The IBEAM technical architecture is the framework for the development and deployment of information systems across the department. It provides an adaptive information technology framework, which facilitates the rapid automation and restructuring of programs and services. IBEAM is intended to deliver continually evolving services more quickly, less expensively, and more consistently than in the past. In conjunction with a comprehensive information management planning model that begins at the division level, IBEAM allows for the rapid development of applications focused on a specific client's needs in the context of automation for the enterprise.
The IBEAM architecture can be summarized as a set of principals that offer business alignment, n-tier design, model driven concepts, MVC (Model, View, Controller) pattern, iterative development and reusable components.
This architecture provides all divisions and programs within DENR the flexibility to quickly deliver information systems supporting the unique characteristics of each program while sharing common characteristics of programs across the department. IBEAM uses an architectural framework of standard components (Java components, utilities and other shared infrastructure components) to allow developers to easily add modules and applications. With IBEAM, integration of the individual departmental requirements into a single, enterprise Web-based technology is possible. Instead of separately developing and maintaining divisional applications, centralizing development into the IBEAM framework allows sharing of both system resources and data, while maximizing staff resources at a level that was not previously possible.
As a common framework, the IBEAM initiative at DENR will embrace all future application development throughout the department with a single environment and a core set of shared components and communication tools. These processes provide functionality to the IBEAM application modules that would normally be developed and maintained separately for each.
The IBEAM architecture offers layers of common shared objects and components that are available to all applications in the infrastructure. The shared components provide standard methods for database access, security, utility services, and n-tier development. Figure 1 below provides an overview of the IBEAM technical architecture.
Architecture Platform and Tools
Standards - The IBEAM platform employs the Java Enterprise Edition specification, as guided by SUN's Java Blueprints. The JEE platform is a single standard for implementing and deploying enterprise applications, and was developed through an open process, engaging a range of enterprise computing vendors, to ensure that it meets the widest possible range of enterprise application requirements. As a result, the JEE platform addresses the core issues that usually impede organizations' efforts to maintain a competitive pace in the information economy. The JEE platform is designed to provide server-side and client-side support for developing enterprise, multi-tier applications. Such applications are typically configured as a client tier to provide the user interface, one or more middle tiers that provide client services and business logic for an application, and backend enterprise information systems providing data management.
The JEE platform provides advantages, which include simplified architecture and development, code reuse and scalability to meet varying demands, integration with existing information systems and resources, and choices of server, tools and components.
Presentation Logic - IBEAM applications are totally Web-based and are available to users in virtually any location where the Internet is available.
Business Logic - The business layer utilizes the Tomcat servlet container to provide typical enterprise Web application server functionality.
Data - Oracle 10g is used for the data layer, providing both an enterprise data repository and content management capabilities. Oracle is one of the leading vendors for relational database technologies supporting Web-based deployment. It is also a long-standing technology leader in data management, transaction processing and data warehousing to the Internet. Oracle provides a set of tools for both database administrators and developers, which support normal administration functions, including backups, and index optimization.
Reporting - IBEAM uses SAP BusinessObjects/Crystal Enterprise Reporting system to deliver enhanced reporting based on a crossplatform,Web-based architecture. Crystal Enterprise is designed to integrate seamlessly with existing Web applications, and provide a single infrastructure for a wide range of projects requiring reporting, analysis, or information. Crystal Enterprise is utilized for Web-based deployment of Crystal Reports. With the Crystal Reports tool, developers can easily design and deliver rich, interactive content from virtually any data source, execute it from applications and publish it to the Web in a variety of formats. It is part of a suite of integrated technologies that ensure data can be accessed, analyzed, formatted and delivered to virtually any stakeholder with an Internet connection. WebIntelligence reports provide tools for creating automated and scheduled reports, ad hoc report creation, and report modification to business users.
