Information Technology for Business Applications_1
-
Upload
sivananthamneela -
Category
Documents
-
view
219 -
download
0
Transcript of Information Technology for Business Applications_1
-
8/14/2019 Information Technology for Business Applications_1
1/193
ObjectiveObjective
A briefing for the understanding of theA briefing for the understanding of the
value added by the IT Department of avalue added by the IT Department of a
business so that:business so that: non-IT managers and staffnon-IT managers and staff
can effectively collaborate with the ITcan effectively collaborate with the IT
Department; andDepartment; and CEO of the enterprise can direct theCEO of the enterprise can direct the
use of Information Technology foruse of Information Technology for
the business applications.the business applications.
-
8/14/2019 Information Technology for Business Applications_1
2/193
AgendaAgenda
(1) Mission of the IT Department.(1) Mission of the IT Department.
(2) Value added Services.(2) Value added Services.
(3) IT infrastructure for business(3) IT infrastructure for business
enterprise.enterprise.
-
8/14/2019 Information Technology for Business Applications_1
3/193
AgendaAgenda
(4) Systems security.(4) Systems security.
(5) Exploiting Internet and intranet to(5) Exploiting Internet and intranet to
enhance business operations andenhance business operations and
the challenge of integration withthe challenge of integration with
partners, vendors and buyers.partners, vendors and buyers.
-
8/14/2019 Information Technology for Business Applications_1
4/193
AgendaAgenda
(6) e-business and Application(6) e-business and Application
Development.Development.
(7) Knowledge management and the use of(7) Knowledge management and the use of
web parts to create self-service portal.web parts to create self-service portal.
-
8/14/2019 Information Technology for Business Applications_1
5/193
AgendaAgenda
(8) Storage Area Network (SAN) and(8) Storage Area Network (SAN) and
Network Access Systems (NAS).Network Access Systems (NAS).
(5)(5) Business Recovery Process.Business Recovery Process.
(7)(7) Best Practices.Best Practices.
-
8/14/2019 Information Technology for Business Applications_1
6/193
AgendaAgenda
(1) Mission of the IT Department.(1) Mission of the IT Department.
(2) Value added Services.(2) Value added Services.
(3) IT infrastructure for business(3) IT infrastructure for business
enterprise.enterprise.
-
8/14/2019 Information Technology for Business Applications_1
7/193
Mission of an IT DepartmentMission of an IT Department
To provide technology vision and directionsTo provide technology vision and directions
for effective use of Information Technologyfor effective use of Information Technology
for the group of companies in the business.for the group of companies in the business.
To use Information Technology to leverage onTo use Information Technology to leverage onBusiness.Business.
-
8/14/2019 Information Technology for Business Applications_1
8/193
Mission of an IT DepartmentMission of an IT Department
Mission of Hennepin County Medical Center
-
8/14/2019 Information Technology for Business Applications_1
9/193
AgendaAgenda
(1) Mission of the IT Department.(1) Mission of the IT Department.
(2) Value added Services.(2) Value added Services.
(3) IT infrastructure for business(3) IT infrastructure for business
enterprise.enterprise.
-
8/14/2019 Information Technology for Business Applications_1
10/193
Value Added services of aValue Added services of a
Group IT DepartmentGroup IT Department
Technology directions and strategies.Technology directions and strategies.
Group initiatives on group systems and groupGroup initiatives on group systems and group
procurements.procurements.
Knowledge sharing and technology transfer.Knowledge sharing and technology transfer.
Enforcement of policy and group practice.Enforcement of policy and group practice.
-
8/14/2019 Information Technology for Business Applications_1
11/193
Value Added services of an ITValue Added services of an IT
DepartmentDepartment
To provide technical support, establishing andTo provide technical support, establishing and
implementing IT process and applicationimplementing IT process and application
development.development.
To enhance business workflow with ITTo enhance business workflow with ITinfrastructure, tools, applications, skilledinfrastructure, tools, applications, skilled
manpower and information management.manpower and information management.
-
8/14/2019 Information Technology for Business Applications_1
12/193
Value Added services of an ITValue Added services of an IT
DepartmentDepartment
-
8/14/2019 Information Technology for Business Applications_1
13/193
Value Added services of an ITValue Added services of an IT
DepartmentDepartment
-
8/14/2019 Information Technology for Business Applications_1
14/193
Value Added services of an ITValue Added services of an IT
DepartmentDepartment
-
8/14/2019 Information Technology for Business Applications_1
15/193
Value Added services of an ITValue Added services of an IT
DepartmentDepartment
-
8/14/2019 Information Technology for Business Applications_1
16/193
AgendaAgenda
(1) Mission of the IT Department(1) Mission of the IT Department
(2) Value added Services.(2) Value added Services.
(3) IT infrastructure for business(3) IT infrastructure for business
enterprise.enterprise.
-
8/14/2019 Information Technology for Business Applications_1
17/193
IT infrastructureIT infrastructure
CAN, PAN, LAN and WAN.CAN, PAN, LAN and WAN.
Wireless LAN :Wireless LAN :
Security issuesSecurity issues CoverageCoverage StabilityStability
-
8/14/2019 Information Technology for Business Applications_1
18/193
IT infrastructureIT infrastructure
Network TypeNetwork Type Wired WirelessWired Wireless
LAN IEEE 802.3(Ethernet) IEEE 802.11XLAN IEEE 802.3(Ethernet) IEEE 802.11X
PAN IEEE 1394 USB IEEE 802.15.1PAN IEEE 1394 USB IEEE 802.15.1
IEEE 802.15.3IEEE 802.15.3IEEE 802.15.4IEEE 802.15.4
MAN Broadband(DSL, cable) IEEE 802.16MAN Broadband(DSL, cable) IEEE 802.16
MANMAN LANLAN
-
8/14/2019 Information Technology for Business Applications_1
19/193
N
E
Frame RelayCloud Indonesia
Singapore
India
China
Nan Tong
Shanghai
Beijing
Jakarta
New Delhi
LeasedLine1mbps
Lea
sed
Lin
e2mbps
Medan
Padang
Bint
Leas
edLine
512
kbps
Mumbai
Pune
Wuhan
-
8/14/2019 Information Technology for Business Applications_1
20/193
-
8/14/2019 Information Technology for Business Applications_1
21/193
Laptop
Computer
Hand heldcomputer Cell phone
Access Point
NetworkSwitch
Network Multi-layerSwitch
Network Multi-layerSwitch
Server
NetworkController
Network Multi-layerSwitch
Network Multi-layerSwitch
Network Multi-layerSwitch
Wireless LANof NUS
-
8/14/2019 Information Technology for Business Applications_1
22/193
AgendaAgenda
(4) Systems security.(4) Systems security.
(5) Exploiting Internet and intranet to(5) Exploiting Internet and intranet to
enhance business operations andenhance business operations and
the challenge of integration withthe challenge of integration withvendors and buyers.vendors and buyers.
