Credits: University of Phoenix
Sybase Financial Server
Financial Server Features
Sybase Financial Server is a component-based, middle-tier application server designed specifically for the financial services and brokerage industries. Based on Sybase Enterprise Application Server(TM) (EAServer), Financial Server provides a set of development tools, business components, servers, and application templates that enable you to develop and deploy applications for online banking and institutional securities trading. Financial Server supports the Open Financial Exchange (OFX) protocol for online banking, and the Financial Information eXchange (FIX) and the Society for Worldwide Interbank Financial Telecommunications (SWIFT) protocol for securities trading. In later releases, Financial Server will support other protocols, such as CMS and HBCI.
EAServer's power and speed make it the ideal deployment platform for distributed and Web applications. Financial Server includes EAServer, which contains Jaguar CTS(TM), PowerDynamo(TM), Application Integrator, Adaptive ServerÂ® Anywhere, PowerSiteÂ®, PowerJ(TM), and AppModeler(TM). For more details about these products, see the EAServer Feature Guide and the individual product documentation.
Financial Server provides these features:
Â· OFX support
Financial Server supports OFX version 1.0.2, which allows you to electronically exchange financial data between financial institutions, businesses, and consumers, using the Internet.
Â· FIX support
Financial Server supports FIX versions 3.0 and 4.0, which allow you to electronically exchange securities transactions between brokers, buy-side institutions, and markets (stock exchanges).
Â· SWIFT support
Financial Server supports SWIFT, which allows you to electronically exchange securities data with any application that is connected to the worldwide SWIFT Network.
Â· Broad range of clients
The flexible development environment enables application developers to build and deploy a multitude of Financial Server clients. Personal financial management software (such as Money, Quicken, HomeATM, Mecca), dynamic Web pages, CORBA-compatible Java, PowerBuilderÂ®, C++, and ActiveX applications are among the many clients that can make use of Financial Server.
Â· Integration with corporate computing systems
The powerful API enables financial and brokerage institutions to easily and efficiently integrate Financial Server with their corporate computing systems. Developers can use either messages or method calls to access corporate computing systems, such as CICS, DBMS, MQSeries, or TIBCO.
Â· High performance
The multithreaded server provides a number of sophisticated performance tuning capabilities such as database connection pooling, dynamic page caching, and script scheduling.
Â· Advanced scalability
A robust, multithreaded, multiprocessor execution engine executes components and processes transactions at high speed while making the most efficient use of available system resources such as native threads, CPU, memory, and networks.
The clustering, high availability, failover, and load-balancing features prevent any one server in a cluster from becoming overloaded, and allow a server to automatically fail over to another server machine.
The Financial Server environment provides secure connections for built-in authentication, authorization, and encryption through SSL, digital certificates (X.509v3), and access control lists.
Â· Rapid, multitier application development
The built-in services such as connection pooling, thread pooling, session management, and implicit transactions allow developers to focus on application logic development without having to deal with low-level infrastructure. You can quickly build and deploy clients that route messages between brokers, institutions, and markets.
Financial Server provides managers that use a simple yet powerful graphical user interface to facilitate the configuration and management of FIX, SWIFT, and OFX servers as well as OFX server profiles.
Application Studio development tools Enterprise
Although you can use many Java, C/C++, and ActiveX development tools to develop Financial Server applications, the product suite includes PowerJ and PowerBuilder (which are Enterprise Application Studio development tools). PowerJ and PowerBuilder also include several additional tools to make developing applications faster, easier, and more efficient: PowerSite, AppModeler, InfoMakerÂ®, jConnect(TM), and Riverton HOW Learning Edition.
Figure 1-1: Financial Server architecture
Financial Server services FIX message requests from clients (for example, a broker application) and communicates with other FIX servers, which can be located at another brokerage firm or institution. FIX clients communicate with FIX servers using IIOP or IIOPS. FIX servers communicate with another company's FIX server using TCP/IP.
SWIFT provides message standards that support payment, securities, treasury, and trade services. The SWIFT standards are controlled by its member banks which govern security controls. SWIFT customers can communicate from a single point through the SWIFT Network, to member banks around the world.
OFX is a unified specification for the electronic exchange of data between financial institutions, businesses, and consumers over the Internet. OFX supports Web clients and personal finance management client applications, such as Microsoft Money and Intuit Quicken.Through the use of OFX, Financial Server integrates numerous retail banking operations, such as payment processing, ATM networks, bill payment and presentment, publishers, and clearing brokers. FIX servers connect brokers and institutions, allowing them to electronically trade orders as well as seamlessly access the existing back-office infrastructure and legacy data.
