Enterprise mobility is rapidly changing the way businesses/ enterprises are interacting and sharing critical information with customers, employees and partners. With the proliferation of isolated enterprise mobile applications, enterprises are realizing the need of a single mobile solution integrated with multiple legacy Enterprise Resource Planning (ERP), Customer Relationship Management (CRM) and other cloud-based systems to avoid maintenance complexity and ensure synchronicity. Enterprise mobility is now evolving with a new trend of providing one stop customized mobile solution integrating different legacy systems i.e. a single mobile app can talk to different ERP, CRM, and Microsoft (MS) Office systems and provide customized mashed up information. This ensures automation or mobile enablement of critical use cases across different domains with a single mobile application.
This paper examines some of the approaches to extend different legacy systems on to a unified (single) mobile platform and provides a scope for future integration. The paper further describes the different cloud-based or on-premise architectural solution options.
There are several architectural middleware options to mobilize legacy systems. Some of the options are:
Oracle Service Bus (OSB) transforms architectures by connecting, mediating, and managing interactions between services and applications. OSB ensures rapid service enablement by a comprehensive integration that is highly scalable and agile. Running on a WebLogic application server, OSB uses Oracle JCA Adapters to integrate heterogeneous, multi-vendor, multi-platform and multi-technology applications and thus provides prompt interoperability
JCA adapters are based on J2EE Connector Architecture (JCA) version 1.5, Extensible Markup Language (XML), and Web Service Definition Language (WSDL). The easily available support for these open standards ensures an implementation of a service oriented architecture that is loosely coupled, scalable and flexible.
OSB uses the following different types of adapters to address different legacy systems and business needs:
Technology Adapters : Technology adapters integrate Oracle application server/middle ware/mediator components to database tables, file systems, FTP servers, messaging queues and database queues etc.
Packaged Application Adapters : These adapters help in integrating Oracle application server with packages applications like Oracle EBS, PeopleSoft, Siebel and SAP.
Legacy Application Adapters : These adapters help the Oracle application server to integrate with legacy mainframe systems using respective communication protocols.
Custom Applications Adapters : These adapters help in integrating Oracle and Non-Oracle applications to ensure a consolidated and non-redundant definition of customers, partners, suppliers and employees across the entire enterprise.
OSB using web service manager’s declarative security policies is able to securely provide web services (considering multiple facets like authentication, authorization, and integrity) in REST/JSON format after connecting, mediating and transforming the services from different legacy packaged applications, like Oracle ERP or SAP. Apart from this, OSB not only can connect to any system that provides services in standard SOAP/REST format but also, provides an option to write custom code to cater to specific enterprise technology needs. The REST/JSON services provided by OSB can be easily consumed by a mobile app made on Native, Hybrid, Crossplatform frameworks.
Integration Cloud Service is an integration product from Oracle. ICS allows you to integration between cloud to cloud applications. It also supports integration between cloud and on-premise applications. ICS allows the users to create connections to different SaaS applications by making use of specific cloud adapters, publish or subscribe to the Messaging Cloud Service, or integrate using industry standards like SOAP & REST. Integration cloud service ensures simpler, cost-effective, risk-proof and scalable cloud to cloud or on-premise to cloud ERP application integration and thus, allows them to communicate with each other and further extend to a mobile platform.
With the ICS adapters and web service integration capabilities, the clients do not have to worry about long implementation time and underlying integration complexities for Native, Saas and on-premise applications. ICS supports industry wide security standards like Security Assertion Markup Language (SAML), username/password token over Secure Sockets Layer (SSL), Custom token over SSL etc.
Mobile cloud service (MCS) is a cloud-based Mobile Backend as a Service. (MbaaS) With the following features, Oracle Mobile Cloud Service acts as a unified hub to develop, deploy, maintain, analyze mobile applications and integrate them with various ERP/legacy systems via connectors.
OMCS can connect to various enterprise systems using the following different types of connectors:
SOAP Connector : Soap is a connector communication protocol. It uses WSDL (Web service description language) to describe the rules for defining messages of a web service to be transmitted across firewalls and proxies using HTTP/HTTPS security protocols.
Service developers can create soap connector APIs to enable custom code API to call SOAP services from different enterprise systems. Simple Object Access Protocol (SOAP) connector (based on XMLbased message communication) APIs provides a standard way to connect to different enterprise ERP /CRM systems and ensures a seamless integration between on premise or cloud-based enterprise systems. The connector API ensures that the custom code API receives and transmits messages (in SOAP format) on the SOAP port of MCS.
