design of a computer system for an information system

78
DESIGN OF A COMPUTER SYSTEM FOR AN INFORMATION SYSTEM ORGANIZATION THAT PROVIDES WEB BASED MARKETING, SALES, AND CUSTOMER SERVICE FOR AN INDUSTRIAL CONSULTANT AND PATENT LAW ORGANIZATION A DIRECTED STUDY PROJECT SUBMITTED TO THE FACULTY OF THE GRADUATE SCHOOL OF COMPUTERS SCIENCE IN CANDIDACY FOR A MASTERS OF SCIENCE IN INFORMATION SYSTEMS By Anthony W. Sublett STRAYER UNIVERSITY NEWPORT NEWS CAMPUS June 2006

Upload: anthony-sublett-sfpe-bsme-msme-mba-msis

Post on 28-Jan-2018

152 views

Category:

Documents


0 download

TRANSCRIPT

DESIGN OF A COMPUTER SYSTEM FOR AN INFORMATION SYSTEM

ORGANIZATION

THAT PROVIDES

WEB BASED MARKETING, SALES, AND CUSTOMER SERVICE

FOR AN INDUSTRIAL CONSULTANT AND PATENT LAW

ORGANIZATION

A DIRECTED STUDY PROJECT SUBMITTED TO THE

FACULTY OF THE GRADUATE SCHOOL OF COMPUTERS SCIENCE

IN

CANDIDACY

FOR A

MASTERS OF SCIENCE IN INFORMATION SYSTEMS

By

Anthony W. Sublett

STRAYER UNIVERSITY NEWPORT NEWS CAMPUS

June 2006

- ii-

ABSTRACT

This paper detailed the design and functional aspects of a computer system that

was used by an information system organization. A triangulation research method was

used to gather data for this study and deign of this computer information system. The

information system was designed to obtain and store pertinent data that was vital to the

daily operation of an information system organization performing web based marketing,

sales, and customer service for an Industrial Consultant and Intellectual Property Law

Organization (which is the information system organization’s parent company). This

paper explained how the systems analysis was performed and what the results of the

analysis were. How the system was designed, which was based on the system analysis,

was discussed as well. After the system was designed sample calculations were ran to

verify and validate system performance in regards to the number of PCs and operators

required to sufficiently handle the predicated influx of business. An alternative solution

of running a simulation was also suggested as possible method to verify, validate, and

predetermine requirements dictated by the business requirements at the out set of the

design problem formulation.

- iii-

ACKNOWLEDGEMENTS

Professor Martinez Del Rio, Dr. Otto, and DR. Hayes deserve special thanks for

their guidance and insight in terms of helping me organize the specific subject areas of

this paper as well as formatting it properly in order to ensure that it would be acceptable

in accordance with the current DRP guidelines and specifications. I would also like to

thank all of my other course instructors in the CIS Department at Strayer University

Newport News campus as well as my online instructors that provided me with the

theoretical knowledge which enabled me to perform both a quantitative and qualitative

analysis and incorporate it into this paper.

- iv-

TABLE OF CONTENTS

CHAPTER

Abstract ii

Acknowledgements iii

List of Appendixes vi

List of Figures vii

List of Tables viii

Chapter

1 Introduction 1

1.1 Context and Statement of Problem 1

1.2 Significance of the Design (study) 1

1.3 Specific Research Questions and Sub-questions 1

1.4 Statement of Problem 2 1.5 Research and Design Methodology (use of interviews and etc.) 2

1.6 Organization of Study 3

2 Secondary Research and Design of System 5

2.1 System Analysis 5

2.2 Information System Strategic Planning 7

2.3 Design Issues 10

2.4 System Processors 11

- v-

TABLE OF CONTENTS (CONT)

2.5 Hard Drive 22

2.6 Output Devices 24

2.7 Network 27

2.8 Functional Aspects of the System 30

2.8.1 System Software 31

2.8.2 Application Development Software 31

2.9 Functional Data Bases 31

3.0 Security Introduction 44

3 Primary Research System Evaluation and Validation 49

3.1 Purpose and Justification for Using a Simulation Model 49

4 Summary and Conclusion 65

- vi-

APPENDIXES

Appendix A-1 67

Appendix B-1 68

- vii-

LIST OF FIGURES

Figure 2-1 The Analyst Approach to Problem Solving 6

Figure 2-2 Company Organization Structure 8

Figure 2.3 Symmetric Multiprocessing Architecture 14

Figure 2.4 General Structure of a Client Server System 15

Figure 2-5 Interrelationships Between the Computing Model 16

Figure 2.6 Storage Device Hierarchy 23

Figure 2.7 Stages in the Requirements Analysis Process 32

Figure 2.8 Stage 3 – Requirements Evaluation 36

Figure 2.9 Employee Table Before Normalization 38

Figure 2.10 Employee and Project Tables in 1NF 38

Figure 2.11 The Project Table Before 2NF 39

Figure 2-12 Project and Department Tables in 2NF 40

Figure 2-13 The Project Table Before 3NF 41

Figure 2-14 Project and Priority Tables in 3NF 42

- viii-

LIST OF TABLES

Table 2-1 HP L1506 Flat Panel Monitor Specifications 24

Table 2-2 Server Specifications 27

Table 2-3 Data Categories 34

Table 3-0 Problem Properties 51

Table 3-1 Interval Distribution of Incoming E-mails 52 Table 3-2 Service Distribution of PC1 51 Table 3-3 Service Distribution of PC2 53 Table 3-4 Service Distribution of PC3 53 Table 3-5 Service Distribution of PC4 54 Table 3-6 Service Distribution of PC5 54

- 1-

CHAPTER 1

INTRODUCTION

1.1 Context of Problem:

A brand new information system organization has been created in Washington

DC. This information system organization is a separate division but a valued part of its

parent organization that is brand new as well. The parent organization is an Industrial

Consultation and Intellectual Property Law Consulting firm that provides industrial and

intellectual property law consolation services to both national and international clients.

This information system organization is the life bread of the parent company, because it

provides web based marketing, sales, and customer services activities for the parent

organization. Since this information system organization was a brand new entity it did not

have any computer system in place to be to assist in the organization in performing the

above listed activities.

1.2 Statement of the Problem:

A newly developed information organization that performs web based marketing

and sales for a patent law and industrial consulting firm requires a newly designed

information system that is cable of meeting the organization’s requirements in terms of

storing, processing, and transmitting information and attribute support to the organization

meeting its objectives and goals.

1.3 Specific Research Questions and Sub-questions:

How will the system primarily be used and by who?

- 2-

• What role will the system play strategically in the organization?

• What are the function ional requirements and capacity requirements of the

system?

• How will the system be validated?

Will the system provide the necessary functions and satisfy the organization’s user

requirements and ultimately add value to the information system organization?

1.4 Significance of the Design (study):

This paper is significant because it will serve as a functional aid and blueprint for

the design, development, and maintenance of the new computer system that is definitely

needed by the information system. Without this the new computer system organizations

ability to perform web based marketing and sale for the parent organization would be

greatly crippled. If the information system organization cannot successfully perform their

web based marketing and sales either up to or beyond the parent organization’s projected

expectations. The parent company could possibly lose money, investors, and possibly

fold. The culmination of increased marketing and procurement of new clients would

attribute greatly to success of the information system organization and ultimately solidify

the parent organization’s significant foot hole in their respective industry. Ultimately the

role that this newly designed computer system can play in regards to procuring, providing

service for and retaining new customers can make or break the parent organization.

1.5 Research and Design Methodology (use of interviews and etc.):

Triangulation, which is an integration of qualitative and quantitative analysis, was

the DRP research design methodology used. Qualitative research data was obtained

- 3-

through interviews with the CIO and other members of the organization that are listed as

follows:

Herman Miller, President CIO, Senior Counselor Intellectual Property Law Michael Taylor, VP Marketing & Sales & IS

Darold Thomas, Chief Industrial Project Consultant & Mechanical Project Engineer Susan Jones, Executive Secretary & Paralegal

Victor Jones, Director of industrial Research & Chief Electrical Project Engineer

Rick Hamilton, Chief Marketing & Sales Executive & IS Analyst

A Quantitative analysis was performed by obtaining component statistical data and

analyzing if it would meet the user requirements. Also a simulation was run to validate

that the system could operate efficiently enough to be perform up to the capacity required

by the organization.

1.6 Organization of Study:

The system design was based on system requirements specified by the CIO to the

designer during a user/client interview process. An analysis was performed and reviewed

by the CIO and these super users. This analysis specified details in regards to all of the

system hardware, software, and network requirements as well as how the system would

be integrated into each respective department functionally. How and why various

components of the system were selected an implemented as part of the computer system

design will be highlighted. Quantitative research, that included statistical analysis and a

simulation, was performed to validate the system’s efficiency, and verify that it would

perform up to the organization’s requirements. Ultimately a summary of the design and a

- 4-

conclusion was made on whether the system would be an asset to the information system

organization and parent consulting organization.

- 5-

CHAPTER 2

SECONDARY RESAERCH OF SYSTEM DESIGN

This chapter will detail how secondary research was used to perform the system

analysis and define the requirements and functional aspects that were used to select the

hardware, software, network components, and peripherals of the system.

2.1 System Analysis:

The first step in performing this analysis was developing a clear understanding of

the information that would be processed by the system during a normal business day. The

process that was used in obtaining and organizing this information was outlined as shown

in the analyst approach to problem solving shown in figure 2-1 below (Burd, Jackson,

and Satzinger, 2004).

