ps edms architectural overview

electronic document management system

PS-EDMS Technical Overview

Version 1.0

December 13th 2004

ProgressSoft – Council of Family Affairs Confidential

PR

OG

RE

SS

S

OF

T

CO

RP

OR

AT

IO

N

LE

AD

ER

S

IN

I

NN

OV

AT

IV

E

SO

FT

WA

RE

Enterprise Document Management System

PS-EDMS Architectural Overview

Version 1.0

July 4th 2005

ProgressSoft

- 2 -

Contents Contents ............................................................................................................................. 2 Figures................................................................................................................................ 4 Introduction........................................................................................................................ 5

Section 1.................................................................................................................................. 6 System Overview............................................................................................................... 6

Solution Layout ........................................................................................................... 6 Section 2.................................................................................................................................. 9

Features and Implementation........................................................................................... 9 Concept....................................................................................................................... 9 Business Features .................................................................................................... 11 Scalability .................................................................................................................. 11 Network Independence.............................................................................................. 11 Graphical User Interface [GUI] .................................................................................. 11 Multi-lingual ............................................................................................................... 12 Ease to use................................................................................................................ 12 Security...................................................................................................................... 12 Notification and Alerts................................................................................................ 12 Zero Administration ................................................................................................... 12 Integration and Image enabling ................................................................................. 12 Expansion.................................................................................................................. 13 Multiple Server Support ............................................................................................. 13 Fax............................................................................................................................. 13 Annotation.............................................................................................................. 13

Section 3................................................................................................................................ 15 PS-EDMS Architecture .................................................................................................... 15

High Level Models..................................................................................................... 15 Management Component .......................................................................................... 16 Reports Component .................................................................................................. 17 Retrieve Component.................................................................................................. 18 Entry Client Architectural Model ................................................................................ 18 Capture Module ......................................................................................................... 19 Data Entry Module..................................................................................................... 19

Section 4................................................................................................................................ 22 PS Security Sub-System................................................................................................. 22

Security Web Service................................................................................................ 23 Security Kick-out Windows Service........................................................................... 23 Security ACL Model .................................................................................................. 23 Security Administration Model................................................................................... 23

- 3 -

Monitoring.................................................................................................................. 24 Access Control List (ACL).......................................................................................... 24 Users and Groups ..................................................................................................... 24

Section 5................................................................................................................................ 25 PS Store Sub-System...................................................................................................... 25

PS-Store Sub-System Architectural Model ................................................................ 25 PS-Store Component Model ..................................................................................... 27

- 4 -

Figures

Figure 1.1: PS-EDMS Solution General Layout....................................................................... 6 Figure 1.2: PS-EDMS Solution Layout .................................................................................... 8 Figure 2.1: Concept of HSM based Enterprise Document Management Systems .................. 9 Figure 3.1: PS-EDMS General Modeling Architecture........................................................... 15 Figure 3.2: Entry Client Architectural Model .......................................................................... 18 Figure 3.3: Batch templates and classes............................................................................... 20 Figure 4.1: PS-Security Component Model ........................................................................... 22 Figure 5.1: PS-Store Architectural Model .............................................................................. 25 Figure 5.2: PS-Store Component Model................................................................................ 27

- 5 -

Introduction

The global paper bottleneck is real. Each business day, around the world, we produce over 4.3 billion paper documents. That's over 1.5 trillion documents moving across our desks and into our filing cabinets every year. And it's growing at an annual rate of twenty percent.

Firms usually store the flow of paper work through photocopies or microfilms. These are manually indexed. Each time the staff receives or needs to revise a document, he has to go back to the archive for check-up or viewing notes. In fact, all of these lengthy procedures are bearable if a small amount of archive or just one department is there. Otherwise, a search and a communication problem will arise.

Document Archiving and Management Systems are tremendously powerful tools. The speed and ease with which a document can be archived and displayed on the screen using a computer offer a phenomenal advantage over the photocopier or even the microfilm systems. Document Archiving and Management Systems are helping businesses overcome this hurdle.

PS-EDMS is not just another document archiving system; it is the latest art of technology system for document management and archiving. PS-EDMS is completely based on the web technology by design using the latest Microsoft 2003 server architecture with the .NET application platform re-enforcing the IIS 6.0 as a very secure web server with the highest performance ever known.

