Title: Creating a backend framework using Site Server 3'0
1Creating a backend framework using Site Server 3.0
- Presented by Marco Tabini
2Goals
- Understanding the structure of a complete
e-commerce system - Designing an e-commerce infrastructure
- Understanding business-to-business communications
- Designing and implementing interchanges
3Understanding the structure of a complete
e-commerce system
4Elements of an e-commerce system
- Storefront
- Internal order processing
- Payment system(s)
- Line-of-business system
- B2B communications
Payment system
Storefront
Backend management system
Order processing
Line-of-business system
B2B
Supplier
B2B
B2B
Supplier
Supplier
5Elements of an e-commerce system
- The Storefront
- Handles interaction with customers
- Provides retailing functionality
- Essentially processes orders
- Storefront
- Internal order processing
- Payment system(s)
- Line-of-business system
- B2B communications
6Elements of an e-commerce system
- Internal order processing
- Determines if users can purchase goods
- Performs all calculations to determine cost of
goods to customers
- Storefront
- Internal order processing
- Payment system(s)
- Line-of-business system
- B2B communications
7Elements of an e-commerce system
- Payment System(s)
- Charge the user for the goods received
- Usually require some form of electronic
verification - May be different from credit cards
- Storefront
- Internal order processing
- Payment system(s)
- Line-of-business system
- B2B communications
8Elements of an e-commerce system
- Line of business system
- Interfaces the store with its suppliers and
warehouses - Takes care of availability and shipments
- May or may not be real-time
- Storefront
- Internal order processing
- Payment system(s)
- Line-of-business system
- B2B communications
9Elements of an e-commerce system
- B2B communications
- Handle communications between two e-commerce
systems - Perform translation, transmission and receipt
confirmation of data
- Storefront
- Internal order processing
- Payment system(s)
- Line-of-business system
- B2B communications
10Designing an e-commerce infrastructure
11Getting started
- Identify your goals
- What services are provided?
- Inventory
- Catalogue
- Shipment
- Billing
12Getting started
- Identify your goals
- What data will be transmitted?
- Order information
- Product information
- Inventory reports
- What format will be used?
- What medium will be used?
- Should the data be encrypted?
13Designing the system
- Make sure that you can handle your traffic
- Early planning for scalability is better
- Identify bottlenecks early on (e.g. transaction
queuing) - Create contingency plan for expansion
14Designing the system
- Develop the basic architecture first
- A B2B system is essentially closed
- Communicates with the outside world through
exchanges of properly formatted data - You should design a system that is optimized to
handle the data in the best format for your
platform
15Designing the system
- Understand your communication medium
- Public switched lines are usually very secure and
do not need encryption - VANs or the Internet require encryption
- You will usually need to encrypt all data
16Designing the system
- Understand your partners
- What are the capabilities of your partners?
- What communication media will you need to
support? - What encryption systems will you need to support?
- What communication format will you need to
support?
17Understanding B2B communications
18B2B comm essentials
- Two businesses communicate using interchanges
- An interchange is an agglomerate of data
formatted in a particular way - The sender must be able to write the format,
and the receiver must be able to read it - Neither end must necessarily understand the
entire format
19Format of an interchange
- An interchange must be formatted using
commonly-defined conventions - The receiver must be able to understand how the
sender has formatted the data - The nature of an interchange may be determined in
two ways - As part of the interchange
- By means of the medium and/or location used by
the sender to contact the recipient
20Encryption
- Encryption is important when security is a
concern - Internet communications require security for all
transmissions - Even if confidential data is not transmitted,
alteration may cause damage - Both ends must be able to understand the
encryption method - PKS may not be understood by legacy systems
21Electronic signing
- Electronic signatures are used to ensure data
integrity - An electronic signature essentially behaves as a
non-alterable redundancy check - Can be used to determine that the interchange was
not damaged during transmission - Can detect tampering attempts during transmission
22Receipts
- The transmission of an interchange does not
guarantee its delivery - If guaranteed delivery is required, the recipient
should sent out a receipt - A receipt is simply a separate interchange used
to acknowledge the delivery of an interchange
23Receipts
- A good interchange system provides failsafe
systems - If a receipt is not received within a certain
mount of time, the sender should resend the
interchange - Similarly, the recipient should be able to
determine whether an interchange is a duplicate
of a previously sent one and simply acknowledge
its delivery without processing it.
