WO2001033339A1 - Cadre pour l'integration d'applications et de systemes nouveaux et existants des technologies de l'information - Google Patents

Cadre pour l'integration d'applications et de systemes nouveaux et existants des technologies de l'information Download PDF

Info

Publication number
WO2001033339A1
WO2001033339A1 PCT/US2000/030492 US0030492W WO0133339A1 WO 2001033339 A1 WO2001033339 A1 WO 2001033339A1 US 0030492 W US0030492 W US 0030492W WO 0133339 A1 WO0133339 A1 WO 0133339A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
integration
network
content
services
Prior art date
Application number
PCT/US2000/030492
Other languages
English (en)
Inventor
Dirk M. Klemm
Richard A. Chang
Original Assignee
Accenture Llp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Accenture Llp filed Critical Accenture Llp
Priority to AU25740/01A priority Critical patent/AU2574001A/en
Priority to CA2389369A priority patent/CA2389369C/fr
Publication of WO2001033339A1 publication Critical patent/WO2001033339A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/20Software design
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/465Distributed object oriented systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/546Message passing systems or structures, e.g. queues
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/547Remote procedure calls [RPC]; Web services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/40Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass for recovering from a failure of a protocol instance or entity, e.g. service redundancy protocols, protocol state redundancy or protocol service redirection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]