-
8/14/2019 Information Technology for Business Applications_1
23/193
Source of Security ThreatSource of Security Threat
Security issues :Security issues :
PeoplePeople
ProcessProcess
TechnologyTechnology
-
8/14/2019 Information Technology for Business Applications_1
24/193
Source of Security ThreatSource of Security Threat Security can be compromised through:Security can be compromised through:
Attack through internetAttack through internet
Employee misuseEmployee misuse
Computer virusComputer virus VandalismVandalism
Denial of servicesDenial of services
http://images.google.com.sg/imgres?imgurl=http://images.kaspersky.com/en/news/italian2.gif&imgrefurl=http://www.kaspersky.com/news%3Fid%3D191334&h=392&w=540&sz=27&hl=en&start=17&um=1&tbnid=7ab6lnsef9oQ9M:&tbnh=96&tbnw=132&prev=/images%3Fq%3Dvirus%2Battack%2Bcomputer%26svnum%3D10%26um%3D1%26hl%3Den -
8/14/2019 Information Technology for Business Applications_1
25/193
Aggravation of Security ThreatAggravation of Security Threat
Multiple connections into corporateMultiple connections into corporate
networknetwork
e-Business operates 7x24e-Business operates 7x24
Shortage of security skillsShortage of security skills
-
8/14/2019 Information Technology for Business Applications_1
26/193
Aggravation of Security ThreatAggravation of Security Threat
Pressure of time to market has causedPressure of time to market has causedthe followings:the followings:
Buggy codeBuggy code
Design flawsDesign flaws
New vulnerabilityNew vulnerability
-
8/14/2019 Information Technology for Business Applications_1
27/193
Security ManagementSecurity Management
Security Policy :Security Policy :
BS7799 Compliant Policy DesignBS7799 Compliant Policy Design
and Reviewand Review
Site Security PolicySite Security Policy
Acceptable Use PolicyAcceptable Use Policy Escalation and incident responseEscalation and incident response
procedureprocedure
-
8/14/2019 Information Technology for Business Applications_1
28/193
Security AuditSecurity Audit
IT AuditIT Audit
Measure regularly against bestMeasure regularly against best
practices overpractices overtimetime Periodic audit on Policy compliancePeriodic audit on Policy compliance
Periodic checking and testing of securityPeriodic checking and testing of securitysystemssystems
Assess vulnerabilityAssess vulnerability
-
8/14/2019 Information Technology for Business Applications_1
29/193
Tools for Network SecurityTools for Network Security
PGP (Pretty Good Privacy) / DigitalPGP (Pretty Good Privacy) / Digital
CertificateCertificate
Firewall and Virtual Private NetworkFirewall and Virtual Private Network
Host and Network Intrusion DetectionHost and Network Intrusion Detection
Security Surveillance Electronic CopSecurity Surveillance Electronic Cop
Anti-virus SoftwareAnti-virus Software
-
8/14/2019 Information Technology for Business Applications_1
30/193
Tools for Network SecurityTools for Network Security
PGP (Pretty Good Privacy) / DigitalPGP (Pretty Good Privacy) / Digital
CertificateCertificate
Firewall and Virtual Private NetworkFirewall and Virtual Private Network
Host and Network Intrusion DetectionHost and Network Intrusion Detection
Security Surveillance Electronic CopSecurity Surveillance Electronic Cop
Anti-virus SoftwareAnti-virus Software
-
8/14/2019 Information Technology for Business Applications_1
31/193
Pretty Good Privacy (PGP)Pretty Good Privacy (PGP)
PGP (Pretty Good Privacy) protects privacyPGP (Pretty Good Privacy) protects privacy
of email, message and files with public keyof email, message and files with public key
cryptography with key pair to maintaincryptography with key pair to maintain
secure communicationssecure communications
Anti-nuclear activist Philip
Zimmerman created PGP in
1991
-
8/14/2019 Information Technology for Business Applications_1
32/193
Pretty Good Privacy (PGP)Pretty Good Privacy (PGP)
Source: Wikipedia
Asymmetric
cryptography
-
8/14/2019 Information Technology for Business Applications_1
33/193
Pretty Good Privacy (PGP)Pretty Good Privacy (PGP)
Source: Wikipedia
Asymmetric
cryptography
-
8/14/2019 Information Technology for Business Applications_1
34/193
Pretty Good Privacy (PGP)Pretty Good Privacy (PGP)
Source: Wikipedia
Symmetric
Cipher
-
8/14/2019 Information Technology for Business Applications_1
35/193
Private and Public Key pairPrivate and Public Key pair
When A sends a private email message to B,When A sends a private email message to B,
A uses Bs public key (stored on digitalA uses Bs public key (stored on digital
keyrings i .e. a file normally calledkeyrings i .e. a file normally called
pubring.pkr in c: or a: drive) to encryptpubring.pkr in c: or a: drive) to encrypt
information which can only be deciphered byinformation which can only be deciphered byusing Bs private key (normally in a file calledusing Bs private key (normally in a file called
secring.skr)secring.skr)
-
8/14/2019 Information Technology for Business Applications_1
36/193
Administration of PGPAdministration of PGP
PGP requires an Administrator of keyserverPGP requires an Administrator of keyserver
so that the user can send PGP public key toso that the user can send PGP public key tothe PGP keyserver to authenticate the userthe PGP keyserver to authenticate the user
and verify the digital signature.and verify the digital signature.
Sender of PGP email must retrieve the publicSender of PGP email must retrieve the public
key of email receiver to allow him to encryptkey of email receiver to allow him to encrypt
email.email.
-
8/14/2019 Information Technology for Business Applications_1
37/193
Digital SignatureDigital Signature
Can use private key of A to sign digitally soCan use private key of A to sign digitally so
that when B receives the email, B canthat when B receives the email, B can
authenticate whether A has sent the email andauthenticate whether A has sent the email and
whether the email has been altered while inwhether the email has been altered while in
transit.transit.
-
8/14/2019 Information Technology for Business Applications_1
38/193
Digital SignatureDigital Signature
-
8/14/2019 Information Technology for Business Applications_1
39/193
Digital SignatureDigital Signature
-
8/14/2019 Information Technology for Business Applications_1
40/193
DigitalDigital
SignatureSignature
-
8/14/2019 Information Technology for Business Applications_1
41/193
Limitation of PGPLimitation of PGP
Unable to decrypt any information if privateUnable to decrypt any information if private
keyring is lost.keyring is lost.
Passphrase protects private key and shouldPassphrase protects private key and should
not be forgotten.not be forgotten.
-
8/14/2019 Information Technology for Business Applications_1
42/193
Digital CertificateDigital Certificate
Tele-working through VPN authenticationTele-working through VPN authentication
Secure confidential files and foldersSecure confidential files and folders
Client / server, intranet applicationsClient / server, intranet applications
Capable of Web monitoring, web pageCapable of Web monitoring, web page
authentication, web server authenticationauthentication, web server authentication
through SSL certificatethrough SSL certificate
A digital certificate contains the digital signature of theA digital certificate contains the digital signature of the
certificate-issuing authority so that anyone can verify thatcertificate-issuing authority so that anyone can verify that
the certificate is real.the certificate is real.
-
8/14/2019 Information Technology for Business Applications_1
43/193
Digital CertificateDigital Certificate
PGP vs Digital CertificatePGP vs Digital Certificate
-
8/14/2019 Information Technology for Business Applications_1
44/193
Laptop
Firewall
Router
WAN
Switch
Computer
Computer
Minicomputer
Workstation
Mainframe
Printer
PGP Server
City
Server ofCertification Authority
Firewall
Router
Switch
Computer
Computer
Minicomputer
Workstation
Mainframe
Printer
Server
SecureVPN
Tunnel
VPNCertificate
VPNgateway
USB Token
PGP vs Digital CertificatePGP vs Digital Certificate
-
8/14/2019 Information Technology for Business Applications_1
45/193
PGP vs Digital CertificatePGP vs Digital Certificate
PGPPGP
No common source of trustNo common source of trust
Trust inherited from userTrust inherited from user
Storage Media: Hard disk,Storage Media: Hard disk,diskettediskette
Keys are not changedKeys are not changed
User manages own keysUser manages own keys
Digital CertificateDigital Certificate
Trusted Certification Authority (CA)Trusted Certification Authority (CA)
Trust inherited from CATrust inherited from CA
Storage Media: Token, disketteStorage Media: Token, diskette
Keys are updated periodicallyKeys are updated periodically
CA manages keys. Recovers, backup,CA manages keys. Recovers, backup,LDAP directoryLDAP directory
-
8/14/2019 Information Technology for Business Applications_1
46/193
Tools for Network SecurityTools for Network Security
PGP (Pretty Good Privacy) vs DigitalPGP (Pretty Good Privacy) vs Digital
CertificateCertificate
Firewall and Virtual Private NetworkFirewall and Virtual Private Network
Host and Network Intrusion DetectionHost and Network Intrusion Detection
Security Surveillance Electronic CopSecurity Surveillance Electronic Cop
Anti-virus SoftwareAnti-virus Software
-
8/14/2019 Information Technology for Business Applications_1
47/193
FirewallFirewall
A firewall examines all traffic routedA firewall examines all traffic routed
between computers and the internet to see ifbetween computers and the internet to see if
it meets the policy or certain criteria. If itit meets the policy or certain criteria. If it
does not meet the criteria, the traffic isdoes not meet the criteria, the traffic is
stopped.stopped.
