Solution Architecture Documentation PMO Enterprise Tools (Portal, ETL, & IAM)

laurelsandwichΛογισμικό & κατασκευή λογ/κού

25 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

63 εμφανίσεις

PMO Solution Architecture

1

July 31, 2007

Solution Architecture Documentation

PMO Enterprise Tools (Portal, ETL, & IAM)

July 31, 2007


Portal


Model the Business


The EPA Portal
tool is based on Oracle 10g portal technology.
The
EPA
P
ortal is
a

gateway
to relevant environmental and human health in
formation systems.
It
provides
personalized experiences for users and provides content aggregation from different
applications, systems and databases
as the presentation layer bringing together a
common look and feel.

It
provides the fol
l
owing functionalit
y for applications, systems
,

and database
s

integrating with
the
Portal:



Organizes resources so that users can easily find data sources and analytical
tools;



Allows Program Offices and Regions to share their solutions and knowledge with
interested individua
ls;



Enables communities of users with similar interests to customize pages displaying
the data and tools relevant to their business needs;



Provides a single Web address and standard interface for Agency business
partners to trade information and conduct bu
siness with EPA;



Allows users to personalize their Portal experience to meet their needs and
preferences;



Ensures controlled, authorized access to Portal content, systems and tools and
provides for centralized management of user identities; and



Allows for
growth and maturation as new requirements and opportunities to
employ new tools are identified.


Describe the Core Data:


Portal tool does not store
any

data, it just provides an interface to the data that is
owned,
managed and stored by the web

applicatio
n

that uses the Portal framework
. The only
data that resides in Portal is the metadata that is required by the Portal software.


PMO Solution Architecture

2

July 31, 2007

Diagram Solution Interfaces:


Being an enterprise tool, the other applications and systems use its capabilities and
interfaces
.
The EPA Portal has the ability to
integrate with any web application, system
,

or database. It can have

an
infinite number of communities (
P
rogram
O
ffice or interest
group specific functionality).
Any Program Office or Region may become
develop a Portal
a
pplication (community) and deploy on the EPA Portal tool.
It

supports the following
interface methods and protocols



Simple Hyperlink integration

Hyperlinks can be incorporated into Portal to
provide interface to external web applications

External appli
cation integration

Portal can Cache Userid and password for
external web applications and then provide
access to those applications from hyperlinks in
the Portal

Single Sign On integration

Standalone web applications can interface with
Portal and provide
Single Sign on to their web
applications from
the Portal

Application Front end integration

Portal can provide the front end interface for the
application through its Application Server.
However rest of the application’s infrastructure is
桯獴敤畴獩摥s

瑨攠t潲瑡l

䩓删1S8
灯牴l整ei湴n杲gti潮

m潲瑡l⁣a渠nn瑥牦a捥⁷i瑨t䩓删1S8⁣潭 lia湴n
mr潴o整e⁤敶 lo灥搠di瑨⁡湹n潴桥爠m潲瑡l
瑥t桮hl潧礠an搠桯獴e搠敬獥w桥牥h

坥t⁓敲癩捥s

m潲瑡l⁣a渠捯湳畭攠e敢 獥r癩捥猠a湤†灲nvi摥 a
晲潮琠敮搠o湴敲na捥⁦潲⁴ 潳攠o敢⁳
r癩c敳

剓匠o敥es

m潲瑡l⁣a渠nn瑥牦a捥⁷i瑨t剓匠o敥e猠sn搠di獰la礠
瑨攠捯湴敮琠瑨牯e杨⁰潲tl整e

䑡瑡扡s攠捯湮散瑩潮猠

啳r湧⁊a癡r⁐䰯卑䰠ip灬pcati潮猠o潲瑡l⁣ 渠
i湴敲na捥⁷i瑨⁶ari潵猠䑡瑡ba獥猠a湤⁰r潶i摥 a
晲潮琠敮搠o湴敲na捥⁴漠瑨t⁤ 瑡 獯畲捥

PMO Solution Architecture

3

July 31, 2007

Web Cl
ipping

Portal can provide a GUI friendly integration
approach for existing web content.



PMO Solution Architecture

4

July 31, 2007

Extract Transform and Load (ETL) Tool


Model the Business:

ETL tool is an enterprise tool, which is a

key component of the Data

Warehousing Bus
Architecture in

the
Enterprise Data Integration Platform.
It facilitates the
centralization of
Data Transformation
function
and
the integration rules that are used for loading the data
into target warehouses.
The

ETL tool
accesses data sources, transforms the data to make
it
understandable to end users
/systems
, and loads the transformed data into a central
data wa
rehouse or multiple data marts.