This document will describe the architecture and design of PS-EDMS and its different sub-systems and modules including: PS-Store, PS-Security and PS-Notification. We will also describe the technologies and development tools used in designing, developing and deploying the system.

ProgressSoft Enterprise Document Management System

- 6 -

Section 1 System Overview

This section will provide an entrance to understanding the PS-EDMS system architecture and design. It will provide a background of the system design and then describe the general system layout. At the end of this section we will provide a brief description of the core system components.

Solution Layout PS-EDMS is based on a modular design that integrates a system out of a set of sub-systems, modules and components.

PS-E

DM

S C

ore

LAN

Ext

erna

l DM

Z LA

N

Figure 1.1: PS-EDMS Solution General Layout


- 7 -

As figure 1.1 above indicates; PS-EDMS is composed of a set of servers located in a main local site in a secured network infrastructure. Optional remote regions may implement the application server component to enable regional document management and enterprise service levels.

The main site is composed of the following set of servers and configurations:

• PS-EDMS Application Servers: the front end system that users actually access to carry out their work in PS-EDMS environment is the application server. PS-EDMS defines two sorts of application servers: the local region and the remote region application servers. This definition provides the scalability power of PS-EDMS. While we can always start with a local region application server located in the PS-EDMS main site; we can always grow our configuration either in a scale up or scale out fashion. By providing other business regions with their own dedicated application server that is capable of communicating with the main site; we are providing an unlimited scaling capability to offer document management and processing capabilities at an enterprise level.

• Store Media Servers: one or more store media servers can be configured to utilize different media storage types: optical, RAID, and tape. The media servers are responsible for storing the document images that consolidate the most numerous amounts of document archive data. PS-EDMS is designed to access any existing media storage technology with the possibility to adopt any new evolving media technology.

• Store Server: the store server is the entry point to the HSM set of media servers. It provides the transient phase that managed documents pass through in their way to the final media server offline media. It also provides a faster online response for the most recent used documents.

• Security Server: is the server that is responsible for providing data access control lists (ACL) for the objects of the system including: documents, pages, templates, users and other resources. By implementing the security as a sub-system; PS-EDMS provides a flexible means of introducing security technologies as they evolve. Our security sub-system is designed to utilize LDAP integration to cover all needed aspects of security in any professional system; this includes: user authentication, privileges and roles, object access lists (ACL), in addition to many others. For more information please refer to section 6 of this document (PS Security Sub-System).

• Database Server: PS-EDMS core system data is composed mainly of three pieces of information categories: System Data, Document Images, and Document Indexes. System data includes templates and system operations control. Document images are scanned images saved in special media storage server using different media technologies mentioned above. Document indexing is the core of the search and enquires facility that allows users to easily and efficiently retrieve document information based on indexed search criteria. While the actual document images are stored on media servers; their index information is kept online using the index database server to provide the highest performance in query and search procedures.

• PS-EDMS Capture Client: in PS-EDMS the capture client is designed as a special client/server module that utilizes the web technology using HTTP and HTTPS protocols to communicate with the application server via communicating a specialized web service. The client is based on the latest .NET technology for SmartClients using C# programming language. This module provides a rich set of


- 8 -

functionality that is meant to enhance productivity and utilize different capture instruments and scanners.

• PS-EDMS Web Access Client: the other PS-EDMS client is based completely on the web technology and is designed and implemented using the latest application platform from Microsoft (the .NET with IIS 6). It is implemented using ASP.NET and is fully compliant with the technology. The client provides URL based access to the ASP.NET application located at the application server to allow users to access PS-EDMS functionality using Microsoft IE 6.0 web browser from a Windows XP professional client workstation. This is the light weight thin client of PS-EDMS that allow access to system functions from a LAN, WAN, Intranet or even the Internet in a secured environment.

PS-EDMS mentioned earlier in this document, the PS-EDMS capture client is a client/server based module, data can be scanned at any location with connection to the PS-EDMS network, and the archived files can be viewed at any other location. Thanks to the PS-Notification sub system, the PS-EDMS is capable of notifying any user in the system of specific events like document scanning, which enable the notified user to take whatever appropriate action, like printing the document for physical file storage.