Checkpoint
firewall
http://images.google.com.sg/imgres?imgurl=http://www.tla.ch/TLA/NEWS/images/nokia.jpg&imgrefurl=http://www.tla.ch/TLA/NEWS/2000sec/20000731CheckpointTUV.htm&h=425&w=680&sz=39&hl=en&start=6&tbnid=W600thpJChx8TM:&tbnh=87&tbnw=139&prev=/images%3Fq%3Dnokia%2Bfirewall%26gbv%3D2%26svnum%3D10%26hl%3Den%26sa%3DG -
8/14/2019 Information Technology for Business Applications_1
48/193
FirewallFirewall
Vi t l P i t N t k
-
8/14/2019 Information Technology for Business Applications_1
49/193
Firewall
Router
WAN
Switch
Computer
Computer
Minicomputer
Workstation
Mainframe
Printer
City
Firewall
Router
Switch
Computer
Computer
Minicomputer
Workstation
Mainframe
Printer
Server
Secure
VPN
TunnelVPN
gateway
USB Token
Leas
ed
Line
VPN Box
LeasedLine
Server
VPN Box
Virtual Private Network
City
Nokia VPN
http://images.google.com.sg/imgres?imgurl=http://www.veracomp.pl/newsletter/2.0/imagebank/ip390.jpg&imgrefurl=http://www.veracomp.pl/news.page.56.nid.2460.html&h=168&w=343&sz=9&hl=en&start=7&tbnid=HJdaRNPvOEuudM:&tbnh=59&tbnw=120&prev=/images%3Fq%3Dnokia%2Bfirewall%26gbv%3D2%26svnum%3D10%26hl%3Den%26sa%3DG -
8/14/2019 Information Technology for Business Applications_1
50/193
Nokia VPN
-
8/14/2019 Information Technology for Business Applications_1
51/193
P i A i H kiP ti A i t H ki
-
8/14/2019 Information Technology for Business Applications_1
52/193
Precaution Against HackingPrecaution Against Hacking
Install and update reliable anti-virusInstall and update reliable anti-virus
software (e.g. McAfee or Symantec) andsoftware (e.g. McAfee or Symantec) and
check system viruses regularlycheck system viruses regularly
Install Firewall (e.g. Check Point orInstall Firewall (e.g. Check Point or
Norton Personal Firewall) to preventNorton Personal Firewall) to prevent
Internet users from getting access toInternet users from getting access tosensitive datasensitive data
P ti A i t H kiP ti A i t H ki
http://images.google.com.sg/imgres?imgurl=http://www.nubscc.com/images/Norton%2520Personal%2520Firewall%25203.0%2520Macintosh.jpg&imgrefurl=http://www.nubscc.com/index.php%3FcPath%3D34&h=280&w=280&sz=14&hl=en&start=8&um=1&tbnid=CDZD409EkX-U7M:&tbnh=114&tbnw=114&prev=/images%3Fq%3DNorton%2BPersonal%2BFirewall%26svnum%3D10%26um%3D1%26hl%3Den%26sa%3DGhttp://images.google.com.sg/imgres?imgurl=http://www.hackcanada.com/hackcanada/media/hacking_for_dummies.jpg&imgrefurl=http://www.hackcanada.com/hackcanada/media/index.html&h=475&w=379&sz=39&hl=en&start=15&tbnid=NOGBjPjqxfyLeM:&tbnh=129&tbnw=103&prev=/images%3Fq%3Dhacking%26gbv%3D2%26svnum%3D10%26hl%3Den -
8/14/2019 Information Technology for Business Applications_1
53/193
Precaution Against HackingPrecaution Against Hacking
Microsoft
French web
site hacked
P ti A i t H kiP ti A i t H ki
-
8/14/2019 Information Technology for Business Applications_1
54/193
Precaution Against HackingPrecaution Against Hacking
Nokia webNokia web
site hackedsite hacked
-
8/14/2019 Information Technology for Business Applications_1
55/193
W32.Blaster.wormW32.Blaster.worm
Smaller users hardest hit by BlasterSmaller users hardest hit by Blaster
virus Worm programmed to attackvirus Worm programmed to attack
Microsoft site on SaturdayMicrosoft site on Saturday
Friday, August 15, 2003Friday, August 15, 2003
-
8/14/2019 Information Technology for Business Applications_1
56/193
Starting Saturday (16 AugStarting Saturday (16 Aug
2003), Blaster is2003), Blaster isprogrammed to use theseprogrammed to use these
infected machines toinfected machines to
attack the Web siteattack the Web siteMicrosoft uses toMicrosoft uses to
distribute softwaredistribute software
updates. But no one knowsupdates. But no one knowshow many PCs arehow many PCs are
infected.infected.
-
8/14/2019 Information Technology for Business Applications_1
57/193
Virus, worm and Trojan horseVirus, worm and Trojan horse
A computer virus attaches itself to a program
or file so it can spread from one computer to
another, leaving infections as it travels.
Almost all viruses are attached to an
executable file, which means the virus mayexist on your computer but it cannot infect
your computer unless you run or open the
malicious program.
ViVi
http://www.webopedia.com/TERM/e/executable_file.htmlhttp://www.webopedia.com/TERM/e/executable_file.html -
8/14/2019 Information Technology for Business Applications_1
58/193
VirusVirus
http://www.kellogg.northwestern.edu/kis/antivirus/graphics/sober-message-example.jpg -
8/14/2019 Information Technology for Business Applications_1
59/193
Virus, worm and Trojan horseVirus, worm and Trojan horse
A worm is similar to a virus by its design, and
is considered to be a sub-class of a virus.
Worms spread from computer to computer,but unlike a virus, it has the capability to
travel without any help from a person.
One example would be for a worm to send a
copy of itself to everyone listed in your e-mail
address book.
WormWorm
-
8/14/2019 Information Technology for Business Applications_1
60/193
WormWorm
http://news.architel.com/wp-content/images/worm.jpg -
8/14/2019 Information Technology for Business Applications_1
61/193
Virus, worm and Trojan horseVirus, worm and Trojan horse
The Trojan Horse, at first glance will appear
to be useful software but will actually do
damage once installed or run on yourcomputer.
-
8/14/2019 Information Technology for Business Applications_1
62/193
-
8/14/2019 Information Technology for Business Applications_1
63/193
Trojan horseTrojan horse
Precaution Against HackingPrecaution Against Hacking
http://images.google.com.sg/imgres?imgurl=http://www.corante.com/mooreslore/archives/images/trojanhorse.jpg&imgrefurl=http://mooreslore.corante.com/archives/spam/&h=643&w=496&sz=55&hl=en&start=5&tbnid=NklWyADTItpBiM:&tbnh=137&tbnw=106&prev=/images%3Fq%3Dtrojan%2Bhorse%26gbv%3D2%26svnum%3D10%26hl%3Den -
8/14/2019 Information Technology for Business Applications_1
64/193
Precaution Against HackingPrecaution Against Hacking Download any security updates that areDownload any security updates that are
released by software publishers. This includereleased by software publishers. This include
software for the operating systems, firewall,software for the operating systems, firewall,
intruder detection and anti-virus systems.intruder detection and anti-virus systems.
Precaution Against HackingPrecaution Against Hacking
-
8/14/2019 Information Technology for Business Applications_1
65/193
Precaution Against HackingPrecaution Against Hacking
Freeware is often the source of computerFreeware is often the source of computer
viruses. Only download from reputable websiteviruses. Only download from reputable website
and check that the servers hosting the site areand check that the servers hosting the site are
protected against virusesprotected against viruses
-
8/14/2019 Information Technology for Business Applications_1
66/193
Precaution Against HackingPrecaution Against Hacking
Do not transact e-business or access internetDo not transact e-business or access internetbank account through a public computer.bank account through a public computer.
Make it a habit to delete web browser cacheMake it a habit to delete web browser cache
and history after each internet session.and history after each internet session.Sensitive information in the cache and historySensitive information in the cache and history
can be accessed by others.can be accessed by others.
Precaution Against HackingPrecaution Against Hacking
-
8/14/2019 Information Technology for Business Applications_1
67/193
Precaution Against HackingPrecaution Against Hacking
-
8/14/2019 Information Technology for Business Applications_1
68/193
Precaution Against HackingPrecaution Against Hacking
Do not open an e-mail with a suspiciousDo not open an e-mail with a suspicious
attachment. Delete both the e-mail andattachment. Delete both the e-mail and
attachment.attachment.
Do not accept the offer of the web browser toDo not accept the offer of the web browser to
remember your password or credit-card numberremember your password or credit-card numberas the data will be stored in your computer whereas the data will be stored in your computer where
it may be accessible to hackers.it may be accessible to hackers.
Precaution Against HackingPrecaution Against Hacking
-
8/14/2019 Information Technology for Business Applications_1
69/193
Precaution Against HackingPrecaution Against Hacking
Do not accept the offer of the web browserDo not accept the offer of the web browser
to remember your password or credit-cardto remember your password or credit-card
number as the data will be stored in yournumber as the data will be stored in your
computer where it may be accessible tocomputer where it may be accessible tohackers.hackers.
-
8/14/2019 Information Technology for Business Applications_1
70/193
Precaution Against HackingPrecaution Against Hacking Change your password regularly and use aChange your password regularly and use a
combination of random letters, numbers andcombination of random letters, numbers and
special symbols for your password. Avoidspecial symbols for your password. Avoid
birthday, dictionary words, vehicle number andbirthday, dictionary words, vehicle number and
namesnames
http://images.google.com.sg/imgres?imgurl=http://www.coolnerds.com/Newbies/Fear/hackFear/hackFear01.gif&imgrefurl=http://www.coolnerds.com/Newbies/Fear/hackFear/hackfear.htm&h=274&w=346&sz=8&hl=en&start=9&tbnid=BxCV9YUC21LPtM:&tbnh=95&tbnw=120&prev=/images%3Fq%3Dcomputer%2Bhacking%26gbv%3D2%26ndsp%3D20%26svnum%3D10%26hl%3Den%26sa%3DN -
8/14/2019 Information Technology for Business Applications_1
71/193
Tools for Network SecurityTools for Network Security
PGP (Pretty Good Privacy) vs PKI () vsPGP (Pretty Good Privacy) vs PKI () vs
VPN (Virtual Private Network)VPN (Virtual Private Network)
FirewallFirewall
Host and Network Intrusion DetectionHost and Network Intrusion Detection
Security Surveillance Electronic CopSecurity Surveillance Electronic Cop
Anti-virus SoftwareAnti-virus Software
-
8/14/2019 Information Technology for Business Applications_1
72/193
Intruder Detection SystemIntruder Detection System
Prevention Prevention DetectionDetection Response Response
Intruder detection System performs burglarIntruder detection System performs burglaralarm functionalarm function
Compliments firewallCompliments firewall
Must be integrated with an appropriateMust be integrated with an appropriateresponse frameworkresponse framework
-
8/14/2019 Information Technology for Business Applications_1
73/193
Network and Server SensorNetwork and Server Sensor
Network sensorNetwork sensor
Detect attacks targeted at the NetworkDetect attacks targeted at the Network
by analyzing network traffic in real-by analyzing network traffic in real-
timetime Attempts to shun attacks by sendingAttempts to shun attacks by sending
TCP reset packetsTCP reset packets
Network and Server SensorNetwork and Server Sensor
-
8/14/2019 Information Technology for Business Applications_1
74/193
Network and Server SensorNetwork and Server Sensor
Network sensorNetwork sensor
-
8/14/2019 Information Technology for Business Applications_1
75/193
Network and Server SensorNetwork and Server Sensor
Server sensorServer sensor
- Detect attack and misuse at the Server e.g.- Detect attack and misuse at the Server e.g.
