APUG March 2010

APUG March 2010

Progress OpenEdge 10.2B

Noel ShannonSenior Solutions Consultant

© 2009 Progress Software Corporation2

Agenda

Flavour of the Month?

Key 10.2B Features

Your Call to Action

© 2009 Progress Software Corporation

The CLOUD – duh daaaaah!

3



7 Keys to Success:Software as a Service

•Going from 1 to NMulti-tenancy

•Ensuring that data and applications are accessed only by those who need to know

Security & Compliance

•Being able to easily use the UI technologies that meet the needs of the customerUser Interface

Flexibility•Ensuring the application looks like the tenant and

end-user wantPersonalization

•Ability to easily integrate to any other application by supporting all relevant standards

Integration

•Always available and scales to any sizeOperational Excellence

•Provide a highly productive environment focused on OpenEdge and industry best practices

Productivity


OpenEdge 10.2B Key Goals

Security and Compliance• Respond to customer demand for data privacy in the OpenEdge

database with new product – Transparent Data Encryption (TDE)

Operational Excellence• Actional monitoring of OpenEdge resources• Alternate database buffer pool

Productivity• OpenEdge Architect enhancements• Improved 3rd party user interface controls• ProDataSets to/from JSON for Ajax UI development


Security & Compliance:Data Encryption – Who Needs It?

Regulatory Requirement• Payment Card Industry (PCI)• Health Insurance Portability and Accountability Act (HIPAA)• etc.

“Must Have” Conformance to do Business What’s Reality?

• Maintaining data security across the entire data lifecycle (including backups and data dumps) is hard

• Not everyone has added it to their applications yet• Lots of hand-coded cryptography in applications• Regulations change over time – not static


OpenEdge Transparent Data Encryption

Protects Data in Database Tables & Indexes (block-level)• Type I storage areas in their entirety • Type II storage areas – on a per-table and per-index basis

Full Protection Throughout the Data Lifecycle• On disk, backups, binary dumps

Industry standard cipher algorithms- AES, DES, triple DES, etc.

Secure, Separate Encryption Key “Store”

Clear-Text Access for Authenticated Clients• No performance degradation for

in-memory operations


OpenEdge Transparent Data Encryption (TDE)

9

plain text

EncryptShared Memory

Buffer Pool(plain text block)

Database Storage Engine

Product Install Key store• Database Master Key (DMK)• DMK Admin/User Passphrase• Manual/Automatic Authentication

Encryption Policy Area• Encryption Policies - What (object) & how (cipher)

Read I/O

Write I/O

How Does It Work?

Key store

Database

Policies

Keys

Decrypt

&

PolicyArea

Encrypted Data


OpenEdge Transparent Data Encryption (TDE)

How Does It Work?

10

plain text

EncryptShared Memory

Buffer Pool(plain text block)

Product InstallRead I/O

Write I/OKey store

PolicyArea

Database

Policies

Keys

Decrypt

&

Database Storage Engine

Key store• Database Master Key (DMK)• DMK Admin/User Passphrase• Manual/Automatic Authentication

Encryption Policy Area• Encryption Policies - What (object) & how (cipher)

Encrypted Data


Why Use OpenEdge Transparent Data Encryption?

Gives You Control Over Who Can Access Private Data• Works regardless of who has a copy of the data or where the

data resides Easy To Implement Low Cost Solution Configurable Transparent

• No need to change your OpenEdge application, database design, or data


Thing 3: Encryption Policies

Policy Contents• Object to encrypt

- Table, Index, Lob (Type II storage areas)- Area (Type I storage area)- AI and BI recovery

• Cipher – algorithm & key size Secure (Key store administrator & DB administrator)

• Stored in “Encryption Policy Area”• User prevented from direct record access

Policy Maintenance• Add, remove, alter (cipher, key) online• Epolicy tool, OpenEdge SQL, Data Admin tool

