sybase unwired platform 1.2 developing secure blackberry applications
DESCRIPTION
analysis of SUP 1.2 March 2010TRANSCRIPT
Page 1 of 12
Sybase Unwired Platform
- Developing Secure Mobile Applications for BlackBerry
Author: Edwin Ramos
Position: Mobile Technology Consultant
Company: Cell Telecom Ltd
Date: 26th
March 2010
Page 2 of 12
Introduction ........................................................................................................................ 3
Synopsis – Sybase Product Portfolio ................................................................................... 4
Alternative Development Options ...................................................................................... 4
What is the Sybase Unwired Platform ................................................................................ 6
“Nuts and Bolts” Of SUP ..................................................................................................... 6
Data Synchronisation ...................................................................................................... 7
Backend Integration ........................................................................................................ 8
Local Data Storage .......................................................................................................... 8
Development Environment ................................................................................................. 9
Security ........................................................................................................................... 9
About CESG ................................................................................................................. 9
Mobilise Restricted Data ........................................................................................... 10
HTTPS Secure Data Access – Varying Modes ............................................................ 10
Conclusion ......................................................................................................................... 11
Page 3 of 12
Introduction Since the birth of mobile devices produced with historical operating systems such as
VxWorks, DOS, Epoc-16, Palm O/S and Windows CE the enterprise mobile revolution has
continued to accelerate rapidly. A number of Integrated Development Environments
(IDE) and M-enabling platforms have been created to support the development of
mobile solutions that targets these device operating systems. Taking into consideration
the days of Penright Mobile Builder, AppForge Mobile VB and the current popular tools
such as the latest Visual Studio with .NET Compact Framework and BlackBerry JDE the
technology currently available in the mobile industry has come a very long way ever
since. It is clear that the methodologies that are now involved for creating mobile
applications enabling remote access to data from the corporate infrastructure is in
constant evolution.
One can only make a true or false assumption that a mobile platform is suitable during
the process of evaluation after all the necessary success criteria’s have been taken into
consideration. We are unable to conclude one true answer to this question. We have
already learned from historical projects that each M-commerce requirement may have
its own characterised success criteria attached to it. Some aspects of a perceived
projects success criteria’s may include “developer productivity”, “rich product features”,
“shorter development timeframe”, “security”, “faster time to market”.
This paper will clarify some aspects of the technology behind the Sybase Unwired
Platform (SUP) v1.2, taking a closer view of this mobility platform from a developer’s
perspective and identifying the individual strength and weakness of the features behind
this latest mobilisation technology available in the market.
It is important to remember that like any new product offering, it has costs and risks as
well as benefits and some of the promised benefits may or may not materialize
accordingly.
As part of this document we will also be looking into the UKBA POC mobile application
which was developed using SUP 1.2 as part of the development workshop hosted by
Airpoint Ltd. A number of use cases defined in which a secured BlackBerry mobile
application was created by representatives of Sybase.
Page 4 of 12
Synopsis – Sybase Product Portfolio Sybase is one of the largest enterprise software and services company exclusively
focused on managing and mobilizing information. With global presence, enterprises can
extend their information securely and make it useful for employees anywhere using the
latest devices. Since the late 1990’s the Sybase product portfolio has included the data
synchronisation software known as MobiLink and the UltraLite local database
technology, these have been flagship products for Sybase ever since. In essence in this
past decade Sybase has released into the market a number of major Mobile Platforms
like the iAnywhere iWireless Server [solution offering based on the popular Sybase
EAServer which was a J2EE solution comprising of a bunch Enterprise Java Beans and
SAP BAPI connection generator]/ mBusiness Anywhere [based on AvantGo technology]
and the Sybase Unwired Accelerator(UA) & Unwired Orchestrator(UO) [wizard driven
application server – with connectors to enterprise systems such as SAP]. The latest
derivative from the UA/UO offering is a new product called the Sybase Unwired
Platform version 1.2.
Alternative Development Options
a) SUP 1.2 > Mobile Application Designer
Mobile Business Objects – “underlying ML download cursors + row level handling for
Java API” for data transport
UltraLiteJ + AES layer for secured data access layer + BES/MDS secured HTTP(s)
connection. SUP Generated mobile client application through DAD/BOB
Pros:
1. Based on industry standards SOA architecture, good designer support for creating
mobile data workflow:
2. SUP Workflow for developing apps
a) Connection Profile
b) Mobile Application project
c) Drag & Drop functionality for MBO’s
d) Deployment Profile
e) Device application designer & API framework
f) Code generation
g) Integrated with BB simulator
With the above functionality provided by SUP the developer is given good tools for
all necessary development of BB apps.