Web server by analyzing system status andWeb server by analyzing system status and
logs in real-timelogs in real-time
- Performs file integrity monitoring and pre-- Performs file integrity monitoring and pre-
scripted responsesscripted responses
Network and Server SensorNetwork and Server Sensor
-
8/14/2019 Information Technology for Business Applications_1
76/193
Network and Server SensorNetwork and Server Sensor
Server sensorServer sensor
-
8/14/2019 Information Technology for Business Applications_1
77/193
Tools for Network SecurityTools for Network Security
PGP (Pretty Good Privacy)PGP (Pretty Good Privacy)
FirewallFirewall
Host and Network Intrusion DetectionHost and Network Intrusion Detection
Security Surveillance e-CopSecurity Surveillance e-Cop
Anti-virus SoftwareAnti-virus Software
C I t t S itC I t t S it
-
8/14/2019 Information Technology for Business Applications_1
78/193
e-Cop Internet Securitye-Cop Internet Security
Surveillance ServiceSurveillance Service
24x7 Internet Security Surveillance24x7 Internet Security Surveillance
Services through Global CommandServices through Global Command
Centers.Centers.
Through Investigation Services Team, it helpsThrough Investigation Services Team, it helpscustomers to facilitate law enforcement withcustomers to facilitate law enforcement with
forensic evidence collected.forensic evidence collected.
C I t t S itC I t t S it
-
8/14/2019 Information Technology for Business Applications_1
79/193
e-Cop Internet Securitye-Cop Internet Security
Surveillance ServiceSurveillance Service
C I t t S itC I t t S it
-
8/14/2019 Information Technology for Business Applications_1
80/193
e-Cop Internet Securitye-Cop Internet Security
Surveillance ServiceSurveillance Service Conducts Rapid Penetration Service systemConducts Rapid Penetration Service system
scans and report.scans and report.
Provides monthly summary and ad-hocProvides monthly summary and ad-hoc
incident reports.incident reports.
Consultancy on security policy , audit andConsultancy on security policy , audit and
risk assessment.risk assessment.
-
8/14/2019 Information Technology for Business Applications_1
81/193
Anti-VirusAnti-Virus
Viruses can damage files, erase hard diskViruses can damage files, erase hard disk
and steal confidential information.and steal confidential information.
Anti-virus applications detects and stopsAnti-virus applications detects and stops
malicious files that may have been embeddedmalicious files that may have been embedded
along with the files downloaded of e-mailalong with the files downloaded of e-mailreceived.received.
-
8/14/2019 Information Technology for Business Applications_1
82/193
Anti-VirusAnti-Virus
http://images.google.com.sg/imgres?imgurl=http://www.virus-scan-software.com/anti-virus-software/trend-micro/pc-cillin/box_big.gif&imgrefurl=http://www.virus-scan-software.com/anti-virus-software/trend-micro/pc-cillin/&h=220&w=220&sz=21&hl=en&start=35&um=1&tbnid=tSjIgXA9f7VxIM:&tbnh=107&tbnw=107&prev=/images%3Fq%3Dtrend%2Bmicro%2Bantivirus%2Bsoftware%26start%3D20%26gbv%3D2%26ndsp%3D20%26svnum%3D10%26um%3D1%26hl%3Den%26sa%3DNhttp://images.google.com.sg/imgres?imgurl=http://www.lacuracao.com/images/products/58/154592-4-1-99.33S-878-K61268.jpg&imgrefurl=http://www.lacuracao.com/Symantec-Norton-Antivirus-Software-2007_MPD154592.html&h=426&w=415&sz=108&hl=en&start=71&um=1&tbnid=zXItmhIITJm9eM:&tbnh=126&tbnw=123&prev=/images%3Fq%3Dantivirus%2Bsoftware%26start%3D60%26gbv%3D2%26ndsp%3D20%26svnum%3D10%26um%3D1%26hl%3Den%26sa%3DN -
8/14/2019 Information Technology for Business Applications_1
83/193
AgendaAgenda
(4) Systems security.(4) Systems security.
(5) Exploiting Internet and intranet to(5) Exploiting Internet and intranet to
enhance business operations andenhance business operations and
the challenge of integration withthe challenge of integration with
vendors and buyers.vendors and buyers.
I S h E i
-
8/14/2019 Information Technology for Business Applications_1
84/193
Internet Search EngineInternet Search Engine
AltaVista was started byDigital Equipment Corporationemployee volunteers who were trying toprovide services to make finding files
on the public network easier. In 1996,AltaVista became the exclusive providerof search results for Yahoo!.
I t t S h E i
http://en.wikipedia.org/wiki/Digital_Equipment_Corporationhttp://images.google.com/imgres?imgurl=http://www.totowapl.org/pics/serch%2520engs/altavista_enlarged.gif&imgrefurl=http://www.totowapl.org/Seacrh%2520Engines.html&h=150&w=200&sz=6&hl=en&start=2&um=1&tbnid=dsw1CAkX0rebZM:&tbnh=78&tbnw=104&prev=/images%3Fq%3Daltavista%26svnum%3D10%26um%3D1%26hl%3Den%26rls%3DRNWN,RNWN:2007-09,RNWN:en%26sa%3DXhttp://en.wikipedia.org/wiki/Digital_Equipment_Corporation -
8/14/2019 Information Technology for Business Applications_1
85/193
Internet Search EngineInternet Search Engine
Yahoo! Was co-founded by Jerry yangand David Filo
Jerry Yang David Filo
SI t t S h E i
-
8/14/2019 Information Technology for Business Applications_1
86/193
Internet Search EngineInternet Search Engine
In 1998, Digital was sold to Compaq,and in 1999 Compaq re-launchedAltaVista as a web portal, hoping tocompete withYahoo!.
I S h E iI t t S h E i
http://en.wikipedia.org/wiki/Compaqhttp://en.wikipedia.org/wiki/Web_portalhttp://en.wikipedia.org/wiki/Yahoo%21http://www.onlinepcservice.com/Compaq_logo.gifhttp://en.wikipedia.org/wiki/Yahoo%21http://en.wikipedia.org/wiki/Web_portalhttp://en.wikipedia.org/wiki/Compaq -
8/14/2019 Information Technology for Business Applications_1
87/193
Internet Search EngineInternet Search Engine
After a few changing ownership, In
February 2003, AltaVista was bought by
Overture Services, Inc. In October2003,
Overture itself was taken over byYahoo!.
I t t S h E iI t t S h E i
http://en.wikipedia.org/wiki/Yahoo%21_Search_Marketinghttp://en.wikipedia.org/wiki/2003http://en.wikipedia.org/wiki/Yahoo%21http://images.google.com.sg/imgres?imgurl=http://www.scripophily.com/webcart/vigs/overturevig.jpg&imgrefurl=http://www.scripophily.net/ovsein.html&h=184&w=395&sz=10&hl=en&start=5&tbnid=729XsfttQPcARM:&tbnh=58&tbnw=124&prev=/images%3Fq%3DOverture%2BServices%26gbv%3D2%26svnum%3D10%26hl%3Den%26sa%3DGhttp://images.google.com/imgres?imgurl=http://www.totowapl.org/pics/serch%2520engs/altavista_enlarged.gif&imgrefurl=http://www.totowapl.org/Seacrh%2520Engines.html&h=150&w=200&sz=6&hl=en&start=2&um=1&tbnid=dsw1CAkX0rebZM:&tbnh=78&tbnw=104&prev=/images%3Fq%3Daltavista%26svnum%3D10%26um%3D1%26hl%3Den%26rls%3DRNWN,RNWN:2007-09,RNWN:en%26sa%3DXhttp://en.wikipedia.org/wiki/Yahoo%21http://en.wikipedia.org/wiki/2003http://en.wikipedia.org/wiki/Yahoo%21_Search_Marketing -
8/14/2019 Information Technology for Business Applications_1
88/193
Internet Search EngineInternet Search Engine
In Aug. 2004, shortly after Yahoo!'sacquisition, the AltaVista site startedusing theYahoo! Search technology.
I t t S h E iI t t S h E i
http://en.wikipedia.org/wiki/Yahoo%21_Searchhttp://en.wikipedia.org/wiki/Yahoo%21_Search -
8/14/2019 Information Technology for Business Applications_1
89/193
Internet Search EngineInternet Search Engine
In 1 Feb 2008, Microsoft bids US44.6billion to buy over Yahoo!
