Creating a backend framework using Site Server 3'0

1
Creating a backend framework using Site Server 3.0

• Presented by Marco Tabini

2
Goals

• Understanding the structure of a complete
  e-commerce system
• Designing an e-commerce infrastructure
• Understanding business-to-business communications
• Designing and implementing interchanges

3
Understanding the structure of a complete
e-commerce system
4
Elements of an e-commerce system

• Storefront
• Internal order processing
• Payment system(s)
• Line-of-business system
• B2B communications

Payment system
Storefront
Backend management system
Order processing
Line-of-business system
B2B
Supplier
B2B
B2B
Supplier
Supplier
5
Elements of an e-commerce system

• The Storefront
• Handles interaction with customers
• Provides retailing functionality
• Essentially processes orders

• Storefront
• Internal order processing
• Payment system(s)
• Line-of-business system
• B2B communications

6
Elements of an e-commerce system

• Internal order processing
• Determines if users can purchase goods
• Performs all calculations to determine cost of
  goods to customers

• Storefront
• Internal order processing
• Payment system(s)
• Line-of-business system
• B2B communications

7
Elements of an e-commerce system

• Payment System(s)
• Charge the user for the goods received
• Usually require some form of electronic
  verification
• May be different from credit cards

• Storefront
• Internal order processing
• Payment system(s)
• Line-of-business system
• B2B communications

8
Elements of an e-commerce system

• Line of business system
• Interfaces the store with its suppliers and
  warehouses
• Takes care of availability and shipments
• May or may not be real-time

• Storefront
• Internal order processing
• Payment system(s)
• Line-of-business system
• B2B communications

9
Elements of an e-commerce system

• B2B communications
• Handle communications between two e-commerce
  systems
• Perform translation, transmission and receipt
  confirmation of data

• Storefront
• Internal order processing
• Payment system(s)
• Line-of-business system
• B2B communications

10
Designing an e-commerce infrastructure
11
Getting started

• Identify your goals
• What services are provided?
• Inventory
• Catalogue
• Shipment
• Billing

12
Getting started

• Identify your goals
• What data will be transmitted?
• Order information
• Product information
• Inventory reports
• What format will be used?
• What medium will be used?
• Should the data be encrypted?

13
Designing the system

• Make sure that you can handle your traffic
• Early planning for scalability is better
• Identify bottlenecks early on (e.g. transaction
  queuing)
• Create contingency plan for expansion

14
Designing the system

• Develop the basic architecture first
• A B2B system is essentially closed
• Communicates with the outside world through
  exchanges of properly formatted data
• You should design a system that is optimized to
  handle the data in the best format for your
  platform

15
Designing the system

• Understand your communication medium
• Public switched lines are usually very secure and
  do not need encryption
• VANs or the Internet require encryption
• You will usually need to encrypt all data

16
Designing the system

• Understand your partners
• What are the capabilities of your partners?
• What communication media will you need to
  support?
• What encryption systems will you need to support?
• What communication format will you need to
  support?

17
Understanding B2B communications
18
B2B comm essentials

• Two businesses communicate using interchanges
• An interchange is an agglomerate of data
  formatted in a particular way
• The sender must be able to write the format,
  and the receiver must be able to read it
• Neither end must necessarily understand the
  entire format

19
Format of an interchange

• An interchange must be formatted using
  commonly-defined conventions
• The receiver must be able to understand how the
  sender has formatted the data
• The nature of an interchange may be determined in
  two ways
• As part of the interchange
• By means of the medium and/or location used by
  the sender to contact the recipient

20
Encryption

• Encryption is important when security is a
  concern
• Internet communications require security for all
  transmissions
• Even if confidential data is not transmitted,
  alteration may cause damage
• Both ends must be able to understand the
  encryption method
• PKS may not be understood by legacy systems

21
Electronic signing

• Electronic signatures are used to ensure data
  integrity
• An electronic signature essentially behaves as a
  non-alterable redundancy check
• Can be used to determine that the interchange was
  not damaged during transmission
• Can detect tampering attempts during transmission

22
Receipts

• The transmission of an interchange does not
  guarantee its delivery
• If guaranteed delivery is required, the recipient
  should sent out a receipt
• A receipt is simply a separate interchange used
  to acknowledge the delivery of an interchange

23
Receipts

• A good interchange system provides failsafe
  systems
• If a receipt is not received within a certain
  mount of time, the sender should resend the
  interchange
• Similarly, the recipient should be able to
  determine whether an interchange is a duplicate
  of a previously sent one and simply acknowledge
  its delivery without processing it.

