Electronic Government Flagship...

GOVERNMENT OF MALAYSIA

Electronic GovernmentFlagship Application

Electronic GovernmentInformation Technology

Policy & Standards

Malaysian Administrative Modernisation andManagement Planning Unit (MAMPU)

Prime Minister’s DepartmentMALAYSIA

Multimedia Super Corridor

July 1, 1997Version 1.0

Copyright1997 Government of Malaysia

of 59 EGIT July 1997

Document Management Responsibility

The maintenance of this document is the responsibility of the MAMPU. Therefore, all updates willbe approved by MAMPU prior to reissue.

Document Control

Electronic Government Information Technology

Copy # ______

is controlled and has been issued to

______________________________________

Controlled copies may not be duplicated.

Revisions will be provided to controlled holders of this document.

Revision History Log

The revisions which have been made to this document are:

Section(s) Affected:

Description of Changes:

Revision byName:Signature:

Date:

Approved byName:Signature:

Date:


Table of Contents

PREFACE........................................................................................................................................ 5

1. SUMMARY OF INTENT ....................................................................................................... 61.1 Primary Audience ............................................................................................................ 61.2 Scope and Objective ......................................................................................................... 61.3 How to Use This Document.............................................................................................. 6

2. INTRODUCTION ................................................................................................................... 72.1 About This Document ...................................................................................................... 72.2 EGIT — A Policy ............................................................................................................. 82.3 EGIT Framework................................................................................................................ 10

2.3.1 Strategies.............................................................................................................. 112.3.1.1 Open Systems Standards....................................................................................... 112.3.1.2 Client/Server Model of Computing ....................................................................... 132.3.1.3 Internet/Intranet .................................................................................................... 142.3.1.4 Collaboration for evolutionary integration ............................................................ 142.3.1.5 Multimedia Services ............................................................................................. 15

3. ENABLING TECHNOLOGIES........................................................................................... 163.1 Overview .............................................................................................................................. 163.2 Devices ............................................................................................................................ 16

3.2.1 Mobile and Desktop Computers ...................................................................................... 163.2.2 Network Devices .................................................................................................. 163.2.3 Workstations ........................................................................................................ 17

3.3 User Services................................................................................................................... 183.3.1 Graphical User Interfaces...................................................................................... 18

3.3.1.1 Windowing Environment.......................................................................................... 183.3.1.2 Internet Browser Environment .............................................................................. 18

3.3.2 Component Interfaces ........................................................................................... 193.4 Business Logic Services.................................................................................................. 20

3.4.1 Object Management.............................................................................................. 203.4.2 Naming and Directory........................................................................................... 213.4.3 Time Services ....................................................................................................... 213.4.4 Security Services................................................................................................... 22

3.4.4.1 Authentication and Authorisation.......................................................................... 223.4.4.2 Audit Controls...................................................................................................... 233.4.4.3 Enhanced Security Services................................................................................... 233.4.4.3.1 Standard Security Features..................................................................................... 233.4.4.3.2 Digital Signature ................................................................................................... 243.4.4.3.3 Pretty Good Privacy............................................................................................... 243.4.4.3.4 Secure Electronic Transactions .............................................................................. 243.4.4.4 Security Administration ............................................................................................ 25

3.4.5 Systems Management ........................................................................................... 253.4.6 Messaging Services .............................................................................................. 26

3.4.6.1 Mail Messaging........................................................................................................ 263.4.6.2 Electronic Data Interchange ...................................................................................... 26

3.4.7 Transaction Processing Services ........................................................................... 273.5 Data Services .................................................................................................................. 28

3.5.1 Database Services................................................................................................. 283.5.1.1 Relational Database Management Systems ........................................................... 283.5.1.2 Object-Oriented Database Management Systems .................................................. 293.5.1.3 Data Access Components ..................................................................................... 29

3.5.2 File Services ......................................................................................................... 303.5.2.1 File Transfer Services ........................................................................................... 303.5.2.2 File Formats ......................................................................................................... 30


3.5.3 Other Data Services .............................................................................................. 303.5.3.1 Multimedia ........................................................................................................... 313.5.3.2 Spatial Data.......................................................................................................... 313.5.3.3 Textual Data......................................................................................................... 313.5.3.4 Multi-dimensional Data ........................................................................................ 31

3.6 Communication .............................................................................................................. 333.6.1 Introduction .......................................................................................................... 33

3.6.1.1 Communication Services Drivers .......................................................................... 333.6.1.2 Communication Services Enabling Technologies.................................................. 33

3.6.2 Transport Layer .................................................................................................... 343.6.3 Network Layer...................................................................................................... 35

3.6.3.1 Network Security .................................................................................................. 353.6.3.2 Network Naming and Addressing ......................................................................... 363.6.3.3 Network Architectures .......................................................................................... 36

3.6.3.3.1 Local Area Networks................................................................................... 363.6.3.3.2 Wide Area Networks ................................................................................... 37

3.6.4 Physical Layer ...................................................................................................... 373.7 Inter Process Communication ....................................................................................... 38

3.7.1 Remote Procedure Call ......................................................................................... 383.7.2 Interprocess Messaging......................................................................................... 383.7.3 Object Request Broker.......................................................................................... 39

3.8 Application Development Environment ....................................................................... 403.8.1 Choice of multiple programming model ................................................................ 403.8.2 Support for multiple programming languages ....................................................... 403.8.3 Universal extensibility .......................................................................................... 403.8.4 Portable Codes ..................................................................................................... 41

3.9 Operating Environment................................................................................................. 423.9.1 Platforms .............................................................................................................. 42

3.9.1.1 Servers.................................................................................................................. 423.9.2 High Availability Systems .................................................................................... 43

4. COMPUTER SUPPORTED CO-OPERATIVE WORK TECHNOLOGIES................... 454.1 GroupWare..................................................................................................................... 464.2 Workflow Management ................................................................................................. 474.3 Electronic Forms ............................................................................................................ 474.4 Document Management................................................................................................. 484.5 Imaging Systems ............................................................................................................ 484.6 Videoconferencing .......................................................................................................... 484.7 Calendaring and Scheduling Systems........................................................................... 49

APPENDIX A - LIST OF STANDARDS..................................................................................... 50Devices........................................................................................................................................ 50User Services.............................................................................................................................. 50Business Logic Services............................................................................................................. 50Data Services.............................................................................................................................. 51Communication Services........................................................................................................... 52Inter-Process Communication .................................................................................................. 53Application Development Environment................................................................................... 53Operating Environment ............................................................................................................ 53

GLOSSARY................................................................................................................................... 54


Preface

This document was developed through the collaborative efforts of specialists from theWeb-Shapers participating in the Electronic Government Flagship initiative. Thisinitiative is one of seven under the auspices of the Multimedia DevelopmentCorporation (MDC) and the Malaysian Administrative Modernization and InformationTechnology Unit (MAMPU) of the Prime Minister’s Department, Government ofMalaysia.

Led by the Common Infrastructure Team, a sub-team of the Electronic GovernmentProject Team, this effort could not have been successfully completed without thededicated participation of the Web-Shapers. Due acknowledgement is thereforeaccorded to the specialists/representatives of the following Web-Shaper organizationsand lead government agencies:

MDCMAMPUAT&T Communication ServicesElectronic Data SystemsMicrosoft (Malaysia) Sdn. Bhd.Nippon Telegraph and Telephone CorporationOracle Systems Malaysia Sdn. Bhd.Sun MicrosystemsTelekom Malaysia BerhadCelcom Technologies Sdn. Bhd.Other Government Lead Agencies

This document defines a high-level information technology policy framework for acommon infrastructure. It assists in the implementation of Electronic Government asenvisioned by the Malaysian Government. Also, it provides an overview of the mostrelevant technologies, and applicable and current standards that are required for thedesign of new systems that will inter-operate with a variety of existing systems.

In view of the rapidly emerging technology affecting systems and applications, it has tobe a dynamic document and updated regularly.

Common Infrastructure TeamElectronic Government Flagship ApplicationMAMPUKuala Lumpur1st July 1997.


1. Summary of Intent1.1 Primary Audience

The primary audience for this document is intended to be Malaysian GovernmentAgencies and Multimedia Development Corporation personnel responsible for makingdecisions about information technology, and those organizations desiring to providesystems for the Malaysian Government that conform to this set of policies.

1.2 Scope and Objective

This document establishes Malaysian Electronic Government Information Technologypolicy so those individuals who make decisions about the acquisition and application ofvarious technologies will have a basis for those decisions. In light of the large numberof technology-related decisions made daily, coupled with the desire to leverage existingand future capabilities, this document provides a direction. This document:

• Provides an overview of each technology appropriate for Electronic Government

• States Malaysian Electronic Government policy about the specified technologiesand provide details on the components involved

• Provides, in Appendix A, a list of current standards that should be considered indesigning new systems solutions

The purpose of this document is not to standardize on a set of applications or fileformats. The purpose is to standardize on mechanisms that allow for theimplementation of Electronic Government. EGIT outlines a methodology for differentgovernment agencies to inter-operate with a variety of existing architectures.Standards for intra-office communications are not specifically addressed in thisdocument but will be addressed in the Electronic Government Implementation IssuesDocument.

1.3 How to Use This Document

Each topic within the document has the following structure:

• Introductory material — Explains the specific technology so that readers have atleast a high-level understanding. For some topics, examples are included toillustrate some of the factors that influence policy decisions.

• Policy — States the Malaysian Government policy concerning the specifictechnology (if applicable).

• Standards — List high-level standards, both open system standards and de-factostandards in Appendix A. While open system standards are embraced as the mostdesirable state for the industry to move in, de-facto standards are emerging whichcannot be ignored. In some cases, de-facto may be more desirable than openstandards, which are not complete or not widely approved by available products.


2. Introduction2.1 About This Document

Electronic Government Information Technology Policy and Standards (EGIT)document establishes the definition and concept of systems based upon widelyaccepted non-proprietary standards for the Government of Malaysia, and vendorsdesiring to provide information technology solutions to it. It establishes policies toimplement an IT infrastructure that can support Electronic Government InformationTechnology Policy and a common set of technologies that will allow PCs, networkdevices, and other clients to work with servers over any network. These policies willprotect the Malaysian Government’s investment by allowing mainframes, client/server,Internet and Intranets, and distributed software to work together. Furthermore, thisdocument provides a framework to protect the Malaysian Government from gettinglocked into specific technologies or adopting dead-end solutions. It focuses onbridging software that will allow heterogeneous architectures to interoperate.

The policies described in this document, support a network centric approach tocomputing that leverages both Internet / Intranet and component-based technology.The focus on the document is how to integrate different platforms into a seamlessarchitecture.

The policy described in this document implements three key enablers:

• A distributed n-tier client/server computing architecture,

• Objects—highly modular software components for constructing applicationsrapidly, and

• An interoperability strategy to distribute components across the enterprise and tointegrate existing data sources.


2.2 EGIT — A Policy

The Electronic Government Information Technology (EGIT) architecture assumesthree layers for computing. These layers are:

• USER (Presentation),

• BUSINESS LOGIC, and

• DATA

Encapsulating all enterprise business policies and services in one place allows thedevelopment teams to focus all of their effort in building extensible, easily manageablebusiness components, and integrate these components transparently with back-end dataand front-end applications. And because all of the business logic is centrally managed,changes can be quickly made, and all clients will automatically be affected by thechanges instantly.

