The Plan of Implementing a B2B E-Commerce System - Term Paper Example

REPORT ON STRATEGY OF B2B E-COMMERCE SYSTEM 22 March 2009 Report The Chief ExecutiveOfficer Report from: Subject: Report on the IT components that shall form the B2B E-Commerce System for the organization Writer ID #: 19714 Order No. 282441 [Name] [University Name] [Course Name] [Supervisor] [Any other details] 22 March 2009 Table of Contents: Introduction: This report is presented with respect to the plan of implementing a B2B E-Commerce system for the organization. In this context this report presents a brief on the queries that you had raised and a feasibility study and cost benefit analysis of the project at the end. The report on Web and Application Servers Background: In this report, I present an analysis of Apache, Weblogic, WebSphere, Jakarta-Tomcat, and Internet Information Server (IIS) to answer your query on web & application servers. Detailed Analysis: An E-Commerce application is implemented in three tiers - the front end tier that connects to the users (web server), the middle tier that serves as the application server and the rear tier which is database server (DBMS). The three tier architecture is preferred for high volume transactions - otherwise a two tier architecture comprising of web server and database server is sufficient to run E-Commerce applications. Users connect to the web server and send requests to the DBMS for information retrieval. The application server that sits at the middle tier takes requests from the web server, looks up into the DBMS and then processes the information to be fed back to the web server which is visible to the user through a session with the server. Tomcat, Weblogic, and WebSphere are application servers whereas Internet Information Server (IIS) and Apache are web servers. Out of these Apache and Tomcat are free software and the others are paid. In terms of functionality and performance, all servers are similar - it is the software level configurations and hardware specifications that matter. [Liu, Xue and Heo, Jin et al. 2005] Justification: Given that we are just starting the implementation of E-Commerce, it may be advisable that we first start with two tier architecture and then gradually migrate to three tier architecture if the volume of transactions increases. Moreover, choice of the web & application servers will depend upon the technical compatibility aspects of the E-Business package that we shall select in due course. Support & maintainability will be a primary concern and hence we shall favour the platform that is better supported by vendors in our region. The report on Database Management Systems Background: The backend tier needs to be a database management system (DBMS) that shall hold all the information & data pertaining to the E-Business application. In this context, an analysis of MySQL, Oracle and Microsoft SQL Server is presented herewith. Detailed Analysis: MySQL is a freeware and the other two are paid DBMS software. I have studied the comparison between Oracle and MySQL from the perspective of main DBMS features - Data Types, Tables, Indexing, views, synonyms, sequences, Data Definition & Modification language, stored procedures, triggers, functions, XML compatibility, transactional capabilities, security, auditing, replication and clustering. Most of the features of Oracle are available in MySQL current versions. However, few critical features, like two way replications, high availability clustering, hot backups, role based security (grouping of users into roles before assigning privileges) and partial rollback (partial backing out of erroneous transactions) are not supported by MySQL. Given that this is an open source software, further releases can always have these features added. However, one aspect should be kept in mind that the engineering behind Oracle DBMS is the result of decades of competency development of Oracle which is unmatchable, even by nearest competitors like Microsoft that is relatively new in this field. Hence, my first recommendation is that we should not go for MySQL as our choice and the second recommendation is that we should select Oracle over Microsoft SQL Server. [Petri, Gregg. 2005] Justification: Given that we are planning to implement a business critical application system, we should not look forward to one time cost saving that may become a serious problem as we productionize the system for our business transactions. Security, Auditing, Reliability and High Availability are key considerations for our business which cannot be guaranteed by MySQL even if the technical features are released in the subsequent versions. We require a large powerful company to be accountable for our security and high availability needs and Oracle can be an excellent choice in this context. Their software comes at a premium and is more expensive than Microsoft SQL Server as well. But looking into their long & successful track record I recommend Oracle. The report on Firewalls Background: In this report, I present to you the functionality of Firewall, its configuration options and a balanced security approach. Detailed Analysis: Our Information technology systems are categorised in a hierarchical model that is popularly known as OSI seven layer model. This model represents the different levels of interactions in an IT environment when applications are running our business. The layers are called (bottom to top) - Physical, Data-Link, Network, Transport, Session, Presentation and Application that have their own interfacing standards/technologies operating within the IT environment. In this hierarchy, the interactions at the higher layers occur over the