Client Network

Local Region Main Site

PS-EDMSApplication

Sever

PS-EDMS Storage Servers LAN

Firewall

Database Server

Tape-basedStore Media Server

Backend Systems LAN

Optical-basedStore Media Server

Scanning StationUsing

Client/Server Client

PS-EDMS Network

Security Server

RAID-basedStore Media Server Optical Storage

RAID Storage

Store Server

Client PC

Physical Storage

Operator

Figure 1.2: PS-EDMS Solution Layout

- 9 -

Section 2 Features and Implementation

This section will concentrate on providing a business perspective view of the PS-EDMS system. We will talk about the concept of enterprise document management and then introduce the major business, technical and functional features of the system and at the last part of the section we will describe the possible system configurations that a business can adopt to fully utilize the scale-out and scale up features of the system.

Concept The simple concept of enterprise document management system that is based on the Hierarchical Storage Management (HSM) technology is illustrated in figure 2.1 below.

Capture UserCapture Client

Web Access Client

Web User

Store Server

Media Servers

Store Database

Media Database

Optical Storage

RAID Storage

Tape Unit

Web Access Client

Manager Role

Forward, Delegate or

Escalate

1

2

3a

3b

4

5

6

7

8

9

10

To be imported

To be Scanned

Document File Cache

PS-EDMS Application

Server

Figure 2.1: Concept of HSM based Enterprise Document Management Systems

The concept is very simple. The source of documents to be stored, indexed and managed is either an existing document files produced by back end systems and solutions (Office, PDF, and imaging) or a pile of physical paper documents posted on daily bases or from the


- 10 -

existing paper archive. The procedures that can take place are described in the numbered bullets in figure 2.1 as follows:

1. A capture user connects to a store capture client either to import an existing set of document files or to scan a pile of physical paper documents.

2. The capture client scans or imports document files and submits them to the store centre server.

3. at the store centre server the following two steps take place to guarantee the delivery of the submitted document files:

a. Store server places submitted document files in the store cache file system. This step is necessary to allow actual asynchronous delivery to media servers and to provide better performance when accessing most recent document files.

b. Then store server will add records to identify document files and provide extra indexing information that will assist online enquiries for local cache.

4. Asynchronously, store server will deliver newly submitted cached documents files to the appropriate media server to be stored permanently into the actual offline media.

5. Media servers will store delivered documents to permanent offline media of their concern. They will also add store records to the media database to enable later retrieval of stored document files by identifying the media volumes and file ids and actual paths stored.

6. Users who need to access stored document files will always submit a web query request to the store centre server via a web access client.

7. Web access clients will direct web access user requests to the store centre server. The store centre server will either satisfy web access client user requests from its local cache or will consult the media servers for actual download from offline media.

8. Web access users may send document files as notification attachments or links to work co-partners in a forward, delegation, or escalation mode.

9. Forwarded, delegated, or escalated users will access the file documents using the same web access client.

10. Store centre server will respond to web access client requests for stored document files in the same manner.

The idea behind the HSM is to enable a scalable multi-media hierarchical storage management. With one or more store centre servers an enterprise can provide access to all of its document libraries and archives in a transparent way regardless of the actual media holding the document files being stored or retrieved. The store centre server provides performance and scale up feature.


- 11 -

Business Features Document Archiving and Management Systems are tremendously powerful tools. The speed and ease with which a document can be archived and displayed on the screen using a computer offer a phenomenal advantage over the photocopier or even the microfilm systems. Document Archiving and Management Systems are helping business overcome this hurdle.

PS-EDMS saves the manual work of photocopying, saves the huge spaces needed for archiving, and saves the running costs of photocopiers and microfilms. All additional stamps, marks or notes attached to a document are displayed to the concerned and authorized personnel upon retrieval. PS-EDMS remembers all of this special information and maintains it in a special database for subsequent retrieval.

The most profitable organizations at the top of their trades are customer-oriented. Customers need information, and an efficient access to that information is critical to your survival. Customer service is often the difference in determining the market share of the firm.

PS-EDMS makes it possible to archive documents in a variety of configurable indexing fields, where users are able to add, update, search, retrieve and delete documents form the web interface.

Scalability PS-EDMS offers a very flexible and scaleable filing structure. There is no limit on the number of folders that can be used in the system.