12

Describes What And How To Encrypt


Cipher Choice

Governance Business rules Your choice, your responsibility - balance strength &

performance

13

RC4-128

AES-128

AES-192

AES-256

DES-56

DES3-168

Security Strength 0 – no encryption

DES-PBE

10

10

RC4-128

AES-128

AES-192

AES-256

DES-56/PBE

DES3-168

Performance Cost

0 – no encryption

*Graphical data is relative

How do I decide?

http://localhost:4041/lgagent


Policy Maintenance

Three ways to add policy• Proutil epolicy tool• Data Administration Tool

- Disabled remotely

Type II “PUB” schema only• Type II “PUB” schema only• Multi select UI• Local access only• Admin Security

Encryption PoliciesEdit Encryption

Policies . . .

14


Performance Considerations

15


Performance Considerations Encryption

Maximize the buffer pool hit-rate• Increase -B• Consider using an Alternate Buffer Pool (-B2)

Normalize data to encrypt• Separate private and non private data• Read Codd

Isolate data to encrypt• Use Type II storage areas (object level)• Encrypt only necessary indexes

Carefully choose cipher (algorithm + key size)• Balance security and performance

16


Operational Excellence in 10.2B

Actional Interceptors for OpenEdge • Ensure the success of every important business transaction• Interceptors for AppServer, AppServer Internet Adapter, Sonic

Adapters, WebSpeed, Web Services, Batch Client• No application changes required

17

Always available and scales to any size




Productivity in 10.2B

JSON (Java Script Notation) Support• Similar to XML• Makes it easier to develop an Ajax UI, with built-in features for

going to and from ProDataSets

20

Provide a highly productive environment


The Battleground? AJAX - asynchronous JavaScript and XML

http://en.wikipedia.org/wiki/Asynchronous_I/O

http://en.wikipedia.org/wiki/JavaScript

http://en.wikipedia.org/wiki/XML


{"dsCustOrd": {"ttCustomer": [{"CustNum":1,"Name":"Lift Tours","Balance":55000.0}, {"CustNum":3,"Name":"Hoops","Balance":23500.0}, {"CustNum":17,"Name":"Acme Sports Widgets","Balance":10.0}, {"CustNum":17,"Name":"Acme Sports Widgets","Balance":10.0}, {"CustNum":17,"Name":"Acme Sports Widgets","Balance":10.0}],"ttOrder": [{"OrderNum":100,"CustNum":1,"OrderDate":"2009―01―12"}, {"OrderNum":101,"CustNum":1,"OrderDate":"2009―01―12"}, {"OrderNum":250,"CustNum":3,"OrderDate":"2009―01―07"}, {"OrderNum":251,"CustNum":3,"OrderDate":"2009―01―07"}, {"OrderNum":500,"CustNum":17,"OrderDate":"2009―06―23"}, {"OrderNum":501,"CustNum":17,"OrderDate":"2009―06―23"}, {"OrderNum":501,"CustNum":17,"OrderDate":"2009―06―23"}, {"OrderNum":501,"CustNum":17,"OrderDate":"2009―06―23"}, {"OrderNum":501,"CustNum":17,"OrderDate":"2009―06―23"}, {"OrderNum":501,"CustNum":17,"OrderDate":"2009―06―23"}, {"OrderNum":501,"CustNum":17,"OrderDate":"2009―06―23"}]}}

