Objective
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Objective as PDF for free.
More details
- Words: 5,154
- Pages: 193
Objective A briefing for the understanding of the value added by the IT Department of a business so that: non-IT managers and staff can effectively collaborate with the IT Department; and CEO of the enterprise can direct the use of Information Technology for the business applications.
Agenda (1) Mission of the IT Department. (2) Value added Services. (3) IT infrastructure for business enterprise.
Agenda (4) Systems security. (5) Exploiting Internet and intranet to enhance business operations and the challenge of integration with partners, vendors and buyers.
Agenda (6) e-business and Application Development. (7) Knowledge management and the use of web parts to create self-service portal.
Agenda (8) Storage Area Network (SAN) and Network Access Systems (NAS). (5)
Business Recovery Process.
(7)
Best Practices.
Agenda (1) Mission of the IT Department. (2) Value added Services. (3) IT infrastructure for business enterprise.
Mission of an IT Department
To provide technology vision and directions for effective use of Information Technology for the group of companies in the business.
To use Information Technology to leverage on Business.
Mission of an IT Department
Mission of Hennepin County Medical Center
Agenda (1) Mission of the IT Department. (2) Value added Services. (3) IT infrastructure for business enterprise.
Value Added services of a Group IT Department
Technology directions and strategies.
Group initiatives on group systems and group procurements.
Knowledge sharing and technology transfer.
Enforcement of policy and group practice.
Value Added services of an IT Department
To provide technical support, establishing and implementing IT process and application development. To enhance business workflow with IT infrastructure, tools, applications, skilled manpower and information management.
Value Added services of an IT Department
Value Added services of an IT Department
Value Added services of an IT Department
Value Added services of an IT Department
Agenda (1) Mission of the IT Department (2) Value added Services. (3) IT infrastructure for business enterprise.
IT infrastructure
CAN, PAN, LAN and WAN.
Wireless LAN :
Security issues Coverage Stability
IT infrastructure Network Type
Wired
LAN PAN
IEEE 802.3(Ethernet) IEEE 1394 USB
MAN
Broadband(DSL, cable)
MAN
Wireless IEEE 802.11X IEEE 802.15.1 IEEE 802.15.3 IEEE 802.15.4 IEEE 802.16
LAN
Wide Area Network Infrastructure Wuhan Shanghai Beijing
China
New Delhi
Mumbai
Singapore
N
E
Medan
Binta mb ps
Frame Relay Cloud
Le as ed Lin e2
India
Pune
s mbp 1 ine L d se Lea
Nan Tong
Indonesia
Padang 12 5 e
Lin d s se kbp a Le
Jakarta
IT infrastructure of a Business Enterprise Roaming Users
Internet
Router
LAN
LAN
Intruder Detection Web server
LAN
Firewall
LAN iPass Server Mail Svr
LANs in overseas
RAS
Router
LAN
LAN at Internet Service Provider
LAN
LAN LAN
Local LANs E-Cop
Router Router Switch Firewall
Firewall
Server
Firewall Switch LAN
LAN at Business Recovery Site
Computer Computer
ComputerComputerComputerServerMainframe Laptop
Computer Laptop
Computer
Minicomputer
LAN at HQ
Computer
Anti-virus svr Computer
Server Server Server
Laptop
Computer
Radius server
Minicomputer
Roaming Users
Wireless LAN of NUS Network Controller
Lapto p
Network Multi-layer Switch
Network Switch Computer
Access Point
Serve r
Network Multi-layer Switch
Network Multi-layer Switch Network Multi-layer Switch
Network Multi-layer Switch
Hand held computer Cell phone
Agenda (4) Systems security. (5) Exploiting Internet and intranet to enhance business operations and the challenge of integration with vendors and buyers.
Source of Security Threat
Security issues :
People Process Technology
Source of Security Threat
Security can be compromised through:
Attack through internet Employee misuse Computer virus Vandalism Denial of services
Aggravation of Security Threat
Multiple connections into corporate network
e-Business operates 7x24
Shortage of security skills
Aggravation of Security Threat
Pressure of time to market has caused the followings:
Buggy code Design flaws New vulnerability
Security Management
Security Policy :
BS7799 Compliant Policy Design and Review Site Security Policy Acceptable Use Policy Escalation and incident response procedure
Security Audit
IT Audit
Measure regularly against best practices over time Periodic audit on Policy compliance Periodic checking and testing of security systems Assess vulnerability
Tools for Network Security
PGP (Pretty Good Privacy) / Digital Certificate
Firewall and Virtual Private Network
Host and Network Intrusion Detection
Security Surveillance – Electronic Cop
Anti-virus Software
Tools for Network Security
PGP (Pretty Good Privacy) / Digital Certificate
Firewall and Virtual Private Network
Host and Network Intrusion Detection
Security Surveillance – Electronic Cop
Anti-virus Software
Pretty Good Privacy (PGP)
PGP (Pretty Good Privacy) protects privacy of email, message and files with public key cryptography with key pair to maintain secure communications
Anti-nuclear activist Philip Zimmerman created PGP in 1991
Pretty Good Privacy (PGP) Asymmetric cryptography
Source: Wikipedia
Pretty Good Privacy (PGP) Asymmetric cryptography
Source: Wikipedia
Pretty Good Privacy (PGP) Symmetric Cipher
Source: Wikipedia
Private and Public Key pair
When A sends a private email message to B, A uses B’s public key (stored on digital keyrings i .e. a file normally called pubring.pkr in c: or a: drive) to encrypt information which can only be deciphered by using B’s private key (normally in a file called secring.skr)
Administration of PGP
PGP requires an Administrator of keyserver so that the user can send PGP public key to the PGP keyserver to authenticate the user and verify the digital signature. Sender of PGP email must retrieve the public key of email receiver to allow him to encrypt email.
Digital Signature
Can use private key of A to sign digitally so that when B receives the email, B can authenticate whether A has sent the email and whether the email has been altered while in transit.
Digital Signature
Digital Signature
Digital Signature
Limitation of PGP
Unable to decrypt any information if private keyring is lost.
Passphrase protects private key and should not be forgotten.
Digital Certificate
Tele-working through VPN authentication Secure confidential files and folders Client / server, intranet applications Capable of Web monitoring, web page authentication, web server authentication through SSL certificate A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real.
Digital Certificate
PGP vs Digital Certificate VPN Certificate Laptop
Server of Certification Authority
City
WAN Secure VPN Tunnel
VPN gateway
Firewall
Firewall Router Router Switch Switch
Workstation Computer
Workstation
Computer Mainframe
Mainframe
PGP Server Printer
Minicomputer
Server Printer
Minicomputer
USB Token
Computer Computer
PGP vs Digital Certificate PGP
Digital Certificate
No common source of trust
Trusted Certification Authority (CA)
Trust inherited from user
Trust inherited from CA
Storage Media: Hard disk, diskette
Storage Media: Token, diskette
Keys are not changed
Keys are updated periodically
User manages own keys
CA manages keys. Recovers, backup, LDAP directory
Tools for Network Security
PGP (Pretty Good Privacy) vs Digital Certificate
Firewall and Virtual Private Network
Host and Network Intrusion Detection
Security Surveillance – Electronic Cop
Anti-virus Software
Firewall
A firewall examines all traffic routed between computers and the internet to see if it meets the policy or certain criteria. If it does not meet the criteria, the traffic is stopped.
