The Data Warehouse has its own database which takes stress off the transactional CA PPM SaaS database
  •  
    Complex relational database queries
    : The data warehouse carries keys and descriptive values in the dimension tables so that fewer joins are required. Facts are combined into summary and period tables.
  •  
    Finding data with 1000+ tables
    : Data Warehouse tables are user friendly for reporting (with the exception of configuration and meta tables).
  •  
    Table name inconsistencies
    : Similar tables are grouped together by the table prefix, and the names are descriptive.
  •  
    Difficult time slice setup
    : Specific time slices are set up to populate the data warehouse. Defaults are set but can be adjusted.
  •  
    Inconsistent column naming
    : Columns are named consistently across tables.
  •  
    Resource ID versus User ID confusion
    : Resource columns (manager_key, resource_key, and so on) are always the resource_key. In CA PPM SaaS, manager points to the user ID and the resource points to the resource ID or code, this is inconsistent.
  •  
    Date and time storage correctness
    : The finish/end dates seen in the product are dates in the data warehouse database. In CA PPM SaaS, a user must use a function to determine the date. For example: 12/31/2012 on the page could be stored as 1/1/2013 00:00:00 in the CA PPM SaaS table.
  •  
    Use of Code versus ID
    : The CA PPM SaaS financial tables use codes instead of IDs. The Data Warehouse always uses the numeric key of the dynamic lookups.
  •  
    Studio attributes not available in a Universe without customization
    : The data warehouse is extendable without customization. A flag was added to Studio objects and attributes that tells the load job to add new objects and attributes automatically.
Customizations
CA SaaS solutions are delivered as a standardized service. This standardization allows CA Technologies to deliver high-quality services in a repeatable and cost-effective manner. To achieve this standardization, certain design principles are enforced to limit customization that may cause instabilities in the delivery of the service. Allowing only supported configurations ensures the security, stability, and maintainability of the service for all clients.
Application Customizations
Customization of the CA PPM application layer or alterations/insertions of any files on the application servers is not compatible with CA PPM. CA PPM leverages a uniform code base and, therefore, cannot support application customization. Customization under this policy includes, but is not limited to, the following:
  • Custom Java code
  • Alterations to the base CA PPM code set including XSL and JAVA files
  • Placement of a parameter or any other file into the directory structure of a server. 
An SFTP directory is available as a mounted volume at the application level for file uploads. This directory is available to process-based scripts.
Database Customizations
Customization of the CA PPM database schema is not permitted. However, CA PPM SaaS solution allows and supports all configurations done through CA PPM Studio. Customizations under this policy include, but are not limited to, the following:
  • Triggers
  • Stored procedures
  • Custom tables or schemas
  • Functions
Supportability and upgradeability are the primary concerns that govern CA PPM SaaS customization policies. The CA Technologies Global Delivery team (GD) can be engaged to design, build, and support custom components to conform to CA SaaS support policies. GD reviews requirements and works directly with CA Services and the CA SaaS team to design supportable components that can be deployed to CA SaaS environments.