The advantages of this approach are:

• Shared Business Logic

• Client Platform Independence

• Distributed Computing Simplified Deployment/Administration

Figure 1 - A typical 3-Layer Computing Model

UserServices

DataServices

Business Logic

Services


The EGIT Policy and Standards document does not define the client or dictate whatservices are to be available at a given time. Rather, EGIT recommends that services bedefined as manageable objects that can run across all three layers. EGIT does notdictate a standard client nor does it recommend specific applications.

The goal is to create an architecture that supports a variety of devices to include butare not limited to:

• Personal Computers (PCs),

• Personal Digital Assistants (PDAs),

• Kiosks,

• Network Computers (NCs) and,

• NetPCs.

The User layer provides interfaces to IT systems for citizens, businesses andgovernment. The design goal for EGIT is to encourage offering services to the largestnumber of Malaysians possible.

The Business Logic layer is the level where services are provided to the network.These services include but are not limited to:

• Naming Services,

• Time Services,

• Directory Services,

• Security Services,

• Application Services,

• Message Services,

• Transaction Processing Services.

These services can reside on multiple hosts or they can reside on a single host. It isalso possible to establish a three-tier architecture inside a single machine as long aseffort is made to isolate the business policies.

The Data layer is a logical repository of information that is needed for processing ofapplications. This tier can have different data stores that interoperate. The data tieralso provides services such as create, retrieve, update and delete to access the datarepository.

In conclusion, the EGIT is a combination of policies and standards to deploydistributed application architecture for Electronic Government environment.


2.3 EGIT Framework

The Electronic Government Information Technology Framework (EGIT) provides astandard reference point for addressing various basic information technologies. SeeFigure 2.

Figure 2 – EGIT Framework

This Framework has five major areas:

• Devices

• User Services

• Logic Services

• Data Services

• Communication

The Inter Process Communications provide the communication vehicle among theUser, Logic and Data Services layers, while the Application Development Environmentcreates an overall application development platform for the EGIT Framework.

Each layer is divided into components. EGIT definitions focus on the interface forrequesting to and receiving services from each component.

Qualities that are applicable to all layers and components are:

• Security

DatabaseServices

FileServices

OtherData

Services

ObjectMgmt.

Naming &Directory

TimeServices

SecurityServices

SystemMgmt.

MessagingMessagingServicesServices

TransactionTransactionProcessingProcessing

ServicesServicesLO

GIC

Desktop Computers

Network Devices Mobile Computers

Work Stations

DE

VIC

ES

G.U.I. Component Interface

US

ER

SC

OM

M.

DA

TA

MANAGEABILITY

SECURITY AVAILABILITY

INTERNATIONALIZATION

SE

RV

ICE

S

INT

ER

-PR

OC

ES

S

CO

MM

UN

ICA

TIO

NS

TRANSPORT LAYERTRANSPORT LAYER

NETWORK LAYERNETWORK LAYER

PHYSICAL LAYERPHYSICAL LAYER

AP

PL

ICA

TIO

N D

EV

EL

OP

ME

NT

EN

VIR

ON

ME

NT


• Availability

• Manageability

• Internationalization

Application systems, as a part of the Malaysian Electronic Government businessprocesses, are critical components that are best enabled by the followingcharacteristics:

• Portability — Application systems will operate on various platforms regardless ofmanufacturer or operating system.

• Flexibility — An application will have the capability to take advantage of newtechnologies and resources, and can be implemented in changing environments.Flexibility contributes to lower overall costs by allowing procurement of softwareand hardware from multiple sources.

• Interoperability — Applications and computers from different suppliers will havethe capability to work together on a network and to connect to each other, sharedata and processes as appropriate.

• Scalability — Application systems will migrate as a client or server to machines ofgreater or lesser power, depending upon requirements, with little or no change tothe underlying components.

• Usability — Application systems will be easy to use. They will enhance andsupport rather than limit or restrict business processes. Human interfaces need tobe intuitive and consistent with other application systems in the environment andwithin themselves in purpose and use.

• Manageability — Applications, hardware, and software will be capable of beingmanaged and easy to operate.

2.3.1 Strategies

The Government of Malaysia advocates the following strategies as the best means toachieve the desired enabling characteristics:

• Open systems standards to provide the information technology frameworknecessary to implement electronic government.

• Client/Server multi-tiered architecture to enable the decomposition of complexbusiness problems into discrete services.

• Internet/Intranet environment to enable communication and accessibility toinformation and people.

• Multimedia interaction between government, business and citizens to deliverservices.

• Collaboration between government and industry as a strategy to guide ongoinginitiatives in an evolutionary manner toward the end-state of a commoninformation infrastructure.

2.3.1.1 Open Systems Standards

While open systems standards are embraced as the most desirable state for the industryto move in, de-facto standards are emerging which cannot be ignored. The opensystems process, by its very nature, will never move forward as rapidly as the process


of de-facto standard creation. De-facto standards must be recognised, and in somecases may be more desirable than open standards, which are not complete or notwidely supported by available products.

“Open systems” refers to products and technologies that have been designed andimplemented according to open interfaces. Interfaces are considered open if theirspecifications are readily and non-discriminatorily available to all suppliers, serviceproviders, and users, and are revised only with timely notice and public process.

It is recognized that an open systems strategy based on accepted standards providesthe Malaysian government with the best means to assemble and assimilate readilyavailable pieces of technology to meet their citizen’s needs. It is also recognized thatopenness is not achieved until multiple companies adopt and implement thosestandards.

Several organizations have developed and continue to maintain standards for opensystems. International standards may be superseded by Malaysian national standards.Some standards organizations are as follows:

International Standards Bodies:

• International Organization for Standardization (ISO) and InternationalElectrotechnical Commission (IEC). These bodies form a joint technicalcommittee on Information Technology and issue standards on numerous subjectsranging from hardware and software to information processing. ISO consists ofthe national standards organizations of 120 member nations and IEC consists ofnational committees from 53 member nations.

• International Telecommunications Union-Telecommunications StandardizationSector (ITU-T) (formerly named Consultative Committee on InternationalTelephony and Telegraphy [CCITT]) — This body, responsible for worldwidetelecommunications standards, makes technical recommendations about telephone,telegraph, and data communication interfaces. ITU-T is part of the United Nationstreaty organization called International Telecommunications Union (ITU). ISOand ITU-T sometimes co-operate on issues of telecommunications standards. ISOis a member of ITU-T.

• X/Open Company, Ltd. — This consortium of end users, software suppliers, andcomputer manufacturers is international in scope and influence.

• Institute of Electrical and Electronics Engineers (IEEE) — The IEEE setsstandards for various communications and systems interfaces. IEEE is defining thePortable Operating System based on UNIX (POSIX) standards that the U.S.government has adopted.

• ETSI - ETSI was set up in 1988 to set standards for Europe intelecommunications and, in cooperation with the European Broadcasting Union(EBU) and CEN/CENELEC respectively, the related fields of broadcasting andoffice information technology.


• Software Engineering Institute (SEI) — The SEI is a federally funded researchand development center established in 1984 by Congress with a broad charter toaddress the transition of software engineering technology. The SEI is an integralcomponent of Carnegie Mellon University and is sponsored by the DefenseAdvanced Research Projects Agency.

National Standards Body:

• Department of Standard, Malaysia (DSM)

• Other national bodies involved in standards in this area

• Jabatan Sekuriti Negara

• Jabatan Bekalan Elektrik dan Gas (JBEG)

• Jabatan Telekomunikasi Malaysia (JTM)

Foreign standards bodies: —

The Malaysian Government may have to incorporate standards from organizations thatare based in various other countries. These organizations include American NationalStandards Institute (ANSI), British Standards Institution (BSI), French Association forStandardization (or Association Français de Normalisation [AFNOR]), GermanIndustrial Standards Institute (or Deutsche Institut fur Normung [DIN]), and JapaneseIndustrial Standards Committee (JISC). Examples of de jure standards are ANSISQL, X.509, US Department of Defense Transmission Control Protocol / InternetProtocol (TCP/IP) and IEEE 802.3.

In addition, de facto standards exist and are adopted because of wide use oracceptance. Examples of de facto standards include Adobe’s Postscript, Microsoft’sWIN32, Java, Winsock and Open Database Connectivity (ODBC). The Governmentof Malaysia may incorporate prevalent de facto and industry consortia standards asappropriate.

2.3.1.2 Client/Server Model of Computing

Client/server, a software-defined model for computing, is generally characterised bythe division of an application into components with the capability for each componentto run on different networked computers (clients), with one or more serverscoordinating the application. This division of work permits components to be sized andpositioned where appropriate and distributes the computing power requirementsinherent in single platform solutions. Client/server allows specialised components to bemixed and matched to achieve the best results.

The client/server model consists of two categories — the clients and the servers. Theclient requests services provided by one or more servers. The server provides theservice, possibly in conjunction with other servers, and returns the results to the client.The client/server model includes the following characteristics:

• The client and the server can interact seamlessly.

• Generally, the client and the server are located on separate platforms and areconnected by a network.


• Either the client or the server can be changed without changing the other.

• The client and server functions are independent and may interchange roles whenappropriate.

• The server can serve multiple clients concurrently, and conversely, a client canaccess multiple servers.

2.3.1.3 Internet/Intranet

The Internet environment strategy is based on the tools, standards, and techniquesprecipitated by the public Internet and associated market forces. The public Internet, acollaborative, international group of service providers, adheres to basic de factostandards when exchanging information. Primary service providers form the core ofthe public Internet, which is loosely governed by the efforts and standards of theInternet Engineering Task Force (IETF). The Internet Engineering Task Force (IETF)is a large international group open to anyone wishing to join that sets standards for theInternet. No single entity strictly controls the public Internet. Internet serviceproviders must follow standards, but no entity enforces compliance; the system policesitself. If an organisation deviates from the standards, it loses the benefits of universalconnectivity. Other associated groups, such as InterNIC and the Internet Society, carryout central functions. InterNIC registers companies that are connected to the Internet,while the Internet Society has various engineering committees that make technicalrecommendations.

The Internet provides significant business value to users by providing a ready-madeinfrastructure for network connectivity and tool-enabled capabilities. Internet networkand application protocol standards allow for rapid sharing of information, dynamicapplication deployment, and leveraged network operations. Many architectural issues,such as platform independence and middleware, are already addressed by using thisstrategy.

Intranet describes when an organisation implements Internet tools and standards acrosstheir internal network. Intranets frequently provide access to the public Internetthrough firewalls, which provide security and controlled access between the networks.

The Internet and Intranet environment strategy dictates that Internet tools andstandards will have broad applicability as the basis for application development andevolution within the Malaysian Electronic Government Project. The exceptions to thisstrategy are high online transaction requirements, advanced security requirements, orstrict levels of guaranteed online performance.

Several policies have been identified at the technology topic level in Sections 3 and 4of this document.

2.3.1.4 Collaboration for evolutionary integration

The Malaysian Government’s strategy for implementing Electronic Government is oneof collaboration with leading systems integrators and vendors in order to ensure a win-win situation for both public and private sectors. Successful and sustainableimplementations are assured by involving private sector business in the selection of


architectures and standards to be used in systems to be provided for ElectronicGovernment.

