Monday, February 11, 2008

BizTalk: Bringing It All Together

A key component of the Microsoft e-commerce offering that deserves some detailed mentioned is BizTalk, a platform-neutral e-commerce framework that makes it easy for businesses to integrate applications and conduct business over the Internet with trading partners and customers.The BizTalk Framework uses Extensible Markup Language (XML) to work around the obstacles of integrating different operating systems, different languages, and different software applications both within an organization and between trading partners. The benefits of BizTalk include:
Easier integration of software applications. BizTalk, with XML as the underlying technology base, simplifies the process of integrating applications by providing a common language for the exchange of business information.
Greater process integration with trading partners. With BizTalk-enabled e-commerce software, supply chains can be automated and extended to all trading partners, allowing better integration of business-planning processes and improved response. Businesses can extend their existing infrastructures with BizTalk and begin to share design information, respond to sales leads, and build deeper trading relationships with partners.
Linkage to online marketplaces. In online marketplaces, consumers want richer information to help them make purchasing decisions. By incorporating standards for describing business, product, and promotions information, BizTalk can make it easier for organizations to publish their products and offers to online marketplaces and reach consumers with the appropriate information when they're ready to buy.
The FutureWith all the current focus on the Internet, it is sometimes easy to forget that e-commerce is still in its infancy. Even so, the Digital Age is already producing profound effects in numerous businesses. Witness what is occurring in book and music retailing, computer sales, and office-supply purchasing: New companies or new category leaders have emerged and existing sellers have had to adjust their business models dramatically.
These changes will continue to accelerate in the coming years as more and more people connect online and become comfortable with digital transactions, and companies figure out new and better ways to conduct business online, such as customizing Web sites to fit customer preferences. The companies that make the adjustment and employ a digital solution effectively and imaginatively stand to emerge at the forefront in a networked economy.

The Microsoft Strategy: Meeting the Challenge

Microsoft's e-commerce strategy helps businesses establish stronger relationships with customers and partners by delivering the benefits of e-commerce and addressing the issues of implementing e-commerce systems. Platform, portal, and partners are three essential elements of the Microsoft e-commerce strategy. In addition, the company has developed a platform-neutral e-commerce framework called Microsoft BizTalk™, described by Microsoft Chairman Bill Gates "as the glue that ties this all together."
The Microsoft e-commerce platform is the set of software technologies and products that implements and supports e-commerce. Microsoft strives to offer the best technology platform for e-commerce solutions. The platform starts with Microsoft Windows®, serving as a universal access point to provide consumer and business users with secure access to online e-commerce services. Windows contains support for standard Internet security protocols to enable secure, convenient online payment.
To enable businesses to create comprehensive online sites and applications, the platform also includes the Microsoft Servers suite, including Microsoft Windows 2000 Server, Microsoft SQL Server™ 7.0, and Microsoft Site Server 3.0 Commerce Edition. Microsoft Servers integrate with development tools such as Microsoft Visual Studio®, providing speedy development of secure, scalable e-commerce applications. E-commerce applications based on Microsoft Servers can easily integrate an organization's existing systems—including SAP, Baan, Oracle, AS/400, and mainframe systems.
The Microsoft portal for consumers is MSN–The Microsoft Network. MSN gives consumers the ability to research products and services, as well as shop and buy online, all from one convenient location on the Internet. Because more than 40 percent of Web users in the U.S. visit MSN each month, MSN can help any business generate awareness and demand for products and services with a large and qualified target audience. MSN's advertising, partnership, and small-business services help companies reach and build relationships with their online customers. In addition, MSN's Internet e-commerce services provide excellent partner-integration opportunities at any level for the consumer-goods, automotive, financial-services, real estate and travel industries.
Moreover, MSN Sales works with companies to find the best online opportunities to meet specific marketing goals. Through the bCentral Web site, Microsoft and MSN now offer a broad set of services to help small businesses increase their visibility online and strengthen their relationships with customers. MSN's Passport provides a single, secure identity and an electronic wallet that can be used across all Microsoft and third-party Web sites that meet Microsoft's strict consumer-privacy guidelines. The service will help facilitate Web-site access, make online purchasing easier, and provide individual consumers with content that is tailored more closely to their interests and preferences. For business partners, the introduction of this service will provide an opportunity to increase reach, revenue, and retention by making the online shopping experience easier and more appealing.
Microsoft partners can provide businesses a choice in e-commerce solutions and ensure the successful implementation of e-commerce systems. Microsoft partners offer both software products and professional services designed to help companies implement sophisticated e-commerce solutions. Microsoft Certified Solution Providers—consultants, skilled and trained in developing, deploying, and managing e-commerce sites and applications—offer professional services for businesses of all sizes. Leading systems integrators work with enterprise customers to provide a range of e-commerce-related services into Enterprise Resource Planning (ERP) systems. Industry-leading Internet services providers host e-commerce sites for smooth round-the-clock operation.
An expansive offering of products from multiple independent software vendors (ISVs) extends the Microsoft platform, helping customers minimize custom development. Many ISVs participate in the Value Chain Initiative—a consortium of Microsoft and 180 companies that has built a software framework for implementing business-to-business value-chain trading on the Internet.

