IT System for CIMSS, IISc
Download
Report
Transcript IT System for CIMSS, IISc
IT System for CIMSS, IISc
• By the IT Subcommittee of the CIMSS Project
–
–
–
–
–
–
Jayant Haritsa (SERC)
R. Krishnamurthy (SERC)
Anurag Kumar (ECE, Convener)
V. Kumaran (Chem. Engg.)
Y.N. Srikanth (CSA)
V. Vinay (CSA)
September 1, 1998
IT System for CIMSS, IISc
1
IT System Functions
• System users
– faculty, admin officers, and case workers
• Document preparation, movement, storage, access and
manipulation
• Implementation of office workflow
– e.g., indent “flows” from faculty to chairman to purchase to
audit,…etc.
– authentication, annotation, and signatures at each step
– tracking of workflows
• The “IT System” is the platform on which these functions
are implemented
September 1, 1998
IT System for CIMSS, IISc
2
Design Considerations
• Client independence
– variety of hardware and operating systems on campus
– system should not be client dependent
• Difficult to maintain security and integrity of multiple
servers in multiple locations
– power supply, air-conditioning, cleanliness, etc.
• Work should not actually flow to the clients
– messy to recover from client crash
– harder to track status of work
• Aim for completely paperless system
September 1, 1998
IT System for CIMSS, IISc
3
Design Decisions
• Web based client server interaction
– clients only need a web browser
– plug -ins needed for digital signatures, and document upload
• Central server
– with redundant hardware and storage
– in a well prepared site
• All data and work-in-progress resides in data-base in
central server
– workflow implemented by manipulating references to the
documents
September 1, 1998
IT System for CIMSS, IISc
4
CIMSS Network Architecture
CIMSS central server
Server LAN
Typical admin workstation
Server LAN
firewall
Scanner
and
fax modem
client
Admin LAN
Typical dept. LAN
IT System for CIMSS, IISc
Scanner
and
fax modem
September 1, 1998
client
Campus network backbone
(optical fibre)
5
CIMSS Central Server
Off-the-shelf
proprietary
Programmable/configurable
application software
Server machine
Web server
with security
features
Workflow
software
and database
Secure socket management
layer
Standard
system
UNIX
TCP/IP
system
UNIX operating system
CIMSS server LAN
to/from campus LAN
September 1, 1998
IT System for CIMSS, IISc
6
Virtual Workflow
CIMSS
central
server
Faculty member
Work does not
“flow” between
server and clients;
only references change
in data-base
Admin officer
Case worker
September 1, 1998
IT System for CIMSS, IISc
7
Layers of Security
client
central server
web browser
with
authentication
plugin
secure socket
layer
digital signatures
authenticated login; secret key
session security, with key aging
blocks
unauthorised
packets
secure socket
layer
firewall
campus network
September 1, 1998
web server
with public key
certificate server
IT System for CIMSS, IISc
fingerprint-based
security for
console access
8
Product Selection (Hardware)
• Central CIMSS server
– SUN Ultra Sparc 450, with Solaris (UNIX)
– redundant disk drives (RAID)
– redundant power supply, ethernet controller, disk controller
• Firewall
– Cisco PIX
– proprietary hardware and operating system
– high performance
• Clients
– PCs with Windows 95/98, NT
– PCs with Linux
– Standard UNIX workstations
September 1, 1998
IT System for CIMSS, IISc
9
Product Selection (Software)
• Data base system
– ORACLE enterprise server
• Workflow definition software
– ORACLE workflow
• Web server
– NETSCAPE
• Public key server (Certification Authority)
– included in the NETSCAPE server
• Client web browser
– Netscape or (MS) Internet Explorer
September 1, 1998
IT System for CIMSS, IISc
10
Application Development
• Server software
– implementation of workflows
– development of forms and interfaces
• Client software
– browser plug-ins for supporting:
• digital signatures
• upload of scanned documents (e.g., quotations)
September 1, 1998
IT System for CIMSS, IISc
11
Some Implementation Concerns
• Central server location
– stable power supply
– prevention of fire, dampness, lightning strike, etc.
• Data back-up
– back-up copies should be stored in separate site
• Security and authentication
– at present only 40-bit security available, owing to US export
restrictions
– this should be upgraded as and when available
– key-aging, within sessions, is an interim solution
September 1, 1998
IT System for CIMSS, IISc
12
Vendor Selection
• First round of vendor proposals
–
–
–
–
–
–
Tata Consultancy Services
CMC
Planetasia
Faculties India
Tata Infotech
Logic Point
• Short list; second round
– Planetasia
– Tata Infotech
• Final negotiations are under way with
– Tata Infotech
September 1, 1998
IT System for CIMSS, IISc
13