EIDE Design Considerations1

EIDE Design ConsiderationsEIDE Design Considerations

Brian WrightBrian WrightPortland General ElectricPortland General Electric

EIDE Design Considerations2

Introduction Introduction

Focus on physical design, not on application development.

Planned Topics1. Hardware Configuration2. Location and Function Of Application Modules

3. Data Connectivity4. Cryptography Basics

EIDE Design Considerations3

Glossary & AcronymsGlossary & Acronyms LAN – Local Area Network

– Collection of computers within one domain, secured from outside connections. WAN – Wide Area Network

– Collection of computer domains, with security between domains. DMZ - Demilitarized Zone

– A small subnetwork that sits between a trusted internal network, such as a corporate private LAN, and an untrusted external network, such as the public Internet.

Firewall – A system designed to prevent unauthorized access to or from a private

network. Firewalls can be implemented in both hardware and software, HTTP - HyperText Transfer Protocol,

– the underlying protocol used by the World Wide Web. HTTP defines how messages are formatted and transmitted, and what actions server applications and their client applications should take in response to various commands.

EIDE Design Considerations4

Glossary & AcronymsGlossary & Acronyms

UTF - Universal Transformation Format– a method of converting Unicode characters, which are 16 bits each, into 7- or 8-

bit characters. UTF-7 converts Unicode into ASCII for transmission over 7-bit mail systems, and UTF-8 converts Unicode to 8-bit bytes.

DBMS – Database Management System– A collection of programs that enables you to store, modify, and extract

information from a database

COM – Component Object Model– A software architecture developed by Microsoft to build component-

based applications. COM objects are discrete components, each with a unique identity, which expose interfaces that allow applications and other components to access their features.

EIDE Design Considerations5

Hardware ConfigurationHardware Configuration

Simple SystemSecure SystemSecure Redundant System

EIDE Design Considerations6

Simple SystemSimple System Single LAN Server Web Listener receives

incoming requests and gives it to the receiver

Data store caches meter and schedule data to be sent or received

EIDE Receiver parses the received XML document and writes to the Data Store

EIDE Sender reads from the Data Store, builds the XML document , and sends to the external entity

The EIDE applications are where the logic is placed, related to managing request to send or receive data

Server

Internet

Data StoreEIDE

Receiver

Firewall

WebListener

EIDESender

EIDE Design Considerations7

Simple SystemSimple System

ADVANTAGES

Simple to configure Lower Hardware

Costs No special

requirements on external entities

DISADVANTAGES

Direct access from internet allowed to LAN server

No redundancy, down time can be expected for upgrades and failures

EIDE Design Considerations8

Secure SystemSecure System DMZ Server – Limited firewall protection, IP address is masked

LAN Server – High firewall protection. Generally configured to allow no direct internet connections inside

EIDE Proxy provides received application xml validation, document canonicalization and signing.

EIDE Receiver inspects signature to validate message originator

InternetFirewall

DMZFirewall

Internet

DMZ Server

EIDEProxy

WebListener

LAN Server

EIDEReceiver Data Store

EIDESender

EIDE Design Considerations9

Secure SystemSecure System

ADVANTAGES

No direct access to LAN servers from internet.

No special requirements on external entities

DISADVANTAGES

Additional Administration

No redundancy, down time can be expected for upgrades and failures

EIDE Design Considerations10

Secure Secure Redundant Redundant SystemSystem

InternetFirewall

DMZFirewall

Internet

DMZ Server

EIDEProxy

WebListener

LAN Server

EIDEReceiver

EIDESender

DMZ Server

EIDEProxy

WebListener

Content Switches

Virtual IP

LAN Server

EIDEReceiver

EIDESender

Clustered Data Server

Data Store

Content Switch

Content Switch

Virtual IP

Content switches provides load balancing and failover to the dual servers

Virtual IP address provides single address to content switches

Cross connectivity allows maintenance of servers while other node in service

Data store is now required to be shared within its own database cluster.