Checkpoint firewall
Firewall
Virtual Private Network
d se a Le ine L
WAN
Le a sed
Nokia VPN
Line
Secure VPN Tunnel
VPN gateway
Firewall
Firewall Router Router VPN Box
VPN Box Switch City
Workstation
Computer
Switch Workstation
Computer
City
Mainframe Mainframe
Server Printer
Minicomputer Printer
Server
Minicomputer
USB Token
Computer Computer
Nokia VPN
Precaution Against Hacking
Install and update reliable anti-virus software (e.g. McAfee or Symantec) and check system viruses regularly
Install Firewall (e.g. Check Point or Norton Personal Firewall) to prevent Internet users from getting access to sensitive data
Precaution Against Hacking
Microsoft French web site hacked
Precaution Against Hacking
Nokia web site hacked
W32.Blaster.worm Smaller users hardest hit by Blaster virus Worm programmed to attack Microsoft site on Saturday Friday, August 15, 2003
Starting Saturday (16 Aug 2003), Blaster is programmed to use these infected machines to attack the Web site Microsoft uses to distribute software updates. But no one knows how many PCs are infected.
Virus, worm and Trojan horse A
computer virus attaches itself to a program or file so it can spread from one computer to another, leaving infections as it travels.
Almost
all viruses are attached to an executable file, which means the virus may exist on your computer but it cannot infect your computer unless you run or open the malicious program.
Virus
Virus, worm and Trojan horse A
worm is similar to a virus by its design, and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book.
Worm
Virus, worm and Trojan horse The
Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer.
Virus, worm and Trojan horse Some
Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons) or they can cause serious damage by deleting files and destroying information on your system.
Trojans
are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised.
Trojan horse
Precaution Against Hacking
Download any security updates that are released by software publishers. This include software for the operating systems, firewall, intruder detection and anti-virus systems.
Precaution Against Hacking
Freeware is often the source of computer viruses. Only download from reputable website and check that the servers hosting the site are protected against viruses
Precaution Against Hacking
Do not transact e-business or access internet bank account through a public computer. Make it a habit to delete web browser cache and history after each internet session. Sensitive information in the cache and history can be accessed by others.
Precaution Against Hacking
Precaution Against Hacking
Do not open an e-mail with a suspicious attachment. Delete both the e-mail and attachment.
Do not accept the offer of the web browser to remember your password or credit-card number as the data will be stored in your computer where it may be accessible to hackers.
Precaution Against Hacking
Do not accept the offer of the web browser to remember your password or credit-card number as the data will be stored in your computer where it may be accessible to hackers.
Precaution Against Hacking
Change your password regularly and use a combination of random letters, numbers and special symbols for your password. Avoid birthday, dictionary words, vehicle number and names
Tools for Network Security
PGP (Pretty Good Privacy) vs PKI (…) vs VPN (Virtual Private Network)
Firewall
Host and Network Intrusion Detection
Security Surveillance – Electronic Cop
Anti-virus Software
Intruder Detection System Prevention – Detection – Response
Intruder detection System performs burglar alarm function Compliments firewall Must be integrated with an appropriate response framework
Network and Server Sensor Network sensor Detect attacks targeted at the Network by analyzing network traffic in realtime Attempts to shun attacks by sending TCP reset packets
Network and Server Sensor Network sensor
Network and Server Sensor
Server sensor - Detect attack and misuse at the Server e.g. Web server by analyzing system status and logs in real-time - Performs file integrity monitoring and prescripted responses
Network and Server Sensor
Server sensor
Tools for Network Security
PGP (Pretty Good Privacy)
Firewall
Host and Network Intrusion Detection
Security Surveillance – e-Cop
Anti-virus Software
e-Cop Internet Security Surveillance Service 24x7 Internet Security Surveillance
Services through Global Command Centers.
Through Investigation Services Team, it helps customers to facilitate law enforcement with forensic evidence collected.
e-Cop Internet Security Surveillance Service
e-Cop Internet Security Surveillance Service Conducts Rapid Penetration Service system
scans and report.
Provides monthly summary and ad-hoc incident reports.
Consultancy on security policy , audit and risk assessment.
Anti-Virus
Viruses can damage files, erase hard disk and steal confidential information.
Anti-virus applications detects and stops malicious files that may have been embedded along with the files downloaded of e-mail received.
Anti-Virus
Agenda (4) Systems security. (5) Exploiting Internet and intranet to enhance business operations and the challenge of integration with vendors and buyers.
Internet Search Engine AltaVista
was started by Digital Equipment Corporation employee volunteers who were trying to provide services to make finding files on the public network easier. In 1996, AltaVista became the exclusive provider of search results for Yahoo!.
Internet Search Engine Yahoo!
Was co-founded by Jerry yang and David Filo
Jerry Yang
David Filo
Internet Search Engine In
1998, Digital was sold to Compaq, and in 1999 Compaq re-launched AltaVista as a web portal, hoping to compete with Yahoo!.
Internet Search Engine After
a few changing ownership, In February 2003, AltaVista was bought by Overture Services, Inc. In October 2003, Overture itself was taken over by Yahoo!.
Internet Search Engine In
Aug. 2004, shortly after Yahoo!'s acquisition, the AltaVista site started using the Yahoo! Search technology.
Internet Search Engine In
1 Feb 2008, Microsoft bids US44.6 billion to buy over Yahoo!
Internet Search Engine The name "Google" originated from a
misspelling of “googol” which refers to 10100
Internet Search Engine A patent describing part of Google's ranking mechanism PageRank was granted on 4 Sept 2001. The patent was officially assigned to Stanford University and lists Lawrence Page as the inventor Lawrence Page
Sergey Brin
Internet Search Engine PageRank is a link analysis algorithm that assigns a numerical weighting to each element of a hyperlinked set of documents, such as World Wide Web, with the purpose of “measuring” its relative importance within the set.
Software Application Internet Architecture
Software application moves from clientserver to internet computing.
Software Application Internet Architecture
Internet computing is a platform that supports the open flow of information between systems.
Software Application Internet Architecture
Server based technology is leveraging on ubiquitous internet technology such as extensible Markup Language (XML) and HyperText Transfer Protocol (HTTP)
Internet Architecture can integrate custom internal systems, eMerchants and trading partner systems
Internet Integration
Internet integration is done through:
Application messaging Component Interfaces Business Interlinks Application Engine
Internet Integration
Internet Application Architecture Appln Messaging Processor Bus. Interlink Processor
Web Browser
Wireless
(Appln Logic)
Integration Relay Servlet
Java Enabled HTTP/HTML Web Server
User Interface Generator Query Processor Process Scheduler
JOLT Portal Servlet
Business Server Third Interlink Plug-ins Party systems Business Interlink
Appln Engine Portal Processor
SQL
External System WebLogic Server IBM WebSphere MS IIS iPlanet Web Server Apache
COM, CORBA, EJB Component Interface
Directory Server
DBMS Server
Execute Reports and Batch processes, Register repts in Portal Content Registry
Search, Content management, Home page Persoalization
LDAP
Security Mgr
SQL Access Mgr
HTTP/HTML
Component Processor
Presentation Relay Servlet
TUXEDO
HTTP/HTML
Third Party DBMS Server
Novel NDS eDirectory iPlanet Directory Server MS Active Directory
Internet Application Server Java Enabled Web Server
Commercially available web servers that support Java servlet execution. Provide execution environment for Presentation Relay Servlet, Integration Relay Servlet and Portal Servlet
Internet Application Server
Presentation Relay servlet The ERP’s Java Servlet that handles all inbound and outbound HTTP requests for ERP transactions and queries. This thin servlet acts as a relay between the external or third-party system and the core back-end integration services.