System Environment - Development
System Environment - Server
Application Development Architecture
IBEAM is a comprehensive application development, test and production environment where DENR applications will be designed, developed, and deployed. It facilitates the development process through an array of complimentary application development tools and technologies compiled into a single infrastructure to address development problem solving and to meet the business needs of the entire department. The integrated IBEAM environment combines reusable objects with shared code that is deployed to all applications in a standardized, n-tier application development infrastructure. In conjunction with consistent,improved management practices, IBEAM is intended to reduce the historical time and cost of application development and management across the department.
IBEAM implements the industry recognized MVC (Model, View, Controller) separation pattern as an architectural framework. This architecture allows for a clean separation of business logic, data, and presentation logic, so content providers and application developers are able to focus on what they do best. IBEAM applications use Struts and Spring web application frameworks. The initial focus will be on project development and management, and security. Once staff in a division indicates an interest in developing an information system, a user group for the project is established and DENR ITS assigns a coordinator to work with the group to define system requirements. The requirements are defined according to a standard SDLC (System Development Life Cycle) approach and documents are compiled and placed in a "notebook" on a Web site, which serves as a repository for all IBEAM system documents. During the requirements development process developers review the documents periodically to resolve development related issues before coding begins. Developers new to IBEAM can refer to a Wiki documentation site intended to help acquaint them with the infrastructure.
An issue/project reporting system was developed which provides a standard set of tasks to which developers can record their time each week, by project. This system will be used to facilitate time management, track project progress, and to develop activity statistics for IBEAM projects across the department.
While developers can write code from a full product suite on their desktops, Subversion provides version control for the infrastructure. Subversion also allows for concurrent development, and automates and standardizes the change process as well.
IBEAM uses Oracle as its database management system with data access accomplished through specific connection pools, each of which has its own id and password. Unlike many tools in the information economy, Oracle is not new and has a strong relational DBMS history. DENR also has a history of using Oracle that predates the IBEAM initiative. That experience affords DENR the opportunity to build on the lessons learned overtime, making Oracle a familiar choice.
The IBEAM data implementation complies with both the STA and DENR's ATA, which present Oracle as an approved tool. IBEAM has incorporated code to manipulate data in an Oracle database through a standard set of data access objects that are applied across all modules and make data access and management conform to a consistent method without the use of proprietary server extensions.
One of the core strengths of Oracle is the ability to manage large volumes of data, which are accessed by many users via a network. The IBEAM initiative will also provide the opportunity to establish common and consistent storage management policies for the maintenance and retention of data, including tape and disk management processes.
The BusinessObjects XI enterprise reporting system uses a replicated Oracle database.
A long-term objective of the IBEAM initiative is to migrate all legacy applications into the framework. The primary goal is to reduce the number of tool sets that the DENR divisions (including ITS) support. New development will be done in the infrastructure allowing the entire application portfolio to run on the same platform, and use the same tools and database. Since IBEAM is designed to comply with the STA, the process of migration and development should create an environment where all DENR applications have potentially more interoperability with other applications in the state's inventory.
For each module, high-level security concerns are identified, system availability needs and issues are described and a risk assessment is performed during the initiation phase of a project. This begins with a scope document and concludes with a basic risk analysis.
The infrastructure provides a certain level of security (firewall, authorization, authentication, encryption, etc.). The segregation of duties, for example system administration vs. regular system use, is described, as are all business functions, in the process flows, use cases and business rules documentation, which are kept in the module notebook as part of system design and development.
Any security needs, for example, data issues related to confidentiality, ability to audit transactions, need to encrypt transactions which are needed, but are not routinely available from the components of the infrastructure are addressed in response to specific use cases and business rules.
The IBEAM framework further manages end user application access by an integrated authentication and authorization system. This system currently is based on an Oracle database scheme for role-based security for coarse and fined grained authorization.
IBEAM is designed to control access to application features based on user rights granted within the authorization system. The Central Authentication Service (CAS) single sign-on to the IBEAM framework provides SSL encryption during the authentication process to further protect the user id and password from compromise during transmission.