There is no limit on the number and type of pages that can be contained in one document. There is no predefined division to the filing structure (Folder). The user can define any number of folders and subfolders in the system to suit his departmental needs. The filing structure for each department can be completely separated from other departments. The PS-EDMS filing structure allows for references for the same document to exist in different folder. The same document can be (logically) stored in different locations at the same time.

Network Independence PS-EDMS is fully network independent and can be implemented on combinations of TCP/IP, Novell, NT Server, Banyan, LAN Manager, Power LAN, , and any other networks. The networks can be combinations of Ethernet, Token Ring, Optical Fiber, T1, etc.

Graphical User Interface [GUI] PS-EDMS is a web-based system where users may access the system from any machine that has IE. It has Client Entry modules employing the latest Windows technology and user interface standards.


- 12 -

Multi-lingual PS-EDMS is completely multi lingual for both menus and text entry. PS-EDMS is not designed for one language, but was written to be a language independent Document Archiving and Management System. All the functions and features are available in any language; Flipping between menu languages is a matter of a single keystroke or mouse click. Indexing and data entry can all be done in RTL, LTR or both.

Ease to use PS-EDMS enables users to archive and retrieve all of their paper and electronic documents with greater speed and efficiency. With PS-EDMS, the user can store any kind of paper, including: vouchers, project records, customer records, member records, patient records, legal records, student records, accounting records, Microfiche, Microfilm, X-ray, CT-scan, MRI documents, A0 drawings and maps.

Security One of the most powerful and advanced features of PS-EDMS, where an Administrator may set access rights, the Policy add Users (Info, Settings, Work Hours, Vacations, Roles, Privileges, & Workstations), edit or delete system users, Groups or Roles, manage the Security Trash, Manage user sessions, provide an active Directory of registered domain users and the directory options such as settings. Notification to provide messages and e-mails and an easy to use Help Also, each object has an Access Control List (ACL).

Notification and Alerts Online monitoring on all actions on the system, and notify the assigned users through e-mails, internal mail, instant message, fax and SMS.

Zero Administration PS-EDMS enables administrators to remotely manage the devices that users are running, as well as the software that runs on these devices. This includes the ability to define a software policy that specifies the applications, data, and desktop environment that a user can access, regardless of which computer the user logs on to.

Integration and Image enabling PS-EDMS data access is provided through four-tier architecture: Interface, Business, Database, and DB Engine layers.

The External database server can be any ODBC level 3 compliant database server including ORACLE, MS SQL Server, Sybase, Informix etc…, without using a proprietary database.

PS-EDMS is fully interpretable with the Client Application System, using an advanced API development toolkit.


- 13 -

Expansion PS-EDMS can accommodate your needs today and far into the future with no sacrifice of quality or software/hardware investment. You can start with an EDMS server that consists of 3 servers (EDMS, Security and Media) imaging system then add more users (with no limit to the number of Clients with an I. E. connection, licenses and additional functionality, such as Enterprise Report Manager (ERM), Workflow, internet access, HSM, print/fax server or enhanced data mining modules, to create an enterprise-wide web-based system. PS-EDMS has the ability to notify user(s) in the events of a fax being received and indicate the FAX location in the system.

Multiple Server Support PS-EDMS is a truly scaleable system that serves the requirements of a single user and grows to satisfy the requirements of work groups and enterprise imaging.

PS-EDMS can reside on a single server or can distribute its processes across several servers to balance the load across network:

• Media server • Store server • System server (EDMS) • Security server

Fax PS-EDMS serves the reception of all incoming faxes to a fax server where they will be poured into a receiving pool to be posted to the personnel in charge. This fax server for Windows platforms depends on windows fax services and consists of a fax modem on the server. It also serves the transmission of all outgoing faxes.

PS-EDMS serves the reception of all incoming faxes to a fax server where they will be poured into a receiving pool to be posted to the personnel in charge. This fax server for Windows platforms depends on windows fax services and consists of a fax modem on the server. It also serves the transmission of all outgoing faxes.