Internet Application Server Presentation Relay servlet (contd)
It receives and serves HTML, XML and WML request over HTTP and maps the data in these requests to the Component Processor and query Processor application services that execute under e.g. Tuxedo.
Internet Application Server Presentation Relay servlet (contd)
It communicates with these back-end services via e.g. BEA System JOLT
Internet Application Server
Integration Relay Servlet An ERP’s Java Servlet that handles all inbound and outbound HTTP/XML requests for the third-party system integration. This is also a thin servlet that acts as a relay between the external or third-party system and the core back-end integration services.
Internet Application Server
Integration Relay Servlet (contd) It receives and serves XML requests over HTTP and maps the data in these requests to the integration services---- Application Messaging Processor, Business Interlinks Processor, component Processor --- That execute under e.g. Tuxedo This component communicates with these back-end services via e.g. BEA Systems JOLT
Internet Application Server
Portal Servlet An ERP’s Java Servlet that handles all inbound markup language and outbound requests for the Portal. It receives and serves HTML, XML and WML requests over HTTP.
Internet Application Server
Portal Servlet It also manages all aspects of the ERP Portal such as search, content management and home page personalization. It communicates with this back-end service via e.g. BEA Systems’ JOLT
TUXEDO manages Internet Application Server Services Component Processor
A key piece of the Internet application Server. This component executes the ERP Component--- the core ERP application business logic
TUXEDO Business Interlink Processor
Manages the execution of Business Interlink Plug-Ins and their interactions with third-party systems
TUXEDO Application Messaging Processor
Manages the publishing, subscribing and delivery of Application Messages for the ERP system
TUXEDO
User Interface Generator This component dynamically generates the user interface based on the components or Query definition and generates the appropriate markup language (HTML, WML or XML) and scripting language (JavaScript, WMLScript) based on the client accessing the application
TUXEDO Security Manager
Interfaces with the Directory Server using Lightweight Directory Access Protocol (LDAP) to authenticate end users and manage their system access privileges
TUXEDO Query Processor
Executes queries defines using the ERP tools (e.g. PL/SQL, PeopleSoft Query tool)
TUXEDO Application Engine
Executes ERP Application Engine process
TUXEDO Process Scheduler
Executes reports and batch processes and registers the reports in the Portal’s Content Registry
TUXEDO SQL Access Manager
Manages all interaction with the DBMS via SQL
Agenda (6) e-business and Application Development (7) Knowledge management and the use of web parts to create self-service portal.
e-Business and Application Development e-Business is the net-enabled business
activity that transforms internal and external relationships to create value and exploit market opportunities driven by new rules of the connected economy. ---- Gartner
e-Business Integration Style A2A
Computer Minicomputer
Computer
Mainframe
Business Customers and e-Market
B2B
Enterprise
Laptop Laptop
A2A Server Computer
Server
B2B
Minicomputer
Laptop Minicomputer
Minicomputer
B2B
Minicomputer Computer
Server Computer
Computer
B2B
B2B
B2C
Laptop
A2A
Manufacturers Computer
Server
Suppliers
Laptop
Consumers
B2C
Laptop
Minicomputer
A2A
Application Development Strategies
Application development disciplines are merging to support e-business strategies. Instead of building new systems exclusively, focus is shifting to integration. Web services are emerging as the new model for e-business Application Development. Microsoft and Java architectures will dominate emerging e-business development.
Agenda (6) E-business and Application Development (7) Knowledge management and the use of web parts to create self-service portal.
Enterprise Portal for business application
Portal represents the way customers, suppliers and employees access the web-based eBusiness of the business
Enterprise Portal for business application
Portal provides
Personalized access Role-based filtering Multi-system integration Scalability Content management
Enterprise Portal for business application
Portal provides
Single sign-on Security Community support A general development framework
Enterprise Portal for business application
Enterprise Portal for business application
Types of Portal
Application focused solutions for business solution delivery (functional). E.g. SAP, Oracle, PeopleSoft
Technology focused solutions that support the underlying technology and software integration. E.g. IBM Websphere, BEA Weblogic.
Employee Self-Service Portal Site Replication Service
Clients Document and Knowledge Mgt Computer
Security
Exch Svr
Active Directory
Active Director Connector Global Address List
Access Control List
Laptop
User Mgt
Win2K Cert Service NTFS File System
Server
Exch2000 Key Mgt Service
Cell phone Hand held computer
Files Web pages e-mail message
Self-service Portal
Doc Mgt: * Profiled * Categorized * Published * Approved * Search & index engine
1/18/ 2003 Text: Text:
Storage Mgt
MySQL FoxPro Oracle
Connector Mgt
SQL Svr
Corporate Internet and Corporate Intranet ERP + CRM + MFG
MS Access
Admin & Routing Mt
Performance Tuning
Webstore (ExIFS) Text:
Public Folder Mgt
Database
Netscape My Netscape Portal
Netscape My AOL Portal
Netscape My AOL Portal
Netscape My AOL Portal
4 Major Categories of Portal Functionality
Portal Infrastructure. Portal Operations. Portal Features. Portal Presentation.