24Receipts
- Receipts should not be acknowledged
- The delivery of a receipt is meaningless if the
appropriate failsafe procedures are in place - Acknowledging the delivery of a receipt can cause
an infinite loop!
25A few words about EDI
- Electronic Data Interchange (EDI) is a worldwide
standard for data interchange - It is a very complex standard
- At least two different variations of the standard
exist - Several sub-variants of the standard are defined,
one for each possible situation
26A few words about EDI
- You will only need to implement EDI if your
partners require you to - Many companies have invested heavily in EDI
- These companies will be less likely to move to
newer systems - Moving to EDI can be expensive
- Complexity requires significant resources
27Designing and implementing Interchanges
28Site Server as a B2B comm system
- SSCE contains a complete interchange system in
the Commerce Interchange Pipeline - The CIP is completely self-contained and protocol
agnostic - There is no requirement for using a particular
transmission medium or interchange protocol
29SSCE and EDI
- You dont need EDI if you have SSCE!
- If your entire e-commerce system revolves around
SSCE, you can create your own interchange format - This will help lower the development cost and
increase the overall efficiency of your system - New partners will also be more likely to adopt
your system because it will be less expensive to
implement on their end
30Structure of the CIP
- The CIP contains two pipelines
- The Transmit pipeline is used to generate an
interchange and transmit it - The Receive pipeline is used to interpret the
interchange and act on it - Both pipelines can also be used to send and
elaborate a receipt
31The transmit pipeline
- Used to generate an interchange
- Works by progressively converting the information
in the pipelines dictionary into the desired
format - Also adds any required information (I.e.
encryption, signature, etc.)
32The transmit pipeline
- Map stage
- Used to translate values in the dictionary into
the format in which they will be sent - XML
- Plain text
- Comma/Tab delimited
Map
Add Header
Digitally Sign
Encrypt
Audit
Transport
33The transmit pipeline
- Add Header stage
- Optionally adds a header to the mapped
information - Can be used to specify the type of exchange, as
well as other data (e.g. transaction ID, receipt
request, timestamp, etc.)
Map
Add Header
Digitally Sign
Encrypt
Audit
Transport
34The transmit pipeline
- Digitally Sign stage
- Used to add a digital signature to the
interchange - Built-in components use the CryptoAPI
- As long as the same encryption protocols are
supported, the CryptoAPI is not needed at both
ends
Map
Add Header
Digitally Sign
Encrypt
Audit
Transport
35The transmit pipeline
- Audit stage
- Used to store a record of the pipelines
execution (a.k.a. audit data) - Can be used to match receipts, calculate timeouts
and as a permanent copy of the interchange
Map
Add Header
Digitally Sign
Encrypt
Audit
Transport
36The transmit pipeline
- Audit stage
- Usually writes to a database
- You must provide your own housecleaning
procedures - Redundancy should be provided in case of database
failure
Map
Add Header
Digitally Sign
Encrypt
Audit
Transport
37The transmit pipeline
- Transport stage
- Used to actually transmit the interchange
- Built-in component support various media
- HTTP
- SMTP
- DCOM
Map
Add Header
Digitally Sign
Encrypt
Audit
Transport
38The transmit pipeline
- Transport stage
- COM extensibility ensure the possibility of using
any medium
Map
Add Header
Digitally Sign
Encrypt
Audit
Transport
39The receive pipeline
- Used when an interchange is delivered
- Performs the same steps of the Transmit pipeline,
only in reverse order - Is usually invoked in response to a request by a
Transmit pipeline
Decrypt
Verify Digital Signature
Open header
Generate receipt
Map
Audit
Application Integration
40The receive pipeline
- Decrypt stage
- If the exchange is encrypted, it should be
decrypted here - Built-in components use the CryptoAPI, but do not
require the API to be at the other end
