chris21 architecture.pdf

chris21 Architecture

chris21 Architecture Updated 7 November 2007 of 16

Copyright © Frontier Software 2007 All rights reserved. The information contained in this document is of a proprietary nature and is the sole and exclusive property of: Frontier Software The contents of this document are not to be copied in whole, or in part, without the express written permission of Frontier Software. Frontier Software reserves the right to modify without notice the contents of the CHRIS system as they are outlined in this document and in associated documentation.

Trademarks

Windows, Windows 2000, Windows 2003, Windows XP, Windows Vista, SQL Server, Exchange, Internet Information Server (IIS), Internet Explorer (IE), Outlook, .NET are either trademarks or registered trademarks of Microsoft Corporation. Microsoft is a registered trademark of Microsoft Corporation. InstallShield is a trademark of Macrovision. Delphi is a trademark of Borland Software Corporation. Oracle is a registered trademark of Oracle Corporation. Novell, NDS & eDirectory are trademarks of Novell Incorporated. Adobe is a trade mark of Adobe Systems Incorporated. Portions copyright © 1988 - 2007 Acucorp, Inc. All rights reserved. All rights reserved. The names of other products and companies named in this document are owned by their respective owners.


Contents ARCHITECTURE – APPLICATION LOGICAL LAYERS........................................................................4

ARCHITECTURE - DESCRIPTION................................................................................................................5 OBJECTIVES OF MODERN APPLICATION ARCHITECTURES....................................................................................5 THE ARCHITECTURE.............................................................................................................................................5 THE INTERFACES ..................................................................................................................................................6 MIDDLEWARE (TRANSACTION MESSAGING) ......................................................................................................7 COMMUNICATIONS...............................................................................................................................................7

Web services.....................................................................................................................................................8 THE PLATFORMS...................................................................................................................................................8 THE BUSINESS RULES ENGINE.............................................................................................................................8

Pooled mode.....................................................................................................................................................9 RELIABILITY .......................................................................................................................................................10

Web Server .....................................................................................................................................................10 Application Layer ..........................................................................................................................................10 Data Layer .....................................................................................................................................................10 Reliability Diagram .......................................................................................................................................11

THE ACTIVE DATA DICTIONARY .......................................................................................................................12 THE DATA LAYER...............................................................................................................................................12 APPLICATION SERVICES .....................................................................................................................................13

Security...........................................................................................................................................................13 LDAP – Directory Services...........................................................................................................................13 Single Sign-on – Integrated Windows Authentication .................................................................................13 Process Management ....................................................................................................................................14 Scheduling......................................................................................................................................................14 SMTP – Email Services .................................................................................................................................14 SQL – Database Services ..............................................................................................................................14 Legacy Interfaces...........................................................................................................................................14

STANDARDS & PROTOCOLS ...............................................................................................................................15 ARCHITECTURE – PHYSICAL CONNECTIVITY ..................................................................................16


Architecture – Application Logical Layers

Active Data Dictionary

Relational Database

Business Rules Engine

ToolsExcel macro

and otherOLE tools

EAI / BPMEnterprise ApplicationIntegration, BusinessProcess Management,

Portals etc

chris21Windowsinterface

HR21BrowserInterface

INTERFACELAYER

TRANSACTIONMESSAGING (API)

BUSINESSLOGICLAYER

DATALAYER

Security

Scheduling

Process Management

SMTP Email Services

LDAP Directory Services

SQL Database Services

Legacy Interfaces (GLI)

Application Services

XM

L


Architecture - Description

Objectives of modern application architectures

There are a number of objectives desirable in an application architecture, so it can provide a “good fit” with the requirements of modern IT infrastructures. IT infrastructures are now required to be distributed, Internet-enabled, secure, reliable, low-maintenance and cost effective.

The table below lists the major objectives, the benefits and how chris21 achieves them. Below that, we look at the different parts of the architecture in more detail.