- 6-

Figure 2-1 The Analyst Approach to Problem Solving (Burd, Jackson, and Satzinger,

2004)

Research and understand the problem

Verify the benefits of solving the problem outweigh the costs

Define the requirements for solving the problem Develop a set of possible solutions (alternatives)

Decide which solution is best and make a recommendation

Define the details of the chosen solution

Implement the solution

Define the details of the chosen solution

Monitor to make sure that you obtain the desired results

- 7-

2.2 Information System Strategic Planning:

The first step in designing a computer system for any organization is to define the

information strategic plan and the basic objectives of the customer support system that is

part of the plan. In many instances a consulting company is bought into carefully think

about the entire information technology infrastructure and formulate a strategic

information system’s plan (Burd, Jackson, and Satzinger, 2004). This particular

organization is relatively small and happens to have a small group of diverse employees

(i.e. one employee has a Bachelors of Science in Mechanical Engineering, Jurist

Doctorate in Law, a Masters in Information Systems, and a Masters in Business

Administration. Another employee has a Bachelors of Science in computer Science and a

marketing background) that perform the tasks that would normally be required by two or

three individuals.

The employees focus primarily on the following strategic objectives:

1. Customer relationship management

2. Supply chain management

“ Customer relationship management (CRM) concerns processes that support marketing,

sales, and service operations involving direct and indirect customer interaction” (Burd,

Jackson, and Satzinger, 2004, pg 19)

“Supply chain management (SCM) concerns processes that seamlessly integrate product

development (the product in this case are the services the industrial and legal consulting

services that are provided by the parent organization), client acquisition, client

procurement, and data base inventory of potential and existing clients” (Burd, Jackson,

- 8-

and Satzinger, 2004, pg 19). Focusing on both of these strategic objectives will help the

business provide services to clients while promoting efficient operations.

The information systems strategic plan includes an application architecture plan,

detailing the information systems projects that the organization still has to complete as

well as technology architecture plan, detailing the technology infrastructure needed to

support the systems. Both of these plans were based on the supply chain management

and customer relationship objectives that are depicted later in this document (Burd,

Jackson, and Satzinger, 2004). The organizational structure of the company is shown

below in figure 2-2.

Figure 2-2 Company Organization Structure

Herman Miller President CIO

Darold Thomas Chief Industrial Project Consultant & Mechanical Project Engineer

Herman Miller Senior Counselor Intellectual Property Law

Michael Taylor VP Marketing & Sales & IS

Rick Hamilton Chief Marketing & Sales Executive & IS Analyst

Susan Jones Executive Secretary & Paralegal

Victor Jones Director of industrial Research & Chief Electrical Project Engineer

- 9-

The individuals and their respective positions are shown above in Figure 2-2.

Note, all departments feed into the marketing and sales organization which in turn feed

into the information systems (IS) organization.

The IS organization is broken down into two distinct areas, system support and

system development. System support is composed of the following functional areas:

telemarketing, data base administration, operations management, and user support.

System development involves project management, system analysis, program analysis,

and clerical support. These tasks are performed by the Herman Miller CIO and Rick

Hamilton, see figure 2-2 above (Burd, Jackson, and Satzinger, 2004).

The information system strategic plan that was developed includes a technology

architecture plan and an application architecture plan. The main features of both of these

plans are as follows:

Technology Architecture Plan:

1. Strategically move towards conducting business processes via the internet,

first supporting new client acquisition, client service demands, and web

innovation.

2. Anticipate and react to targeted customer demands in order to supply

customer with company portfolio information and relative data on their

competitors.

3. Anticipate move towards web based internet solutions for information

systems.

- 10-

4. Ensure the intranet hardware is in place and the technology is

continuously updated to aid in the acquisition, transfer, and storage of

information through out the organization.

5. Ensure that adequate security software is in place on the system and

updated frequently to negate fraudulent cyber activities.

Application Architecture Plan:

1. Supply Chain Management (SCM): implement systems that seamlessly

integrate products (services in this case), development, product services

acquisition, new client procurement, existing client retention, referral

database information, distribution and storage database inventory, and

inventory management in anticipation of rapid client growth.

2.3 Design Issues:

Making the multiplicity of processors and storage devices transparent to the users

was the primary focus. The user interface of a transparent distributed system looks at its

users. The user interface of a transparent distributed system should not distinguish

between local and remote resources. Ideally the users will be able to access data basis on

their PCs from any remote location within the facility. Users will be able to log onto any

machine by using their roaming profile, which will contain an encrypted password and

username. Another major form of transparency is the mobility of user address books. The

users will be able to access their address books on their home system or from the office.

The system shall be fault tolerant, thus the system will still be able to perform regardless

if some of its components fail. A DEC VAX cluster which allows multiple computers to

share multiple sets of disks will be used to attribute to the fault tolerant aspects of the

- 11-

system. The system will also have some degree of scalability, the ability of the system to

adapt to increased service load. Ultimately the system resources will take longer to reach

a saturated state. The service demand from any component of the system will be bounded

by a constant that is independent of the nodes in the system

2.4 System Processors:

The system will utilize multiple processor boards (MPU-A) that will share the

same physical memory by using a Shared Memory Facility (SMF). The SMF will allow

up to six processors to communicate via a shared memory, and allow any processor to

access several shared memory systems. I/O interfaces will also be shared when selected

as memory addresses instead of port numbers. Each processor is allowed up to 64K bytes

of its own local memory, less the amount of memory in the shared block. The shared

memory may be up to 64K bytes (Wilson, 2003).

The SMF will include:

• MABP-3 Access Port (bus multiplexer) board, which is a bus multiplexer board

composed of three identical ports used to switch information between one of three

processors and the Shared Memory Bus. Two MABP-3 boards will be used to

make a six-way switch controlled by the MAPT-6 Shared Memory Controller

board. The MABP-3 board will contain three complete sets of logic, each

comprising an address decoder, request latch and bus buffers. When two boards

are used in a system, they will provide a six-way bus switch in which the six

processor ports differ only in their priority assigned on the MAPT-6 board. Any

processor will have access to information in shared memory as well as access to

any other memory space except that it may need to wait while the SMF services

- 12-

higher priority requests. An EXPM edge connector will be used to install each

MABP-3 board (Wilson, 2003).

• MAPT-6 Shared Memory Controller board, which will board perform timing and

control functions of the Shared Memory Facility. Logic will include a latched

priority encoder that will generate the signal PORT SELECT I, where I is the

processor presently with highest priority. This signal enables related bus drivers

on the MABP-3 boards to perform bus switching. Other logic elements will form

a sequential logic network to generate signals controlling the memory. These

signals will include SYNC that will substitute for the SYNC signal normally

generated by the processor during a fetch cycle and which possibly is used for

other system functions. Another EXPM edge connector will be used to install the

MAPT-6 board.

Both boards will be connected to a special Mother Board section (Shared Memory

Bus) in a standard IMSAI 8080 chassis. Memory boards shared by the processors will

also be plugged into this section .The SMF is completed by Bus boards plugged into

the Mother Board of each processor, and cables connecting the Bus boards to the

MABP-3 boards on the Shared Memory Bus. A separate front panel will be connected

(through an extender board) to each processor. The processors may be contained in

separate cabinets connected only by the Bus board and associated cable.

Bus Boards:

Each processor sharing memory will require a Bus Board and cable to connect its

Bus to the MABP-3 board. Because of the required length of the runs an 18-inch flat

- 13-

cable with 50-pin card edge connectors will be is used to connect a Bus board to a

MABP-3 board (Wilson, 2003).

This multiprocessor will share the computer bus, the clock, and some times

memory and peripheral devices (Gage, Galvin, Silberschatz, 2004). Multiprocessor

systems have the following three advantages:

1) Increased throughput: By increasing the number of processors more work can

get done in less time. “The speed up ratio with N processors is not N; rather it is

less then N. When multiple processors cooperate on a task a certain amount of

overhead is incurred in keeping all of the parts working correctly. This overhead

plus contention for shared resources, lowers the expected gain from additional

processors. Similarly a group of N programmers does not result in N times the

amount of work being accomplished.” (Gage, Galvin, Silberschatz, pg 12).

2) Economy of scale: Multiprocessor systems will save more money than multiple

single-processor systems, because they can share peripherals, storage space, and

power supplies. “They allow several programs to operate on the same set of data

on one disk and have all the processor share them, opposed to having many

computers with local disks and many copies of the data”

3) Increased reliability: It allows functions to be distributed among several

processors and negates system failure or decrease in speed due to a faulty

processor within the network. This ability to continue to providing service

proportional to the level of surviving hardware is called graceful degradation.

“System designed from graceful degradation are also called fault tolerant.” (Gage,

Galvin, Silberschatz, pg 12).

- 14-

This multiple processor system will use symmetric multiprocessing (SMP), where

each processor will run an identical copy of the operating system. SMP basically means

that all processors work equally, there is no CPU hierarchy (see figure 2.3. below). The

advantage of this model is that many processes can run simultaneously –N processes can

run if there are N CPUs without causing a significant deterioration of performance.