-
8/14/2019 Information Technology for Business Applications_1
90/193
I t t S h E iI t t S h E i
-
8/14/2019 Information Technology for Business Applications_1
91/193
Internet Search EngineInternet Search Engine
A patent describing part of Google'sA patent describing part of Google'sranking mechanism PageRank wasranking mechanism PageRank wasgranted on 4 Sept 2001. The patent wasgranted on 4 Sept 2001. The patent wasofficially assigned to Stanfordofficially assigned to Stanford
University and lists Lawrence Page asUniversity and lists Lawrence Page asthe inventorthe inventor
LawrenceLawrence
PagePage
SergeySergeyBrinBrin
I t t S h E iI t t S h E i
http://en.wikipedia.org/wiki/Image:Sergey_Brin%2C_Web_2.0_Conference.jpghttp://en.wikipedia.org/wiki/Image:Larry_Page.jpg -
8/14/2019 Information Technology for Business Applications_1
92/193
Internet Search EngineInternet Search Engine
PageRank is a link analysis algorithmthat assigns a numerical weighting toeach element of a hyperlinked set ofdocuments, such as World Wide Web,
with the purpose of measuring itsrelative importance within the set.
S ft A li tiSoftware Application
-
8/14/2019 Information Technology for Business Applications_1
93/193
Software ApplicationSoftware Application
Internet ArchitectureInternet Architecture Software application moves from client-Software application moves from client-
server to internet computing.server to internet computing.
S ft A li tiSoftware Application
-
8/14/2019 Information Technology for Business Applications_1
94/193
Software ApplicationSoftware Application
Internet ArchitectureInternet Architecture Internet computing is a platform thatInternet computing is a platform that
supports the open flow of informationsupports the open flow of information
between systems.between systems.
Soft are ApplicationSoftware Application
-
8/14/2019 Information Technology for Business Applications_1
95/193
Software ApplicationSoftware Application
Internet ArchitectureInternet Architecture Server based technology is leveraging onServer based technology is leveraging on
ubiquitous internet technology such asubiquitous internet technology such as
extensible Markup Language (XML) andextensible Markup Language (XML) and
HyperText Transfer Protocol (HTTP)HyperText Transfer Protocol (HTTP)
Internet Architecture can integrate customInternet Architecture can integrate custominternal systems, eMerchants and tradinginternal systems, eMerchants and trading
partner systemspartner systems
-
8/14/2019 Information Technology for Business Applications_1
96/193
Internet IntegrationInternet Integration
Internet integration is done through:Internet integration is done through:
Application messagingApplication messaging Component InterfacesComponent Interfaces
Business InterlinksBusiness Interlinks
Application EngineApplication Engine
Internet IntegrationInternet Integration
-
8/14/2019 Information Technology for Business Applications_1
97/193
Internet Integrationg
-
8/14/2019 Information Technology for Business Applications_1
98/193
-
8/14/2019 Information Technology for Business Applications_1
99/193
Internet Application ServerInternet Application Server
Java Enabled Web ServerJava Enabled Web Server
Commercially available web servers thatCommercially available web servers that
support Java servlet execution. Providesupport Java servlet execution. Provide
execution environment for Presentationexecution environment for Presentation
Relay Servlet, Integration Relay ServletRelay Servlet, Integration Relay Servlet
and Portal Servletand Portal Servlet
-
8/14/2019 Information Technology for Business Applications_1
100/193
Internet Application ServerInternet Application Server
Presentation Relay servletPresentation Relay servlet
The ERPs Java Servlet that handles allThe ERPs Java Servlet that handles all
inbound and outbound HTTP requests forinbound and outbound HTTP requests for
ERP transactions and queries.ERP transactions and queries.
This thin servlet acts as a relay between theThis thin servlet acts as a relay between the
external or third-party system and the coreexternal or third-party system and the core
back-end integration services.back-end integration services.
-
8/14/2019 Information Technology for Business Applications_1
101/193
Internet Application ServerInternet Application Server
Presentation Relay servlet (contd)Presentation Relay servlet (contd)
It receives and serves HTML, XML andIt receives and serves HTML, XML and
WML request over HTTP and maps theWML request over HTTP and maps the
data in these requests to the Componentdata in these requests to the Component
Processor and query Processor applicationProcessor and query Processor application
services that execute under e.g. Tuxedo.services that execute under e.g. Tuxedo.
-
8/14/2019 Information Technology for Business Applications_1
102/193
Internet Application ServerInternet Application Server
Presentation Relay servlet (contd)Presentation Relay servlet (contd)
It communicates with these back-endIt communicates with these back-end
services via e.g. BEA System JOLTservices via e.g. BEA System JOLT
-
8/14/2019 Information Technology for Business Applications_1
103/193
Internet Application ServerInternet Application Server
Integration Relay ServletIntegration Relay Servlet
An ERPs Java Servlet that handles allAn ERPs Java Servlet that handles all
inbound and outbound HTTP/XML requestsinbound and outbound HTTP/XML requests
for the third-party system integration. This isfor the third-party system integration. This is
also a thin servlet that acts as a relay betweenalso a thin servlet that acts as a relay betweenthe external or third-party system and thethe external or third-party system and the
core back-end integration services.core back-end integration services.
Internet Application ServerInternet Application Server
-
8/14/2019 Information Technology for Business Applications_1
104/193
Internet Application ServerInternet Application Server
Integration Relay Servlet (contd)Integration Relay Servlet (contd)
It receives and serves XML requests overIt receives and serves XML requests over
HTTP and maps the data in these requests toHTTP and maps the data in these requests tothe integration services---- Applicationthe integration services---- Application
Messaging Processor, Business InterlinksMessaging Processor, Business Interlinks
Processor, component Processor --- ThatProcessor, component Processor --- That
execute under e.g. Tuxedoexecute under e.g. Tuxedo
This component communicates with theseThis component communicates with these
back-end services via e.g. BEA Systems JOLTback-end services via e.g. BEA Systems JOLT
-
8/14/2019 Information Technology for Business Applications_1
105/193
Internet Application ServerInternet Application Server
Portal ServletPortal Servlet
An ERPs Java Servlet that handles allAn ERPs Java Servlet that handles all
inbound markup language and outboundinbound markup language and outbound
requests for the Portal.requests for the Portal.
It receives and serves HTML, XML andIt receives and serves HTML, XML and
WML requests over HTTP.WML requests over HTTP.
-
8/14/2019 Information Technology for Business Applications_1
106/193
Internet Application ServerInternet Application Server
Portal ServletPortal Servlet
It also manages all aspects of the ERPIt also manages all aspects of the ERPPortal such as search, content managementPortal such as search, content management
and home page personalization.and home page personalization.
It communicates with this back-end serviceIt communicates with this back-end service
via e.g. BEA Systems JOLTvia e.g. BEA Systems JOLT
TUXEDO manages InternetTUXEDO manages Internet
-
8/14/2019 Information Technology for Business Applications_1
107/193
TUXEDO manages InternetTUXEDO manages Internet
Application Server ServicesApplication Server Services Component ProcessorComponent Processor
A key piece of the Internet applicationA key piece of the Internet application
Server. This component executes the ERPServer. This component executes the ERP
Component--- the core ERP applicationComponent--- the core ERP application
business logicbusiness logic
-
8/14/2019 Information Technology for Business Applications_1
108/193
TUXEDOTUXEDO
Business Interlink ProcessorBusiness Interlink Processor
Manages the execution of BusinessManages the execution of BusinessInterlink Plug-Ins and their interactionsInterlink Plug-Ins and their interactions
with third-party systemswith third-party systems
-
8/14/2019 Information Technology for Business Applications_1
109/193
TUXEDOTUXEDO
Application Messaging ProcessorApplication Messaging Processor
Manages the publishing, subscribingManages the publishing, subscribing
and delivery of Application Messagesand delivery of Application Messages
for the ERP systemfor the ERP system
-
8/14/2019 Information Technology for Business Applications_1
110/193
TUXEDOTUXEDO
User Interface Generator
This component dynamically generates theThis component dynamically generates the
user interface based on the components oruser interface based on the components or
Query definition and generates theQuery definition and generates the
appropriate markup language (HTML, WMLappropriate markup language (HTML, WML
or XML) and scripting language (JavaScript,or XML) and scripting language (JavaScript,WMLScript) based on the client accessing theWMLScript) based on the client accessing the
applicationapplication
-
8/14/2019 Information Technology for Business Applications_1
111/193
TUXEDOTUXEDO
Security ManagerSecurity Manager
Interfaces with the Directory Server usingInterfaces with the Directory Server usingLightweight Directory Access ProtocolLightweight Directory Access Protocol
(LDAP) to authenticate end users and(LDAP) to authenticate end users and
manage their system access privilegesmanage their system access privileges
-
8/14/2019 Information Technology for Business Applications_1
112/193
TUXEDOTUXEDO
Query ProcessorQuery Processor
Executes queries defines using the ERPExecutes queries defines using the ERPtools (e.g. PL/SQL, PeopleSoft Querytools (e.g. PL/SQL, PeopleSoft Query
tool)tool)
-
8/14/2019 Information Technology for Business Applications_1
113/193
TUXEDOTUXEDO
Application EngineApplication Engine
Executes ERP Application Engine processExecutes ERP Application Engine process
-
8/14/2019 Information Technology for Business Applications_1
114/193
TUXEDOTUXEDO
Process SchedulerProcess Scheduler
Executes reports and batch processes andExecutes reports and batch processes andregisters the reports in the Portals Contentregisters the reports in the Portals Content
RegistryRegistry
-
8/14/2019 Information Technology for Business Applications_1
115/193
TUXEDOTUXEDO
SQL Access ManagerSQL Access Manager
Manages all interaction with the DBMSManages all interaction with the DBMSvia SQLvia SQL
-
8/14/2019 Information Technology for Business Applications_1
116/193
AgendaAgenda
(6) e-business and Application(6) e-business and Application
DevelopmentDevelopment
(7) Knowledge management and the use of(7) Knowledge management and the use of
web parts to create self-service portal.web parts to create self-service portal.
e-Business and Applicatione-Business and Application
-
8/14/2019 Information Technology for Business Applications_1
117/193
e Business and Applicatione Business and Application
DevelopmentDevelopment
e-Business is the net-enabled businesse-Business is the net-enabled business
activity that transforms internal andactivity that transforms internal and
external relationships to create valueexternal relationships to create value
and exploit market opportunitiesand exploit market opportunities
driven by new rules of the connecteddriven by new rules of the connected
economy.economy.