EIDE Design Considerations11

Data Store ClusterData Store Cluster

DBMS ServerNode 1

DBMS ServerNode 2

Heart Beat

Storage Controller

Two or more servers can be clustered together in an active-passive system.

The DBMS is defined into an application group for failover.

Storage Controller contains the disk array and are manufactured with fault tolerant features.

For fault tolerance in the disk arrays, recently they raid level 0+1 or 10

EIDE Design Considerations12

Secure Redundant SystemSecure Redundant System

ADVANTAGES

Majority of maintenance can occur while system is in operation

Fault Tolerance

DISADVANTAGES

Complexity in Administration

Additional Hardware Costs

EIDE Design Considerations13

Data ConnectivityData Connectivity

HTTP protocol works best when crossing a firewall. To assist with security, may want to use a non-standard port for crossing the DMZ to LAN firewall. http://4.5.30.209:22100/WeatherSummary.html

Primary development of content switches were to manage load balancing of server farms for the web, http

Do not have any database connectivity cross the firewall.

EIDE Design Considerations14

Data ConnectivityData ConnectivityMessaging : If using Microsoft platform use Microsoft

Message Queue (MSMQ) for cross server communications, or Java Message Service for other platforms

Raises events within application. Messages remain in queue until read or message life

expires. Allowing processing to be single threaded, avoiding collisions from multiple requests

Messages have priority, read from queue in highest priority first. Messages with same priority are read first in first out.

Messaging can be made fault tolerant. Allowing messages to be delivered even if there was a temporary outage.

MSMQ Triggers automatically associate incoming messages in a queue with functionality in a COM component or standalone .exe

EIDE Design Considerations15

Data ConnectivityData Connectivity

Messaging Usage: If EIDE Receiver is a service, it would have a no

blocking listener on a queue that EIDE proxy would write to, and send a message to the applications that they have data now available.

If EIDE Sender is a service, the application that request a transfer externally would write the data to the data store and send a message to EIDE Sender to perform a transfer.

If willing to forgo the persistent cache provided by the data store, the messages could contain the data.

Many object oriented languages have the ability to serialize an object. This serialize object would be the payload of a message.

EIDE Design Considerations16

Cryptography BasicsCryptography Basics

Encryption/DecryptionSymmetric vs AsymmetricXML CanonicalizationSigning

EIDE Design Considerations17

Cryptography Basics Cryptography Basics Encryption/DecryptionEncryption/Decryption

P: Plain TextC: Cypher TextK: KeyF: Encryption Algorithm (DES, RSA)

Encryption F(P,K) = CDecryption F(C, K) = P

EIDE Design Considerations18

Cryptography Basics Cryptography Basics Symmetric vs AsymmetricSymmetric vs Asymmetric

SYMMETRIC

Same key uses for encryption and decryption.

Key must be known by both parties

Relative inexpensive in resource utilization

ASYMMETRIC

Encryption by private key

Decryption by public key

Sender is owner of keys

Expensive in resource utilization

EIDE Design Considerations19

Cryptography Basics Cryptography Basics XML CanonicalizationXML Canonicalization

Two XML messages can be formatted differently but contain the same information. Canonicalization reformats them identically.

Whitespace normalized<ScheduleType/> becomes

<ScheduleType></ScheduleType>Attributed values delimited by double quotesUTF encoding

EIDE Design Considerations20

Cryptographic BasicsCryptographic BasicsSigning (Digital Signature)Signing (Digital Signature)

Process validates that data has not been tampered and the data is from the sender.

Sender Plain Text canonicalized and hashed to fix length string Hash encrypted using private key producing the signature Send plain text and signatureReceiver Plain Text canonicalized and hashed to fix length string Request Public key from sender Decrypts signature and compares hash values

EIDE Design Considerations21

DiscussionDiscussion

One of many designsNot specific to a technology or operating

systemWeb ServicesNT Services or Unix DaemonsTriggers

EIDE Design Considerations22

QUESTIONS?QUESTIONS?