3. Provides a good foundation and a sense of structure to the developer and uses the
most popular IDE in the market such as Eclipse & Visual Studio through SUP plug-in.
4. 4GL + Rapid Application Development methodology with no real developer
knowledge needed to quickly mobilise a db schema.
5. Adheres to CESG security standards
Page 5 of 12
6. Built on top of existing proven synchronisation and local data storage technology ML
+ UL with added benefits of the application designer for the extra value add to creating
mobile apps.
7. Synchronisation cycle is fast but due to additional encrypt/decrypt both from the
network and client there is a small amount of additional processing. Based on UKBA use
cases the user should be able to search and display data within 60-90 seconds flat.
However, it is directly dependant on network coverage & signal strength, optimised sync
scripts and consolidated database. During real live implementations certain tasks can be
done to ensure quick sync capabilities.
Cons:
1. Restricted ML functionality exposed by SUP designer. ML provides more
synchronisation events + procedures as part of built in synchronisation cycle both from
the upload + download phase.
2. Restricted RDBMS functionality accessible from the mobile application designer and
deployed application due to layer generated by SUP DAD/BOB.
i.e. ULJ may be fragmented over time due to the constant inserts and updates on the
remote database. No way to defragment or reorganise indexes.
3. Restricted integration to types of web services.
4. User interface controls is currently limited but is addressed during the v1.5 release.
This resulting mobile application may not be as native/fluid as a normal BB rimlet app.
5. Data transferred during upload statements incurs row level data. Which means if a
table consisted of 10 columns and only 1 column has been modified, during the upload
cursors the whole row consisting of 10 columns is uploaded resulting in non-optimized
data transfers plus on top of this the before image and after image is also uploaded.
This means that if 1 column is changed there is an additional 19 column worth values
being uploaded for no reason apart from possible conflict resolution purposes on the
whole row.
6. Completely dependant on Sybase technical support when a feature does not function
as expected. Due to the SUP designer the developer is unable to troubleshoot the
underlying sync script or client code. i.e. during workshop > image capture being
uploaded to consolidated db and experienced issues with right truncation error during
uploads.
b) UL JAVA + ML + RIMLET
Pros:
1. Full support for ML synchronisation events. i.e. connection level, table level
2. Full control of available ML options
3. Full control for ULJ options
4. Full control for mobile application look and feel plus controls and events exposed to
the developer.
5. Can adhere to CESG security standards, can utilise existing BES/MDS infrastructure.
AES as standard for data access layer on mobile application to ULJ.
Page 6 of 12
Cons:
1. Could potentially increase development timeframe, but this is directly dependant on
individual developer skills.
2. Typical use cases tackled during the UKBA workshop will probably take an additional
30%>45% effort due to hand-coding.
3. Data transferred during upload statements incurs row level data. Which means if a
table consisted of 10 columns and only 1 column has been modified, during the upload
cursors the whole row consisting of 10 columns is uploaded resulting in non-optimized
data transfers plus on top of this the before image and after image is also uploaded.
This means that if 1 column is changed there is an additional 19 column worth values
being uploaded for no reason apart from possible conflict resolution purposes on the
whole row.
c) SECURED WEB SERVICE + XML/JAVA OBJECTS Local datastore
RIMLET
Pros:
1. Full support for what data is uploaded and downloaded to the BB mobile application
major disadvantage of having to write from scratch. Software developers may have
existing mechanisms that have template approach to developing web services.
2. Full control of all UI elements can fully utilise RIM API’s controls & events etc
3. Full control for mobile application look and feel plus controls and events exposed to
the developer.
3. Can adhere to CESG security standards, can utilise existing BES/MDS infrastructure.
Cons:
1. Typical use cases tackled during the UKBA workshop will probably take an additional
30%>45% effort due to hand-coding.
2. Time consuming but dev timeframe can be decreased ensuring the right team is
utilised.
What is the Sybase Unwired Platform SUP is a development and deployment vehicle, enabling the creation of mobile clients
for back-end enterprise applications. SUP enables developers to push applications out
into today's heterogeneous mobile device environment.
“Nuts and Bolts” Of SUP The following sections will provide a detailed insight into the mechanics of the SUP
mobility platform.
Page 7 of 12
Data Synchronisation The MobiLink data synchronisation server has been available for the past decade and
can be classed as a proven platform for taking subsets of data on a mobile level.
Typically this is paired up with an UltraLite remote database deployed on the specific
mobile operating system in conjunction with a mobile application that acts like a
window view to the data from a consolidated database.