Its basic functions are
:



Extract

data from a wide variety of source databases using native interfaces, flat
-
file interfaces, or an FTP

interface.




Profile

and cleanse the data and identify

data anomalies.



Transform the data, compute summaries and aggregates
,
and compute

any
derived data.



Load

the data into the target data warehouses and marts.



Generate and manage

a central metadata r
epository.



Utilize

the integrated data warehouse administration tools to support rapid
response to end
-
user requests.

These data marts
that get loaded with transformed data, are then
accessed by Business
Intelligence tools that provide flexible and effic
ient access to the information store
d

in the
marts.

Describe the Core Data:


ETL tool does not store any data.
Its basic function is to
extract, transform/cleanse and
then load the data into a target data store. It only moves

data from one location to
ano
ther and
thus this requirement does not apply.

PMO Solution Architecture

5

July 31, 2007

Diagram Solution Interfaces:


The
ETL

tool
uses Informatica’s Power Center software. It
does not interface with other
applications or systems. However it connects to
data sources

that have a data
-
warehousing
need. For connecting to the database it uses

ODBC, OLE DB, JDBC, and
vari
ous nati
ve database drivers.


It can

read out of various text file formats (CSV, XML,
etc).


It is
also
possible to use web services/SOAP to access data sources that are
returned in X
ML format.


Informatica

also has a metadata exchange component.


This allows Informatica to
exchange and synchronize metadata between itself and Business Intelligence or Data
Modeling

applications.


It supports metadata exchange with the following:

Data M
odeling Tools

Business Intelligence Tools

Data Standards

Uni
-
Directional

CA ERwin

Cognos Impromptu

ODBC Database Catalog Access

ERwin Fusion Model Manager





Embarcadero ERStudio





Oracle Designer





Sybase PowerDesigner





Bi
-
Directional

IBM
Rational Rose

Cognos ReportNet

Common Warehouse Model
(CWM)

Microsoft Visio

MicroStrategy



Oracle Warehouse Builder

IBM DB2 Cube Views



CA ERwin

BusinessObjects Designer



ERwin Fusion Model Manager





Oracle Designer





Sybase PowerDesigner






PMO Solution Architecture

6

July 31, 2007

I
dentity and
A
ccess
M
anagement (IAM)


Model the Business:


Identity and Access Management (IAM
) is a key component of the enterprise tools.
It
comprises of Oracle Identity and Access servers and Oracle Internet Directory.

EPA’s EA

calls for an enterpri
se approach to IAM in order to improve security and to provide a
shared, centrally managed infrastructure that provides IAM services to EPA applications
resulting in lowers costs as each function is no longer built.

Identity and Access Management lays a fo
undation for building a centralized, enterprise
-
level trusted environment. It
provides the following functions
:



Register users with a single sign
-
on;



Store user
-
specific information;



Assign users to groups/roles;



Set up user accounts in applications;



P
rovide credentials to users;



Maintain information on user groups’/roles’ authorized access;



Authenticate the identity of users who request access;



Control access to resources based on users’ group/role; and



Maintain information on user’s current sessio
n.

IAM reduce
s

security exposures, improve
s

the

end user’s experience, simplifies

and
improve
s

user administration, and provide
s

a common framework for application
development.

Describe the Core Data:


IAM stores the user identity information in an LDAP c
ompliant internet directory. As such
,

it does not have a data model
, but does have

a list of attributes that store
s

the values for
user identity.
Below
is the list of these attributes that are used to store the identity
information:

PMO Solution Architecture

7

July 31, 2007

Attribute

Display Nam
e

Description

Display Type

Object Class

Object

Class Kind

C

country

Country

Single Line Text

inetOrgPerson

Structural

CarLicense

Car License

(temporary) holds dn
from root Source of
Truth

Single Line Text

inetOrgPerson

Structural

CN

Full Name

Common Nam
e
(Work force id for
EPA/Internal, login id
for external users)

Single Line Text

inetOrgPerson

Structural

DN


Distinguished Name




departmentNumber

Department
Number

Department Number

Single Line Text

inetOrgPerson

Structural

Description

Description

De
scription

Multi
-
Line Text

inetOrgPerson

Structural

displayName

Display Name

FirstName LastName

Single Line Text

inetOrgPerson

Structural

EmployeeNumber

Employee Number

Employee Number

Single Line Text

inetOrgPerson

Structural

EmployeeType

Employee Type

Relation to the EPA

Single Line Text

inetOrgPerson

Structural

Facsimiletelephone
number

Facsimile
Telephone Number

Fax Number

Single Line Text

inetOrgPerson

Structural

GivenName

First Name

First Name (Note: For
EPA employees and
inside affiliates, the
val
ues are populated
from the Lotus Notes
Domino directory.)