Challenges in Implementing E-Commerce

It's easy to describe e-commerce and the benefits resulting from its implementation. It's not so easy to develop and deploy e-commerce systems. Companies have faced significant hurdles in these efforts:
Cost. E-commerce requires sophisticated, distributed systems based on new technologies that can touch many of a company's core business processes. As with all major business systems, e-commerce systems require significant investments in hardware, software, staffing, and training. Businesses need comprehensive solutions that are easy to use and thus help enable cost-effective deployment.
Value. Businesses want to know that their investments in e-commerce systems will produce a return. They deploy e-commerce systems to achieve business objectives such as lead generation, business process automation, and cost reduction. They want to ensure that these objectives are met. Businesses also need flexible solutions so that they can easily adapt a system to meet changing business conditions.
Security. Because the Internet provides almost universal access, a company's assets must be protected against misuse, whether accidental or malicious. At the same time, that protection should not compromise a site's usability or performance nor make its development too complex. There is an additional security issue: Because e-commerce systems enable the collection and usage of sensitive information about individual customers, companies also need to protect the privacy of their customers.
Existing Systems. Companies need to be able to harness the functionality of existing applications into e-commerce systems. Most companies new to e-commerce already use information technology to conduct business in non-Internet environments— in existing marketing, order management, billing, inventory, distribution, and customer service systems. The Internet represents an alternative and complementary way to do business. It's imperative that Internet e-commerce systems integrate existing systems in a manner that avoids duplicate function and maintains usability, performance, and reliability.
Interoperability. Interoperability here means the linking of trading partners' applications in order to exchange business documents. These systems must work together well in order to achieve business objectives. For example, the order-management application of a business partner must interoperate with the inventory applications of its suppliers. Interoperation between businesses reduces costs and improves performance. It enables the implementation of more dynamic value chains.

Building Stronger Ties with Better Solutions

Microsoft's e-commerce strategy aims to help companies establish stronger ties with customers and business partners by developing solutions using its e-commerce platform, its partners, and the services of its Internet portal, MSN–The Microsoft Network. These solutions generally fall into one of several broad business categories:
Direct Marketing, Selling, and Service. This includes brand development, direct selling, and customer service for business-to-business as well as business-to-consumer relationships. Creating site visibility, targeting offers at interested consumers, generating sales leads through a rich shopping experience, and providing responsive customer service and support are critical to online direct marketing, selling, and service. Other important considerations are secure credit card authorization and payment, automated tax calculation, flexible fulfillment, and tight integration with existing back-end systems such as inventory, billing, and distribution.
Online billing, investment services, home banking, and the distribution of digital goods and content can all be important components of direct marketing and service on the Internet. Even if companies don't rely extensively on the Internet for marketing, sales, and service, they and their customers may benefit considerably from online billing and payment. The average person receives 12 bills a month by mail from retailers, credit card companies, and utilities. Many of these billing companies are beginning to realize the benefits of sending their bills over the Internet as "e-bills." Services here may also include delivery of digital information and media. Such distribution over the Internet requires special support for retention of intellectual property rights, also known as digital rights management.
Corporate Purchasing. The Internet can help automate manual processes for most companies, making purchasing a self-service application for buyers and a trading application for suppliers. Generally this involves the procurement of low-cost, high-volume "indirect" goods for business maintenance, repair, and operations. These goods include office supplies, cleaning supplies, and replacement parts. The benefits of online corporate purchasing include lower administrative costs, improved responsiveness, and reduced inventories of supplies and replacement parts.
Value Chain. This encompasses establishing direct links with trading partners either "upstream" to suppliers or "downstream" to distributors and resellers. The Internet virtually eliminates the need for and the cost of private networks, thus opening up business-to-business communications and e-commerce to companies of almost any size. Internet trading tightens relationships between businesses to create a more dynamic value chain that reduces inventory requirements, shortens billing cycles, and makes businesses more responsive to their customers.