Figure 2.3 Symmetric Multiprocessing Architecture

Client /Servers:

Server hardware capabilities depend upon the resources that are being shared and

the umber of simultaneous users (Burd, 2006). In this case an average of 12 people was

the design capacity specified for the server that could possibly be accessing the network

at one time (even though at present there are six employees). A distributed client server

system will be used, which will allow the clients or PC users to access data as if it was

stored centrally. A distributed configuration over a Wide Area Network (WAN) will be

used so that the servers can be synchronized regularly to ensure that they hold the same

CPU CPU CPU

MEMORY

- 15-

data. This system will be centralized which will enable it to act as a server system to

satisfy request generated by client systems. The general layout for a client server system

is depicted in Figure 2.4 below. The computer server system is broadly recognized as a

compute servers and file servers. Computer server systems provide an interface to which

clients can send requests to perform an action, in response to which they execute the

action and send back the results warranted by the user or client. File-server systems

provide a file-system interface where clients can create, update, read, and delete files.

Figure 2.4 General structure of a client server system (Gage, Galvin, Silberschatz, 2004)

A distributed computer system (DCS) was selected that would allow the clients or

PC users access to data as if it was stored centrally. A distributed computing system is

interrelated to a client/server system. The DCS technically is a collection of autonomous

computers interconnected through a communication network in order to carry out the

business functions of the organization (Umar, 1997). Information cannot be shared

globally and none of the systems connected by the network share memory. The

information is exchanged through messages on the network. In essence the computers

CLIENT CLIENT CLIENT

MEMORY

CLIENT

Network

- 16-

have to work together and cooperate with each other in order to meet organizational

requirements (Umar, 1997). The client / server model is a special case of the distributed

computing model. Figure 2.5 below shows the relationship between the two.

Figure 2-5 Interrelationships Between the Computing Model

The fact that the network computers of this system do not share memory is what

sets it apart from a multiprocessor system.

The client / server (C/S) model, which is one of three models that can be used to

achieve distributing computing was used in this system design. The C/S model allows

processes at different locations to readily exchange information and is more interactive

then the file transfer model (Umar, 1997).

Client Processes:

The client service process performs the application functions on the client’s

behalf. Client processes may range from simple interfaces, producing spread sheets, or

Computing Models

Terminal Host Model

Distributing Computing Model

File Transfer Model

Peer-to-Peer Model

Client / Server Model

File Transfer Model

- 17-

producing analytical data such as graphs Client processes general have some of the

following characteristics:

• It interacts with the user through a user interface, which are typically graphical

user interfaces or object oriented interfaces.

• It performs some application functions if needed, i.e. user interface processing,

spreadsheets, report, generation, and object manipulation.

• It interacts with the client middleware by forming queries and or commands in

application program interface, which is the format that is readily understood by

the client middleware.

• It receives responses from the server middleware which it displays, if need be on

the user interface.

Server Processes:

The server performs the applications on the server’s side of the coin which has the

following characteristics:

• It provides services to the client, some of which may be as simple as providing the

time of day. Other services may be more complex such as processing electronic

transfer of funds.

• An ideal server will hide its activities so the client does not have knowledge of

the details of the functions that have been carried out on their behalf.

• It is invoked by he server middleware and returns the results back to the server

middleware.

- 18-

• It may provide some limited scheduling services, in leiu of multiple clients being

provided service concurrently. But generally speaking providing scheduling is

usually a service that the middleware server is responsible for.

• It provides error-recovery and failure handling services (Umar, 1997).

Application Architecture:

A two tier architecture with a distribute application program will be used. The

application programs shall be split between the client server machines and with each

other through remote-procedure-call (RPC) middleware. The remote data will be stored

in an SQL server and accessed through ad hoc SQL statements sent over the network.

This architecture was selected because of its ability to be supported by SQL Windows

software (Umar, 1997).

Middleware:

The C/S middleware provides information exchange service that provides the user

the ability to access services like remote databases and real time message exchanges

between remote programs supported by directory, security and failure handling services.

The middleware can be viewed as the backbone of the client server system. The

following questions were addressed in designing the client server system and determining

what middleware would be used:

1. What basic services would the C/S middle ware have to provide and who would

provide them?

2. What type of information exchange services would be required by the

middleware?

- 19-

3. What type of management and support services would be provided by the

middleware?

4. What is the functional aspects of OSF DCE and how will hey provide the basic

CS middleware services (Umar, 1997)?

Net Operating System:

The network operating systems (NOSs) will provide all of the basic C/S

middleware services in retrospect thus providing the user with transparent access to

printers, files, and databases across the network. The net operating system (NOSs)

Windows 2000 was the NOS selected to support the RPC paradigm previously mentioned

that will provide the server with the capabilities to access remote files, printers, e-mail,

directory, and back up recovery services. An Open Software Foundation’s Distributed

Environment (OSF DCE) will be used to integrate remote-procedure call with security,

directory, time, file, and print services. OSF DCE is a good client to use in terms of

providing an open CS environment where clients and servers from different vendors can

operate through the network with each other and the users of the system at the subject

information systems location. This middleware will provide the following;

• Remote communication interfaces (RCIs) for sending and receiving information

across the network. RCI may use basic protocols such as remote call (RPC),

remote data access and message oriented middleware (MOM).

• Global directories that show the location of resources (servers, databases, files,

printers) in the network.

• Print and file services (Umar, 1997).

- 20-

The client side of middleware can be quite intense because it is responsible for

providing the user access to printers, files, data bases, and other software and hardware

through network connections and network gateways that may convert network protocols.

Windows 200 NOS was selected because of its ability to cement together C/S

applications enterprise wide via a network through gateways by converting protocols

from one NOS to another. This would allow the information system to achieve system

objectives by and reduce failure in network operations capacity. This is a crucial element

in regards to the parent organization’s ability to market their product niche, transmit

pertinent data to respective clients, and receive respective data from clients in real-time

processing speed. This middleware will cost an estimated $400 per client PC (Umar,

1997).

Utilization of RPC Paradigm:

Generally speaking the RPC Paradigm is where the client process invokes a

remotely located procedure, and in turn the remote procedure executes and sends the

response back to the client process. Note that each request / response of an RPC is treated

as a separate unit of work, therefore each request can carry enough information needed

by the server to generate and send back a response. Because there is a portion of

information at the client and a portion is at the server an Interface Definition Language

(IDL) will be used to define what will passed back and forth between the client and

server by the RPC. Remote Data Access (RDA) was not used due to the insignificant

amount of variation in the type of data being sent and received.

Gateways and Applets:

- 21-

The two comparable types of gateways on the market are Java based gateways

and CGI-based gateways. In comparing these two types of gateways the primary

difference between the two is that the CGI gateway programs (which resides on the web

server) are executed on the server platform and perform defined specialized functions

opposed to simply retrieving and displaying an existing HTML page (Umar, 1997). Java

gateways on the other hand distribute the code for the target application, and send it to

the web client where it is executed. This allows Java applets to be embedded in HTML

pages and sent to the web browsers where they execute. This methodology allows for

remote application access to databases directly from the browser which is a powerful tool

(Umar, 1997). In regards to database gateways a java applet can be invoked which ask

the user to issue a query and then sends that query to a remote application or database.

This is a great user option where the database functionality runs on the client side (Umar,

1997). Java based applets can be called from an HTML document with parameters passed

in either direction. Java, which is a scripting language along with visual basic, allows

scripts to be embedded in HTML ultimately providing gateways for program access

without compilation or link editing (Burd, 2006). The java applet, which executes in

another program, i.e. web browser, runs within a specified area known as a sand box. The

sandbox provides extensive security controls that prevent the applets form accessing

unauthorized resources or damaging hardware, operating system, or file system (Burd,

2006). As depicted above the capabilities of java gateways far exceed those of CGI

gateways, therefore the java gateway types were the selection of choice for this system in

regards to the user bridging the gap between web browsers and corporate applications

and databases.

- 22-

Web Site:

In a teaming effort the web site will be set up by the marketing and it department

of the information systems organization. The information systems organizations will bye

the site on the web opposed to leasing or renting it. The web site software will coexist

with other existing network software (that has been depicted above). Network

configuration for the site has also been depicted above. Back up site and administration

tasks will be designated with the system has been constructed and put into operation

2.5 Hard Drive:

One hundred gig magnetic disks will provide the bulk of the secondary storage space for each PC’s CPU. Each disk has a flat circular shape, like a CD. Common platter diameter ranges from 1.8 to 5.25inches, 5.25 disks will be employed in these CPUs. The

disk arm will be capable of reading information off a disk being rotated at 200 times per

second. In order to combat the issue of possible volatile storage losses during temporary

power loss the system will have an electronic-disk device containing a hidden magnetic

hard drive and a battery for back up power. If external power is interrupted the electronic

disk controller will copy the data from the RAM to a magnetic disk. After external power

has been restored the controller will copy the data back into the RAM (Gage, Galvin,

Silberschatz, 2004). In the hierarchy shown below in Figure 2.3, the storage systems

shown above the electronic disks are volatile, whereas those below are non-volatile.

- 23-

Figure 2.6 Storage Device Hierarchy (Gage, Galvin, Silberschatz, 2004)

For PC

Magnetic tapes

Optical disk

Magnetic disk

Electronic disk

Registers

Cache

- 24-

2.6 Output Devices

Monitors:

The monitor s that were selected the PC work station and its specifications are

depicted below in Table 2-1.

