Overview

The system is logically divided into three distinct tiers — user services, business services, and data services. This segmentation introduces flexible layers of abstraction between databases and the client applications that use them. Each tier is responsible for a different task, and when put together, they form a cohesive, cooperating system that is flexible, robust, and evolutionary.

• The user services tier contains the user interfaces. A custom client application has been written with Visual C++ to provide an easy-to-use interface for viewing, inserting, updating and deleting database records. The application interacts with the business services tier over TCP/IP in a secure manner.
  
• While the user-interface displays and retrieves data from the user, the business objects need to provide all the business functionality and capabilities required by the user interface. The business services tier contains the rules that describe how an operation should be completed, such as creating a record for a new member, or entering a payment on an invoice. The system uses Microsoft Transaction Server (MTS) as the business rules server to ensure that all of the business processing is done correctly. It serves as an intermediary between the client and the data storage.
  
• The data services tier is responsible for creating, updating, retrieving and deleting data from a data source. In many cases, it also includes more complex features, such as enforcement of relational integrity and other data-related rules. The system provides access to the data through the use of ActiveX Data Objects (ADO)

Security: Network

A very important aspect of this system is the level of security. Any distributed network application that transmits data over the internet should bahave properly in secure environments (such as a †VPN ) and itself employ the latest security technologies. To have privacy, the system needs to keep anyone except the intended recipient application from reading a message. Ensuring privacy usually involves some form of cryptography. To provide privacy, our system employes the latest cryptography libraries to scrambles messages such that the messages can be stored and transmitted securely. The following is a list of security requirements the system our system meets:

• Generating and exchanging symmetrical and asymmetrical encryption keys.
• Verifying and storing encrypted usernames and passwords that can be stored on non-secure media and still remain private.
• Establishing the integrity of data received by using Digital Signatures or Data Hashes
• Encoding and decoding request/response messages on both server and client software components while not affecting the overall responsiveness of the system.
• Working with more then one Cryptographic Service Provider (CSP)
• Enabling/disabling encryption protocols.

Security: Bussines Logic

Another important aspect of the enterprise application design is protection of data from unauthorized, accidental, or deliberate modification, destruction, or disclosure within an organization. The security measures responsible for guarding business objects have been coded into the very core of the software package at the lowest level which enables adding, suspending and changing access privileges for users quickly and painlessly. To enable tracking of suspicious activities the system monitors the most critical system tables and saves each transaction for later analysis.

The security model itself mimics the horizontal (departments) and vertical (employment hierarchy) structure of a typical business. The changes to the organizational tables of the system are enforced on the server and client sides.

The following diagram depicts the key aspects of the business security implemented in the CyberBase software package

Network Protocols

CyberBase uses two protocols to exchange data between the client application and the server objects: SOAP and COM+. While COM+ is a preferred choice in the LAN environment, the SOAP protocol is mainly used to exchange messages securely over the internet. SOAP is a lightweight protocol intended for exchanging structured information in a decentralized, distributed environment such as our system. SOAP uses XML technologies to define an extensible messaging framework, which provides a message construct that can be exchanged over a variety of underlying protocols. The framework has been designed to be independent of any particular programming model and other implementation specific semantics. CyberDev has shifted its focus from customized client/server protocols to SAOP to solve some challenging real world issues that encumber the existing distributed architecture. The SOAP protocol is also one of the pillars bearing modern .NET applications.