<dsCustOrd><ttCustomer><Row><CustNum>1</CustNum><Name>Lift Tours</Name><Balance>55000.0</Balance></Row><Row><CustNum>3</CustNum><Name>Hoops</Name><Balance>23500.0</Balance></Row><Row><CustNum>17</CustNum><Name>Acme Sports Widgets</Name><Balance>10.0</Balance></Row><Row><CustNum>17</CustNum><Name>Acme Sports Widgets</Name><Balance>10.0</Balance></Row><Row><CustNum>17</CustNum><Name>Acme Sports Widgets</Name><Balance>10.0</Balance></Row></ttCustomer><ttOrder><Row><OrderNum>100</OrderNum><CustNum>1</CustNum><OrderDate>2009―01―12</OrderDate></Row><Row><OrderNum>101</OrderNum><CustNum>1</CustNum><OrderDate>2009―01―12</OrderDate></Row><Row><OrderNum>250</OrderNum><CustNum>3</CustNum><OrderDate>2009―01―07</OrderDate></Row><Row><OrderNum>251</OrderNum><CustNum>3</CustNum><OrderDate>2009―01―07</OrderDate></Row><Row><OrderNum>500</OrderNum><CustNum>17</CustNum><OrderDate>2009―06―23</OrderDate></Row><Row><OrderNum>501</OrderNum><CustNum>17</CustNum><OrderDate>2009―06―23</OrderDate></Row><Row><OrderNum>501</OrderNum><CustNum>17</CustNum><OrderDate>2009―06―23</OrderDate></Row><Row><OrderNum>501</OrderNum><CustNum>17</CustNum><OrderDate>2009―06―23</OrderDate></Row><Row><OrderNum>501</OrderNum><CustNum>17</CustNum><OrderDate>2009―06―23</OrderDate></Row><Row><OrderNum>501</OrderNum><CustNum>17</CustNum><OrderDate>2009―06―23</OrderDate></Row><Row><OrderNum>501</OrderNum><CustNum>17</CustNum><OrderDate>2009―06―23</OrderDate></Row></ttOrder></dsCustOrd>

Data – XML vs. JSON


WRITE-JSON() Method Syntax

WRITE-JSON ( mode, { file | stream | stream-handle | memptr | longchar } [, formatted [, encoding [, omit-initial-values ] ] ] )

WRITE-XML ( mode, { file | stream | stream-handle | memptr} [, formatted [, encoding [, schema-location [, write-xmlschema [, min-xmlschema [, write-before-image [, omit-initial-values ..])


WRITE-JSON() Method Syntax

Mode Expression that specifies the target for the JSON string

Formatted (Default is FALSE)• If TRUE then formats JSON - Nicely

Encoding (Default is UTF-8) "UTF-8", "UTF16", "UTF-16BE", "UTF-16LE", "UTF-32",

"UTF-32BE", "UTF-32LE" Omit-initial-values (Default is FALSE)

If TRUE then fields set to initial/default values are excluded

WRITE-JSON ( mode, { file | stream | stream-handle | memptr | longchar } [, formatted [, encoding [, omit-initial-values ] ] ] )


Example WRITE-JSON MethodFor a Static Temp-table

DEFINE VARIABLE cTargetType AS CHARACTER NO-UNDO.DEFINE VARIABLE cFile AS CHARACTER NO-UNDO.DEFINE VARIABLE lFormatted AS LOGICAL NO-UNDO.DEFINE VARIABLE retOK AS LOGICAL NO-UNDO.DEFINE TEMP-TABLE ttCust NO-UNDO LIKE Customer.

ASSIGN cTargetType = "file” cFile = "ttCust.json” lFormatted = TRUE.retOK = ttCust:WRITE-JSON(cTargetType, cFile, lFormatted). /* mode file formatted */Result: { "ttcust": [ ]}


Example of Temp-table Serialized into JSON

DEFINE TEMP-TABLE ttCustomer NO-UNDO FIELD CustNum AS INTEGER SERIALIZE-NAME "ID" FIELD Name AS CHARACTER EXTENT 3 FIELD Balance AS DECIMAL INDEX CustNumIdx IS UNIQUE PRIMARY CustNum.

{"ttCustomer": [ {"ID": 1, "Name": ["L","Frank","Baum"], "Balance": 55000.0}, {"ID": 3, "Name": ["Alfred","E","Newman"], "Balance": 23500.0}]}

ttCustomer:WRITE-JSON(cTargetType, cFile, lFormatted).


WRITE-JSON/WRITE-XML Size and Speed – an unscientific guide

FORMATTED ?

