Showing papers in "IT Professional in 2001"

Understanding Web services

Abstract: Web services are a new breed of Web applications. These independent application components are published on to the Web in such a way that other Web applications can find and use them. They take the Web to its next stage of evolution, in which software components can discover other software components and conduct business transactions. Examples of Web services include a credit card service that processes credit card transactions for a given account number, a market data service that provides stock market data associated with a specified stock symbol, and an airline service that provides flight schedule, availability, and reservation functionalities. Major vendors like IBM, Microsoft, Hewlett-Packard, and Sun, among others, are investing heavily in Web services technology. Ranging from simple to complex, Web services bring the promise of flexible, open-standards-based, distributed computing to the Internet.

A practical guide to biometric security technology

Abstract: As organizations search for more secure authentication methods for user access, e-commerce and other security applications, biometrics is gaining increasing attention But should your company use biometrics? And, if so, which ones should you use and how do you choose them? There is no one best biometric technology Different applications require different biometrics To select the right biometric for your situation, you will need to navigate through some complex vendor products and keep an eye on future developments in technology and standards Your options have never been more diverse After years of research and development, vendors now have several products to offer Some are relatively immature, having only recently become commercially available, but even these can substantially improve your company's information security posture We briefly describe some emerging biometric technologies to help guide your decision making

SOAP cleans up interoperability problems on the Web

Abstract: The Simple Object Access Protocol (SOAP) simplifies information exchange across a variety of platforms because it is not tied to any specific object model. SOAP offers interoperability across a wide variety of platforms. It enables interoperability by providing a generalized specification for invoking methods on objects and components using standard hypertext transfer protocol (HTTP) calls and Extensible Markup Language (XML) data formats. SOAP is not tied to a specific object model, so a client written in Microsoft Visual Basic, for example, could use SOAP to access a method in a Common Object Request Broker Architecture (CORBA) object running on a Unix platform.

Enterprise architecture: agile transition and implementation

Abstract: In our previous articles, we made the case for having an enterprise architecture and discussed the first phases of an architecture development process. The second article concentrated on describing the baseline architecture and defining the target architecture. We complete our discussion of the methodology by focusing on transition and implementation planning. Transition planning focuses on deriving a time-phased set of actions to achieve a given goal-in this case, implementation of the target architecture. Large organizations will remediate, renovate, or replace many systems concurrently. In doing so, they must recognize interdependencies among systems and accommodate them in activity scheduling. Implementation planning has a different time frame and a different audience. It maps resources (people, places, things, and funding) to transition planning activities.

Cross-platform integration with XML and SOAP

Abstract: The current rage for middleware has provided tremendous opportunities for those who love to build complex distributed software applications. Interoperability is no longer a fringe movement; it's become mainstream. The big three-Microsoft, IBM, and Sun Microsystems-are now investing considerable resources into interoperability research. I tackle the abstract concept of software interoperability and how the Extensible Markup Language (XML) and Simple Object Access Protocol (SOAP) can assist in integrating business applications. Together with the concept of Web services, these standards could provide an alternative to what organizations do today: rely on the batch export of data to integrate software applications.

Using OLAP and multidimensional data for decision making

Abstract: Managers see information as a critical resource and require systems that let them exploit it for competitive advantage. One way to better use organizational information is via online analytical processing and multidimensional databases (MDDBs). OLAP and MDDBs present summarized information from company databases. They use multidimensional structures that let managers slice and dice views of company performance data and drill down into trouble spots. For over a decade, proponents have touted these tools as the ultimate executive information system, but most of the hype comes from product vendors themselves. Based on our experience with several OLAP tools, we have developed a more pragmatic approach to the design of multidimensional information systems that lets managers make the most of their companies' information assets.