OFX includes a profile server and an OFX core server. The profile server maintains information about the capabilities of a financial institution's OFX server to which a client can connect. OFX core servers process message requests from clients and manage transactions with back-office systems. Clients can be personal finance management software, Web clients (such as browsers), or Java clients (such as applets or Java applications). OFX clients communicate with OFX core servers using HTTP or HTTPS.
Using Jaguar, Application Integrator, various gateways, bridges, and native database connectivity, OFX, FIX, and SWIFT servers can connect to a wide range of financial institution and brokerage back-office computing systems. For example, OFX, FIX, and SWIFT servers can connect with CICS programs on the mainframe, service bureaus, other core processing computers, and databases such as Sybase Adaptive Server Enterprise, Oracle, Informix, and other relational database management systems.
If clients are sending confidential information via the Internet, you should use the secure protocols HTTPS and IIOPS. If clients are connected to servers through an intranet, which resides behind a firewall, then you can use HTTP or IIOP, which provide better performance for connections.
Through EAServer, Financial Server offers extensive security features, including:
Â· SSL support
User authentication and authorization
Jaguar CTS also provides built-in support for user authentication and authorization. Users are authenticated when a client application creates a proxy or stub object (a connection is made when the application creates the first proxy or stub; other proxies or stubs may use the same connections or allocate new connections as needed). Each component has access control lists that determine which users are allowed to invoke the component; if a user is not authorized to use a component, attempts to create stubs or proxies fail.
In addition, Jaguar CTS provides native SSL support. The SSL protocol allows connections to be secured using public-key encryption and authentication algorithms that are based on digital certificates. SSL is a "wrapper" protocol; packets for another protocol are secured by embedding them inside SSL packets. For example, HTTPS is HTTP secured by embedding each HTTP packet within an SSL packet. Likewise, IIOPS is IIOP embedded within SSL. HTTPS and IIOPS are also commonly called "secure HTTP" and "secure IIOP."
Jaguar servers provide native SSL protocol support. Specifically, Jaguar's built-in SSL driver supports dynamic negotiation, cached and shared sessions, and authorization for client and server using X.509 Digital Certificate Support.
In Jaguar Manager, you configure a secure IIOP or HTTP port by defining an IIOP or HTTP listener, then associating a security profile with the listener. The security profile designates a server certificate to be sent to clients to verify that the connection ends at the intended server. The security profile also specifies the connection's required security settings, including:
Â· Whether a client certificate is required to open connections. The client certificate serves as proof of the client user's identity.
Â· What data security options, such as the encryption algorithm, will be used to secure data transmitted over the connection.
For detailed instructions on configuring secure ports, see the Jaguar CTS Administration Guide.
On the client side, the following types of clients can open SSL connections to Jaguar servers:
Â· Java applets hosted by SSL-capable Web browsers
Â· C++ clients
Â· PowerBuilder clients
Application Server Enterprise
EAServer enables you to deploy many different types of components and clients to assist in integrating back-office applications into your Financial Server operation.
Jaguar CTS, part of EAServer, provides a framework for deploying the middle-tier logic of distributed component-based applications. At the heart of Jaguar is a high-performance transaction server that provides efficient management of client sessions, security, threads, third-tier database connections, and transaction flow. Jaguar's scalability and platform independence allow you to develop your application on inexpensive uniprocessor machines, and then deploy the application on an enterprise-grade multiprocessor server.
With Jaguar, you can:
Â· Deploy PowerBuilder, Java, ActiveX, and C/C++ components to a middle-tier server
Â· Develop CORBA-compliant client applications
Â· Administer the transaction server using Jaguar Manager, a graphical tool that supports component interface browsing, declarative role-based security, and runtime monitoring
Jaguar provides the following additional services:
Â· Transparent client-session and component life cycle management
Â· Connection caching to allow reuse of remote database connections
Â· Transaction management to simplify the design and implementation of an application's transactions
Â· Instance pooling for efficient reuse of component instances by multiple clients
Â· Transparent thread-safety features to simplify the use of shared data and resources
Â· Result-set support to enable efficient retrieval of tabular data in client applications
Â· Declarative, role-based security to restrict client connections and the components that can be invoked by a specific client session
PowerDynamo, part of EAServer, provides the tools necessary to build, manage, and access a Web site containing both static HTML and dynamic, data-driven content. At the heart of PowerDynamo is the PowerDynamo application server, which acts as an intermediary between the Web server and the database. The application server processes embedded instructions (such as SQL statements and scripts), formats the resulting output as HTML, and sends the output together with static HTML to the Web server. Because PowerDynamo places no software requirements on the client computer, applications built with PowerDynamo have a thin-client interface.
