Technology Guide: Software

Related Topics

Improving Server Performance

System Selection

7 Levels of Application Integration

All About Storage

Links

whatis.com

Contents

Enterprise Portals

Databases

Application Servers

Application Programming Interfaces (API)

Programming languages (for Web Servers)

Enterprise Application Integration (EAI) Middleware

XML Middleware

Storage Management Solution

Messaging and Collaboration

Firewalls and VPN

Intrusion Detection Systems (IDS)

Glossary

Middleware

Extensible Markup Language (XML)

Extensible HTML (XHTML)

WML/HDML

SGML

SOAP

Component

Component Models

Distributed Component Architectures

CORBA

OLE

Java Virtual Machine (JVM)

Java Runtime Environment

SAML

Enterprise Portals

Also called enterprise knowledge portals, corporate portals or collaborative portals, they give users one-point access to knowledge and application resources through the familiar Web browser interface.  Enterprise portals promise to bring a degree of order to the chaotic jumble of Internet information and online services. Building on the ideas developed in public portals such as America Online, Netscape Netcenter, and Yahoo, organisations are increasingly creating enterprise portals to streamline the presentation and delivery of online resources to employees, suppliers, and customers. 

Many packed knowledge management applications can serve enterprise portals. Like the companies that produce them, products have different features and areas of strength.  Some, concentrating on the vendor’s expertise, provide point solutions rather than complete portals. Other vendors offer suites of tools from which companies create custom portals.

Leading Software Providers

• IBM WebSphere Portal Server
• iPlanet Portal Server
• Oracle 9iAS Portal
• SAP mySAP Enterprise Portals
• BEA WebLogic Portal
• Microsoft SharePoint Portal Server
• Plumtree Corporate Portal Server
• Epicentric Portal Server
• SilverStream ePortal
• CoVia InfoPortal
• OpenText LiveLink
• Hummingbird
• Verity Portal One
• Broadvision InfoExchange Portal
• Sequoia Software XPS
• InfoImage Freedom
• KnowledgeTrack KnowledgeCenter
• Viador E-Portal Suite

Databases

A database can be defined as a collection of information organised in such a way that it can be retrieved and used. A database management system (DBMS) can further be defined as the tool that enables us to manage and interact with the database.

Most DBMSs perform the following functions:

·         Store data

·         Create and maintain data structures

·         Allow concurrent access to many users

·         Enforce security and privacy

·         Allow extraction and manipulation of stored data

·         Enable data entry and data loading

·         Provide an efficient indexing mechanism for fast extraction of selected data

·         Provide consistency among different records

·         Protect stored data from loss by backup and recovery process

Several different types of DBMSs have been developed to support these requirements. These systems can broadly be classified in the following classes:

• A hierarchical DBMS stores data in a tree-like structure. It assumes a parent-child relationship between the data. The top of the tree, known as the root, can have any number of dependents. Dependents, in turn, can have any number of subdependents, and so on. Hierarchical database systems are now obsolete.
• A network DBMS stores data in the form of records and links. This system allows more flexible many-to-many relationship than do hierarchical DBMSs. Network DBMSs are very fast and storage-efficient. Network database management systems allowed complex data structures but were very inflexible and required tedious design. An airline reservation system is one example of this type of DBMS system.
• Relational DBMSs (RDBMSs) probably have the simplest structure a database can have. In an RDBMS, data is organized in tables. Tables, in turn, consist of records, and records of fields. Each field corresponds to one data item. Two or more tables can be linked (joined) if they have one or more fields in common. RDBMSs are easy to use and have flourished in the last decade. They're commonly used on low-end computer systems. In the last few years, however, their use has expanded to more powerful computer systems. Oracle, IBM, and Sybase are some popular RDBMSs available in the market.
• Object-oriented DBMSs were designed to handle data such as numbers and words. During recent years, however, object-oriented DBMSs are emerging. These systems can handle objects such as videos, images, pictures, and so on.