E-Commerce Strategy - Part 1

This article is an edited version of a white paper on the Microsoft e-commerce platform and strategy. You can download or view the entire white paper by clicking the link on the right side of screen.
Forging good relationships with customers and trading partners is key to building a successful business.
The potential benefits of e-commerce are clear: lower costs, greater reach, faster response times. But e-commerce doesn't mean simply pushing products at people faster. Because the Internet is such a good communications channel—it's fast, reasonably reliable, low in cost, and widely accessible—it can also deepen relationships with customers and partners.
With digital transactions and communication, companies can provide better service and support. This will become increasingly important as more and more consumers use the Web to gain access to information before purchasing and come to expect greater customization of products and faster service online.
The Internet can also promote closer collaboration and relationships among businesses. Suppliers and buyers can use the Internet to work more closely on joint projects such as tracking the success of a product promotion in real-time. Resellers can visit a supplier's Web site to check up-to-the-minute product availability and place orders.

Defending C++, and Other Considerations

-- John Swenson, letters editorHorrible set of circumstances, repriseAfter having read the latest "Letters to MSDN" column, I couldn't restrain myself from addressing the comment made by Jeff Petersen, who was wondering what "horrible set of circumstances" would drive one to become a C++ developer.How about the need to write a device driver?Or a Windows CE ActiveSync provider? Or an app that interfaces heavily with the telephony API and multiport devices? Or a small, fast NT service?I've had occasion to write all of the above, and trying to write them in Visual Basic would be highly challenging at best, an exercise in masochism at worst. What about clean exception handling, bought to our attention so adroitly by Robert Schmidt? Even a simple 'On Error' statement in Visual Basic can end up with lots of messy GOTOs, the bane of the maintenance programmer.I am not one of the purists who believe Visual Basic is evil incarnate. It certainly has Visual C++ beat when it comes to rapid UI development. Another point in its favor is its quantity of devotees, making code snippets and helpful advice easier to come by. For example, recently I tried to find some examples of ADO functions and found that 99-percent of the samples available are in Visual Basic, thanks no doubt to the sheer mass of Visual Basic programmers out there.That said, Visual C++ is far and away the winner when it comes to speed of execution and ease of access to the system functions. Furthermore, MFC's many classes make it a good deal easier than it used to be to build an attractive, well-behaved, function-rich app.Introductory books I'd recommend are Learn Microsoft Visual C++ 6.0 Now, published by Microsoft Press, which can be used by both C programmers moving to C++ as well as those who have never used either language. Another is Visual C++ 6 Programming Blue Book, published by Coriolis, a very readable, fast-paced introduction to both C++ and the development environment.Who knows, Jeff, maybe someday you'll be wondering what horrible set of circumstances could make you switch back to Visual Basic!Sandra WalterAnother staunch C++ defenderRegarding the comment in last month's Letters to MSDN column that only a "horrible set of circumstances" could drive someone to become a C++ developer, you asked if that is true.I, for one, take the opposite stand, fearing the "horrible set of circumstances" that could lead someone to become a Visual Basic developer (or a mainframe COBOL programmer, for that matter!). After nearly 20 years of development experience ranging from Basic to Fortran, Pascal to C, and Java to C++, I still find programming as much fun (or more) as ever. This is largely due to the richness of C++ and technologies like COM and the STL, which I can use to create solutions to whatever comes my way - something definitely NOT true for Visual Basic or Java.Vive la C++!Carl DanielAnd more...In reply to Jeff Petersen -- I too was originally baffled by C++, but now, especially in the COM world we live in, you will have to pry it out of my cold, dead hands.Paul HillEditor: Were gratified to see this outpouring of support for C++, after last months slanderous remarks by a Visual Basic® developer.Book requestI just wanted to thank Mr. Clinick for his uniformly useful, informative, helpful, and pleasant-to-read "Voice.""Scripting Clinic" is a fascinating galaxy of technologies, and Mr. Clinick's "Voice" fully reflects this fascinating array of possibilities.*Bravo*! Every MSDN author should be as good.I think he should write a whole book about scripting technologies and tools (as well as some of the main object-models that make those tools and technologies so incredibly useful!).Alex MartelliUncle Edd and JuniorGuest columnist Alan McBee has provided one of the most amusing, and incongruous, preambles to a technical article I have ever come across, in the Sept. 20 "Extreme XML" column.Just to clear up a possible point of confusion right away, I am not Charlie Heinemann's ghostwriter, nor is he mine. Charlie has had a wonderful time using XML to help his cousin, Uncle Edd, and Junior, Jenny, the intern from Ottawa, and everyone in the world who needed to keep track of their New Kids on the Block albums. However, Charlie needed to focus on some other projects right no, so I've stepped in. I think Mr. McBee should become a permanent contributing writer to the column, and rename it Jed Clampett's Web Wiz Biz Talk.William McNameeFeet lickingHoard the Black Coffee (Oct. 11 "Stones Way" column) was one of Victor Stone's best articles. I can easily identify with many of the scenarios visualized by Victor. We definitely need more such introspections in all the work we do. Unfortunately, feet licking and saying, "Yes, boss" is part of the accepted culture at most software organizations. Please accept my congratulations on such a great piece and keep up the good work. In fact, the signature on all my e-mails now carries the Victor Stone saying:Don't Belong. Never join. Think for yourself. Peace. - Victor StoneRegards,Manikandan ChandrasekaranHard to readI go through the MSDN material often to brush up my skills. It is very useful and organized very nicely.However, I find it extremely tough to read due to very small font, especially on the small 15" monitor. Just now while reading COM material, I could not continue after a while. This induced me to write this letter to you immediately. Please provide some mechanism (such as the Acrobat PDF reader) to zoom in/out on each page so that one can adjust the font to suit his or her comfort. This will make the fruitful tour of MSDN enjoyable to eyes.Also, it would help to provide arrows to navigate to next or previous topic at the bottom as well as at the top of each page. In the natural course of reading, people read a topic from top to bottom and then want to move to next topic. For that, you now have to return to the top of the topic, which is annoying.Makarand HiralikarEditor: Well pass your suggestion along to the team that is currently redesigning the MSDN Online site. Thanks for the input. In the meantime, please note that you can bump up the font size from, in Internet Explorer, the View menu. Select Text Size, and choose a larger size. You'll get a horizontal scrollbar for the menu at the top, but the article text will still fit on the screen (also, if you're in the Library or Web Workshop, it may help to hide the TOC).Impressed by the CoolbarWOW!! As someone very new to Web programming, I was very impressed by the DHTML Coolbar (Sept. 20 "Code Corner"). I'm going to figure out a way that I can implement this into my company's intranet.Thanks,Michael Dean