Table 2-1 HP L1506 Flat Panel Monitor Specifications

HP L1506 Flat Panel Monitor

Viewable area 15.0 in (38.1 cm)

Pixel pitch 0.297 mm

Brightness Up to 250 nits

Contrast ratio Up to 450:1

Response rate (typical) 16 ms

Viewing Angle - Horizontal 130 °

Viewing Angle - Vertical 100 °

Native resolution 1024 x 768@60 Hz

Interface (analog/digital) Analog

Ports

Warranty - year(s) (parts/labor/onsite)

3/3/3

Printers / Scanners / Copiers

With high regard in reference to its speed and durability, the HP LaserJet 3390 All-in-

One (AiO) was the printer of choice selected. “This unit lets you print and copy

complete, high-quality, documents in no time, at speeds of up to 22 pages per minute

(ppm) letter

Work confidently—this product won’t hold you up. Instant-on Technology delivers

fast first page out speeds—less than 11 seconds copying and less than 8.5 seconds

printing—so you won’t waste valuable time waiting for output. You can pick up your

completed job before our competitors’ devices have even begun to warm up.

- 25-

Enjoy superior quality with genuine HP print cartridges. With HP Smart printing

technology, the HP print cartridge and the device work together to achieve consistent,

outstanding print quality, enhanced reliability, and a system that is easy to use, manage,

and maintain. Automatic alerts let you know when the cartridge is low or out, and you

can depend on convenient online ordering with HP Sure Supply™

Be flexible with enhanced finishing features. Standard automatic two-sided printing

helps you conserve paper. Plus, this compact desktop product multitasks—if someone is

printing or copying, you can still receive that important fax you’ve been waiting for..3

Maintain your momentum. With an optional 250-sheet input tray 3, you can get a total

input capacity of up to 500 sheets, which means you can print more pages with less

intervention and depend on the product to be ready when you need it.

Increase work team efficiency. The product effortlessly handles your volume demands

with 64 MB memory (expandable to 192 MB), 4 MB fax memory, and a fast, reliable

engine.

Get comprehensive print language support. Print complex documents with built-in

support for HP PCL5e, HP PCL6, and HP postscript level 3 emulation

Share the All-in-One capabilities. Easily and reliably connect multiple users with

standard 10/100Base-T Ethernet networking or take advantage of easy direct connections

with the Hi-Speed USB 2.0 port.

Manage your All-in-One simply. HP Toolbox FX lets you interact with your product

from the comfort of your desk, with configuration, status, and support for every feature.”

- 26-

Servers:

The HP Integrity rx7640 Server achieves high levels of functionality and value

compared with other server products in the mid-range class. Combined with the

processor-enhancing capabilities of the HP Super-Scalable Processor Chipset sx2000, the

rx7640 server delivers breakthrough performance, outstanding scalability, and simplified

management at an exceptional value. In addition, multiple-operating-system support

gives you the freedom to run the right solution for your IT requirements. The rx7640

server makes highly available enterprise computing an affordable reality.

• 2-8 Intel® Itanium® 2 processors (1.6 GHz)

• 64 GB memory capacity

• Up to 2 hardware partitions (nPars)

Up to 15 hot-plug PCI-X slots (See Table 2-1 below for Server Specifictions)

- 27-

Table 2-2 Server Specifications

2.7 Network:

“In order to allow computers on a network to communicate, the information has to

get from the user's application to the network interface card and across the network into

the user's application at the destination. This gets more complex when there may be

computers of completely different architectures on the network, and even more complex

when there are networks of different types connected together. To allow this, the process

A Collaborative Network, which is a web based network that uses the World Wide Web

to combine both distributed and centralized technologies, will be used to network the PCs

in the information system with long term client data basis. This will allow information to

readily be exchanged between the consultants, lawyers, and clients. Each computer will

operate as a separate work station, but will be able to receive resources from the server

Microprocessor architecture

8 Intel® Itanium® 2 processors (1.6 GHz with 6 MB L3 cache)

Main memory Bus bandwidth: 34 GB/s (32) Peak (sustained) Capacity: 64 GB Max Memory slots: 32 DIMM slots

Operating systems HP-UX 11i v2 Microsoft® Windows® Server 2003 Enterprise Edition Microsoft Windows Server 2003 Datacenter Edition

Internal storage devices

Internal HDD drive bays – 4 Removable media – 1 open bay for 1 DVD-RW or DDS or 2 slimline DVD

Maximum HDD (internal)

1200 GB (4x300 GB)

Expansion slots PCI-X slots available – 15 x 266MHz I/O bandwidth –23 GB/s (16) Peak (sustained)

Core I/O interconnect 10/100/1000BT LAN Ultra160 SCSI 100BT management LAN RS-232 serial ports

Rack-optimized design

Rackmount solution offering allows server to fit into 10U (44.45 cm height) space in all HP racks (Rack System/E and 10000 series rack) J1530B: HP field rack kit for server and server expansion unit J1530BZ: HP factory rack kit for server and server expansion unit For a complete list of racks and rack accessories, refer to http://h30140.www3.hp.com/

- 28-

and share its own application and files. Each computer in this collaborative network will

also have the capability to work as a client machine that can receive and process data, but

not share its own resources. There will be a web browser installed on each client that will

act as a terminal that sources information from the centralized server. This will give each

computer (client) the power of centralized computing. These network computers will

communicate to the web using a protocol called TCP/IP. Sections of the information

system organizations intranet will be connected to sections of the global internet so that

authorized clients can access specified databases within the company network. These

extended intranets are known as extranets or virtual private networks.

This collaborative network will operate similar to a mainframe computer. It will

receive information request from web browsers, receive structures, and deliver the

requested data. These servers will have the ability to distribute data any where in the

world, and provide an open network on which global users can exchange information.

The browser will grant system capability to clients, such as paying for services over a

secured internet line (via the secured server) with credit cards.

Networking Protocols:

The network protocols will be categorized according to the communicative tasks

they perform. There are two categories of protocols, which are as follows (see figure 2.6

below):

• Application layer or upper layer protocols operate at the application, presentation,

and session layer of the OSI system. These are also called user-oriented protocols

because they allow data to be exchanged between the network users and the

- 29-

applications. These protocols will first establish connections between network

users and applications and then they will initiate data transmission.

• Transport layer protocols work at the transport layer of the OSI model.

Network Architecture:

Network Software:

The ability for multiple users to use programs to allocate and compete for various

resources simultaneously on the same system is the primary objective of the network

system. Reducing the complexity of allocating resources that are not present locally or

from a remote location was a secondary network design objective. In order to meet this

tall order the system software would have to perform the following (Burd, 2006):

• Find the requested resources on the network

• Negotiate resources access with distant resource allocation software

• Receive and deliver the resources to the requesting user or program

If the computer system happens to makes its local resources available to other computers,

then system software must implement an additional set of functions.

• Listen for resource requests

• Validate resource requests

• Deliver resources via the network (Burd, 2006)

Basically the system software plays both the role of access and response in regards to

network access. The Windows XP operating system will implement the intelligence

needed to respond to external resource request. Internet explorer a self contained

component packaged within the Windows XP operating system will enable the system to

access the internet (Burd, 2006).

- 30-

2.8 Functional Aspects of the System:

The primary task of software is to translate the user’s requirements into CPU

instructions that the system can understand, process, and respond to with formatted

information that can readily be understood by the user. Some software can be complex

because it bridges the following two gaps during the transformation process:

• Human language to machine language

• High- level abstraction to low level detail

The definitions of the two primary types of software, which are System Software and

Application Development Software, that are used in a system and more importantly the

software that was selected for this particular system are depicted below in the following

subsections.

2.8.1 System Software

System software’s primary function is to designate and resource allocation to satisfy user

requirements. In a nutshell System Software can be divided into the following layers:

• System Management- are usually defined as utility programs, that have the

ability to control and manage the computer resources for the user.

• System Services – are denoted as utility programs that are used by system

management and application programs to perform common actions

• Resource allocation- are depicted as utility programs that allocate

hardware and other resources among multiple users and programs

• Hardware interface- can be defined as utility program that interact and

administer control over hardware devices (Burd, 2006)

- 31-

The operating system, which is a collection of utility programs, supports the

system users and application programs. It facilitates user access and application to

programs and hardware. The primary functions of Windows 2000, which was the

operating system of choice selected for this designed computer system, are as follows:

• Program storage, loading, and execution

• File manipulation and access

• Secondary storage management

• Network and interactive user interfaces

Web server software will be will be an optimal component of the operating system

software that will be included on all client’s server (see client/server section listed above)

2.8.2 Application Development Software:

Application Development Software is composed of binary instruction code. Many

compilers such as Java and Visual Basic are just a few of the recognized development

software. Program translators such as C++ translate instructions into CPU instruction.

Java will be used to interact with the CPU in regards to requesting web based functions.

C++ will be used to translate and request the CPU to process technical data

2.9 Functional Data Bases:

This section provides an overview of the requirements analysis process that was

implemented during the actual database design. The design team, composed of a

business/systems analyst and database designer, began requirements analysis process by

recording the requirements of the business. Once they recorded these requirements, they

analyzed the information to determine whether they identified the user, customer, and

- 32-

business needs correctly. After identifying the business requirements and goals, they

began the database design process.

In order to design a database for a business, the designers needed to understand

and document the requirements of the business. This allowed them to create and

implement a database system that satisfied the organization's business requirements and

the needs of its customers and end users (Burd, Jackson, & Satzinger, 2004). The

database system requirements analysis process involved determining, analyzing and

evaluating the business requirements (see figure 2.7 below).

