Deploying Scalable and Secure eCommerce
Deploying Scalable and Secure eCommerce
Solutions for MultiValue Applications
Solutions for MultiValue Applications
Tuesday, March 7, 2006
Tuesday, March 7, 2006
Ken Dickinson
Ken Dickinson
Managing Partner, Kore Technologies
Prerequisites for Session
Prerequisites for Session
•
•
ActiveX
ActiveX
•
•
C#
C#
•
•
MOM
MOM
•
•
AJAX
AJAX
•
•
ADO.Net
ADO.Net
•
•
J2EE
J2EE
•
•
XQL
XQL
•
•
Javascript
Javascript
•
•
DHTML
DHTML
•
•
DOM
DOM
•
•
IIS
IIS
•
•
ODBC
ODBC
•
•
XSLT
XSLT
•
•
SOAP
SOAP
•
•
Web 2.0
Web 2.0
•
•
Java
Java
•
•
Apache
Apache
•
•
SSIS
SSIS
•
•
DTS
DTS
•
•
webSphere
webSphere
MQ
MQ
•
•
MSMQ
MSMQ
•
•
Diet Coke
Diet Coke
•
•
BizTalk
BizTalk
•
•
webMethods
webMethods
•
•
CSLA
CSLA
•
•
DDL
DDL
•
•
XSD
XSD
•
•
Perl
Perl
Agenda
Agenda
•
•
About Kore
About Kore
•
•
Key Functional Questions
Key Functional Questions
•
•
Key Architectural Decisions
Key Architectural Decisions
–
–
Synchronous Model (Pros/Cons)
Synchronous Model (Pros/Cons)
–
–
Asynchronous Model (Pros/Cons)
Asynchronous Model (Pros/Cons)
–
–
Best Practices
Best Practices
•
•
Security Considerations
Security Considerations
•
•
Leveraging MS Technology
Leveraging MS Technology
•
•
KommerceServer Solution
KommerceServer Solution
•
About Kore Technologies
About Kore Technologies
•
•
San Diego Company, Founded 1999
San Diego Company, Founded 1999
•
•
MultiValue Database Experts
MultiValue Database Experts
•
•
Enterprise Application Experts
Enterprise Application Experts
•
•
Specialize in
Specialize in
Extending the Enterprise
Extending the Enterprise
Through Integrated Best
Through Integrated Best
-
-
In
In
-
-
Class Solutions
Class Solutions
.
.
•
•
Full
Full
-
-
Service Organization offering suite of
Service Organization offering suite of
products, services, and support.
products, services, and support.
•
•
KommerceServer
KommerceServer
(Web Applications)
(Web Applications)
•
•
Kourier
Kourier
(Business Automation & Integration)
(Business Automation & Integration)
•
•
Technology Used: IBM U2, C#, XML,
Technology Used: IBM U2, C#, XML,
Microsoft SQL Server, Integration &
Microsoft SQL Server, Integration &
Web Services, and .NET
Web Services, and .NET
Key Questions
Key Questions
•
•
Who
Who
–– Will be accessing the Web site?Will be accessing the Web site? –
– Will be maintaining the Web site?Will be maintaining the Web site?
•
•
What
What
–– Information do I want to expose?Information do I want to expose? –
– Architecture and technologies should be used?Architecture and technologies should be used?
•
•
When
When
–– Will users access the website?Will users access the website? –
– Will you schedule system maintenance & backupsWill you schedule system maintenance & backups
•
•
Where
Where
–– Will the website be hosted? Will the website be hosted? –
– Will the web data be stored?Will the web data be stored?
•
•
Why
Why
–– Am I doing this again? Am I doing this again?
9 Save Money
What can the Web Do?
What can the Web Do?
•
•
Marketing (Corporate presence)
Marketing (Corporate presence)
•
•
Customer Portal (Order status)
Customer Portal (Order status)
•
•
On
On
-
-
Line Purchasing
Line Purchasing
•
•
Sales Force Enablement
Sales Force Enablement
•
•
Customer Help Desk (Self Serve)
Customer Help Desk (Self Serve)
•
•
Vendor Managed Inventory/RFQ
Vendor Managed Inventory/RFQ
•
•
Business Exchange (
Business Exchange (
buy.com
buy.com
)
)
•
•
EDI Gateway
EDI Gateway
•
Key Architecture Questions
Key Architecture Questions
•
•
Where will the Data be Stored?
Where will the Data be Stored?
–
–
Main Business System Database (direct)
Main Business System Database (direct)
–
–
Independent Database (indirect)
Independent Database (indirect)
•
•
How will the Transactions be Processed?
How will the Transactions be Processed?