Definitions

  • IT information technology
  • the Integration Architecture Framework provides the architect a guide for integrating applications of the computer network and for determining how to integrate specific applications.
  • the integration architecture framework allows the architect to identify the different types of integration options available that may help solve a specific business integration problem.
  • the integration architecture framework aids the architect in determining what components are required to deliver the selected integration style.
  • Fig. 1 is a block diagram illustrating an exemplary client/server network.
  • Fig.2 is a block diagram illustrating an integration architecture framework.
  • Fig. 3 is a block diagram illustrating components included in the application integration layer of the integration architecture framework of Fig. 2.
  • Fig. 4 is a logical block diagram representing components of an application system targeting different end user access devices.
  • Fig. 5 is a logical representation of different components that may be shared between application systems.
  • Fig. 6 is a block diagram illustrating components included in the content integration layer of the integration architecture framework in Fig. 2.
  • Fig. 7 is a logical block diagram of application systems delivering different types of content to different end-user devices.
  • Fig. 8 is a block diagram illustrating components included in the environment integration layer of the integration architecture framework in Fig. 2.
  • Fig. 9 is a block diagram illustrating components included in the network integration layer of the integration architecture framework in Fig. 2.
  • Fig. 10 is a block diagram illustrating components included in the presentation integration layer of the integration architecture framework in Fig. 2.
  • API application program interface
  • CD compact disc
  • FTP file transfer protocol
  • GUI graphical user interface
  • MOP Internet Inter-ORB Protocol.
  • ISDN integrated services digital network.
  • IT information technology.
  • LAN local area network.
  • LA/LT Local Acknowledgment/Local Termination.
  • MAPI Messaging API.
  • ORB object request broker.
  • PC personal computer.
  • PDA personal digital assistant.
  • TCP/IP Transmission Control Protocol/Internet Protocol.
  • TP transaction processing.
  • WAN wide area network
  • Fig. 1 illustrates an exemplary distributed system 100, such as a computer network, configured with clients and servers.
  • the block diagram of Fig. 1 therefore shows a distributed system 100 comprising a plurality of client computers 102 and a plurality of servers 104, all of which are connected to a network 106.
  • the present invention applies to mainframe and client/server styles of computing, and may be applied to other styles of computing such as the netcentric style.
  • the client 102 is a member of a class or group that uses the services of another class or group to which it is not related.
  • a client is a process (i.e., roughly a program, task or application) that requests a service that is provided by another process, known as a server program.
  • the client process uses the requested service without having to know any working details about the other server program or the server itself.
  • a server 104 is typically a remote computer system that is accessible over a communications medium such as an intranet or Internet.
  • the client process may be active in a second computer system, and communicate with the server process over a communications medium that allows multiple clients to take advantage of the information-gathering capabilities of the server.
  • the server essentially acts as an information provider for a computer network.
  • Client/server networks may include local area networks (LANs), other wide area networks (WANs), and regional networks accessed over telephone lines, such as commercial information services.
  • the client and server processes may even comprise different programs executing simultaneously on a single computer.
  • the client computers 102 can be conventional personal computers (PCs), workstations, or computer systems of any other size.
  • Each client 102 typically includes one or more processors, memories, input/output devices, and a network interface, such as a conventional modem.
  • the servers 104 can be similarly configured. However, the server 104 may each include many computers connected by a separate private network. In fact, the network 106 may include hundreds of thousands of individual networks of computers.
  • an Integration Architecture Framework 200 addresses business goals of modernizing old, or legacy, network systems, into new integrated application systems.
  • the Integration Architecture Framework 200 describes the layers for integrating disparate components on a computer network. The integration can take place and the services that allow both new and legacy systems to be integrated together across many different platform types, i.e., operating systems, across different data structures, using different applications and different presentation platforms. Integration of the disparate components preferably appears transparent to a computer network user, or an application or other component on the computer network. An architect can use the Integration Architecture Framework 200 to identify the layer at which the application systems can be integrated.
  • the Integration Architecture Framework 200 includes a presentation integration layer 202, an application integration layer 204, an environment integration layer 206, a content integration layer 208 and a network integration layer 210.
  • the term layer does not mean that one layer must be considered or integrated before another layer can be considered or integrated. Rather, the layers can be considered or integrated in any order.
  • One or more of the layers are typically used to integrate disparate applications and network systems.
  • Application Integration Layer 204 allows the sharing business functionality between applications utilizing different delivery vehicles.
  • An application is a program, such as a human resources employee management system or general ledger system, which performs a task or tasks for end user use.
  • Application Integration layer 204 allows applications using one messaging format to communicate with applications based on a different message format.
  • the Application Integration layers 204 allow an application delivered using one messaging capability to communicate with application functionality delivered using another messaging capability.
  • the Application Integration layer 204 is typically used when business functionality (application logic and data) in one application is required by another application. Rather than rewriting the functionality, Application Integration layer 204 allows the business functionality to be shared by both applications. Fig.
  • the Application system 204 may include a network computer 402 and a PC computer 404 that are connected via the shared server 406 and shared content 408.
  • the PC computer 404 connects with a first physical network 410 and a first end user device 412, such as a personal computer (PC).
  • the network computer 402 connects with a second physical network 414 and a second end-user device 416.
  • the Application Integration layer 204 allows end users to access the shared server 406 and shared content 408.
  • Style I End user access implementation styles are illustrated in Fig. 5.
  • Style I generally 500, multiple access channels share content 502 as well as application logic 504.