2.3.1.5 Multimedia Services

The term "multimedia" refers to the combination of different categories of works ontoa single medium. This medium can refer to media such as disk, compact disk, or otherstorage device; or it can refer to information sent over a network. Multimedia ormixed media usually refers to some combination of audio, imagery, video and text.

Multimedia is becoming an increasingly important enabler for computers and networksto serve as communication tools. Computers (with networks as the delivery tool) cannow act in much the same way as a telephone, television, radio or chalkboard.


3. Enabling Technologies3.1 OverviewThis section describes the enabling technologies that can serve as a reference point to EGIT. Theframework touches on the devices, user services, business logic services, data services andcommunication services.

3.2 DevicesDevices provide the underlying and supporting environment for the users. It describes the devicecomponents that the end-users are interfacing with. The following are the devices described in thisframework.

3.2.1 Mobile and Desktop Computers

Mobile and desktop computers are devices that contain a central processing unit(CPU), and provide a user interface, typically a Graphical User Interface (GUI), aswell as personal productivity tools, local data storage, and a flexible method foraccessing and manipulating data. Mobile computers are used to support those workersthat require the capability of working in different locations on a regular basis, allowingthem to essentially take their office with them to these locations as needed. Desktopcomputers are used primarily to support the general office work place.

Mobile computers are characterised by their portability. Networks must be speciallyconfigured to allow Mobile computers to use the network resources.

Dynamic Host Configuration Protocol (DHCP) is the mechanism that allows mobileand desktop computers to be assigned a temporary IP address for each session. Point-to-Point Protocol (PPP) is the mechanism that allows a TCP/IP link to exist over astandard telephone connection. Internet Message Access Protocol (IMAP 4) and PostOffice Protocol (POP) are protocols that allow mobile computer to access mail on theservers from multiple locations.

Policy

Combine components that provide flexible, scalable and easy-to-use mobile anddesktop computers that support the client/server model of computing, dataaccess, and multimedia. Implement mobile computing using DHCP, PPP andIMAP 4 standards.

3.2.2 Network Devices

Network Devices contain a CPU and provide a user interface, typically a GUI.Network devices must be connected to a network because applications areoccasionally loaded from a network server. Local storage may be used for cache.

Examples of Network Devices include NCs, NetPCs and network appliances. The NCReference Profile consists of a set of open standards and guidelines, which form the


basis of a NC. The NetPC reference platform specifies industry standard componentsin a “sealed” case.

NCs and NetPCs are two different implementations targeted to reduce administrationcosts and increase user productivity where a limited number of functions are required.NCs and NetPCs can be considered for applications that are traditional terminalapplications, such as data entry, point-of-sale or order-tracking systems.

NetPCs and NCs are targeted for Internet/Intranet based applications. NetPCs alsoallows the user some level of access to Win32 applications.

Policy

When network devices are used, they must conform to established openstandards. Consider NCs or NetPCs as alternative to traditional terminals.

3.2.3 Workstations

Workstations are more powerful and higher-end computer systems predominantly usedin high-intensive compute applications such as computer-aided design, computer-aidedmanufacturing, computer-aided engineering, application development, multimedia,graphics and decision support data analysis presentation.

Policy

Combine components that provide flexible, scalable, and easy-to-useworkstations. Use operating systems that comply with standard interfaces, whereapplicable, for long-term usability.


3.3 User Services

User services refer to the way a user interacts with a computer, including the displayand manipulation of information and the user’s method of input and navigationthroughout a system. User services are not limited to a visual display of information ona screen. All sensory areas vision, tactile, hearing, speech, taste, and smell arenow viable input/output channels to a user interface. Effective selection and use ofinput/output devices such as the mouse, touch screen, and data glove areconsiderations in the design of a complete user interface.

Technology is evolving to support improved user interfaces. The enhanced technologyroughly coincides with the improvements in the price/performance ratios of computerand telecommunications technology. Interface technology will grow more complex asmore diverse technology becomes available. It is imperative that designers balance theuse of technology and the resulting complexities with the business requirements for agiven situation.

3.3.1 Graphical User Interfaces

Graphical user interfaces (GUIs) are preferred over character-based interfaces andblock-mode (IBM 3270 type) interfaces because GUIs are more flexible andresponsive to user needs. GUIs promote consistent user interaction across a widerange of applications. GUIs mask the complexity of the heterogeneous networkedenvironment and facilitate the user’s learning and navigation of the system.

The Internet changes the world by introducing low-cost communicationimplementation that allows users to connect to the network in a global environmentand delivering multimedia capabilities into the mainstream. With the change, it alsointroduces new interfaces, such as Internet browsers.

3.3.1.1 Windowing Environment

The overarching goal of the windowing user interface environment is to make computing even easierto use for all people. The windowing environment should be scaleable to fit the proficiency andpreferences of the individuals. For novices, the most common and essential features of the windowingenvironment, such as launching an application, task switching and finding a file, are easily"discoverable" via the taskbar. For experienced users, a windowing environment promotes efficiency,customizability, and control via such power-user capabilities, rich secondary mouse-button clicking,property sheets, and shortcuts.

3.3.1.2 Internet Browser Environment

Internet browsers are client applications that provide an interface environment to theWorld Wide Web (WWW). The first WWW clients were text-mode line browsers thatsupported the hyperlink concept, allowing documents to contain pointers to otherdocuments regardless of location. Hypertext Markup Language (HTML) has beenenhanced to support richer data types such as images, sound, and video; web browsers


have evolved into multimedia tools. This includes interface components, plug-ins andserver-side scripting.

• Interface components are small applications embedded into the HTML document.Two major mechanisms exist - Java and ActiveX. Both of these mechanisms allowapplications to be delivered over the network. Generally speaking, ActiveXprovides a higher level of control over the target machine while Java provides lesscontrol but more security and runs over a larger number of devices.

• Plug-ins allows additional functionality through the implementation of standardclients. The advantage to using plug-ins is that they provide much greaterenhanced functionality. The major obstacles using plug-ins is that not all plug-insare available for all environments.

• Server-side scripting allows HTML to pass information back to a back-end serverfor processing for example CGI and ISAPI.

Policy

Select technologies that support multiple platforms GUI, and navigationalcapabilities as defined by the current open standards.

3.3.2 Component Interfaces

Standardizing on the components allows different applications to interoperate andreuse the same components. An analogy of this can be seen in a computer which canbe broken down to a variety of components to include; disk drives, monitor, memory,CPU, etc. Similarly, the goal of component software is to standardize the interfacesbetween software components so that they too can work together seamlessly. Avariety of component interfaces exist today, including COM/DCOM, and Cobra's IDL(Interface Definition Language). Component interfaces can be used in conjunctionwith Object Oriented Programming.

Component interfaces create an application independent target for application developers.Developers do not have to know or care what the client application is as long as they know what thetarget component interface is.


3.4 Business Logic Services

The advent of applications that are distributed across networks with multiple servershas created the need for services that facilitate their use, security, and management.Business Logic Services ensure that consistency and integrity are maintained acrossdistributed applications and systems. This section addresses the following topics:

• Object Management

• Naming and Directory

• Time Services

• Security Services

• Systems Management

• Messaging Services

• Transaction Processing Services

3.4.1 Object Management

Object management provides uniform rules for retaining, naming, and setting thesecurity of objects. Objects are software components that consist of properties (datatypes, attributes) and methods (functions, procedures). An Object Manager tracks thecreation and use of objects and manages the global namespace. The namespaceincludes all named objects in the local computer environment. The object namespace isorganised in a hierarchical manner. Some of the objects that can have names include

• Directory objects

• Data objects

• Symbolic link objects

• Semaphore and event objects

• Process and thread objects

• Section and segment objects

• Port objects

• File objects

The industry has standardized on two Object models, namely CORBA andCOM/DCOM. CORBA is OMG’s (Object Management Group) distributed objectmodel, which is the mechanism that allows objects to communicate between differentoperating environments. The other model is Microsoft’s distributed model, DCOM, anetwork aware implementation of Object Linking and Embedding (OLE). Objectbridges are being introduced to allow DCOM to work seamlessly with CORBA. EGITpolicy is to standardize on both CORBA and DCOM through the implementation ofObject bridges.

Policy

Use Object management services to communicate between differentarchitectures. Use object bridges to allow objects to interoperate seamlesslybetween CORBA and DCOM.


3.4.2 Naming and Directory

Naming and directory services are needed to locate resources on the network. Theseservices provide the means for identifying and retrieving information about objects onthe network. An object is a specific resource on the network, such as a computer,application, file, electronic mailbox, printer, or router. Information that can beretrieved about an object varies according to the object and the name or directoryservice providing the information.

Naming and directory services are related in the functions they provide, but distinctdifferences exist. A naming service locates and retrieves information about an objectsolely by the name of the object. In a directory service, objects are identified andretrieved based on their attributes where one of the attributes is its name. This serviceprovides the additional capability of searching for all objects that have one or moreparticular attributes — for example, “What are the names of all Malaysian Government

A consistent, globally unique naming and addressing scheme is the key element insuccessfully implementing networked applications and environments. The names needto be logical and meaningful to the system users and other applications. A name shouldconform to the following three principles:

• Alphanumeric format that clearly conveys the built-in meaning

• Unique within its domain

• Not overly encoded or in numeric format, except for security purposes

Policy

Names and addresses of network entities must be globally unique to constructenterprise networks.

Applications that have requirements for a full function directory service shouldconform to open directory standards. Applications that require a naming servicemust select a naming system that integrates with a directory system.

3.4.3 Time Services

Time services are established to ensure consistency and accuracy of time and datesacross distributed systems. Synchronisation is a special problem in networks ofmultiple servers because each one has its own clock and its own time reference.

Time services prevent problems in Local Area Networks (LANs) and Wide AreaNetworks (WANs) by synchronising multiple clients and servers with a time standard.Clock synchronisation enables distributed applications to determine the sequencing,duration, and scheduling of events independently of where they occur.

There are three common Internet-based time protocols that include:

• The Time Protocol (RFC 868) provides a simple way for a system to poll for the current timefrom a time-server. This is the recommended way to calibrate devices connected to a LAN.


• The Network Time Protocol, or NTP (RFC 1305), is a much more sophisticated protocol whichallows a system to continuously synchronize its clock against multiple time- servers (to protectagainst transiently misbehaving servers), with adjustment for network latency and clock drift.

• The Simple Network Time Protocol, or SNTP (RFC 1769), is a simplified RFC 1305implementation for clients. This allows a client to take advantage of some of the features of anRFC 1305 service without a full RFC 1305 implementation.

Policy

Time synchronisation over a network is required and should be implementedusing the appropriate standard services such as RFC 868, RFC 1305 and RFC1769.

3.4.4 Security Services

Security minimises the vulnerabilities of information assets and resources byimplementing access and usage policy, authenticating subjects or users, authorisingaccess to resources, and providing assurance that the systems are in compliance withsecurity policy. The security function must be able to support and provide allmechanisms required of the security policy. These mechanisms include the following:

• Authentication

• Authorisation

• Audit controls

• Enhanced services

• Administration

Operating systems usually provide these security mechanisms but often require thirdparty or additional software to meet customer-specific criteria. Applications and theirdata must be secured in conformance to Malaysian Government security standards,where appropriate.

Additional policies relating to security and network interconnections are also defined withinthe “Network Security” section.