The Sybase SUP embeds this technology as a transport layer. This is completely enclosed
and wrapped up in a designer tool that generates the synchronisation objects known as
Mobile Business Objects. The MobiLink data synchronisation technology implements
numerous synchronisation events such as connection level events and table level
events.
The generated code within the MBO’s effectively hooks into the synchronisation events
from the MobiLink server, in turn invoking the classes and methods through the
mechanics of the MobiLink Java API. One of the features of this is known as direct row
handling. This mechanism allows the interception of the rows of data that is being
uploaded from the remote database and be passed on to external classes and methods
for processing as defined in a mobile business workflow. I.e. save to external RBMS
tables, consume a webservice and use columns within a row of records as parameters.
An example of this could be:-
A remote database with an Orders table which stores order details for a CRM mobile
application and during the upload cursor of this table the direct row handling could
intercept the rows being uploaded to the consolidated database table and passed to an
external java class or .net class with a method that implements custom code. This code
could be integration into other systems such as connection to other RDMBS, web service
consumption or any other code that may be written in JAVA or .NET.
Through the SUP these MBO’s represents the code as described above, the MBO’s can
be instantly created and enable data synchronisation from applications on supported
mobile devices rapid.
Each remote database can contain a different subset of the data in the consolidated
database. The partitioning can be disjoint, or it can contain overlaps. For example, if
each employee has their own set of customers, with no shared customers, the
partitioning is disjoint. If there are shared customers who appear in more than one
remote database, the partitioning contains overlaps.
Partitioning is implemented in the download_cursor and download_delete_cursor
scripts for the table, which define the rows to be downloaded to the remote database.
Each of these scripts takes a MobiLink user name as a parameter. By defining
synchronisation scripts using this parameter in the WHERE clause, each user gets the
appropriate rows.
The MBO’s are generated on the fly through a process of clicking, pointing, dragging.
Page 8 of 12
These synchronisation logic generated from the diagrammatic design tool are stored
inside the Adaptive Server Anywhere consolidated database.
The SUP uses this consolidated ASA database like a take off/landing pad for the data
being used by the remote users.
Although SUP cleverly creates this synchronisation logic on the fly and inevitably
resulting on shorter development timeframes due to the wizard approach the
developer/super user is completely shielded from other functionalities that MobiLink
synchronisation technology offers. There are numerous other events that the developer
may want to make use of during the synchronisation process which may not be available
due to the loss of granularity and control through the use SUP MBO designer.
This could allow a user to write external functions to be invoked using either .NET or
JAVA code. This cannot be done if through the use of SUP however by implementing
MobiLink on its own the developer can have more control of the synchronisation setup.
Backend Integration The SUP uses a Service Oriented Architecture (SOA). In fact one of the very first
enterprise mobile platform vendors that encompassed this methodological approach
includes companies like Dextera (2006) now taken over by Antena. Also other popular
enterprise mobile vendor such as Syclo already has this approach implemented within.
This Service-orientation defines loose coupling of services and SOA separates functions
into distinct units.
Due to the many variations of Web Services and no code written by the developer to
consume a web service from within SUP the result, only certain amount of support for
Webservices which becomes resticted due to code generation and granularity of control
by the user if created from within the SUP
This barrier can be removed if the MobiLink synchronisation technology is utilised
outside of SUP. As external JAVA or .NET code can be invoked by registering a class and
a method call during sync events as defined by the MobiLink Server API.
Local Data Storage The mobile application generated by the SUP uses the UltraLiteJ component which is
part of the SQL Anywhere product line. UltraLiteJ provides Java applications with a
MobiLink synchronisation client, together with change-tracking and state tracking to
ensure robust synchronisation. UltraLiteJ applications are automatically MobiLink-
enabled whenever the application includes a call to the appropriate synchronisation
function.
The UltraLiteJ application and libraries handle the synchronization actions at the
application end. UltraLiteJ applications can be written with little regard to
Page 9 of 12
synchronisation. The UltraLiteJ runtime keeps track of changes made since the previous
synchronisation.
The level of control that the developer has with the underlying UltraLiteJ database is
virtually none. This is due to the fact that SUP generates a data access layer “DPL” in
together with the SUP layer. A mobile application with an underlying UltraLiteJ database
can be written independently written without the use of SUP. This will allow the
developer to gain more control of the features of UltraLiteJ but the disadvantage of
possibly increasing the development timeframe. This may not be ideal for companies
that want to rapidly market their mobile solutions.
Development Environment Includes a powerful 4GL tooling environment that speeds mobile application
development. Integration with common IDEs, such as Visual Studio and Eclipse, enables
developers to leverage existing tools and expertise.