  • Style I channels 506 offer a similar set of business processes to end-users, thus the end-users can share business logic.
  • Style I offers a high level of reuse of legacy architecture components.
  • Style I also allows potential cost savings since each channel 506 does not have its own data 502 and application architecture 504. Since there is a common data and application source, maintenance of the system is potentially simpler because there are fewer components to manage. Because the architecture is designed to be channel independent, additional channels 506 may be added more easily to the architecture.
  • An example of a Style I implementation would be an application w ⁇ tten to allow a PC internet browser and wireless personal digital assistant (PDA) to access the same application over the Internet.
  • PDA personal digital assistant
  • Style M's architecture generally 508, shares content among access channels 506, but utilizes unique application architecture 509 for each channel 506.
  • Style II does not share as much of the architecture as Style I, Style II may be appropriate if different channels are intended to support different business processes.
  • an application may not be able to support multiple channels.
  • a custom application written for corporate LAN users might not be able to handle Internet requests.
  • a new web application is added to support the web access channel.
  • both the custom application and web application servers may share a common database 502.
  • An example of a Style II implementation is adding a transaction processing (TP) server to manage requests to a common database.
  • a server for the custom application and a web server would use the TP to access shared data.
  • application logic resides separately on the server for the custom application and the web server.
  • Style Ill's generally 510, access channels 506 uses unique application logic 509 and unique data 512.
  • Each channel 506 delivers business capabilities to end-users without sharing services with other channels 506.
  • content can be shared among databases through replication, file transfer, or synchronization processes.
  • Style III does share content, however, because each channel 506 maintains its own content source. Since channels 506 use unique data 512 and application logic 509, adding a new channel 506 requires no changes to the existing channels 506.
  • Each channel's unique data 512 and unique applications 509 are optimized for that particular channel 506. Also, other channel requests do not impact the channel's application or database servers. Security is potentially simpler since each channel 506 can decide the security levels for that channel's users. When sharing application and data, security issues become more complex since more users have access to the applications and data, and each channel may require different levels of access to information.
  • An example of a Style III architecture is a custom client/server application serving PCs on a LAN alongside a web server with each server including its own copy of data. Changes to the business functions may require changes to the client/server's application and data, as well as the web server's application and data.
  • the Application Integration layer 204 includes Data translation 302 and Message translation 304 components.
  • Data translation services 302 provide mapping and translation of information from one format into another format. Data translation services 302 keep track of the processes that take place in the translation from one format to another and the order in which the process occurs. Data translation services 302 also translate between native terminal characteristics into the standardized representation, e.g., ASCII to EBCDIC, Big Endian to Little Endian or character mode to block mode. Exemplary data translation services are BEA MessageQ; IBM MQ Series; RMS OmniTrans; and file transfer protocol (FTP).
  • Message translation services 304 translate messages from one format to another.
  • the Message translation services 304 allow different technology message formats like CICS or ABAP to be understood by new message formats.
  • the format of these messages may include Object Request Broker (ORB), Transaction Processing (TP), FTP, E-mail, electronic data interchange (EDI) or Data translation services 302. These services are sometimes referred to as message gateways. They provide the ability to reuse business logic within other applications without rewriting the code.
  • the Message translation services 304 can be divided into two categories, Message Passing and Message Queuing.
  • Message Passing is the direct exchange of information between a sending and receiving application. Message passing is used at the time the message is sent.
  • Message queuing is a method of sending data from one application to another in which the data is queued in computer memory. The message remains in the queue until the target program can receive the data, whether milliseconds or hours after the message arrives in the queue.
  • Adding multiple access channels e.g., channels 506, Fig. 5
  • a transaction processor (TP) server can add overhead as the TP routes messages from multiple channels.
  • Message translation services 304 include E-mail translation services.
  • E-mail Translation Services 306 allow two different e-mail packages to communicate with one another (e.g. Lotus Notes and MS Mail). Integrating the two different e-mail packages allow users in one e-mail environment to get messages from another e-mail environment.
  • a point-to-point gateway is an e-mail system add-on that provides bi-directional message-format translation and transport between two dissimilar mail systems.
  • a central message switch connects multiple e-mail environments via gateways in a hub-and-spoke design, where the message switch is the hub and the gateways are spokes.
  • the chief architectural difference from the point-to-point gateway is that a gateway no longer connects two e-mail environments directly but connects each e-mail environment to the central switch.
  • Message switches translate the sender's message format first into a central message switch format and then into the recipient's format. In contrast, gateways may translate from one vendor format directly to another. Switches communicate with mail systems using the mail system's preferred protocol, whether X.400, SMTP, or proprietary protocols used by Exchange,
  • a client driver (also called a "service provider”) is software that runs on the e-mail client (e.g., client 102, Fig. 1 ).
  • the client driver picks up the client's e-mail-related software calls and redirects them to e-mail-related services (e.g., server 104, Fig. 1 ).
  • the client driver translates the client's native software calls into native protocol requests for the foreign system. For instance, calls made by a cc:Mail client could be redirected to an HP OpenMail server.
  • the client driver accomplishes this by translating either proprietary cc:Mail calls or Messaging API (MAPI) calls (in the case of the cc:Mail MAPI client) into OpenMail protocol requests.
  • MMI Messaging API
  • Standards-Based Backbones can integrate disparate mail systems by linking them to servers (e.g., server 104, Fig. 1 ) that support standard protocols such as SMTP or X.400.
  • the backbone approach is typically used with one or more of the other integration approaches (gateways, message switches, client drivers). However, instead of translating into a proprietary messaging protocol, the gateway, message switch, or client driver translates messages into the standard backbone protocol.