3.4.4.1 Authentication and Authorisation

Authentication verifies the identity of a user or entity, where an entity is a process,machine, or service. Authentication may be accomplished using various methods suchas user ID, password, digital signature, biometrics devices, challenge response devices,or smart cards. Authentication may be accomplished by the use of machine identifiersand trusted third-party authentication mechanisms, to provide peer-to-peerauthentication. The capability to detect inactivity and to require new verification alsoneeds to be supported.

Authorisation is the process of determining whether the use of resources is permitted,and of granting appropriate system, network, or resource access. Authorisation alsodeters attempts to gain unauthorised access. The scope of authorisation includesresources within a domain and resources that span multiple domains.


Policy

Use a security mechanism that can authenticate a user or entity, authorise accessrights, and provide administrative capabilities. The security mechanism mustsupport authentication methods using encryption, if required.

3.4.4.2 Audit Controls

Audit controls ensure policy compliance, assess vulnerability to determine preventivemeasures, and analyse ongoing activities.

Audit controls ensure that the system’s security state and configuration files have notchanged since the prior check. Vulnerability checks prevent problems by alerting systemmanagers to potential security violations.

Audit trail analysis and journaling tools provide user accountability and misusedetection by determining who did what, when, and how. These tools interceptunauthorised activities, allow investigations of suspected problems, and can determisuse by providing accountability checks for user and system activities.

Policy

Ensure that activity on a system can be traceable to an authorised person orentity. Use security systems with thresholds that can be set to alert systemsmanagement if the thresholds are exceeded.

3.4.4.3 Enhanced Security Services

Enhanced security services define other security services that further protect anenvironment. Transactions over the Internet posed may security challenge. Methods,procedures and standards in this area have been established to address thesechallenges.

These services include the following:

3.4.4.3.1 Standard Security Features

• Encryption/Decryption — Encryption provides security for information while in transit orin storage by converting plain text to cypher-text. Decryption is the process of convertingcyphertext back into plaintext. This is done in conjunction with the use of public/private keys.

• Integrity — Protects the quality (consistency) of data from unauthorised modification,unauthorised deletion, and unauthorised creation. The Message Digestion Algorithm providesthis protection.

• Non-repudiation — Confirms the receipt and origin of data

• Label-invoked security — Assigns security measures based on a label (for example, secret orconfidential) attached to the information

• Virus control — Provides antivirus capabilities to ensure the detection and removal of virusesfrom systems.

Policy

Use the enhanced security services required, implemented in a standards compliant manner.


3.4.4.3.2 Digital Signature

According to the Malaysian Government Digital Signature Bill 1997 (DR 2/97), digitalsignature refers to a transformation of a message using an asymmetric cryptosystemsuch that a person having the initial message and the signer’s public key can accuratelydetermine: (a) whether the transformation was created using the private key; and (b)whether the message has been altered since the transformation was made.

The ITU-T Recommendation X.509 defines a framework for the provision ofauthentication services, under a central control paradigm represented by a "Directory".It describes two levels of authentication: simple authentication, using a password as averification of claimed identity; and strong authentication, involving credentials formedby using cryptographic techniques. It has been implemented, as a de facto standard thatintends to define the data needed for remote certification.

X.509 Certificates need a "Directory" service that deals with the users. This means thatX.509 needs "Certification Authorities", or CAs, that must be able to (i) issue"standard" X.509 certificates and, (ii) make it possible to have their validityintrinsically verifiable by the user. In other words, the purpose of a CertificateAuthority is to bind a public key to the common name of the certificate, and thusassure third parties that some measure of care was taken to ensure that this binding isvalid. The CAs themselves are usually "self-certified" or depend on a CA that is "self-certified". Users may use any CA or any number of CAs, depending on their locationand ease of access. The different CAs are in general independent, even in the samecountry.

Policy

Use digital signature implementation that conforms to X.509 Certificatestandard, in accordance to the Malaysian Government Digital Signature Bill1997 (DR 2/97).

3.4.4.3.3 Pretty Good Privacy

PGP (short for Pretty Good Privacy) is a highly secure public key encryption program.Over the past few years, PGP has got thousands of adherent supporters all over theglobe and has become a de-facto standard for encryption of email on the Internet. E-mail messages are just too easy to intercept and scan for interesting keywords. Thiscan be done easily, routinely, automatically, and undetectably on a grand scale. PGPempowers people to take their privacy into their own hands.

PGP 2.6.3i is the most flexible, up-to-date version of PGP available today.

3.4.4.3.4 Secure Electronic Transactions

The Secure Electronic Transactions (SET) standard is an industry-wide protocoldesigned to safely transmit sensitive personal and financial information over public


networks. SET protocol contains cryptographic technology that provides on-linetransaction security that is equivalent or superior to the safeguards in present physical,mail and telephone card transactions.

To meet the security needs of bank card transactions over public networks, SETprotocol uses cryptography and related technology to:

• provide confidentiality of information about financial data

• ensure payment integrity

• authenticate merchants, banks, and

• cardholders during SET transactions.

The level of security incorporated into SET, based in part on RSA's Public-Key Cryptosystem, provides a solution that could virtually eliminate fraudulent bank cardtransactions on the Internet. This can in turn, help generate the consumer confidenceneeded to accelerate the growth of on-line shopping, and reduce overall costs forfinancial institutions, merchants, and credit card customers.

Policy

For transaction based application over the Internet, use products that compliesto SET standard for securing the transactions.

3.4.4.4 Security Administration

Security administration becomes necessary especially when sharing resources. Thereare many levels of security measures that can be taken, i.e. data (including databases),applications, sub-systems, system and network levels security.

Generally, the database, systems and network administration tools would have alreadyaddressed the administration of security in the respective areas. Malicious use of thesetools can make a system vulnerable, for example, network sniffing tend to createexposure of the whole system. Thus, the area of security administration is more thanjust a technological issue.

Policy

Choose security administration tools that are integrated with the requiredcomponents. Where third party security administration tools are required,choose one that supports the accepted standard.

3.4.5 Systems Management

Systems management uses procedures and tools that maintain the integrity andefficiency of information technology resources. Proper Systems Management ensuresproper planning, configuring, and problem handling of information technologyresources. Network management, resource management, distributed databaseadministration, software distribution, systems administration, and security systems allfall within the scope of systems management.


Policy

Use the systems management tools and procedures required to provide management servicesas described above. Use tools based on widely accepted standards, where available.

3.4.6 Messaging Services

Electronic Messaging Services, including Electronic Mail and Electronic DataInterchange (EDI), are integral to any strategy. Adherence to internationallyrecognized standards such as Electronic Mail Messaging (X.400) and Simple MailTransfer Protocol/Multipurpose Internet Mail Extensions (SMTP/MIME) for E-mailand the United Nation’s EDIFACT for EDI allows for the easy interchange ofmessages between applications and systems. Standard Messaging APIs such asCommon Messaging Call (CMC) or Messaging Application Programming Interface(MAPI) should be used to provide access to directory services, message store &forward and electronic transport capabilities of messaging systems.

3.4.6.1 Mail Messaging

Message-Oriented Middleware (MOM) has become an increasingly importanttechnology. MOM is the middleware that allows independent applications to exchangedata simply by sending simple messages. MOM system ensures message delivery byusing reliable queues and by providing the directory, security, and administrativeservices required to support messaging. Most MOM environments are available on avariety of platforms, including IBM mainframes, NT servers, Unix servers, and PCs,and network protocols including SNA, TCP/IP, and NetBIOS. MOM technologyprovides a single uniform environment for building and maintaining distributedapplications across these diverse platforms and networks. Many user organizationsbelieve that MOM technology is well designed to support client/server transactionalapplications, particularly those that involve mainframe databases.

3.4.6.2 Electronic Data Interchange

EDI is a strategic business solution that facilitates the transfer of business data(purchase orders, invoices, manifests, etc.) in a computer-processable form from thecomputer-supported business applications in one company to those in another. EDIprovides many benefits, the elimination of data re-keying is important when confrontedwith the fact that 70% of data keyed into a computer is taken from a computer-produced document. Besides the reduction of clerical errors and improved dataaccuracy, EDI also provides improved customer service, reduced costs and deliverytimes, faster trading cycle, lower administration costs and improved cash flow.

If EDI is being utilized in the corporation, the messaging technology must providesenterprise-wide automated EDI translation supporting the most commonly used EDIstandards including EDIFACT, X12, UCS, WINS etc.

Policy

Adopt messaging services that conform to international messaging systemstandards. Integrate disparate systems via a network backbone solution ratherthan use point-to-point solutions.


3.4.7 Transaction Processing Services

A key enabler of distributed processing is having a Distributed Transaction Processing(DTP) capability. DTP systems provide the services required to manage and processdistributed transactions in a heterogeneous computing environment. Services providedmay include the following:

• Concurrency control

• Failure isolation

• Dynamic load balancing

• Configuration management

• Message queue management

• Two-phase commit

• Transactional remote procedure call (RPC)

The XA Compliant DTP architecture defines a standard interface that allows multipleapplication programs to share resources, provided by multiple, and possibly different,resource managers that support access to various data stores. XA is an industrystandard developed by the X/Open standards committee.

A DTP environment consists of three tiers:

• The Application Program (AP),

• The Transaction Manager (TM) and

• The Resource Manager (RM),

The XA environment decomposes the Database so that transaction processing (TP)and the AP are not tightly coupled. The TP runs at the Business Logic Service layeroutlined in previous section.

Policy

Choose transaction processing monitors or distributed transaction servers basedon open standards that are XA compliant and comply with the 3-tier computingmodel.


3.5 Data Services

Data services that must be considered are:

• Database Services

• File Services

• Other Data Services

3.5.1 Database Services

Database services provide applications with storage and access to structured andunstructured data in a distributed environment. Database technology is used to supportthese functions.

Database technology is evolving at a fast pace. Data storage and access have maturedfrom simple flat files into sophisticated Database Management Systems (DBMS) basedon hierarchical, networking, and relational data models. Object-oriented technologyalso provides a new DBMS paradigm — the object oriented database management system(OODBMS) — based on the Object model.

Current and future trends for databases focus on DBMS based on the relational andobject models or on a hybrid of the two. The hybrid DBMS may extend the relationalmodel to support aspects of the object model such as complex data types (for example,voice and image) and encapsulation (the packaging of an object’s data and processes).The hybrid DBMS may also extend the object model to support aspects of therelational model such as Structured Query Language (SQL).

In today’s business environment, data is typically spread across multiple DBMS, hardware,and operating system platforms. Access to an enterprise’s data can be complex. Twoareas that have addressed this complexity are standards and middleware.

3.5.1.1 Relational Database Management Systems

Relational Database Management Systems (DBMS) provides easy access and storageof the data. The SQL standard is the primary interface to relational databases. Thecurrent version of SQL in progress including these extensions is often referred to as"SQL3". The current SQL3 specification includes the capability to support user-defined abstract data types (ADTs), including methods, object identifiers, subtypes andinheritance, polymorphism, and integration with external languages. Enhancementshave also been made to the facilities for defining tables (relations) in SQL3, includingrow types and row identifiers, and an inheritance mechanism. Additional facilitiesinclude control structures and parameterized types to make SQL a computationallycomplete language for creating, managing, and querying persistent objects. The addedfacilities are intended to be upward compatible with the current SQL92 standard(SQL92).

