Approach to Unified Mobile Application Implementation For Multisystem Integration

Approach to Unified Mobile Application Implementation For Multisystem Integration

Executive Summary

Enterprise mobility is rapidly changing the way businesses/ enterprises are interacting and sharing critical information with customers, employees and partners. With the proliferation of isolated enterprise mobile applications, enterprises are realizing the need of a single mobile solution integrated with multiple legacy Enterprise Resource Planning (ERP), Customer Relationship Management (CRM) and other cloud-based systems to avoid maintenance complexity and ensure synchronicity. Enterprise mobility is now evolving with a new trend of providing one stop customized mobile solution integrating different legacy systems i.e. a single mobile app can talk to different ERP, CRM, and Microsoft (MS) Office systems and provide customized mashed up information. This ensures automation or mobile enablement of critical use cases across different domains with a single mobile application.

This paper examines some of the approaches to extend different legacy systems on to a unified (single) mobile platform and provides a scope for future integration. The paper further describes the different cloud-based or on-premise architectural solution options.

Approach to Unified Mobile Application Implementation For Multisystem Integration

Different Architectural Middleware Options to Mobilize Legacy Systems

There are several architectural middleware options to mobilize legacy systems. Some of the options are:

  • Oracle Service Bus
  • Oracle Integration Cloud Service (ICS)
  • Oracle Mobile Cloud Service (MCS)
  • Microsoft BizTalk Server
  • Custom Java Connector

Oracle Service Bus

Oracle Service Bus (OSB) transforms architectures by connecting, mediating, and managing interactions between services and applications. OSB ensures rapid service enablement by a comprehensive integration that is highly scalable and agile. Running on a WebLogic application server, OSB uses Oracle JCA Adapters to integrate heterogeneous, multi-vendor, multi-platform and multi-technology applications and thus provides prompt interoperability

JCA adapters are based on J2EE Connector Architecture (JCA) version 1.5, Extensible Markup Language (XML), and Web Service Definition Language (WSDL). The easily available support for these open standards ensures an implementation of a service oriented architecture that is loosely coupled, scalable and flexible.

OSB uses the following different types of adapters to address different legacy systems and business needs:

Technology Adapters : Technology adapters integrate Oracle application server/middle ware/mediator components to database tables, file systems, FTP servers, messaging queues and database queues etc.

Packaged Application Adapters : These adapters help in integrating Oracle application server with packages applications like Oracle EBS, PeopleSoft, Siebel and SAP.

Legacy Application Adapters : These adapters help the Oracle application server to integrate with legacy mainframe systems using respective communication protocols.

Custom Applications Adapters : These adapters help in integrating Oracle and Non-Oracle applications to ensure a consolidated and non-redundant definition of customers, partners, suppliers and employees across the entire enterprise.

OSB using web service manager’s declarative security policies is able to securely provide web services (considering multiple facets like authentication, authorization, and integrity) in REST/JSON format after connecting, mediating and transforming the services from different legacy packaged applications, like Oracle ERP or SAP. Apart from this, OSB not only can connect to any system that provides services in standard SOAP/REST format but also, provides an option to write custom code to cater to specific enterprise technology needs. The REST/JSON services provided by OSB can be easily consumed by a mobile app made on Native, Hybrid, Crossplatform frameworks.

Oracle Integration Cloud Service (ICS)

Integration Cloud Service is an integration product from Oracle. ICS allows you to integration between cloud to cloud applications. It also supports integration between cloud and on-premise applications. ICS allows the users to create connections to different SaaS applications by making use of specific cloud adapters, publish or subscribe to the Messaging Cloud Service, or integrate using industry standards like SOAP & REST. Integration cloud service ensures simpler, cost-effective, risk-proof and scalable cloud to cloud or on-premise to cloud ERP application integration and thus, allows them to communicate with each other and further extend to a mobile platform.

With the ICS adapters and web service integration capabilities, the clients do not have to worry about long implementation time and underlying integration complexities for Native, Saas and on-premise applications. ICS supports industry wide security standards like Security Assertion Markup Language (SAML), username/password token over Secure Sockets Layer (SSL), Custom token over SSL etc.

Oracle Mobile Cloud Service (MCS)

Mobile cloud service (MCS) is a cloud-based Mobile Backend as a Service. (MbaaS) With the following features, Oracle Mobile Cloud Service acts as a unified hub to develop, deploy, maintain, analyze mobile applications and integrate them with various ERP/legacy systems via connectors.