XML schema language: taking XML to the next level

Abstract: Schemas add data typing and inheritance features, giving XML the sophistication required to create enterprise-class business applications. The XML schema language describes the legal structure, content, and constraints of XML documents. The XML schema language provides the necessary framework for creating XML documents by specifying the valid structure, constraints, and data types for the various elements and attributes of an XML document. Schema language provides enhanced as well as more comprehensive and powerful features than a document type definition (DTD). The XML schema language provides the rich data typing associated with ordinary programming languages. The W3C XML schema specification defines several different built-in data types, such as string, integer, Boolean, date, and time, among others. The specification also provides the capability for defining new types. Developers can use these built-in as well as user-defined data types to effectively define and constrain XML document attributes and element values.

Exploring content delivery networking

Abstract: One of the hot topics in the networking industry is content delivery networking. Unfortunately, if you ask five people for a definition of a content delivery network (CDN), you will probably get five different answers. We hope to clear up some of the confusion surrounding CDNs, discuss how typical enterprise and service provider networks are likely to use them, and describe the business drivers that will fuel their growth in the coming years.

Measures for e-business value assessment

Abstract: Companies are investing heavily to leverage the Internet and transform their traditional businesses into e-businesses. Senior managers are increasingly under pressure to justify e-business costs. Do these investments pay off? And if so, how can a company make sure they keep paying off? Managers in successful companies struggle to articulate where benefits come from, and those without success strive to find a way to turn things around and cash in on e-business initiatives. We previously discussed results from an extensive survey about how eight key drivers affect a company's e-business success. Researchers from the Center for Research in Electronic Commerce at the McCombs School of Business, the University of Texas at Austin, conducted the survey to assess e-business value in small, medium, and large companies across the US and Europe. The study identified critical links between e-business drivers, operational excellence measures, and financial success measures. We describe these links in detail, showing that e-business initiatives improve operational excellence, which in turn improves financial performance.

Revisiting single sign-on: a pragmatic approach in a new context

Abstract: Single sign-on is a solution that lets users authenticate themselves once and access different applications without reauthentication. SSO assists users through all the procedures required to access heterogeneous applications. Using applications becomes easier, technical-assistance costs go down, and security improves. However, getting the most of the solution requires understanding related domains such as central user administration, the enterprise directory, and Web single sign-on. SSO is a moving target in a changing context. Many new devices, applications, and authentication methods are on the horizon, and although the general issue remains relatively simple and clearly defined, the solution's integration in an IT environment can become complicated. For these reasons, I draw attention to some of the main problems related to SSO initiatives and discuss the SSO strategy at Pictet, a private Swiss bank.

Ethernet takes on the first mile

Abstract: In the first mile, Ethernet is emerging as the frontrunner for transporting broadband Internet protocol transmissions. The paper considers how Ethernet in the first mile (EFM) is poised to enhance the local subscriber network with IP-centric broadband services, letting local carriers build a converged broadband infrastructure. Ethernet promises to bring about the same revolution in access networking that it created in enterprise networking: fast, simple, inexpensive, reliable, interoperable and ubiquitous connectivity.

Bridging e-business and added trust: keys to e-business growth

Abstract: Systems based on a proper public-key infrastructure (PKI) architecture offer the missing trust and interoperability necessary for e-commerce expansion. As the number of services available to users continues to increase, so will the need to maintain the user's identity in a secured, trusted manner. The user name and password concept has worked thus far but lacks the portability and scalability that global e-commerce demands. An interoperable PKI system that offers trust services between users will become a common industry practice. We envision that the future global e-commerce system should work with various devices, from desktops to handheld computers. Eventually one certificate will represent an individual across multiple services and devices.

Assessing Web-enabled call center technologies

Abstract: E-commerce's explosive growth has seen corporate Web sites mature from electronic versions of glossy brochures to full-service storefronts. To support this new environment, companies are providing real-time customer service to their Web customers. Despite this tremendous e-commerce growth, many people remain reluctant to complete a Web transaction without first talking to a live agent. Corporations are linking their Web sites to call centers where pools of trained agents can assist Web shoppers that need help in real time. To provide Web visitors with instant customer service, retailers are adding a talk-to-agent button on Web pages. When a visitor presses the button, the Web site will present the caller with several options for actuary talking to an agent. These options include e-mail, text chat, agent callback, and Internet telephony. There are two main technology alternatives that a call center can implement for Web integration. The first technology enables a traditional call center that has circuit-switched-based systems to support talk-to-agent alternatives. The second technology is the implementation of an all-IP call center infrastructure. Mitretek's Call Center Lab has assessed several products.