Single Line Text

inetOrgPerson

Structural

Homephone

Home Phone

Home Phone number

Single Line Text

inetOrgPerson

Structural

Homepostaladdress

Home Postal
Address

Home address

Postal Address

inetOrg
Person

Structural

Initials

Initials

Initials

Single Line Text

inetOrgPerson

Structural

Jpegphoto

JPEG Photo

Photo

GIF Image (True
Size)

inetOrgPerson

Structural

krbprincipalname

krbPrincipalName

external identity used
to connect to iPlanet
and eDirector
y

Single Line Text

orcluserv2

Auxiliary

L

Locality

Locality (city)

Single Line Text

inetOrgPerson

Structural

LabeledURI

Labeled URI

Uniform Resource
Locator

Single Line Text

inetOrgPerson

Structural

Mail

Mail

Email address

E
-
Mail Address

inetOrgPerson

S
tructural

Manager

Manager

Dn of superior

Object Selector
(inetOrgPerson)

inetOrgPerson

Structural

Middlename

Middle Name

Middle Name (Note:
For EPA employees
and inside affiliates,
the values are
populated from the
Lotus Notes Domino
directory.)

Single L
ine Text

orcluserv2

Auxiliary

PMO Solution Architecture

8

July 31, 2007

Attribute

Display Name

Description

Display Type

Object Class

Object

Class Kind

Mobile

Mobile

Cell phone number

Single Line Text

inetOrgPerson

Structural

O

Organization

Organization

Single Line Text

inetOrgPerson

Structural

Ou

Organizational Unit

Organizational Unit
(to be populated in
the future)

Single Line Text

inetOrgPerson

Structural

Pager

Pager

Pager phone

Single Line Text

inetOrgPerson

Structural

Physicaldeliveryoffi
cename

Physical Delivery
Office Name

Building

Sing
le Line Text

inetOrgPerson

Structural

Postaladdress

Postal Address

Mailing address

Postal Address

inetOrgPerson

Structural

Postalcode

Postal Code

Zip code

Single Line Text

inetOrgPerson

Structural

Preferreddeliverym
ethod

Preferred Delivery
Method

User p
referred
contact medium

Single Line Text

inetOrgPerson

Structural

Preferredlanguage

Preferred Language

User Preferred
Language

Single Line Text

inetOrgPerson

Structural

Registeredaddress

Registered Address

Another mailing
address

Postal Address

inetOrgPe
rson

Structural

Roomnumber

Room Number

Room Number

Single Line Text

inetOrgPerson

Structural

Seealso

See Also

DN of same identity
in replicated node



inetOrgPerson

Structural

Sn

Last Name

Last Name (Note: For
EPA employees and
inside affiliates, the
va
lues are populated
from the Lotus Notes
Domino directory.)

Single Line Text

inetOrgPerson

Structural

St

State

State

Single Line Text

inetOrgPerson

Structural

Street

Street

Street

Single Line Text

inetOrgPerson

Structural

Telephonenumber

Telephone Number

Phone number

Single Line Text

inetOrgPerson

Structural

Telexnumber

Telex Number

Telex number

Single Line Text

inetOrgPerson

Structural

Title

Title

Title

Single Line Text

inetOrgPerson

Structural

Uid

Login

Primary Login
Identifier

Single Line Text

inetO
rgPerson

Structural

Usercertificate



Used for certificate
-
based authentication
(to be used in the
future)







UserPKCS12



Used for PKS12
wallet



inetOrgPerson

Structural

usersmimecertificat
e

User SMIME
Certificate

contains the person's
entire certi
ficate
chain and the signed
attribute that
describes their
algorithm
capabilities, stored as
an octetString

S/MIME Certificate

inetOrgPerson

Structural


PMO Solution Architecture

9

July 31, 2007

Attribute

Display Name

Description

Display Type

Object Class

Object

Class Kind

Userpassword

User Pass
word

Encrypted password
(Note: For EPA
employees and inside
affiliates, passwords
are stored in the
SIMTree, OID uses
the SIMTree for
authentication.)