Portal Infrastructure
Integration Internationalization Platform Scalability Security Standards
Portal Infrastructure
Integration
URL-based integration Web-based screen scraping XML/XSL Legacy screen scraping API EAI
Portal Infrastructure
Internationalization
Language support Content translation service Currency support Currency translation service Support for local laws and regulations
Portal Infrastructure
Platform
Operating systems Database servers Application servers Web servers Web browsers
Portal Infrastructure
Scalability
Replication Failover Load balancing Clustering Cabling
Portal Infrastructure
Security
Authentication Authorization Login Single sign-on
Portal Infrastructure
Security (contd)
User Management Digital certificate Public key Digital signature
Portal Infrastructure
Security (contd)
Public key infrastructure Secure Sockets Layer Protocol Secure Hypertext Transfer Protocol
Portal Infrastructure
Standards HTML
Java
Subcategories
J2EE XML XSL
Portal Operations Administration Community Management Development Environment
Integrated Development Environment (IDE) Application program interface (API) Software Development Kit (SDK)
Portal Operations Ease of Upgrade
Federated Portals
Portal Features
Business Intelligence Collaboration Content Management Personalisation Search Workflow
Portal Features
Business Intelligence
Report generation Online analytical processing (OLAP) Decision support system (DSS) Data warehousing Data Mining Ad-hoc reporting
Portal Features
Collaboration
Discussion board Document sharing Chat Instant messaging Virtual whiteboard Virtual conferencing Video conferencing
Portal Features
Content Management A process of creating, submitting, accessing, approving and maintaining unstructured content from diverse sources
Portal Features
Personalization Explicit User’s profile (in LDAP) System to maintain and manage Implicit or heuristic User’s online behavior (clicked certain links or visit certain pages) Event based personalization ( HP eService, Amazon.com User’s preference personalisation)
Portal Features
Search
Boolean-based Searches Indexing Spider / Crawler / Bot Keyword (Metadata) Search Full-text Search Internet / Web Search Natural-language Search Results Ranking
Portal Features
Workflow The tasks, procedural steps, checkpoints, forms of review or approval, people, information and tools needed to complete business
Portal Features
Workflow Automation
Integrate existing applications and components within a workflow through programs such as JDBC, ODBC, EJB, CORBA or COM interface with each other
Portal Features
Workflow Automation
Alert users involved in a workflow via email, wireless SMS or directly through portal
Allow applications to initiate a workflow via an open API
Portal Presentation
End-user customization
Help
User Interface
Wireless Access
Portal Presentation
End-user customization
User interface Organization Content
Portal Presentation
Help
General Help Context sensitive Help Interactive Help Bubble Help Online Wizard
Portal Presentation User Interface
Graphic design Information Architecture Editorial Style / Content Strategy Instructions and Error Handling
Portal Presentation
Wireless Access
Subscription-based Content Push Subscription-based Alerts/notifications Workflow Process-based Alerts Interactive Querying SMS messaging Wireless Markup Language
Agenda (8) Storage Area Network (SAN) and Network Access Systems (NAS) (5)
Business Recovery Process
(7)
Best Practices
Storage Area Network
Storage Area Network (SAN) is a large external shared storage system supporting various different servers and is capable of high-speed database access
SAN + NAS = Network Storage
Storage Area Network
Network Attached Storage (NAS) is a storage element that connects to network and provides “file access services” to computer systems and network clients.
SAN and NAS SAN Server
Data Data
Server
Data
is for…. Dedicate storage Databases Client Server Applications ---Transactional systems --- ERP applications
Shared Storage
Server
NAS IP Network Server
Data
Server
Server Server
SAN
Shared information
NAS is for…. File Sharing Distributed applications ---Internet --- Web Mail --- Asset Management --- CAD / CAM
Storage Area Network (SAN) Local Area Network
Host adaptor
Host adaptor Server
Host adaptor Server
Switch / Hub
Host adaptor Server
Server
Switch / Hub
Bridge
Library Disk Array
Disk Array
Disk Array
Storage Area Networks (SAN) Advantages
Disadvantages
Storage consolidation
Require separate network
Independent of the LAN
Require mgt like LAN
Centralized storage network
Require switch, channel interface and fiber
Configure for high availability environment
Broadband connection required
Easier business recovery
SAN is expensive with broad band
Network Attached Storage (NAS)
Window Workstation
Window Workstation
F I C
Windows NT Server
S
Unix Workstation
NF
Network Attached Storage Device
Unix Workstation
S
Unix Server
A storage element that connects to a network and provides Files access service
Network Attached Storage (NAS) Advantages
Disadvantages
Data/files sharing and universal access
May require dedicated network for speed
Consolidate file servers
Not suitable for high scale application environment
Simplify data management Leveraging on high speed LAN / WAN Lower total cost of ownership
Agenda (8) Storage Area Network (SAN) and Network Access Systems (NAS) (5)
Business Recovery Process
(7)
Best Practices
Business Recovery
Disaster Recovery Scenarios
Disaster Recovery Plans
Development of Procedure and Delegation of Tasks
Business Recovery
Time-sensitive Backup Operations
Security Considerations
Policy Considerations
Business Recovery
Technical Considerations
Other Considerations
Documentation for Business Recovery
Business Recovery Scenarios
Components, sub-systems and system failure Power failure Systems software and database failure Accidental or malicious deletion and modification
Business Recovery Scenarios
Virus and hacker attack Natural disaster (Fire, water, flood, earthquake…) Man-made disaster Theft and sabotage
Business Recovery Plans
Top-down execution and responsibility accounting Bottom-up execution and responsibility accounting Top-down policy and bottom-up planning and execution
Business Recovery Plans
Develop procedure and delegation of tasks Security consideration Policy consideration Technical consideration Testing of back-up and restore procedure Documentation of procedure and configurations Conducting verification operations
Development of Procedure and delegation of tasks
Who makes the policy for files and systems for backup and redundancy and how the policy made known? Who does the backup when the assigned operator is not available? What is the procedure for administration of pass words? Should the backup occur immediately after or before regular business hours?
Development of Procedure and delegation of tasks
Where is the off-site business recovery centre? To what extend is the redundancy being set up? How often is the full and incremental backups done? How long does it take to retrieve backups from onsite and offsite storage area?
Development of Procedure and delegation of tasks
Can the offsite copies be obtained at any
time or only during business hours? How long does it take to perform a full and partial restores with verification? What is the acceptable downtime?
Development of Procedure and delegation of tasks
Who is to be notified if disaster occurs? What are the hardware and software technical support available and how long does it take to replace failed systems?
Time-sensitive back-up operations
What is the backup window? Should all backups occur outside of regular business hours? How is the backup data transferred to offsite location?
Security Considerations
Is the offsite business recovery centre secure from unauthorized access?
What has been done to make the offsite business recovery centre protected fire, flood, theft or another disaster?
What is the procedure for the designated personnel to access the offsite business recovery centre?
Policy considerations
Is there a policy in place for business recovery for the whole organization?
Are all modified files to be backup or does company policy specify only critical files or files of certain users, groups, departments or divisions?
Policy considerations
Are any disks or volumes or certain systems not to be backed up?
Are users responsible for their back up and technical support?
Technical Considerations
Are logs created and saved for future reference? What is the policy for house keeping of logs?
Is the backup done to a local tape drive, remotely over the LAN or remotely over the wide area network (WAN)?
Technical Considerations
Are computers and systems equipped with notification through SMS power outages? Are they connected to UPS?
What is the process in place for dealing with unforeseen occurrences during a backup or restore?
Other Considerations
What are the possible disaster scenarios? Are there recovery procedures to those disasters?
What backup software to use?
How many copies of backup to be kept?
What are the backup medium?
Documentation for Business Recovery
Is the policy and procedure documented and kept in a safe place?
Are all media labeled with date, back up type. Server being backed up?
Documentation for Business Recovery
Are there backup catalogs and log files?
Are the contact for hardware and software support for business recovery properly documented?
Documentation for Business Recovery
Is there a documentation for verification operation to compare files on the disk and files on the backup media?
Is there documentation maintaining configuration and system information? Documents should include manual and warranties from vendors, insurance policy, tool kits, add-ons, training guides.
Documentation for Business Recovery
Is there software configuration information and backup procedure?
Any documentation on the version, service packs installed, hot fixes installed ?
Agenda (8) Storage Area Network (SAN) and Network Access Systems (NAS) (5)
Business Recovery Process
(7)
Best Practices
Best Practices
Develop backup and restore strategies and test them Use reliable hardware and perform stress test Create labs that mirror production environment Test deployments in lab before deploying in production
Best Practices
Train appropriated personnel Remove single point of failure Apply the latest Service pack to resolve known issues and improve server reliability
Best Practices
Backup before and after every major state changes Monitor symptoms and events that lead to failure Update document regularly for any changes Keep a copy of the installation media, hardware and software configuration in the offsite location
Thank you
Agenda (1) Mission of the IT Department. (2) Value added Services. (3) IT infrastructure for business enterprise.
