TSG has successfully implemented multiple solutions for third party/remote approval for different Documentum customers. In each case, the solution focused on bringing outside approvers into the client’s Documentum environment. Based on discussions with several customers, TSG is beginning to develop a new solution to address several different business issues and take advantage of additional technical options. This post will discuss our initial approach to solicit feedback on the proposed solution.
Third Party Approval – Business Justification
With a focus on being “lean and mean”, most of our clients are building working relationships with outside third parties for assistance with approval activities. TSG has built solutions where third parties can initiate a review or approval process as well as participate in the approval process. Issues with a typical approach of letting third parties within Documentum include:
- Security – VPN access for a third party can be a security and maintenance nightmare. Someone has to grant and maintain the appropriate access for the network and Documentum over time.
- Timing – relationships can be built very quickly and can also end quickly. Getting access to the system and being removed from the system on a timely basis can be difficult given the different security and infrastructure components that might be affected.
- Cost – Granting new access can involve additional Documentum licenses even if the approver is only granted access for a short time. Sometimes VPN requirements might require a dedicated PC from the client for the vendor.
To address the above issues, the solution has to contain three basic components:
- Minimal Network Involvement – a solution that does not involve VPN access would be better than a solution that relies on the cost, timing and maintenance of a security group.
- Minimal Cost – the solution should try to avoid additional license charges and focus more on a transactional cost model.
- Documentum infrastructure – clients want to leverage their existing infrastructure within the firewall. While it might be on the horizon, the idea of placing Documentum in the cloud outside the firewall is something that most clients are not considering.
Remote and Mobile Approval – Business Opportunity
As clients have looked at third parties’ ability to approve documents, the logical step of asking “Can my internal people approve from outside the firewall as well?” In most cases, clients may have VPN access already installed on their laptops for home access. We increasingly see clients that want the ability to approve items from devices that are not equipped for VPN access, such as other PC’s or mobile devices (tablets and phones).
Business Approach – An Approval “Hyper-Cloud”
The solution we are developing focuses on using our existing customer deployed solutions in a unique configuration. The solution leverages traditional Documentum “behind the firewall” but adds an Alfresco repository outside the firewall in the cloud.
- Active Wizard – Our dynamic form and workflow infrastructure will run inside the firewall as it does currently with access to Documentum to identify documents that need workflow approval as well as supporting documents. A Documentum user will specifying email addresses in the form for third parties or remote approvers rather than Documentum user-id’s. Active Wizard will build the approval packet (workflow form as well as workflow documents and supporting documents). Active Wizard may kick off a small workflow in Documentum to do typical pre and post processing (lifecycle, security) so that Documentum users will see that documents are attached to workflow approval processes. We have also discussed a mixed approach where we may be able to leverage some internal Documentum workflow as well as external workflow in the cloud.
- OpenMigrate – Our migration framework will push the approval packet out to the cloud for the approval process when required. We are proposing using Alfresco to route and approve the approval packet based on previous success with Activiti and Alfresco.
- Email will play a huge part in this solution. Third parties and remote approvers will receive email alerts that they have a packet to approve. Upon clicking on the included link, the users will be prompted for passwords or brought through a new user set-up if this is their first access to the system.
- High Performance Interface (HPI) – Users will be able to leverage our HPI product for approval from either a Mobile or PC device without VPN access to Documentum.
- OpenMigrate – Once the workflow is complete (either approved or rejected), OpenMigrate, which is monitoring the Alfresco instance from behind the firewall, will pull the updated workflow package back into Documentum and complete the workflow activities. A signature document will be related to the signed document similar to current client efforts. We are currently evaluating how to store this signature document (Encrypted Adobe PDF?).
- Admin – We are working with clients to identify how much of the workflow package remains in the cloud and for what duration. We are also working on how users will see where a workflow package is in the approval process.
One component we discussed early on was whether to use OpenMigrate to push/pull the solution over the firewall or just integrate our ActiveWizard to be able to post the package directly to the cloud. We ended up deciding on OpenMigrate based on the benefits of having more of a push/pull infrastructure component to provide some of the benefits of business continuity. In this manner, if connectivity between the two systems is interrupted, the solution can “catch-up” when connectivity is restored. We have found this approach very successful with our search and retrieval cache approach and wanted to leverage the same approach here.
Summary – Give us your thoughts
Overall, we think the approach is fairly elegant in that it allows instant and cost-effective third party approval based on proven components without the pitfalls of the typical behind the firewall approach. We think it gives clients a little taste of the cloud and mobile access without the cost, risk and concern of having the complete Documentum infrastructure in the cloud. It allows mobile access for approvers without having to worry about VPN connectivity from a variety of consumer devices.
One question for readers: should we consider our Alfresco instance as a multi-tenancy offering or should we allow it as a type of “private cloud” where the client would own the infrastructure in the cloud? As this is the initial stages of our design efforts, please add your thoughts below.