  • An advantage of the backbone approach is that Gateways, message switches, and client drivers from multiple vendors can be integrated into a single system, typically at a lower cost than proprietary solutions, and without locking customers into a single vendor's e-mail integration solution.
  • EDI Translation Service 308 translates an EDI file into an interface file and vice versa.
  • EDI integration is achieved through bridging two distinct data streams.
  • An EDI data stream is integrated with the application data stream.
  • transactions are created (or processed) by an application, translated into (or from) EDI and sent to (or received from) a trading partner through an automated and integrated process, preferably without human intervention.
  • an Object Request Broker (ORB) Translation Service 310 defines mechanisms that support interoperation among ORBs. Thus, a client in one ORB can invoke an operation of an object in another ORB.
  • ORB Object Request Broker
  • Translation Service includes three main components.
  • An Internet Inter-ORB Protocol (HOP) supports interoperability in the transport domain of Transmission Control Protocol/Internet Protocol (TCP/IP).
  • a DCE-CIOP supports interoperability among DCE-based ORBs.
  • GIOP General Inter- ORB Protocol
  • CORBA extensions support the construction of bridges to non-compliant ORBs and ORBs in different transport domains.
  • Transaction Processing (TP) Translation Services 312 allow two different Transaction Processing monitors (e.g. Tuxedo and CICS) to communicate with each other.
  • TP Translation Services 312 allow for interoperability between different TP monitors. Integration is bi-directional and preserves the native application program interfaces (APIs) of each environment. As a result, no changes are required to either transaction processing environment. An architect should consider the impact of the additional translation steps, additional network traffic, the need to be able to manage the logical unit of work as a transaction and implications that may have on the solution.
  • APIs application program interfaces
  • Content integration layer 208 provides the ability to share data, voice, images, documents, and unstructured data between delivery vehicles.
  • Content integration layer 208 is different from application integration 204 because Content integration layer 208 does not integrate business logic, only the content.
  • Content integration layer 208 can be divided into content sharing 602 and content replication 604.
  • Content sharing 602 provides the ability to share content real-time or near real-time from a source location. For example, data that is stored in one database could be accessed from a delivery vehicle in real-time. The content sharing approach is typically used when the quality of the data in the source application is high.
  • Content replication 604 provides the ability to share content by copying data from the source location to the other locations when required. For example, the content stored in a Lotus Notes database may be replicated to a Sybase database.
  • Content replication 604 is typically done on a scheduled/batch type of approach, although replication can occur real-time on a transaction by transaction basis. Content replication 604 is typically used when the quality of data is not high and some conversion needs to take place between applications, although a high quality source data scenario may also replicate data to meet some performance or availability requirements.
  • A. Content Replication/Synchronization Services 604 support an environment in which multiple copies of the content are maintained. The need to keep multiple copies may result from the limitations of existing legacy applications and technologies or from the need to deliver better availability or recoverability of a distributed application. Replication/Synchronization can be done either real-time or on-demand, and can be initiated by a user, program or a scheduler.
  • Content capture services 606 extract data that needs to be replicated/synchronized.
  • the data capture service may either capture the change as it occurs in a change log (transaction level) or identify all of the changes in an extract program overnight (batch level). Capturing the change as it occurs typically requires a change to the source application and database. This may come in the form of using triggers in the database or having the application write to both the database and the log.
  • Content data capture typically is used to support more real-time replication or when it is difficult to identify when a transaction was completed.
  • Extracting all the changes that need to be replicated in a batch typically impacts the source application and database less. Extraction is typically accomplished by writing a program to extract all the new transactions since the last replication.
  • the extraction type of data capture is typically used to support basic interfaces in a nightly batch mode.
  • a system architect should determine the amount of change required to the source system to implement either the extract or data capture option.
  • Content conversion services 608 resolve inconsistencies in data with regard to syntax, definitions, and formats between the source, e.g. client, and target, e.g., server, systems. The types of conversion these services can address are divided into three basic categories, Syntactic, Structural and Semantic. Syntactic issues are surface differences, usually the result of typing or data-entry.
  • the Syntactic part of the conversion phase cleanses the data and the other two parts deal mainly with coordinating the data as it comes in from different sources.
  • Structural issues refer to the case where internal representation of data is inconsistent between sources. Semantic problems occur when the user's interpretation of the data may differ, or when the disagreement among source records requires human intervention to resolve.
  • Data Conversion tools extract data into specialized engines, apply transformation functions real time and load properly formatted data for loading into a target database.
  • Data Conversion Engines process data mappings and transformations in memory.
  • the Data Conversion approach increases throughput and streamlines the number of steps required to set up and revise the transformation processes.
  • Many data conversion engines contain schedulers that coordinate all phases of the data migration process: cleansing, extraction, data movement, transformation, loading and metadata capture. Since there are typically a variety of sources, the data interfaces are likely to originate from several platforms. Therefore, an issue to consider is upon which platform the conversion process will take place. Possibilities include one of the source platforms, the target platform, or an independent platform. The application may also be distributed across several different platforms.
  • conversion rules are stored in tables, not hard coded into the program, unless a code generator based on rules tables is used.
  • Content Load Services 610 can be used in several places within the architecture (intermediate steps or final destination). The function of these services is to load large amounts of data from one format to another. The loading may take the form of loading data from one Oracle table to another Oracle table or it could take the form of loading data from a UNIX flat file format to an Oracle database. An architect should consider that some load services may by-pass the business rules stored within the application that may require the rules to be applied to the content before being loaded. iv.