Agenda (4) Systems security. (5) Exploiting Internet and intranet to enhance business operations and the challenge of integration with partners, vendors and buyers.
Agenda (6) e-business and Application Development. (7) Knowledge management and the use of web parts to create self-service portal.
Agenda (8) Storage Area Network (SAN) and Network Access Systems (NAS). (5)
Business Recovery Process.
(7)
Best Practices.
Agenda (1) Mission of the IT Department. (2) Value added Services. (3) IT infrastructure for business enterprise.
Mission of an IT Department
To provide technology vision and directions for effective use of Information Technology for the group of companies in the business.
To use Information Technology to leverage on Business.
Mission of an IT Department
Mission of Hennepin County Medical Center
Agenda (1) Mission of the IT Department. (2) Value added Services. (3) IT infrastructure for business enterprise.
Value Added services of a Group IT Department
Technology directions and strategies.
Group initiatives on group systems and group procurements.
Knowledge sharing and technology transfer.
Enforcement of policy and group practice.
Value Added services of an IT Department
To provide technical support, establishing and implementing IT process and application development. To enhance business workflow with IT infrastructure, tools, applications, skilled manpower and information management.
Value Added services of an IT Department
Value Added services of an IT Department
Value Added services of an IT Department
Value Added services of an IT Department
Agenda (1) Mission of the IT Department (2) Value added Services. (3) IT infrastructure for business enterprise.
IT infrastructure
CAN, PAN, LAN and WAN.
Wireless LAN :
Security issues Coverage Stability
IT infrastructure Network Type
Wired
LAN PAN
IEEE 802.3(Ethernet) IEEE 1394 USB
MAN
Broadband(DSL, cable)
MAN
Wireless IEEE 802.11X IEEE 802.15.1 IEEE 802.15.3 IEEE 802.15.4 IEEE 802.16
LAN
Wide Area Network Infrastructure Wuhan Shanghai Beijing
China
New Delhi
Mumbai
Singapore
N
E
Medan
Binta mb ps
Frame Relay Cloud
Le as ed Lin e2
India
Pune
s mbp 1 ine L d se Lea
Nan Tong
Indonesia
Padang 12 5 e
Lin d s se kbp a Le
Jakarta
IT infrastructure of a Business Enterprise Roaming Users
Internet
Router
LAN
LAN
Intruder Detection Web server
LAN
Firewall
LAN iPass Server Mail Svr
LANs in overseas
RAS
Router
LAN
LAN at Internet Service Provider
LAN
LAN LAN
Local LANs E-Cop
Router Router Switch Firewall
Firewall
Server
Firewall Switch LAN
LAN at Business Recovery Site
Computer Computer
ComputerComputerComputerServerMainframe Laptop
Computer Laptop
Computer
Minicomputer
LAN at HQ
Computer
Anti-virus svr Computer
Server Server Server
Laptop
Computer
Radius server
Minicomputer
Roaming Users
Wireless LAN of NUS Network Controller
Lapto p
Network Multi-layer Switch
Network Switch Computer
Access Point
Serve r
Network Multi-layer Switch
Network Multi-layer Switch Network Multi-layer Switch
Network Multi-layer Switch
Hand held computer Cell phone
Agenda (4) Systems security. (5) Exploiting Internet and intranet to enhance business operations and the challenge of integration with vendors and buyers.
Source of Security Threat
Security issues :
People Process Technology
Source of Security Threat
Security can be compromised through:
Attack through internet Employee misuse Computer virus Vandalism Denial of services
Aggravation of Security Threat
Multiple connections into corporate network
e-Business operates 7x24
Shortage of security skills
Aggravation of Security Threat
Pressure of time to market has caused the followings:
Buggy code Design flaws New vulnerability
Security Management
Security Policy :
BS7799 Compliant Policy Design and Review Site Security Policy Acceptable Use Policy Escalation and incident response procedure
Security Audit
IT Audit
Measure regularly against best practices over time Periodic audit on Policy compliance Periodic checking and testing of security systems Assess vulnerability
Tools for Network Security
PGP (Pretty Good Privacy) / Digital Certificate
Firewall and Virtual Private Network
Host and Network Intrusion Detection
Security Surveillance – Electronic Cop
Anti-virus Software
Tools for Network Security
PGP (Pretty Good Privacy) / Digital Certificate
Firewall and Virtual Private Network
Host and Network Intrusion Detection
Security Surveillance – Electronic Cop
Anti-virus Software
Pretty Good Privacy (PGP)
PGP (Pretty Good Privacy) protects privacy of email, message and files with public key cryptography with key pair to maintain secure communications
Anti-nuclear activist Philip Zimmerman created PGP in 1991
Pretty Good Privacy (PGP) Asymmetric cryptography
Source: Wikipedia
Pretty Good Privacy (PGP) Asymmetric cryptography
Source: Wikipedia
Pretty Good Privacy (PGP) Symmetric Cipher
Source: Wikipedia
Private and Public Key pair
When A sends a private email message to B, A uses B’s public key (stored on digital keyrings i .e. a file normally called pubring.pkr in c: or a: drive) to encrypt information which can only be deciphered by using B’s private key (normally in a file called secring.skr)
Administration of PGP
PGP requires an Administrator of keyserver so that the user can send PGP public key to the PGP keyserver to authenticate the user and verify the digital signature. Sender of PGP email must retrieve the public key of email receiver to allow him to encrypt email.
Digital Signature
Can use private key of A to sign digitally so that when B receives the email, B can authenticate whether A has sent the email and whether the email has been altered while in transit.
Digital Signature
Digital Signature
Digital Signature
Limitation of PGP
Unable to decrypt any information if private keyring is lost.
Passphrase protects private key and should not be forgotten.
Digital Certificate
Tele-working through VPN authentication Secure confidential files and folders Client / server, intranet applications Capable of Web monitoring, web page authentication, web server authentication through SSL certificate A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real.
Digital Certificate
PGP vs Digital Certificate VPN Certificate Laptop
Server of Certification Authority
City
WAN Secure VPN Tunnel
VPN gateway
Firewall
Firewall Router Router Switch Switch
Workstation Computer
Workstation
Computer Mainframe
Mainframe
PGP Server Printer
Minicomputer
Server Printer
Minicomputer
USB Token
Computer Computer
PGP vs Digital Certificate PGP
Digital Certificate
No common source of trust
Trusted Certification Authority (CA)
Trust inherited from user
Trust inherited from CA
Storage Media: Hard disk, diskette
Storage Media: Token, diskette
Keys are not changed
Keys are updated periodically
User manages own keys
CA manages keys. Recovers, backup, LDAP directory
Tools for Network Security
PGP (Pretty Good Privacy) vs Digital Certificate
Firewall and Virtual Private Network
Host and Network Intrusion Detection
Security Surveillance – Electronic Cop
Anti-virus Software
Firewall
A firewall examines all traffic routed between computers and the internet to see if it meets the policy or certain criteria. If it does not meet the criteria, the traffic is stopped.