24
Receipts

• Receipts should not be acknowledged
• The delivery of a receipt is meaningless if the
  appropriate failsafe procedures are in place
• Acknowledging the delivery of a receipt can cause
  an infinite loop!

25
A few words about EDI

• Electronic Data Interchange (EDI) is a worldwide
  standard for data interchange
• It is a very complex standard
• At least two different variations of the standard
  exist
• Several sub-variants of the standard are defined,
  one for each possible situation

26
A few words about EDI

• You will only need to implement EDI if your
  partners require you to
• Many companies have invested heavily in EDI
• These companies will be less likely to move to
  newer systems
• Moving to EDI can be expensive
• Complexity requires significant resources

27
Designing and implementing Interchanges
28
Site Server as a B2B comm system

• SSCE contains a complete interchange system in
  the Commerce Interchange Pipeline
• The CIP is completely self-contained and protocol
  agnostic
• There is no requirement for using a particular
  transmission medium or interchange protocol

29
SSCE and EDI

• You dont need EDI if you have SSCE!
• If your entire e-commerce system revolves around
  SSCE, you can create your own interchange format
• This will help lower the development cost and
  increase the overall efficiency of your system
• New partners will also be more likely to adopt
  your system because it will be less expensive to
  implement on their end

30
Structure of the CIP

• The CIP contains two pipelines
• The Transmit pipeline is used to generate an
  interchange and transmit it
• The Receive pipeline is used to interpret the
  interchange and act on it
• Both pipelines can also be used to send and
  elaborate a receipt

31
The transmit pipeline

• Used to generate an interchange
• Works by progressively converting the information
  in the pipelines dictionary into the desired
  format
• Also adds any required information (I.e.
  encryption, signature, etc.)

32
The transmit pipeline

• Map stage
• Used to translate values in the dictionary into
  the format in which they will be sent
• XML
• Plain text
• Comma/Tab delimited

Map
Add Header
Digitally Sign
Encrypt
Audit
Transport
33
The transmit pipeline

• Add Header stage
• Optionally adds a header to the mapped
  information
• Can be used to specify the type of exchange, as
  well as other data (e.g. transaction ID, receipt
  request, timestamp, etc.)

Map
Add Header
Digitally Sign
Encrypt
Audit
Transport
34
The transmit pipeline

• Digitally Sign stage
• Used to add a digital signature to the
  interchange
• Built-in components use the CryptoAPI
• As long as the same encryption protocols are
  supported, the CryptoAPI is not needed at both
  ends

Map
Add Header
Digitally Sign
Encrypt
Audit
Transport
35
The transmit pipeline

• Audit stage
• Used to store a record of the pipelines
  execution (a.k.a. audit data)
• Can be used to match receipts, calculate timeouts
  and as a permanent copy of the interchange

Map
Add Header
Digitally Sign
Encrypt
Audit
Transport
36
The transmit pipeline

• Audit stage
• Usually writes to a database
• You must provide your own housecleaning
  procedures
• Redundancy should be provided in case of database
  failure

Map
Add Header
Digitally Sign
Encrypt
Audit
Transport
37
The transmit pipeline

• Transport stage
• Used to actually transmit the interchange
• Built-in component support various media
• HTTP
• SMTP
• DCOM

Map
Add Header
Digitally Sign
Encrypt
Audit
Transport
38
The transmit pipeline

• Transport stage
• COM extensibility ensure the possibility of using
  any medium

Map
Add Header
Digitally Sign
Encrypt
Audit
Transport
39
The receive pipeline

• Used when an interchange is delivered
• Performs the same steps of the Transmit pipeline,
  only in reverse order
• Is usually invoked in response to a request by a
  Transmit pipeline