The case for building a data warehouse

Abstract: Unfortunately, IT shops in many organizations lack data warehousing expertise because they have deployed existing IT staff resources to address operational source systems and enterprise resource planning (ERP) systems. Because many strategic business solutions depend heavily on a solid data warehouse foundation, many organizations will find themselves lagging behind or out of business, if they do not implement a data warehouse. The paper discusses the benefits and disadvantages of data warehousing. It considers the keys to implementation success along with a few real world examples.

A new paradigm for IP-based cellular networks

Abstract: Flash-OFDM is an air interface technology that is greater than the sum of its parts. It enables the Internet's seamless, affordable extension to the wide-area mobile environment in an IP-transparent fashion and without modification to existing applications. It also adapts wireless to the Internet-not vice versa-so that the mobile and fixed Internet realms remain essentially the same. The pure IP-based cellular network architecture described is a natural consequence of the technology. It is a straightforward, consistent, and effective architecture that stands in marked contrast to the evolving 3G all-IP cellular architectures.

IEEE 802.11: moving closer to practical wireless LANs

Abstract: Although the IEEE 802.11 standard has been around since 1997, work continues to make it more adaptable to the demand for higher data rates and true wireless flexibility. Until recently, few organizations used wireless LANs because they cost too much, their data rates were too low, they posed occupational safety problems because of concerns about the health effects of electromagnetic radiation, and the spectrum used required a license. Today, these problems have largely diminished, and wireless LAN popularity is skyrocketing. Wireless LANs must meet requirements typical of any LAN. They must also meet requirements specific to their intended environment. IEEE 802.11 defines several services that the wireless LAN must provide if its usefulness is to match the functionality inherent in wired LANs. IEEE 802.11 is poised to have a significant impact on the LAN marketplace. As the demand for mobility and freedom from wiring requirements increases, the standard offers a comprehensive yet flexible approach to wireless LAN products.

A practical approach to enterprise IT security

Abstract: As the Internet has matured, so have the threats to its safe use, and so must the security measures that enable its business use. Traditional piecemeal, single-layer, single-dimensional security approaches are no longer adequate. These approaches can create a false sense of security and create as many problems as they attempt to address. We propose a multifaceted framework to prevent, detect, and respond to ever more sophisticated threats to enterprise IT information and assets. We outline a practical implementation approach to building enterprise IT security mechanisms in an incremental and continuous fashion. We believe that enterprises should adopt a similar multifaceted framework, following a practical but disciplined implementation approach. Enterprises must treat IT security as a required business enabler rather than just a costly item with low priority.

A planning framework far implementing virtual private networks

Abstract: Because there is no single virtual private network (VPN) solution, it's critical to have a planning framework to ensure successful deployment. A VPN is virtual in that it has no corresponding physical network but rather shares physical circuits with other traffic. A VPN is private in that it isolates Internet traffic with routing and secures if with encryption. The use of "private" and "Internet based" to describe the same service appears to be an oxymoron, but we explain how VPNs manage to be both. Many choices will confront you in considering how to deploy a VPN. We briefly describe the core choices such as the different types of VPNs, encryption, firewalls, and how to accommodate legacy systems. Each distinct VPN solution has its own strengths, weaknesses, and price tag; IT professionals must weigh these characteristics against business requirements.