Decrypt
Verify Digital Signature
Open header
Generate receipt
Map
Audit
Application Integration
41The receive pipeline
- Verify Digital Signature stage
- Used to determine the interchanges integrity
- If the digital signature is corrupted, the
interchange should be discharged - If a timeout failsafe system is in place, the
sender will resend it
Decrypt
Verify Digital Signature
Open header
Generate receipt
Map
Audit
Application Integration
42The receive pipeline
- Open Header stage
- Used to interpret the interchanges header
- Checks for duplicate interchanges should be done
here. - If a duplicate is found, the interchange is
discarded but a receipt is sent anyway
Decrypt
Verify Digital Signature
Open header
Generate receipt
Map
Audit
Application Integration
43The receive pipeline
- Generate Receipt stage
- Receipts should be generated and sent in this
stage - A receipt is usually generated by instantiating
and executing a separate Transmit pipeline
Decrypt
Verify Digital Signature
Open header
Generate receipt
Map
Audit
Application Integration
44The receive pipeline
- Map stage
- Used to un-map the information from the
interchange into the pipelines dictionary
Decrypt
Verify Digital Signature
Open header
Generate receipt
Map
Audit
Application Integration
45The receive pipeline
- Audit stage
- Used to generate audit records for the
interchange received - Useful to identify duplicate interchanges
Decrypt
Verify Digital Signature
Open header
Generate receipt
Map
Audit
Application Integration
46The receive pipeline
- Application integration stage
- Application-specific actions are performed here.
For example - Running external processes
- Executing other pipelines
- Generating responses to the interchange
Decrypt
Verify Digital Signature
Open header
Generate receipt
Map
Audit
Application Integration
47Sequence of operations
- An interchange always has only two partners
- The sender and the recipient can be two different
systems, but - They must be able to reach each other
- They must use a communication system they both
understand
Sender
Recipient
48Sequence of operations
- Step 1
- The Sender generates and sends the interchange to
the Recipient - The Sender also saves a copy of the interchange
in its audit database and sets a timeout - The Sender does not know whether the transmission
was successful
Sender
Recipient
49Sequence of operations
- Step 2
- The Recipient receives the interchange and
elaborates it - The Recipient records the interchange in its
audit database - A Receipt is generated and sent back to the Sender
Sender
Recipient
50Sequence of operations
- Step 3
- The Sender receives the receipt and flags its
audit database so that the interchange is complete
Sender
Recipient
51Sequence of operations
- Failsafe system
- If the transmission of the interchange is not
successful, the Recipient will not send back a
receipt - If the Sender does not receive a receipt within a
certain time frame, it will resend the
interchange - In that case, the same interchange ID is used.
This prevents a transmission error in the receipt
from causing problems
Sender
X
Recipient
52A few suggestions
- Choose the right communication method
- HTTP and DCOM are synchronous
- You will need to wait for the transmission to be
over before returning from the pipeline - SMTP is asynchronous
- You will however need to use Microsoft Exchange
53A few suggestions
- Keep your design flexible
- Never write a pipeline that is tied to a specific
transmission, interchange or encryption protocol - If youre developing your own pipeline
components, dont specialize but generalize
their scope
54A few suggestions
- To avoid simple mistakes
- If you are encrypting or digitally signing your
pipelines, make sure that the same encryption
method is available at both ends - If you are using digital certificates, make sure
theyre installed at both ends
55A few suggestions
- To avoid simple mistakes
- Never reply to an interchange that contains a
receipt - It might help to write your own receipt receive
pipeline
56Live test!
57Applause