Annotation PS-EDMS Supports the following annotations:

• FILLED RECTANGLE • HOLLOW RECTANGLE • HIGHLIGHTER • STRAIGHT LINE • POLYLINE • FREEHAND LINE • FILLED ELLIPSE • HOLLOW ELLIPSE


- 14 -

• FILLED POLYGON • HOLLOW POLYGON • ARROW • TYPED TEXT • STAMPS • ATTACH A NOTE • BUTTON • PUSHPIN • RULER • PROTRACTOR • REDACTION


- 15 -

Section 3 PS-EDMS Architecture

Figure 3.1 bellow defines the upper level models of PS-EDMS. In its typical form, PS-EDMS consists of a group of sub-systems, processes, databases and file systems. The following sub-sections provide details about the PS-EDMS model and the data entry and web access client.

Data Entry Client Web Access Client

PS-EDMS

PS-Security

PS-Workflow

PS-Notification

Store DB Security DB

Workflow DB

Notification DB

Store Cache

Media Management

Media DB

Storage Media

PS-Store

LDAP

Figure 3.1: PS-EDMS General Modeling Architecture

High Level Models The core of PS-EDMS is the Application Server model. PS-EDMS application server can be either local region or remote region. In addition the system consists of three other sub system models and integrates with the PS-WF system.


- 16 -

PS-Security sub system model is responsible for providing security needs of the PS-EDMS system including user authentication, Access Control List (ACL) , data item security, licensing and certification, and control of policies and global security templates, PS-Security sub system will be discussed in details in section 6 of this document.

PS-Notifications sub system model handles system collaboration needs and requirements; it supports different types of alerts, some are automated and some are born on demand when users need to forward, delegate or escalate issues, PS-Notifications sub system will be discussed in details in section 7 of this document.

PS-Store sub system consists of two major components; the store server model and the media management model. Store server presents the front end of the PS-Store sub system that PS-EDMS application servers (store clients) connect to in order to carry out their store and retrieve requests. The media management model presents the final destination of the documents being managed and it supports a number of different media types (tapes, RAID, and optical media). PS-Store is the art of HSM based storage management system. It will be discussed in section 8 of this document.

Management Component This is the richest component of the core PS-EDMS system. It handles all management aspects that include: classes, templates, folders, batches, regions, cache, logs, route, and trash. Each of these management tasks is implemented as a main object in the component and it acts as a management entity.

It is worth mentioning that the PS-EDMS management model is now a completely ASP.NET based solution utilizing .NET class libraries and components implemented in C#.

Templates Management Object

Document templates used to classify stored documents into types. So each document type will have its own indices that are defined by the user who creates the template, and filled by the entry man.

Class Management Object

All the operations that should be done on a document, all the stages that the document should pass through until reaching the final destination, and the document templates are represented by document class. Document Class provides the user with the ability to specify the stages a document should pass through, and the properties of each stage. The system may have as many document classes as possible.

Batch Management Object

The batch manager is responsible for managing batches being created based on templates and classes. The management allows creating deleting and organizing batches.

Cache Management Object

In PS-EDMS three levels of caching are proposed in the system: the first of which exists at the PS-EDMS core system level; the other two are within the Ps-Store sub system. These caches are meant to provide the best possible performance, throughput and response time within the system.


- 17 -

The cache management object in the management model component is responsible for managing the cache located within the PS-EDMS system.

Logs Management Object

PS-EDMS logging features add logs to system log files and frequently create log files that are left in the file system for reference and auditing purposes. The accumulation of these log file will require clean up every now and then. This object is responsible for providing this sort of log management to system administrator.

Trash Management Object

The trash feature provides rollback capability regarding document deletion in the system. Whenever a document, page, batch, etc. is deleted while trash is enabled; the actual object is moved to a trash collector basket instead of being actually purged. To allow management of this trash so that objects can be either restored from trash or permanently purged the trash management object is provided.

Folder Management Object

A document library is the folder-file representation of stored documents for browsing. It can be a part of some final modules (Storing, Export, CD-Publish) and should be accessible through the settings of that module.

Management system should provide the ability to:

• Add Folder • Add Folder Shortcut • Rename Folder • Delete Folder (taking in mind the documents available in this folder) • Move Folder • Order Folders

Addition of folders can be static, through the folders UI using mouse and keyboard. Or it can be dynamic through some kind of script that creates folders at storage time.

When the document library is a part of Storing module; documents can exist in more than one folder by DB record duplication, not by physical file duplication.