Myths about outsourcing to application service providers

Abstract: Which applications are organizations outsourcing to ASPs? What did they hope to gain? And what are the critical success factors for organizations using ASPs? To assess these issues we cosponsored a study to assess organizational attitudes and adoption metrics for ASPs. Our survey garnered 256 usable responses from businesses regarding their use of ASPs. The study indicated that a significant number of respondents believed ASPs offer a fast-track way of implementing IT projects. However, 80 percent also favored internal implementation for core IT projects, which suggests that other factors still present a substantial barrier to ASP adoption. Nevertheless, companies are outsourcing some core applications - such as supply chain management and e-commerce - and several non-core applications. This outsourcing implies that companies perceive a significant benefit to ASP adoption. The message for users is unambiguous: to succeed, understand how Internet outsourcing works for your company, benchmark against successful ASP adopters, and establish a common criterion for evaluating an ASP.

Monitoring your IT gear: the MRTG story

Abstract: About six years ago I was working as a system manager at a university in the UK. This 20,000 person outfit had a single 64 Kbit Internet link. The campus itself was well connected within, so you can imagine what happened on that Internet link. During working hours, it was almost unusable as everybody was working hard to squeeze some bytes through it. Working in the central IT services group, I figured it might help people to know whether the link was slow because it was full or because it was broken. After some initial experiments with shell scripts-snmpget and gnuplot-I wrote my first big Perl script: the Multi Router Traffic Grapher (MRTG). This tool ran on our Web server. Every 5 minutes it read the inbound and outbound octet counters off our Internet gateway router. By building the difference between two consecutive readouts and dividing the result by the elapsed time, it could determine the average data rate on the link for the past 5 minutes. It logged this data and drew graphs for a Web page, where everybody could readily see the link's state. At the time, we were also discussing the need for a faster link with university management. MRTG provided us with exactly the type of easy-to-understand information required to sell a faster link to management.

Adapting methodologies for doing software right

Abstract: There is nothing so important to the IT professional charged with developing software as delivering a project that meets user requirements and is on time and on budget. In reality, most projects fail in one or more of these areas. This is why having the appropriate project methodology can help. Project methodologies have been around for ages, taken different guises, and had different support in the enterprise. The paper discusses the importance of using software methodologies and some common misconceptions.

Testing e-commerce systems: a practical guide

Abstract: Testing has a crucial role in the overall development process. Given unlimited time and resources, you could test a system to exhaustion. However, most projects operate within fixed budgets and time scales, so project managers need a systematic and cost-effective approach to testing that maximizes test confidence. This article provides a quick and practical introduction to testing medium- to large-scale transactional e-commerce systems based on project experiences developing tailored solutions for B2C Web retailing and B2B procurement. Typical of most e-commerce systems, the application architecture includes front-end content delivery and management systems, and back-end transaction processing and legacy integration. Aimed primarily at project and test managers, this article explains how to establish a systematic process, and how to test e-commerce systems.

Package-oriented software engineering: a generic architecture

Abstract: New methodologies and better techniques are the rule in software engineering, and users of large and complex methodologies benefit greatly from specialized software support tools. However, developing such tools is both difficult and expensive, because developers must implement a lot of functionality in a short time. A promising solution is component-based software development, in particular package-oriented programming (POP). POP fails, however, to satisfy all the requirements of large, complex software engineering tasks. A more generic POP architecture would better serve the development of software engineering environments for large and complex methodologies. Such an architecture emerged from our development experiences with two software engineering research tools: Holmes, a domain analysis support tool; and Egidio, a unified-modeling-language-based business modeling tool. We found this particular architecture simple to understand, easy to implement, and a natural candidate for a generic POP architecture. Our generic architecture satisfies the additional requirements we deem important for larger, more complex software engineering activities. Our experiences show that the strength of this architecture lies in its simplicity and ability to work with multiple users and quickly integrate a wide variety of applications. It is not perfect, but we present it as a first step toward a more general package-oriented architecture to encourage further research in this area.

