E-commerce infrastructure - getting it right

E-commerce is expanding fast, but Web site design is still far from mature. Ross Milburn, ITAsia's Hong Kong correspondent, discovers what lessons are being learned in the Asian market place as he talks with three IT companies to reflect on Web site requirements.

April 2000 - Linda Young, IBM Hong Kong's e-business and multi-industry Solutions Manager, believes that companies in the Asia Pacific region are following the same trend as their counterparts in the West, but are also learning from some of the mistakes that have been made by the front runners.

"When Asian companies embark on e-business, they take a more comprehensive approach. The aim is not just to put up a Web site but to manage a complete, end-to-end flow of processes and data to handle the additional business generated by the site. This approach involves integration with back-end applications, logistics, delivery and after-sales support," Ms. Young says.

This view is echoed by Esmond Tong, HP Hong Kong's District Manager for e-services. "In the past, the Web was just an additional channel for many organisations, who just put up company information or 'brochure-ware', or took orders with a simple shopping cart at a minimal investment level. Today, Web site owners realise that the Internet may be one of their most important channels, so they have much stricter requirements for its infrastructure," Mr. Tong says.

Scalability
Nobody can predict the amount of traffic generated at Web sites, according to Charles Liu, Director of NonStop eBusiness at Compaq Computers Ltd. "When you have a good product and content in place, you may suddenly have a 10-fold or 100-fold increase in traffic. So people should build the site to last, with scalable architecture," Mr. Liu says.

Compaq offers a scalable and reliable architecture called DISA (Distributed Internet Server Array), which is based on best practices that can handle traffic surges and meet scalability requirements. The DISA architecture divides the infrastructure into the Web server layer, the application server layer, and the data layer, each of which can be scaled by adding servers without taking the core system down. Load balancing and application failover are automatic.

The Web and application layers are mostly Windows NT servers with up to eight Intel CPUs. "We recommend that people add servers because when you add CPUs, you usually have to take the system down," Mr. Liu explains.

For database servers, customers may choose Windows NT or, alternatively, Tru64 Unix OS (which has 3,000 applications developed for it) running on Alpha CPUs, and claimed to provide true 64-bit price-performance. "On the database layer, we can also offer the parallel database server, with clustered systems that do their own auto-balancing so new systems can be added to share the load," Mr. Liu says.

A scalability solution from HP, called CPU On Demand, involves the Web site buying under a special contract a server with, say, four CPUs but only using one or two initially. If the traffic flow at the Web site increases, the client calls HP's support centre and is given a password that enables additional CPUs to be turned on without the need for engineering support. "The client can keep the initial investment low, and will not object to paying more when traffic expands," Mr. Tong says.

Another way of scaling upward is to add additional Web servers, but this option requires engineering support and causes downtime. HP offers a middleware product called Web Server from BEA, which balances the processing load between servers. "If you run a Web application over Web Server, you can add any number of servers as traffic grows, and processing will proceed smoothly," Mr. Tong adds.

Maintaining a Web site business is a 24 X 7 affair, so server availability is mission critical. HP has developed clustering software that protects Web applications so that if one server goes down (or is offline for maintenance), the others take over the load.

Web sites have global presence outside of time zones, and need 24 X 7operation with 100% availability. To address this need, Compaq has incorporated Tandem Non-Stop technology into its Tru64 Unix, and NT cluster systems.

Compaq's Intel-based systems are known in the industry as 'the Hardened NT system', comprising NT clustering that provides no single point of failure. "Our Tru64 Unix and OpenVMS systems provide a clustering system that can scale up to 50-plus nodes in OpenVMS and 16 nodes in Tru64 Unix. New machines can be automatically added to a cluster without disrupting service," Mr. Liu says.

To support the servers, Compaq's StorageWorks SAN and ENSA storage subsystems provide no single point of failure, based on two controllers running in parallel that are able to hand off to each other when problems arise.