The RDBMS must have distributed database capability to facilitate sharing of dataacross the network, scalable to address future growth, support for very large database


(VLDB) and large number of users with high transaction workload, fault tolerant andsecured enough to conform to security standards. In addition, the RDBMS must alsohave the ability to store, manipulate, retrieve, and share any type of data - includingbusiness records, documents, messages, images, audio, and video - in any type ofapplication, such as on-line transaction processing (OLTP) for improving the bottomline, data warehouses for making better decisions, network-centric systems forstreamlining the way business communicates, and electronic commerce for buildingnew markets and automating more processes.

Policy

Select an RDBMS that supports SQL3 standards, has a distributed databasecapability, is scalable and has support for VLDB and OLTP.

3.5.1.2 Object-Oriented Database Management Systems

Object-oriented database management systems (OODBMS) are used primarily forsmall to medium systems that require extensive use of non-traditional data types usedin engineering computer-aided design/computer-aided manufacturing (CAD/CAM),manufacturing (CIM), or geographic information systems (GIS). Although severalstandards organisations are working on object management for databases, standardslag behind RDBMS standards.

The Object Database Management Group’s ODMG-93 standard defines an objectmodel, an object definition language (ODL), an object query language (OQL), andC++ and Smalltalk bindings. The standard also provides models that map the objectmodel to the Object Management Group (OMG) object model Object Request Broker(ORB) architecture.

Policy

Select products that comply with the Object Database Management Group’sODMG-93 standard. Alternatively, minimise risks by selecting an OODBMSsupplier that participates in, or supports, the following standards organisations:OMG, Object Database Management Group, and the ANSI X3 subgroup,Object-Oriented Database Task Group.

3.5.1.3 Data Access Components

Data access components resides between the client application and the supplier DBMSor file system. Universal data access middleware provides the client application andend user with a single method and view of accessing data in a heterogeneous databaseenvironment. The method can vary from APIs to fourth-generation languages (4GLs),gateways (point-to-point, SQL, or universal) and emerging universal accesscomponents.

Standard APIs are preferred for applications because APIs provide added portabilityand interoperability. Universal data gateways are well suited for end-user or serveraccess to heterogeneous data sources that includes DBMS and file systems.


Policy

For applications (developed or purchased), use standards-based APIs for dataaccess. When choosing end-user database access components, consider a productthat supports SQL or universal data gateways.

3.5.2 File Services

File services provide access to local and distributed file transfer and file formats topromote file sharing across heterogeneous platforms.

Policy

Select file services that are interoperable, scalable, and support widely acceptedstandards.

3.5.2.1 File Transfer Services

File transfer services allow users to copy, replicate, or move whole files across anetwork helping provide these services across a heterogeneous network of conformingsystems.

Policy

Select file transfer systems that conform to open standards and promoteinteroperability. The electronic mail method of file transfer should only be usedfor small files.

3.5.2.2 File Formats

File formats provide the capability to access, use, and create files in a consistentformat.

The purpose of establishing policy for file formats is not necessarily to inhibit productselection but to establish a capability for file sharing across the enterprise.

Policy

Select file formats that support the ability to read (import) and create (export)the appropriate file types rather than specifying specific applications.

3.5.3 Other Data Services

It is important to consider other data services that are legacy in nature, unstructured intheir data types, and uncommon data stores. The following describes the various dataservices.


3.5.3.1 Multimedia

Multimedia includes audio, full motion video, animation, high-quality still images, text,graphics, and various combinations of these media.

Currently, the market for multimedia consists of applications such as kiosks andinteractive training. Multimedia interfaces are also beginning to appear on mainstreamdesktop applications.

Policy

Select products that support open standards recording or playbackcapabilities such as Joint Photographic Experts Group (JPEG, JPEG2),Motion Picture Experts Group (MPEG, MPEG2) file formats. Selectmultimedia content that is unencumbered by copyright restrictions and thatis appropriate to the available network bandwidth.

3.5.3.2 Spatial Data

Spatial data can be data with any metaphorical space, over which data is distributed,that is defined on more than one axis simultaneously. Spatial relationships betweendata can be presented to users within a geographic or virtual space.

Examples of Spatial Data are geographic data (latitude, longitude and elevation),physical data (height, depth, width and weight), temporal data (hour, day, month,year), demographic data (age, income, sex, marital status) and scientific data(temperature, humidity and viscosity).

Policy

Select a data access and management strategy that supports multi-dimensionaldata storage and spatial queries.

3.5.3.3 Textual Data

Textual data are text documents such as reports, thesis, legal documents and electronicmail messages. Its content usually can be classified into specific categories and caninclude themes for advance linguistic search capabilities. The textual data servicesmust be able to generate gist and multiple levels of summarisation especially for longtextual documents.

Policy

Select a data access and management strategy that support advanced linguisticsearch with capability to generate gist.

3.5.3.4 Multi-dimensional Data

OLAP or Analytical data are useful for what-if analysis, forecasting and businessmodeling. Typically, this would require n-dimensional data model that can bemanipulated in various ways to reflect the various business scenarios.


Policy

Select a data access and management strategy that supports the OLAP model ton-dimension modeling for various analysis in the decision making process.


3.6 Communication

3.6.1 Introduction

Responding to the challenge of delivering flexible communications services that meetuser and organisational requirements requires awareness of changing business practicesand advancing technology.

Networks facilitate the exchange of information among users and applications. Thecombination of computing platforms and communications networks is the key enablingtechnology element for modern information systems. Networks become increasinglyimportant as organisations migrate to distributed processing and client/serverapplications.

3.6.1.1 Communication Services Drivers

Information technology requirements in the business world are ever increasing, as areadvances in information technology to meet these requirements. These two elementscombined produce the ever-increasing demand for network bandwidth. Drivers includethe following:

• Graphical user interfaces (GUIs) — Human interface improvements enhance businessproductivity, yet most GUI implementations increase bandwidth requirements.

• Client/server distributed application design — Depending on the implementation, some designscan impact network performance.

• Globalisation of business — Global trade is increasing rapidly. Increased internationalcommunication activity is occurring. Many countries are liberalising communication servicesthat were once tightly controlled, resulting in an increase in international traffic and informationsources.

• Virtual/Satellite office — More and more businesses are operating with virtual offices, whichrequire access by dial-up or wireless communication. The workplace has become mobile andremote, thereby increasing the volume of information passed through departments and all areasof businesses.

• Multimedia — Businesses are implementing videoconferencing to improve productivity.Businesses are also changing the way they advertise and distribute their products as well as howthey improve business productivity.

• Alliances and joint ventures — Collaboration between companies to develop new technologiesresults in increased demand for regular and ongoing inter-company network connectivity. Thisdemand is changing the way we deal with communications providers and the way we performnetwork management.

3.6.1.2 Communication Services Enabling Technologies

Providing communication services presents three challenges.


• The right communication technologies to meet the business requirements must beselected.

• The technologies chosen must interoperate.

• Planning must be performed as to how and when to make the capital expendituresnecessary to implement the technologies.

The following are several communications technologies that may be used to supportincreased network requirements:

• Narrowband Integrated Services Digital Network (N-ISDN) – N-ISDN is a set of digitaltransmission protocols for use over ordinary telephone copper wire as well as over other media.There are two levels of service: the Basic Rate, intended for the home and small enterprise, andthe Primary Rate, for larger users. N-ISDN is the integration of both analog or voice datatogether with digital data over the same network.

• Broadband Integrated Services Digital Network (B-ISDN) — Based on an integrated digitalnetwork, B-ISDN has the potential to be global, offering an array of services such as voice, data,graphics, and video. It is based on fibre and provides much higher capacities than the currentcopper equivalent, as well as having a greatly reduced average bit error rate.

• Frame Relay — Frame relay evolved from X.25 packet switching and uses variable lengthframes to transport the user traffic across the interface. It is very efficient as it has less overheadand wastes less bandwidth. This facilitates higher performance and greater efficiency needed forsome applications such as LAN interconnection. Frame Relay has less process intensiveresulting in higher network throughput with lower delay

• Asynchronous Transfer Mode (ATM) — This access mode is a cell-based transport thatsupports higher bandwidths and can combine digital voice, data, imaging, and interactive videoon the same physical network. It is well suited to high speed WAN transmission bursts. ATMoffers fast packet technology with real time, demand driven switching for efficient use ofnetwork resources

• Wireless Communications — Wireless Communications maximises the functions and servicesavailable to cater for the special nature of wireless communications without sacrificingencryption of user information and data transmitted. The service must provide the maximumflexibility for other services like ISDN and should require minimal modifications to the existingfixed public network. With the portable devices, the users can send and receive data fromanywhere in the world with roam facilities to a wireless network provider in Malaysia.

3.6.2 Transport Layer

The transport layer is responsible for the reliable transfer of data between two end-stations. Itprovides the following basic services: transport connection establishment, end-to-end data transferand connection release. The basic function of the transport layer is to accept data from the servicelayer, split it up into smaller units if need be, pass these to the network layer, and ensure that thepieces all arrive correctly at the other end.

The transport layer also determines what type of service to provide to the service layer, and ultimately,the users of the network. The most popular type of transport connection is an error-free point-to-pointchannel that delivers messages in the order in which they were sent. However, other possible kinds oftransport, service and transport isolated messages with no guarantee about the order of delivery, andbroadcasting of messages to multiple destinations. The type of service is determined when theconnection is established.


Policy

Select a network protocol that provides interoperability in a heterogeneous networkenvironment. Because many alternatives are available, isolate a small, manageable set ofprotocols that provide a flexible, cost-effective network infrastructure while protecting currentassets.

To prevent migration problems when attempting to integrate supplier products,avoid using proprietary network protocols, even in a single supplierenvironment.

Use the public Internet as a medium for marketing, appropriate services andpublic offerings. Consider the public Internet for the delivery of Internetapplications or services where the target customer base would likely have accessby private computer systems or publicly available service provider systems. Thepublic Internet can be used as a network transport when issues related tosecurity exposure (risk assessment) are addressed. Avoid using the publicInternet where security issues, high online transaction requirements or strictlevels of guaranteed online performance exist.

3.6.3 Network Layer

Logical network structures provide the mechanisms to locate and control access tonetwork resources and to control the flow of information among those resources.Multiple logically separate network structures can use a commonly shared physicalnetwork structure without visibility between, or without compromising the security of,each separate network.

Data network interoperability addresses the need to deliver end-to-end services acrossphysically and logically diverse data networks. Physically, diverse networks rangefrom LANs in separate departments to enterprise networks owned by separate entities.

Logically diverse networks are defined by the different architectures or products usedin their construction. The following sections cover issues related to network security,network naming and addressing, data communication transport, and interior networkprotocols.

3.6.3.1 Network Security

The rapid growth of inter-networking presents new challenges for routing, networkaccounting, administration, and security. As networks of autonomous organisations areinterconnected, the traditional goals of bridging are supplemented by a requirementthat routing decisions be made in accordance with administrative policies.

Administrative domains govern network routing policies. An administrative domain isa set of resources — hosts, networks, and routers — governed by a singleadministrative authority. An administrative domain could be a department, a set ofdepartments in a government agency, a government agency, or a group of governmentagencies.


A limited number of connections to outside networks, controlled with secure gatewaysor firewalls, allow more effective control.