Enterprise computing with Jini technology

Abstract: You may think of Jini technology from Sun Microsystems as software for networking embedded systems-machines that contain a microprocessor and do a specific task. But more specifically, Jini software gives network devices self-configuration and self-management capabilities; it lets devices communicate immediately on a network without human intervention. These networks are also self-healing in that devices that leave the network for any reason (machine crashes or power surges, for example) do not affect the remaining devices' operation. A Jini client that loses contact with a server can recover and continue processing. Although it is precisely these advantages that make Jini technology attractive for embedded systems, why stop there? Network plug-and-play capabilities and self-configuration are also attractive for enterprise computing. Java, for example, was initially designed for embedded devices. But that hasn't stopped it from becoming a major force in enterprise computing. Does Java drive your Web server or backend application? At many companies, it does-not a bad accomplishment for an embedded system language. We contend that Jini technology's true promise lies in enterprise computing because it has unique abilities that extend beyond plug-and-play network connectivity.

The ABCs of IEEE 802.77

Abstract: Wireless LAN technology is a swiftly moving target. Knowing the basics can help you deploy it safely in your organization. WLAN is actually a series of standards and not just one. The initial IEEE 802.11 standard supported three transmission methods-infrared, direct sequence spread spectrum, and frequency hopping spread spectrum-although a single product would use only one method. All three transmission methods can operate at 1 and 2 Mbps.

Lessons from an ERP implementation

Abstract: In 1999, the University of Wisconsin-Superior (UWS) launched a project to implement an enterprise resource planning (ERP) system called PeopleSoft Student Administration (SA). The new system would replace the university's aging, home-built legacy student information system (SIS) and several third-party subsystems. The university's chancellor and provost envisioned that the SA system would integrate existing administrative subsystems, meet increased demand for student Web-based services, and provide prompt and accurate reports. The implementation was, by and large, a success. In the paper implementers of the university ERP system share experiences and lessons from an IT perspective.

Getting started with IT asset management

Abstract: Asset management is a combination of tools and processes that proactively manage a company's entire asset base from a cost, contractual, support, and inventory viewpoint. This definition stems from the basics of a company's business functions; several common threads lead to a fundamental definition. At the root of business you find a basic equation: assets+people=profits. Since this equation underlies basic business fundamentals, business managers must support each aspect of the equation, and asset management tools and processes must address each area. Companies must possess certain competencies to maximize their effectiveness in each area. Ownership data allows companies to look at their asset base from a strategic business perspective. Help desk and deployment tools remain tactical tools to solve today's problems. Separately or together they do not constitute asset management. To truly manage assets we need all three competencies. Help desks support people and deployment tools support the assets. Ownership management tools support the process by maximizing asset use while lowering the cost of ownership.

Nontechnical hurdles to implementing effective security policies

Abstract: There are no secure sites on the Internet, only vigilant ones. The main hurdle to adequate security is not the lack of security technology, tools, and products, but undereducated network administrators, corporate managers, and users. While attackers constantly are coming up with new ways to defeat improved security protection, the truth is that sophisticated attacks usually are unnecessary. A large percentage of sites have only the most rudimentary security measures in place. Many companies still don't understand security risks and the importance of secure systems. Both system administrators and corporate managers need this education, because for security policies to be effective, they have to be implemented and enforced from the top down. Indentifying and appreciating the reality of the lack of security at many sites around the Net is a first step in fixing the situation. The typical challenge to those of us in security is to look outside of our own network. However, we also have to be mindful of what is or is not going on right behind us, and why.

Breathing life into legacy

Abstract: The Internet makes it imperative to unlock legacy data. Three technologies may let companies dust off legacy code and make it work with the Web: Extensible Markup Language, or XML, describes data through the use of tags, eliminating the need to conform to a specific programming infrastructure; Web services let companies wrap software and tailor its distribution, allowing innovative code configurations; and wireless technology offers the ability to get legacy content to mobile workers and clients. Each technology is part of the new arsenal for leveraging existing applications and data, perhaps realizing the elusive goal of anywhere, anytime services.