  • Mobile backend to create a logical grouping of resources for enablement of a robust cloud partner for one or more related apps.
  • Custom API designing to fetch data from various on-premises and on-cloud enterprise systems
  • Connectors for accessing third party services.
  • Storage for saving data such as images.
  • User Management for creating users and user roles.
  • Built-in APIs such as push notification to send notification to Android/iOS devices.
  • Data Offline/Sync to cache application data.
  • Mobile User Management to store and fetch user specific/role specific data.
  • Analytics for taking logs of app events and viewing in the form of informative reports.
  • Database Access to Oracle cloud database for creating new tables to execute custom API.

Using MCS connector, APIs have many advantages over direct JavaScript calling of external services as:

  • It has simple wizard-based declarative connection and policy configurations.
  • It allows the user to dynamically setup HTTP timeout sessions in case the external systems or network connection is too slow.
  • It provides an easy translation of JSON to XML and vice versa. Thereby, making it easy for connecting mobile application to external services
  • It allows users to easily diagnose and debug service / API issues as it is closely integrated with Oracle MCS diagnostic framework.
  • It allows user to track usage using MCS analytics.

OMCS can connect to various enterprise systems using the following different types of connectors:

SOAP Connector : Soap is a connector communication protocol. It uses WSDL (Web service description language) to describe the rules for defining messages of a web service to be transmitted across firewalls and proxies using HTTP/HTTPS security protocols.

Service developers can create soap connector APIs to enable custom code API to call SOAP services from different enterprise systems. Simple Object Access Protocol (SOAP) connector (based on XMLbased message communication) APIs provides a standard way to connect to different enterprise ERP /CRM systems and ensures a seamless integration between on premise or cloud-based enterprise systems. The connector API ensures that the custom code API receives and transmits messages (in SOAP format) on the SOAP port of MCS.

SOAP connector APIs are protected by a wide range of Oracle web service manage security policies such as SAML, User tokens, Http basic authentication etc. to ensure confidentiality, authenticity and integrity of the messages transmitted.

REST Connector : Rest connector API enables custom code API to connect to existing REST services from different on-premise assets, cloud based enterprise systems and third party services. The connector transmits/receives information in the form of XML or JSON (JavaScript object notation) using HTTPS protocol. REST creates a stateless service and does not contain messaging layer. The service developer can easily use the REST connector wizard to create connector API specifying remote services and configuring security policies.

ICS Connector : ICS has connectors/adapters to a variety of cloud-based services and can also easily connect to on-premise services via an on-premise ICS agent. Thus, ICS can expose these services as Soap/REST end points which can be consumed by MCS. ICS can also map data from one system to another system. For example, a service can be created in ICS that synchronizes the data between Oracle sales cloud and Oracle CPQ.

MCS enables service developer to create an ICS connector API using a Wizard to connect to integrated cloud service thereby, enabling the developers to browse and select from a plethora of services that are defined in multiple on-premise enterprise systems and cloud services integrated with ICS.

ICS connector API uses the HTTP basic authentication for runtime security. This not only includes username and password in the HTTP header of the requests but also checks for HTTPS as the transport protocol.

BizTalk Server

Running on a Windows machine, a BizTalk server can easily connect a mobile application to several legacy enterprise systems via native adapters using standard protocols and data formats. BizTalk server can send/receive messages using commonly recognized standards such as POP3, SMTP, FTP etc.

With the following features, BizTalk allows you to securely, flexibly and quickly integrate your custom business processes with internal or external services:

  • End-to-end message tracking
  • Multiple adapters to connect to multi-vendor and multi-platform legacy systems
  • Monitoring of the business activity
  • Integrated Single sign on feature
  • High scalability
  • Error/fault tolerance
  • In order receiving
  • Two-way communication

BizTalk is powerful when it comes to dealing with different message formats (which often is the case in multisystem integration). It helps developers to easily map messages from one system to another; irrespective to how the messages that are actually structured. It also helps to convert the message from one format to another. For example, a BizTalk server can connect to an enterprise system like EBS via SOAP URLs (through Oracle ISG) and convert the messages to REST format which can be easily consumed by mobile apps.