---- Gartner---- Gartner
e Business Integration Style
-
8/14/2019 Information Technology for Business Applications_1
118/193
e-Business Integration Style
A2A
Computer
A2A
Server
B2C
Laptop
Minicomputer
Mainframe
B2C
B2B
Enterprise
B2B
Business
Customers
and e-Market
Computer Computer
Computer
Laptop
Laptop
Laptop
Minicomputer
Minicomputer
Minicomputer
Server
Server
B2B
Laptop Minicomputer
Server
Consumers
Suppliers
Manufacturers
Laptop
Minicomputer Computer
A2A
B2B
A2A
B2B
Computer Computer
Application DevelopmentApplication Development
-
8/14/2019 Information Technology for Business Applications_1
119/193
Application DevelopmentApplication Development
StrategiesStrategies Application development disciplines areApplication development disciplines aremerging to support e-business strategies.merging to support e-business strategies.
Instead of building new systemsInstead of building new systemsexclusively, focus is shifting to integration.exclusively, focus is shifting to integration.
Web services are emerging as the new modelWeb services are emerging as the new model
for e-business Application Development.for e-business Application Development.
Microsoft and Java architectures will dominateMicrosoft and Java architectures will dominate
emerging e-business development.emerging e-business development.
A d
-
8/14/2019 Information Technology for Business Applications_1
120/193
AgendaAgenda
(6) E-business and Application(6) E-business and Application
DevelopmentDevelopment
(7) Knowledge management and the use of(7) Knowledge management and the use of
web parts to create self-service portal.web parts to create self-service portal.
-
8/14/2019 Information Technology for Business Applications_1
121/193
Enterprise Portal forEnterprise Portal for
business applicationbusiness application
Portal represents the way customers,Portal represents the way customers,
suppliers and employees access the web-basedsuppliers and employees access the web-based
eBusiness of the businesseBusiness of the business
Enterprise Portal forEnterprise Portal for
-
8/14/2019 Information Technology for Business Applications_1
122/193
p
business applicationbusiness application
Portal providesPortal provides
Personalized accessPersonalized access
Role-based filteringRole-based filtering
Multi-system integrationMulti-system integration
ScalabilityScalability
Content managementContent management
Enterprise Portal forEnterprise Portal for
-
8/14/2019 Information Technology for Business Applications_1
123/193
Enterprise Portal forEnterprise Portal for
business applicationbusiness application
Portal providesPortal provides
Single sign-onSingle sign-on
SecuritySecurity
Community supportCommunity support
A general development frameworkA general development framework
Enterprise Portal forEnterprise Portal for
-
8/14/2019 Information Technology for Business Applications_1
124/193
Enterprise Portal forEnterprise Portal for
business applicationbusiness application
Enterprise Portal forEnterprise Portal for
-
8/14/2019 Information Technology for Business Applications_1
125/193
Enterprise Portal forEnterprise Portal for
business applicationbusiness application
T f P t lT f P t l
-
8/14/2019 Information Technology for Business Applications_1
126/193
Types of PortalTypes of Portal
Application focused solutions for businessApplication focused solutions for business
solution delivery (functional). E.g. SAP, Oracle,solution delivery (functional). E.g. SAP, Oracle,
PeopleSoftPeopleSoft
Technology focused solutions that support theTechnology focused solutions that support the
underlying technology and software integration.underlying technology and software integration.
E.g. IBM Websphere, BEA Weblogic.E.g. IBM Websphere, BEA Weblogic.
Employee Self-Service Portal
-
8/14/2019 Information Technology for Business Applications_1
127/193
SQL Svr
Oracle
FoxPro
MySQL
MS
Access
Files
Web pages
e-mail
message
User Mgt
Public FolderMgt
Storage Mgt
Admin &
Routing Mt
Connector Mgt
PerformanceTuning
Corporate Internet and Corporate Intranet
ERP + CRM + MFG
Webstore(ExIFS)
DatabaseExch Svr
Site Replication
Service
Active Director
Connector
Global Address
List
Active
Directory
Document and
Knowledge Mgt
Self-service Portal
Access
Control List
Win2K Cert
Service
NTFS File
System
Exch2000 Key
Mgt Service
Security
Computer
Laptop
Server
Cell phoneHand held computer
Clients
Doc Mgt:
* Profiled
* Categorized
* Published
* Approved
* Search &
index
engine
Text:
1/18/
2003
Text:
Text:
Netscape My Netscape PortalNetscape My Netscape Portal
-
8/14/2019 Information Technology for Business Applications_1
128/193
Netscape My AOL PortalNetscape My AOL Portal
-
8/14/2019 Information Technology for Business Applications_1
129/193
p yp y
Netscape My AOL PortalNetscape My AOL Portal
-
8/14/2019 Information Technology for Business Applications_1
130/193
Netscape My AOL PortalNetscape My AOL Portal
-
8/14/2019 Information Technology for Business Applications_1
131/193
4 M j C i f P l4 M j C t i f P t l
-
8/14/2019 Information Technology for Business Applications_1
132/193
4 Major Categories of Portal4 Major Categories of Portal
FunctionalityFunctionality
Portal Infrastructure.Portal Infrastructure.
Portal Operations.Portal Operations.
Portal Features.Portal Features.
Portal Presentation.Portal Presentation.
P t l I f t tPortal Infrastructure
-
8/14/2019 Information Technology for Business Applications_1
133/193
Portal InfrastructurePortal Infrastructure
IntegrationIntegration
InternationalizationInternationalization
PlatformPlatform
ScalabilityScalability
SecuritySecurity StandardsStandards
Portal Infrastr ct rePortal Infrastructure
-
8/14/2019 Information Technology for Business Applications_1
134/193
Portal InfrastructurePortal Infrastructure
IntegrationIntegration
URL-based integrationURL-based integration Web-based screen scrapingWeb-based screen scraping
XML/XSLXML/XSL
Legacy screen scrapingLegacy screen scraping APIAPI
EAIEAI
-
8/14/2019 Information Technology for Business Applications_1
135/193
Portal InfrastructurePortal Infrastructure
-
8/14/2019 Information Technology for Business Applications_1
136/193
Portal InfrastructurePortal Infrastructure
PlatformPlatform
Operating systemsOperating systems
Database serversDatabase servers
Application serversApplication servers
Web serversWeb servers Web browsersWeb browsers
Portal InfrastructurePortal Infrastructure
-
8/14/2019 Information Technology for Business Applications_1
137/193
Portal InfrastructurePortal Infrastructure
ScalabilityScalability
ReplicationReplication
FailoverFailover
Load balancingLoad balancing
ClusteringClustering
CablingCabling
Portal InfrastructurePortal Infrastructure
-
8/14/2019 Information Technology for Business Applications_1
138/193
Portal InfrastructurePortal Infrastructure
SecuritySecurity
AuthenticationAuthentication
AuthorizationAuthorization
LoginLogin
Single sign-onSingle sign-on
Portal InfrastructurePortal Infrastructure
-
8/14/2019 Information Technology for Business Applications_1
139/193
Portal InfrastructurePortal Infrastructure
Security (contd)Security (contd)
User ManagementUser Management
Digital certificateDigital certificate
Public keyPublic key Digital signatureDigital signature
Portal InfrastructurePortal Infrastructure
-
8/14/2019 Information Technology for Business Applications_1
140/193
Portal InfrastructurePortal Infrastructure
Security (contd)Security (contd)
Public key infrastructurePublic key infrastructure
Secure Sockets Layer ProtocolSecure Sockets Layer Protocol
Secure Hypertext Transfer ProtocolSecure Hypertext Transfer Protocol
Portal InfrastructurePortal Infrastructure
-
8/14/2019 Information Technology for Business Applications_1
141/193
Portal InfrastructurePortal Infrastructure
StandardsStandards
HTMLHTML
JavaJava
SubcategoriesSubcategories
J2EEJ2EE
XMLXML
XSLXSL
Portal OperationsPortal Operations