Figure 2.7 Stages in the Requirements Analysis Process

The fundamental elements that were determined included the rules, data, and

processes that defined the business. These elements define what the business required of

the database and how the database system should be built in reference to those

requirements (Burd, Jackson, & Satzinger, 2004). Once the business requirements were

gathered, the design team proceeded with analyzing those requirements. By analyzing the

- 33-

requirements, they determined the system requirements, and used those requirements to

generate a functional requirements specification. The functional requirements

specification included the development of process models, Data Flow Diagrams (DFDs)

and a high-level conceptual data model of the database called a conceptual Entity-

Relationship Diagram (ERD).The business/systems analyst produced the process models

and DFDs, and the database designer generated the conceptual ERD (Rob, Coronel,

2004). Once they analyzed and documented the requirements, the analysis was evaluated.

This was a three-step iterative process. If the analysis would have resulted in being

incorrect, the design team would have been required to repeat the entire process until they

defined a final workable solution, but this was not the case.

Determining Business Requirements:

Requirements of the business were acquired by collecting information from users

in regards to their tasks. Information in regards to how data was interchanged and

exchanged in the organization, and what factors would affect the business processes. To

find out what tasks users perform, the business was divided into departments and then

subdivide the departments into the functions that each user performs. The users were

interviewed and information was gathered in reference to the work and tasks of the

performed daily. This was done to determine what information each department dealt

with, the types of processes would be involved in the tasks, and the business rules of the

department. Because information and processes are interdependent, information in

conjunction with the processes they would affect needed to be determined, which means

that either would be seen in isolation (Rob, Coronel, 2004). Once a determination was

made in regards to the information and associated processes, the business rules associated

- 34-

with these were documented. For example, a business rule may determine how

information can be accessed or how information relates to other information. Business

rules are often the determinant of database referential integrity (Rob, Coronel, 2004).

Business Requirements Analysis:

The primary reason for researching and analyzing the business requirements is to

generate a high-level conceptual data model for the proposed database. This high-level

conceptual data model is called a conceptual ERD. An ERD is a concise description of

the business data requirements and includes detailed descriptions of data groupings or

entities, the relationships between the entities, and some of the constraints imposed upon

data defined by the entities (Rob, Coronel, 2004).

Data categories

Category Definition

entity a group or category of data or objects

relationship a connection between objects in a database

Table 2-3 Data Categories

No implementation details were defined at this stage, and an ERD was created to

ensure that the data requirements of the business had been met. The ERD, which is in a

non technical format, was used to communicate the structure and content of the proposed

database to users. The ERD defined the structure of the data without being concerned

with the storage or implementation details of the final database. It allowed the user to see

the larger picture clearly, and once verified, to decompose the ERD into a lower level

detailed logical data model. This ERD and the data operations defined by process models

- 35-

and DFDs represented the requirements of the business and how the proposed system

would be developed. At this point the process models the DFDs with the ERD could be

cross checked and a determination was made in regards to whether the business

requirements had been met and whether the resulting database system would be

functional and complete (Rob, Coronel, 2004). A modification of the ERD could have

been made the user discovered any inconsistencies between the process model, DFDs and

ERD.

Requirements Evaluation:

In the final stage of the three-step requirements analysis process, the results were

evaluated. Requirements evaluation is the process of determining whether the business

requirements that are gathered and analyzed from end users and management meet the

initial requirements of the users and business involved. During this phase, the design

team needed to ensure that they had covered all the information and interpreted the

information correctly. In addition a check was made for any conflicts in the information

that they collected and analyzed. No significant conflicts were found; therefore a revision

to the requirements analysis process was not necessitated.

- 36-

Figure 2.8 Stage 3 – Requirements Evaluation

Normalization in Database Design:

Normalization optimizes database management by reducing or eliminating

redundant data and ensuring that only related data is stored in a relational database table.

Normalization is based on levels or rules called normal forms (DeBetta 2005). Currently, five

normal forms – numbered one through five – have been defined. Every normal form

builds on the previous one.

When you normalize a database, you want to

• arrange the data into logical entities that form part of the whole

• minimize the amount of duplicate data that is stored in a database

• design a database in which users can access and modify the data quickly

• ensure the integrity of the data in the database

• optimize query times (DeBetta 2005)

- 37-

First Normal Form (1NF):

The objective of 1NF is to divide the database data into logical entities or tables.

After each entity has been designed a primary key is assigned to a unique identifier

(UID.) All attributes of an entity must be single-valued attributes. A repeating or multi-

valued attribute is an attribute or group of attributes with multiple values for one

occurrence of the UID . The data base designer needed to move a repeating attribute or

attributes to a separate entity and create a relationship between the two decomposed

entities (Rob, Coronel, 2004). When working with tables, repeating columns were moved

to their own table. In the new table, a copy of the original table's UID was used as a

foreign key. Let's say that the Employee table, which is one of the administrative tables

that was designed and used by the customer, has multiple values to define the various

projects an employee that may be involved in over a period of time. Although projects

start and finish on a specific date, they may stop temporarily because of prioritization.

The Employee-Name attribute is the UID for the entity.

The Employee table prior to 1NF is shown here.

- 38-

Figure 2.9 Employee Table Before Normalization

For example, Project (1–3), Start-Date (1–3), and End-Date (1–3) are multi-

valued attributes or repeating columns. This violates the 1NF normalization rule. So a

Project, Start_Date, and End_Date was placed in a new table called ‘Project’ (DeBetta

2005).

Figure 2.10 Employee and Project Tables in 1NF

- 39-

The UID for Project is a composite key comprising ‘Project_Name’ and

‘Start_Date’, and the foreign key for Project is ‘Employee_Name’, which creates a

relationship between the Employee and Project tables.

Second Normal Form (2NF):

The aim of 2NF is to take data that's partly dependent on the primary key and

place it in another table. If a table has a composite UID, all the non-UID attributes must

be dependent on all the UID attributes – not just one or some of them. This is a

requirement of 2NF. The designer had to move any attributes that were not dependent on

an entire composite UID to another table and establish a relationship between the two

tables (DeBetta 2005).

Figure 2.11 The Project Table Before 2NF

For example, the department details depend on the ‘Project_Name’ only instead

of on the whole key. The solution for this violation of 2NF was to move

‘Department_Name’ and Department-Location to a new table called Department:

- 40-

Figure 2-12 Project and Department Tables in 2NF

The Project table has a composite primary key comprising ‘Project-Name’ and

‘Start_Date’. The foreign key comprises ‘Employee_Name’ and ‘Department_ Name’.

And the table has an ‘End_Date’ column. The Department table has ‘Department_Name’

as its primary key, and a ‘Department_Location’ column.

Third Normal Form (3NF):

The aim of 3NF is to remove data in a table that is independent of the primary key

(DeBetta 2005). Therefore a Priority attribute was added to the Project table. The Priority

attribute has potential values, such as ‘High’, ‘Medium’ and ‘Low’. Additionally, an

attribute called ‘Priority Level’ was added, which further qualified Priority into a more

detailed subgroup with potential values of "1", "2", and "3".

- 41-

The figure is shown here.

Figure 2-13 The Project Table Before 3NF

The Project table has a composite primary key consisting of ‘Project Name’ and

‘Start Date’. The foreign key comprises ‘Employee Name’ and ‘Department Name’.

Other columns in the table are ‘End Date’, ‘Priority and Priority Level’. In this example,

‘Priority Level’ depends on Priority first. ‘Priority_Level’ depends on the

‘Project_Name’ and ‘Start_Date’ UID through Priority only. The transitive dependency

of ‘Priority_Level’ is unacceptable in 3NF. So you need to move the Priority and

‘Priority_Level’ attributes from the Project table to their own Priority table (DeBetta

2005).

- 42-

The tables in 3NF are shown here.

Figure 2-14 Project and Priority Tables in 3NF

The Project table has a composite primary key comprising ‘Project_Name’ and

‘Start_Date. The foreign key comprises Employee_Name, Department_Name, and

Priority. And the table has an End_Date column. The Priority table has Priority as its

primary key, and it has a Priority_Level column. Normalization of production systems

usually stops at 3NF. Levels above 3NF are conceptually complicated and applicable to

situations that require specific solutions only (DeBetta 2005).

Boyce-Codd Normal Form (BCNF)

Unlike 3NF, BCNF requires each attribute or combination of attributes upon

which any attribute is fully or functionally dependent to be a candidate key. For example,

if ‘Column_B’ is functionally dependent on ‘Column_A’, you can associate every value

in ‘Column_A’ with only one value in ‘Column_B’ at a specific point in time. A specific

value for ‘Column_A’ always has the same value in ‘Column_B’, but the reverse is not

- 43-

true. A specific value for ‘Column_B’ can have multiple corresponding values in

‘Column_A’.

Fourth Normal Form (4NF):

For 4NF, a table needs to be in BCNF, and it shouldn't have any multi-valued

dependencies. Neither should the dependent attributes be a subset of the attributes they

depend on. And the dependent attributes combined with the attributes they depend on

should not constitute the entire entity. In a multi-valued dependency, two or more

attributes depend on a determinant, and each dependent attribute has a particular set of

values. The values in the dependent attributes are independent of each other (DeBetta

2005).

Fifth Normal Form (5NF):

For 5NF to be in effect, an entity should be in 4NF, and all join dependencies on

the table should be related to its candidate keys. When you decompose tables through

normalization, you should be able to reconstruct the original table by doing joins between

the resulting tables without losing data and without generating extra rows. This is a

lossless join. When you can't decompose a table into smaller tables, which have different

keys from the original without data losses, the table is in 5NF (DeBetta 2005).