BizTalk server comes with the following set of native and line of business adapters:

  • File
  • FTP
  • HTTP
  • SOAP
  • MSMQ
  • MQ series
  • Windows sharepoint
  • POP 3
  • Custom
  • SMTP
  • WCF-BasicHttp
  • WCF-NetTcp
  • WCF-NetMsmq
  • WCF-NetNamedPipe
  • WCF-Custom
  • WCF-CustomIsolated
  • PeopleSoft Enterprise
  • JD Edwards OneWorld XE
  • TIBCO Rendezvous
  • TIBCO Enterprise Message Service
  • JD Edwards EnterpriseOnes

If the business infrastructure uses any of the protocol for which there is an adapter in the above mentioned list then the transmitting and receiving of messages through BizTalk server will just be a matter of configuring (via BizTalk Configuration Wizard) the adapter to send or receive messages in the respective transport standard. In case the business has some specific requirements then BizTalk server also provides the option of creating custom adapters.

Inbound/outbound message security is enabled on all components of BizTalk server (Receive handler, Message box, Orchestration, Send Handler) using encryption and digital signatures.

Custom JAVA Connector

A customized Java connector is an inexpensive middleware option as it saves the clients from heavy license cost. It is deployed on a web server like Tomcat and can be used to process the Stored Procedures or PL/SQL in any database and mapping the response to corresponding JSON. The mobile suite is developed in MVC architecture using spring framework. It’s a ‘plug n play’ application which you can use to integrate Oracle or any other database system with any mobile platform. Also, it is possible to establish a secure connection with MCS (to enable cloud integration) and send/ receive requests or responses in the JSON format to be consumed by mobile applications.

Some of the benefits are:

  • Secure and easy to maintain
  • Code reusability
  • Requests & responses are in JSON format, so parsing /manipulation is easy
  • Easy integration with MAF, Phone-gap, Hybrid, web and native apps
  • Can be easily configured for custom logins
  • Inexpensive? substitute to licensed middleware options

In addition to these benefits, the biggest advantage of a Java connector is that it is highly customizable and addresses any specific need of customers in an economic manner.

Approach to Unified Mobile Application Implementation For Multisystem Integration

Different Architectural Approaches to Mobilize Legacy Systems

On-Premise System Mobilization Approach

Customers can mobilize multiple ERP/CRM systems using anyone of OSB, BizTalk or Custom Java code middleware options. These middle ware options will act as connectors, mediators and orchestrators for services from various heterogeneous systems. Each of the OSB, BizTalk and Custom Java connector middle ware option comes with their own set of advantages and security protocols (defined in the initial section of the whitepaper). Running on web logic server (OSB), Windows server (BizTalk server) or Tomcat server (Customized Java Connector) these middle wares will consume services form heterogeneous systems orchestrate and convert services into mobile application consumable JSON format.

On-Premise to Cloud or Cloud to Cloud System Mobilization Approach

Customers can mobilize integration which deal in both on-premise and cloud-based applications. This can be achieved by using:

OSB/BizTalk/Custom Java, owing to a huge set of pre-built adapters, can easily connect to majority of the on-premise legacy systems and can provide the services in REST/JSON or SOAP format to MCS. Adding to it, MCS not only can provide a lot cloud-based features like storage, analytics etc. (mentioned in the MCS section of the whitepaper) but also, can ensure integration with other cloudbased systems which extend the services in SOAP/REST format. The mobile application can then finally consume OAuth secured REST JSON services converted from SOAP format by MCS.

ICS + MCS Approach

ICS owing to a plethora of pre-built adapters can connect to almost any of the legacy systems via an on-premise ICS agent. It can expose the services provided by the enterprise systems in REST JSON format to the mobile application. Prebuilt adapters can also provide custom integration to various cloud-based enterprise systems and ICS. Thus, can act as a bridge between various heterogeneous on-premise and cloud-based systems.

Oracle MCS extends existing security policies mobile. It secures APIs and services, using OAuth security tokens which are returned after successful authentications to an enterprise system. The security token is embedded in the APIs in the API calls to provide prompt security. Thus, ICS has to be used in conjunction with MCS to ensure prompt OAuth based security for services.

MCS and ICS together can securely create integration customizations between multi-vendor, multi-platform and heterogeneous cloud-based backend systems.

Approach to Unified Mobile Application Implementation For Multisystem Integration

Unified Authentication and Authorization Approaches

When we want to integrate and extend a heterogeneous set of enterprise systems to a mobile platform, a single access and identity management solution is a must to enable users to log in once and get access to disparate backend systems. The approaches in the following section help to achieve the same.

Oracle Access Manager (OAM)

Oracle Access Manager is Oracle Identity Management’s solution for web access management and user identity administration. It is pre-integrated with Oracle fusion middleware and provides a policy-based access to a disparate set of heterogeneous applications. It consists of two main modules:

Access Management : It provides centralized authentication, authorizations and auditing to enable single sign on and secure heterogeneous applications across enterprises. Access system is flexible and can easily be leveraged to policy protect disparate resources. It has a broad set of API to exteriorize auditing, authentication and authorization.