  • Coordination service 612 is used to compare the information in the source and target databases to ensure that they are consistent. When discrepancies or unanticipated changes are found, the coordination service analyzes and resolves the differences. The Coordination service 612 examines records or transactions to determine content and allow the user, or systems, to change the records to eliminate inconsistencies. The coordination service is a backup for ensuring data integrity in both the source and target databases. Due to the nature of the legacy systems involved in the replication tasks, exceptions often occur that cannot be dealt with until after they are loaded into the target database. v. Transport content 614 is typically done via messaging or file transfer solutions.
  • Content Sharing services 602 enable an application to retrieve data from a database as well as manipulate (insert, update, delete) data in a common database. Content sharing is achieved through retrieval or manipulation from the common database. For example, it allows Visual Basic/Oracle applications to access information stored in DB2 directly, without replicating. Content sharing can share content in the form of structured or unstructured data or multimedia, which includes: images, graphics, audio, non-linear video and 3D animation, analog film/video, and digital film/video.
  • channel services may be required to accommodate variations in computing characteristics.
  • the channel services may impact the application architecture, data architecture, and infrastructure of a business capability.
  • An example of channel services is shown in Fig. 7.
  • Both the client server architecture 100 and personal digital assistant (PDA) 702 may request content 704 in the form of voice, video, or data, however each device requires the content 704 in a different format.
  • a Content Formatting Service formats the requested content 704 for specific end-user architecture such as the client/server architecture 100 and the PDA architecture 702.
  • the Content Formatting Service allows the same content, e.g., voice, video, or data, to be handled by different devices.
  • Multi-media Gateway Services 614 translate SQL statements by users against data types such as documents, audio, video and images.
  • the multi-media gateway services 614 allow SQL applications to access non- traditional data formats without changing the data access method (e.g. SQL) for the application.
  • An exemplary multi-media gateway includes Visual
  • Non-relational Database Gateway Services 616 use a relational structure to interpret relational queries submitted by users against nonrelational databases and data sets, for e.g. IMS databases, VSAM data sets or Lotus Notes databases.
  • Non-relational Database Gateway Services provide communication, data access, and data mapping facilities to access non-relational data using relational queries.
  • An exemplary non-relational database is DataJoiner, which allows the user to access and join data from different relational data sources (including the DB2 family, Oracle, Informix, Sybase, Microsoft SQL Server) and non-relational data sources (including IMS, VSAM) with a single SQL statement.
  • relational data sources including the DB2 family, Oracle, Informix, Sybase, Microsoft SQL Server
  • non-relational data sources including IMS, VSAM
  • SQL Gateways 618 provide a mechanism for clients to transparently access data in a variety of databases (e.g., Oracle, Sybase,
  • the Web Gateway Service 620 allows developers to use the web as a new data source to automate interactions with web based services.
  • the web gateway service 620 enables a business application to retrieve data from a data source on the Web site.
  • the intent of the web gateway service 620 is to allow applications built using traditional Client/Server technologies to access information on the Internet without rewriting the entire application.
  • Environment Integration layer 206 illustrates exemplary components to integrate environment services.
  • Common environment services include services like component translation 802, operating system emulation 804 and security integration 806.
  • environment integration services 206 may allow a UNIX application to run in an NT environment, or to provide single-user sign-on to both a MVS application and a UNIX application.
  • Environment integration layer 206 is typically used to provide for simplified user interaction.
  • Component Translation Services 802 translate one component (e.g. ActiveX) to another component (e.g. Java Bean). This is different from
  • ORB translation in that the message passed is not actually translated until in the component.
  • the component is changed to become accessible by another component framework.
  • an ActiveX component would be wrapped to become a Java Bean. All messages could be sent based on CORBA. No DCOM messages would need to be sent. This concept is referred to as a wrapper.
  • Operating System Emulation Services 804 are tools that allow applications built on one operating system to run on another operating system. For example, by adding the emulation service a server would be able to run both an NT application and a UNIX application. There are potential drawbacks depending on which integration tool is selected. Software that uses commonly available though nonstandard libraries may require a significant amount of work to create missing application program interfaces (APIs). The architect should understand the set of APIs that are used by the application as well as provided by the emulation service.
  • APIs application program interfaces
  • Security Integration Services 806 also referred to as single sign- on services is the ability to log on to multiple computer systems or networks with a single user ID and password.
  • the single sign-on system contrasts with the situation, where a user needs a password and user ID for each system, and the user must log on to each system separately. It can be difficult for users to manage multiple user IDs and passwords, and easier to remember just password. Single sign-on also relieves the end user of having to know log-in procedures for different platforms.
  • single sign-on systems do not require that each user have a single user ID, password and log-on procedure.
  • the single sign-on systems simply permit administrators to reduce the number of user IDs, passwords, and log-on procedures to a desired number, allowing administrators to manage the tradeoff between convenience and security.
  • the system could be less secure for administrators to allow users to have many IDs/passwords rather than just one, since, when faced with remembering multiple passwords, users may compromise security and write passwords down in a non-secure place to avoid being shut out of the system.
  • the privilege server confirms or denies rights to access particular resources based on the user's authenticated identity.
  • Server-side security software streamlines the log-in procedure because it handles many of the complexities involved in accessing remote systems.
  • the security module on the protected system could set environment variables and terminal type and put the user in an appropriate directory.
  • a security module on a database server could set limitations on what rows and columns the user sees.
  • the client software in centralized login systems may offer some workstation security features along the lines of those offered by script-based systems. However, the workstation security features of centralized log-in systems are likely to be less rigorous and comprehensive than those of scripting systems. In large, complex, active environments, the centralized log-in systems
