Session Number: 7

1
Internet Supply Chain Management ECT 581
Winter 2003
Session Number 7

• Session Date February 18, 2003
• Session Outline
• Midterm Exam
• Administrative Items
• Session Topics
• Middleware (continued)
• Message-oriented Middleware
• MSMQ
• A Few Notes on Security

2
Administrative Items

• Midterm Exam
• Project Q A

3
Message Queuing MOM - MSMQ Concepts
4
MSMQ - Key Components
5
MSMQ Message Queuing MOM - Mission Critical
Terminology

• Message a unit of information exchanged by MSMQ
  applications.
• Queue a temporary storage medium that stores
  messages passed between applications.
• Queue manager the process that manages the
  queues on a host processor.
• Transaction a logical unit of work that
  comprises one or more operations that all succeed
  or all fail.

6
MSMQ Mission Critical Terminology (continued)

• MSMQ Information Store (MQIS) - maintains
  information about the MSMQ environment, including
  users, machines, public queues, the network
  configuration, etc.
• MSMQ servers - processors that perform queue
  management, message routing tasks maintain
  MQIS information.
• MSMQ independent clients - machines (or
  processes) that perform operations, such as
  sending/receiving messages, creating/destroying
  private queues.
• MSMQ dependent clients - machines that rely on an
  MSMQ server for all operations.

7
MSMQ Mission Critical Terminology (continued)

• Source machine - MSMQ independent client that
  sends a message.
• Target queue - the queue to which a message is to
  be sent.
• Destination machine - MSMQ independent client or
  server where the messages target resides.
• Sender - an MSMQ application that places messages
  in a queue.

8
MSMQ Mission Critical Terminology (continued)

• Receiver - an MSMQ application that removes
  messages from a queue.
• Store-and-forward - general message processing
  protocol provided by MSMQ as a message is
  transferred between queue managers.
• Message Routing - the process by which a message
  is sent.

9
MSMQ Concepts - Messages

• Message properties can be defined to control
  several messages characteristics including
• Message security,
• Source and destination info,
• Labeling, and
• Time-to-live
• Three types of messages supported
• Express messages stored in memory until they
  can be delivered.
• Recoverable messages not lost if a machine or
  queue crashes.
• MSMQ also supports transactional messages.

10
MSMQ Concepts Queues

• Two primary queue types.
• Application queues - used by MSMQ applications.
• System queues - created and used only by MSMQ.
• Application queues can be further segmented.
• Message queues - where messages are sent to and
  received from.
• Public and private queues.
• Response queues - where application response
  messages are placed.
• Transactional and non-transactional queues.
• Administration queues - stores application
  acknowledgement messages.

11
MSMQ Concepts Sending Receiving Messages

• Messages are always sent asynchronously to the
  target queue.
• Sending application resumes processing
  immediately after submitting a message.
• Applications can read messages synchronously or
  asynchronously.
• You can programmatically create a synchronous
  read process
• (i.e., make your application wait until a message
  is available to begin processing).
• Receiving application has the option to
• Remove the message from the queue, or
• Inspect (Peek) the message while leaving it in
  the queue.
• MSMQ implements message authentication,
  integrity, and encryption.
• Uses globally unique identifiers (GUIDs)

12
MSMQ Architecture

• Messages are kept in queues

MSMQ

• Queues are managed by queue managers

• Applications access MSMQ via a simple client API

Machine 1

• MSMQ enables program-to-program message queuing

13
Example Transaction Number 1
Machine 1
MTS
ActiveX Component
SQL update MSMQ send
RDBMS 1
MSMQ
API
Queue manager
A
B
C
Sys
Sys

• Update RDBMS1 and send

Msg queues System
14
Transactional Delivery
Machine 1
Machine 2
MSMQ
MSMQ
API
API
Queue manager
Queue manager
A
B
C
Sys
E
F
Sys
Sys
Msg queues System
Msg queues System

• MSMQ forwards the message to M2

15
Transaction Number 3
Machine 1
Machine 2
MTS
ActiveX Component
MSMQ recv SQL Update
RDBMS 2
MSMQ
API
Queue manager
E
F
Sys
Sys
Msg queues System

• Receive message and update RDBMS2

16
MSMQ Implementation Examples

• Stock Brokerage Order Processing
• Requirement for fault tolerant journaling and
  retrieval of order info.
• MSMQ mitigates risk of lost or duplicated
  records.
• Insurance Remote Workforce Communications
• Remote agents required to communicate back to
  central office several times daily.
• MSMQ enables buildup and end-of-day
  reconciliation of field messages.
• Retail Operations Order Processing
• Parallel processing requirement in order
  processing scenario.
• MSMQ enables simultaneous determination of item
  availability and customer credit.
• HMO/PPO merger
• Cross-platform and legacy system integration
  requirement.
• Message queuing provides communication between
  heterogeneous platforms.