The access system not only supports policybased authentication but also, supports a wide range of authentication mechanisms like smart cards, two factor tokens, custom authentication etc. Using authentication API, clients can achieve nearly any kind of authentication. Post authentication of a user the access system creates a single sign on session to prevent user from the hassle of logging in again to other resources within the same policy domain.

A browser-based policy manager console helps administrators to define and configure policies to grant/restrict access to specific resources by user’s role/groups/IP address/ time etc. Authorization API even allows customers to build custom authorization plugin to cater to specific client needs and to include custom authorization logic in the existing policies.

The Access manager allows flexible logging of events of successful or failed authorizations and authentications etc. It allows clients to set up a blanket policy (applied to all events) which can be configured with even resource level exceptions to fetch client specific audit information and details.

Identity System (OID) : Identity system provides identity administration functionality to clients. Identity system acts as identity administrator for the identities which are governed by the access policies defined in the access system. There are two main components of Identity systems namely Web pass plugin and Identity server. The web pass plugin transfers information from web server to a standalone identity server which manages the identity of different groups, users, and organizations etc.

Some of the customizable and out-of-box functionalities provided by identity systems are delegated administrations, dynamic group management, user self – service and self – registration.

LDAP-based directory service acts as a backend repository for Oracle Access manager. The directory service is a combination of multiple directory servers and can be used to store configurations, workflows, policies and identities containing user, groups etc. managed by the Access and Identity systems.

Oracle access manager manages and secures disparate applications running on a variety of platforms with the help of integration agents. These agents act as out-of-box plugin for several web servers, application servers and portal servers running on a plethora of different platforms. The agents are registered with OAM and need to be installed on the same server on which an application resides. Thus, OAM can easily secure environments where an enterprise is dealing with a heterogeneous set of applications, for exampleSAP, Seibel, Oracle EBS etc.

Active Directory Federation System (ADFS)

ADFS is the single sign on and web-based authentication system from Microsoft. It is a software that can be installed on a Windows server and can enable users with a single sign on authentication for various systems and applications spread across enterprise locations. It implements federated identity and maintains security using a claim-based authorization protocol. It authenticates a business user-based on the claims about the user identity defined in the trusted token.

In the case of a multisystem implementation, ADFS ensures that a user does not have to authenticate against each and every system (with different security realms). Instead, ADFS establishes an identity federation by implementing a trust between security realms of multiple systems. This is achieved by implementing federation servers, one each, on accounts and resources side. The federation server on the accounts side will authenticate the user through active directory domain services and issue a security token that will contain identity and claims about the user. The federation server on the resources side will validate the security token and will, in turn, give another token for the local servers to accept user’s asserted identity and provide controlled access to their resources and services.

Different Components of ADFS Model

 Active Directory

Microsoft’s Active Directory is a database that stores user id and passwords of all users in an organization. A directory is divided into domains and each domain is controlled by a domain controller. (DC)

 Active Directory Domain Services

It uses distributed databases that store the network and application specific information from directory enabled applications.

ADFS do not hold these databases but act as a bridge between the external applications which try to access the internal services of an organization. ADFS queries the DC (Domain Controller) if external domain users can authenticate for services internal to an organization.

Oracle Internet Directory (OID) and Active Directory (AD) can be synced with each other in order to implement a single sign on login that can authenticate and authorize the user to multiple enterprise systems.

Approach to Unified Mobile Application Implementation For Multisystem Integration

Conclusion

Unified Mobile App Solutions post or fetch data with secured APIs facilitated by a robust middle ware architecture connecting multiple backend/ legacy systems. A typical implementation will include multiple types of API integration, data integration, business logic integration and user interface integrations. Unified Mobile Applications are perfect for enterprises who are looking for a one stop mobile solution which can integrate data from multiple backend systems and streamline different workflows to showcase required information in a mashed up way.

This paper is written by Saurabh Bahree-Senior Mobility Consultant/ Scrum Master.

Saurabh Bahree is the Senior Consultant, Oracle Mobility at RapidValue. He is a certified scrum master and PMP professional. Saurabh is an MBA graduate from the Great Lakes Institute of Management and he comes with over 7 years of international work experience in health management, financial regulatory reporting and Oracle ERP domain.

If you’d like to know more about Unified Mobile Application Solutions, please reach out to us at contactus@rapidvaluesolutions.com . We’d be happy to hear from you!

How can we help you?