Summary of the Database Design:

These access databases were designed using the parent child model or Network

model. One of these databases was designated as Industrial Consultant Client Data Base,

which stored client the industrial consults name (which was specified and used as the

- 44-

primary field) and relative information, i.e. organization , address of organization phone

number , fax , e-mail, (which was listed as records in the rows of this data sheet). A one

to many relationship was used to construct this database as well as all other client related

data basis including those used for patent law consults (Rob, Coronel, 2004). The

customer’s organization and ID (composite keys, where two or more primary key were

used in combination as the primary designator key) was used as the designated foreign

key, to which other databases are related or connected.

3.0 Security Introduction

Many current computer systems have a very poor level of computer security,

which has led to identity theft as well as theft of intellectual property. In such way,

computer breach has been considered to be a disastrous mistake, and the cause of much

of the insecurity of current computer systems. For Example, once an attacker gets into a

system, without well equipped computer or security features, attackers usually has access

to most or all of the features of that system. Because computer systems are very complex,

and cannot be guaranteed to be free of defects in security, therefore security tends to

change readily in regards to the computer systems. That’s when computer security comes

into play. Computer Security is the measures used to protect the systems valuable

information from getting it to wrong hand. Computer Security involves specifying and

implementing security policies, that is; defining and setting up the perimeter from lower

to higher level computer security access.

Security requires consideration of the external environment as well as protection

of the system. Both the data and the code in the system need to be protected, along with

the physical resources of the system from unauthorized intrusion and access.

- 45-

Security software should be designed to detour some of the following forms if malicious

access:

• Unauthorized reading of data (i.e. theft of information)

• Unauthorized destruction of data

• Unauthorized modification of data

• Preventing illegitimate use of the system and it’s peripherals

Authentication and Passwords

Authentication or the ability to protect the system from unauthorized access is a

major security problem. This problem will be remedied by user authentication, which is

based on either user knowledge, user possession, or user finger print. Passwords are the

most commonly used vehicle to authenticate the user’s identity to the system. Passwords

are a combination of a certain number of letter characters and numbers, as prescribed by

the software security parameters (i.e. some main frame systems may require the password

to be 8 characters of which the third character has to be numeric). The encryption that is

set up by the UNIX system will allow the system to accept the password of the user and

store it safely. However passwords can accidentally be exposed or easily guessed.

Remedies for the authentication besides the UNIX system that will be incorporated are as

follows:

Programs and System Threats:An unauthorized user may fraudulently access the system

or misuse the programs by the following methods:

• Trojan horses are code segments that misuse its environment. However long

search paths such as common UNIX systems can eliminate this problem along

- 46-

with a non- trappable key sequence, like the control –alt-delete combination that

Windows NT uses.

• Trap doors are instances where the software has been designed to check for a

specific user ID that might circumvent the normal security procedures. A trap

door can also be included in the compiler, where the compiler can generate

standard object code as well as a trap door that is supercilious to the source code.

In order to detect trap door all of the source code of the system has to be

analyzed.

Preventive Security Measures: The following measures can be implemented to combat security issues: 1) Assessing and maintaining a risk management policy for hardware, software and the people that uses it. 2) Researching new security issues and adapting policies without degrading the performance of the computers and their networks. 3) Managing physical access to computers. 4) Doing all of the above, without service disruption to those who rely on that network. Techniques for Creating Secure Systems: The following techniques will be used in engineering secure systems: 1) Simple microkernel will be written so that the system will not contain any bugs. 2) A bigger Operating System OS, able of providing a standard API like POSIX, will be

built on a microkernel using small API servers running as normal programs. If one of

these API servers has a bug, the kernel and the other servers will not be affected.

- 47-

3) Cryptographic techniques will be used to defend data in transit between systems,

reducing the probability that data exchanged between systems can be intercepted or

modified.

4) Strong authentication techniques will be used to ensure that communication end-points

are who they say they are.

5) Chain of trust techniques will be used in an attempt to ensure that all software loaded

has been certified as authentic by the system's designers.

6) Mandatory access control will be used to ensure that privileged access is withdrawn

when privileges are revoked. For example, deleting a user account should also stop any

processes that are running with that user's privileges.

7) Capability and access control list techniques will be used to ensure privilege separation

and mandatory access control.

Processes of Computer Security:

User account access controls and cryptography can protect systems files and data,

respectively. Firewalls are by far the most common prevention systems from a network

security perspective as they can (if properly configured) block the normal packets types,

preventing some kinds of attacks. Intrusion Detection Systems (IDS's) are designed to

detect network attacks in progress and assist in post-attack forensics, while audit trails

and logs serve a similar function for individual systems. “Response” is not necessarily

defined by the assessed security requirements of an individual system and may cover the

range from simple upgrade of protections to notification of legal authorities, counter-

attacks, and the like. In some special cases, a complete destruction of the system is

favored. The manufactures and specifications of the firewalls, virus protections and other

- 48-

devices that will be used during system implementation will be withheld at this point for

security purposes. Management of risks and weakest links will minimize security

breaches while maximizing productivity and performance. The most effective

methodology in computer security will be to assert and maintain an intelligent policy to

risk manage workstation use and functionality without inflicting a denial-of-service to the

people who rely on access to your computer or network.

- 49-

CHAPTER 3

PRIMARY REASERACH OF SYSTEM EVALUATION AND VALIDATION

Simulation and Modeling:

3.1 Purpose and Justification for Using a Simulation Model

For all technical purposes simulation is the imitation of a dynamic system using a

computer model in order to evaluate and improve system performance. Discrete event

simulation which models the effects of the events in a system as they occur over time was

used to implement the simulation model used to aid in the analyst in the design of this

system (Harrell, Biman, and Bowden, 2004). The emphasis in industry today has been

placed on time based competition; traditional trial and error methods of decision making

are no longer adequate. The power of simulation lies in its ability to provide a method of

detailed analysis that is not only formal and predictive, but is capable of predicting the

performance of complex systems (Harrell, Biman, and Bowden, 2004). The key to sound

management decision in any industry lies in the ability to accurately predict the outcomes

of alternative courses of action (Banks, Carson, Barry, & Nicol, 2001). This simulation

will provide the designers of the system as well as management with this type of

information.

Some characteristics of simulation which make it such a powerful planning and decision

making tool are summarized as follows (Banks, Carson, Barry, & Nicol, 2001):

• Captures system interdependencies.

• Accounts for variability in the system.

- 50-

• Is versatile enough to model any system.

• Shows behavior over time.

• Is less costly, time consuming, and disruptive than experimenting on the actual

system.

• Provides information on multiple performance measures.

• Is visually appealing and engages people’s interest.

• Provides results that are easy to understand and to communicate.

• Runs in compressed, real or even delayed time.

• Forces attention to detail in a design.

Simulation results will be used to make organizational decisions in regards to

overhead predictions, system layout, man hours, and the number of targeted customers

that the customer service representatives (servers) can interface with in a normal eight

hour work day, thus the accuracy of the results of the simulation is very important. In

many instances simulation appear realistic on the surface because simulation models

opposed to analytical models can incorporate any level of detail about the real system. To

avoid this illusion it is best to compare system data to model data, and make the

comparison using a wide variety of techniques including an objective statistical test if

possible (Banks, Carson, Barry, & Nicol, 2001).

Description of System:

A group of 5 PCs connected together by a LAN, composed of Optical-fiber-based

FDDI networking which runs at over 100 megabits per second. The LAN system will be

connected to a server which is connected to the WAN which provides access to the

interne through cooperative IP address recognition and protocol.

- 51-

Entities Attributes Activities Events State Variables Customers Industrial or

legal consultation

Customer response received and read

electronic receipt of response

number of responses received per PC per day

targeted client’s feed back

Positive response, negative response received from customer

Customer response inventoried in system to specific target area (i.e. industrial or legal)

response filed and stored on designated consultants databases

number of positive responses verses number of negative responses

Customer service follow up

delta in time between receipt of customer response and consultants follow up response to customer

response sent to customer

electronic disbursement of information system organization’s response

number of responses sent and received by targeted customers

Table 3-0 Problem Properties

Problem Formulation:

The Information System Organization will have five PCs that will receive and

inventory responses that targeted customers send in electronically through the web in

regards to electronic questioners that the customer has received at their organization (see

Table 3-0).

There were two questioners, one composed of five questions and the other

composed of ten questions, shown in Appendixes A-1 and A-2 respectively. These

questioners are composed of targeted questions that have been developed by the

industrial consultant and the patent attorney to procure industrial consultant and patent

law clients. Potential clients will then e-mail their responses back to the information

- 52-

system organization. Customer responses will then be filed contingent on how they

respond to the questioners. They will either be filed as potential industrial consultant

clients or potential patent law clients. Correct inventory and expeditious feed back to

these client responses are essential to the parent organization’s marketing and sales.

There is more then one service channel for this simulation, in fact there are five

PCs being used Monday through Friday. For the sake of simplicity we will refer to the

PCs as PC1, PC2, PC3, PC4, and PC5. A key assumption is that each PC operator,

operates that PC for eight hours per day Monday through Friday, they do not change PCs

at any time. Operator of PC1 is a better operator then PC2 operator two, PC2 is a better

operator then PC3 operator, PC3 is a better operator then PC4 operator, and PC4 is a

better operator then PC5 operator. E-mail responses arrival as shown below in Table 3-1.

The distribution of e-mail service times for PCs 1 through 5 are shown in Table 3-2

through Table 3-6.