Rout Management Object

As we mentioned before PS-EDMS integrates with PS-Workflow (AKA PS-WF) that is a fully fledged workflow designer, processor system. But PS-EDMS provides simple routing capabilities as a built in feature as well. These capabilities are provided by the route management object.

Reports Component The reports component is responsible for providing the means to design, process, and generate EDMS reports.


- 18 -

Retrieve Component The retrieve component in PS-EDMS provides three major functions: browse, search and view. It allows browsing of document, carrying out simple and advanced searches and provides the means to view document pages.

Entry Client Architectural Model Figure 3.2 provides an illustration of the entry client architectural model. The model consists of two modules: capture and entry modules that are composed of a container of a set of objects (components) that cover different entry client requirements.

Capture Module

Entry Module

TWAIN Scanning ISIS Scanning Kofax Scanning

Image File Import General File ImportShell Extension

BatchingAsynchronous

Directory Capture

Digital Source

Quality Control Operations Indexing Annotations

Batch Operations Document Operations Page Operations

Domains Templates Classes

Figure 3.2: Entry Client Architectural Model

The capture module feeds the entry module with document files captures using a variety of capture mechanisms and tools like TWAIN, ISIS and Kofax scanners, image files located in file system, general document files, file system folders and digital sources like cameras, digitizing pad and light pen.

Entry module, on the other hand, provides document organizing and data information keying and capturing objects. These include image and document quality control, annotation, and indexing. The module also provides special set of objects to support batch, document and page operations.

The batch object provides interfaces to other batch useful objects: templates, and classes.


- 19 -

Capture Module The entry client capture module is a container of a set of objects (components) that provide interfaces to a variety of document file capture mechanisms and technologies. The object component based approach designing this module provides the flexibility of adding new technologies and mechanisms without disturbing the existing system implementation; as well it allows better adoption and configuration control over installed modules.

The current implementation of the capture module supports the following objects that present different technologies and mechanisms:

• TWAIN Object: this object allows the capture of document file images using any TWAIN based scanner. Most of the flat bed low and heavy load scanners support this interface.

• ISIS Object: this object provides support to another technology that interfaces flat bed scanners. It is called the ISIS interface. Again, most of the scanners available in the market support this interface.

• Kofax Object: Kofax is a specialized image processing interface card dedicated to interfacing high performance, heavy duty scanners. It is an extension card that is interfaced with a special technology APIs that allow driving the scanner in an efficient way raising the process of document capture. Kofax is the solution of choice for enterprise businesses that have huge daily volumes that need to be captured, stored and indexed in an automated process.

• Image File Import: this is a special object that provides mechanism to import documents in single document mode or multiple documents at a tie from the file system to the PS-EDMS system. It is appreciated when archiving old company documents that used to accumulate on LAN server storage wasting space needed for other daily tasks. This object supports all image file formats available and used these days including BMP, GIF, JPG, TIFF, PNG, JBIG, etc.

• General File Import: this object is used to import general file formats including, word processing, spread sheets, office files, binary files, etc. these files can be stored and exposed to full text search mechanisms.

Data Entry Module The data entry module is the complementary of capture module; having both of them concludes the entry client model. Captured documents need to be processed before they are submitted to the store web service at the cache server in order to be staged for migration to media servers. This processing includes quality control, annotation and indexing. The entry module works in a hierarchical folder based batched operational mode with three levels deep tree: batch, document, and page.

The batch presents a set of documents where each document contains one or more pages. Documents are the major concern of the store system and are the valuable indexed entity in the system that can be searched for, enquired and retrieved. Pages are the contents of document files.

Following are the details of each of the objects present in the data entry module.


- 20 -

Batch Operations Object

The batch object handles document batches. A batch is a group of documents related together while in the data entry phase. The criteria to define a batch depend on the business process and workflows. There are some operations that must be carried out to prepare batches to be moved to the next queue, or it maybe functioning operations and they are as listed bellow.

Figure 3.3: Batch templates and classes

• Batch Creation • Batch Opening • Batch Suspending • Batch Saving • Batch Deletion • Batch Renaming • Notes

Document Operations Object

The operations that are handled by the document operations object are listed bellow.