Password (Length:
128)

inetOrgPerson

Structural

X121Address

X121 Address

X121 format address

Single Lin
e Text

inetOrgPerson

Structural

X500UniqueIdentifi
er

X500 Unique
Identifier

Used to distinguish
between objects
when a distinguished
name has been
reused

Single Line Text

inetOrgPerson

Structural

epaIsEmployee

epaIsEmployee

COREID attrib to set
to indica
te need to
add EPAemployee
ObjectClass

Single Line Text

epaEmployee

Auxiliary

epaEmployeeStatu
s

epaEmployeeStatu
s

Employee Status
from HR System

Single Line Text

epaEmployee

Auxiliary

epaIsInsideAffiliate

epaIsInsideAffiliate

COREid attrib to
indicate ad
d
ObjectClass
EPAinsideAffiliate

Single Line Text

epaInsideAffiliate

Auxiliary

epaIsOutsideAffiliat
e

epaIsOutsideAffiliat
e

COREid attrib to
indicate to add
ObjectClass
EPAoutsideAffiliate

Single Line Text

epaOusideAffiliat
e

Auxiliary

epaSponserEmail

epaS
ponserEmail

EPA Sponser’s Email
Address attribute
required for an
EPAoutsideAffiliate

Single Line Text

epaOusideAffiliat
e

Auxiliary

epaSponserFullNa
me

epaSponserFullNa
me

EPA Sponser’s
FullName attribute
required for an
EPAoutsideAffiliate

Single Line Te
xt

epaOusideAffiliat
e

Auxiliary

epaSponserPhoneN
umber

epaSponserPhoneN
umber

EPA Sponser’s Phone
Number attribute
required for an
EPAoutsideAffiliate

Single Line Text

epaOusideAffiliat
e

Auxiliary

epanamesDN

epanamesDN

DN from epanames

Single Line Text

ep
aPerson

Auxiliary

epaUserPrimaryCo
mmunity

epaUserPrimaryCo
mmunity

The
community/Group an
external user is user
during
selfregistration
process

Single Line Text

epaPerson

Auxiliary

Workforceid

Workforceid

EPA employee
Number

Single Line Text

epaPerson

Aux
iliary

epaIsPublicUser

epaIsPublicUser

COREid attrib to
indicate to add
ObjectClass
EPApublicUser

Single Line Text

epaPublicUser

Auxiliary


epaForwardEmailA
ddress


epaForwardEmailA
ddress


Forward Email
Address


Single Line Text


epaMailUser


Auxiliary

PMO Solution Architecture

10

July 31, 2007

Attribute

Display Name

Description

Display Type

Object Class

Object

Class Kind

epaSIMTreeDN

epaSIMTreeDN

SIM Tree DN


epaSIMTreeUser

Auxiliary

epaSIMTreeUID

epaSIMTreeUID

SIM Tree UID

Single Line Text

epaSIMTreeUser

Auxiliary

TSSMSid

TSSMSid

TSSMSid

Sin
gle Line Text

epaTSSMSUser

Auxiliary

epaorgunihierachys
tring

epaorgunihierachys
tring

Oranizational unit
information (to be
used in the future)

Single Line Text

epaorgunit

Structural

epaorgunitparent

epaorgunitparent

Organizational Unit
Parent (to be used

in
the future)

Single Line Text

epaorgunit

Structural

epaorgunitprocessu
nitflag

epaorgunitprocessu
nitflag

Organizational Unit
Process Unit Flag (to
be used in the future)

Single Line Text

epaorgunit

Structural

epaPeoplePlusFirst
name

epaPeoplePlusFirst
na
me

Employee firstname
from the PeoplePlus

Single Line Text

epaPerson

Auxiliary

epaPeoplePlusLastn
ame

epaPeoplePlusLastn
ame

Employee lastname
from the PeoplePlus

Single Line Text

epaPerson

Auxiliary

epaPeoplePlusMiddl
ename

epaPeoplePlusMiddl
ename

Employee

middlename from the
PeoplePlus

Single Line Text

epaPerson

Auxiliary


Diagram Solution Interfaces:


Being
an

enterprise tool, the other applications use
IAM’s

capabilities and interface. It
allows
for
the
integration with applications systems via
w
eb
s
erv
ices, APIs
,

and using
native tools from Oracle
A
ccess
M
anager and Oracle Internet Directory.


Oracle Access Manager
-

webgate
Integration

This is the preferred method for integrating with
IAM. It

provides a robust environment for user
management

and enable
s the applications to use
all IAM services (Authentication, Authorization,
User Management, Single Sign
-
On etc.)

IAM
Web Services

interface

This provides the IAM integration through custom
web services
. This

is the

preferred alternate
approach.

Requires
more effort
to implement


Native LDAP APIs

This is least preferred approach for integration as
PMO Solution Architecture

11

July 31, 2007

it on
ly provides integration with IAM’s

Identity
store. The integrating application get
s

access to
LDAP related services only. Functions like user
management,
Sigle sign
-
on etc. are not available.