Table 3-1 Interval Distribution of Incoming E-mails Time Between e-mail arrivals

(minutes)

Probability Cumulative probability

Random-Digit Assignment

1

2

3

4

0.25

0.30

0.25

0.20

0.25

0.55

0.80

1.00

01 – 25

26 – 55

56 – 80

81 - 100

- 53-

Table 3-2 Service Distribution of PC1 Time Between e-mail arrivals

(minutes)

Probability Cumulative probability

Random-Digit Assignment

2

3

4

5

0.30

0.28

0.25

0.17

0.30

0.58

0.83

1.00

01 – 30

31 – 58

59 – 83

84 - 100

Table 3-3 Service Distribution of PC2 Time Between e-mail arrivals

(minutes)

Probability Cumulative probability

Random-Digit Assignment

3

4

5

6

0.35

0.25

0.20

0.20

0.35

0.60

0.80

1.00

01 – 25

36 – 60

61 – 80

81 - 100

Table 3-4 Service Distribution of PC3 Time Between e-mail arrivals

(minutes)

Probability Cumulative probability

Random-Digit Assignment

4

5

6

7

0.37

0.28

0.25

0.10

0.37

0.65

0.90

1.00

01 – 37

38 – 65

66 – 90

91 - 100

- 54-

Table 3-5 Service Distribution of PC4 Time Between e-mail arrivals

(minutes)

Probability Cumulative probability

Random-Digit Assignment

5

6

7

8

0.39

0.31

0.15

0.15

0.39

0.70

0.85

1.00

01 – 39

40 - 70

71 – 85

86 - 100

Table 3-6 Service Distribution of PC5 Time Between e-mail arrivals

(minutes)

Probability Cumulative probability

Random-Digit Assignment

6

7

8

9

0.40

0.29

0.13

0.18

0.40

0.69

0.82

1.00

01 – 40

41 – 69

70 – 82

83 - 100

The problem was to determine how well the 5 PC systems would work. To

estimate the system measures of performance, a simulation of 1 hour of operation was

made. The simulation should proceed as follows: PC1 operator receives an e-mail from a

client, PC1 operator distributes and files e-mail response. PC2 operator receives an e-mail

from a client, PC2 operator distributes and files e-mail response. PC3 operator receives

an e-mail from a client, PC3 operator distributes and files e-mail response. PC4 operator

receives an e-mail from a client, PC4 operator distributes and files e-mail response. PC5

- 55-

operator receives an e-mail from a client, PC5 operator distributes and files e-mail

response.

Setting of Objectives and Overall Project Plan:

The simulation will show the following:

1. Number of e-mails received, distributed, and filed

2. Time between e-mails serviced

3. Arrival time of e-mails

4. Service time used towards evaluation and distribution of e-mails

5. Time e-mail waits in queue before serviced

6. Average time e-mail has to wait before being serviced

7. Average time between e-mail arrivals

Consequently the service time of each e-mail is very important, because the

consultants need to get the response information to the questioner so that they can contact

the party that filled the questionnaire out while it’s fresh on their mind. The key to

marketing and sales is presenting the product in a manner that makes the product

advertising and desirable by the targeted audience, and following up with the potential

client as quickly as possible. That is why the wait time for e-mails in the queue must be

kept to a minimum. Therefore it was determined that performing a simulation would be

an appropriate methodology. The simulation would ultimately show if the system is

balanced, if another PC should be added, or a PC operator may need to be replaced due to

over extended service time. Performing a simulation in C++ is an alternative method that

could be used to perform a simulation, because all of the details of the problem scenario

can be programmed into the simulation. A comparison of the initial simulation

- 56-

Model results can be compared to with those of the C++ simulation. A more

direct indictor will be a comparison of average queue time for in-service e-mails.

The amount of people and money involved are five, and $ 15,000 respectively.

Note cost must be kept to the minimum due to the limited size of the organization and the

fact that this is a new organization that has not bee established.

Model Conceptualization:

General Lay Out:

Data for this system model is limited because there is no actual system to model it

after. However a general layout of the system will be designed out as follows:

1) There will be 5 PCs connected together by a LAN for intranet access, and also

connected to a WAN for internet access.

2) These five PCs will be operated by information system representatives that have a

strong knowledge base in the areas of industrial consulting and patent law.

Operations that Require PC Service Time

1) The PC operators will be receiving e-mail responses to electronic questioners

(see Appendix A-1 and Appendix B-1) and evaluating them in regards to whether

they need to be responded to and what division specifically needs to respond to

them.

2) Distributing and filing the e-mail response that need further correspondence with

the correct division (either industrial consultant or patent law division of the

organization).

3) Send out secondary response after positive feedback is received in reference to the

questioner. The secondary response will be a second questioner sent out with

- 57-

more detailed question that are more specific in regard to that subject area, i.e.

industrial consultation or patent law. Note, this secondary response has not been

developed yet.

4) The key to this type of system is that the customer is not personally waiting for

service either in person or on the phone. The target customer receives a secondary

response via the internet within a 24 hour period. The customer is able to access

and respond to this response without engaging in and wasting valuable

communication time over the phone or face to face.

Model Objectives:

1) To calculate the average amount of service time

2) To calculate the average amount of time e-mail stays in the system before

being serviced by a PC operator.

3) The average time it takes for each individual server to file and distribute the e-

mail responses appropriately with the right department

4) To find out if the system is balanced and additional PCs will not be

necessitated to handle the influx of work.

Data Collection:

The main objective of this study is to verify that each PC operator can service 50

e-mails as denoted below on consistent bases. This is the most important data because

approximate sales as shown in the implantation phase below can be predicted, as well as

facets of the overhead budget that would be necessitated to operate and sustain the

system. As previously stated the time the e-mail waits in queue and goes in queue does

not have a direct affect on customer service or the sales generated.

- 58-

Each PC operator will start with 70 e-mails to service in their queue at the

beginning of the day; this quantity is the amount that was prescribed by management

after there assessing the following calculation:

In an 8 hour work day minus 30 minutes for lunch and two 15 minute breaks,

leaves 7 actual of hour of work time per PC operator to service e-mails.

There are (7 x 60 minutes = 420 minutes) 420 minutes in 7 hours,

Assuming that it can take a maximum service time of 8 minutes for an operator to

access, interpret, file, and service an e-mail; 420 minutes divided by 8 = 52.5

Therefore it was assumed that each operator should be able to service 52 e-mails

in the course of one day. Therefore five operators working five days a week

should be able to service 52 x 5 (days) x 5 (PC operators) = 1300 e-mails for the

week, 1300 x 4 (weeks) = 5,200 e-mails / month; 5200 x 12 (months) = 62,400 e-

mails service per year.

The hours of operation of the PCs are between 8am EST and 4 pm EST. Baring in mind

that the individuals that have the authority to review the initial questioners shown in

Appendix A-1 and B- would be upper management, who would normally send out

response e-mails after normal business hours; with this in mind the data that the PC

operator service will be collected two days prior and placed into their queue one day prior

to them accessing it.

Model Translation:

This model will not be programmed into a simulation language. Instead for the

sake of simplicity and diminished special purpose simulation software will be used, ‘Pro

Model’ simulation software. This software was selected because the problem is amenable

- 59-

to solution with this type of software, which will result in reduced model development

time (Gagne, Galvin, and Silberschatz, 2004).

The Arena Business Edition software will be used to simulate this model.

Graphical representation and object based development are some of the key attributes of

the Arena Standard Edition software. Modules represented by icons will be used to

represent individual PCs and the flow of e-mails that enter the system to be evaluated.

Upon evaluation the e-mails that need to be responded to will be sent to one of two

selected modules; either the module that contain e-mails for targeted industrial consul

tees or the module that contains the-emails for the targeted customers that need patent

attorney representation. The standard resources that this software provides in regards to

queuing operations, process logic, and system data make the software an excellent fit.

The standard graphics that are used in this software will be used to show the average

number of e-mails serviced for the five day week, the average time e-mails are left in

queue. Graphical representation of all of these elements will be ideal for summarizing

data for presentation purposes. Investors can predict organizational income, growth, and

overhead expenditures. Random numbers will be generated to perform an analysis on the

input data given (assumed) in the problem formulation and implementation sections.

Hand calculations will be used to perform the analysis, which consist of the following

three steps:

1. Identifying the appropriate probability distribution

2. Estimating the parameters of the hypothesized distribution

3. Validating the assumed statistical model by a goodness-of fit test

(Gagne, Galvin, and Silberschatz, 2004)

- 60-

Verification:

The concept ional model is realistically and correctly represented in the

computerized representation. The following guidelines will be used for verification

purposes:

1. Computerized representation will be checked by an outside vendor

2. The model output will be examined closely for reliability under a variety of

settings, inputs, and scenarios by the systems analyst and the PC operators

3. The computerized representation will print the parameters at the end of the

simulation to ensure that the parameter values have not been changed by mistake

4. The computerized documentation shall be made to be as self documenting as

possible. Every variable will be depicted by a precise definition

5. An IRC will be used to debug and correct errors in the simulation (Gagne,

Galvin, and Silberschatz, 2004)

Validation:

Model assumptions for this model fall under both categories structural

assumptions and data assumptions. Structural assumptions refer to how the system works

in reality, which has been outlined above in the problem formulation section above

(Banks, Carson, Barry, & Nicol, 2001). The only assumption that was not addressed is

that e-mails are serviced on the rotation in which they entered the queue, simply put a

first come firs served basis. The structural assumptions will be verified by actual

observation on a daily and weekly basis. Data assumptions such as the number of e-mails

serviced per PC per hour, per day, per month, and the amount of revenue that it could

possible lead to is important in regards to generating an economic analysis from a sales

- 61-

standpoint. Calculations have been performed in the problem formulation and

implementation section to validate these assumptions.