Leading Software Providers

• Oracle 9i
• IBM DB2
• Microsoft SQL 2000 Server
• Sybase iAnywhere SQL
• Software AG Adabas

Application Servers

An application server is a set of programs, services and tools that provide a standard environment programmers use to develop and deploy business applications on the internet/intranet. Web application servers provide the infrastructure required for application developers to build server-side Java components such as servlets, Java Server Pages and Enterprise Java Beans. By using a web application server, programmers focus on developing business logic while the web application server takes care of the technical infrastructure requirements.

Leading Software Providers

• IBM WebSphere Application Server
• Oracle 9i Application Server
• Microsoft Windows 2000 Server
• iPlanet Application Server
• BEA WebLogic Server
• Apache Web Server

Application Programming Interfaces (API)

An API is an interface between an operating system and its application programs; it governs both the methods by which the application programs communicate with the operating system and the services the operating system makes available to the application programs.   An API includes an abstraction layer that hides the complexity of the underlying routines.  Reusable routines save programmers time and ensure that their applications are consistent in appearance and operation.

Providing interative access to static documents is the most basic function of a Web server.  Web servers can provide additional functionality by invoking other applications and returning the results to the user in the form of an HTML page.  These server-side applications can be simple scripts or complex programs and can perform functions that manipulate data or access information from external sources (e.g. by querying databases or requesting stock-ticker data from other Web servers).

Leading Software Providers

• Apache Mod_Perl
• Common Gateway Interface (CGI)
• Microsoft Internet Server API
• Netscape Server Application Programming Interface
• Oracle Web Request Broker

Programming languages (for Web Servers)

Web programming languages are the necessary source code to deliver Web pages to the user. It includes writing a variety of programming languages such as C, C++, Visual Basic, JavaScript, Java and Perl used to automate Web pages as well as link them to other applications running in servers.

Leading Software Providers

• Java
• Active Server Pages (ASP)
• Allaire ColdFusion
• Microsoft Visual Basic (Scripting Edition)
• Pearl
• Td/Tk
• Python

Enterprise Application Integration (EAI) Middleware

EAI packaged middleware is designed to allow developers to choose different levels of integration (e.g. data level, application interface-level, or business process-level) between existing and new systems. As a result, many older systems that still perform valuable tasks are able to continue.  Often the return on an EAI investment is measured by how little or the installed base needs to be changed to leverage a new system.

Another driver behind EAI deployment involves sharing information between disparate applications that were never designed to work together. Business process automation is the automation of tasks that an organisation already might be doing manually by integrating two or more applications.  E.g. a business can print a sales report from an EPR system to cross-reference customer information for credit checks in another system.  EAI would transform this task from a manual process to an automated one.

Click here for details of the 7 levels of Application Integration.

Connectors (also known as adapters) are the interfaces to the application packages supplied by the EAI vendor.  Each application needs a connector, and all connectors must be upgraded when the set of requests that can be handled changes.  EAI vendors supply two basic types of connectors: those that interface with commercial applications, such as SAP R/3, and those that interface with commercial systems software, such as the Oracle Database Management System (DBMS).  Vendors usually supply an SDK so that users can build connectors to systems that are not supported by the vendor directly, e.g., a mainframe Cobol application that was developed in-house.

Several advanced EAI products employ an event-driven publish-and-subscribe model for communicating information.  Publish-and-subscribe is a method of communication between applications by which one application subscribes to information that is published by another application.

Over the past few years, EAI middleware has been considered synonymous with event-driven, peer-to-peer application architectures.  Momentum has changed to the composite application approach, because business-to-business cost reduction has become paramount.  EAI, as an industry, has transformed itself into e-business, applying message-based integration techniques across organisational boundaries and turning attention to the development of new business logic for processes that trading partners often share.