• Document Insertion • Document Duplication • Document Copying • Document Deletion


- 21 -

• Document Moving • Document Renaming • Document Merging • New batching • Notes

Page Operations Object

The page operations include all of the operations applicable on the document except some but also include:

• Combining and splitting • Append pages from top to bottom • Append pages from bottom to top

Quality Control Object

The quality control operations are dedicated to providing captured document images with an image quality that will assist the automated indexing operations and put the document pages into their final shape that they will be stored in. these operations include: rotation, inversion, despeckle, clean borders, change orientation, crop, deskew, flip and undo.

Indexing Objects

The index object refers to the entry of the index fields that was predefined at the template creation stage. These fields help us in the search about indexed documents after storing them in the database. Many sources of index data entering methods are suggested based on COM objects, that is, each data source represented by a COM object acting as plug in objects .All objects interfaces are identical, with standard input parameter as we recommending an XML file to input the parameters to be a dynamic entering for these parameters with the definition of the object being used to recognize which object. The main advantage of this design is that when we want to add another data source to the index object we just create another object holding the same interfaces and the same input parameters with the same output format.

- 22 -

Section 4 PS Security Sub-System

PS-Security is based on LDAP integration; the system provides transparent integration to LDAP and Active Directory security tools and features. The user is provides with the facility that interfaces with LDAP to provide domain and site security administration and management tasks.

PS-Security is the ProgressSoft general software solution security sub system used in many of our product lines. It was designed to provide all security needs and requirements to almost all of our systems. Figure 4.1 bellow provides the main simple component model of the security sub system.

Figure 4.1: PS-Security Component Model

In its simplest form; PS-Security consists of two processes and four components. The main process is a .NET XML web service that provides all the security functionality usually needed in any software solution system. This web service is transparently integrated with LDAP and Active Directory to provide administrators and system with coherent access to security features without the need to introduce different security levels. The second process is a user login monitoring service implemented as a Windows service that works in the background as a watchdog to monitor and log user logins. It also provides means to kick-out users from the system when a user leaves his workstation logged in while carrying out no actions.


- 23 -

Security Web Service Security Web service is an LDAP transparent integrator that provides integration of security features with LDAP. Administrators may use LDAP and Active Directory tools to administer the system (PS-EDMS) security while the system will make benefit of LDAP through transparent access using the XML web service interfaces.

Security Web service is targeted to provide a set of Web methods for controlling users’ access and listing security objects.

Security Kick-out Windows Service The Kick-out process is a windows service that is hosted within the same security server platform to provide user login monitoring and logging. After each successful call to the Login method, a new record in the ‘ULN’ table is created for the new session. This record contains the start date and time of session, the session ID, and the logged-in user ID.

Each session has a time-out period. When the session exceeds this period the session must be abandoned. So, the Kick-out Windows service handles this job. Whenever the server is started, Kick-out starts automatically. All what it does is to pass over all the active sessions each ten minutes, and deletes any session has been lasting for more than ten minutes without being updated.

Security ACL Model ACL module provides the ability to add, update, or delete users/groups privileges on a specific system object (document, folder, class, template…).

Accessing any object in the system depends on the ACL record related to the user\group; according to ACL record the currently logged user will be granted the privileges on this object.

Only user\group has an Owner privilege can add, update, and delete ACL records, other users\groups can only view the ACL record.

Security Administration Model The security subsystem in PS-EDMS is based on the latest standards in security systems. It involves the following technologies and standards that are universal and platform and system independent, and system auditing.

This function enables the Administrator to:

• Add users or a group of users • Assign their rights, login time, login workstation,


- 24 -

• Assign baskets for them • Assign their password • Determine the account policies • Determine who is permitted to do what • Determine what they are allowed to view • Assign the default privilege • Determine the system operators • Monitoring • Administrator enabled or disabled Audit (track) the usage of the system modules

and their activities. This in turn determines the access rights of each user or group of users and which activities should be tracked.

Monitoring Audits users work by displaying all devices that run the system. It displays the status of the system and the status of administrator and the users even if they are not connected. It displays all domains the user and administrator work on and login time. This in turn determines the access rights of each user or group of users and which activities should be tracked. PS-EDMS creates a complete access control list for each file, independent of that file's location. This means that every user has access to needed information no matter where he is physically located. Yet, all stored documents are well protected, as users see only the files they are authorized to see. The system also controls who can create new versions of any given file, regardless of data type or application used.