Policy

Keep administrative domains logically isolated and separated by default, eventhough they may share a common network backbone facility. Isolate logicalnetworks from unauthorised use of facilities and resources, while allowing theflow of authorised information between users. Control the entry from, and exitto, other networks by managing the access points.

3.6.3.2 Network Naming and Addressing

Constructing enterprise networks based on open network architectures requires namesand addresses of network entities to be globally unique. Consistent naming andaddressing policy administered by a central authority is essential for achieving an easyto manage, reliable and maintainable network environment.

Policy

Names and addresses of all network components will be controlled, managed,and where possible automated.

3.6.3.3 Network Architectures

The data link layer controls the flow of data and the correction and detection of errors.In LANs, this layer includes control of access to the medium, as in deciding whichsystem can use the network. The primary environments reviewed are LANs andWANs. In addition, advantages and disadvantages of protocol conversion areconsidered.

3.6.3.3.1 Local Area Networks

A LAN links end-user computers in a communications network, providing high-speedcommunications services. The linked computers are typically located within the samebuilding. The LAN is a key element in implementing the client/server architecture. ALAN provides access to servers, which are the primary provider of network andapplication services to users.

LANs can be constructed from various physical media and interconnected by variousmeans such as bridges, switches, and routers, but they rely on standards-basedprotocols to communicate successfully. LANs may be categorised as IEEE 802.3(Ethernet), IEEE 802.5 (token ring), and fibre distributed data interface (FDDI).

Policy

Use LANs to provide access to all required desktop network services such aselectronic mail, printing, database access, file sharing, name and addressservices, and time services.


Comply with corporate security guidelines and naming standards.

Use applicable electrical code, premise distribution standards, and appropriatenetwork components (i.e. hubs, routers and gateways) to construct LANs.

Design LANs in accordance with open international standards.

3.6.3.3.2 Wide Area Networks

WANs provide long-distance transmission of data, voice, image, and video traffic.Multimedia typically requires higher bandwidth than pure data. WANs can beconstructed using private, leased, or public facilities, or a combination of facilities.

Policy

Construct WANs using end-to-end digital transmission facilities based on openinternational standards, and incorporate the appropriate combination of publicand private facilities.

3.6.4 Physical Layer

The physical network provides the transmission facilities necessary to moveinformation to various locations.

The physical layer, primarily concerned with physical wiring and premise distribution,connects end-user devices such as LANs, workstations, PCs, terminals, andtelephones. Premise distribution systems provide a common cabling plant to delivervoice, data, and video services.

Policy

Install new wiring and cabling systems in accordance with engineering standardsestablished by the Commercial Building Wiring Standard published by theElectronics Industry Association (EIA/TIA 568) is the basis for these standards.

Install cabling systems that can support the long-term connectivity needs of theuser community. Future networks will need to be capable of supportingintegrated data, voice, imaging, and video of ever increasing speeds, thusnetworks must be implemented that support these future needs as cost effectivelyas possible. Wireless technology can be considered as an alternative approach,where appropriate.

To distribute LAN services to each user, use network devices that meetrequirements in an appropriate configuration for the technology. A managedconfiguration reduces impact from LAN-related failures. Networks need to beimplemented in a manner that allows later technology refreshment.


3.7 Inter Process Communication

Inter Process communication (IPC) enables the exchange of data between applicationprograms. Some form of IPC is required to implement a client/server applicationarchitecture. Using IPC technology, software components can exchange data within asingle computer or between computers over a network. Each IPC technology providesInterfaces. When applications access objects, the calling application doesn't need toknow where the object is or how it does its job.

The IPC technology can allow for efficient distribution of processes across multiplecomputers so the client and server components of an application can be placed inoptimal locations on the network. The user can access and share information withoutneeding to know where the application components are located.

The two types of IPC technologies are transport dependent and transport independent.

• Transport-dependent IPC technologies are generally based on a single transportprotocol or operating platform, providing a low-level API that has transport-dependent syntax and inhibits application portability.

• Transport-independent IPC technologies generally support several transportprotocols and operating platforms. These technologies provide a high-level APIthat has transport-independent syntax, is easy to use, and enables applicationportability. These technologies include remote procedure call, interprocessmessaging, and object request brokering.

3.7.1 Remote Procedure Call

Remote Procedure Call (RPC) is a language for distributing application program procedures amongnetworked computers. RPC provides client/server capabilities by enabling a client program to call aserving procedure located on another computer in the network.

Policy

Use IPC technologies such as RPC in a client/server-computing model.

3.7.2 Interprocess Messaging

Interprocess messaging is a middleware technology that uses message passing andmessage queuing to provide peer-to-peer asynchronous communication betweenprograms. Messaging is a relatively mature technology that has been widely used fordistributed applications involving high transaction rates in the banking, stock market,and airline industries. Few standards exist, however, for portable messaging APIs orinteroperable messaging protocols.

Policy

Use standards-based interprocess messaging products, as they become availableand appropriate.


3.7.3 Object Request Broker

Object request broker (ORB) technology facilitates or brokers the communicationbetween client processes and server objects. Server objects are server processes anddata that have been encapsulated into an object architecture.

Most ORB implementations provide both static and dynamic APIs that clients use tocommunicate with server objects. The static interface uses an Interface DefinitionLanguage (IDL) and precompiler to generate the necessary interface code between theclient and server in a manner similar to RPC technology. The dynamic interface uses anAPI to establish communication with a server object in a manner similar to message-passing technology.

The two leading object models requires a bridge to assure that both ActiveX basedapplication systems (using DCOM) can interface to CORBA systems. This bridge isbeing developed by several vendors to promote interoperability between the two.

Policy

Choose the Object model and bridges that best suits their portability,performance and legacy integration requirements.


3.8 Application Development Environment

Where package solution is not available, custom development becomes necessary andfor quick deployment, Rapid Application Development (RAD) will be the preferredapproach. Computer Aided Systems Engineering (CASE) tools become the platform ofchoice for development.

The Application Development Environment for EGIT must be able to support thefollowing attributes:

• Choice of multiple programming model

• Support for multiple programming languages

• Universal extensibility

• Portable codes

3.8.1 Choice of multiple programming model

Application developers must have the choice of a programming model that is suitableto the requirements of the application. The flexibility to choose from the variousprogramming models creates an open development environment.

The programming models include the traditional client/server model, n-tier Internetmodel, component based distributed object model, and the 3-tier transaction monitormodel.

3.8.2 Support for multiple programming languages

The choice of programming language will depend on a given programming strategy.Sometimes, it may require the developer to use multiple languages. The developmentenvironment must be able to provide this choice though limiting the number oflanguages used would minimize maintenance cost.

Examples of programming languages are Visual Java, Java script, C/C++, VisualBasics, and SQL.

3.8.3 Universal extensibility

Universal extensibility means the ability to provide extensions into other standards forsupporting new and emerging standards. This will greatly provide an environmentwhere codes are reusable and legacy application can co-exist with new ones. Theseextensions include: HTML/HTTP, Java, DCOM / ActiveX, CORBA/Internet Inter-ORB Protocol (IIOP) and stored procedures.


3.8.4 Portable Codes

In order to protect current investment, whatever was developed must be portableenough to support the migration of codes anywhere in the EGIT 3-tier structure. Thisallows for the movement of codes, placing them where they are more effective.

Policy

The choice must be flexible to create an open environment; the objective is tosupport emerging technology while being able to reuse codes and applications incompliance to any EGIT three-tier structure.


3.9 Operating Environment

Operating environment provide the underlying and supporting environment for runningapplications along with the hardware component that comprises a computing platform.These services enable use of resources and peripherals that typically exist as nodeswithin a network. This section also discusses topics and issues concerning highavailability.

3.9.1 Platforms

Platforms consist of operating systems and hardware components that provide theessential computing capabilities in an information system’s architecture. Platforms aregenerally categorised as mobile and desktop computers, networked devices,workstations, servers, and host systems. See Section 3.2 devices for additional policyguidance.

Policy

Each Government Agency should standardize on a limited number of platformconfigurations to maximise purchasing power and minimise support cost.

3.9.1.1 Servers

Servers provide support for network services, such as file, mail, and print. Smallerservers typically play a significant role in a customer’s day-to-day businessapplications. Larger servers can be used to provide application and data services to alarger group of users such as a corporate-wide electronic mail system or datawarehouse. Large servers have the capability to serve multiple other servers. Largerservers may augment and, for many new applications, replace traditional mainframes.In this capacity, selecting systems that address and support requirements of bothsystems management and reliability, availability, and serviceability (RAS) is important.

Even low-end servers can provide file, mail, print, and some application and datasupport services. The need for connectivity to other servers increases as more servicesare provided. Support for reliable network communications becomes even moreimportant. The capability to support reliable communications protocols is as importantas the protocols used in the enterprise itself. At a minimum, the capability to supportTCP/IP is as important as that of the other protocols used.

The largest-scale servers and enterprise computers represent the highest level ofcompute processing capabilities. This group of computers is called High PerformanceComputers (HPCs) typically consists of mainframes, symmetric multiprocessing (SMP)computers, and massively parallel processor (MPP) computers.

Mainframe computers represent a major share of the large-scale computingenvironment because they can support high numbers of users and large volumes ofbatch processing. Mainframes feature mature systems management tools, provide ahigh-availability operating environment, and support prevalent communications


standards. Mainframes also represent an installed base that is entrenched within certainapplication environments.

SMP computers have multiple central processing units CPUs, are usually standardsbased and make frequent use of commodity components. To increase scalability andavailability, some SMP manufacturers permit multiple computers (all from the samesupplier) to be connected by a high-speed link to form what is usually called a cluster.SMP computers provide parallel processing, but must have an operating system andapplication that supports this feature.

Servers must be sized for the services they provide and designed for interoperability,portability, and scalability. The capability to easily upgrade processor performance orto add additional processors, disk storage, and communications support extends thelife of the platform and enhances the return on investment.

Policy

Use operating systems and hardware components that are based on widelyaccepted standards. Select scalable servers that can increase performance byadding components. Operating systems should be multitasking, multithreadedand enable parallel processing. Through the use of a multiprocessingarchitecture, hardware should be scalable and should enable parallel processing.

3.9.2 High Availability Systems

High availability systems are equipped with features that make them more reliable thanregular ones. High-availability systems fail less often than regular systems. When failuredoes occur, typically, high-availability systems can be restored faster than regularsystems.

Basic high availability systems are designed using available technology, typically usedin general purpose computer systems. This type of high-availability system usuallyconsists of several clustered computer systems with a software monitor that acts like atraffic cop, switching mechanism, or both. The monitor detects component failure,switches processing to other units, and starts an automated procedure to rebuild dataand ensure system integrity. Advanced levels of high-availability systems provide evengreater capabilities:

• Fault-resilient systems (or high-resiliency systems) — These systems have a subsystem thatperforms hardware detection at the component level. Although some major components of thecomputer can impact the system or portions of it, minor components can fail without causinginterruption. Failed components can usually be replaced without service downtime. The fault-resilient system is expected to reduce downtime by at least 50 percent. These systems averagesless than five minutes downtime per outage.

• Fault-tolerant systems — These systems have redundant hardware components that continuallycheck the other component’s integrity. If one component is in error, the system eliminates thatcomponent from the environment and notifies the operator that a failure has occurred. All failedcomponent replacement occurs while the system is running. The replaced component is restoredto service with no interruption in availability. Recovery is less than one second, and all unplanneddowntime is eliminated.