Leading Software Providers

• WebMethods
• BEA Systems
• IBM MQ Series
• Mercator
• NEON
• Software Technologies
• TIBCO
• Vitria Technology

XML Middleware

The value of using XML as a middleware is that XML parsers can be written in any language and the data XML comprises is all ASCII (American Standard Code for Information Interchange), so it is supported by any platform, easily transmitted through firewalls, and hierarchical.  In a sense, an XML document is like an object, in that XML parsers and schemas define tags that may contain some object data.  Unlike the three major component models, XML does not provide the complete set of characteristics that are typically associated with object-oriented languages, but its underlying technology is based on concepts that are analogous to object-oriented concepts.

The XML specification, by itself, does not provide all the middleware elements needed by users.  At the moment there are several efforts under way to establish XML-related middleware elements.  The key elements are a mechanism for routing XML documents between users and a repository or registry to keep track of the locations of users.  In addition, a variety of services that support things like transaction processing and security will be needed.  SOAP is an XML schema that defines certain tags that create an envelope around other XML data.  This envelope, along with the appropriate XML parsers and programs, can facilitate a transport protocol, allowing two systems to communicate without having to know much about each other.

Leading Software Providers

• Baan’s iBaan
• IBM’s DB2 Universal Database
• Oracle’s Oracle9i & interMedia
• Software AG’s Tamino

Storage Management Solution

The volume of data that needs to be stored is doubling almost every year. Industry analysts estimate the total cost of storage ownership to be three to seven times the cost of disk space, which represents more than 50 percent of all IT budgets today.

Organisations’ ability to compete and succeed relies on data-fed, data-driven and data-intensive applications. To assure that these business-critical applications are continuously available and performing, organisations need a simple, cost-effective storage management solution.

Vendors typically offer centralised storage management solutions, leveraging on partnerships with other industry leaders in the ACSM Consortium, that can help to:

Simplify storage management

·        Centralise management

·         Manage enterprise storage diversity

·         Identify and resolve resource conflicts

Reduce the cost of ownership

·        Identify and eliminate wasted disk space

·        Increase productivity

·        Avoid system downtime

Assure storage device and application performance

·        Develop an application-centric view

·        Shorten problem resolution time

·        Improve present and future performance

Click here for more on storage.

Leading Software Providers

• Computer Associates BrightStor
• BMC Patrol
• EMC AutoIS
• Compuware Software
• Sun HighGround
• Veritas NetBackup
• HP OpenView Storage Area Manager
• IBM Tivoli Storage Manager
• Legato Networker

Messaging and Collaboration

Messaging & Collaboration involve applications that enable groups of users to work together by sharing information and processes--including email, group calendaring and scheduling, shared folders/databases, threaded discussions, and custom application development. Some of the most exciting recent developments in these technologies are instant and unified messaging, Web-based tools for team collaboration, and real-time data conferencing.

Applications for Messaging & Collaboration focus on these areas:

Email/Calendaring & scheduling consolidates email, calendar functions, address book, and team scheduling in one consistent application, avoiding the need for separate application functions. Particularly useful with the proliferation of Personal Digital Assistants (PDAs) and wireless communications.

Collaborative applications track information (ISO9000 projects, legal cases, FDA approval processes, etc.), disseminate information (corporate policy documents, HR procedures, tips and techniques, etc.), and share ideas (discussion forums, etc.).

Collaborative commerce includes people in the process workflow, supporting the unstructured and human element of the business transaction.

Knowledge management, the next wave of applications to manage and leverage intellectual capital--the new currency of business. Involves creating, storing and collaboratively sharing employee information.

Realtime collaboration provides users with instant messaging, online meetings, and application sharing.

Unified communications (mobile & wireless) can help users stay in touch anytime, anywhere, by extending collaborative capabilities to small Web-enabled devices, including cell phones, pagers and PDAs.

Distance Learning helps organisations give their employees access to training at flexible times, across time zones and geographic borders, extending organizational effectiveness.