Use Secure Sockets Layer

You can use password protection to restrict access to certain folders and data in your web. However, if the password and data are passed in clear text across a network, a third party could potentially run a network data capture (sniffer) program to capture the password or data. To ensure that no unauthorized person can intercept and interpret confidential information, use the Secure Sockets Layer (SSL) protocol for the following:
Remote administration
Authoring
Browse access to any sensitive portions of the Web site
SSL is a protocol that provides communications privacy, authentication, and message integrity for a TCP/IP connection. SSL transmits passwords in an encrypted form that is unreadable by normal means. By using this protocol, a browser can communicate with the Web server in a way that prevents eavesdropping, tampering, or message forgery.
To use the SSL protocol for connections to a new web
In FrontPage, on the File menu, point to New, and then click Web.
In the New dialog box, click Secure connection required (SSL).
If you administer the Web server where the FrontPage-based web is published, and if your Web server is Internet Information Server running on a Windows NT server, you can use the Microsoft Management Console to require SSL authoring for an existing web.
To set the SSL protocol requirement for an existing web
In the Microsoft Management Console, right-click the web, and then click Properties on the shortcut menu.
On the Server Extensions tab, select the Require SSL for authoring option.

Restrict What Authors Can Do

If you administer the Web server where your FrontPage-based web is published, you can prevent Web authors from accessing certain resources that are on the server. For example, you can prevent authors from uploading malicious files to the Web server in an executable directory, where the files can be run using a browser.
To prevent authors from uploading or running unauthorized programs on a Web server, set the appropriate configuration variables for the FrontPage 2000 Server Extensions. For more information about the FrontPage Server Extensions configuration variables, see the first of the Appendixes in the FrontPage Server Extensions Resource Kit.
The following configuration variables control authors' access to scripts and executable files on a Web server. In most cases, you can restrict authors' access by leaving the setting that the FrontPage Server Extensions makes by default during installation. For example, the NoExecutableCGIUpload configuration variable is set to "on" by default.
AllowExecutableScripts Set to "off" (default) to prevent authors from running scripts, such as CGI scripts, ISAPI extensions, and active server pages (ASP).
NoExecutableCGIUpload Set to "on" (default) to prevent authors from uploading executable files.
NoMarkScriptable Set to "off" to prevent authors from being able to allow scripts to be run in a given folder (setting is "on" by default).
Remember that some authors may need to upload executable files or run scripts - for example, if they are incorporating a database into their FrontPage-based web, or if they are using ASP pages. You can selectively enable the ability to upload executable files and run scripts for these authors by setting the appropriate configuration variables on the virtual servers that these authors use.
In addition to the ability to upload executable files and run scripts, system data source names (DSNs) are another resource on the Web server that you should be wary of exposing to web authors. You can hide system DSNs by turning the ListSystemDSNs configuration variable off, either globally or for individual virtual servers. The default setting is "on" when you first install FrontPage Server Extensions.
Make Database Resources Secure
If your FrontPage-based web includes a database, you can take steps to ensure that no unauthorized person can gain access to the database.
When you add a database to your FrontPage-based web, store it in the folder that FrontPage provides, _fpdb. FrontPage automatically marks this folder as not browsable, scriptable, or executable.
Use the security mechanisms that are built into the database or database server to restrict who can update the database content. Generally, Web authors' accounts do not need privileges beyond SELECT and UPDATE, which are used by FrontPage. If access restrictions are not set within the database, anyone with authoring or administrative rights to the web might be able to access and change the content of the database.