With PowerDynamo, you can:
Â· Build templates, SQL statements, and scripts for Web pages using wizards
Â· Modify the source for your Web pages using a syntax-highlighting editor
Â· Write scripts in DynaScript, designed specifically for server-side scripting with the PowerDynamo application server
Â· Store a Web site within a database and manage the resources associated with the site in Sybase Central
Â· Use SQL Remote(TM) replication technology to replicate an entire Web site or portions of it onto a laptop computer for offline access
Â· Use the PowerDynamo Personal Web Server to test Web sites locally and to provide offline access
Â· Configure a third-party Web server to work with the PowerDynamo application server
The Application Integrator, part of EAServer, allows a Jaguar server to access business logic in existing mainframe CICS applications and Adaptive Server stored procedures. The Application Integrator includes two products:
Â· Application Integrator for CICS
Â· Application Integrator for Stored Procedures
Application Integrator for CICS
With Application Integrator for CICS, you can provide easy access to mainframe applications and data. Application Integrator for CICS allows you to create and deploy Jaguar components that act as wrappers for CICS programs written in COBOL.
Application Integrator for CICS can run either without a gateway or with a gateway using DirectConnect(TM) for MVS and DirectConnect Transaction Router Service (TRS).
Application Integrator for Stored Procedures
With Application Integrator for Stored Procedures, you can provide easy access to business logic in Adaptive Server stored procedures. Application Integrator for Stored Procedures allows you to create and deploy Jaguar components that act as wrappers for existing stored procedures.
To access stored procedures in different databases, Application Integrator for Stored Procedures can use a variety of Java Database Connectivity (JDBC) drivers. For example, to access data from a Sybase data source such as Adaptive Server Anywhere (ASA), Application Integrator for Stored Procedures uses jConnect, which is the Sybase JDBC driver.
Adaptive Server Anywhere
EAServer also includes Adaptive Server Anywhere, a full-featured, transaction-processing database management system. It has excellent performance while requiring fewer resources (memory, disk space, and CPU cycles) than other DBMSs.
Adaptive Server Anywhere can be used as a standalone DBMS or as a network database server in a client/server environment
Database Servers for e-Business
To achieve the benefits of e-Business computing, the database servers that manage the information and transactions at the core of these systems must evolve to meet the new challenges of e-Business systems.
Early criteria for how a DBMS should evolve to support e-Business include many things such as performance, high availability, online maintenance, and remote administration. Many of these requirements stem from the mission-critical nature of e-Business systems to satisfy user demands for around-the-clock, year-round operations. Sybase ASE has long met these challenges, having been designed from the ground-up to support the needs of mission-critical computing.
Other criteria began to evolve as early e-Business systems were launched. These included providing more support for the application programmer, struggling to move application logic from the client platform, now replaced by a lightweight browser, into an application server. The language native to most application servers was Java, and the emerging standard for communicating data between applications was XML.
First-generation solutions to integrate traditional relational database managers with the needs of e-Business application developers were accomplished by creating front-end support for Java and e-Business data. At their heart, these systems were still traditional relational database managers with external calls to Java sub-programs and, for the most part, converted e-Business data, like XML, into relational tables. Application developers needed to create a great deal of custom code to handle XML and even more code to marry powerful Java language techniques to the database server. New issues for database servers, such as handling the rapidly changing workloads of e-Business applications and the need for security, were barely addressed. Usually, the only answer to fluctuating workload was to buy more expensive hardware to support the database sever. Data security was often left to the application developer to solve.
The next generation of e-Business database servers must do more. They must:
- reduce the burden on application developers and integrators by handling new forms and data and advanced programming techniques
- control costs by dynamically handling changing workloads
- ensure user privacy by providing robust data security
An advanced database server must handle e-Business data such as XML with the same dexterity that they handle relational data. They must fully embrace component-based development such as Enterprise JavaBeansÂ® (EJB) in order to fully marry the potential of the Java development environment to the transactional power and storage capabilities of the relational database.