Checkpoint firewall
Firewall
Virtual Private Network
d se a Le ine L
WAN
Le a sed
Nokia VPN
Line
Secure VPN Tunnel
VPN gateway
Firewall
Firewall Router Router VPN Box
VPN Box Switch City
Workstation
Computer
Switch Workstation
Computer
City
Mainframe Mainframe
Server Printer
Minicomputer Printer
Server
Minicomputer
USB Token
Computer Computer
Nokia VPN
Precaution Against Hacking
Install and update reliable anti-virus software (e.g. McAfee or Symantec) and check system viruses regularly
Install Firewall (e.g. Check Point or Norton Personal Firewall) to prevent Internet users from getting access to sensitive data
Precaution Against Hacking
Microsoft French web site hacked
Precaution Against Hacking
Nokia web site hacked
W32.Blaster.worm Smaller users hardest hit by Blaster virus Worm programmed to attack Microsoft site on Saturday Friday, August 15, 2003
Starting Saturday (16 Aug 2003), Blaster is programmed to use these infected machines to attack the Web site Microsoft uses to distribute software updates. But no one knows how many PCs are infected.
Virus, worm and Trojan horse A
computer virus attaches itself to a program or file so it can spread from one computer to another, leaving infections as it travels.
Almost
all viruses are attached to an executable file, which means the virus may exist on your computer but it cannot infect your computer unless you run or open the malicious program.
Virus
Virus, worm and Trojan horse A
worm is similar to a virus by its design, and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book.
Worm
Virus, worm and Trojan horse The
Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer.
Virus, worm and Trojan horse Some
Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons) or they can cause serious damage by deleting files and destroying information on your system.
Trojans
are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised.
Trojan horse
Precaution Against Hacking
Download any security updates that are released by software publishers. This include software for the operating systems, firewall, intruder detection and anti-virus systems.
Precaution Against Hacking
Freeware is often the source of computer viruses. Only download from reputable website and check that the servers hosting the site are protected against viruses
Precaution Against Hacking
Do not transact e-business or access internet bank account through a public computer. Make it a habit to delete web browser cache and history after each internet session. Sensitive information in the cache and history can be accessed by others.
Precaution Against Hacking
Precaution Against Hacking
Do not open an e-mail with a suspicious attachment. Delete both the e-mail and attachment.
Do not accept the offer of the web browser to remember your password or credit-card number as the data will be stored in your computer where it may be accessible to hackers.
Precaution Against Hacking
Do not accept the offer of the web browser to remember your password or credit-card number as the data will be stored in your computer where it may be accessible to hackers.
Precaution Against Hacking
Change your password regularly and use a combination of random letters, numbers and special symbols for your password. Avoid birthday, dictionary words, vehicle number and names
Tools for Network Security
PGP (Pretty Good Privacy) vs PKI (…) vs VPN (Virtual Private Network)
Firewall
Host and Network Intrusion Detection
Security Surveillance – Electronic Cop
Anti-virus Software
Intruder Detection System Prevention – Detection – Response
Intruder detection System performs burglar alarm function Compliments firewall Must be integrated with an appropriate response framework
Network and Server Sensor Network sensor Detect attacks targeted at the Network by analyzing network traffic in realtime Attempts to shun attacks by sending TCP reset packets
Network and Server Sensor Network sensor
Network and Server Sensor
Server sensor - Detect attack and misuse at the Server e.g. Web server by analyzing system status and logs in real-time - Performs file integrity monitoring and prescripted responses
Network and Server Sensor
Server sensor
Tools for Network Security
PGP (Pretty Good Privacy)
Firewall
Host and Network Intrusion Detection
Security Surveillance – e-Cop
Anti-virus Software
e-Cop Internet Security Surveillance Service 24x7 Internet Security Surveillance
Services through Global Command Centers.
Through Investigation Services Team, it helps customers to facilitate law enforcement with forensic evidence collected.
e-Cop Internet Security Surveillance Service
e-Cop Internet Security Surveillance Service Conducts Rapid Penetration Service system
scans and report.
Provides monthly summary and ad-hoc incident reports.
Consultancy on security policy , audit and risk assessment.
Anti-Virus
Viruses can damage files, erase hard disk and steal confidential information.
Anti-virus applications detects and stops malicious files that may have been embedded along with the files downloaded of e-mail received.
Anti-Virus
Agenda (4) Systems security. (5) Exploiting Internet and intranet to enhance business operations and the challenge of integration with vendors and buyers.
Internet Search Engine AltaVista
was started by Digital Equipment Corporation employee volunteers who were trying to provide services to make finding files on the public network easier. In 1996, AltaVista became the exclusive provider of search results for Yahoo!.
Internet Search Engine Yahoo!
Was co-founded by Jerry yang and David Filo
Jerry Yang
David Filo
Internet Search Engine In
1998, Digital was sold to Compaq, and in 1999 Compaq re-launched AltaVista as a web portal, hoping to compete with Yahoo!.
Internet Search Engine After
a few changing ownership, In February 2003, AltaVista was bought by Overture Services, Inc. In October 2003, Overture itself was taken over by Yahoo!.
Internet Search Engine In
Aug. 2004, shortly after Yahoo!'s acquisition, the AltaVista site started using the Yahoo! Search technology.
Internet Search Engine In
1 Feb 2008, Microsoft bids US44.6 billion to buy over Yahoo!
Internet Search Engine The name "Google" originated from a
misspelling of “googol” which refers to 10100
Internet Search Engine A patent describing part of Google's ranking mechanism PageRank was granted on 4 Sept 2001. The patent was officially assigned to Stanford University and lists Lawrence Page as the inventor Lawrence Page
Sergey Brin
Internet Search Engine PageRank is a link analysis algorithm that assigns a numerical weighting to each element of a hyperlinked set of documents, such as World Wide Web, with the purpose of “measuring” its relative importance within the set.
Software Application Internet Architecture
Software application moves from clientserver to internet computing.
Software Application Internet Architecture
Internet computing is a platform that supports the open flow of information between systems.
Software Application Internet Architecture
Server based technology is leveraging on ubiquitous internet technology such as extensible Markup Language (XML) and HyperText Transfer Protocol (HTTP)
Internet Architecture can integrate custom internal systems, eMerchants and trading partner systems
Internet Integration
Internet integration is done through:
Application messaging Component Interfaces Business Interlinks Application Engine
Internet Integration
Internet Application Architecture Appln Messaging Processor Bus. Interlink Processor
Web Browser
Wireless
(Appln Logic)
Integration Relay Servlet
Java Enabled HTTP/HTML Web Server
User Interface Generator Query Processor Process Scheduler
JOLT Portal Servlet
Business Server Third Interlink Plug-ins Party systems Business Interlink
Appln Engine Portal Processor
SQL
External System WebLogic Server IBM WebSphere MS IIS iPlanet Web Server Apache
COM, CORBA, EJB Component Interface
Directory Server
DBMS Server
Execute Reports and Batch processes, Register repts in Portal Content Registry
Search, Content management, Home page Persoalization
LDAP
Security Mgr
SQL Access Mgr
HTTP/HTML
Component Processor
Presentation Relay Servlet
TUXEDO
HTTP/HTML
Third Party DBMS Server
Novel NDS eDirectory iPlanet Directory Server MS Active Directory
Internet Application Server Java Enabled Web Server
Commercially available web servers that support Java servlet execution. Provide execution environment for Presentation Relay Servlet, Integration Relay Servlet and Portal Servlet
Internet Application Server
Presentation Relay servlet The ERP’s Java Servlet that handles all inbound and outbound HTTP requests for ERP transactions and queries. This thin servlet acts as a relay between the external or third-party system and the core back-end integration services.