Web site security
An Electronic Transaction Ordinance was passed in January, and Hong Kong Post has launched a PKI (Public Key Infrastructure). These developments will address almost all major security issues arising from conducting e-commerce on the Internet.
"PKI services provided by Hong Kong Post will help to solve a large part of the security problems on the Web. At the same time, the Electronic Transactions Bill gives legal enforcement to transactions on the Internet, thus providing legal protection to people trading on the Internet," IBM's Ms. Young says.

Another essential element of Web site security is a firewall, and those provided by HP include a software solution called Firewall 1 protocol from Check Point, as well as Cisco's hardware product called PIX (Perfect Internet eXchange). A firewall software called Virtual Vault provides 'level B' security, higher than the 'level C' generally used, making it suitable for security conscious banks to deploy. "Unlike other firewalls, Virtual Vault has no super-user who can change anything on the site without leaving any record in the log. Also, it has more rigorous security for message handling," Mr. Tong adds.

A secure payment system must alleviate the fear of disclosing credit card numbers to external hackers. Compaq partners with Australian company QSI Payment Technologies to provide SSL+ payment gateway solutions that are simpler than SET. "SSL+ provides 128-bit encryption, and the credit card information will be captured at the bank (rather than the usual scenario, where it is captured at the merchant end) reducing the risk of credit card number theft," Mr. Liu says.

CRM
As Web site visitors are converted to buying customers, a good CRM (Customer Relationship Management) application needs to kick in to deal with associated customer activity, such as purchase returns, and to maintain customer satisfaction, according to Mr. Liu. "CRM encompasses several technologies, including call centres. It is supported by a customer database that supports cross-selling and up-selling features. The software solutions we are working with include SIEBEL and MICHELLE," he says.
Adds Mr. Tong: "Currently, Web site visitors are allocated the same resources irrespective of whether they are casually browsing or actually making a purchase. HP has developed a Web QoS (Quality of Service) software that can allocate bandwidth to different types of visitors according to the perceived value of their behaviour onsite. For example, shoppers would be allocated more resources than people who are just browsing."

Legacy applications
Another point to take note of is that Web sites must work well with existing legacy applications. An example is a Web site of a bank that processes loan applications. Traditionally, customers go to a branch and talk to bank personnel as part of a formal approval process. "If you put this application process on the Web, you need to link it with the database of the legacy application in order to retrieve customer information, including the record of previous loans," IBM's Ms. Young says.
A lot of back-end applications, including SAP, JD Edwards and IBM's own DB2 database, provide the tools to enable users to integrate Web applications with them. "IBM does not restrict the customer in the choice of platform for Web applications, and popular ones include AS/400, Unix, NT, and Java-based applications that can run over any platform," she says.

IBM's WebSphere Commerce Suite provides many applications needed for Web sites, including order management, product catalogue, content personalisation and payment. "We provide the Commerce Integrator, a separate software module, to integrate it with back-end ERP applications. If a DB2 database is used, a dedicated application called the DB2 Connector would usually be deployed," she says.

Customers with multi-vendor platforms at their Web sites may use IBM's MQ Series Message Queuing Solution. "MQ enables data communications traffic to pass from the Web application to both IBM and non-IBM platforms transparently," she adds.

Supply chain communications
A good e-business Web site needs an SCM (Supply Chain Management) solution. To minimise onsite inventory, the merchant needs direct links to suppliers. Compaq works with its partners, such as software vendor i2 Technologies, Inc., to provide supply chain solutions to its customers.
XML (eXtensible Markup Language) is one of the languages used on the Internet, and it is especially suitable for wireless access to Web sites, using mobile phones and palmtop terminals, as these become a part of 'pervasive computing', according to Ms. Young. "XML will become a popular language interface for application development, used to create the GUI and to link the interface with the applications server," she says.

Will XML replace EDI on the Web? "It is too early to say. There might be some application requirements that EDI will fit better," she says.

According to HP's Mr. Tong, the X.400 standard upon which conventional EDI is based is rather inflexible, expensive to implement, and has not proved to be very popular. "Certain sites have invested a lot in EDI but as time goes by, XML will become more popular. Ultimately, XML will replace EDI but for a certain time, they may coexist," he says.