• Continuously available systems — These systems are fault-tolerant systems that eliminate alldowntime, planned and unplanned. The hardware and software can be upgraded and periodic orpreventive maintenance performed while the system is online.

Policy

Select system elements based on the level of commitment for unplanneddowntime when required by the service agreement. Otherwise, assemblecomponents commensurate with cost issues, functionality, and associated risk.


4. Computer Supported Co-operative WorkTechnologiesCo-operative work group computing takes advantage of current computing andnetwork technologies by offering information sharing across an enterprise. Figure 3illustrates the shift toward work group computing. Emerging applications, combinedwith technology advances, provide an environment that allows for the redesign ofbusiness processes regardless of geographic, organisational, or software boundaries.

Figure 3 – The shift from personal computing to work group computing

Off-the-shelf applications encompass standard personal productivity tools, such asspreadsheets and word processors that can be utilised in a collaborative manner innetwork environments. There are also group effectiveness tools such as GroupWare,scheduling and collaborative authoring ones that derive their increased capability forproductivity from use of networks. Off-the-shelf applications can also provide servicessuch as workflow automation, scheduling, text retrieval, and document conversion.These services can be used by or integrated into existing business applications andnewly developed applications. Co-operative applications help remove barriers amongindividuals and allow communication that facilitates increased interpersonal,interfunctional, and inter-organisational processes. As a result, the effectiveness of theentire enterprise increases.

Workgroup Collaboration Spectrum

BusinessBusinessProcessesProcesses

Instant GroupWareInstant GroupWare

DocumentDocument CollaborationCollaboration

Information RoutingInformation Routing Ad Hoc

Structured

Workgroup Collaboration Spectrum

BusinessProcesses

Instant GroupWare

Document Collaboration

Information Routing Ad Hoc

Structured


4.1 GroupWare

GroupWare addresses the need to facilitate and improve the unstructuredcommunication processes in an organisation. These applications include collaborativeauthoring, document sharing, and shared databases. The term GroupWare is generallydefined as “computer-based systems that support groups of people engaged in acommon task (or goal) and that provide an interface to a shared environment.”

GroupWare tools can be categorised by functionality. Figure 4 below describes amodel consisting of the various forms of GroupWare based on the dimensions of timeand place of the group interaction. The center represents the basic GroupWareplatforms.

Figure 4 – Forms of GroupWare

A GroupWare strategy may be built on an electronic mail message handling systemthat is enabled across the office network. An electronic mail message handling systemprovides a well-developed and inexpensive transport vehicle over which to routeforms, messages, compound documents, or other objects. This system also provides aconsistent application interface across multiple environments.

Policy

Choose GroupWare products based on their ability to support open systemsstandards and the client/server model of computing. The selection must supportthe requirement to establish a consistent office environment as a means to solvethe unstructured communications process in a government agency or acrossgovernment agencies.

NeedSupport face-to-face meetings

NeedSupport teams in place

NeedSupport cross-reference meetings Support ongoing coordination

• Electronic copy boards• Electronic decisions support

technologies

• Audioconferencing• Videoconferencing• Screen sharing

• Team room equipment

• Project management,scheduling, and calendaring

• Voice mail• Electronic mail• Fax• Group editing

SamePlace

DifferentPlace

Same Time Different Time

Platforms:•Local area networks•Workstations•Operating environments

Need:Anytime, any place

communication


4.2 Workflow Management

Workflow management applications are designed to handle a document through thestages of processing, presentation, and routing. Normally, documents are routedthrough an electronic mail message handling system to designated people orapplications. Typical uses include processes such as purchase orders and sales leadstracking. These applications are often viewed as the best use of technology that makesbusiness processes more productive. The complexity of the business processdetermines the degree to which workflow automation can be deployed in a cost-effective manner.

As workflow applications continue to increase in sophistication, many workflowservices are migrating into desktop applications. The primary examples of thismigration are electronic forms and electronic mail applications, which are beginning tooffer rules-based routing of forms and messages. Some of these services may migrateto lower levels such as desktop and network operating systems.

Workflow tools can provide significant productivity gains when used in appropriatesituations. Often, existing mail systems, GroupWare tools, or electronic formspackages can provide the necessary functionality. When such tools are inadequate,workflow applications can provide capabilities such as workload balancing, scheduling,task control, monitoring, and reporting. Workflow solutions should be compatible withthe overall technology solution in a given situation.

Policy

Select workflow automation tools that are strategically aligned businessrequirements.

4.3 Electronic Forms

The majority of today’s business forms still reside on paper. Electronic forms toolsassist in reducing a business’ reliance on paper and offer capabilities for forms routingand tracking.

Electronic forms design tools typically allow users or developers to specify the lines,boxes, artwork, and other elements on a form to make the form data easier to enterand read. The specification of the data portion of the form includes the informationthat the user types into the fields. The specification of the form-processing componentcan provide calculation, validation, range checking, database lookup and storage, andforms routing rules.

Electronic forms client applications allow users to complete forms and participate in aforms routing workflow process. The client applications present the forms to users,accept the input, verify that all required data is entered, and communicate with a servercomponent to complete the forms processing.


Policy

Choose electronic forms products based on their ability to support open systemsstandards and the client/server model of computing.

4.4 Document Management

Although paper is the prevailing medium for business documents, paper imposesconstraints on document management and control. Document management solutionsintegrate processes, people, and technology to optimise and automate what werehistorically paper-based business processes. Electronic documents are often composedof data, text, graphics, images, voice, and video. Consequently, creating, processing,and managing electronic documents may encompass many technologies, includingimaging, multimedia, relational databases, text databases, text retrieval, documentinterchange standards, electronic messaging, and workflow management.

When documents must be shared between workgroups—particularly where differentfile formats are used. It is desirable to centralize and manage document with adocument management system. Document management systems enable centralizedversion controls and library functions required to move towards a paperless system.

Policy

Use document management systems to create centralised documents control andto allow documents to be shared—independent of the application used to createthe document. Choose document management systems that conform to Intranetand Internet standards.

4.5 Imaging Systems

Imaging systems incorporate some of the features and technologies of documentmanagement systems, but are used to manage high-resolution images. Some typicalapplications for imaging systems are in Telemedicine (X-ray, CAT scans, MRI scans,etc.), land and resource management (high altitude and satellite photography), artpreservation and cataloguing (paintings, sculptures and cultural artifact images), andlithography (commercial artwork and photographs).

Policy

Choose imaging systems based on their capability to support open systemsstandards and the client/server model of computing.

4.6 Videoconferencing

Videoconferencing enables people at different sites to conduct face-to-face meetings inreal time. Current videoconferencing equipment options range from stationary systemsinstalled in dedicated videoconferencing rooms to portable units and desktopimplementations. Desktop videoconferencing capabilities are available, linkingindividuals rather than groups. These systems tend to be ISDN or LAN-basedsolutions and are sometimes combined with desktop application sharing. This


combination allows the participants to collaborate on documents while conducting avideoconference.

Point-to-point videoconferencing systems are generally stand-alone systems. Thesesystems generally require a dedicated network and are used for “point-to-point” videoconferencing systems. Standards are well defined for point-to-point videoconferencing systems.

LAN-based video conferencing systems are emerging. Most of these systems areproprietary and will not interoperate with other systems. Some of these LAN basedsystems will gateway to H.320 /H.323, which allows desktop-based systems tointeroperate with “point-to-point” systems.

There are some cost-effective solutions to implement desktop video conferencing. Avariety of cost-effective desktop videoconferencing solutions are available.Organizations should consider small pilot projects using cost-effective videoconferencing solutions as the standards for desktop video conferencing emerge.

Policy

Select products that provide point-to-point and multi-point videoconferencing asrequired. Comply with open standards available for videoconferencing.

4.7 Calendaring and Scheduling Systems

The primary benefits of calendaring and scheduling systems include reducing the timeneeded to schedule meetings and identifying and reserving all required resources,including people, conference rooms, and equipment.

Calendaring and scheduling can search for the next available time when all requiredresources are available and allow for the definition of critical and non-criticalresources. The systems also allow acceptance of rejection of invitations, changes inmeeting time and place, or cancellation of meetings. In addition, the systems alsoprovide logs for meetings and personal activities.

Policy

For workgroup applications, select calendaring and scheduling applications that meetbusiness requirements. For enterprise or agency systems, select calendaring and schedulingapplications that interoperate at the application level.


Appendix A - List of Standards

The list of standards below may or may not apply over time. The standards will evolve and thereforemay subject to change. Please adopt the standards relevant to your systems requirement. These maynot be restricted to the list below. If you wish to adopt other standards for your systems that are notidentified in this list, you are required to observe the objective of the EGIT document – your systemsmust be able to inter-operate with a variety of existing and new architectures.

Section Title Standard Mandatory

Recommended

Avoid

3.2Devices

3.2.1 Mobile & Desktop Computers WIN32 üJAVA üDHCP, PPP, IMAP4 ü

3.2. 2 Network Devices NetPC ReferencePlatform

ü

NC Reference Profile ü3.2. 3 Workstations WIN32 / WIN NT ü

UNIX / POSIX üXPG ü

3.3User Services

3.3.1 Graphical User Interfaces3.3.1.1 Windowing Environment WIN32, WIN/NT ü

CDE ü3.3.1.2 Internet Browser Environment HTML 2.0+ ü

HTTP üActive X üJava üVTML üCGI ü

3.3.2 Component Interfaces COM / DCOM üCORBA’s IDL ü

3.4Business Logic Services

3.4.1 Object Management COM / DCOM üCORBA ü

3.4.2 Naming & Directory X.500 ü



Recommended

Avoid

LDAP üDNS üDHCP ü

3.4.3 Time Services DTS üNTP üSNTP ü

3.4.4 Security Services3.4.4.1 Authentication & Authorisation DCE Security Services ü

X.509 üC2/DAC ü

3.4.4.2 Audit Controls DCE Security Services üC2/DAC ü

3.4.4.3 Enhanced Security Services SSL üX.509 üSET ü

3.4.4.4 Security Administration3.4.5 Systems Management SNMP ü3.4.6 Messaging Services

- Email SMTP/MIME üX.400 ü

- EDI EDIFACT üX.435 ü

- Message Oriented Middleware- APIs CMC ü

Extended-MAPI ü3.4.7 Transaction Processing Services XA Compliant ü3.5

Data Services3.5.1 Database Services3.5.1.1 Relational Database Management Systems ISO-, ANSI-SQL3 ü

ISO-RDA ü3.5.1.2 Object-Oriented Database Management

SystemODMG-93 ü

3.5.1.3 Data Access Components ISO RDA üX/Open SQL CLI üODBC ü

3.5.2 File Services NFS üDFS üNT File Services ü

3.5.2.1 File Transfer Services FTAM ü



Recommended

Avoid

FTP üMIME üHTTP ü

3.5.2.2 File Formats ü3.5.3 Other Data Services3.5.3.1 Multimedia JPEG/JPEG2 ü

GIF üMOV üAVI üAU üMIDI üMPEG/MPEG2/MPEG4

ü

3.5.3.2 Spatial Data FGDC ü3.5.3.3 Textual Data3.5.3.4 Multi-Dimensional Data OLAP ü3.6

Communication Services3.6.1.1 Communication Services Drivers3.6.1.2 Communication Services Enabling