High performance is another area where notions of the data manager need to be refined. Too often, high performance means only high transaction throughput - usually measured by transaction-oriented benchmarks. The interactions of larger numbers of users, complex applications and systems, and the distribution of work across many different kinds of servers have significantly changed the dynamics of achieving high performance. High performance with respect to transactional throughput is still important, but now there is the need for dynamic performance. Dynamic performance means that the database server can respond quickly and gracefully to changing load conditions. In the e-Business environment, demand doesn't remain nearly as constant as in traditional, client-server environments. Events like new product releases, new Web site features, and new applications coming online can suddenly increase system demand. With vastly increased user populations either directly or indirectly making demands of the data manager, database management systems need to be more flexible and dynamic than ever before. Advanced features for ensuring that the system can be adjusted in real-time without down-time are key to supporting the next wave of e-Business demands.
A third e-Business data manager frontier is security. This is a natural outcome of increased number of users relying on the data manager to store information and transactions. Users are becoming increasingly sensitive to the protection of personal information, whether they are personnel records at work, patient records of a healthcare provider, or personal financial data such as salary and credit information. The next wave of e-Business data managers must provide protection at the data-server level.
Innovating for Intelligent e-Business
Sybase ASE takes the lead in delivering on the next wave of requirements for the e-Business data management system. It delivers on three critical areas of e-Business functionality:
- advanced data management
- superior dynamic performance
- tighter security
Sybase ASE's advanced data management features ensure that developers can bring their applications online sooner, with less maintenance and greater performance. With superior dynamic performance characteristics, ASE ensures the availability of systems despite unpredictable workloads. ASE's tighter security features ensure that private data remains private, guarded at the data-server level.
Advanced Data Management
ASE's advanced data management features provide significant new support in three areas:
- advanced XML management
- advanced Java support
- advanced file system integration
The XML manager within ASE goes far beyond the capabilities of conventional database management systems, which use external parsers or load XML data directly into the database as a lump of undigested text. ASE's XML manager stores XML in a structured format and provides smart indexes that make XML management faster and more convenient. Unlike systems that require the XML to be parsed and "flattened" into relational tables, Sybase ASE retains the whole XML document. As XML documents are used more and more to serve as documents of record, it is critical that data managers do not unintentionally eliminate portions of the original XML document, especially since its format may have been extended.
Sybase ASE's XML management solution ensures that developers need not write fixed parsers. Because ASE stores the whole document in a structured and indexed form, additional code is not required for picking apart XML documents to retrieve data for applications. Instead developers can write a structured query using XQL to access those parts of the XML document they need, regardless of how the original XML documents may be extended. This eliminates having to constantly revise parsers to keep up with new extensions to XML formats. The ability to manage large quantities of XML information, independent of the structure of the information contained in the XML documents, makes ASE an ideal hub for retaining XML business data.
For example, a printing business might communicate with its suppliers using XML messages. Purchase orders for paper and ink might be transmitted by XML and invoices sent in the same way. Quickly, the need for phone orders and re-typing of invoice and purchase information can be eliminated as this data can be directly fed to the ledger and payment systems. With ASE, the original XML documents are always safe, so should a matter of dispute arise, the whole document (with appropriate electronic signatures) would be available.
Equally important to e-Business applications as the management of XML data, ASE provides advanced support for Java, the development language for much of e-Business. Unlike other solutions that depend on external components to translate Java-based programs, functions, and data into the database, ASE fully embraces Java at its core. It incorporates a Java Virtual Machine (a portal mechanism that executes Java programs regardless of host platform) in the database itself. This ensures consistent execution of mission-critical Java from within the data manager.
Sybase ASE's Java support also features an advanced execution engine for EJB's. This will allow developers to use component-based development techniques to smoothly integrate application functionality between the data, application, and Web server. The result is higher performance for data-centric components, for they are deployed within ASE rather than in an external software engine.
By placing EJB's in the database, Web-publishing performance can be improved. For example, an in-house sales reporting system hosted on an application server needs to publish on-demand regional sales reports.
The requests are entered by sales managers connecting via a browser, which in turn is contacting a Web server at the company headquarters. Without EJB support in the database, sorting and filtering the sales data in the application server would require making multiple queries of the database and generating additional network overhead. If database-hosted EJB's are used, the application server need only request the information from the database EJB and the work is processed on the database server. Since the execution of the database hosted EJB is performed in the database, the transaction is executed more quickly with less overhead.