foundation of lower layers. Among these layers, there are two layers that are highly vulnerable to external attacks - the network layer (3rd layer) and the transport layer (4th layer). The network layer uses an addressing scheme, called IP (Internet Protocol) addressing, for internal client-server interactions as well as for interactions with the external world. This addressing scheme is a standard across the world letting all the computers across the world interact seamlessly through the Internet but also is the cause of threats. The network layer works very closely with the transport layer that again uses standard protocols (called TCP & UDP) for establishing of sessions among computers. These again are standards across the world and hence are vulnerable to malicious activities by intruders. A firewall (to be specific, Stateful inspection firewall that secures both these layers) uses a combination of carefully defined rules pertaining to these two layers such that intrusion doesn't become easy. The rules are based on permitted sources & destinations such that all others (non-permitted) are denied access. The TCP & UDP protocols (as they are called technically) operate on isolated session channels that are identified by numbers (called port numbers). For a source to connect to a destination, such channels (you may view them as passages for information transfer) need to be open. The identification numbers are standard depending upon the application services. For example, the file transfer service works on port number 21 and our E-Mail system works on port number 25. The firewall can open & shut such channels (commonly called open and shutting of ports) and can allow selected sources (IP addresses) to use these channels and talk to selected destinations (IP addresses). Further to this, the rules can be established for inbound as well as outbound connections separately. In the less restrictive configurations, fewer rules are deployed - for example the channels may be opened selectively but source & destination restrictions are not deployed. In more restrictive configurations, too many rules are deployed that may allow only selected source machines to connect to selected destination machines through selected channels only. There are some modern security devices that can even open the packets (units forming the entire traffic of a session) and judge if the session is of a genuine application service as allowed by that channel or else is an attack through the open channels. These are called adaptive security appliances. In our plan, we shall deploy less restrictive configurations but will prefer adaptive security appliances that can carry out deep packet inspections. [Wack, John and Cutler, ken et al. 2002] Justification: The E-Business application will require access to Internet and hence more restrictive configurations may not be suitable for us. We can selectively allow source machines from our customers to connect to our servers but this will require too many interactions & agreements among our IT departments. This may become a reason for customers perceiving us to be paranoid about security at the cost of reduced customer services. Also, too restrictive policies at times result in collateral damage to useful business traffic. Hence, we will open the http and https ports (the Internet channels at transport layer - http is for clean text transfer and https is for encrypted transfer) without source and destination level restrictions. Also, deep packet inspections of adaptive security appliances may help us to deploy more security by protecting us against attacks through open channels. The report on Cryptographic Software Background: In this report, I present to you a brief about cryptography and how the same can be applicable for our E-Business application. In this context, I shall present details of PGP and IPSec. Detailed Analysis: I presented the hierarchical model of interactions in an IT environment comprising of seven layers. The layers above data-link layer (2nd layer) can ensure additional security mechanisms by using cryptography. Cryptography essentially involves addition of junk in useful information in a pattern that is known only to the source and destination such that the destination can remove the junk and retrieve back the useful information. Any attacker capturing the traffic in between will not know the pattern of junk addition and hence will not be able to retrieve the useful information. PGP works at the application layer (7th layer) for messaging and IPSec works at network layer (3rd layer) and hence we may require both. PGP also facilitates provision of the cryptographic keys (pattern of adding & removing the junk) by globally recognised third parties like Verisign that are trusted and hence the end users will be confident about the security of our E-Commerce application. This facility allows the digital signatures feature of PGP to be accepted as legal by both the parties signing contracts, agreements, etc. In addition, we can also deploy another technology called Secured Sockets Layer using keys provided by trusted certification authorities such that payment gateways can be established. Such a technology can help our customer to directly pay money into our bank accounts on-line within minutes which otherwise takes days to realise in our accounts through checks & wire transfers. [Gerck, Ed. 2000] Justification: Security is one of our primary concerns because we shall be transferring confidential files (like agreements, product details, quotes, purchase orders, payment details, etc) over the E-Commerce application and hence I propose that we implement PGP, SSL and IPSec cryptographic technologies