SOAP connector APIs are protected by a wide range of Oracle web service manage security policies such as SAML, User tokens, Http basic authentication etc. to ensure confidentiality, authenticity and integrity of the messages transmitted.
ICS Connector : ICS has connectors/adapters to a variety of cloud-based services and can also easily connect to on-premise services via an on-premise ICS agent. Thus, ICS can expose these services as Soap/REST end points which can be consumed by MCS. ICS can also map data from one system to another system. For example, a service can be created in ICS that synchronizes the data between Oracle sales cloud and Oracle CPQ.
MCS enables service developer to create an ICS connector API using a Wizard to connect to integrated cloud service thereby, enabling the developers to browse and select from a plethora of services that are defined in multiple on-premise enterprise systems and cloud services integrated with ICS.
ICS connector API uses the HTTP basic authentication for runtime security. This not only includes username and password in the HTTP header of the requests but also checks for HTTPS as the transport protocol.
Running on a Windows machine, a BizTalk server can easily connect a mobile application to several legacy enterprise systems via native adapters using standard protocols and data formats. BizTalk server can send/receive messages using commonly recognized standards such as POP3, SMTP, FTP etc.
With the following features, BizTalk allows you to securely, flexibly and quickly integrate your custom business processes with internal or external services:
BizTalk is powerful when it comes to dealing with different message formats (which often is the case in multisystem integration). It helps developers to easily map messages from one system to another; irrespective to how the messages that are actually structured. It also helps to convert the message from one format to another. For example, a BizTalk server can connect to an enterprise system like EBS via SOAP URLs (through Oracle ISG) and convert the messages to REST format which can be easily consumed by mobile apps.
BizTalk server comes with the following set of native and line of business adapters:
If the business infrastructure uses any of the protocol for which there is an adapter in the above mentioned list then the transmitting and receiving of messages through BizTalk server will just be a matter of configuring (via BizTalk Configuration Wizard) the adapter to send or receive messages in the respective transport standard. In case the business has some specific requirements then BizTalk server also provides the option of creating custom adapters.
Inbound/outbound message security is enabled on all components of BizTalk server (Receive handler, Message box, Orchestration, Send Handler) using encryption and digital signatures.
A customized Java connector is an inexpensive middleware option as it saves the clients from heavy license cost. It is deployed on a web server like Tomcat and can be used to process the Stored Procedures or PL/SQL in any database and mapping the response to corresponding JSON. The mobile suite is developed in MVC architecture using spring framework. It’s a ‘plug n play’ application which you can use to integrate Oracle or any other database system with any mobile platform. Also, it is possible to establish a secure connection with MCS (to enable cloud integration) and send/ receive requests or responses in the JSON format to be consumed by mobile applications.
Some of the benefits are:
In addition to these benefits, the biggest advantage of a Java connector is that it is highly customizable and addresses any specific need of customers in an economic manner.
Customers can mobilize multiple ERP/CRM systems using anyone of OSB, BizTalk or Custom Java code middleware options. These middle ware options will act as connectors, mediators and orchestrators for services from various heterogeneous systems. Each of the OSB, BizTalk and Custom Java connector middle ware option comes with their own set of advantages and security protocols (defined in the initial section of the whitepaper). Running on web logic server (OSB), Windows server (BizTalk server) or Tomcat server (Customized Java Connector) these middle wares will consume services form heterogeneous systems orchestrate and convert services into mobile application consumable JSON format.
Customers can mobilize integration which deal in both on-premise and cloud-based applications. This can be achieved by using:
OSB/BizTalk/Custom Java, owing to a huge set of pre-built adapters, can easily connect to majority of the on-premise legacy systems and can provide the services in REST/JSON or SOAP format to MCS. Adding to it, MCS not only can provide a lot cloud-based features like storage, analytics etc. (mentioned in the MCS section of the whitepaper) but also, can ensure integration with other cloudbased systems which extend the services in SOAP/REST format. The mobile application can then finally consume OAuth secured REST JSON services converted from SOAP format by MCS.
ICS owing to a plethora of pre-built adapters can connect to almost any of the legacy systems via an on-premise ICS agent. It can expose the services provided by the enterprise systems in REST JSON format to the mobile application. Prebuilt adapters can also provide custom integration to various cloud-based enterprise systems and ICS. Thus, can act as a bridge between various heterogeneous on-premise and cloud-based systems.
Oracle MCS extends existing security policies mobile. It secures APIs and services, using OAuth security tokens which are returned after successful authentications to an enterprise system. The security token is embedded in the APIs in the API calls to provide prompt security. Thus, ICS has to be used in conjunction with MCS to ensure prompt OAuth based security for services.