A third technology in ASE that enhances the management and integration of e-Business data is file system integration that allows ASE to handle data in external files from within the database. Unlike some systems that require the files to actually become part of the database, ASE allows the files to remain part of the normal file system. Developers can therefore speedily bridge information access between DBMS-hosted applications and applications that quickly create and access operating system files.
Dynamic performance management is crucial to handling e-Business workloads in a cost-effective manner. Without dynamic performance management, businesses are often faced with choosing between two unsatisfying solutions to database server performance. The first choice would be to buy a hardware platform with lots of excess capacity so that tuning and other alterations of the database server become unnecessary. This is both costly and wasteful of hardware resources. The second choice would be to frequently reboot the database server in order to re-tune it to changing workloads. The problem with this approach is that re-booting the server can take the system out of action for several minutes each time an adjustment needs to be made - which is not at all acceptable in the fast-paced, always available world of e-Business. Fortunately, ASE provides an alternative. In comparison with other data management solutions, ASE features superior dynamic performance management to allow the database server to easily be tuned. Sybase ASE's advanced architecture allows system DBAs to make adjustments to the database without requiring the database to be rebooted, so adjustments can be made without interrupting operations. For an e-Business that is operating world-wide and around-the-clock, this is critical. Without the ability to maintain the data management system online, a network based e-Businesses is like a retail store with its doors locked.
With the far-reaching access to public networks that many e-Business systems employ, security becomes a greater issue. The more data that is aggregated in the database server, and the more paths of access to that server, the more tempting the target base. Sybase ASE's security features protect data from wiretaps, accidental disclosure, and outright prying in the e-Business environment. In addition to the strong GRANT/REVOKE mechanisms for controlling access to specific data tables, ASE now features a powerful mechanism for securing information to the individual record (row-based security). To keep data from being disclosed, misdirected, or intercepted during communication, ASE has built-in encryption between the users and business processes accessing information and the data server housing the information.
Sybase ASE's row-level security mechanism allows DBAs and system security officers to create mandatory rules on how data is accessed in the database. These rules can be expressed in terms of the data itself and related to the identity of the user. They can even incorporate relations to data in other tables. User credentials are established once per session at login, controlling excessive overhead for implementing security. Rules can be as simple as tagging rows with a label indicating the sensitivity and tagging the users with clearance levels. More intricate rules might establish that managers can see only the employee records in their own department.
A simple example of this powerful mechanism would be data control between a reseller and its suppliers. The reseller maintains a master catalog of all the products it resells. Through a Web portal, suppliers can propose new items to be added to the catalog or modify the information on existing items. To ensure the integrity of the master catalog, it is very important that each supplier can modify only their part of the master catalog. Since some suppliers offer similar products, it is also very important that they cannot see the wholesale price they're offering the reseller.
This problem is easily solved with row-based security. When a reseller user logs in, a trigger sets the privileges so that they are associated with that specific reseller. A security-rule on the reseller's name in each row ensures that the user can only see and modify their own rows. Since the rule is enforced at the database level, it ensures that regardless of how the database is accessed (i.e. Web portal, user application, or direct access to the DBMS), each user representing a supplier can access only his or her information.
Sybase ASE also implements link-based encryption using industry standard Secure Sockets Layer (SSL) and PKI certificates (the same technologies used in today's Web browsers). This technology is virtually invisible to users and developers because it is embedded in ASE's network interfaces. Users can log in as they normally do, and their entire interaction with the database is encrypted automatically while in transit. This ensures that sensitive data, either on the public Internet or circulating through an internal corporate network, is not accidentally intercepted before it reaches its intended receiver.
The world of e-Business computing, with its broad-reaching networks, large user populations, and complex mix of platforms, systems, and data types offers rich new areas of business opportunity. Network-based computing models that allow business information to be easily shared beyond the physical location of the business itself offers many efficiencies through self-service and B2B applications. Vast markets reaching beyond a business's traditional marketplace are opened up through the Internet.
These advantages are not obtained without challenges, however. Database servers must evolve beyond the mission-critical needs that client-server technology addressed, and expand the role of interoperation with Web and application servers begun with the first generation of "Internet-ready" databases. The database server of today must deliver advanced management of e-Business data, dynamic performance, and robust security as now offered by Sybase Adaptive Server Enterprise.