to achieve better confidence by our customers in our security. Also, we can implement on-line agreements and payment gateway systems that shall reduce cost of execution of such transactions. The report Feasibility Study and Cost Benefit Analysis Background: In this part of the report, I hereby present the feasibility of our E-Business application and its cost benefit analysis in line with our business requirements. Detailed Analysis: Our business requires a lot of international interactions given that customers in US and China are very interested in our products. The interactions are carried out through E-Mail and critical documents (like PO, Agreements, pay orders, are sent through courier in hard copy given that the current E-mail system doesn't possess the desired security. Also, on-line interactions with customers are not possible in the current context. The scanned copies of the orders come by E-mail but cannot be processed unless the hard copies arrive with physical signatures. Also, the process of agreement takes a long time because the papers are couriered multiple times to & fro and the current E-Mail system is not secured enough to traverse even the draft terms of agreements. The payments take longer time as well because check & wire transfers take many days till payments are realised in our banks. Manual transactions also result in higher commission payments. Once orders are accepted and payments are received, we can let our customers track the deliveries of their orders and history of transactions through their respective logins into our E-Business system. The details of customers possessing accounts on our system shall be populated in a separate database called Customer Database that may gradually mature into a Customer Relationship Management system in longer term. Thereby, in addition to processing business transactions, we can also run focused marketing campaigns among our customers that possess accounts on our system. [Riggins, Frederick and Rhee, Hyeun-Suk. 1998; Chang, Kuo-chung and Jackson, Joyce et al. 2003] I propose that the entire infrastructure of E-Business system be managed in-house to ensure better manageability and security. I propose the following costing of E-Business Infrastructure (estimated only): S.No. Description Tentative costing Costing Type 1 In house Hardware Infrastructure - Servers, Network components and Storage $50000 One-Time 2 Data center costs - space, air-conditioning, power $30000 One-Time 3 Recurring cost of managing servers and data center - Power, AC, maintenance contracts, etc. $5000 Recurring per month 4 Internet Connectivity rentals $10000 Recurring per annum 5 Two personnel for application support, DBA activities and network support $10000 Recurring per month 6 Software costs - E-Business Application and Oracle DBMS $100000 One time 7 Software maintenance cost $10000 Recurring per annum 8 Security costs (PGP, SSL, Firewalls, etc.) - one time $10000 One time 9 Security Costs - recurring $5000 Recurring Cost Benefit Analysis: The following reduction in costs and increased business should be tracked to calculate return on investment: (a) Reduction of cost of communication mailers (b) Reduction of cost of long distance telephone expenses (c) Interest achievements at standard bank rates due to faster realization of payments (d) Reduction of bank commissions (e) Increase in number of orders (f) Increase in number of orders processed per week (thus calculate reduction in order processing costs) In addition to tangible benefits, we should also put a valuation to acquisition of assets like Customer Equity, Customer Lifetime Value (to be measured by improved customer satisfaction and retention), and Intellectual Properties. [Ricker, Fred. R. and Kalakota, Ravi. 1999; Liu, Xue and Heo, Jin et al. 2005] Justification: The feasibility and cost benefit analysis is presented herewith to justify our investments in an E-Business system. It is important to plan the measurement of our return on investments such that the justification of having such a system can be tangibly demonstrated. Conclusion: In this report I presented clarifications on some of the key components of the E-Business system, feasibility analysis and cost benefit analysis of the proposed E-Business system. This is a first hand report that needs to be developed further by getting estimates from the vendors that shall potentially help us in implementing such a system successfully. Reference List: Chang, Kuo-chung and Jackson, Joyce et al. (2003). E-Commerce and Corporate Strategy - an executive perspective. Journal of Information and Management. Vol. 40. Elsevier. pp663-668. Epstein, Marc J. (2005). Implementing Successful E-Commerce Strategies. Strategic Finance. pp24-28. Gerck, Ed. (2000). Overview of certification systems - X.509, PKIX, CA, PGP and SKIP. The Bell Laboratories. 2000. Liu, Xue and Heo, Jin et al. (2005). Modelling 3-tiered Web Applications. University of Illinois. pp2. Mokbel, Marzouk S. and Jiajin, Le. (2008). Integrated Security Architecture for Web services, Journal of Theoretical and Applied Information Technology. pp5-7 Petri, Gregg. (2005). A Comparison of Oracle and MySQL. SELECT Journal. pp41-48. Ricker, Fred. R. and Kalakota, Ravi. (1999). Order Fulfillment - the hidden key to E-Commerce Success. Supply Chain Management Review. pp60-70. Riggins, Frederick and Rhee, Hyeun-Suk. (1998). Toward a unified view of Electronic Commerce. Communications of the ACM. Vol. 41. No. 10. pp2-8 Wack, John and Cutler, ken et al. (2002). Guidelines on Firewalls and Firewall Policy. National Institute of Standards and Technology. U.S. Department of Commerce. pp10-18. End of Document Read More