MCS and ICS together can securely create integration customizations between multi-vendor, multi-platform and heterogeneous cloud-based backend systems.
When we want to integrate and extend a heterogeneous set of enterprise systems to a mobile platform, a single access and identity management solution is a must to enable users to log in once and get access to disparate backend systems. The approaches in the following section help to achieve the same.
Oracle Access Manager is Oracle Identity Management’s solution for web access management and user identity administration. It is pre-integrated with Oracle fusion middleware and provides a policy-based access to a disparate set of heterogeneous applications. It consists of two main modules:
Access Management : It provides centralized authentication, authorizations and auditing to enable single sign on and secure heterogeneous applications across enterprises. Access system is flexible and can easily be leveraged to policy protect disparate resources. It has a broad set of API to exteriorize auditing, authentication and authorization.
The access system not only supports policybased authentication but also, supports a wide range of authentication mechanisms like smart cards, two factor tokens, custom authentication etc. Using authentication API, clients can achieve nearly any kind of authentication. Post authentication of a user the access system creates a single sign on session to prevent user from the hassle of logging in again to other resources within the same policy domain.
A browser-based policy manager console helps administrators to define and configure policies to grant/restrict access to specific resources by user’s role/groups/IP address/ time etc. Authorization API even allows customers to build custom authorization plugin to cater to specific client needs and to include custom authorization logic in the existing policies.
The Access manager allows flexible logging of events of successful or failed authorizations and authentications etc. It allows clients to set up a blanket policy (applied to all events) which can be configured with even resource level exceptions to fetch client specific audit information and details.
Identity System (OID) : Identity system provides identity administration functionality to clients. Identity system acts as identity administrator for the identities which are governed by the access policies defined in the access system. There are two main components of Identity systems namely Web pass plugin and Identity server. The web pass plugin transfers information from web server to a standalone identity server which manages the identity of different groups, users, and organizations etc.
Some of the customizable and out-of-box functionalities provided by identity systems are delegated administrations, dynamic group management, user self – service and self – registration.
LDAP-based directory service acts as a backend repository for Oracle Access manager. The directory service is a combination of multiple directory servers and can be used to store configurations, workflows, policies and identities containing user, groups etc. managed by the Access and Identity systems.
Oracle access manager manages and secures disparate applications running on a variety of platforms with the help of integration agents. These agents act as out-of-box plugin for several web servers, application servers and portal servers running on a plethora of different platforms. The agents are registered with OAM and need to be installed on the same server on which an application resides. Thus, OAM can easily secure environments where an enterprise is dealing with a heterogeneous set of applications, for exampleSAP, Seibel, Oracle EBS etc.
ADFS is the single sign on and web-based authentication system from Microsoft. It is a software that can be installed on a Windows server and can enable users with a single sign on authentication for various systems and applications spread across enterprise locations. It implements federated identity and maintains security using a claim-based authorization protocol. It authenticates a business user-based on the claims about the user identity defined in the trusted token.
In the case of a multisystem implementation, ADFS ensures that a user does not have to authenticate against each and every system (with different security realms). Instead, ADFS establishes an identity federation by implementing a trust between security realms of multiple systems. This is achieved by implementing federation servers, one each, on accounts and resources side. The federation server on the accounts side will authenticate the user through active directory domain services and issue a security token that will contain identity and claims about the user. The federation server on the resources side will validate the security token and will, in turn, give another token for the local servers to accept user’s asserted identity and provide controlled access to their resources and services.
Microsoft’s Active Directory is a database that stores user id and passwords of all users in an organization. A directory is divided into domains and each domain is controlled by a domain controller. (DC)
Active Directory Domain Services
It uses distributed databases that store the network and application specific information from directory enabled applications.
ADFS do not hold these databases but act as a bridge between the external applications which try to access the internal services of an organization. ADFS queries the DC (Domain Controller) if external domain users can authenticate for services internal to an organization.
Oracle Internet Directory (OID) and Active Directory (AD) can be synced with each other in order to implement a single sign on login that can authenticate and authorize the user to multiple enterprise systems.
Unified Mobile App Solutions post or fetch data with secured APIs facilitated by a robust middle ware architecture connecting multiple backend/ legacy systems. A typical implementation will include multiple types of API integration, data integration, business logic integration and user interface integrations. Unified Mobile Applications are perfect for enterprises who are looking for a one stop mobile solution which can integrate data from multiple backend systems and streamline different workflows to showcase required information in a mashed up way.