Using Subwebs Strategically to Increase Security

If you want to publish a restricted web that contains sensitive data, be sure to publish it as a subweb and not as a root web. An unauthorized person who knows how information about a FrontPage-based web is stored on the Web server can find certain information - such as the version of the FrontPage server extensions, the server type, and URLs for scripts - that always exists at the root web level. Someone could potentially use this information as a starting point for intrusion. Creating secure subwebs for sensitive information puts a level of security between your data and the root web.
A feature of subwebs in FrontPage is that you can set the subweb to use permissions that are different from the parent web. If you create subwebs to store sensitive data, remember that the security of a subweb can never be greater than that of its parent web.
For example, if you create a restricted subweb under an unrestricted root web, the subweb is potentially visible to anyone who accesses the root web. Someone knowledgeable about remote procedure calls used by FrontPage could discover the folder that contains the subweb and use the folder name as a starting point for intrusion. Additionally, an intruder who knows the full URL of a page within the restricted subweb could possibly bypass the subweb's security by typing the URL in their browser.
To restrict access to a subweb, you must first restrict access to its parent web. In FrontPage, select the Only registered users have browse access option in the parent web. If your Web server is Internet Information Server running on a Windows NT server, set the parent web with the following security settings:
For authentication methods, disable anonymous access.
In the Microsoft Management Console for Internet Information Server, right-click the web, and then click Properties on the shortcut menu.
On the Directory Security tab, click Edit in the Anonymous Access and Authentication Control section, and then clear the Allow Anonymous Access option.
Make sure the Everyone group is not granted explicit access.
In FrontPage, on the Groups tab of the Permissions dialog box, remove the Everyone group, and then click Apply.
On the Users tab, click Everyone has browse access.
Make sure the IUSR_computername account is not granted explicit access.
In FrontPage, on the Users tab of the Permissions dialog box, remove the IUSR_computername user, and then click Apply.
On the Users tab, click Everyone has browse access.

Beyond Permissions: Securing Your FrontPage Based Web

Microsoft FrontPage provides administrative tools that let you set permissions and limit access to webs that you create and edit on a Web server. When you click Security on the Tools menu and then click Permissions, you can assign groups (on Windows NT® servers), users, or computers the following types of permission:
Browse Users with browse permission can view the web in a browser, but they cannot modify it. You can restrict a web so that only a specified list of users is allowed to view it.
Author Users with author permission can view the web in a browser, and they can also create, delete, and modify files in the web.
Administer Users with administer permission can view the web in a browser and can create, delete, and modify files in the web, like users with author permission. They can also create and delete whole webs, and they can set permissions for the web.
In some cases, you cannot use the Security command in FrontPage. (You can enable security features by publishing your web to a Web server configured to support FrontPage security.) The command is disabled in the following circumstances:
Your web is on a disk (such as your hard disk or a network share) rather than published on a Web server.
Your web is on a server that does not have the FrontPage Server Extensions installed.
Your web is published on a Microsoft Personal Web Server, because Personal Web Server does not restrict access.
Your web is published on Microsoft Internet Information Server that uses the file allocation table (FAT) file system rather than the Windows NT file system (NTFS).
Your Web administrator has enabled the "manage permissions manually" setting for your web.
Setting permissions gives you a degree of security for your FrontPage-based web. This article presents additional strategies you can employ to keep your web and Web server safe from malicious or careless use. You can learn more about setting permissions in FrontPage online Help. For details about how FrontPage implements security features.