  • Centralized log-in systems 810 improve enterprise-level security more than script-based systems 808. For instance, all login-related communications are usually encrypted. Encrypted systems are preferred since unencrypted log-in related communications could be intercepted by a network monitor for unauthorized later use. Key information packets are also preferably time-stamped to prevent a network monitor from picking them up, recording them and replaying them later. Architects can guard against a failing security server by setting up alternate security servers.
  • each workstation is configured to authenticate via a given primary security server. If that server is unavailable, the workstation has the name of a secondary server to use.
  • Scripting 808 allows the user to log on to the single sign-on software, which then consults one or more scripts, instead of users having to perform the log-in procedures for each platform. The script(s) then perform log-in procedures on behalf of the user for all supported platforms.
  • the script is contained in a text file that is written in a specialized programming language and is usually encrypted.
  • hybrid single sign-on system uses a security server in conjunction with scripting.
  • users are authenticated with a security server in order to get rights to run a script.
  • the scripts are likely stored on the security server.
  • the protected system contains no software.
  • hybrid systems 812 offer higher security and control compared to a scripting-only approach.
  • hybrid systems 812 involve more administration and higher levels of network traffic.
  • hybrid systems 812 are less secure. For instance, the hybrid system 812 does not prevent a perpetrator from logging on to a resource server from an unprotected workstation, and does not address the issue of unencrypted passwords traversing the network.
  • Network integration layer 210 provides for disparate networks based on different protocols to communicate with one another or nodes on another network. For example, an application running on a TCP/IP network could access information in a database running on a mainframe network. Network integration layer 210 is required when two different network protocols need to communicate with one another. The network integration layer 210 establishes, maintains, and terminates logical connections between nodes across one or more physical connections.
  • A. Foreign protocol integration 902 adapts nodes on the network, which may be a mainframe, client, or server, to support a dominant network protocol that may not be native to the node. Foreign protocol services convert the node as opposed to the protocol.
  • Protocol Translation services 904 include network layer integration 906 and data link integration 908.
  • Integration at the data link layer 908 of the OSI Model can be used to provide connectivity between systems that use different higher layer protocols. For example, LAN workstations using TCP/IP to access a UNIX server may also use SNA to access an IBM mainframe using the same network. Integration at the Data Link Layer is achieved by data link layer (DLL) protocol conversion with Local Acknowledgment/Local Termination
  • DLL data link layer
  • Network layer integration services 906 establish, maintain, and terminate connections across a communication facility; which can be the public switched telephone network or private data network. Network services deliver data from one end node to another through addressing and routing.
  • Routing is the process by which paths through the network are established for the transfer of data.
  • Presentation Integration layer 202 illustrated in Fig. 10, enables an application to manage the user-computer interface. Presentation integration includes capturing user actions and generating resulting events, presenting data to the user, and assisting in the management of the dialog flow of processing. Presentation Integration layer 202 allows combined disparate user-computer interfaces. Presentation Integration layer 202 also allows applications running on one client operating system to run in another operating system. This allows the elimination/consolidation of client devices. For example, a user currently using a 3270 terminal for one application and a PC for their office automation tools can run both applications on the PC. Presentation Integration 202 allows the business to leverage their older applications, while delivering new applications on newer technology. Two types of Presentation Integration layer 202 include screen scraping 1010 and terminal emulation 1020. A.
  • Screen scraping 1010 is similar to terminal emulation 1020, except that the user does not actually see the original user interface such as a 3270 terminal.
  • Screen scraping provides an application program interface (API) that allows programs to read from and write to the 3270 terminal.
  • API application program interface
  • Screen Scraping Services transforms a character based user interface into a graphical user interface (GUI).
  • GUI graphical user interface
  • Applications can thereby be implemented using GUI tools integrating data from unchanged legacy systems together with data from other systems.
  • An exemplary screen scrapping 1010 application is Vission: Flashpoint, by Sterling Software which includes VISION:Develop and VISION:Play.
  • Vission: Flashpoint is a visual application development tool designed to extend the life of existing host applications by adding a GUI.
  • Screen scraping 1010 allows an end user access to legacy applications.
  • the screen scraping 1010 approach is typically used when the legacy application still delivers high quality application functionality and data to the user.
  • Screen scraping 1010 is a relatively inexpensive approach since it allows the business to leverage older applications, while delivering new applications on newer technology.
  • More advanced products support server side screen scraping that allows the use of 3270 terminals as message layouts, by providing indirect access to screen fields. The tools are used to map logical field names to physical fields on particular screens. Applications can then access the logical fields by name without knowing what screens they come from.
  • the server side approach is easier to maintain in an environment where the legacy systems and screens are being modified.
  • An important consideration in implementing screen scraping 1010 is the quality of the business logic and data within the legacy system.
  • Terminal emulation 1020 allows applications running on one client operating system to run in another operating system to consolidate client devices. For example, a user currently using a 3270 terminal for one application and a PC for their office automation tools can run both applications on the PC.
  • Different emulation software enables a PC or workstation to perform all or some of the functions of a 3270, 3278/3279 (color terminals), or 5250 IBM terminal (AS/400 terminal).
  • Reverse terminal emulation software enables a 3270 terminal to appear to a network as a VTxxx (e.g., VT100 or VT200) terminal.
  • Gateway software performs terminal emulation 1020, which makes the
  • An exemplary terminal emulation application includes Citrix Systems Inc.'s
  • WinFrame for Networks 1.5 a Windows NT-based system for running applications remotely over network, phone or integrated services digital network (ISDN) lines.
  • the WinFrame system allows users to store data and run applications on a central server while sending only keystrokes, mouse movements and screen objects to the server.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