–
–
Single phase (synchronous)
Single phase (synchronous)
–
–
Multiple phase (asynchronous)
Multiple phase (asynchronous)
Direct/Synchronous
Direct/Synchronous
Direct/Asynchronous
Direct/Asynchronous
Indirect/Synchronous
Synchronous Model
Synchronous Model
(Direct)
(Direct)
Firewall / Tunnel ProsPros ConsCons
Data Accuracy
Data Accuracy Security RiskSecurity Risk
Real
Real--TimeTime PerformancePerformance
Simple Implementation
Simple Implementation Cannot Operate IndependentlyCannot Operate Independently Familiar Development
Familiar Development Difficult to Host (CoDifficult to Host (Co--Locate)Locate)
Scaling the Synchronous Model
Scaling the Synchronous Model
Performance
UsersAsynchronous Model
Asynchronous Model
(Indirect)
(Indirect)
Pros
Pros ConsCons
Secure
Secure Difficult ImplementationDifficult Implementation Performance
Performance MaintenanceMaintenance
Independent Operation
Independent Operation Unfamiliar TechnologyUnfamiliar Technology Flexible / Extensible
Flexible / Extensible
Firewall / Tunnel Firewall / Tunnel
Web Server Business Server MV DB Users Indirect Middleware Server Indirect
Scaling the Asynchronous Model
Scaling the Asynchronous Model
Users
Best Practice (IMHO)
Best Practice (IMHO)
Advantages
Advantages
Secure
Secure
Performance
Performance
Independent Operation
Independent Operation
Flexible / Extensible
Flexible / Extensible
Scalable
Scalable
Use Asynchronous Model
Use Asynchronous Model
…
…
•
• Remote Users Outside Your Remote Users Outside Your Company
Company
•
• Expansive AudienceExpansive Audience •
• Expansive Data Sources or Expansive Data Sources or Functionality
Functionality
Advantages
Advantages
Real
Real
-
-
Time
Time
Simple Implementation
Simple Implementation
Familiar Development
Familiar Development
Use Synchronous Model
Use Synchronous Model
…
…
•
• Internal ApplicationsInternal Applications •
• Limited AudienceLimited Audience •
• Single Data SourceSingle Data Source (Veneer to Legacy)
Security Considerations
Security Considerations
•
• NetworkNetwork
–
– Firewall (Outbound connections only)Firewall (Outbound connections only)
•
• DatabaseDatabase
–
– SQL injection (DonSQL injection (Don’’t Expose DB t Expose DB schema)
schema)
–
– Shared user (Limit Access)Shared user (Limit Access)
•
• Web SolutionWeb Solution
–
– CrossCross--site scripting (Request site scripting (Request validation
validation -- .Net).Net) –
– Password Guessing (Detect & Disable)Password Guessing (Detect & Disable) –
– Credit Card processing (SSL + Credit Card processing (SSL + Certificates)
Certificates)
•
• Web ServerWeb Server
–
– IIS Settings (Lockdown)IIS Settings (Lockdown) –
– Hosting Services (Reputable)Hosting Services (Reputable)
•
• BrowsersBrowsers
–
– Certificates (Detect DNS poisoning)Certificates (Detect DNS poisoning) –
– PopPop--Up Blockers (Minimize reliance)Up Blockers (Minimize reliance)
Web Solution
Middleware Server MS IIS
Leveraging MS Technology
Leveraging MS Technology
WebSite SQL Microsoft Business Intelligence Services KommerceServerKommerceServer
KommerceServer
•
•
Complete Suite of Web Solutions
Complete Suite of Web Solutions
•
•
Uses Microsoft SQL database
Uses Microsoft SQL database
•
•
Microsoft .NET architecture
Microsoft .NET architecture
•
•
Highly Reliable & Scalable & Secure
Highly Reliable & Scalable & Secure
•
•
Runs stand
Runs stand
-
-
alone or integrated
alone or integrated
•
•
Customizable to your look and Feel
Customizable to your look and Feel
Storefront Software and Web Solutions
That are Second to None
KommerceServer Product Suite
KommerceServer Product Suite
•
•
webStoreFront
webStoreFront
–
– Powerful B2B & B2C eCommerce Storefront Powerful B2B & B2C eCommerce Storefront –
– OnOn--line product catalog w/databaseline product catalog w/database--driven contentdriven content
•
•
webPortal
webPortal
–
– Customer Portal provides information access 24/7 Customer Portal provides information access 24/7 –
– Orders, Orders, RMAsRMAs, Invoices, and shipment tracking, Invoices, and shipment tracking
•
•
webConfigurator
webConfigurator
–
– Purchase ConfigurePurchase Configure--toto--order products onlineorder products online –
– Uses interactive Q&A or catalog stringUses interactive Q&A or catalog string
•
•
webSalesForce
webSalesForce
–
– Sales Force Automation and Contact ManagementSales Force Automation and Contact Management –
– Enter Quotes & Orders; Report Bookings & CommissionsEnter Quotes & Orders; Report Bookings & Commissions
•
•
webServiceCenter
webServiceCenter
–
– Manage customers at a glance Manage customers at a glance –
– Includes field service repairs and warranty tracking. Includes field service repairs and warranty tracking.