Objectives Benefits How Achieved Flexible solution Supports diverse hardware and

infrastructure. See “The Platforms”

Good performance over wide-area-networks and the Internet

Users more productive and reduced network costs

See “The Business Rules Engine” and “Communications”

Multi-tier architecture Accommodates IT infrastructure See “The Architecture” Thin-client interfaces Reduced training and admin costs See “The Interfaces” Best-of-breed component model

Avoid heavy implementation costs See “The Architecture”

Integration with business and infrastructure applications

Better data utilization and reduced cost of integration

See “Middleware (Transaction Messaging)”

Use of standards where they exist

Reduced costs through compatibility and consistency

See “Standards & Protocols”

Security Better security See “The Business Rules Engine” Reliability Better application availability and

performance through load sharing, clustering and failover

See “Reliability”

Easy upgrading Improved reliability, reduced downtime and admin costs

See “The Active Data Dictionary”

The Architecture

The goal of the chris21 architecture is to provide a “best of breed” component model for HR/Payroll that accommodates integration with other line-of-business and infrastructure applications. The preference is to use proven technologies and be on the “leading edge” rather than “bleeding edge”.

The chris21 architecture is three-tier, with its centrepiece being the Business Rules Engine. It is designed to provide the best possible user experience even over low-bandwidth wide-area-network or Internet connections, and is form-based for low-chatter network traffic characteristics.


It has thin-client interfaces, a server based Business Rules Engine handling application logic and relational databases for data storage. It is flexible and compatible with a wide range of platforms to accommodate different infrastructure requirements.

Loose coupling between the interfaces and the Business Rules Engine, and form-based processing and other design techniques reduce network chatter. This increases the application’s tolerance of low bandwidth and high-latency network connections.

The interfaces communicate to the Business Rules Engine at the business transaction level; interfacing is not done at the data level. This ensures centralised and consistent application of all business rules, regardless of the interface. Security is also enhanced because users have no direct access to resources on the server – the Business Rules Engine does all the work on the user’s behalf.

An Active Data Dictionary maintains meta-data describing the data structures, transactions, validation, forms and linkages to be used by the Business Rules Engine.

The Interfaces

A number of interfaces are available to suit various requirements: a web browser interface for employee self service and manager approval (HR21), and for professional or power users a Windows interface (chris21).

These are all regarded as thin-clients, because they contain only interface and presentation logic; the business logic is maintained and executed by the Business Rules Engine. For example subsets of data validation checks are exported to the client for better responsiveness, but these checks are also applied by the Business Rules Engine to ensure consistency of data handling, regardless of the interface.

Desktop productivity tools such as MS Excel, MS Access and any other OLE Automation enabled applications can interface with the Business Rules Engine as tools for data exchange, bulk loading of transactions and other ad-hoc purposes.

Other “interfaces” include infrastructure and business systems such as Novell Dir/XML, MQ Series, portals and even other HR and payroll systems.

All interfaces run with the same architecture using simple and flexible “transaction messaging” to achieve a loosely coupled and secure interaction with the Business Rules Engine.

Loose coupling between the interfaces and the Business Rules Engine allows flexibility in the design of interfaces. This provides compatibility with Internet protocols and better performance characteristics for an improved user experience. For example form-based screens and “transaction messaging” allow faster data entry due to fewer network interactions.

All interfaces rely on “transaction messaging” and use the same Business Rules Engine:

The browser based HR21 for employee self-service and manager approval.


The chris21 Windows thin client interface for professional or power users.

Enterprise Application Integration (EAI) – interfaces with other business applications such as Identity Management and other HR/Payroll systems.

MS Excel and other OLE enabled productivity tools running macros for bulk data loading and other specific purposes.

Middleware (Transaction Messaging)

Transaction Messaging is a bit like a super API. All of the functions of the Business Rules Engine can be accessed using Transaction Messaging. The interfaces rely on Transaction Messaging exclusively.

Transaction messaging also provides Enterprise Application Integration (EAI) by allowing other business systems to interface to the Business Rules Engine for Business Process Management (BPM), Identity Management or any other infrastructure requirements. MQ Series, BizTalk, SeeBeyond, portals, even other personnel and payroll systems can use this facility.

Transaction Messaging is designed to provide a simple business transaction level method for all systems to communicate with the Business Rules Engine. This “information level” interaction as opposed to “data level”, ensures security and application level integrity control are applied consistently regardless of the interface.

Please refer to the paper “Application Integration - Introduction” for more detail on this subject.

Communications

Performance is enhanced by the low-bandwidth nature of Transaction Messaging and the low-chatter form-based interfaces.

Communication is handled using either XML Web Services, HTTP or TCP/IP protocols, depending on the interface:

HR21 uses HTTP/S protocol.

chris21 uses TCP/IP protocol by default. Purchase of the Internet Option allows use of HTTP/SSL for secure communication over internet connections or the use of clustered servers for increased reliability.