Internet Application Server Presentation Relay servlet (contd)
It receives and serves HTML, XML and WML request over HTTP and maps the data in these requests to the Component Processor and query Processor application services that execute under e.g. Tuxedo.
Internet Application Server Presentation Relay servlet (contd)
It communicates with these back-end services via e.g. BEA System JOLT
Internet Application Server
Integration Relay Servlet An ERP’s Java Servlet that handles all inbound and outbound HTTP/XML requests for the third-party system integration. This is also a thin servlet that acts as a relay between the external or third-party system and the core back-end integration services.
Internet Application Server
Integration Relay Servlet (contd) It receives and serves XML requests over HTTP and maps the data in these requests to the integration services---- Application Messaging Processor, Business Interlinks Processor, component Processor --- That execute under e.g. Tuxedo This component communicates with these back-end services via e.g. BEA Systems JOLT
Internet Application Server
Portal Servlet An ERP’s Java Servlet that handles all inbound markup language and outbound requests for the Portal. It receives and serves HTML, XML and WML requests over HTTP.
Internet Application Server
Portal Servlet It also manages all aspects of the ERP Portal such as search, content management and home page personalization. It communicates with this back-end service via e.g. BEA Systems’ JOLT
TUXEDO manages Internet Application Server Services Component Processor
A key piece of the Internet application Server. This component executes the ERP Component--- the core ERP application business logic
TUXEDO Business Interlink Processor
Manages the execution of Business Interlink Plug-Ins and their interactions with third-party systems
TUXEDO Application Messaging Processor
Manages the publishing, subscribing and delivery of Application Messages for the ERP system
TUXEDO
User Interface Generator This component dynamically generates the user interface based on the components or Query definition and generates the appropriate markup language (HTML, WML or XML) and scripting language (JavaScript, WMLScript) based on the client accessing the application
TUXEDO Security Manager
Interfaces with the Directory Server using Lightweight Directory Access Protocol (LDAP) to authenticate end users and manage their system access privileges
TUXEDO Query Processor
Executes queries defines using the ERP tools (e.g. PL/SQL, PeopleSoft Query tool)
TUXEDO Application Engine
Executes ERP Application Engine process
TUXEDO Process Scheduler
Executes reports and batch processes and registers the reports in the Portal’s Content Registry
TUXEDO SQL Access Manager
Manages all interaction with the DBMS via SQL
Agenda (6) e-business and Application Development (7) Knowledge management and the use of web parts to create self-service portal.
e-Business and Application Development e-Business is the net-enabled business
activity that transforms internal and external relationships to create value and exploit market opportunities driven by new rules of the connected economy. ---- Gartner
e-Business Integration Style A2A
Computer Minicomputer
Computer
Mainframe
Business Customers and e-Market
B2B
Enterprise
Laptop Laptop
A2A Server Computer
Server
B2B
Minicomputer
Laptop Minicomputer
Minicomputer
B2B
Minicomputer Computer
Server Computer
Computer
B2B
B2B
B2C
Laptop
A2A
Manufacturers Computer
Server
Suppliers
Laptop
Consumers
B2C
Laptop
Minicomputer
A2A
Application Development Strategies
Application development disciplines are merging to support e-business strategies. Instead of building new systems exclusively, focus is shifting to integration. Web services are emerging as the new model for e-business Application Development. Microsoft and Java architectures will dominate emerging e-business development.
Agenda (6) E-business and Application Development (7) Knowledge management and the use of web parts to create self-service portal.
Enterprise Portal for business application
Portal represents the way customers, suppliers and employees access the web-based eBusiness of the business
Enterprise Portal for business application
Portal provides
Personalized access Role-based filtering Multi-system integration Scalability Content management
Enterprise Portal for business application
Portal provides
Single sign-on Security Community support A general development framework
Enterprise Portal for business application
Enterprise Portal for business application
Types of Portal
Application focused solutions for business solution delivery (functional). E.g. SAP, Oracle, PeopleSoft
Technology focused solutions that support the underlying technology and software integration. E.g. IBM Websphere, BEA Weblogic.
Employee Self-Service Portal Site Replication Service
Clients Document and Knowledge Mgt Computer
Security
Exch Svr
Active Directory
Active Director Connector Global Address List
Access Control List
Laptop
User Mgt
Win2K Cert Service NTFS File System
Server
Exch2000 Key Mgt Service
Cell phone Hand held computer
Files Web pages e-mail message
Self-service Portal
Doc Mgt: * Profiled * Categorized * Published * Approved * Search & index engine
1/18/ 2003 Text: Text:
Storage Mgt
MySQL FoxPro Oracle
Connector Mgt
SQL Svr
Corporate Internet and Corporate Intranet ERP + CRM + MFG
MS Access
Admin & Routing Mt
Performance Tuning
Webstore (ExIFS) Text:
Public Folder Mgt
Database
Netscape My Netscape Portal
Netscape My AOL Portal
Netscape My AOL Portal
Netscape My AOL Portal
4 Major Categories of Portal Functionality
Portal Infrastructure. Portal Operations. Portal Features. Portal Presentation.
Portal Infrastructure
Integration Internationalization Platform Scalability Security Standards
Portal Infrastructure
Integration
URL-based integration Web-based screen scraping XML/XSL Legacy screen scraping API EAI
Portal Infrastructure
Internationalization
Language support Content translation service Currency support Currency translation service Support for local laws and regulations
Portal Infrastructure
Platform
Operating systems Database servers Application servers Web servers Web browsers
Portal Infrastructure
Scalability
Replication Failover Load balancing Clustering Cabling
Portal Infrastructure
Security
Authentication Authorization Login Single sign-on
Portal Infrastructure
Security (contd)
User Management Digital certificate Public key Digital signature
Portal Infrastructure
Security (contd)
Public key infrastructure Secure Sockets Layer Protocol Secure Hypertext Transfer Protocol
Portal Infrastructure
Standards HTML
Java
Subcategories
J2EE XML XSL
Portal Operations Administration Community Management Development Environment
Integrated Development Environment (IDE) Application program interface (API) Software Development Kit (SDK)
Portal Operations Ease of Upgrade
Federated Portals
Portal Features
Business Intelligence Collaboration Content Management Personalisation Search Workflow
Portal Features
Business Intelligence
Report generation Online analytical processing (OLAP) Decision support system (DSS) Data warehousing Data Mining Ad-hoc reporting
Portal Features
Collaboration
Discussion board Document sharing Chat Instant messaging Virtual whiteboard Virtual conferencing Video conferencing
Portal Features
Content Management A process of creating, submitting, accessing, approving and maintaining unstructured content from diverse sources
Portal Features
Personalization Explicit User’s profile (in LDAP) System to maintain and manage Implicit or heuristic User’s online behavior (clicked certain links or visit certain pages) Event based personalization ( HP eService, Amazon.com User’s preference personalisation)
Portal Features
Search
Boolean-based Searches Indexing Spider / Crawler / Bot Keyword (Metadata) Search Full-text Search Internet / Web Search Natural-language Search Results Ranking
Portal Features
Workflow The tasks, procedural steps, checkpoints, forms of review or approval, people, information and tools needed to complete business
Portal Features
Workflow Automation
Integrate existing applications and components within a workflow through programs such as JDBC, ODBC, EJB, CORBA or COM interface with each other
Portal Features
Workflow Automation
Alert users involved in a workflow via email, wireless SMS or directly through portal
Allow applications to initiate a workflow via an open API
Portal Presentation
End-user customization
Help
User Interface
Wireless Access
Portal Presentation
End-user customization
User interface Organization Content
Portal Presentation
Help
General Help Context sensitive Help Interactive Help Bubble Help Online Wizard
Portal Presentation User Interface
Graphic design Information Architecture Editorial Style / Content Strategy Instructions and Error Handling
Portal Presentation
Wireless Access
Subscription-based Content Push Subscription-based Alerts/notifications Workflow Process-based Alerts Interactive Querying SMS messaging Wireless Markup Language
Agenda (8) Storage Area Network (SAN) and Network Access Systems (NAS) (5)
Business Recovery Process
(7)
Best Practices
Storage Area Network
Storage Area Network (SAN) is a large external shared storage system supporting various different servers and is capable of high-speed database access
SAN + NAS = Network Storage
Storage Area Network
Network Attached Storage (NAS) is a storage element that connects to network and provides “file access services” to computer systems and network clients.
