September 1, 1998 IT System for CIMSS, IISc 1

IT System for CIMSS, IISc

• By the IT Subcommittee of the CIMSS Project– Jayant Haritsa (SERC)– R. Krishnamurthy (SERC)– Anurag Kumar (ECE, Convener)– V. Kumaran (Chem. Engg.)– Y.N. Srikanth (CSA)– V. Vinay (CSA)

September 1, 1998 IT System for CIMSS, IISc 2

IT System Functions

• System users– faculty, admin officers, and case workers

• Document preparation, movement, storage, access and manipulation

• Implementation of office workflow– e.g., indent “flows” from faculty to chairman to purchase to audit,

…etc.– authentication, annotation, and signatures at each step– tracking of workflows

• The “IT System” is the platform on which these functions are implemented

September 1, 1998 IT System for CIMSS, IISc 3

Design Considerations

• Client independence– variety of hardware and operating systems on campus– system should not be client dependent

• Difficult to maintain security and integrity of multiple servers in multiple locations– power supply, air-conditioning, cleanliness, etc.

• Work should not actually flow to the clients– messy to recover from client crash– harder to track status of work

• Aim for completely paperless system

September 1, 1998 IT System for CIMSS, IISc 4

Design Decisions

• Web based client server interaction– clients only need a web browser – plug -ins needed for digital signatures, and document upload

• Central server– with redundant hardware and storage– in a well prepared site

• All data and work-in-progress resides in data-base in central server– workflow implemented by manipulating references to the

documents

September 1, 1998 IT System for CIMSS, IISc 5

CIMSS Network Architecture

client

Scannerand

fax modem

Typical dept. LAN

clientScanner

andfax modem

Typical admin workstation

Server LANfirewall

Admin LAN

CIMSS central server

Campus network backbone(optical fibre)

Exi

stin

g sy

stem

sP

ropo

sed

syst

ems

Server LAN

September 1, 1998 IT System for CIMSS, IISc 6

CIMSS Central Server

UNIX operating system

Web server with security

features

Secure socketlayer

TCP/IP

Workflow software

and databasemanagement

system

CIMSS server LAN

Redundant disks

with C

IMS

S database

Server machine

to/from campus LAN

Off-the-shelfproprietary

StandardUNIX

system

Programmable/configurableapplication software

September 1, 1998 IT System for CIMSS, IISc 7

Virtual Workflow

CIMSScentralserver

Work does not“flow” between

server and clients;only references change

in data-base

forms

forms

forms

Requests, and data entry

Requests, and data entry

Requests, d

ata entryFaculty member

Admin officer

Case worker

September 1, 1998 IT System for CIMSS, IISc 8

Layers of Security

firewall

secure socketlayer

secure socketlayer

authenticated login; secret keysession security, with key aging

web browserwith

authenticationplugin

web serverwith public key

certificate server

digital signatures

blocksunauthorised

packets

campus network

client central server

fingerprint-basedsecurity for

console access

September 1, 1998 IT System for CIMSS, IISc 9

Product Selection (Hardware)

• Central CIMSS server– SUN Ultra Sparc 450, with Solaris (UNIX)– redundant disk drives (RAID)– redundant power supply, ethernet controller, disk controller

• Firewall– Cisco PIX– proprietary hardware and operating system– high performance

• Clients– PCs with Windows 95/98, NT– PCs with Linux– Standard UNIX workstations

September 1, 1998 IT System for CIMSS, IISc 10

Product Selection (Software)

• Data base system– ORACLE enterprise server

• Workflow definition software– ORACLE workflow

• Web server– NETSCAPE

• Public key server (Certification Authority)– included in the NETSCAPE server

• Client web browser– Netscape or (MS) Internet Explorer

September 1, 1998 IT System for CIMSS, IISc 11

Application Development

• Server software– implementation of workflows– development of forms and interfaces

• Client software– browser plug-ins for supporting:

• digital signatures• upload of scanned documents (e.g., quotations)

September 1, 1998 IT System for CIMSS, IISc 12

• Central server location– stable power supply– prevention of fire, dampness, lightning strike, etc.

• Data back-up– back-up copies should be stored in separate site

• Security and authentication– at present only 40-bit security available, owing to US export

restrictions– this should be upgraded as and when available– key-aging, within sessions, is an interim solution

Some Implementation Concerns

September 1, 1998 IT System for CIMSS, IISc 13

Vendor Selection

• First round of vendor proposals– Tata Consultancy Services– CMC– Planetasia– Faculties India– Tata Infotech– Logic Point

• Short list; second round– Planetasia– Tata Infotech

• Final negotiations are under way with– Tata Infotech