Tools (EAI and other tools) can be used with the Business Rules Engine, using the same protocols as the interface options you have purchased.


SSL encryption is supported with Web Services and HTTP, to provide secure communications. Under TCP/IP information is transmitted in non-clear text format.

Networking is handled over LAN, WAN, VPN, intranet or Internet connections.

Web services

The Web Services Option can be purchased for chris21 BRE for use with tools and EAI projects.

The use of web services enables the BRE to function as a service provider in a service-oriented architecture (SOA) with UDDI, WSDL, and SOAP.

The Web Services Option requires a Windows web server running IIS/ASP. The application server could however be any supported UNIX or Windows.

The Platforms

The architecture has been designed to be open and “network friendly”. This has been proven by our many installations. Standard Internet protocols and security features provide compatibility with existing networks and security infrastructures.

The Business Rules Engine runs on Windows, Linux and various UNIX platforms (Please refer to “Hardware Software and Network Requirements” paper for details).

There is no requirement for an Application Server Software environment such as J2EE. This avoids several issues – a potentially significant infrastructure expense, potential incompatibility with other applications in the environment and potential issues for future changes in the environment.

Process management is handled by Component Services (Windows 2000), FastCGI (UNIX Apache) or OpenUI - depending on the platform configuration chosen.

There is no requirement to use separate physical servers for each tier (application, web and database), however where performance and security are paramount, then this is desirable.

Relational databases can be Oracle or MS SQL Server.

The Business Rules Engine

The Business Rules Engine is the centrepiece of the architecture. It runs on a central server and conducts all data related work on behalf of the users and interfaces. Hence all business logic resides in one module in one location. The Business Rules Engine


executes the business rules and user-customisation as described by the Active Data Dictionary.

Interfaces communicate to the Business Rules Engine using Transaction Messaging. This “information level” interaction as opposed to “data level”, ensures security and application level integrity control are applied consistently regardless of the interface.

Security is enhanced because users have no access to resources on the server – the Business Rules Engine executes all transactions on the user’s behalf after validating their authority, naturally.

Process management can be handled by Component Services (Windows 2000), FastCGI (UNIX Apache) or OpenUI - depending on the platform configuration required.

Pooled mode

Any interface using HTTP or the web service (HR21 or chris21 with Internet Option) uses a BRE running in what is called “pooled mode” – where one or more pools of Business Rules Engines service incoming “transaction messages”.

In this mode the engines are stateless for more efficient handling of resources and for handling larger numbers of users.

Running in pooled mode allows better application availability and performance – see “Reliability” below.


Reliability

Better application availability and performance can be achieved through load sharing and clustering for redundancy and failover. Refer to the diagram showing improved reliability at each layer.

Web Server

Increase the availability and reliability of your Web Servers with Windows 2003 Server Cluster or set up a clustered IIS Web Server farm using Windows Server 2003 Network Load Balancing to provide increased reliability, load sharing and failover.

Application Layer

Windows application servers can be clustered using Windows 2003 Server Cluster to provide failover handling at the application layer.

Data Layer

The database server can be clustered using the techniques supported by the database vendor such as SQL Server 2005 Failover Clustering or Oracle Real Application Clusters (RAC).

Disk drives should also be provided with RAID or equivalent hardware techniques for data protection at the physical level.

Database replication services can be used to enable offsite disaster recovery with fully up-to-date data.


Reliability Diagram

chris21 is compatible with a variety of clustering techniques offering improved reliability.


The Active Data Dictionary

The Data Dictionary describes and controls the data structures, transactions, forms and linkages to be used by the business rules engine. This meta-data is stored in the database tables alongside the application data.

This Active Data Dictionary allows the Business Rules Engine to dynamically configure at runtime, to the customer’s region and licensed product set. For example, different tax fields are required in different regions and each product set requires additional forms and form variations.

The Data Dictionary is also user-customisable using online design tools (including GUI form designer). This allows the application’s functionality to be extended by the customer. New fields, tables, forms and business rules can be added as well as the existing ones customised.

Application upgrades are traditionally manual procedures that can involve days or weeks of error-prone script work with DDL/DML script to deal with the accumulated customisations at a site. However with this architecture the Data Dictionary holds all customisation details and upgrades are an automated process. This results in less downtime and more reliable outcomes.

The Data Layer

All access to data is handled indirectly by sending “transaction messages” to the Business Rules Engine. This avoids direct access by interfaces to the database:

Ensures consistent application of the business rules regardless of the interface.