While the Internet wired the world, companies were wired piece by piece. Different vendors, different e-mail systems, different platforms and different protocols: the legacy of this piecemeal approach? Islands of knowledge and information that now hamper many companies' competitiveness.

But the need to communicate across technical boundaries has created a new generation of messaging infrastructures. Robust and intelligent, these systems not only connect disparate email and messaging systems, they redefine traditional business communities.

With messaging technologies, organisations are creating new types of internal teams, and forging supply chains and value chains that span multiple organisations.

Leading Software Providers

• Lotus Notes and Domino
• Microsoft Exchange 2000 Server
• iPlanet Portal Server
• Novell Groupwise

Firewalls and VPN

All firewalls act as a perimeter access-control device. They let some people into a network of computer systems, and they keep some people out. Firewalls enforce a set of rules that determine which information is allowed to pass.

There are two basic types of firewalls: packet-filters and proxy servers. Some other sources define more categories, but these are the basic two. Many commercial firewall products are hybrids of these two types.

A packet-filter firewall does just what the name implies. It blocks access through the firewall to any packets, which try to access ports which have been declared "off-limits." Some versions allow you to specify that only packets from specific IP address can pass particular ports. Others allow for all except specific IP addresses. But regardless of the method, they all are trying to block access based on some set of rules.

The proxy server (also known as "application gateway") type of firewall attempts to hide the configuration of the network behind the firewall by acting on behalf of that network, or as a "proxy." All requests for access are translated at the firewall so that all packets are sent to and from the firewall, rather than from the hosts behind the firewall. These firewalls also allow for various access control rules to be enforced. The major difference between these and packet filters, is that packet filters operate on individual packets, whereas the proxy servers must be aware of the entire session.

You will also hear the term "stateful inspection" with regard to firewalls. What this feature does is have the firewall remember what outgoing requests have been sent and only allow responses to those requests back through the firewall. This way, attempts to access the internal network that have not been requested by the internal network will be denied. Either type of firewall can use stateful inspection.

There are highly flexible and configurable firewalls (like those from Check Point Software) that operate on dedicated computer systems. These are generally used by organizations with the need to specifically configure the firewalls for their own purposes -- and the resources to do so. At the other end of the spectrum are firewalls that come as part of an appliance or some other system, like those from Sonicwall Inc. or Linksys Group Inc., and that have limited configurability. These are generally made to drop into the home and SOHO environments. Then you have everything in between, depending on what is needed. Cisco, for instance, builds its firewall into routers and VPNs.

A virtual private network (VPN) is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. A virtual private network can be contrasted with a system of owned or leased lines that can only be used by one company. The idea of the VPN is to give the company the same capabilities at much lower cost by using the shared public infrastructure rather than a private one. Phone companies have provided secure shared resources for voice messages. A virtual private network makes it possible to have the same secure sharing of public resources for data. Companies today are looking at using a private virtual network for both extranets and wide-area intranets.

Using a virtual private network involves encrypting data before sending it through the public network and decrypting it at the receiving end. An additional level of security involves encrypting not only the data but also the originating and receiving network addresses. Microsoft, 3Com, and several other companies have developed the Point-to-Point Tunneling Protocol (PPTP) and Microsoft has extended Windows NT to support it. VPN software is typically installed as part of a company's firewall server.

Leading Software Providers

• Check Point VPN-1 SecureServer
• Cisco Secure PIX Firewall
• Computer Associates eTrust VPN
• CyberGuard VPN
• Symantec Enterprise Firewall

Intrusion Detection Systems (IDS)

Intrusion detection quickly alerts network managers to intrusion-detection problems so that the network managers can invoke planned responses. Intrusion detection helps a network manager determine whether an unusual traffic pattern is actually an attack or simply a random event that is occurring for non-malicious reasons. Intrusion detection can be useful in detecting such security policy violations (intentional or unintentional) as simple password violations or inappropriate services. Network managers use intrusion detection systems (IDS) to detect when malicious users are using the company's site to launch attacks against other sites.