-
8/14/2019 Information Technology for Business Applications_1
142/193
pp
AdministrationAdministration
Community ManagementCommunity Management
Development EnvironmentDevelopment Environment
Integrated Development EnvironmentIntegrated Development Environment
(IDE)(IDE)
Application program interface (API)Application program interface (API)
Software Development Kit (SDK)Software Development Kit (SDK)
Portal OperationsPortal Operations
-
8/14/2019 Information Technology for Business Applications_1
143/193
Portal OperationsPortal Operations
Ease of UpgradeEase of Upgrade
Federated PortalsFederated Portals
Portal FeaturesPortal Features
-
8/14/2019 Information Technology for Business Applications_1
144/193
Portal FeaturesPortal Features
Business IntelligenceBusiness Intelligence
CollaborationCollaboration
Content ManagementContent Management
PersonalisationPersonalisation
SearchSearch
WorkflowWorkflow
Portal FeaturesPortal Features
-
8/14/2019 Information Technology for Business Applications_1
145/193
Portal FeaturesPortal Features
Business IntelligenceBusiness Intelligence
Report generationReport generation
Online analytical processing (OLAP)Online analytical processing (OLAP)
Decision support system (DSS)Decision support system (DSS)
Data warehousingData warehousing
Data MiningData Mining
Ad-hoc reportingAd-hoc reporting
Portal FeaturesPortal Features
-
8/14/2019 Information Technology for Business Applications_1
146/193
Portal FeaturesPortal Features
CollaborationCollaboration
Discussion boardDiscussion board Document sharingDocument sharing
ChatChat
Instant messagingInstant messaging
Virtual whiteboardVirtual whiteboard
Virtual conferencingVirtual conferencing
Video conferencingVideo conferencing
Portal FeaturesPortal Features
-
8/14/2019 Information Technology for Business Applications_1
147/193
Portal FeaturesPortal Features
Content ManagementContent Management
A process of creating, submitting, accessing,A process of creating, submitting, accessing,
approving and maintaining unstructuredapproving and maintaining unstructured
content from diverse sourcescontent from diverse sources
Portal FeaturesPortal Features
-
8/14/2019 Information Technology for Business Applications_1
148/193
PersonalizationPersonalization
ExplicitExplicit Users profile (in LDAP)Users profile (in LDAP)
System to maintain and manageSystem to maintain and manage
Implicit or heuristicImplicit or heuristic Users online behavior (clicked certainUsers online behavior (clicked certain
links or visit certain pages)links or visit certain pages)
Event based personalization ( HPEvent based personalization ( HP
eService, Amazon.comeService, Amazon.com
Users preference personalisation)Users preference personalisation)
Portal FeaturesPortal Features
-
8/14/2019 Information Technology for Business Applications_1
149/193
Portal FeaturesPortal Features
SearchSearch
Boolean-based SearchesBoolean-based Searches IndexingIndexing Spider / Crawler / BotSpider / Crawler / Bot Keyword (Metadata) SearchKeyword (Metadata) Search
Full-text SearchFull-text Search Internet / Web SearchInternet / Web Search Natural-language SearchNatural-language Search Results RankingResults Ranking
Portal FeaturesPortal Features
-
8/14/2019 Information Technology for Business Applications_1
150/193
Portal FeaturesPortal Features
WorkflowWorkflow
The tasks, procedural steps,The tasks, procedural steps,
checkpoints, forms of review orcheckpoints, forms of review or
approval, people, information and toolsapproval, people, information and tools
needed to complete businessneeded to complete business
Portal FeaturesPortal Features
-
8/14/2019 Information Technology for Business Applications_1
151/193
Portal FeaturesPortal Features
Workflow AutomationWorkflow Automation
Integrate existing applications andIntegrate existing applications andcomponents within a workflow throughcomponents within a workflow through
programs such as JDBC, ODBC, EJB,programs such as JDBC, ODBC, EJB,
CORBA or COM interface with eachCORBA or COM interface with eachotherother
Portal FeaturesPortal Features
-
8/14/2019 Information Technology for Business Applications_1
152/193
Portal FeaturesPortal Features
Workflow AutomationWorkflow Automation
Alert users involved in a workflow viaAlert users involved in a workflow viaemail, wireless SMS or directly throughemail, wireless SMS or directly through
portalportal
Allow applications to initiate a workflowAllow applications to initiate a workflow
via an open APIvia an open API
Portal PresentationPortal Presentation
-
8/14/2019 Information Technology for Business Applications_1
153/193
Portal PresentationPortal Presentation
End-user customizationEnd-user customization
HelpHelp
User InterfaceUser Interface
Wireless AccessWireless Access
Portal PresentationPortal Presentation
-
8/14/2019 Information Technology for Business Applications_1
154/193
Portal PresentationPortal Presentation
End-user customizationEnd-user customization
User interfaceUser interface OrganizationOrganization ContentContent
Portal PresentationPortal Presentation
-
8/14/2019 Information Technology for Business Applications_1
155/193
Portal PresentationPortal Presentation
HelpHelp
General HelpGeneral Help Context sensitive HelpContext sensitive Help Interactive HelpInteractive Help
Bubble HelpBubble Help Online WizardOnline Wizard
Portal PresentationPortal Presentation
-
8/14/2019 Information Technology for Business Applications_1
156/193
Portal PresentationPortal Presentation
User InterfaceUser Interface
Graphic designGraphic design Information ArchitectureInformation Architecture Editorial Style / Content StrategyEditorial Style / Content Strategy
Instructions and Error HandlingInstructions and Error Handling
Portal PresentationPortal Presentation
-
8/14/2019 Information Technology for Business Applications_1
157/193
Portal PresentationPortal Presentation
Wireless AccessWireless Access
Subscription-based Content PushSubscription-based Content Push Subscription-basedSubscription-based
Alerts/notificationsAlerts/notifications
Workflow Process-based AlertsWorkflow Process-based Alerts Interactive QueryingInteractive Querying SMS messagingSMS messaging Wireless Markup LanguageWireless Markup Language
AgendaAgenda
-
8/14/2019 Information Technology for Business Applications_1
158/193
AgendaAgenda
(8) Storage Area Network (SAN) and(8) Storage Area Network (SAN) and
Network Access Systems (NAS)Network Access Systems (NAS)
(5)(5) Business Recovery ProcessBusiness Recovery Process
(7)(7) Best PracticesBest Practices
Storage Area NetworkStorage Area Network
St A N t k (SAN) i lStorage Area Network (SAN) is a large
-
8/14/2019 Information Technology for Business Applications_1
159/193
Storage Area Network (SAN) is a largeStorage Area Network (SAN) is a large
external shared storage system supportingexternal shared storage system supportingvarious different servers and is capable ofvarious different servers and is capable of
high-speed database accesshigh-speed database access
SAN + NAS = Network StorageSAN + NAS = Network Storage
Storage Area NetworkStorage Area Network
-
8/14/2019 Information Technology for Business Applications_1
160/193
Storage Area NetworkStorage Area Network
Network Attached Storage (NAS) is aNetwork Attached Storage (NAS) is a
storage element that connects tostorage element that connects to
network and provides file access servicesnetwork and provides file access services
to computer systems and network clients.to computer systems and network clients.
SAN and NAS
-
8/14/2019 Information Technology for Business Applications_1
161/193
Server
Shared Storage
Shared information
Data
Data
Server
Server
Server
Server
Server
Server
IP Network
NAS
SAN
Data
Data
SAN is for.
Dedicate storage
Databases
Client Server Applications
---Transactional systems
--- ERP applications
NAS is for.