SAN and NAS SAN Server
Data Data
Server
Data
is for…. Dedicate storage Databases Client Server Applications ---Transactional systems --- ERP applications
Shared Storage
Server
NAS IP Network Server
Data
Server
Server Server
SAN
Shared information
NAS is for…. File Sharing Distributed applications ---Internet --- Web Mail --- Asset Management --- CAD / CAM
Storage Area Network (SAN) Local Area Network
Host adaptor
Host adaptor Server
Host adaptor Server
Switch / Hub
Host adaptor Server
Server
Switch / Hub
Bridge
Library Disk Array
Disk Array
Disk Array
Storage Area Networks (SAN) Advantages
Disadvantages
Storage consolidation
Require separate network
Independent of the LAN
Require mgt like LAN
Centralized storage network
Require switch, channel interface and fiber
Configure for high availability environment
Broadband connection required
Easier business recovery
SAN is expensive with broad band
Network Attached Storage (NAS)
Window Workstation
Window Workstation
F I C
Windows NT Server
S
Unix Workstation
NF
Network Attached Storage Device
Unix Workstation
S
Unix Server
A storage element that connects to a network and provides Files access service
Network Attached Storage (NAS) Advantages
Disadvantages
Data/files sharing and universal access
May require dedicated network for speed
Consolidate file servers
Not suitable for high scale application environment
Simplify data management Leveraging on high speed LAN / WAN Lower total cost of ownership
Agenda (8) Storage Area Network (SAN) and Network Access Systems (NAS) (5)
Business Recovery Process
(7)
Best Practices
Business Recovery
Disaster Recovery Scenarios
Disaster Recovery Plans
Development of Procedure and Delegation of Tasks
Business Recovery
Time-sensitive Backup Operations
Security Considerations
Policy Considerations
Business Recovery
Technical Considerations
Other Considerations
Documentation for Business Recovery
Business Recovery Scenarios
Components, sub-systems and system failure Power failure Systems software and database failure Accidental or malicious deletion and modification
Business Recovery Scenarios
Virus and hacker attack Natural disaster (Fire, water, flood, earthquake…) Man-made disaster Theft and sabotage
Business Recovery Plans
Top-down execution and responsibility accounting Bottom-up execution and responsibility accounting Top-down policy and bottom-up planning and execution
Business Recovery Plans
Develop procedure and delegation of tasks Security consideration Policy consideration Technical consideration Testing of back-up and restore procedure Documentation of procedure and configurations Conducting verification operations
Development of Procedure and delegation of tasks
Who makes the policy for files and systems for backup and redundancy and how the policy made known? Who does the backup when the assigned operator is not available? What is the procedure for administration of pass words? Should the backup occur immediately after or before regular business hours?
Development of Procedure and delegation of tasks
Where is the off-site business recovery centre? To what extend is the redundancy being set up? How often is the full and incremental backups done? How long does it take to retrieve backups from onsite and offsite storage area?
Development of Procedure and delegation of tasks
Can the offsite copies be obtained at any
time or only during business hours? How long does it take to perform a full and partial restores with verification? What is the acceptable downtime?
Development of Procedure and delegation of tasks
Who is to be notified if disaster occurs? What are the hardware and software technical support available and how long does it take to replace failed systems?
Time-sensitive back-up operations
What is the backup window? Should all backups occur outside of regular business hours? How is the backup data transferred to offsite location?
Security Considerations
Is the offsite business recovery centre secure from unauthorized access?
What has been done to make the offsite business recovery centre protected fire, flood, theft or another disaster?
What is the procedure for the designated personnel to access the offsite business recovery centre?
Policy considerations
Is there a policy in place for business recovery for the whole organization?
Are all modified files to be backup or does company policy specify only critical files or files of certain users, groups, departments or divisions?
Policy considerations
Are any disks or volumes or certain systems not to be backed up?
Are users responsible for their back up and technical support?
Technical Considerations
Are logs created and saved for future reference? What is the policy for house keeping of logs?
Is the backup done to a local tape drive, remotely over the LAN or remotely over the wide area network (WAN)?
Technical Considerations
Are computers and systems equipped with notification through SMS power outages? Are they connected to UPS?
What is the process in place for dealing with unforeseen occurrences during a backup or restore?
Other Considerations
What are the possible disaster scenarios? Are there recovery procedures to those disasters?
What backup software to use?
How many copies of backup to be kept?
What are the backup medium?
Documentation for Business Recovery
Is the policy and procedure documented and kept in a safe place?
Are all media labeled with date, back up type. Server being backed up?
Documentation for Business Recovery
Are there backup catalogs and log files?
Are the contact for hardware and software support for business recovery properly documented?
Documentation for Business Recovery
Is there a documentation for verification operation to compare files on the disk and files on the backup media?
Is there documentation maintaining configuration and system information? Documents should include manual and warranties from vendors, insurance policy, tool kits, add-ons, training guides.
Documentation for Business Recovery
Is there software configuration information and backup procedure?
Any documentation on the version, service packs installed, hot fixes installed ?
Agenda (8) Storage Area Network (SAN) and Network Access Systems (NAS) (5)
Business Recovery Process
(7)
Best Practices
Best Practices
Develop backup and restore strategies and test them Use reliable hardware and perform stress test Create labs that mirror production environment Test deployments in lab before deploying in production
Best Practices
Train appropriated personnel Remove single point of failure Apply the latest Service pack to resolve known issues and improve server reliability
Best Practices
Backup before and after every major state changes Monitor symptoms and events that lead to failure Update document regularly for any changes Keep a copy of the installation media, hardware and software configuration in the offsite location
Thank you
Related Documents
Objective
June 2020 12
Objective
November 2019 23
Study Objective
May 2020 3
Perfomance Objective
August 2019 23
Objective-ques
July 2020 8
Objective Questions
May 2020 7More Documents from ""