Intrusion detection systems (IDS) focus on:

• Security tools that help administrators prevent damage in the network when the other protections, such as access control or firewalls, fail to keep intruders out.
• Detects attempts or successful attacks on the resources they monitor. The resources monitored can be part of a network or a host system

Leading Software Providers

• Computer Associates eTrust Intrusion Detection
• NFR Network Intrusion Detection
• Symantec Intruder Alert
• Top Layer IDS Balancer

Glossary

Middleware

Middleware comprises 2 general subsets: the application server or component environment, and messaging.  Middleware is any system or collection of utilities that links different elements together, whether on a single machine or over a network.

In the world of networked computing, middleware must link a variety of platforms from an unknown number of locations.   The middleware that keeps track of the locations of the software modules that need to link to each other and that manages the actual exchange of information is rapidly increasing in sophistication.  In short, middleware is being used to solve the two distinct problems of heterogeneity and resource discovery.

Types of middleware include:

·        Remote Procedure Call Middleware

·        Message-Oriented Middleware

·        Transaction Processing Middleware

·        Object and Component Middleware

·        Enterprise Application Integration Middleware

·        Distributed Component Middleware

·        XML Middleware

Extensible Markup Language (XML)

Extensible Markup Language enables the use of richly structure documents on the Web.  It was created, in part, to overcome the limitations of HTML’s restricted tag set and semantics and the pre-Web SGML, which was intended for large, sophisticated document management systems and therefore impractical for most Web use.  Because XML is an application (a subset, or restricted form) of SGML, SGML systems can read XML documents.  SGML handles certain applications, such as the tagging and archiving of sophisticated documents, better than XML. 

XML is not a single, predefined , or fixed, markup language; it enables developers to define customised markup languages for describing information in a variety of document types, including the Web.  In XML, customised tags (corresponding to particular DTDs) can be created for the definition, transmission, validation, and interpretation of data between applications and organisations.  The meaning of the tags must be agreed upon by the parties exchanging data.

Extensible HTML (XHTML)

ost. Pg 650

WML/HDML

ost. Pg 648

SGML

ost. Pg 649

SOAP

The Single Object Application Protocol (SOAP) is a lightweight, XML-based protocol for information exchange in a decentralised, distributed environment.  It consists of 3 segments:

·        an envelope defining a framework for describing a message’s content and how to process it;

·        a set of encoding rules for expressing instances of application-defined data types; and

·        a convention for representing responses and remote procedure calls.

The original SOAP specification was drafted in May 1998 by Dave Winer of UserLand Software.  In August 2000, IBM joined Micorsoft, DevelopMentor, UserLand, and a number fo additional partners, including Ariba, Commerce One, Compaq, Iona, Intel, Lotus, ObjectSpace, and Rogue Wave, in proposing SOAP to the World Wide Web consortium as a candidate XML middleware transport standard.  Microsoft has used SOAP in its new BizTalk framework, and IBM, Microsoft, Oracle and Sun have incorporated SOAP into their Universal Description, Discovery, and Integration registry standard.

Component

A component is a group of related functions encapsulated with data into an object that can be called by a running program to perform a specific task.  The calling program can be on the same machine, on a different machine within the enterprise, or at a completely different site connected to the calling program across the internet.  Components found across the enterprise can be CORBA components, Java-Beans, or ActiveX components.

The four most common reasons for using software components and distributed objects are code reuse, assembly of new business applications, support for heterogeneous computing infrastructures, and ability of an application to scale.

Types of components:

·        Graphical User Interface Components

·        Utility Components

·        Business Components

Component Models

Component models define a specific type of component and the environment in which it must execute.  All actual components are instances of one of the specific component models.