TechnologiesISDN ü

Frame Relay üX.25 üATM ü

3.6.2 Transport Layer3.6.3 Network Layer3.6.3.1 Network Security3.6.3.2 Network naming and Addressing DNS ü

DHCP ü3.6.3.3 Network Architectures TCP/IP ü

IPX/SPX üDECNET üSNA/LU 6.2 ü

3.6.3.3.1 Local Area Networks IEEE 802.3. IEEE802.10

ü

IEEE 802.5 üFDDI ü

3.6.3.3.2 Wide Area Networks Frame Relay üX.25 üISDN ü



Recommended

Avoid

ATM ü3.6.4 Physical Layer EIA/TIA 568 ü3.7

Inter-ProcessCommunication

3.7.1 Remote Procedure Call MS RPC üONC RPC ü

3.7.2 Inter-process Messaging3.7.3 Object Request Broker CORBA / IIOP ü

COM/DCOM ü3.8

Application DevelopmentEnvironment

3.8.1 Choice of Multiple Programming model3.8.2 Support for Multiple Programming

LanguagesJava ü

C/C++ üVisual Basics üSQL ü

3.8.3 Universal extensibility HTML/HTTP üJava üDCOM/ActiveX üCORBA/IIOP ü

3.8.4 Portable Codes3.9

Operating Environment3.9.1 Platforms3.9.1.1 Servers WIN32 / WIN NT ü

UNIX / POSIX üXPG ü

3.9.2 High Availability Systems


GlossaryAmerican National Standards Institute (ANSI) — Organization for voluntary dataprocessing standards for measurement, quality, safety, and terminology for productsand projects; represents United States to the International Standards Organization (ISO)(Merkow 1990).

Application Programming Interface (API) — The interface between anapplication’s software and platform.

Architecture — The style or method of design and construction that comprises theelements of an information system and defines the purpose and interrelationships ofthose elements.

Asynchronous transfer mode (ATM) — A type of packet switching that transmitsfixed-length mode units of data. The recurrence of cells does not depend on the bit rateof the transmission system, only on the source requirements (Defining 1991).

Authentication — The process of verifying the identity of an end user or process.Authentication may be accomplished using various methods such as user ID andpassword, digital signature, or biometrics devices.

Backbone — A network designed to interconnect lower speed channels (Defining1991).

Bridge — A device that interconnects LANs using the bottom two OSI layers(Defining 1991).

Business process reengineering — The fundamental rethinking and radical redesignof business processes to achieve dramatic improvements in critical, contemporarymeasures of performance such as cost, quality, service, and speed (M. Hammer and J.Champy 1993).

Cell — A fixed-length unit of data (Defining 1991).

Character-based interface — User interface that uses the character or text mode ofthe computer; typically refers to typing in a command.

Client/server model of computing — Computer processing characterized by thedivision of an application into components processed on different networkedcomputers. A client requests a service or information from a server; the serverprocesses the request, performs the service, and returns the requested information tothe client.

Collaborative authoring — The process of allowing a group of people to author adocument together although they may be located in different places or working atdifferent times. It also allows the comments of each person to be distinguishable.


Computer-aided systems engineering (CASE) — The use of computers to aid in thesoftware engineering process. May include the application of software tools tosoftware design, requirements tracing code production, testing, document generation,and other software engineering activities (IEEE 1990).

Continuously available systems — Fault-tolerant systems that eliminate alldowntime, planned and unplanned. The hardware and software can be upgraded whilethe system is online.

Ethernet — A contention-based networking scheme. See IEEE 802.3 for technicalspecifications.

Fault-resilient systems (or high-resiliency systems) — Systems with a component ofhardware detection at the compute level. Although major elements of the computer canbring down the system or portions of it, minor components can fail without interruption.Failed components can be replaced without service downtime, power supplies, systemfans, disk drives, and some I/O controllers. The fault-resilient system is expected to cutdowntime in half. The system averages less than five minutes downtime for recovery ifthe design and implementation are sound.

Fault-tolerant systems — Systems with redundant hardware components thatcontinually check the veracity of each other. If one component is found to be in error,the system eliminates that component from the environment and notifies the operatorthat a failure has occurred. All failed component replacement occurs while the systemis running. The component is restored to the environment with no penalty to theapplication. Recovery occurs in less than one second, and all unplanned downtime iseliminated.

Fiber Distributed Data Interface (FDDI) — ANSI’s architecture for a MAN; anetwork based on the use of fiber-optical cable to transmit data (Defining 1991).

Flexibility — The ease with which a system or component can be modified for use inapplications or environments other than those for which it was specifically designed(IEEE 1990).

Frame Relay — An upgrade of X.25 packet switching (Defining 1991).

Gateway — A device that interconnects dissimilar LANs that employ different high-level protocols (Defining 1991).

Graphical user interface (GUI) — Graphics-based user interface that incorporatesicons, pull-down menus, and a mouse.

GroupWare — Software that runs on a LAN and allows people on the network(typically a team) to participate in a joint (often complex) project (Newton 1993).

High-availability systems — Systems designed around available technology usedtypically as general-purpose computers. These systems are usually clustered with asoftware monitor that acts like a traffic cop or switching mechanism. The monitordetects component failure, switches processing to another unit, and starts an automated


procedure to rebuild data and ensure system integrity. Downtime averages from two totwenty minutes.

Host — A computer that is attached to a network and provides services rather thanjust acting as a store-and-forward processor or communication switch.

Imaging — The capability to capture, store, retrieve, distribute, present, and managedocuments in digital form.

Information technology — The merging of computing and high-speedcommunications links carrying data, sound, and video.

Infrastructure — Hardware, software, networks, services, and processes to supportan organization.

Institute of Electrical and Electronics Engineers (IEEE) — Professional associationthat defines and promotes de jure standards for LANs. Developed standards aresubmitted to ANSI and possibly to ISO.

Integrated Services Digital Network (ISDN) — An ITU-T-defined digital network.

International Organization for Standardization (ISO) — An organization thatdevelops standards for international and national data communications (Newton1991). ANSI is the current U.S. voice in the ISO (Merkow 1990).

Internet — 1. A network that interconnects two or more other networks (Defining1991). 2. An immense network of networks, connecting computers at universities,research labs, and commercial and military sites around the world (Downing andCovington 1992).

Internet Protocol (IP) — A standard describing software that tracks the internetworkaddresses of nodes, routes outgoing messages, and recognizes incoming messages(Newton 1991).

Internetwork Packet Exchange (IPX) — Novell’s operating system (Defining 1991).

Interoperability — The capability of applications and computers from differentsuppliers to work together on a network, connecting and sharing data and processes asappropriate.

Interprocess communication — Communication between two processes, whether theprocesses reside on the same or different machines.

Kiosk — A station for delivering marketing or reference information, usually locatedin a common area. A typical kiosk consists of a microcomputer with a touch screen.Other attached I/O devices may include magnetic card readers and printers to enableusers’ transactions.

Legacy system — A functioning computer software application using conventionalmethodologies; usually a significant portion of the current installed base.


Local area network (LAN) — Typically, a high-speed network where all segments ofthe transmission are situated in an office, building, or campus environment (Defining1991).

Massively parallel processing systems — Tightly coupled multiprocessing computersthat house 100 or more CPUs, each with its own memory (Newton 1993).

Middleware — Software that provides a high-level programming interface meant toshield a distributed application developer from the complexities of the hardware,operating system, and network semantics. Middleware is frequently used as amechanism for communication between distributed application processes.

Model — An abstract representation of a process, device, or system that accounts forall of its known properties.

Network — A collection of resources used to establish and switch communicationpaths between its terminals.

Network architecture — A set of design principles, including the organization offunctions and services, used as the basis for design and implementation of a userapplication network.

Object Request Broker — Middleware that allows application processes tocommunicate across a network using an object-oriented architecture.

Object-oriented technology — Technology that composed of objects (conceptual orprogrammatic abstractions that include data and functionality encapsulated in a singleunit) that communicate with one another using explicitly defined interfaces.

Open systems — Any system in which the components conform to nonproprietarystandards rather than to the standards of a specific supplier of hardware or software.According to X/Open, an open system is a supplier-independent computingenvironment consisting of commonly available products that have been designed andimplemented in accordance with accepted standards.

Operating system — A collection of software, firmware, and hardware elements thatcontrol the execution of computer programs and provide such services as computerresource allocation, job control, input/output control, and file management in acomputer system (IEEE 1990).

Packet — A unit of data, consisting of binary digits including data and call-controlsignals, switched and transmitted as a composite whole (Defining 1991).

Packet switching — A data transmission technique where physical resources on apath are switched on a per packet basis, using control information in the header of eachpacket. It can operate in either a connection-oriented or connectionless mode(Defining 1991).


Portability — The ease with which a system or component can be transferred fromone hardware or software environment to another (IEEE 1990). See binary portabilityand source portability.

Protocol — A set of conventions that govern the interaction of processes, devices, andother components within a system (IEEE 1990).

Redundant Arrays of Independent Disks (RAID) — Technology that providesprotection from data loss by providing a level of redundancy immediately within thearray. The array contains removable disk drive modules that are automatically rebuilt inthe event of a device failure without causing the system to shut down.

Relational database — A collection of related (usually through a common field) datafiles.

Remote procedure call (RPC) — A procedure call in which the actual execution ofthe body of the procedure takes place on a physically distinct processor from that onwhich the procedure call takes place.

Router — A device that operates at the Network layer of the OSI model and links thedata link layer and Physical layers of the OSI stack. Routers are used to interconnectmultiple networks, potentially using different high-level protocols. Routers createmany logically different subnetworks within internetworks, maintain information abouteach network, and communicate with each other periodically to advertise theircapability to reach other networks.

Scalability — The capability of a system to perform acceptably on any size computerdepending on the needs of the user; implies minimal change to accommodate thisvariance.

Server — A network computer that provides services, such as printing or electronicmail, to LAN users (Newton 1991).

Software reengineering — The transformation from one level of abstraction toanother; a process based on a usual design methodology, proceeding fromrequirements to a final product.

Structured Query Language (SQL) — A language used to query and process data ina relational database (Newton 1991).

Symmetric multiprocessing (SMP) — A type of multiprocessing in which all CPUsare identical and in which any CPU can execute both user and kernel instructions.

Token ring — A network using token-passing technology in a sequential manner, witheach network workstation or terminal passing the token to the station next to it(Freedman 1991).

Transmission Control Protocol/Internet Protocol (TCP/IP) — The reliableconnection-oriented protocol used by the Defense Advanced Research ProjectsAgency (DARPA) for its internetworking research.


Wide area network (WAN) — A data communication network that covers largegeographical areas; generally implemented by linking several remote LANs through theuse of gateways and bridges (Merkow 1990).

Workstation — An intelligent desktop device equipped with all of the facilitiesrequired to perform a particular type of task.

X/Open — An international nonprofit organization that defines, promotes, andsupplies open systems technology. It is owned by a consortium of the world’s largestcomputer manufacturers.

X.25 — An international standards document issued by ITU-T that defines the methodof interworking between a customer’s equipment and a packet switching networkwhen they are connected by a dedicated circuit (Illingsworth et al. 1990).

Electronic Government Flagship...

Documents

Transcript of Electronic Government Flagship...