17
MSMQ Design Considerations

• Determine the following related to data
  processing and movement.
• Where is the data going?
• Who is the recipient of the data?
• How is the data going to get there?

18
MSMQ Design Considerations

• Two commonly used messaging models
• Request/Reply
• Enables requesting application to state the name
  of the queue to which the reply will be sent.
• Server can receive and process requests without
  needing to have knowledge of message routing.
• Example request for bank account info through
  ATM request message sent to a central server for
  processing, server responds with info to
  requesting ATM application.
• Publish/Subscribe
• Publishes info to a general server process.
• Architecture similar to hub spoke topology.
• Central hub is main receiver and distributor of
  info.
• Example international news agencies publishing
  info on global news wires subscribing
  applications pick relevant info, server remains
  agnostic.

Regardless which model is selected, all programs
must operate in a manner to reliably correlate
requests with replies.
19
MSMQ Design Considerations How MSMQ Correlates
Requests Replies

• MSMQ uses two properties to match requests and
  replies
• Message ID generated by MSMQ set when a
  message is created.
• Correlation ID can be set by a program.
• Note Both are globally unique identifiers
  (GUIDs) unique to your computer across every
• computer on the planet. A significant security
  measure!
• MSMQs Request/Reply Correlation Process
• When request is built, requesting app leaves both
  message and correlation ID fields blanks.
• MSMQ receives message, generates unique ID, and
  returns ID to requesting app.
• Responding (receiver) app receives requests,
  builds reply, MSMQ generates a unique ID for the
  reply, and responding app loads the initial
  message ID into the replys correlation ID
  property.
• Reply message is then sent to its intended
  destination.
• Upon receipt of the reply, initial requesting
  application can determine to which request the
  reply correlates.

20
MSMQ Application Model Summary

• Sender
• Opens a queue by name
• Creates message object
• Sets attributes such as body, timeout, delivery
  mode, response queue name, etc.
• Invokes send method on message object passing
  destination queue as a parameter
• Receiver
• Opens a queue by name
• Receives a message (or Peeks at a message)
• Sends any required response messages

21
MSMQ Application Development Sending a Message

• Required Objects
• MSMQQueueInfo use the open method to open the
  queue.
• MSMQMessage use the send method to transmit the
  message.
• MSMQQueue use the close method to close the
  queue.
• Steps
• Open the queue.
• Create the message
• Send the message.
• Close the queue.

22
A Few Notes on Security..
23
Basic Security Tenets

• Confidentiality assuring that the data is seen
  only by authorized viewers.
• Integrity assuring that the extranet
  information is accurate and that it cannot be
  altered accidentally or deliberately.
• Availability ensure immediate and continuous
  access to the extranet information, 24 hours per
  day, 7 days a week, 365 days per year.

24
Building a Security Program

• Three Major Steps
• Threat assessment
• Vulnerability analysis
• Design and implementation of security measures

25
Building a Security Program Detailed Process

• Identify assets including processors, data, and
  network components.
• Analyze security risks.
• Analyze security requirements and tradeoffs.
• Develop a security plan identifying measures to
  be deployed.
• Define a security policy.
• Develop procedures for applying security
  policies.
• Develop a technical implementation strategy.
• Achieve buy-in from users, managers, and
  technical staff.
• Train users, managers, and technical staff.
• Implement the technical strategy and security
  procedures.
• Test the security program and update it if any
  problems are found.
• Maintain security by scheduling periodic
  independent audits, reading of audit logs,
  responding to incidents, continuing to train and
  test, etc.

26
Security Measure or Protection Mechanisms

• Authentication
• Authorization or Access Control
• Accounting (Auditing)
• Data Integrity
• Data Confidentiality
• Policies
• Education
• Security through Obscurity (If They Dont Ask,
  Dont Tell)

27
Widely Used Security Techniques

• Certificates Cryptography for ensuring data
  integrity and for authentication
• Firewalls for controlling access to vital and
  sensitive resources.
• Non-repudiation

28
Next Session Highlights

• Middleware (continued)
• Security VPNs
• Next Session Reading Assignment
• Chapters 3 4 of Fitzgerald text.
• Recommended Article via Class Web Site
• VPN Overview
• FYI Article via Class Web Site
• Security Threat Report
• Highly Recommended Web site links
• PKI Tutorial