Security is enhanced because users have no access to resources on the server – the Business Rules Engine does all the work on the user’s behalf.

Reduces the number of database connections and increases scalability.

Relational databases can be Oracle or MS SQL Server or data can be stored in the default indexed files called Vision, which can also be encrypted.

Data manipulation is performed using native SQL for best performance, control and compatibility with future developments in relational database technologies, such as “grid” and “RAC”.


Application Services

Security

Security is enhanced because users have no access to resources on the server – the Business Rules Engine does all the work on the user’s behalf. File services and directory level security are locked down and all access to data is handled indirectly by sending “transaction messages” to the Business Rules Engine.

Logon authentication can be controlled using Single Sign-on or LDAP with a Directory Service, otherwise it is controlled by the Business Rules Engine using an application level security profile.

Transaction level security is controlled by the Business Rules Engine and the user’s application level security profile. This profile applies security by User-id, form name, organisation area (location, division, department etc), organisation level (1-9) and access level (delete, add, change, enquire only) for all forms in the system.

LDAP – Directory Services

LDAP is about authenticating users at logon against an external identity source. Instead of each application maintaining its own database of user information, a "directory service" or “enterprise directory” source holds this information for all users in the enterprise. Each application authenticates users against this central directory service using a standard called LDAP.

Having the login id and password in one location and using LDAP enabled applications provides the benefit of Same Sign-on – users have one account, hence less administration and better security.

Single Sign-on – Integrated Windows Authentication

Single Sign-on is about enabling users to login without being prompted for a login-id and password; instead they are authenticated automatically by the web server. This requires a web server configured for Integrated Windows Authentication.

This provides the user convenience of single sign-on functionality while removing the Administrator’s need to maintain a set of user logins and passwords.

Security is improved by eliminating the user prompt for login-id and password, thereby reducing risk from keyboard loggers; transmission and users not recording their details securely. The passwords never leave the enterprise directory.


Process Management

Process management of the Business Rules Engine is handled by Pooled Services (Windows), FastCGI (UNIX) or OpenUI - depending on the platform configuration required.

Scheduling

Reports and other long running processes can be batched or scheduled to be run at particular dates & times. Scheduled processes can be run recurringly on daily, weekly or monthly cycles. The ability to run reports and long running processes is controlled by application security.

An administrator controlled limit is used to govern the maximum number of concurrently running processes – which helps to control performance and response times for on-line users.

The scheduling mechanism is controlled by an instance of the Business Rules Engine called the SBRE (scheduler Business Rules Engine). The SBRE manages a pool of other Business Rules Engines to run processes, subject to the limit. Operating system specific and third-party scheduling mechanisms are not used for this function.

SMTP – Email Services

Simple Mail Transfer Protocol - is used from the Business Rules Engine server for email messaging. Emailing is used for workflow notification, SMS alerts, automatic diary entries and other functions.

SQL – Database Services

Structured Query Language - Communication with the main relational database is done using SQL (specifically PRO*C for Oracle and SQL/ODBC with MS SQL Server). ANSI Standard SQL is used wherever possible, however there are extensions, which each database vendor provides that are important for providing best performance and data integrity control.

Legacy Interfaces

These are flat-file input-output processes for interfacing with legacy applications such as General Ledger and Timecard machines.


Standards & Protocols

The use of standards provides benefits covering: compatibility, integration, training and future support.

The system uses these standards: SQL, SMS, Documents (PDF, RTF, HTML), Graphics (JPEG, BMP, PNG), XML (Schema), Web Services (SOAP, WSDL, UDDI), Web related communications protocols (TCP/IP, HTTP, HTTPS, SSL, SMTP), Security (LDAP, Integrated Windows Authentication).


Architecture – Physical Connectivity

BusinessRules

Engine

ApplicationData and Data

Dictionary

Internet - HTTP/SSLLAN/WAN/VPN - TCP/IP

Database Server

Application Server Application Services

Web Server in firewalldemilitarized zone (DMZ)

Firewall

Unix Apache/FastCGI orWindows web serverrunning Scalable PooledAgent (SPA) tocommunicate with BRE

Enterprise ApplicationIntegration (EAI) and

Portals

Tools such as Excelmacros and other

ActiveX enabled toolsused for data

exchange

Userinterfaces

Security

Scheduling

Process Management

SMTP Email Services

LDAP Directory Services

SQL Database Services

Legacy Interfaces

Other