Experimental Design:

The model will simulate the e-mail being accessed by the PC operator at which

point the operator will evaluate the responses and distribute and file the e-mail response

to the appropriate section of the organization. The function of runs may vary if

experimental data supports it, for example if the number of e-mails that were expected to

be serviced by each operator was consistently exceeded then the number placed in queue

to be serviced the previous day would be changed by an increment of 10 in order to

reduce the amount of possible PC operator idle time. The number of simulation runs will

be dictated by the consistency of the out put after the simulation has been actively ran for

a 6 month period. However, note that this is a working simulation where all input and out

put data will be used to procure clients and ultimately increase revenue for the parent

industrial consultant and patent law organization. During this six month period PC

operators will be monitored on their production monthly. Additional training in regards to

the interpretation, file, and distribution will be given by the industrial consultant and the

patent attorney. This will serve two primary purposes to increase the number of e-mails

serviced and more importantly negate discarding potential customers due to wrongful

interpretation of questioner responses by the PC operator. An output analysis for steady

state simulations will be performed for a single long run simulation. After six months a

managerial evaluation of all experimental data will be performed and the system shall be

tweaked according to the permutations of experimental data collected.

Production Runs and Analysis:

- 62-

The production run analysis shall be performed by output analysis based on

random variability and random number generations that will be used to produce the

values f the input variables: where two different streams of or sequences of random

numbers will produce two different sets of outputs which (probably) will differ (Banks,

Carson, Barry, & Nicol, 2001) .

The performance of the system will be measured by a parameter θ; the result of a set of

simulation experiments will use an estimator θ1of θ. The precision of the estimator will

be measured by the variance of θ1. The purpose of the statistical analysis will be to

estimate the variance or determine the number of observations required to achieve the

desired position. Where Y, is the total number of –emails serviced per week by a

networked system of PCs; Y will be treated as a random variable with an unknown

distribution. The simulation shall be ran for 1 week, that will proved a single sample

observation from the population of all possible observations on Y. The run length of the

sample size will be progressively increased to n observations, Y1, Y2, and Yn, based on a

run length of n weeks up to a maximum of 24 weeks. However these observations do not

constitute a random sample, because they are statistically independent. Therefore since

statistical independence will not be directly applicable to the analysis of this data. Other

methods and assumption shall be performed during model conceptualization.

More Runs:

As long as the number of e-mails serviced does not decline greater then 20 %,

additional simulations beyond six months will not be necessitated or performed, due to

the nature of the business and more importantly the shortage of start up revenue

possessed by the organization.

- 63-

Documentation and Reporting:

The only individuals that will be running reports will be the manager of the

Information systems organization; it will not be modified by different analysis. Progress

documentation will be implemented for this model, due to the small close knit

environment of the organization. A chronological history of system performance, changes

made, and work done will better serve this organization.

Reports shall be generated and discussed during each week to enable the PC

operators to see where their numbers are. This important to the PC operator, since their

monthly incentive bonuses are based on these numbers. The only deliverables or major

accomplishments will be number of e-mails serviced that resulted in new client

procurement. The logic behind this is simple; revenue is made by effort put forth on the

front end by the PC operator being prudent in interpreting, distributing, and filing the e-

mails that had positive responses. This has a direct correlation on the revenue earned by

the parent organization.

Production results before and after training sessions shall be documented for

every PC operator as well as their feed back on the instruction given during the training.

This feed back is important and shall be merged into upcoming training sessions for

future as well as present employees.

A monthly or final report shall be distributed to the parent organization, primarily

the industrial consultant, patent attorney, chief marketing executive, and CEO. Decisions

in regards to adjustments of input variables, training changes, equipment changes or

additions, and management shall be based on these final reports.

- 64-

Implementation Phase:

Rough Economic Analysis of Expected Simulation Results:

If 10 % of the 62,400 e-mails service per year resulted (previously stated in the Data

Collection Phase) in client procurement for both divisions combined, and that 10 % was

divided by 2, there would be 3200 probable new customers for each division, taking 5%

of those to equate a more realistic number of 160 new customer annual for each division.

This would break down as follows in terms of compensation:

160 Industrial Consultant Clients x average charge of $4000 = $640,000 annually

160 Patent Law Consultations (which includes representation for new patent submittals,

defense against infringement suits, prosecutions against infringement suits, and contracts)

160 clients X average fee of 7,000 =1,120,000

In summary if the guidelines previously mentioned were used to run a simulation

and the system was shown as being balanced which resulted in similar numbers

previously mentioned in the hand calculations then the design of this system could be

viewed by management as cost effective investment.

- 65-

CHAPTER 4

SUMMARY AND CONCLUSION

In summary this paper defined some of the business requirements, define

explained how the systems analysis was performed, and what the results of the analysis

were. How the system was designed, which was based on the system analysis, was

discussed as well. A problem was formulated that incorporated the functional aspects of

the system while operating and performing the required task during a specified time.

Hand calculations were performed to provide numerical results to management that

would validate and verify that the system design selected would in fact satisfy the

business requirements, i.e. if the number of PCs and operators were sufficient to handle

the predicated influx of business. The option of running simulations were presented along

with the required input and parameters if that option was in fact selected as an alternative

form of verification and validation of the system design functional results. Simulation can

prove to be a powerful tool in regards to its ability to provide a method of detailed

analysis that is not only formal and predictive, but is capable of predicting the

performance of complex systems (Harrell, Biman, and Bowden, 2004). Simulation can

provide management with ability to accurately predict the outcomes of alternative

courses of action (Banks, Carson, Barry, & Nicol, 2001).

However, running a simulation would result in substantial upfront cost for the

parent organization. Granted the fact that there immediate capital expenditures are low

- 66-

and there projected log term net capital gain would be minimal, the available amount of

upfront capital investment is extremely limited. Therefore a simulation was not ran.

In conclusion based on the results generated from the hand calculations performed

in chapter three, management could ascertain realistically how the system would perform

and completed all business requirements, thus validating its design as positive investment

and asset to the parent organization as a whole.

- 67-

APPENDIX A-1

Industrial Consultant Consultation Questioner

1. What is your company size in terms of number of employees?

2. How many facilities do you have either nation wide or internationally?

3. What is the nature of your business?

4. What is your current level of production and does it exceed or fail to meet the

projected company objectives in terms of production, gross sales, net income?

5. What is your current overhead costs in the following areas:

A: Production:

1) Man hours:

2) Raw Materials:

3) Plant Operations Cost, which includes utilities, machine maintenance,

and preventative maintenance.

B: Marketing:

1) Man hours

2) Present Marketing proposals:

3) Future Marketing Ventures

- 68-

APPENDIX B-1

Patent Right Assistance Questioner

1. How and why did you think of this design?

2. What is your design and describe its functional aspects?

3. Why do you think you need to procure patent rights for your design?

4. How do you know that your design is not duplication already on the market?

5. Was your design directly designed as an extension of another design?

6. Does your design perform some of the same functional aspects that another

design does?

7. How do you plan to manufacture your product and what amount of overhead

cost will be involved?

8. Is a company backing you on this design or are you submitting it as an

independent agent?

9. How long does it take to manufacture one of the products?

10. Where will you obtain the raw material and machinery necessary for

production?

Note: The questioners listed above are generic and are used to gain general knowledge

about potential client’s organizations. The questioner will be detailed further by

the organization’s proper personal once they are in place.

- 69-

REFERENCES

Banks, J., Carson, J., Barry, N., Nicol, D. (2001) Simulation and Modeling I Prentice Hill A Pearson Education Co. Upper Saddle River, NJ 07458 Burd, S., Jackson, R., Satzinger, J. (2004). Systems Analysis & Design In A Changing

World, Boston Massachusetts: Course Technology Burd, S. (2006). Systems Architecture, Fifth Edition.

Course Technology, 25 Thomson Place, Boston, MA. 02210 DeBetta, P., (2005). New T-SQL Features in SQL Server

http://vnu.bitpipe.com/rlist/term/Database-Design.html Gagne, G., Galvin P., Silberschatz A., (2004). Computer Operating Systems Hoboken New Jersey: John Whiley & Sons, Inc. Harrell, B., Biman, G., Boyden, R. (2004). Simulation and Modeling II Mc Graw-Hill Inc. Rob, P., Coronel, C. (2004). Database Systems Design, Implementation, and

Management, Sixth edition; Technology a division of Thompson learning Co. Turabian, K. (1996). A manual for Writers of Term Papers, Thesis, and Dissertations,

Sixth Edition. Chicago: The University of Chicago Press, Chicago IL. Umar, A., (1997). Client Server Computing, Custom Edition. Prentice Hal Inc. a Pearson

Education Company, Upper Saddle River, NJ. 07458 http://www.cioupdate.com/trends/article.php/3559636 http://en.wikipedia.org/wiki/Computer_security http://www.computerworld.com/securitytopics/security/story/0,10801,106169,00.html http://rwebs.net/micros/Imsai/multi.htm

Multiprocessors and Shared Memory for Ultimate Flexibility; 1999-2003 by Randy Wilson

- 70-

REFERENCES (CONT.)

http://h10010.www1.hp.com/wwpc/us/en/sm/WF05a/18972-238444-410636-12004-f51-

1140785.htmlHP LaserJet 3390 All-in-One - overview and features