MPCC Architecture Review

MPCC Architecture Review

January 2008

2

Background

• This review is being driven on behalf of the market to ensure that the MPCC architecture is maintained at the highest possible level.

• The Goals for this exercise are to:i. Help suppliers understand the current MPCC systems / technical

architecture

ii. Highlight the limitations of this architecture

iii. Get feedback from Market Participants

iv. Identify business requirements

v. Agree on the next steps

3

End to end view from Market Hub to MPCC

Firewall

SMIMEHTTP / SSL

TCP

IP

Physical

Data Link

Network

Transport

Session

XMLPresentation

WebForms

SuppliersApache Server

Firewall

RosettaNet RosettaNet

MRSOFTP

SAP ISU

Router

ESB BackEnd Systems

MarketHub

XML File

PC

Mainframe

Router

XMLMessaging formatused between ESBand other participants

WebForms

Firewall

XML File

HTTP is a request/response protocolbetween clients andservers

Secure Sockets Layer(SSL), are cryptographicprotocols which providesecure communicationson the Internet

ORACLERelationalDatabase

CGICommon Gateway Interface (CGI) isa standard protocol for interfacingexternal application software with aninformation server

GeoTrustDigital certificateprovider of SSLand SMIME certs

RossettaNetis based on XML and definesmessage guidelines, businessprocesses interface andimplementation frameworks forinteractions between companies

Ro

ssettaNet

Fram

ewo

rk

TCP/IPThe Internet protocol suite thatprovides the set of communicationsprotocols that implements theprotocol stack on which the Internetand many commercial networks run

XML Messagingformat used betweenESB and MarketParticipants

Oracle 9i

S/MIME (Secure /Multipurpose InternetMail Extensions) is astandard for public keyencryption and signingof e-mail encapsulatedin MIME.

PKIpublic key infrastructure (PKI) is anarrangement that provides for trustedthird party vetting of, and vouchingfor, user identities

IE 5.0Internet Explorer

MPCC

IISInternetInformationServices

Batch eWayIntelligent Routing

WebFormsWebForms will be used by the MPs to create/amend andview market messages. The data entered in the Web-Forms is converted into Market XML messages (MIMs)and stored for further transmission. The webformsmarket message creation is only appropriate for smallMP's and/or infrequent transactions

Java AppletsJava applets are used toimplement the upload/downloadrequests so the WebServer.The applets use Http POST tosend XML messages to theOnRamp Package

Digital Certificates Each MarketParticipant will have to providetwo digital certificates:

S/MIME certificate - 1024 bitSSL Webserver Certificate1024 bit for 128 bit SSL

OnRamp(Windows 2000 or NT 4.0, MS Access 97, NT4.0, Internet Explorer 5.0) The On-Ramp solutionoperating system must be Windows 2000 ServicePack 2, or NT 4.0 Service Pack 6a (or above). Inaddition Microsoft Internet Explorer version 5.0 orabove and MS Access 97 or above are required

4

Current Architecture – Communications LinkTechnical Architecture• Communications protocol stack is

in line with industry standards• TCP/IP is the standard comms

stack for communication over the internet

• SMIME and SSL (transport encryption) provide secure encryption of the Message and its contents as it travels over the internet

• PKI is used for vetting 3rd Parties• XML used for packaging data

Minor Limitations• Need to upgrade version of SSL• Need to investigate the usefulness

of PKI as MODSSL is performing a similar function

Firewall

SMIMEHTTP / SSL

TCP

IP

Physical

Data Link

Network

Transport

Session

XMLPresentation

SuppliersApache Server

Firewall

RosettaNet RosettaNet

HTTP is a request/response protocolbetween clients andservers

Secure Sockets Layer(SSL), are cryptographicprotocols which providesecure communicationson the Internet

GeoTrustDigital certificateprovider of SSLand SMIME certs

RossettaNetis based on XML and definesmessage guidelines, businessprocesses interface andimplementation frameworks forinteractions between companies

Ro

ss

etta

Ne

tF

ram

ew

ork

TCP/IPThe Internet protocol suitethat provides the set ofcommunications protocolsthat implements the protocolstack on which the Internetand many commercialnetworks run

XML Messagingformat used betweenESB and MarketParticipants

S/MIME (Secure /Multipurpose InternetMail Extensions) is astandard for public keyencryption and signingof e-mail encapsulatedin MIME.

PKIpublic key infrastructure (PKI) is anarrangement that provides for trustedthird party vetting of, and vouchingfor, user identities

MPCC

5

Current Architecture - Suppliers MPCCTechnical Architecture• CGI is used for interfacing to external

applications• OnRamp is used for unwrapping and

date time stamping messages• Webforms is used to create and

amend market messages

Limitations• Access 97 is not a suitable database

(not secure and unsupported)• Windows 2000 is not secure enough• IE 5.0 is not suitable for new

encryption technologies• CGI is inefficient at processing data• Software upgrades involves

distribution of CDs.

WebForms

SuppliersApache Server

XML File

PC

Mainframe

Router

WebForms

Firewall

XML File

CGICommon Gateway Interface (CGI) isa standard protocol for interfacingexternal application software with aninformation server

MS Access 97Desktop databaseapplication

IE 5.0Internet Explorer

IE 5.0Internet Explorer

Batch eWayIntelligent Routing

WebFormsWebFormsdeveloped in Java

Java AppletsJava applets areused to implementthe upload/ downloadrequests so theWebServer.

Windows 2000Microsoft Operatingsystem

XMLMessaging formatused between ESBand other participantsMPCC

6

Business IssuesMarket Participants• MPCC provides no new functionality• Message logs need to be regularly maintained• Limited visibility of message throughput ESB Networks• ESBN have recently adopted SAP’s application integration

platform and more specifically SAP XI (an XML based message broker) for their SEM and future internal needs.

• SeeBeyond OnRamp expertise will gradually become more limitedwithin ESBN

Regulatory• New design could facilitate new market entrants• Opportunity to design a single market gateway.• Opportunity for one supplier to provide IT services for

another.

7

Technical Issues

• Current software has a maximum shelf life of 3 to 5 years• Significant parts of the technical architecture are

unsupported– Access 97 is not a suitable database (not secure and

unsupported)– Windows 2000 is not secure enough– IE 5.0 is not suitable for new encryption technologies– CGI is inefficient at processing data

• Software upgrades involve the distribution installation of CDs.

• There is a licensing overhead which may be removed through the use of open source software

8

Other Business Issues ?

9

Business Requirements ?

10

Assumptions

• Any new MP messaging component to be developed via a third party contract i.e. not directly by ESB Networks resources.

• The favoured option should be that of a common MP messaging component as it would facilitate:– Testing– Integration

• Open source software should be used

11

Next Steps

• Provide a migration path

• Get feedback from Market Participants on:– Business needs based on evidence from their

experience of the current MPCC– Their preferences for development strategy