MODE JSON TIME*(ms)

XML TIME*(ms)

JSON SIZE

XML SIZE

% XMLTIME

%XML SIZE

TRUE FILE 2561 2766 189 213 92% 89%

FALSE FILE 2697 2830 115 172 95% 67%

TRUE Memptr 1298 1415 92%

FALSE Memptr 1356 1469 92%

* Time is the average for 100 iterations of the WRITE-* operation


Read-JSON() method

READ-JSON ( source-type, { file | memptr | handle | longchar } [, read-mode ] )

READ-XML ( source-type, { file | memptr | handle | longchar } [, read-mode [, schema-location,

override-default-mapping [, field-type-mapping [, verify-schema-mode ...])


Operational Excellence in 10.2B

Alternate Database Buffer Pool• Space in shared memory separate from the primary buffer pool• Increased performance- key data locked into memory, avoiding

slower disk reads & writes (-B2) Many Other New Features

• Stop long-running processes programmatically• WebClient install without Admin privileges

29

Always available and scales to any size


Productivity in 10.2B

OpenEdge Architect• More support to assist new users in getting started

- Links to videos and tutorials• Manage Appservers within Architect

- Change Properties- Start/Stop/ Check Status

OpenEdge GUI for .NET• Expand types of UI controls and features offered by the controls

that can be used• Update of the Infragistics 9.2 controls (resold by Progress)

30

Provide a highly productive environment


7 Keys to Success: Security & ComplianceBenefits for our Customer & Partners

Security: private data remains accessible by only authorized individuals. The encryption adheres to industry standards

Simplicity: virtually transparent to application developers• No changes to database schema, application code, or

administrative processes

Scalability: balance security risk vs. cost of encrypting data

Embedded tools: DBA uses single set of OpenEdge tools


7 Keys to Success: Operational ExcellenceBenefits for our Customers & Partners

Better oversight of the application operation

Faster! Faster! Faster!• Reduce I/O for encrypted tables• Stop long-running operations

More robust applications

Ease of WebClient deployment


7 Keys to Success: ProductivityBenefits for our Customers and Partners

Build high-quality applications faster

Increase developer productivity• AppServer, client development• Use OpenEdge in other Eclipse environments• Better language tools

Wider range of UI controls to use in my application• Access to more functionality in controls• Customizable controls

Produce data for Ajax web-based applications more easily, & quickly


10.2B Customer Feedback

"10.2B support for JSON in ABL has drastically improved the performance of our Ajax applications. It allowed us to drastically reduce CPU usage and data traffic and enables native communication with our Ajax client“

Peter van Dam, Owner, Future Proof Software

“As always what I love most about a new version, including beta’s, is you just change the executable and you’re up and running with existing code in a new OpenEdge version. You can use the new 10.2B features where needed without the need to rewrite you existing application – the migration is quick and easy”.

Carl Verbiest, Product Manager for CCE Protools, CCE NV


10.2B Customer Feedback

“T.V.H. Forklift Parts has a GUI client application connected to a stateless OpenEdge AppServer monitored by Actional.

The OpenEdge AppServer is connected to several databases with contains our primary data. The Actional monitoring is providing the business visibility into our processes and applications exactly as it should.

The Actional Monitoring of OpenEdge resources are going to be useful right away”

Jan Keirse, Software quality & Systems: Software Engineer,

TVH Forklift Parts NV


10.2B Beta Customer Feedback

How Fiserv Makes Progress - Case Study

Benefit• TDE will ensure data privacy across the entire lifecycle; maintain

competitive advantage and ability to interface with third parties by adhering to PCI DSS; increased IT performance will save time and reduce costs.

Quote• “We always try to improve our performance and get things to run faster.

We tested a fully encrypted database and there was only a 4% decrease in performance versus an unencrypted database. We tested that with alternative data pools, we actually gained back almost 2% of that initial performance degradation. We believe with additional fine tuning the performance will continue to improve.”


Your Call to Action

What can 10.2B do for you….

Solve your Security & Compliance issues?

Increase your end-to-end visibility?

Improve on your usability and performance?


Documents

APUG March 2010