Decrypt
Verify Digital Signature
Open header
Generate receipt
Map
Audit
Application Integration
40
The receive pipeline

• Decrypt stage
• If the exchange is encrypted, it should be
  decrypted here
• Built-in components use the CryptoAPI, but do not
  require the API to be at the other end

Decrypt
Verify Digital Signature
Open header
Generate receipt
Map
Audit
Application Integration
41
The receive pipeline

• Verify Digital Signature stage
• Used to determine the interchanges integrity
• If the digital signature is corrupted, the
  interchange should be discharged
• If a timeout failsafe system is in place, the
  sender will resend it

Decrypt
Verify Digital Signature
Open header
Generate receipt
Map
Audit
Application Integration
42
The receive pipeline

• Open Header stage
• Used to interpret the interchanges header
• Checks for duplicate interchanges should be done
  here.
• If a duplicate is found, the interchange is
  discarded but a receipt is sent anyway

Decrypt
Verify Digital Signature
Open header
Generate receipt
Map
Audit
Application Integration
43
The receive pipeline

• Generate Receipt stage
• Receipts should be generated and sent in this
  stage
• A receipt is usually generated by instantiating
  and executing a separate Transmit pipeline

Decrypt
Verify Digital Signature
Open header
Generate receipt
Map
Audit
Application Integration
44
The receive pipeline

• Map stage
• Used to un-map the information from the
  interchange into the pipelines dictionary

Decrypt
Verify Digital Signature
Open header
Generate receipt
Map
Audit
Application Integration
45
The receive pipeline

• Audit stage
• Used to generate audit records for the
  interchange received
• Useful to identify duplicate interchanges

Decrypt
Verify Digital Signature
Open header
Generate receipt
Map
Audit
Application Integration
46
The receive pipeline

• Application integration stage
• Application-specific actions are performed here.
  For example
• Running external processes
• Executing other pipelines
• Generating responses to the interchange

Decrypt
Verify Digital Signature
Open header
Generate receipt
Map
Audit
Application Integration
47
Sequence of operations

• An interchange always has only two partners
• The sender and the recipient can be two different
  systems, but
• They must be able to reach each other
• They must use a communication system they both
  understand

Sender
Recipient
48
Sequence of operations

• Step 1
• The Sender generates and sends the interchange to
  the Recipient
• The Sender also saves a copy of the interchange
  in its audit database and sets a timeout
• The Sender does not know whether the transmission
  was successful

Sender
Recipient
49
Sequence of operations

• Step 2
• The Recipient receives the interchange and
  elaborates it
• The Recipient records the interchange in its
  audit database
• A Receipt is generated and sent back to the Sender

Sender
Recipient
50
Sequence of operations

• Step 3
• The Sender receives the receipt and flags its
  audit database so that the interchange is complete

Sender
Recipient
51
Sequence of operations

• Failsafe system
• If the transmission of the interchange is not
  successful, the Recipient will not send back a
  receipt
• If the Sender does not receive a receipt within a
  certain time frame, it will resend the
  interchange
• In that case, the same interchange ID is used.
  This prevents a transmission error in the receipt
  from causing problems

Sender
X
Recipient
52
A few suggestions

• Choose the right communication method
• HTTP and DCOM are synchronous
• You will need to wait for the transmission to be
  over before returning from the pipeline
• SMTP is asynchronous
• You will however need to use Microsoft Exchange

53
A few suggestions

• Keep your design flexible
• Never write a pipeline that is tied to a specific
  transmission, interchange or encryption protocol
• If youre developing your own pipeline
  components, dont specialize but generalize
  their scope

54
A few suggestions

• To avoid simple mistakes
• If you are encrypting or digitally signing your
  pipelines, make sure that the same encryption
  method is available at both ends
• If you are using digital certificates, make sure
  theyre installed at both ends

55
A few suggestions

• To avoid simple mistakes
• Never reply to an interchange that contains a
  receipt
• It might help to write your own receipt receive
  pipeline

56
Live test!
57
Applause