• Offers seamless integration with a variety of enterprise applications, including SAP
and Remedy, or any other application that leverages databases or Service
Oriented Architecture (SOA )/Web Services.
• Provides an excellent tool for rapidly creating mobile applications which supports
BlackBerry and Windows Mobile operating systems.
Security
About CESG CESG is the Information Assurance (IA) arm of GCHQ and is the UK Government's
National Technical Authority for IA, responsible for enabling secure and trusted
knowledge sharing to help their customers achieve their business aims.
There are five key principles, essential for safe electronic transactions:
* Confidentiality- keeping information private
* Integrity - ensuring information has not been tampered with
* Authentication - confirming the identity of the individual who undertook the
transaction
* Non-repudiation - the individual who undertook the transaction cannot
subsequently deny it
* Availability - ensuring information is available when required
Information Assurance is about meeting these requirements.
Page 10 of 12
The transport layer for SUP utilises MobiLink synchronisation technology and works in
conjunction with the CESG accredited security algorithms for data transfer layer and
device data storage. This can be implemented without the use of SUP as the encryption
algorithm is provided as part of the core SQL Anywhere product portfolio.
Mobilise Restricted Data Through intensive security evaluation, the Government Security Authority, CESG, has
issued a final guidance document that assures the BlackBerry® wireless communications
solution for use by government employees to handle restricted data.
With a BlackBerry solution, government and public sector professionals can securely
connect to colleagues and operational data on the move. CESG approval means that
BlackBerry solutions can now be deployed with confidence by government organisations
to provide mobile access to restricted data.
Through this accreditation, BlackBerry devices offers government users the assurance
that data and emails are secure, both in transit and on the device. The BlackBerry
Enterprise SolutionTM uses widely trusted encryption technologies that are considered
computationally infeasible to break, namely:
• Data Encryption Standard (Triple-DES) and Advanced Encryption
Standard (AES) for data in transit. All data remains fully encrypted during transit.
• AES for data on the device.
HTTPS Secure Data Access – Varying Modes BlackBerry MDS Services act as a secure gateway between the wireless network and
corporate intranets and the Internet. They leverage the BlackBerry AES or Triple DES*
encryption transport and also enable HTTPS connections to application servers.
BlackBerry smartphones support HTTPS communication in one of two modes,
depending on corporate security requirements:
* Proxy Mode: An SSL/TLS connection is created between BlackBerry Enterprise Server
and the application server on behalf of BlackBerry smartphones. Data from the
application server is then AES or Triple DES* encrypted and sent over the wireless
network to BlackBerry smartphones.
* End-to-End Mode: Data is encrypted over SSL/TLS for the entire connection between
BlackBerry smartphones and the application server, making End-to-End Mode
connections most appropriate for applications where only the transaction end-points
are trusted.
Page 11 of 12
Because MobiLink is used as the transport layer by SUP, it basically piggy backs on top of
the accredited CESG approved Blackberry security architecture and end to end security
policies.
Conclusion Delivering on the promise of Service Oriented Architecture (SOA), SUP does allow rapid
response and adaptation to business change without the high cost normally associated
with such challenges. In order for adaptive mobility to be successful, it is critical for
companies to deploy solutions rapidly with the aide of SUP and its wizard driven
methodology this is achievable.
The only caveat is that the end product may be restricted in some manner in
comparison to developing a mobile application from the standard IDE’s and API’s due to
the level of control that is available to the developer. i.e. Controls and events associated
with the controls. With the up and coming SUP v1.5 these restrictions will be resolved
further. It is now up to the mobile market to take adaption of this new Mobile Platform
from Sybase for this product to be deemed as an innovative solution. One thing to keep
in mind is that the underlying technology has been around for many years and it
certainly is a proven data transport layer and local data storage technology.
In addition, SUP is about ease of development and deployment for in-house custom
applications. This means mobile applications and business processes can be created by
business analysts who understand the individual departments or group’s best without
having to wait for a package application vendor to provide a generic set of applications.
All in all SUP does seem to provide rapid mechanisms for creating mobile applications on
the fly without too much development knowledge. It would be interesting to see what
the cost implications would be in comparison to licensing MobiLink and UltraLite to the
SUP product portfolio. In essence it is up to the customers to gauge out if its worth
paying the price for a wizard driven mobile platform with less development control both
from the data synchronisation and mobile client UI perspective to using the underlying
core technology MobiLink and UltraLite created by experience mobile developers. In the
end this really remains in the hands of key decision makers.
Page 12 of 12