File Sharing
Distributed applications---Internet
--- Web Mail
--- Asset Management
--- CAD / CAM
Local Area Network
Storage Area Network (SAN)
-
8/14/2019 Information Technology for Business Applications_1
162/193
Server
Switch / Hub
Bridge
Library
Server Server
Switch / Hub
Server
Disk
ArrayDisk
Array
Disk
Array
Host
adaptor
Host
adaptorHost
adaptor
Host
adaptor
-
8/14/2019 Information Technology for Business Applications_1
163/193
Network Attached Storage (NAS)
-
8/14/2019 Information Technology for Business Applications_1
164/193
WindowWorkstation
UnixWorkstation
WindowWorkstation UnixWorkstation
UnixServerindows NTServer
Network AttachedStorage Device
A storage element that connects to a network and provides Files accessservice
CIFS
NF S
Network Attached Storage (NAS)Network Attached Storage (NAS)
-
8/14/2019 Information Technology for Business Applications_1
165/193
AdvantagesAdvantages
Data/files sharing and universalData/files sharing and universalaccessaccess
Consolidate file serversConsolidate file servers
Simplify data managementSimplify data management
Leveraging on high speed LAN /Leveraging on high speed LAN /WANWAN
Lower total cost of ownershipLower total cost of ownership
DisadvantagesDisadvantages
May require dedicated networkMay require dedicated networkfor speedfor speed
Not suitable for high scaleNot suitable for high scaleapplication environmentapplication environment
AgendaAgenda
-
8/14/2019 Information Technology for Business Applications_1
166/193
gg
(8) Storage Area Network (SAN) and(8) Storage Area Network (SAN) and
Network Access Systems (NAS)Network Access Systems (NAS)
(5)(5) Business Recovery ProcessBusiness Recovery Process
(7)(7) Best PracticesBest Practices
Business RecoveryBusiness Recovery
-
8/14/2019 Information Technology for Business Applications_1
167/193
Business Recoveryy
Disaster Recovery ScenariosDisaster Recovery Scenarios
Disaster Recovery PlansDisaster Recovery Plans
Development of Procedure and DelegationDevelopment of Procedure and Delegation
of Tasksof Tasks
Business RecoveryBusiness Recovery
-
8/14/2019 Information Technology for Business Applications_1
168/193
us ess eco e yy
Time-sensitive Backup OperationsTime-sensitive Backup Operations
Security ConsiderationsSecurity Considerations
Policy ConsiderationsPolicy Considerations
Business RecoveryBusiness Recovery
-
8/14/2019 Information Technology for Business Applications_1
169/193
yy
Technical ConsiderationsTechnical Considerations
Other ConsiderationsOther Considerations
Documentation for Business RecoveryDocumentation for Business Recovery
Business Recovery ScenariosBusiness Recovery Scenarios
-
8/14/2019 Information Technology for Business Applications_1
170/193
yy
Components, sub-systems and system failureComponents, sub-systems and system failure
Power failurePower failure
Systems software and database failureSystems software and database failure
Accidental or malicious deletion andAccidental or malicious deletion and
modificationmodification
Business Recovery ScenariosBusiness Recovery Scenarios
-
8/14/2019 Information Technology for Business Applications_1
171/193
yy
Virus and hacker attackVirus and hacker attack
Natural disaster (Fire, water, flood,Natural disaster (Fire, water, flood,earthquake)earthquake)
Man-made disasterMan-made disaster
Theft and sabotageTheft and sabotage
Business Recovery PlansBusiness Recovery Plans
-
8/14/2019 Information Technology for Business Applications_1
172/193
yy
Top-down execution and responsibilityTop-down execution and responsibility
accountingaccounting Bottom-up execution and responsibilityBottom-up execution and responsibility
accountingaccounting
Top-down policy and bottom-up planning andTop-down policy and bottom-up planning andexecutionexecution
Business Recovery PlansBusiness Recovery Plans
-
8/14/2019 Information Technology for Business Applications_1
173/193
yy
Develop procedure and delegation of tasksDevelop procedure and delegation of tasks
Security considerationSecurity consideration
Policy considerationPolicy consideration
Technical considerationTechnical consideration
Testing of back-up and restore procedureTesting of back-up and restore procedure
Documentation of procedure andDocumentation of procedure and
configurationsconfigurations
Conducting verification operationsConducting verification operations
-
8/14/2019 Information Technology for Business Applications_1
174/193
Development of ProcedureDevelopment of Procedure
and delegation of tasksand delegation of tasks
-
8/14/2019 Information Technology for Business Applications_1
175/193
and delegation of tasksand delegation of tasks
Where is the off-site business recovery centre?Where is the off-site business recovery centre?
To what extend is the redundancy being setTo what extend is the redundancy being set
up?up?
How often is the full and incrementalHow often is the full and incrementalbackups done?backups done?
How long does it take to retrieve backupsHow long does it take to retrieve backups
from onsite and offsite storage area?from onsite and offsite storage area?
Development of ProcedureDevelopment of Procedure
and delegation of tasksand delegation of tasks
-
8/14/2019 Information Technology for Business Applications_1
176/193
and delegation of tasksand delegation of tasks
Can the offsite copies be obtained at anyCan the offsite copies be obtained at anytime or only during business hours?time or only during business hours?
How long does it take to perform a fullHow long does it take to perform a full
and partial restores with verification?and partial restores with verification? What is the acceptable downtime?What is the acceptable downtime?
Development of ProcedureDevelopment of Procedure
and delegation of tasksand delegation of tasks
-
8/14/2019 Information Technology for Business Applications_1
177/193
and delegation of tasksand delegation of tasks
Who is to be notified if disaster occurs?Who is to be notified if disaster occurs?
What are the hardware and softwareWhat are the hardware and software
technical support available and how long doestechnical support available and how long does
it take to replace failed systems?it take to replace failed systems?
-
8/14/2019 Information Technology for Business Applications_1
178/193
Security ConsiderationsSecurity Considerations
-
8/14/2019 Information Technology for Business Applications_1
179/193
Is the offsite business recovery centre secureIs the offsite business recovery centre secure
from unauthorized access?from unauthorized access?
What has been done to make the offsiteWhat has been done to make the offsite
business recovery centre protected fire, flood,business recovery centre protected fire, flood,
theft or another disaster?theft or another disaster?
What is the procedure for the designatedWhat is the procedure for the designated
personnel to access the offsite businesspersonnel to access the offsite business
recovery centre?recovery centre?
Policy considerationsPolicy considerations
-
8/14/2019 Information Technology for Business Applications_1
180/193
y
Is there a policy in place for business recoveryIs there a policy in place for business recovery
for the whole organization?for the whole organization?
Are all modified files to be backup or doesAre all modified files to be backup or does
company policy specify only critical files orcompany policy specify only critical files or
files of certain users, groups, departments orfiles of certain users, groups, departments or
divisions?divisions?
Policy considerationsPolicy considerations
-
8/14/2019 Information Technology for Business Applications_1
181/193
y
Are any disks or volumes or certain systemsAre any disks or volumes or certain systems
not to be backed up?not to be backed up?
Are users responsible for their back up andAre users responsible for their back up and
technical support?technical support?
Technical ConsiderationsTechnical Considerations
-
8/14/2019 Information Technology for Business Applications_1
182/193
Are logs created and saved for futureAre logs created and saved for future
reference? What is the policy for housereference? What is the policy for housekeeping of logs?keeping of logs?
Is the backup done to a local tape drive,Is the backup done to a local tape drive,
remotely over the LAN or remotely over theremotely over the LAN or remotely over the
wide area network (WAN)?wide area network (WAN)?
Technical ConsiderationsTechnical Considerations
-
8/14/2019 Information Technology for Business Applications_1
183/193
Are computers and systems equipped withAre computers and systems equipped with
notification through SMS power outages? Arenotification through SMS power outages? Are
they connected to UPS?they connected to UPS?
What is the process in place for dealing withWhat is the process in place for dealing with
unforeseen occurrences during a backup orunforeseen occurrences during a backup or
restore?restore?
Other ConsiderationsOther Considerations
-
8/14/2019 Information Technology for Business Applications_1
184/193
What are the possible disaster scenarios? AreWhat are the possible disaster scenarios? Are
there recovery procedures to thosethere recovery procedures to those
disasters?disasters?
What backup software to use?What backup software to use?
How many copies of backup to be kept?How many copies of backup to be kept?
What are the backup medium?What are the backup medium?
-
8/14/2019 Information Technology for Business Applications_1
185/193
Documentation forDocumentation for
Business RecoveryBusiness Recovery
-
8/14/2019 Information Technology for Business Applications_1
186/193
Business Recoveryus ess eco e y
Are there backup catalogs and log files?Are there backup catalogs and log files?
Are the contact for hardware and softwareAre the contact for hardware and software
support for business recovery properlysupport for business recovery properly
documented?documented?
Documentation forDocumentation for
Business RecoveryBusiness Recovery
-
8/14/2019 Information Technology for Business Applications_1
187/193
Business RecoveryBusiness Recovery
Is there a documentation for verificationIs there a documentation for verification
operation to compare files on the disk and filesoperation to compare files on the disk and files
on the backup media?on the backup media?
Is there documentation maintainingIs there documentation maintaining
configuration and system information?configuration and system information?
Documents should include manual andDocuments should include manual andwarranties from vendors, insurance policy, toolwarranties from vendors, insurance policy, tool
kits, add-ons, training guides.kits, add-ons, training guides.
Documentation forDocumentation for
Business RecoveryBusiness Recovery
-
8/14/2019 Information Technology for Business Applications_1
188/193
Business RecoveryBusiness Recovery
Is there software configuration informationIs there software configuration information
and backup procedure?and backup procedure?
Any documentation on the version, serviceAny documentation on the version, service
packs installed, hot fixes installed ?packs installed, hot fixes installed ?
AgendaAgenda
-
8/14/2019 Information Technology for Business Applications_1
189/193
(8) Storage Area Network (SAN) and(8) Storage Area Network (SAN) and
Network Access Systems (NAS)Network Access Systems (NAS)
(5)(5) Business Recovery ProcessBusiness Recovery Process
(7)(7) Best PracticesBest Practices
Best PracticesBest Practices
-
8/14/2019 Information Technology for Business Applications_1
190/193
Develop backup and restore strategies andDevelop backup and restore strategies and
test themtest them
Use reliable hardware and perform stress testUse reliable hardware and perform stress test Create labs that mirror productionCreate labs that mirror production
environmentenvironment
Test deployments in lab before deploying inTest deployments in lab before deploying in
productionproduction
Best PracticesBest Practices
-
8/14/2019 Information Technology for Business Applications_1
191/193
Train appropriated personnelTrain appropriated personnel
Remove single point of failureRemove single point of failure Apply the latest Service pack to resolve knownApply the latest Service pack to resolve known
issues and improve server reliabilityissues and improve server reliability
Best PracticesBest Practices
-
8/14/2019 Information Technology for Business Applications_1
192/193
Backup before and after every major stateBackup before and after every major state
changeschanges
Monitor symptoms and events that lead toMonitor symptoms and events that lead tofailurefailure
Update document regularly for any changesUpdate document regularly for any changes Keep a copy of the installation media,Keep a copy of the installation media,
hardware and software configuration in thehardware and software configuration in theoffsite locationoffsite location
-
8/14/2019 Information Technology for Business Applications_1
193/193
Thank youThank you