L'invention se rapporte à un cadre et à un procédé de mise en oeuvre d'un cadre pour l'intégration de composants disparates (414, 416), tels que des composants nouveaux et existants, sur un système de réseau informatique (402). Le réseau existant peut comporter des unités d'archivage utiles (408) du contenu existant, telles que des unités d'archivage de données, et des architectures informatiques existantes (404). Avec l'ajout de nouveaux systèmes sur le réseau, le cadre peut constituer une aide pour un architecte lors de la sélection d'une couche d'intégration (204) qui permette l'intégration de composants disparates.
PCT/US2000/030492 1999-11-03 2000-11-03 Cadre pour l'integration d'applications et de systemes nouveaux et existants des technologies de l'information WO2001033339A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU25740/01A AU2574001A (en) 1999-11-03 2000-11-03 Framework for integrating existing and new information technology applications and systems
CA2389369A CA2389369C (fr) 1999-11-03 2000-11-03 Cadre pour l'integration d'applications et de systemes nouveaux et existants des technologies de l'information

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US16347799P 1999-11-03 1999-11-03
US60/163,477 1999-11-03

Publications (1)

Publication Number Publication Date
WO2001033339A1 true WO2001033339A1 (fr) 2001-05-10

Family

ID=22590178

Family Applications (3)

Application Number Title Priority Date Filing Date
PCT/US2000/030492 WO2001033339A1 (fr) 1999-11-03 2000-11-03 Cadre pour l'integration d'applications et de systemes nouveaux et existants des technologies de l'information
PCT/US2000/041894 WO2001033356A1 (fr) 1999-11-03 2000-11-03 Procede d'evaluation et de selection d'intergiciel
PCT/US2000/030420 WO2001033359A1 (fr) 1999-11-03 2000-11-03 Structure de securite informatique s'articulant autour de l'internet

Family Applications After (2)

Application Number Title Priority Date Filing Date
PCT/US2000/041894 WO2001033356A1 (fr) 1999-11-03 2000-11-03 Procede d'evaluation et de selection d'intergiciel
PCT/US2000/030420 WO2001033359A1 (fr) 1999-11-03 2000-11-03 Structure de securite informatique s'articulant autour de l'internet

Country Status (3)

Country Link
AU (3) AU2248901A (fr)
CA (1) CA2389369C (fr)
WO (3) WO2001033339A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1806902A1 (fr) * 2006-01-10 2007-07-11 Alcatel Lucent Méthode et serveur d'entrée pour mettre en place une procédure d'authentification centralisée pour un utilisateur
US7568222B2 (en) 2000-05-25 2009-07-28 Randle William M Standardized transmission and exchange of data with security and non-repudiation functions
CN104731573A (zh) * 2013-12-23 2015-06-24 国际商业机器公司 用于将新组件合并到分层模型中的方法和系统
CN110832808A (zh) * 2017-06-09 2020-02-21 环球互连及数据中心公司 针对数据中心基础设施监测数据的近实时消息传递服务

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7418429B1 (en) * 2000-10-20 2008-08-26 Accenture Pte. Ltd. Method and system for facilitating a trusted on-line transaction between insurance businesses and networked consumers
DE60135449D1 (de) * 2001-06-14 2008-10-02 Ibm Eindringsdetektion in Datenverarbeitungssystemen
US7590859B2 (en) 2001-08-24 2009-09-15 Secure Computing Corporation System and method for accomplishing two-factor user authentication using the internet
US8620777B2 (en) 2001-11-19 2013-12-31 Hewlett-Packard Development Company, L.P. Methods, software modules and software application for logging transaction-tax-related transactions
TWI235580B (en) * 2002-05-03 2005-07-01 Ke-Cheng Fang Network security system and method for recording and resisting hacker
US20170017655A1 (en) * 2014-03-31 2017-01-19 Hewlett Packard Enterprise Development Lp Candidate services for an application
US10289525B2 (en) 2017-08-21 2019-05-14 Amadeus S.A.S. Multi-layer design response time calculator
FR3070213B1 (fr) * 2017-08-21 2023-04-14 Amadeus Sas Calculateur de concept multi-couche du temps de reponse
US10819556B1 (en) 2017-10-16 2020-10-27 Equinix, Inc. Data center agent for data center infrastructure monitoring data access and translation
CN108009258B (zh) * 2017-12-10 2022-03-15 恒创数字科技(江苏)有限公司 一种可在线配置的数据采集与分析平台
US11729187B2 (en) * 2020-02-24 2023-08-15 Microsoft Technology Licensing, Llc Encrypted overlay network for physical attack resiliency
CN116630034B (zh) * 2023-07-21 2023-11-07 杭银消费金融股份有限公司 一种风控数据处理系统及方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5321610A (en) * 1991-09-23 1994-06-14 The Cobre Group, Inc. Integrated product for implementing application software and process of developing integrated product for implementing application software
US5524047A (en) * 1993-09-15 1996-06-04 Cirrus Logic, Inc. Method and apparatus for emulating telephonic communications with a modem and headset
US5991794A (en) * 1997-07-15 1999-11-23 Microsoft Corporation Component integration system for an application program