Access Control List (ACL) Acts as a filter between the executing module and the database, allowing the user only to see the accessible objects: Batch, Folder, Sub-Folders, Document, Page, Class, Template, document profile, annotation, etc...

If the user is not granted an access right to any object, he will not even know that it exists within the system.

Users and Groups Users and groups of users need to be set with specified access rights according to the employment hierarchy, these users could be Local users (PS-EDMS users) or Domain users (Windows imported users), archiving templates and classes have to be created to control the archiving process and tracking options selected to monitor performance. This is the system administrator's responsibility.


- 25 -

Section 5 PS Store Sub-System

PS-Store is the HSM based document cache, storage and retrieval system. It is completely based on the .NET XML/SOAP and ASP.NET technology. The following paragraphs will describe its architecture in more details.

PS-Store Sub-System Architectural Model Figure 5.1 provides an illustration of the architectural model of PS-Store; the core model in PS-EDMS enterprise document management system.

Figure 5.1: PS-Store Architectural Model

In its typical design based on an HSM design pattern. The model involves a set of file systems, databases, web services and system services; in addition to providing a specialized management console application.


- 26 -

PS-Store is compromised mainly of three modules: cache server, media server and management console. These components are described in more detail in the following paragraphs.

Cache Server Module

Cache server is the core of the system. It consists of four components: file system cache, store database, batch system service and client access web service. These components are described as follows:

• FS Cache: the file system cache is used for two main purposes: • Used as a temporary staging storage of new documents submitted to PS-Store in

order to be permanently stored in the media servers. • Caching of the most recently used items for better performance and faster

response. • Store Database: the store database holds the new cached documents indexing and

identification information and it also holds the information of cached most recently used documents.

• System Service: the windows based system service provides asynchronous batch processing of caching requests between the cache server and the media servers. It works in a scheduled check, process, and sleep form as a standard windows system services controlled through the windows system control panel MMC.

• Store Web Service: this is the model interface that remote clients use to access the PS-Store services (submit, enquire, and retrieve). It is a standard XML / SOAP web service that is currently implemented as a .NET XM web service. Its design allows the implementation of the web service with other technologies as well (SUN J2EE).

Media Server Module

Media servers are the last destination of HSM managed documents. The server module consists mainly of two components: a database and a web service.

• Media Database: the media database holds all identification information of stored documents so that enquires and retrievals can be satisfied and documents can be easily located.

• Media Web Service: the media web service is responsible for satisfying cache server requests to migrate and de-migrate media stored documents.

Management Consol Module

The management console is a system management control object (MMC) that provides management functionality for both the cache server and media server modules. It has access to both cache and media databases to maintain and manage these databases. The MMC provides system administrators with efficient remote management functionality so that they can manage the set of cache and media servers from one location (the administration workstation).


- 27 -

PS-Store Component Model PS-Store is composed of a number of modules and components that consolidate the main functionality of the system focused on caching, storing and retrieving document files.

The PS-Store is web-based file storing system. It’s built on the .NET platform and it utilizes the new technologies used to build enterprise applications such as Web services, SOAP, XML, WSE and DIME.

The main purpose for this system is the same for any storing system, which is to store and retrieve files to/from the repository. The files are transferred from the client machine to the storing server using web services (HTTP protocol) with the help of DIME attachment and vice a versa.

This system is considered to be an HSM (Hierarchical Storage Management) system. The basic idea of the HSM systems is to classify the data that is to be stored to three levels:

• Level one is the data that must be readily accessible. • Level two is data that is accessed periodically. • And Level three is archived data that is accessed infrequently, but is usually kept to

comply with business rules regarding record retention and other factors. Figure 5.2 bellow provides an overview of the different PS-Store sub-system.

Store Client

Client Communication .NET Assembly

Store Cache Server

Store Web Service

Store Windows Service

Store DB

Store Cache

Database Engine

Migration Application

Store Media Server

Migration / De-migration .NET Assembly

Media Server Management .NET Assembly

Media DB

Media Web Service Compression Library

Management Tools

Management Console(Control Centre Application)

Logging Library

Figure 5.2: PS-Store Component Model