Throughout the late 1990’s, there were three popular commercial component models; Microsoft’s COM, CORBA, and JavaBeans.  Initially, COM and JavaBeans were primarily designed to handle GUI development for client applications, and the OMG’s CORBA was designed to perform utility function (allowing objects on different platforms to communicate).

In the late 1990’s, as companies embraced the Internet and multi-tiered architectures, developers found that it took a lot of work to extend a basic component model like COM or JavaBeans (both designed to handle simple client applications) to handle the more complex problems associated with server-based applications.  Server components, e.g. were often called to function within transaction processing systems, or to support load balancing that required multiple instances of the same component to run on different servers simultaneously.  To make server-side development easier, the supporters of each of the major basic component models extended their models to create advanced of server-side component models.   Microsoft’s COM was extended with MTS, then COM+;   JavaBeans was extended to EJB (Enterprise JavaBeans); and CORBA created the CCM.  Microsoft has announced that its new .NET environment will gradually replace it COM component model and its DNA environment.

Distributed Component Architectures

Software architectures describe the basic elements and relationships used in software development.  Companies that embrace distributed component middleware are adopting a component architecture.  In such a case, the key elements in the business environment are described in terms of components, and a middleware infrastructure is included to facilitate communication between the components.

The following are the 3 popular component architectures:

·        OMG’s (Object Management Group) CORBA architecture – provides middleware infrastructure and component models, extensive suite of services and utilities and collection of domain component framework specifications.

·        Microsoft’s Distributed Internet Architecture (DNA) – the COM component model, coupled with the services, utilities, and middleware infrastructure needed to support its use.

·        Sun’s J2EE architecture – comprises the Java Virtual Machine (JVM), a large collection of Java language and component frameworks, and several utilities.

The less widely used component models or architectures include Computer Associates’ Unified Component Model (UCM) and Oracle’s Network Computing Architecture (NCA).

CORBA

Common Object Request Broker Architecture represents the most ambitious middleware standardisation project undertaken by the computer industry so far.  The OMG develops the Object Management Architecture (OMA) that provides CORBAservices, CORBAfacilities, and CORBAdomains.  The CORBA core includes standardised network communication protocols, interface mappings for various languages, interoperability, interface and implementation repositories, and calling conventions implemented by a CORBA ORB.  CORBA 3.0, which includes the CCM specification, was released in early 2000.  CORBAcomponents aims to generalise the EJB model and ensure EJB capability.

Using the standard protocol IIOP, a CORBA-based program from any vendor, on almost any computer, operating system, programming language, and network, can interoperate with a CORBA-based program from the same of another vendor, on almost any other computer, operating system, programming language, and network.

CORBA can be integrated ranging from mainframes through minis and desktops to handhelds and embedded systems.  It is useful in servers that must handle large number of clients, at high hit rates, with high reliability.

OLE

OLE is a compound document standard developed by Microsoft.  With OLE, a developer can create objects with one application, then link or embed them in a second application; the embedded objects retain their original format as well as their links to the application that create them.

Java Virtual Machine (JVM)

The software that supplies the system-independent interfaces for Java software (including the Java Runtime Environment). Use this term to refer to the actual Java Virtual Machine and not the Java Runtime Environment.

Java Runtime Environment

Supplies the runtime environment for Java software. Runs on top of a Java Virtual Machine (JVM). Unless otherwise specified, this term applies to a generic Java execution environment provided by a browser, Web server, or other context--not the specific JRE product from Sun.

SAML

The Security Assertions Markup Language (SAML) is an XML-based framework for web services that enables the exchange of authentication and authorisation information among business partners.

SAML scenarios include Single Sign-on (users logged into one content provider’s website are able to access content at other “federated” websites by relaying security assertions), Distributed transactions (a corporate buyer can buy from a supplier’s e-commerce site once he relays authorisation and spending limit assertions from a trusted authority), Authorisation service (the buyer may access the supplier site, which directly requests security assertions from the authority before completing the transaction).