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5560008A (en) * 1989-05-15 1996-09-24 International Business Machines Corporation Remote authentication and authorization in a distributed data processing system
US5333304A (en) * 1991-05-03 1994-07-26 International Business Machines Corporation Method and apparatus for software application evaluation utilizing compiler applications
JPH0644255A (ja) * 1991-05-17 1994-02-18 Shimizu Corp 統合的生産プロジェクト情報管理システム
US5574828A (en) * 1994-04-28 1996-11-12 Tmrc Expert system for generating guideline-based information tools
US5745880A (en) * 1994-10-03 1998-04-28 The Sabre Group, Inc. System to predict optimum computer platform
US6006333A (en) * 1996-03-13 1999-12-21 Sun Microsystems, Inc. Password helper using a client-side master password which automatically presents the appropriate server-side password to a particular remote server
US5771385A (en) * 1996-03-29 1998-06-23 Sun Microsystems, Inc. Setting and getting system debug flags by name at runtime
US5748890A (en) * 1996-12-23 1998-05-05 U S West, Inc. Method and system for authenticating and auditing access by a user to non-natively secured applications
US5923756A (en) * 1997-02-12 1999-07-13 Gte Laboratories Incorporated Method for providing secure remote command execution over an insecure computer network
US6199193B1 (en) * 1997-03-18 2001-03-06 Fujitsu Limited Method and system for software development and software design evaluation server
US5956513A (en) * 1997-08-07 1999-09-21 Mci Communications Corporation System and method for automated software build control
US6076168A (en) * 1997-10-03 2000-06-13 International Business Machines Corporation Simplified method of configuring internet protocol security tunnels
US6092196A (en) * 1997-11-25 2000-07-18 Nortel Networks Limited HTTP distributed remote user authentication system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5321610A (en) * 1991-09-23 1994-06-14 The Cobre Group, Inc. Integrated product for implementing application software and process of developing integrated product for implementing application software
US5524047A (en) * 1993-09-15 1996-06-04 Cirrus Logic, Inc. Method and apparatus for emulating telephonic communications with a modem and headset
US5991794A (en) * 1997-07-15 1999-11-23 Microsoft Corporation Component integration system for an application program

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7568222B2 (en) 2000-05-25 2009-07-28 Randle William M Standardized transmission and exchange of data with security and non-repudiation functions
EP1806902A1 (fr) * 2006-01-10 2007-07-11 Alcatel Lucent Méthode et serveur d'entrée pour mettre en place une procédure d'authentification centralisée pour un utilisateur
CN104731573A (zh) * 2013-12-23 2015-06-24 国际商业机器公司 用于将新组件合并到分层模型中的方法和系统
CN110832808A (zh) * 2017-06-09 2020-02-21 环球互连及数据中心公司 针对数据中心基础设施监测数据的近实时消息传递服务

Also Published As

Publication number Publication date
AU2248901A (en) 2001-05-14
CA2389369C (fr) 2012-06-05
AU2574001A (en) 2001-05-14
AU3268201A (en) 2001-05-14
CA2389369A1 (fr) 2001-05-10
WO2001033356A1 (fr) 2001-05-10
WO2001033359A1 (fr) 2001-05-10

Similar Documents

Publication Publication Date Title
US7124413B1 (en) Framework for integrating existing and new information technology applications and systems
CA2389369C (fr) Cadre pour l'integration d'applications et de systemes nouveaux et existants des technologies de l'information
US6842770B1 (en) Method and system for seamlessly accessing remotely stored files
US6804674B2 (en) Scalable Content management system and method of using the same
US7249131B2 (en) System and method for dynamically caching dynamic multi-sourced persisted EJBs
US7627658B2 (en) Presentation service which enables client device to run a network based application
Joseph et al. Rover: A toolkit for mobile information access
JP3518958B2 (ja) 拡張属性サポートを有する分散ファイル・システム・トランスレータ
US6922695B2 (en) System and method for dynamically securing dynamic-multi-sourced persisted EJBS
US6996565B2 (en) System and method for dynamically mapping dynamic multi-sourced persisted EJBs
US20070118889A1 (en) Method, software program, and system for managing access to information and the transfer thereof
EP2383650A1 (fr) Procédés pour l'exécution de programmes distribués avec association de type fichier dans un réseau client-serveur
US7421480B2 (en) Personal computing environment using mozilla
JP2005535947A (ja) 異なるタイプのバックエンド・データ・ストアにアクセスするためのシステムおよび方法
Almeida et al. Getting started with data warehouse and business intelligence
US7707504B2 (en) Offline configuration tool for secure store administration
US20020026446A1 (en) Secure host computer internet gateway
Evans et al. Transaction Internet Protocol-requirements and supplemental information
Fatoohi et al. Middleware for Building Distributed Applications Infrastructure
Chapin et al. Consistent policy enforcement in distributed systems using mobile policies
Mathew Derivation of the required elements for a definition of the term middleware
Draft 1= Defense Information Technology I Services Organization
Wieczerzycki Transaction management in databases supporting Web-based negotiations
Reinschmidt et al. A DB2 Enterprise Query Environment: Build it with QMF for Windows!
Evans et al. RFC2372: Transaction Internet Protocol-Requirements and Supplemental Information

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2389369

Country of ref document: CA

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase