Database Systems Journal BOARD Director Prof. Ion LUNGU, PhD - Academy of Economic Studies, ,

Editors-in-Chief Prof. Adela Bara, PhD - Academy of Economic Studies, Bucharest, Romania Prof. Marinela Mircea, PhD- Academy of Economic Studies, Bucharest, Romania

Secretaries Assist. Iuliana Botha - Academy of Economic Studies, Bucharest, Romania Assist. Anda Velicanu Academy of Economic Studies, Bucharest, Romania

Editorial Board Prof Ioan Andone, A. I. Cuza University, Iasi, Romania Prof Emil Burtescu, University of Pitesti, Pitesti, Romania Joshua Cooper, PhD, Hildebrand Technology Ltd., UK Prof Marian Dardala, Academy of Economic Studies, Bucharest, Romania Prof. Dorel Dusmanescu, Petrol and Gas University, Ploiesti, Romania Prof Marin Fotache, A. I. Cuza University Iasi, Romania Dan Garlasu, PhD, Oracle Romania Prof Marius Guran, Polytehnic University, Bucharest, Romania Prof. Mihaela I. Muntean, West University, Timisoara, Romania Prof. Stefan Nithchi, Babes-Bolyai University, Cluj-Napoca, Romania Prof. Corina Paraschiv, University of Paris Descartes, Paris, France Davian Popescu, PhD., Milan, Italy Prof Gheorghe Sabau, Academy of Economic Studies, Bucharest, Romania Prof Nazaraf Shah, Coventry University, Coventry, UK Prof Ion Smeureanu, Academy of Economic Studies, Bucharest, Romania Prof. Traian Surcel, Academy of Economic Studies, Bucharest, Romania Prof Ilie Tamas, Academy of Economic Studies, Bucharest, Romania Silviu Teodoru, PhD, Oracle Romania Prof Dumitru Todoroi, Academy of Economic Studies, Chisinau, Republic of Moldova Prof. Manole Velicanu, PhD - Academy of Economic Studies, Bucharest, Romania Prof Robert Wrembel, University of Technology, Poznań, Poland Lecturer Ticiano Costa Jordão, PhD-C, University of Pardubice, Pardubice,

Contact Calea Dorobanţilor, no. 15-17, room 2017, Bucharest, Romania Web: http://dbjournal.ro E-mail: [email protected] 2 Database Systems Journal vol. III, no. 1/2012

Contents:

Architecture of Automated Database Tuning Using SGA Parameters...... 3 Hitesh KUMAR SHARMA, Aditya SHASTRI, Ranjit BISWAS

Integrating XML Technology with Object-Relational Databases into Decision Support Systems ...... 11 Iuliana BOTHA, Adela BÂRA, Simona-Vasilica OPREA, Ticiano COSTA JORDÃO

Integration of Information Technologies in Enterprise Application Development ...... 21 Iulia SURUGIU

SOA - An Architecture Which Creates a Flexible Link between Business Processes and IT.33 Radu Stefan MOLEAVIN

SAS Enterprise Data Integration Server - A Complete Solution Designed To Meet the Full Spectrum of Enterprise Data Integration Needs ...... 41 Silvia BOLOHAN, Sebastian CIOBANU

Borderless Crime - Computer Fraud...... 49 Raluca Georgiana POPA

Perspectives on the Role of Business Rules in Database Design ...... 59 Anca Ioana ANDREESCU, Marinela MIRCEA

Database Systems Journal vol. III, no. 1/2012 3

Architecture of Automated Database Tuning Using SGA Parameters

Hitesh KUMAR SHARMA1, Aditya SHASTRI2, Ranjit BISWAS3 1Assistant Professor, ITM University 2Vice-Chancellor, Banasthali University, Rajasthan-304022, India 3Head and Professor,CSE Dept, Jamia Hamdard (Hamdard University) [email protected], [email protected], [email protected]

Business Data always growth from kilo byte, mega byte, giga byte, tera byte, peta byte, and so far. There is no way to avoid this increasing rate of data till business still running. Because of this issue, database tuning be critical part of a information system. Tuning a database in a cost- effective manner is a growing challenge. The total cost of ownership (TCO) of information technology needs to be significantly reduced by minimizing people costs. In fact, mistakes in operations and administration of information systems are the single most reasons for system outage and unacceptable performance [3]. One way of addressing the challenge of total cost of ownership is by making information systems more self-managing. A particularly difficult piece of the ambitious vision of making database systems self-managing is the automation of database performance tuning. In this paper, we will explain the progress made thus far on this important problem. Specifically, we will propose the architecture and Algorithm for this problem. Key Words: Database Tuning, DBA, SGA, SGA Parameters, Automated Tuning, TOC.

physical design is both time consuming and Introduction very tedious, as the database administrator 1 (DBA) needs to find the benefits of different As we have seen, hardware costs fall rapidly individual design features that can possible while human costs remain relatively interact with one another. Motivated not static. This leads to a condition there the only by the difficulty of tuning but also from human costs of manual tuning activities the need to reduce the total cost of outpaces the costs of faster hardware (see ownership in their products, several figure 1). Most large databases are managed commercial DBMS vendors offer automated by DBAs who are responsible for the good physical design tools with several features. performance of the database but manual

Fig.1. H/W cost vs. Human Cost [Ref. 2]

With the dramatic drop of hardware and administration and tuning staff dominate the software prices, the expenses due to human cost of ownership for a database system [4].

4 Architecture of Automated Database Tuning Using SGA Parameters

The physical design problem involves database management. Automation searching a potentially very large space of anywhere works with any SQL database, different candidate configurations. like Oracle, MS SQL, Sybase, SQL DB2, Searching the space of alternative etc. Unlike other automation solutions, it configurations is impractical. Therefore, does not require significant training. Simple, recent physical design tools are based on easy-to-use yet powerful, it can automate greedy heuristics that prune the search any database task.[1] space. The repeated calls to the optimizer each time we want to evaluate a query under 3. Manual System Architecture a different configuration impose a serious Database Administrator is responsible for bottleneck in the execution of physical enhancing the performance of database designers. Based on experimental results system. The detection of performance 90% of the tuning time is spent on waiting degradation is achieved by continuously results from the optimizer instead of monitoring system performance parameters. evaluating potentially promising Several methods including the usage of configurations [5,6]. materialized views and indexes, pruning table and column sets, usage of self healing 2. Performance Tuning techniques, usage of physical design tuning Most systems will respond to increased load etc have been proposed that proactively with some degree of decreasing monitor the system performance indicators, performance. A system's ability to accept analyze the symptoms and auto tune the higher load is called scalability, and DBMS to deliver enhanced performance. modifying a system to handle a higher load The performance degradation is due to is synonymous to performance tuning. increased workload on the system. This Systematic tuning follows these steps: increased load has to be minimized to • Assess the problem and establish enhance the response rate of the system. In numeric values that categorize order to achieve this objective, either the acceptable behavior. administrator decreases some amount of • Measure the performance of the system load by closing some files or he may before modification. increase the RAM. The administrator has to • Identify the part of the system that is check continuously or we can say, at regular critical for improving the performance. intervals the Buffer Cache Hit (BCH) ratio. This is called the bottleneck. Based on this hit ratio, the database • Modify that part of the system to remove administrator determines if more amount of the bottleneck. RAM has to be allocated. This task of load A performance problem may be identified reduction by increasing RAM requires by slow or unresponsive systems. This manual intervention and thus may take even usually occurs because high system loading, years to complete.[1] causing some part of the system to reach a However, Oracle manages RAM memory limit in its ability to respond. This limit demands according to the demands of each within the system is referred to as a task by using sophisticated algorithms to bottleneck. A handful of techniques are used improve the speed of RAM intensive tasks. to improve performance. Oracle DBA can dynamically de-allocate Data drives today’s businesses, and RAM memory as well as re-allocate it. But managing databases often involves complex since database administrator is a normal planning, time management and system human being, he cannot calculate the actual wide routine task implementation. Database amount of RAM memory required by an automation helps enterprises better manage application. their database operations, reducing down- Due to this limitation of DBA, the allocation times as well as the overall time taken in of RAM manually for optimizing

Database Systems Journal vol. III, no. 1/2012 5 performance of database system becomes a complicated as well as costly task.

DBA

Fig.2. Manual Database Design

Sometimes, more amount of RAM is the system log and also from the DBMS allocated than needed which wastes the using system related queries. This extra portion of RAM. [3] Thus, there is a information gathered over a period of time is great need of dynamic memory allocation then used to run the SQL scripting for a features to create a self tuning database. In desired output response time. The Oracle Database 10g, a self tuning feature application framework would then estimate such as Automatic Memory Management the extent of correction to be applied to the (AMM) allows the database system to detect key system parameters that help scale up the shortages and adjusts the main memory system performance. The classical control is regions according to the changing demands modified and a three stage control involving on the Oracle environment. Therefore, Monitor, Analyze and Tune [7] is employed researchers are now focusing on the to ensure system stability. The architecture development of self tuning techniques such presented in for self healing database forms as the COMFORT automatic tuning project the basis for the new architecture presented [5] or the MAPE approach given by IBM [6] in this paper. This paper presents a new for a continuous adaptation. DBMS architecture based on modular Ranking of various tuning parameters based approach, where in each functional module on statistical analysis is presented in [7]. can be monitored by set of monitoring The ranking of parameters is based on the hooks. These monitoring hooks are amount of impact they produce on the responsible for saving the current status system performance for a given workload. A information or a snapshot of the server to formal knowledge framework for self tuning the log. This architecture has high database system is presented in that define monitoring overhead, due to the fact that several knowledge components which when large number of parameters to be include Policy knowledge, Workload monitored, almost every module's status knowledge, Problem diagnosis knowledge, information has to be stored on to the log and Problem Resolution Knowledge, Effectors if done frequently may eat up a lot of CPU knowledge, and Dependency knowledge. time. Moreover, this architecture focuses The architecture presented in this paper more on healing the system and does not involves extracting useful information from consider tuning the DBMS for performance

6 Architecture of Automated Database Tuning Using SGA Parameters improvement. employed for identifying the symptoms and altering key system parameters. The 4. Automated System Architecture DBMS system log file will be the primary Many business applications demand the source of information checks the current use of complex database systems which status of the system. The data miner tool should be administered and optimized for compresses the data into smaller better performance. As suggested in [2], information base since the log file may physical tuning should be avoided as it is contain huge amount of data. The expensive. As the physical design of architecture has three basic building blocks database suffers from various limitations, a comprising of Data Miner, Script and new script based automated database Tuner. After the extraction of meaningful architecture is proposed in order to achieve information, the extent of correction high grade of performance. The required is estimated by the proposed architecture as shown in figure 3 is script and algorithms.

Fig.3. Script based Tuning architecture

These algorithms and scripts would tune the administration and optimization of various database using various tuning rules as well tasks, he can either increase RAM or can as system parameters. However, several decrease the amount of load on CPU for the parameters can be altered simultaneously for purpose of performance optimization. But better performance gain. The algorithm this would be time consuming technique as estimates the required buffer size based on DBA is a normal human being who cannot the current DBMS input parameters and the perform complex calculations within tuner applies the necessary correction to the seconds like a computer system. [5] buffer size based on the tuning rules. Most DBA may not know exactly how much importantly the internal corrective measure RAM is to be allocated for enhancing such as altering the buffer size of the DBMS system performance. So, we propose an used in query processing is explored in this approach to automate this optimization task architecture. of DBA as shown in fig i.e. the task In this research proposal, we provided a self which DBA has to do for performance tuned database system architecture as shown enhancement would now be done by the in fig 4 in order to enhance system computer system within small timelines. performance. Since DBA is responsible for

Database Systems Journal vol. III, no. 1/2012 7

Fig.4. Automated Database Design

5. Algorithm & Flow Chart BUFFER_SIZE denotes the current size of The algorithm defines three variables: ∆RT buffer, CACHE_SIZE corresponds to the abbreviates for change in response time, size of cache memory

ALGORITHM

1. dbTuner (ESTIMATED_CACHE_SIZE) 2. Begin 3. Run application, algorithm and process 4. Calculate the change in response time (∆RT) 5. If (∆RT>0) { Run Script { Figure:Flowchart BUFFER_SIZE for = BUFFER_SIZE + 1 AllocateAutomated more Tuning RAM and update CACHE_SIZEed approach is as under: } Else IF (∆RT<0) { Run Script { BUFFER_SIZE = BUFFER_SIZE - 1 Reduce RAM and update CACHE_SIZE } } 6. Go To Step 4 6. Stop application, algorithm and process 7. End

8 Architecture of Automated Database Tuning Using SGA Parameters

Fig.5. Flowchart for Automated Tuning

6. Experimental Results Table 1 shows the sample training data. A training data set of size 100 was used to test the proposed system. As can be seen from the table, the buffer size is adjusted for increased table size, Number of user processes and Buffer Miss Ratio so that query execution time is reduced and the memory is used efficiently.

Database Systems Journal vol. III, no. 1/2012 9

Table 1. Sample Training Data Set v$pgastat to allow you to monitor the Tab. Size Buff.Miss Shared Pool Buff. Size behavior of the RAM sort area The v$ (in no. of Ratio size (in (in MB) views in Oracle9i also provides insights records) MB) about the RAM usage for individual SQL statements within the library cache. 1000 0.9624 32 4

1000 0.9152 32 4 1000 0.9791 32 8 1000 0.9613 32 8 References 2000 0.9371 32 8 [1] I. Alagiannis, Towards Adaptive, Flexible, and Self-tuned Database 2000 0.9453 40 8 Systems, (DIAS, I&C, EPFL) in 3000 0.8931 40 16 EDIC-ru/05.05.2009 3000 0.8253 40 16 [2] D. Burleson, Oracle Tuning, The Definitive Reference Second Edition. [3] Foundations of Automated Database Tuning, VLDB ‘06, 7. Conclusion September 12–15, 2006, Seoul, Tuning the database can become quite Korea.Copyright 2006 VLDB complex, but Oracle9i offers the Endowment, ACM administrator an unparalleled ability to [4] Rethinking Database System control the PGA and SGA. Until Oracle9i Architecture: Towards a Self- evolves into a completely self-tuning tuning RISC-style Database System architecture, the DBA will be responsible in Cairo, Egypt, 2000 for adjusting the dynamic configuration of [5] AutoAdmin:Self-Tuning Database the system RAM. Automated SGA Systems Technology, Copyright 2006 IEEE adjustment scripts can be used to allow [6] Self-Tuning Database Systems: A theDBA to grow and shrink the SGA Decade of Progress, Copyright regions. These scripts are placed in [7] SQL Memory Management in dbms_job for scheduled processing. Oracle Oracle9i, Hong Kong, China, 2002 provides enhanced views in v$process,

Hitesh KUMAR SHARMA, The author is An Assistant Professor in ITM University. He has published 8 research papers in National Journals and 2 research paper in International Journal. Currently He is pursuing his Ph.D. in the area of database tuning.

Aditya SHASTRI, Ph.D. MIT, Published about 200 research papers in international journals on Graph Theory with applications in Communication, Computer Graphics and Parallel Processing,Vice Chancellor, Director, Banasthali University, Banasthali, INDIA

10 Integrating XML Technology with Object-Relational Databases into Decision Support Systems

Ranjit BISWAS, Associate Director, MIRU, Faridabad, Published about 100 research papers in International journals/bulletins of USA/Europe, out of which more than 40 papers are independently published papers and the rest are published jointly with other authors (with Ph.D. scholars). Haryana, INDIA

Database Systems Journal vol. III, no. 1/2012 11

Integrating XML Technology with Object-Relational Databases into Decision Support Systems

1Iuliana BOTHA, 2Adela BÂRA, 3Simona-Vasilica OPREA, 4Ticiano COSTA JORDÃO 1,2Academy of Economic Studies, Bucharest 3Transelectrica Company, Bucharest 4University of Pardubice, Czech Republic [email protected], [email protected], [email protected], [email protected]

This paper presents some informatics technologies, like XML and object-relational databases, and the main motivations for implementing them in Decision Support Systems (DSS). Also, it is proposed and analyzed a conceptual model of a DSS prototype, which can be applied in the uncertain and unpredictable environments, like the production and the prediction of the wind energy. Keywords: Object-Relational Databases, XML, Decision Support Systems, Wind Energy, Power Plants

Introduction IT world. Web technologies, advanced 1Ea rly this century was marked by a databases and methods for accessing them, series of major changes in the field of flexible user interfaces, are all pressing information and communication needs of IT technology. Therefore, today’s technology (ICT), but also in the field of decision support systems, in order to be economics, leading to the creation and efficient, integrate many of these development of a new type of economy, technologies. The DSS proposed in this generally named most often, the new paper will use spatial, multimedia and economy. XML data stored in object-relational The role of informatics in the new databases. economy, as producer and consumer of information, is crucial. All economic 2. Considerations about object- activity is strongly influenced by the relational databases evolution of the informatics context and The attempts to model the complex vice versa. elements of the economic activities have Under these facts, it is appropriate the caused the reorientation to the object- research of decision-making solutions oriented technology. Thus, in the late 80s development, built with advanced has appeared the third generation of technologies, such as relational, object databases, namely the object-oriented ones. oriented and XML. As stated in [2], the development of object- Decision support systems (DSS) form a oriented data model was due to limitations distinct class of computer systems. It of the relational model to handle efficiently integrates specific IT tools to assist massive amounts of data, with high decision and general purpose tools to form complexity, found in new types of a constituent part of the organization's applications (multimedia, Internet, overall information system. Any DSS is Geographic Information Systems, etc.). designed to provide IT support required to Although object-oriented databases appear minimize the effects of restrictions to meet the needs of applications required (cognitive, communication, time, etc.) with by the new economy, the market they use which is facing the human decision maker remains relatively low, often the invoked during his activities. Decision support reason being the difficulty to query data systems have become a real presence in the

12 Integrating XML Technology with Object-Relational Databases into Decision Support Systems

and the high consumption of computing The main features of object-relational resources [10]. databases are given by the flexibility and Currently, the solution that combines the the structure of the used data model and advantages of relational and object- refer mainly to the following: oriented data models, comes with a hybrid - Treating consistently the entities, by data model, the object-relational one, modeling both the properties of objects which involves object-oriented facilities and their behavior; (especially the fundamental characteristics - Providing communication between data of objects: encapsulation, inheritance, and among programs; polymorphism) as extensions of relational - Simplifying the data structure that model. provides ease of use and high The object-relational data model was portability of the resulting systems; designed as result of the research in the - Modeling and flexible storing the real 90s, by extending the concepts of relational world objects, which helps to address databases with object properties. In the the complex areas and to use different center of the new model architecture, the types of data; researchers decided to keep the declarative - Integrating the structural and query language based on predicate behavioral description of the entities, calculation. which gives a dynamic aspect to the Thereby, the object-relational databases object; (ORDB) are the result of applying features - Inheriting the properties of object of object-oriented technology in data types, which provide the opportunity to storage and retrieval. Unlike object- realize complex operations and oriented databases, the object-relational processing over the data. ones provide the ability to represent Concepts used in object-relational complex data structures through objects, databases are borrowed from the object- while retaining the advantages of relational oriented terminology, but also from the databases. relational one, and they were presented at Broadly, we can define an object-relational defining the structure of the object- database as a set of tables of objects, linked relational data model. Figure 1 illustrates logically, organized in the external the combination of these concepts in order memory and accessible to multiple users in to develop the object-relational databases. a timely manner.

Fig. 1. The main concepts of the object-relational databases (Source: Authors)

Database Systems Journal vol. III, no. 1/2012 13

Defining the type of objects represents the - Accepting the inheritance property. In mechanism for specifying the database an object-relational database, a table is schema. Type definitions include seen as a container used to hold inheritance relationships (which generate instances of a type that can use the supertypes and subtypes) and structural inheritance feature. This can refer both relationships between them. to the data and methods inheritance. A complete schema of the object-relational Data inheritance applies only to the database consists of relational tables and data types, but the property also can be object tables. The object tables can present propagated upon the tables built over inheritance relationships between types of these data types. Instead, methods objects that were the basis for creating inheritance apply to the user-defined these tables. functions and methods included in the Can be identified two types of changes in types of objects. Also, according to an object-relational database schema. [11], a fully object-relational database Thus, we can discuss about changes on must support multiple inheritance, how to define an object type, which can required in many applications; lead to changes in the specification of - Using a system of rules. In a fully attributes and methods defined (e.g. object-relational database should not changing the domain or the name of an miss a system of rules and triggers, attribute; adding or deleting an attribute or necessary especially to ensure a method). Updates in the schema can also consistency of the database. appear in the case of some changes in the In conclusion, based on the object- hierarchy of types or in the relational data model, we can define an supertype/subtype relationships. However, object-relational database as a collection of this version of modifying the schema is tables, relational or object, persistent, limited, depending on manufacturer. stored in the external memory through a According to [11], a fully object-relational system of rules, consistently organized, database must necessarily meet the ordered in hierarchies and providing shared following four characteristics: access to competing users. As a hybrid, the - Allowing the creation of extensions object-relational databases combine from basic types. Refers to the ability flexibility, scalability and security in using to create extensions of data types by existing relational systems with object- defining abstract, simple or complex, oriented properties such as: abstraction, data types; encapsulation, inheritance and - Enabling management of complex polymorphism. objects. There is a major difference between the ability to manipulate 3. Integration of XML technology into complex data using an object-oriented object-relational databases database and using relational database. eXtensible Markup Language (XML) was The set of basic types of relational designed as a standard for information databases is very poor compared to the exchange over the Internet. In [13], W3C existing set of object-oriented offers an abbreviated definition for XML: databases. In this respect, [11] states „XML is a markup language for that a database, to be considered structuring arbitrary data. XML documents object-relational should support a rich are made up of storage units called entities, collection of complex data types, which contain either parsed or unparsed including mandatory: complex types, data. Parsed data is made up of characters, SET constructors, RECORD some of which form character data, and constructors, REF constructors; some of which form markup. Markup encodes a description of the document's

14 Integrating XML Technology with Object-Relational Databases into Decision Support Systems

storage layout and logical structure. XML using object-relational databases is that we provides a mechanism to impose can get the benefits of both relational and constraints on the storage layout and object-oriented technologies, while the logical structure.” disadvantage translates into lower Databases and XML offer complementary performance due to XML data mapping to functionality for storing data. While the relational data, which can produce a databases store data, ensuring their rapid database schema with many relations. retrieval, XML enables easy exchange of When used in object-relational databases, information, which allows interoperability XML data must be mapped into relations. between applications due to data In order to transfer the data between XML encapsulation with metadata. documents and object-relational structures XML allows designers to create their own are used specific mapping methods. The tags, allowing the definition, transmission, study [8] makes a basic classification of validation, and interpretation of data these mapping methods, as follows: between applications and between - Generic methods – that are not using organizations. In Romania there are several any schema of stored XML documents; systems based on XML standard (e.g. - Schema-driven methods - that are based Labour Inspection, Bucharest Stock on existing schema of stored XML Exchange) [9]. documents; Can be identified two approaches in order - User-defined methods - that are based to store XML data: we can use native on user-defined mapping. XML databases, or we can map XML data The mapping process is represented in and queries into a relational or object- Figure 2 and detailed in [6]: relational database [6]. The advantage of

Fig. 2. The mapping process Source: [6]

An algorithm for mapping XML schema to addition to abstract data types (those object-relational database schema is defined by the user, which corresponds to proposed in [7]. Also, in [5] are presented XML schema elements), persistent objects, mapping algorithms and correspondences specific to databases, in general. between object-relational databases and Starting from [5], in table 1 we have XML schema for the description and completed the set of mapping rules, as validation of the data. The correspondence follows: is observed in reverse and includes in

Table 1. Mapping rules: ORDB – XML Schema Source: adapted from [5] and completed Object-relational database XML Schema element element

Complex type whose sequence contains elements Table corresponding to the table columns, including the constraints

Database Systems Journal vol. III, no. 1/2012 15

Element of the complex type sequence, which is Simple attribute, without constraints represented through a simple type

Attribute with primary key Attribute of the complex type having the property constraint use="required"

Element of the complex type sequence having the Attribute with not null constraint property nullable="false"

Element of the complex type sequence, with the Attribute with uniqueness constraint attribute xs:unique

Element of the complex type sequence, with the Attribute with referential constraint attribute xs:keyRef Complex type having the elements corresponding to User defined object type the attributes of the object type Reference specified directly as a property of the REF type attribute XML schema element ref="pointer"

Complex type whose elements represent attributes of ROW type attribute type ROW

Complex type which contains a sequence of the element associated with the collection type, that has Collection type attribute the property maxOccurs equal with the collection dimension

Complex type having complex content and the type Inheritance extension

The DSS that we propose will use XML making activities of managers and other documents containing data which may knowledge workers in organizations” [4]. influence wind park performances, like For an efficient management of resources meteorological data. These XML data need it is necessary to be able to achieve a to be stored in object-relational databases, prediction of energy produced with in order to realize further analysis, minimal errors. necessary for decision making. Currently, as stated in [10], both nationally and internationally, there are various types 4. Conceptual model for a decision of frameworks, architectures, solutions and support system with object-relational systems to provide economic assistance for databases implementation decision making processes and production Organization management involves environments with a relatively high degree different types of activities and therefore of certainty. requires different types of information. For However, as shown in [1], the existence of better manage, transform, process and such a system to assist decision making at analyze this information, it is needed a national level is necessary because decision support system (DSS), seen as “an currently there are no solutions to offer information system that draws on efficient predictions and with minimal transaction processing systems and errors for the environments with low interacts with the other parts of the overall predictability, such as wind energy, which information system to support the decision- depends exclusively by natural factors.

16 Integrating XML Technology with Object-Relational Databases into Decision Support Systems

As shown in [12], in Europe there are some The decision support system will use data countries that have been developed that can influence wind park performances, decision support systems in the energy like meteorological data or data resulted system for efficient management of wind from national energy production regular resources (e.g. Germany, Spain), but the monitoring. The data will be received like costs of building these systems is very high XML documents and after validating them and the particularities of national energy with XML Schemas, they will be stored in potential makes difficult the application of object-relational databases, in order to these methods in Romania. realize further analysis, necessary for These issues concerning the impossibility decision making. of prediction accuracy, the precarious data In the following paragraphs, we propose an integration from various local equipment architectural model for such a decision and systems and the inefficient analysis of support system based on the typical energy resources, lead to the need to architecture of a DSS, but with specific develop solutions for a better prediction of components of information requirements energy produced, but also an integrated identified in the National Energy System system, with a component for assisting (NES). decision making in this area. In [3] are identified four components of a The data sources provided for the decision- decision support system: 1) interface; 2) making process must be as varied and database system; 3) system of analytical, require integration. Some of the data mathematical and statistical models; 4) collected within the operational activity component to ensure communication. This will be stored in the object-relational architecture is implemented in most database as: spatial data, multimedia data, Business Intelligence solutions made by Large Objects, user-defined object types. major manufacturers. The spatial data are used in order to Starting from these standard DSS representing them on interactive maps architecture and also based on the monitoring the production of energy, information requirements identified by the multimedia data and LOB for using and National Energy System, we have manipulating large objects. proposed the conceptual model of the Also, since data integration from various informatics system. Thus, as stated in [10], sources is mandatory, we will use XML as the conceptual model contains the four a standard for integration and data levels presented above (Figure 3). warehouses for centralize data from heterogeneous data sources.

Database Systems Journal vol. III, no. 1/2012 17

Fig. 3. The architecture of the proposed DSS Source: [10]

The proposed DSS architecture can be seen for interactive monitoring of energy and in terms of achievement levels, from the resources. bottom to the top of the pyramid, on three The data warehouse will be a centralized levels: the bottom-tier, middle tier and top- repository, organizational, composed of tier, being interconnected at the level of data marts for each type of activity which telecommunications. is analyzed: operational (energy 1) The data level will consist of operational production) and financial. To load data data sources, as well as spatial data and the warehouse from data sources is necessary data warehouse to be built to facilitate to undertake a process of Extract, multi-dimensional analysis. Transform and Load (ETL). This process Some of the data collected on operational will automatically run at regular intervals activity will be stored as data in a spatial depending on the technical requirements of DBMS (Database Management System implementation. Data), in order to represent them on maps 2) The models level will include models for the current financial analysis and

18 Integrating XML Technology with Object-Relational Databases into Decision Support Systems

forecasting of these activities, models for The paper provides a synthetic look at spatial data representation, and simulation object-relational database features and models, extrapolation, prediction and possibilities for integration with XML analysis of energy production from wind technology. Also we have presented an sources. To achieve models will use new implementation perspective of a DSS, technologies for Business Intelligence (BI), which requires decision making in the such as OLAP, data mining, predictive wind energy prediction and production. analytic functions and algorithms. Our research will continue with the 3) The interface level will contain the data development and implementation of the presentation elements and specific analysis conceptual model proposed in this paper. and reporting for decision support systems. For this purpose, will be used specific The system will be accessible via a Web technologies for each level of the model interface so users can access reports architecture. Thus, the data level will use without having to install client solutions for organizing and integrating applications. It will choose to integrate all data, the models level will use solutions of elements into a portal interface that allows multidimensional analysis, forecasting a single, uniform type of authentication: models, simulation and extrapolation, and Single Sign - On. The portal will integrate for the interface level will be used elements of the subsystems and previous solutions for data analysis and dynamic levels, such as OLAP analysis, prediction presentation of data. and monitoring modules, reporting. 4) The level of telecommunications will Acknowledgment provide support for access the decision This paper presents some results of the support system both within and outside research project PN II, TE Program, Code NES, using mobile devices. For this level 332: “Informatics Solutions for decision will use the existing network components making support in the uncertain and in the NES, where the access is authorized unpredictable environments in order to according to the role and access rights of integrate them within a Grid network”, each user. financed within the framework of People Following analysis of the data sources research program. provided by the wind power plant units, we found data heterogeneity, mainly due to the References diversity of wind turbines and measuring [1] Adela Bâra, Ion Lungu, Manole instruments, and computer applications to Velicanu, Simona Vasilica Oprea, process data. For this reason it is essential “Intelligent Systems for Predicting and to use at data level techniques of data Analyzing Data in Power Grid migration and data integration. In this Companies”, TheProceedings of the manner, data can be loaded in a consistent IEEE International Conf. on manner in a centralized operational Information Society (i-Society 2010) database which can be later used for London. prediction, simulation and analysis. [2] Iuliana Botha, AndaVelicanu, Adela Bâra, “Integrating Spatial Data with Conclusions and future work Object Relational-Databases”, Journal The integration of the special data (like of Database Systems, nr.1/2011, pp. multimedia, LOB, XML, spatial data) into 33-42, ISSN: 2069 – 3230 object-relational databases is a necessary [3] Daniel Power, “Decision Support characteristic for today’s enterprises that Systems: Concepts and Resources”, maintain informatics systems in the Cedar Falls, 2000: DSSresources.com, unpredictable environments. http://dssresources.com/dssbook

Database Systems Journal vol. III, no. 1/2012 19

[4] Ralph H. Sprague, Eric Carlson, Education, Vilnius, Lithuania, 2004, “Building Effective Decision Support pp. 63 - 76, ISBN 978-0-387-25026-7. Systems”, Prentice-Hall, 1982, ISBN: [9] Vlad Diaconiţa, Iuliana Botha, “The 978-013-086-215-0 Level of System Integration in [5] Laila Alami Kasri, Noureddine Romania”, Informatica Economica Chenfour, “Model of Storage XML Journal, Vol. XI, no. 3/2007, pp. 96- Database based on the Relational- 99, ISSN 1453-1305 Object Model”, International Journal [10] Iuliana Botha, Adela Bâra, Simona of Engineering Science and Vasilica Oprea, “An implementation Technology, Vol. 2(11), 2010, ISSN perspective on object-relational 0975–5462 databases in decision support [6] Eric Pardede, J.Wenny Rahayu, David systems”, Proceedings of the Tenth Taniar, “On using Collection for International Conference on Aggregation and Association Informatics in Economy, 2011, ISSN: Relationships in XML Object- 2247-1480 Relational Storage”, ACM Symposium [11] Michael Stonebraker, Dorothy Moore, on Applied Computing, Cyprus, 2004, “Object-Relational DBMS - The Next ISBN 1-58113-812-1 Great Wave”, Morgan-Kaufmann, [7] Irena Mlynkova, Jaroslav Pokorny, 1996, ISBN: 155-860-397-2 “From XML Schema to Object- [12] Adela Bâra, Simona Oprea, Anda Relational Database – an XML Velicanu, Vlad Diaconiţa, “Decision Schema-driven mapping Algorithm”, support systems - solutions for Proceedings of the 3rd IADIS predicting, monitoring and integrating International Conference wind energy resources into the WWW/Internet, Madrid, Spain, 2004, national grid companies”, pp 115 - 122, ISBN 972-99353-0-0. Development, Energy, Environment, [8] Irena Mlynkova, Jaroslav Pokorny, Economics, pp. 55-60, 2010, ISBN: “XML in the World of (Object-) 978-960-474-253-0 Relational Database Systems”, [13] http://www.w3.org/TR/xml/ Information Systems Development: Advances in Theory, Practice, and

Iuliana BOTHA is an Assistant Lecturer at the Economic Informatics Department at the Faculty of Cybernetics, Statistics and Economic Informatics from the Academy of Economic Studies of Bucharest. She has graduated the Faculty of Cybernetics, Statistics and Economic Informatics in 2006 and the Databases for Business Support master program organized by the Academy of Economic Studies of Bucharest in 2008. Currently, she is a PhD student in the field of Economic Informatics at the Academy of Economic Studies. She is co-author of 5 books, 12 published articles (2 articles ISI indexed and the other 10 included in international databases), 16 scientific papers published in conferences proceedings (among which 6 paper ISI indexed). She participated as team member in 4 research projects that have been financed from national research programs. From 2007 she is the scientific secretary of the master program Databases for Business Support and she is also a member of INFOREC professional association. Her scientific fields of interest include: Databases, Database Management Systems, Design of Economic Information Systems, Grid Computing, e-Learning Technologies.

20 Integration of Information Technologies in Enterprise Application Development

Adela BÂRA is a Lecturer at the Economic Informatics Department at the Faculty of Cybernetics, Statistics and Economic Informatics from the Academy of Economic Studies of Bucharest. She has graduated the Faculty of Economic Cybernetics in 2002, holds a PhD diploma in Economics from 2007. She is the author of 7 books in the domain of economic informatics, over 40 published scientific papers and articles (among which over 20 articles are indexed in international databases, ISI proceedings, SCOPUS and 10 of them are ISI indexed). She participated as team member in 3 research projects and has gained as project manager one research contract, financed from national research programs. She is a member of INFOREC professional association. From May 2009, she is the director of the Oracle Excellence Centre in the university, responsible for the implementation of the Oracle Academy Initiative program. Domains of competence: Database systems, Data warehouses, OLAP and Business Intelligence, Executive Information Systems, Decision Support Systems, Data Mining.

Simona Vasilica OPREA is a Senior Engineer and Project Manager at Transelectrica National Power Grid Company. She has graduated the Polytechnic University in 2001, holds a Master Diploma in Infrastructure Management Program, Yokohama National University, Japan in 2007 and a PhD diploma from 2009. She is the author of over 20 articles, from which 3 ISI Web of Science indexed and 2 included in SCOPUS international database. Domains of competence: wind farm, investment opportunity analysis, studies of prognosis, stationary and dynamic regimes, short circuit calculations.

Ticiano COSTA JORDÃO is a Full Lecturer at the Faculty of Economics and Administration of the University of Pardubice (Czech Republic), director and co-founder of the Sustainability Crusade Observatory (CRUSUS), vice- president of the Czech-Brazilian Chamber of Commerce, and a member of the editorial board of the International Journal Sustainable Development and Corporate Social Responsibility Review (SD&CSR). In order to know more about his professional work, please consult: www.crusus.org.

Database Systems Journal vol. III, no. 1/2012 21

Integration of Information Technologies in Enterprise Application Development

Iulia SURUGIU TotalSoft, Bucharest, Romania [email protected], [email protected]

Healthcare enterprises are disconnected. In the era of integrated information systems and Internet explosion, the necessity of information systems integration reside from business process evolution, on the one hand, and from information technology tendencies, on the other hand. In order to become more efficient and adaptive to change, healthcare organizations are tremendously preoccupied of business process automation, flexibility and complexity. The need of information systems integration arise from these goals, explaining, at the same time, the special interest in EAI. Extensible software integration architectures and business orientation of process modeling and information systems functionalities, the same as open- connectivity, accessibility and virtualization lead to most suitable integration solutions: SOA and BPM architectural styles in a cloud computing environment. Keywords: EAI (Enterprise Application Integration), BPM (Business Process Management), SOA (Service Oriented Architecture), ESB (Enterprise Service Bus), WOA (Web Oriented Architecture)

Introduction 1Th e importance and the actual state of EAI technologies are emerging, not yet knowledge regarding the integration of reached a consensus on the ideal approach informatic technologies in enterprise that businesses should adopt the correct application development, rise from the formula and complete integration. current research on information Moreover, the processes of definition of processes, concepts and technological original and revolutionary EAI solutions are approaches. The essential mechanisms based on the existing integration solutions, regarding enterprise software platforms that are ussually optimized and extended in and integration requirements of order to meet new requirements and heterogeneous platforms at different approaches in the field of integration levels (data, functionalities, services, technologies. processes), depend on business specific The best known commercial EAI solutions and existing software products. are: IBM WebSphere Message Broker, Integration processes should be oriented Jonah Technologies, Microsoft BizTalk on capturing the development stages and Server, Oracle BPEL Process Manager, aspects of enterprise applications on the Pervasive Software, SAP Exchange one hand, and information technology Infrastructure, Sterling Commerce, TIBCO integration processes, on the other. Software, webMethods, Sun Microsystems. Basic EAI principles and concepts should EAI open source solutions, often preferred be highlighting issues in defining by software integrators, are: OpenESB, complete and coherent solutions for Virtuoso Universal Server, Jitterbit enterprise application integration. Integration Server, JBossESB, Mule. Table below presents a comparison between 2. Analysis of enterprise software different EAI platforms, given some basic platforms in relation with business criteria: price, implementation, software requirements solution maturity and support.

22 Integration of Information Technologies in Enterprise Application Development

Fig. 1. EAI solutions comparison

Concluding on the table, open source EAI briefly identify some general characteristics solutions provide the same functionality of services and processes integration, as commercial solutions, also offered focusing on the advantages and support developers is supported by disadvantages of integrating information communities or ad-hoc solutions for open technologies in enterprise application source to commercial, which is purchased development. at cost. In terms of planning versions, Advantages: open-source solutions tend to be updated - natural and proper software solutions; more often. My choise in term of - development projects must follow the integration platform for this research is standards, procedures and working Mule, an open source solution that offers methodologies at all levels; all the benefits of a mature development - independence between services and integration platform and a proper work processes, and also business environment. functionalities; EAI implementations and modularisation - project development and production of software applications, regardless of rollout are efficient and easy to handle; business processes addressed, are based - systems are scalable and availability is on applying some architectural principles maximum, restricted to user types, in SOA approaches: applications are business processes and business transformed in independent service bus, reasons; ESB architectures are used for - project development life cycle is much application integration, XML is used for reduced, while adapting to new data sharing, operational architecture and requirements of business process is logical database structure are redesigned, faster and easier. according modularization rules, services Disadvantages: can be consumed independently, which - hard work on business analysis and allows more flexibility in deployment and technical analysis in the development of software configuration capabilities, projects; compared to solutions for stand-alone - consistent initial efforts to modify and applications. Different versions of the adapt existing solutions and to integrated system are simplified by EAI implement the new system; modularization schemas, as an effect to a - additional and detailed management weak binary coupling, while versioning activities; data and interfaces will be compliant to - not all software configuration options the overrall integrated solution. I will are possible for rollouts;

Database Systems Journal vol. III, no. 1/2012 23

- some business processes that require interoperability and integration, encouraging interoperation may induce a response the development of ESB components in latency of communication between various programming languages designed integrated subsystems. for bussiness application connectors. Integration architecture based on web 3. Study of compatibility between services has led to aggregation of strong different software platforms for integrated solutions across business enterprise application development processes and enable design of complex The latest technology approaches in models of business processes, the starting enterprise application integration are point for new technologies such as grid SOA, WOA and cloud computing computing or WOA. In the context of architectures. orientation towards web technologies, the Two current concepts and frequently used topic of cloud computing is the most as an approach to integrate computer powerfull approach in software integration, technology, cloud computing and presenting series of capabilities and facilities technologies based on XML Web of such software and hardware architecture Services. Cloud architectures dominate models. I will define a comparative study distributed computing solutions that between SOA and WOA architectures, require access to hardware, data and highlighting specific factors of interest. functionalities. Architectures based on XML Web Services technology is the Table 1. Comparison between SOA and WOA main trend in heterogeneous information Criteria/ SOA WOA integration technologies, the integration Architecture of functional capabilities and operational business process flows, the definition of Approach Focus on simple Focus on simple complex models and consistent level of functionality, but and natural service integration and process. XML properly information Web Services architecture is a starting implemented. technology and architectural point for integration of information concepts. technology-based processes, as programmable atomic entities underlying Reusability Encourages use of Opt for simple Web services to web technologies the business logic for definition of standardize at the expense of workflows and business processes. interoperability. complex Established enterprise application protocols. development platforms, Java and. NET Software SOA services The emphasis is functionality on gradual allow the natural operation of SOA architecture architecture and Web services aligns the implementation of consumption by implementing specific business functionality for processes by business process invokers. Both in Java and .NET mapping and modeling as their platform, XML Web services use, in the modeling need arises. context of client applications, is done operations through remote procedure calls, specific business implemented in Java by invoking RPC on logic. EJBs servers or Servlets and in .NET Information Leverages It promotes the declarative implementation to technologies through listener implementation of type interfaces and use standard SOAP listener or .NET Remoting. insists on development tools, Regardless of the technological approach standardization of but encourages the and operating system being implementation use of information heterogenious, service-oriented tools technology as the best suited architectures offer support for typology

24 Integration of Information Technologies in Enterprise Application Development

applications tools a starting point, being suitable to use for a product with a high complexity and dynamism, with complex activities, continuously changing and developing. Generally, choosing a methodology for developing a software system will be made The main conclusion is that integration according to each project specificity and to technologies such SOA is one of the most the nature of the business model. natural EAI solution to implement, while Methodologies and procedures, working providing the possibility of defining rules will be not simply applied step by step, reliable, stable, decoupled, complete but they will intervene during each phase as architectures and, not least coherent and required by the current project, as interoperable, beyond any limitations guidelines. Standard methodologies provide related software platforms or complex only starting points and directions to a data structures. Exposing SOA complete and perfect methodological integration solution through web, in a approach. cloud computing environment, for As in this case I combined three software instance, lead to extreme accesibility and methodologies and I used established virtualization power of business templates to define work phases that will processes modeling business optimize the process of software integration functionalities. solution, in a similar way, in any project,

according to a whole work context and also 4. Development of a methodology for according to factors outlined above, we will design, implementation and integration choose to use our own and specific of information systems based on methodology, which will be the most heterogeneous software platforms appropriate option to meet requirements and Following standard EAI methodologies project necessities. analysis and undertaken research, with In terms of practical usage for application the starting point of such process oriented integration solution, I have used the methodology Waterfall TBI, I decided to proposed development methodology for an use an iterative, process based experimental prototype, as following: methodology for developing the solution analysis and design phase has been extended for applications integration. Each stage of in time so that the bussiness requirements on software solution development will be one hand, and objectives of the integrated functional validated and quality and system - on the other hand, is completely experimental tested so that the work for defined. After defining the technical solution the new phase to have the previous and starting the development and results as a starting point. By the very implementation phases, I repeated, in nature of the research project and the iterative cycles, functional validation and subject matter, iterative approach has acceptance testing of the modules, so that proven to be an appropriate choice. after completion of one iteration to get to I consider that the most appropriate way know the real state of the project and to re- to develop an integration project would estimate total work effort, as well as be based on an Agile type EAI refactoring / adapting the solution according methodology, enhanced with RUP to the feedback and validation of (Rational Unified Process) influences, intermediate versions at the end of iteration. MSF (Microsoft Solution Framework) This incrementally work model contributed and XP (eXtreme Programming) to greater predictability in project techniques. As iterative and incremental completion and to a smaller refactoring process model with object-oriented effort as compared to the requirement architecture, I propose RUP influences as

Database Systems Journal vol. III, no. 1/2012 25 changes that would have occurred at the accuracy of the integrated system; end of implementation, if there were no events can be synchronous and, partial validation, along the way, for moreover, asynchronous calls in the atomic features. automated EAI solutions; Proposals to improve standard software - business process modeling using integration methodologies: traditional techniques such as UML will - increased understanding of the refine them as to achieve the process, business area to identify key business according to the specific integration processes and the least important project; processes; - „continous integration” process, - give greater importance to the especially automated testing in order to implementation of logical flows, validate system quality; described in terms of functional, - appropriate use of information operational and integrated business technologies in the integration solutions flows; development; it is a basic need to select - understanding of data structures - the best technologies in order to develop many EAI projects are integrated integrated solutions, otherwise any only at the data level; it is very mistake is costly in time – an important to correctly identify data appropriate option would be to build a structures, descriptive data schemas pilot project; and to accordingly apply business - integrated system performance and principles to determine which data scalability is a major concern with streams coexist in an integrated integration projects; system, where and why to use these - importance of the prototype installation data in order to make data mappings of intermediate versions of the and transformation; integrated system, before running the - understanding of the processes is final installation and launching it into essential to obtain a correct and production environments; functional model of the integrated - maintenance effort and support are system; project definition is considerable in software integration dependent on how business processes solutions and should be treated are perceived, but also on the separately. accuracy of the data model I also made a research on the risks faced by definition; software integration projects, by - increased attention to developing highlighting some key issues and methods and technologies, rather implementing a risk analysis example for e- than work processes; Health prototype. I highlighted the major - identification of user interfaces has risk factors and proposed a risk management great importance for understanding plan, as a measure to reduce the negative the integration points between impact on implementation processes of an disparate applications; integrated system. - understanding of events is a key factor for the functional model

26 Integration of Information Technologies in Enterprise Application Development

Fig. 2. Risk assesment

For each of these risks I have probably, implementing software development over given the appropriate points of established protocols and standards. Case occurrence and expected impact, causing study performed and presented in this paper a degree of exposure of project risks. starts from the goal of systems integration Prioritizing, then, risks after exposure, we process, the complexity of its component see that the most dangerous risk for the phases, meaning the creation of an integration project is the lack and integrated information system, having at incompletion of requirements analysis. least the following attributes: For each risk noted in the figure above, I comprehensive, coherent, independent of have shortly proposed actions to take in geographical, social, national or business order to minimize negative impact and processes logic limitations. effects, actions that should be the most I will describe in this section a platform for appropriate strategy to consider. software systems integration, developed in Extending risk analysis, we can discuss Mule, which aims to highlight aspects of the here also about positive risks, events that application integration, such as: integration can bring benefits and new capabilities to at data sources level, service based project success. integration, business processes integration, In other words, the proposed through implementation of components methodology was applied naturally in the focused on the integration of data, services e-Health prototype, proved to be both a and processes. I choose Mule platform for way of control and predictability, offering software prototype development because it in the same time operational support for is an efficient, complex and frequently used carrying out a complex integration development environment for integration of project. information technologies. To illustrate the theoretical and practical concepts presented 5. Implementation of a cross-platform in previous sections, according to the software system implementation which is further described in The proposed solution for enterprise detail, I present the prototype of an applications integration is located at the integrated system for e-Health. From middleware level and aims to integrate functional point of view, the experiment functionalities and heterogeneous data represents an interoperability model between sources, by interoperation of a medical system and financial system. In heterogeneous information technology, terms of working context, the integration data sources of different origins and prototype combines development different business functionalities. Also, in technologies / platforms like Java, .NET, the practical experiment I will emphasize Microsoft SQL Server, MySQL, Mule, the use of uniform policies for Apache, web-service based architecture communication between applications, by (SOA, WOA), service and process based,

Database Systems Journal vol. III, no. 1/2012 27

ODRA, ORM. The project aims to the two heterogeneous systems, the next achieve an integrated sistem and level of complexity is demonstrating a non- consistency at the level of data, services trivial mechanism of communication and processes, by combining and through messages. I will present integrating heterogeneous information architectural and functional model technologies. underlying messaging communication Besides service level integration between software systems located on both prototype and specific calls that sides of the enterprise web service bus. orchestrate the communication between

Fig. 3. Mule architecture

Mule supports transport protocols used in messages arriving through protocols / distributed programming, WS-* mechanisms of transport services are standards, JMS, File, SMTP. Client configured in Mule and processed on the applications publish client requests on application server side. A service component pre-defined communication channels. includes two processing end-points: an entry Requests are processed by the integration point and one exit point. The entry point is server application through services. an endpoint that specifies the Client applications access the services of communication channel can be used, what ESB through secure communication messages can be transmitted and how to channels and the flow transfer is done by transfer such calls to Web services through a specific invocations of connectors which .NET proxy or a through a JMS message implements the connection between client queue. and server calls integration. Processing As a case study based on theoretical activities that the integration server elements on integration of information performs in order to operate on incoming technology and XML web services already messages, for communication reasons mentioned, I propose a prototype with other client applications, are a result implementation of an integrated system of transformation calls that specialized through web services technologies and Web components perform inside ESB. ESB 2.0 standards. This practical experiment

28 Integration of Information Technologies in Enterprise Application Development highlights ways to integrate enterprise Coming back to the e-Health integration applications based on integration of prototype, the business flows architecture information technologies, in addition to a can be described as following: in the complex architecture based on an medical system we have dictionaries of integration server. In this respect, I patients, delivered medical services under followed techniques and integration financial articles mapping and information between Java and .NET platforms at the on financial status of the services performed level of database, functionality and user by physicians. On the other hand, the interface applications. Working context is financial system have invoiceable items – given by an architecture based on XML corresponding to medical services from Web services implemented using Java healthcare application – along with prices platform. Data sources are heterogeneous, and financial attributes, customers - relational DBMS, MySQL and Microsoft corresponding to patients from healthcare SQL Server and will be integrated into a application, financial transactions - the global catalog on Microsoft SQL Server. equivalent of medical consultations, The purpose of the prototype is to financial form and generated financial demonstrate how we can integrate up to documents - invoices and details. the level of services, applications built on heterogeneous data sources.

Fig. 4. Business flow design

Database Systems Journal vol. III, no. 1/2012 29 Medical system manages entities like transformed into XML data, SOAP and patients and consultations and receives retransmitted as serializable objects to from the financial system billable items, client applications, to be deserialized for deliverable items/services, notification internal usage purposes. about patient billing / payment. At the Software architecture used for exposing other endpoint of the enterprise service functionalities of business processes as bus there are integration services and web services is based on a SOA business processes of the financial virtualization engine, which allows the system, which manages items and bills definition of services that can be accessed and communicate both with the medical via FTP, XFB, EJB, JMS, SOAP / HTTP. system for receiving patients as the The access to web services is done equivalent of customers and for through UDDI or graphical interfaces intercepting transaction execution as the provided by the development deliverance of medical services in the environment tools, the main purpose of consultations. SOA being service re-usability. UDDI Using this functional model, I have registry allow the attachment of metadata designed an integrated system objects that virtualize access to services, implemented in Mule, using some design such as status or version identifiers for principles to work in the following each called service instance. integration schema: declarative The conclusion of the project of addressing and XML configuration for integrating information technologies Java service invoker, SOAP formatting and .NET using the Mule platform, is that messages sent inside the service bus and I have proposed an efficient and web proxy service calls to end-point. I interesting way of building a reliable, used the .NET environment developer scalable and extensible prototype for tools and Visual Studio 2010 to generate enterprise application integration. The references to proxy for Web Services. project can be easily extrapolated and After generating web service brokers, adapted to complex business processes, client applications generate in the form of in order to achieve a fully integrated IT .NET proxy, on the one hand, and within solution. Developing this prototype I ESB, Apache proxy, on the other hand, reached to demonstrate an original the distributed communication formula for a solution of integrating architecture is the following: a client information technologies for enterprise application, i.e. the medical system, calls application development. a local method to process entity "delivered service into consultation"; 6. Business process modelling and local method calls a web service exposed optimization based on integrated by Mule integration server, it makes software systems and workflow medical entity to be passed internally analysis within the service bus, which will be The need for enterprise application given to a web service component type to integration result from the need for the other endpoint of the integration networking and communication between server. This service will call an internal different types of applications. Relative to method of the other client application, i.e. disconnected systems in terms of costs the financial system, that will process versus benefits, there are two solutions to information from another business meet the need to integrate existing perspective: invoicing patient medical software products: rewriting them for services. Between the exchanges of intercommunication or software messages in the web service bus, working integration for their existing IT solutions entities are subject to transformations and - that means integration through coupling serialized/de-serialized. Generic objects / decoupling mechanisms governed by are serialized in SOAP messages, then EAI principles.

30 Integration of Information Technologies in Enterprise Application Development Various aspects of business processes - offers real time data acces and modelling and optimization in terms of operation; information systems, start from the use of - removes multiple data operations and existing information systems, the need of greater allocation in order restructured/refactored systems or to check data consistency; integrated systems. - eliminates gaps in information Based on the comparative approach in system, information redundancy and terms of cost and efficiency, depending long time development of various on circumstances and context of business internal processes (billing, (designed business area, dynamism of the contracting, commissioning, monthly business domain, scale and complexity of reporting); software product, architectural design of - reduces cumbersome tracking the underlying software systems, the business costs distributed on cost degree of use and efficiency) will be center and budget lines, allocated to chosen one of these options: to rewrite business size. existing software products, according to new requirements, or to define a solution Conclusions for enterprise application integration, Research done in integrating enterprise starting fro legacy applications. applications, as described in this paper, Whatever the choice made, system captures more fundamental aspects, development related activities require theoretical and practical, existing and additional resources and maintenance new concepts of EAI. Based on existing efforts. As the level of abstraction of a theories, but also practical and system is higher, the more simple the methodological aspects of the existing process of reengineering becomes and implementations of EAI, I defined a there will be available more information solution for enterprise application about program and data structure, models integration on multiple descriptive levels: of business entities, design models for software product development data and control flow, UML class methodology, technical implementation diagrams, states, actions, workflows. and functional analysis. I also stressed the The basic conclusion is that systems context of these approaches, methods of require additional efforts and extensible, optimization of business processes automated architectures, in order to through an integrated approach, options maintain and simplify the structure and to for achieving a fully integrated deal with the dynamism of business information system respecting the environment. Any chosen solution must principle of maximizing efficiency. be optimal no matter the considerents Based on personal experience, but also on taken into account. In particular, standard theories in software integration integrated software solutions are subject area, I outlined the advantages and to software reengineering, in order to disadvantages of various solutions and I optimize business processes and to better have highlighted generally accepted exploit the new system. principles in case of dynamic software I will define, based on personal systems over a certain level of experience and information systems complexity. Software prototype for efficiency theories, an own assessment of enterprise applications integration for e- the effectiveness system for an enterprise Health was designed and developed with application integration, in the medical the latest information technologies and it field. The main advantages of integrated is a functional system that demonstrates information system usage are: the practical and experimental utility, of - removes difficulties and low speed in an integrated information system, built the operation of data, restricting with a personal vision. users to be proficient;

Database Systems Journal vol. III, no. 1/2012 31 References Systems Journal, Vol 45, Issue 3, pp. [1] Iulia Surugiu, Integration of 647-655, 2006, ISSN 0018-8670 Information Technologies in [6] David Dossot, John D’Emic, Mule in Enterprise Application Development, action, Manning Publications, PhD. Thesis, 2012 Greenwich, 2009, ISBN 978-1- [2] Faisal Aburub, Mohammed Odeh and 933988-96-2 Ian Beeson, Modelling non-functional [7] Kevin B. Hendricks, Vinod R. requirements of business processes, Singhal, Jeff K. Stratman, The impact Information and Software of enterprise systems on corporate Technology, Issue 49, 2007, pp. performance: A study of ERP, SCM, 1162–1171, ISSN: 0950-5849 and CRM system implementations, [3] Joseph Barjis, The importance of Journal of Operations Management, business process modeling in software Issue 25, 2007, pp. 65–82, ISSN: systems design, Science of Computer 0272-6963 Programming, Issue 71, 2008, pp. 73– [8] Xin Jin, Research on the Model of 87, ISSN: 0167-6423 Enterprise Application Integration [4] Bih J., Service Oriented Architecture with Web Services, Proceedings of the (SOA) - A New Paradigm to 3rd WSEAS International Conference Implement Dynamic E-business on COMPUTER ENGINEERING Solutions, ACM Ubiquity, Vol. 7, and APPLICATIONS (CEA 2009), Issue 30, 2006, ISSN: 1530-2180 ISSN: 1790-5117, ISBN: 978-960- [5] S. Chandra, J. de Vries, J. Field, H. 474-41-3 Hess, M. Kalidasan, K. V. Raghavan, [9] Shahed Latif, Cloud Security and F. Nieuwerth, G. Ramalingam, J. Privacy: An Enterprise Perspective Xue, Using logical data models for on Risks and Compliance (Theory in understanding and transforming Practice), O'Reilly Media, 2009, legacy business applications, IBM ISBN:0596802765.

Iulia SURUGIU has graduated The Bucharest Academy of Economic Studies (Romania), Faculty of Cybernetics, Statistics and Economic Informatics in 2007. She is a Ph.D. Candidate in Economic Informatics with the Doctor’s Degree Thesis: “Integration of Information Technologies in Enterprise Applications Development”. Her research activity can be observed in scientific papers and proceedings achievements, among which:

• “Information Technology Standards – A Viable Solution to Reach the Performance”, The 12th WSEAS International Conference on Automation & Information (ICAI ’11), April 2011, Brasov, Romania; • “Information Systems Integration, A New Trend In Business”, The 10th WSEAS International Conference on Applications of Computer Engineering (ACE’11), March 2011, Spain; • “Ways to Increase the Efficiency of Information Systems”, The 10th WSEAS International Conference on Artificial Intelligence, Knowledge Engineering and Databases (AIKED’11), February 2011, Cambridge, UK; • “Advanced e-Government Information Service Bus (eGov-Bus)”, The 9th International Conference on Informatics in Economy, May 2009, Bucharest, Romania;

32 Integration of Information Technologies in Enterprise Application Development

• “Academic Research Information System”, Journal: JAQM (Journal Of Applied Quantitative Methods), issue 1, vol. 3, 2008; • “Medical Virtual Public Services”, Journal: Informatics Economics, issue 1(45), 2008.

Database Systems Journal vol. III, no. 1/2012 33 SOA - An Architecture Which Creates a Flexible Link between Business Processes and IT

Radu Stefan MOLEAVIN Bucharest Academy of Economic Studies ROMANIA [email protected]

To be viable, a company must be adapted continously to the market’s requirements. The adaption of a company to the market’s requirements means also changes in the business processes of the firm. Till several years ago, in any enterprise there was a strong link between business processes and IT applications. Any changes in the business processes lead to a change in the IT applications. This means that any change in the business side involves time, human resources and material resources consumption.This fact can be translated in a slow adapting to the market changes and a cost increasing for changing IT applications side necessary for their adaptation to new business market. Today the market changes quickly and it has a great development; this means that the enterprise adaptation to the market’s requirements must be done quickly and with low consumption of either human or material resources. Also, the market changes which cause changes in the business processes should not cause major changes in the IT area. This goal can be achieved using an architecture services-based (SOA) for the enterprise. This architecture allows us, like in a puzzle game, to use the same pieces of material ("services") to build different models ("business processes"). Keywords: SOA, Web Services, Business Processes, ESB

1. The need of integration. In every of business processes and comprise enterprise, focus of business environment computers, programs, databases, is concentred to relationships with their networking and so on.This IT systems partners, customers and suppliers, as well was develloped in decentralized manner. as new compliance regulations and Every IT system was built for one compliance with applicable laws. department as own application, without In point of view IT, in major part of taking into consideration applications enterprises was developped over time, built by other departments within the many applications as:Supply Chain company.So these IT systems cannot Management), CRM(Customer comunicate each others.For this reason Relathionship Management), Human when a business processes is changed, all Resources),ERP(Enterprise Ressources IT system which support those business Planning) and other applications as processes have to be modified.This lot of Health and Safety IT systems has become a brake for Managment,Communication business process enhancing. For this Management etc,).These systems use: reason IT systems and Business processes different platforms, operating system and have to be linked into an integrated program languages.As is defined in [1] system, which can ensure operational “...old method, technology, computer performance and competitive system, or application program that advantages.It should be better as every continues to be used, typically because it department of enterprise to share accurate still functions for the users' needs, even and reliable data , to integrate their IT though newer technology or more systems , in order to offer a better support efficient methods of performing a task are to the decision making process now available....” this are legacy concerning the overall organization’s systems.These legacy systems was built activity. to support one business process or part

34 SOA – An Architecture Which Creates a Flexible Link between Business Processes and IT 2. SOA-Scope,Goals and Benefits. deployment of standardized and In some words it have to find a solution composable services each representing a which have to solve some challanges [2] piece of the enterprise and expresses it in from Chapter 1: Alignment of IT with a consistent manner. business goal, Responding quickly to - Increased Vendor Diversification new business opportunities,Getting the Options. Vendor diversification refers to competitive advantage,Handling the the ability an organization to choose best launch of new products/services , while technology innovations and use them managing existing ones an Handling within one enterprise. when is regulatory and government requirements required.This help enterpise to change with ease. quicly business processes to at changes of The solutions at problems above can be market. solved using SOA which is defined in - Increased Business and Technology [3]: Alignment „SOA is an architectural paradigm for -Increased ROI – Services have increased dealing with business processes reuse potential that can be realized by distributed over a large landscape of allowing them to be repeatedly assembled existing and new heterogeneous systems into different compositions.Once created that are under the control of different a service can be used as simple service or owners”. as composed service .In this way cost for SOA is essentially a distributed design services is decreasing architecture, with systems that include -Increased Organizational Agility- computing platforms, data sources, and Enterprise agility, on refers to efficiency technologies. A distributed architecture with which an organization can respond requires integration. to change. Because services have Integration software provides the bridge developed as reusable IT assets, they can between the legacy systems and be repeatedly composed into different SOA,SOA represents a software configurations. As a result, the time and architecture that is business-oriented and effort required to automate new or integrates the business tasks as a set of changed business processes is reduced. interconnected and reusable services, - Reduced IT Burden- Applying service- which communicate with one another. orientation approach in an IT enterprise it „SOA establishes an architectural model can reduce redundancy, size and that aims to enhance the efficiency, operational cost, and overhead associated agility, and productivity of an enterprise with its governance and future by positioning services as the primary evolution.In this case IT enterprise is means through which solution logic is agile department which contribute at represented in support of the realization increases in efficiency ,cost-effectiveness of the strategic goals associated with and to realisation of strategic goals. service-oriented computing”. [4]. Strategic goals and benefits are: 3.Services -Increased Intrinsic Interoperability- In the context of SOA, a service is a Interoperability refers to the sharing of function performed by an application. A data and more interoperable programs function is coded only once and then exchange easier information.In this case reused wherever it is needed. “Basically, it can say that integration is a process that [5] service is a self-contained (offers enables interoperability. different functionalities related to one -Increased Federation- A federated IT business or technical area/sub-area), environment is one which resources and cohesive (all related functionalities are applications are united and have placed together), black box (consumers individual autonomy and self- know nothing about its internals, and governance.This is succeded through underlying technologies) software

Database Systems Journal vol. III, no. 1/2012 35 component that encapsulates a high level specifications use description languages business/technical concept that can cover WSDL to describe information related to specific area of whole system”. technical areas of service such as In point of view of granularity, a service underlying programming language(s), can be designed to be fine-grained or middleware(s), network protocol(s), and coarse-grained. A fine-grained service other runtime aspects. can handle small and specific Informal specifications are textually functionality (e.g. log service, database presented to provide general information access service, fees calculation service). such as the purpose, functionality, Fine-grained services are reusable. A constraints, usage of exposed service, and coarse-grained service is more powerful expected response time. A contract [3] is service that usually is composed of many the complete specification of a service fine-grained services and handle more between a specific provider and a specific complex and wide range of related consumer. From a consumer’s point of functionalities (e.g. loan management view, it defines “everything you have to service, purchase order service, etc). know when using this service,” so that Coarse-grained services are hard to reuse. (ideally) no doubts remain. A service might be stateful or stateless. •Interface: It provides technical Stateful service retains and manages representation of service operations service states during its execution, (contain information about public between different requests (e.g. a service operations, parameters and return types) that is responsible for handling loans that are available to be invoked by must be stateful in order to keep state clients. information about the loan being •Implementation: It contains logic of processed for client). A stateless service service that might be related to accessing does not retain its states between different data, business logic, etc. This requests. This type of service is the most implementation logic could be used type of services in SOA, because it encapsulated internally within service allows loose-coupling between requestors itself or it may be provided by other and offered services. external artifacts (e.g. other programs, Also, a service can be short-lived or long- code libraries, components, legacy lived. The execution of transactions systems, etc). Implementation of Service offered by a short-lived service can take as Web service can be written in any sub-seconds or seconds to finish working language and in any platform. The and returning back the generated results technologies of Web service makes this (e.g. getting or updating a database record implementation logic accessible using such as customer information). Execution standard Web technologies, such as of long-lived service may take some HTTP and Web browser, and result in a minutes for starting and will take some faster and more dynamic communication days or even months to reach the final for connected applications. Web state (e.g. a loan management service services architecture is service-oriented may take months to grant a new loan to and is shown in Figure 2.A consumer one customer). searches(using message SOAP- Simple Technically, a service is composed of Object Access Protocol specific format three parts shown as for exchanging Web Services data over Fig: HTTP) for an • Contract: It provides both formal and informal specifications of service. Formal

36 SOA – An Architecture Which Creates a Flexible Link between Business Processes and IT

Fig.1. Essential Service Elements [5] available provider of a service to execute and by requesters to search and discover a certain function. A service already registered services) contains registry(UDDI- Universal Description, published services and when there is a Discovery, and Integration specification request for a service, it returns back the can be used by the service providers to information which allows requestor to advertise the existence of their services locate and invoke the service.

Fig.2. Web Service Arvhitecture

4. SOA Architecture model. SOA is an n-layer architectural The structure of a Service-Oriented model as is shown Architecture can be mapped with a layer Fi.

Database Systems Journal vol. III, no. 1/2012 37

Fig.3. SOA Foundation Reference Architecture [6]

SOA layers are: provide a specific business function for Operational Systems Layer: This layer enterprises.Services are held in Enteprise contains existing applications of Repository Services.Services are splited enterprise as object-oriented systems, in three categories:Local Services(intenal business intelligence etc.These developed in enterprise),Remote applications are known as Custom or services(outsources services) and Legacy application. These applications Enterprise Information system provide the background for services and services(internal developed in enterprise each of them has its own proprietary using components of Enterprise structures, databases and other system Information system(legacy systems)). resource access. This layer contain also Business Process Layer: The services technolocical layer which contain: can be composed into a single application Application Platform,Technology through service orchestration or platform,Operating system. choreography, which supports specific Enterprise Components Layer: These use cases and business processes. are specialized components to provide Presentation Layer: It provides user certain functions and requirements for interfaces for:internal users,customers services. They are the business assets for and providers of enterprise.They are service implementations, and other consumers [6] of the processes and system necessities such as management, services. availability and load balancing of Comunication between services and services. Business Processes is facilitated [6] by Services Layer: This layer contains the ESB(Enterprise Service Bus)-Fig actual services which can be discoverable . and invoked by other applications to

38 SOA – An Architecture Which Creates a Flexible Link between Business Processes and IT

Fig.4. SOA Foundation Reference Architecture: Middleware Services view [6]

Core components of Middleware Services Main properties of ESB are: are: Invocation-Is the ability of an ESB to • Interaction services- provide the send requests and receive responses from capabilities that are required to services.That means that an ESB has to deliver IT functions and data to users; support the standards for web service • Process services- provide the required communication including SOAP,UDDI control to manage the flow and and the WS-* family of standards. interactions of services for implement Routing-is the ability of ESB to decide business processes; the destination of a message during its • Business application services- are transport. used by service consumers for access Mediation-refers to all transformations or to portal or business processes. translations between disparate resources • Information services-Manage including transport protocol, message disparate data source in unified format and message content. manner. Adapters- connect to the native APIs and • Access services- provide a link data structures of legacy applications and between core applications of present a standard interface, which makes enterprise, enterprise data stores and it easy to reuse business logic and data. the ESB to incorporate services Security-means for an ESB that is able to delivered by these applications encrypt and decrypt the content of • Partner services- Partner services messages, handle authentication and provide capabilities for business access control for messaging endpoints . processes which interact with outside Management-ESB has to provide: audit partners and suppliers. and logging facilities for monitoring infrastructure,a mechanism for Part of SOA,an ESB is defined as [7] configuration and administration of bus „... an open standards, message based, and also tools for usage metering. distributed integration infrastructure that Process Orchestration-ESB may include provides routing, invocation and an engine to execute business processes mediation services to facilitate the described with the Web Services interactions of disparate distributed Business Process Execution Language applications and services in a secure and (WS-BPEL) which coordinates the reliable manner.” collaboration of the services connected to the bus.

Database Systems Journal vol. III, no. 1/2012 39 Complex Event Processing-ESB may using orchestrating, coreography, and include mechanisms for event controlling web services. interpretation, event correlation and event As is shown in figure 3,4 and 5, SOA pattern. based system is composed of Service Consumer, Service Bus(Enterprise 5. SOA-Flexible link between Business Service Bus), and Service Processes and IT Provider.Service Provider start at level A business process is a set of specific, Framework and application.System tasks performed by people and systems Applications, based on various and designed to achieve a predetermined implementations of language and outcome. Companies are trying continuu platform, provide Application Services to improve their business processes , to which use adapters to comunicate with adapt at market changes, using new ESBApplication services are exposed in technology. As tool for modelling Regpository of ESB. Here are exposed processes, companies are adopting BPM also Created services which are new (Business Process Management) which services which don’t use functionalities helps to align IT systems with business’s of legacy System Applications..These can strategic goals by creating well defined be Internal services(create within enterprise business processes, monitoring enterprise) and External services(create their performance, and optimizing for outside enterprise). increase efficiencies. Each business Business processes are composed of sub- process is modeled as a set of individual processes and activity.If activity is simple processing tasks. These tasks are can be executed by one service, else is typically implemented as services within complex can be executed by a composed the enterprise. BPELs are the languages service from Service Orchestartion Layer for process management. Business of ESB.In generally Sub-processes are Process Execution Languages (BPELs) executed by composed services from are XML(eXtensible Markup Language) Orchestration layer. used for modeling business processes

Fig.5. SOA Architecture [Adapted [8]]

40 SOA – An Architecture Which Creates a Flexible Link between Business Processes and IT

6. Conclusions 596-52955-4;ISBN-13: 978-0-596- BPM and SOA provide a good 52955-0. combination for enterprise. BPM provides [4] T. Erl,. http://www.soaprinciples.com/. a tool for defining businesses processes http://www.soaprinciples.com/. and also other important posibilities of [Online] monitoring and managing these processes. [5] Q. Hassan Services provide the functions that support http://arxiv.org/ftp/arxiv/papers/1202/ these processes. 1202.6623.pdf. http://arxiv.org. SOA provides infrastructure(ESB) and the [Online] Faculty of Computers and capabilities for services to be combined Information Systems,Mansoura and to support and create an agile, flexible University, Mansoura, Egypt, 2009. enterprise. [6] M. Keen http://www.redbooks.ibm.com/redboo References ks/pdfs/sg247234.pdf. [1] Wikipedia. www.wikipedia.org. http://www.redbooks.ibm.com. http://en.wikipedia.org/wiki/Legacy_sy [Online] August 2006. stem. [Online] [7] F. Menge [2] G. Behara http://kanagwa.com/assets/21/Esb1.pd http://www.bptrends.com/publicationfi f. http://kanagwa.com. [Online] 2007. les/10-08-ART- [8] P. S. Beom SOA%20and%20Integration-Gopola- http://conference.kiec.or.kr/presentatio final.doc.pdf. n/Sang-bum.pdf. http://www.bptrends.com. [Online] http://conference.kiec.or.kr. [Online] October 2008. October 17, 2008. [3] N. Josuttis, SOA in Practice. s.l. : O’Reilly Media, 2007. ISBN-10: 0-

Database Systems Journal vol. III, no. 1/2012 41

SAS Enterprise Data Integration Server - A Complete Solution Designed To Meet the Full Spectrum of Enterprise Data Integration Needs

1Silvia BOLOHAN, 2Sebastian CIOBANU 1Marketing Manager, 2Implementation Project Manager SAS Analytical Solutions Romania

This paper is about why is Data Integration important for organisations around the world. Organizations struggle daily with the challenges of large distributed data volumes, inconsistently defined data across disparate systems and the high expectations of data consumers who depend on information to be correct, complete and available when they need it. SAS Enterprise Data Integration Server provides a comprehensive solution that enables organizations to solve these challenges in a timely, cost-effective manner with the ability to efficiently manage data integration projects on an enterprise scale, increasing overall productivity and reducing the total cost of ownership. Keywords: metadata, data cleansing, data integration, ETL, ELT

1 Introduction Integration Server designed? What does SAS® Enterprise Data It is designed for organizations in all Integration Server do? industry sectors that are implementing one SAS Enterprise Data Integration Server, or more data integration projects, dealing featuring DataFlux® technology, is a with changing business landscapes and powerful, configurable and business-driven IT initiatives, trying to meet comprehensive solution designed for regulatory requirements, or implementing managing big data. It can meet a wide data governance. variety of data integration requirements, from small tactical projects to strategic 2 SAS® Enterprise Data Integration business initiatives. Server • Access virtually all data sources. Product overview • Extract, cleanse, transform, conform, SAS offers the only comprehensive aggregate, load and manage data. enterprise data integration environment that • Support data warehousing, migration, is built from the ground up to meet the full synchronization, federation and spectrum of enterprise data integration provisioning initiatives. needs. Instead of linking and managing • Support both batch-oriented and real- technologies from different vendors, SAS time master data management Enterprise Data Integration Server provides solutions. a collaborative design environment • Create real-time, reusable data promoting object reuse and sharing, integration services in support of administrative controls, wizard-driven service-oriented architectures and design process workflow, and ease of use data governance. and maintenance. This flexible, reliable Why is SAS® Enterprise Data solution can access data from virtually any Integration Server important? system in any form, transform and cleanse It enables organizations to efficiently data even in real time, and handle data manage data integration projects on an migration, synchronization and federation enterprise scale in a timely, cost- projects all through a versatile services effective manner and meet the high data environment that is easy to deploy and quality expectations of information maintain. consumers. Interactive data Integration Development For who is SAS® Enterprise Data Environment

42SAS Enterprise Data Integration Server – A Complete Solution Designed To Meet the Full Spectrum of Enterprise Data Integration Needs

A graphical user interface (GUI) Data Cleansing and Enrichment simplifies and speeds projects with There is an increased awareness, driven by wizards, extensive built-in compliance mandates and data breaches, of transformations and powerful how data quality and data governance can productivity enhancements, all while directly affect the bottom line. This puts providing a single point of control for increasing pressure on IT to address managing complex enterprise data potential data quality issues. SAS Enterprise integration processes. SAS Data Data Integration Server provides a single Integration Studio is easy to learn and environment that seamlessly integrates data use. It provides a collaborative quality within the data integration process, environment that lets you build reusable taking users from profiling and rules processes to speed data integration creation through execution and monitoring development both now and in the future. of results. From data de-duplication (for It automatically captures and manages example, within database marketing standardized metadata from any source, applications) to cleaning up data (for and enables you to easily display, example, before storing in a data visualize and understand enter-prise warehouse), SAS provides an enterprise metadata and your data integration approach that lets you develop and share a processes. library of data rules and processes between Connectivity and Data Access projects and across the entire data Most organizations struggle with ac- integration solution. Organizations can cessing the plethora of data sources transform and combine disparate data, (legacy, relational, flat files, XML, cloud remove inaccuracies, standardize on data, text, etc.) that are necessary to common values, parse values and cleanse support analytical systems. SAS dirty data to create consistent, reliable Enterprise Data Integration Server information. provides connectivity to virtually all Extraction, Transformation and types of data sources and types, operating Load (ETL) and Extraction, Load and systems and hardware environments Transformation (ELT) using both native access and open Loading data warehouses and data marts standards. It also supports the reading and within their allotted time windows, quickly writing of data from message queues and building analytical marts for special the sending and receiving of data to and projects, and creating extract files for from Web services. reporting and analysis applications are tasks Metadata Management IT organizations face each day. SAS SAS provides a shared metadata Enterprise Data Integration Server includes environment that is both independent (for an intuitive point-and-click Design Editor data integration) and part of SAS’ window that allows developers to easily comprehensive platform. Technical, build logical process workflows, quickly business, process and administrative identify the input and output data stores and metadata is stored and managed in a way create business rules in metadata, enabling that leverages and facilitates reuse of the rapid generation of data warehouses, existing table definitions, business rules data marts and data streams. Users can also and more. Navigational tools help users choose to have many transformations and understand how the data was derived and processes take place inside a connected where it is stored and used. Shared database, data warehouse or storage system. metadata provides a consistent definition This is referred to as ELT, push-down or in- across data sources to speed integration database processing, and can substantially projects, simplify design and reduce speed up overall processing times by maintenance costs. reducing unnecessary data movement. SAS

Database Systems Journal vol. III, no. 1/2012 43

Enterprise Data Server uses visual SQL that is consistent and accurate. push-down to select the optimal Master Data Management Support processing approach. SAS Enterprise Data Integration Server Migration and Synchronization includes data-mastering capabilities that Moving data from system to system is a provide a basis for implementing master constant activity in most organizations. data management projects that enable you to Mergers and acquisitions result in identify, standardize and correct common multiple, overlapping systems containing master data such as customer and product information that often needs to be data. Unsurpassed data access, profiling, synchronized and ultimate migrated. enrichment, clustering and consolidation to Moving legacy data during upgrades and clean, standardize and enhance data, and an conversions is an on-going process, as is intuitive development environment that is the movement of data into and out of adaptable to each organization’s ERP systems. technologies and standards, increase SAS Enterprise Data Integration Server productivity and produce more rapid results. provides the capability to migrate, SOA and Message Queue Integration synchronize and replicate data across Organizations are challenged to improve different operational systems and data operational efficiency, streamline processes sources. The point-and-click process and be more agile. Using a service-oriented design editor makes it easy to document architecture (SOA) approach helps IT ensure migration and synchronization processes that various applications can communicate in workflows that can be reused and with each other to better meet changing modified for other projects. Powerful data business requirements. SAS Enterprise Data transformations are available for altering, Integration Server delivers easily maintained reformatting and consolidating data services that enable developers to build information during these processes. sophisticated data services once and deploy You also can build a library of reusable them across the enterprise for reuse. business rules ensuring that bad data is Message queue integration is another way to never spread from system to system. In reduce maintenance, integration costs and this way, information delivered across all bridge new technologies. Using SAS applications, systems, environments and Enterprise Data Integration Server, you can geographies is up-to-date, consistent and access message queues in batch or real time accurate. without the need for custom programming. Data Federation Integration developers simply treat message Organizations today have data stored and queues as any other source and target. [1] scattered in and across numerous data With SAS Enterprise Data Integration sources. Often what’s needed is fast Server, you can define the propagation of access to the most current operational information from table to table in your data to support real-time analytics and transformations. This shows an example of reporting needs. SAS Enterprise Data the default mapping rules being applied Integration Server provides the ability to when mapping numeric to character query and use data across multiple columns, and character to numeric columns. systems without the physical This also shows the intelligence of the reconciliation or movement of source mapping display that uses color to indicate data. The logical semantic layer shields the presence of a transformational business users from the complexities of expression between source and target. the underlying physical data. By avoiding Default mapping rules are predefined but unnecessary data replication and can be extended to meet business-specific movement, it is possible to quickly and needs. cost-effectively deliver up-to-date data

44SAS Enterprise Data Integration Server – A Complete Solution Designed To Meet the Full Spectrum of Enterprise Data Integration Needs

Fig. 1. Default mapping rules chart

tables and objects; and job status viewing. 3 Key Features • Audit history lets designers see which

3.1. Interactive data integration jobs or tables were changed, when and by development environment whom. • An easy-to-use, point-and-click GUI uses • Ability to distribute data integration tasks an intuitive set of configurable windows to nearly any platform and to connect for managing data integration development virtually any source or target data store. processes. • Integration with third-party vendors • A visual, end-to-end process designer Subversion and CVS provides enhanced lets developers quickly build and edit version and source control features such as processes. archiving, differencing and rollback. • Drag-and-drop functionality eliminates • Job status and performance reports programming. provide the ability to track metrics such as • Wizards make it easy to access source CPU use, memory, I/O, etc. systems, create target structures, import • Automated job deployment allows the and export metadata, and build and execute use of common scripting languages to ETL process flows. deploy SAS Data Integration Studio batch • The multiple-user, multiple-level design jobs in an automated manner. environment supports collaboration on • Enhanced SAS code import capabilities large, enterprise projects. give current SAS users an easy way to • Role-based permissions show users only import their SAS jobs and SAS code into what they are authorized to see. SAS Data Integration Studio. Includes • Customizable metadata tree views let logging and error checking. users display, visualize and understand • Command-line job deployment for metadata. deploying single and multiple jobs. • Dedicated GUI for profiling data to • Enhanced data integration job identify and repair source system issues orchestration (process flow). while retaining the business rules for use in • The ability to surface in-database scoring other ETL processes. models within SAS Data Integration • Interactive debugging and testing of jobs Studio. during development and full access to logs. • Enhanced connectivity to Aster Data, • Check-in/check-out of jobs, related EMC Greenplum, Hadoop and Sybase IQ

Database Systems Journal vol. III, no. 1/2012 45

databases with the ability to push down more processing to the databases. [2]

Fig.2. Retail Data ChartSAS Enterprise

Hadoop. Data Integration Server includes an easy- to-use and informative GUI. You build • A complete and shared metadata jobs by dragging and dropping data objects environment provides consistent data into the diagram area. You can add definition across all data sources. transformations such as sorts, joins and • Native access methods deliver the best loads from a library and draw arrows to performance and reduce the need for connect the objects together. Self- custom coding. documentation is provided using annotated • Support for message-oriented data, and yellow notes containing further middleware, including WebSphere MQ information can be added by users. from IBM, MSMQ from Microsoft, Java Message Service (JMS) and Tibco’s 3.2 Connectivity and data access Rendezvous. • Provides connectivity in batch or through • Support for unstructured and semi- message queues in real time to more data structured data to parse and process files. sources on more platforms than any other • Access to static and streaming data for solution. sending and receiving via Web services. • Data access engines are available for • Expanded support for MPP databases: enterprise applications, nonrelational AsterData nCluster, EMC Greenplum and databases, RDBMSs, data warehouse Sybase IQ, enabling more ELT pushdown appliances, PC file formats and more. and support for bulk-load utilities. • Specialized table loaders provide • Native support for SQL-based optimized bulk loading of Oracle, Teradata processing. and DB2. • File reader/writer available for Hadoop 3.3 Metadata management file system (HDFS). • Metadata is captured and documented • Support for Hadoop’s MapReduce, Pig throughout transformations and data and Hive within flows. integration processes, and is available for • Data movement capabilities to and from immediate reuse.

46SAS Enterprise Data Integration Server – A Complete Solution Designed To Meet the Full Spectrum of Enterprise Data Integration Needs

• Sophisticated metadata mapping technologies for quickly propagating column definitions from sources to targets, discovery, comparison, analysis and and for creating automated, intelligent selective propagation. table joins. • Multiple-user collaboration support • New metadata search tool. includes object check-in and check-out. • Impact analysis for assessing the scope • Promotion and replication of metadata and impact of making changes to existing across development, test and production objects such as columns, tables and process environments. jobs before they occur. • Wizard-driven metadata import and • Ability to determine the path, processes export. and transformations taken to produce the • Wizard for metadata column resulting information. standardization. • Data lineage (reverse impact analysis), • Metadata-driven deployment flexibility which is critical for both validating so that process jobs can be deployed for processes and building user confidence in batch execution, as reusable stored data. processes or as Web services. • Change analysis for metadata change

SSSS

Fig.3. Register Tables Chart

The Register Tables wizard makes it easy cleansed and processed. New source to access data from many different systems can easily be added and security systems, as well as read and manage is managed centrally. This saves time, metadata from external sources. shortens learning curves and gives decision makers the complete 4. Conclusions information they need. From legacy systems to ERP applications Another conclusion is that a common to data stored in Hadoop, data from repository enables the centralized storage, virtually any hardware platform or management and reuse of work based on operating system can be accessed, user authorizations, reducing both

Database Systems Journal vol. III, no. 1/2012 47 development and maintenance time. A of operational and business information. GUI environment that is easy to use Data quality auditing tools monitor the provides a standard interface for building quality of data in processes and source and documenting work. Collaboration is systems. Users can see where data encouraged and manual coding is available when needed. New team originated and how it was transformed. members can get up to speed quickly on Optional enrichment components can add work done by others, which is important value and ensure everyone receives the when documentation is inadequate or best possible data. Deliver consistent, missing. trusted and verifiable information. A huge benefit of this tool is that you can SAS offers the only comprehensive manage security and administration at all enterprise data integration solution that is levels. Reusable templates make it quick and easy to provide role-based built from the ground up to meet the full authorizations and administrative spectrum of data integration needs. It privileges at the user, department or eliminates the piecemeal approach of enterprise level. linking and managing technologies from SAS processes data fast! Organizations different vendors and provides lower can take advantage of a grid-enabled overall cost, reduced risk and faster load-balanced, multithreaded parallel results. processing architecture that can quickly trans-form and move data between References different platforms and systems. SAS [1] SAS Data Integration Studio 4.4: also supports zero data movement by User's Guide, using SQL pass-through into popular http://support.sas.com/documentation/c database appliances, including Oracle, dl/en/etlug/65016/HTML/default/viewe DB2, Teradata, Netezza, SQL Server, r.htm#titlepage.htm AsterData and Hadoop. [2] Base SAS 9.3 Procedures Guide, Consistently getting correct data when http://support.sas.com/documentation/c and where it is needed provides increased dl/en/proc/63079/HTML/default/viewer confidence in the accuracy and timeliness .htm#titlepage.htm

Silvia BOLOHAN is Marketing Manager at SAS Romania for 7 seven years. She leads and functions in the creation or production of marketing content for internal and external use in area of assignment. Silvia is responsible for developing and executing marketing strategy and/or programs for SAS products and services. Silvia has given support for data analysis based projects such as customer segmentation, attrition modelling, customer lifetime value, etc. She contributes to the efforts of building and maintaining a comprehensive reporting and tracking strategy for campaign response.

48SAS Enterprise Data Integration Server – A Complete Solution Designed To Meet the Full Spectrum of Enterprise Data Integration Needs

Sebastian CIOBANU is SAS consultant for over 3 years in the Business Intelligence and Data Integration domain for the Banking sector. Projects he has worked for include Analytical CRM solutions, Data Mining and Sales Data marts. He has a BA in Economic Informatics and MsC on Databases from the Academy of Economic Studies of Bucharest. His areas of interest are: Databases, Data Modeling, Business Intelligence solutions and the Banking area.

Database Systems Journal vol. III, no. 1/2012 49

Borderless Crime - Computer Fraud

Raluca Georgiana POPA Department of Economic International Relations, Bucharest Academy of Ecomomic Studies ROMANIA [email protected]

Starting from the consideration that fighting cybercrime is a continuous process, the more the types of old crimes are committed today through modern means (computer fraud) at distances of thousands of kilometers, international cooperation is vital to combat this phenomenon. In EU countries, still under financial crisis "the phrase", cybercrime has found a "positive environment" taking advantage of poor security management systems of these countries. Factors that led criminal groups to switch "their activities" are related to so-called advantages of the "gains" obtained with relatively low risk. In Romania, more than any of the EU member states criminal activities set as target financial institutions or foreign citizens, weakening confidence in financial systems and the security of communication networks in our country, people's confidence in electronic payment instruments and those available on the Internet. Keywords: Computer Crime, International Cooperation, Security, Computer Fraud, Computer Systems Expand information crimes in our country, possibility highly exploited by criminals, is another aspect of the offense or another including terrorists. phase of its development to modern society. The first laws against crimes committed by We can say that some crimes have acquired means of a computer, contained, in essence, a descendent character due to the used provisions against acts of penetration means that have evolved, but the same database, of deceit and sabotage, and cannot be said about computer crimes that software piracy that is normally regulated by took a great extent, being in continuous copyright law. It has also proved that drug growing trafficking, illegal arms trade, child In Romania these types of crimes are on a pornography, online shopping, various lower step, reporting our country to other forms of economic crimes and even some developed countries, because the nature of crimes on environmental protection, can be such offenses is favorable to any more or made by means of a computer. less developed country , the only difference Thus, at the end of 1986, the spectrum of consists of the mode of operation and other these crimes has been extended to all factors, but objective part is one and same, offenses using automatic data processing as no matter where there is crime a tool for action, then it was also approached Computer along with other equipment, is the term "Computer Aided Crime”. now the technical complex by means of Cybercrime phenomenon has engulfed the which the criminals’ illegal maneuvers are economy, today no serious criminal operated. organization cannot be imagined without In the last fifty years, statistics show that computer support, and investigators must computer crime has become a growing bear them in mind in their action research. phenomenon Evolution of organized crime in Romania in The computer could allow encryption of recent years is closely related to the information, thus preventing access of evolution of cybercrime and the increasing investigators to them, and this is a use of ICT technology in committing crimes. Analyzes effected at the level of the

50 Borderless Crime - Computer Fraud

European bodies on Cybercrime trends, According to ENISA (European Agency for define organized crime as an important Network and Information Security Agency), branch of organized crime in EU countries. computer crimes are classified as: Following this development, in Romania - Computer fraud, computer forgery, too, a number of studies and assessments damage to databases and computer have been made, that identified some programs, computer sabotage, unauthorized common characteristics of this type of crime access to computers, unauthorized taking place in our country or the interception, reproductions of fraudulent perpetrators are Romanian citizens. schemes, no right to alter data or computer Thus, these activities aimed at obtaining software, computer espionage, unauthorized financial products i.e. credit and payment use of a computer or computer programs systems offered by financial institutions and protected by law . banking that members of these crime networks access fraudulently, causing The main factors for gang diversion to significant damage. computer crimes are tied to large financial Cybercrime has become a phenomenon both gain in a relatively short time and with by the large number of cases recorded, the relatively low risk. This phenomenon affects organization of those who commit such acts, the image of Romania, as criminal activities in criminal groups, and by shifting that target financial institutions or foreign groupings who are committing crimes such citizens, weakening confidence in financial as international traffic of cars and people, to systems and the security of communication the crimes in the area of cybercrime. networks in our country, people's confidence Trend of organized crime, defines in electronic payment instruments and those cybercrime as an important branch of available on the Internet. Examining organized crime in EU countries, according criminal cases, involving a number of to analyzes conducted in the European defendants prosecuted and aim at computer organizations . crimes, it appears that their commission is made by the same types of actions, namely: OECD expert group in 1993, defined misleading persons in the circumstances of computer actions such as: "any unethical or the conclusion of online contracts and illegal behavior regarding unauthorized introduction of computer data in a computer automatic data treatment and / or data system. However all these having as a result transmission", definition whose utility is in any losses in buyers’ property who have currently useful , even if spectacular good faith and confidence in how to development occurred on the design and use complete online business. of computer . The prosecution bodies in Romania, Another definition is given by UNAFEI (Service for Combating Organized Crime (United Nations Asia and Far East Institute Valcea), have been reported by many for the Prevention of Crime and the foreigners on the fact that since 2005 they Treatmet of Offenders), by computer crime, have been misled over the Internet by an it is understood: ”any offense in which a organized criminal group , meaning that computer or computer network is the subject accessing sites E-bay or other companies of an offense, or a computer or computer specialized in selling products online, they network environment is the instrument of have been in contact with them and making an offense ". In the narrow sense, negotiated by e-mail or telephone trading "any offense the offender interferes without conditions of goods, especially agricultural authority with automatic data processing machinery and mobile phones , and after processes, represents a computer crime. [1] they transferred the money to Romania, by Western Union or other payment method, representing an advance or the total price of

Database Systems Journal vol. III, no. 1/2012 51 the contract object, the "so called" sellers Criminal activity consists in no right access have stopped all contact with victims. [2] to computer systems, no right possession of computer data, and e Finally, companies Ebay and Paypal have -mail used for cheating made complaints and have presented data victims. and information from which content results Ultra Electronics values at $ 50 billion/ year that the organized criminal group held the global market of cyber security. "And computer data ,by wise utilization were this market is growing 10% a year, twice rigged users’ legitimate accounts of the two faster than the entire information technology companies, thus creating localized damage sector," says director Cassidian Cyber to their property . Security Solution within EADS (European Aeronautic Defence AND Space Company In February 2005, the Singapore citizen N.V). [3] Y.S., visited sites Ebay, in the idea of buying brand mobile phones Nokia9500, The Ministry of Communications and circumstance in which he established Information Technology made an eFraud contact with the holder of the e-mail Portal and is currently managed by the [email protected] who convinced Department of cybercrime in the Ministry of him to transfer to Romania on behalf of Interior and Prosecutor's Office specialized defendant M.N., through Western Union section of the High Court of Cassation and Quick payment in two installments, Justice. Portal gives everyone the Singapore's total of $ 18,860 . It is observed opportunity to appeal, on-line, any chance of that the tenderer has induced the victim the possible fraud or other illegal activities on idea that he represents a prosperous the Internet, www.efrauda.ro. company, specialized in online transactions Mission to Romania of the United States and also has imposed him his own rules for Agency for International Development conducting the transaction, meaning that (USAID) in cooperation with the Ministry money would be transferred by Western of Communications and Information Union, which was happened, and the good Technology has initiated since 2002, the be sent by international delivery service, project RITI dot-Gov, and currently has UPS, rules that have no relation to services developed a "Quick Reference Guide" for Ebay si Paypal. the enforcement of legal provisions relating A brief analysis of the modalities of to computer crime and providing assistance operation of criminal groups that operate to law enforcement authorities, and for all online, thus, they, in 2005-2008, by those involved in crime prevention unlawful accessing of accounts belonging to information, implemented in Romania by companies specialized in online sales, by Iternews Network Inc.,an American non- creating trap sites and accounts in which profit organisation. content that falsely offered for sale various The latest survey conducted by Computer goods, mainly agricultural machinery and Crime Institute and Federal Bureau of mobile phones, and by online launching of Investigation (FBI) in 2003 indicated losses fraud auctions have damaged more of $ 201,797,340 for 538 U.S. companies foreigners, who were caused a very large and institutions surveyed. aggregate loss . In Romania, was made in 2003 by specialized research computer 200 offenses The organizer and coordinator of the half of which were fraudulent electronic organized criminal group, caught in criminal auctions, 30% of goods ordered on activity, according to the "skills" of each, -line and who were raising sums of money that fraud, 10% unauthorised access and 10% referring to other crimes (Nigerian letters, came from fraudulent electronic auctions . viruses, child pornography, use of false

52 Borderless Crime - Computer Fraud

identities), transmission of viruses, child pornography, use of false identities.[4]

Others (Nigerian letters, virus, Unauthorised infant Fraud ley access; 10% pornography); fraudulent 10% auctions; 50%

Fraudulently orderd goods; 30%

Fig.1. Computer fraud distribution. Source: data taken from www.securitatea-informatica.ro

As a result of this evolution in Romania The Industry, Research and Energy have made a series of studies to identify the Commission of the European Parliament, in main causes generating: the draft Report, "on critical information - High performance technology used by infrastructure, achievements and next steps: criminals; towards a global cyber security”-” All these - Lack of preparation and training developments in recent years unsolicited, specialized personnel in the prosecution; which do not exhaust the efforts to enhance - Delayed reaction of the victims, this cyber security in the EU space, demonstrate assuming minimal chances of that Internet security is a pertinent issue. It identifying cybercrime and other becomes obvious that the Internet is a measures to recover damages; critical infrastructure and the Internet - The appearance of retention disruption could lead to substantial losses phenomenon , of the damaged, to report and security risks, affecting a large number crimes to prosecutors; of European citizens and businesses. In EC (European Commission) Report supports addition, rapid technological developments the development by 2012, of the European require that prevent Internet attacks, repair emergency plan in case of cyber incidents, and resistance reactions global network to and supports national emergency plans and be based on a comprehensive framework suggest the establishment of cyber attacks based on the flexible, innovative and long- simulations, it also suggests the term reaction. This framework should establishment of effective networks of ensure effective interaction between intervention in emergency event of the governments, businesses, individuals and all global information. [5] other interested parties. Lastly but not least Recent events have shown that new and important, the increased strength of the more sophisticated cyber attacks in terms of Internet is possible only when there is an technology can disrupt or even destroy vital international system of cooperation and societal and economic functions. Examples international rules.” [6] include attacks on networks from the French Border cybercrime materialized by cyber Ministry before the G20 summit, the EU attacks causes great damage and it is system of sale of emissions certificates and, possible a scenario in which a perpetrator recently, on the European Service for able to launch attacks can interrupt the External Action and the Commission itself. communication range. If only a small

Database Systems Journal vol. III, no. 1/2012 53 percentage of important information hub - theft from distance of large sums of money sites are compromised, the chain reaction is from private accounts were the accounts of likely to fragment the Internet. On the other banks, commercial or material transfer tax; hand, critical networks, such as those which - purchase of goods over the Internet that are are banking, have special equipment and paid illegal credit card numbers illegally protocols and are not connected to the using them without the owner's consent; Internet, so the only way to be compromised - offering for sale goods on the Internet at is the inside way. [7] tempting prices, after opening a bank Moreover, in a modern society that the crisis account and after deposit of amounts ,the becomes more acute as the use of the account is abolished and goods are not dispatched Internet to purchase goods, pay bills, or - entering the large database of companies, solve other everyday problems becomes a with the destruction or theft of database necessity, but such actions seriously information; jeopardize confidence people in the fairness - use computer for terrorism purposes; of transactions online and generate a phobia - infringement of intellectual property; in using electrical equipment. Another - identity theft. terminology used to define this type of The context of the current crisis worsens the crime is, cybercrime, which is crime transformation of hacker activity in an industry performance using computer technology. organized crime, due to the exploit on Activities on economic and financial crime personal information, which affects individual have exploded with unprecedented evolving and socio-economic life. practically together with the improvement in IGPR (General Inspectorate of Romanian telecommunications and information Police) and (BSA) Business Software technology assets, consisting of up almost Alliance signed a Protocol providing for means faster and "safer", of acceptance and prevention, and combating software piracy and transfer of money. the purpose is to establish cooperation between A computer operator can bring financial the two parties on the issues mentioned. harm to a company by entering false data, This Protocol, which is valid for two years, the possibility of theft of money. involves the initiation of projects, programs, If one has to appreciate the extent of this campaigns and information activities, outreach type of crime, we can say that for them there to consumers and businesses, to reduce the risk is an impediment because computer of infringement. [9]. technology is unevenly distributed in the In 2011, specialized structures within IGPR, world, with reference to the internet network conducted over 180 inspections, claiming 46 and almost no existing means of protection . cases to prosecute. [9]. But there are no borders for the "pirates ", IGPR, pursuant to provisions under Law no. they are forming organized criminal groups. 218/2002 on organization and functioning of the Cybercrime is characterized mainly by Romanian police with subsequent amendments committing crimes via computer, and they and the Law. 8/1996, as amended, on copyright consist of: and related rights, carries out through its - computers are used with predilection to specialized structures, specific measures to: commit financial crime, not necessarily - prevent and fight against financial and as an instrument of crime, but chose to economic crime, in using information enter the database in order to extract and technology; or enter information to initiate - declare offenses under the regime of microchips for cell phones, to examine copyright and related rights and checks company, bonds and other conducting investigations on them. negotiable instruments for counterfeiting For example, during 2011 as well, there [8] were found 144 economic crimes, of which 40 were tax evasion and following the

54 Borderless Crime - Computer Fraud checks carried out by the Fraud access, causing significant damage to both Investigation Department of the IGPR to natural persons, companies, even affecting protect business environment against illegal economies countries. acts illegal affecting competition Cybercrime, aims however, at mostly relationships and market economy economic and financial field, in order to mechanisms , were found 144 new crimes. obtain illicit revenues by some criminal [9] groups. Economic and financial crime is Computer system, SIRENE (Supplementary more difficult to identify and proved, is Information Requested at the National much more complex than other traditional Entries) appeared due to the need for data forms of crime, by the severity of damage exchange and additional information from caused , the number of people affected and the Schengen and it is designated for storing by propagation in a long time as well. information by the Romanian authorities "Cybercrime" is known as computer fraud, and the European common data exchange, is part of computer-related crime leading border monitoring, that is SIS, respectively technology, based on the rapid evolution of (Schengen Information System). computer technology and communications, With the lifting of internal border controls of has created high possibility regarding Schengen Member states, there was a need criminal activity. in render Schengen Information System Cybercrime prevention is related to how operationally, which contains minimum information systems are protected, the use of information about persons or property permanent protection systems. pursued by legal proceedings, and data and Also in this respect, the European information obtained through the SIRENE Commission proposes a common policy to Bureaux are established in each Schengen combat these types of fraud and developing member state. [10] a coherent European policy framework and In our country, to assess the exact scale of public awareness about the costs and this type of crime, there were identified dangers of cybercrime. certain features, which as I described, go Another approach to crime information, can beyond borders and often, the perpetrators be analyzed in terms of other definition, are Romanian citizens. namely that "achieving direct or indirect, Among the features identified on cybercrime in physical or logical, deliberate or non Romania we can mention with the predilection deliberate actions, aimed at changing one or for : more states of a system and subsystem - financial condition (payment systems, information" legally and can be thus credit and payment products); grouped : - organization of criminal groups, with highly - crimes for which committing were used specialized young people; information and computer technologies; - transnationality of these actions, using the - crimes where computers and computer other states systems; networks are targeted attack. - specialization, continuous improvement of The need for international reporting operating systems; mechanism for Internet Service Providers - refocus criminal groups who commit (ISP-Internet Service Provider) in respect of computer fraud, on companies, thus illegal material distributed via the Internet is committing large damaging , hard to reported more than 10 years. recover due to operating modalities. Transition to the Information Society in These "activities" aim at getting with Romania, as a relevant component development predilection for financial products, credit, requires not only information and payment systems offered by financial and communication infrastructure, but also banking institutions, criminal networks that legislative gaps on computer activities, the members of such fraudulent networks

Database Systems Journal vol. III, no. 1/2012 55

computerization process and, in general, the the same methods that e-commerce already information technology. uses in the real world. Change, modernization and adaptation to new Law speaks in all criminal modes of money technologies represents our country's response laundering, on goods in the ordinary to the conditions of acceptance of Romania into meaning, they are physical, material, having the European structures. [11] a perceptible physical existence. To these it Development of information technologies in might be added intangible goods traded, recent decades due to the need for storage and and some virtual goods, which by their rapid transmission of information with the least features already mentioned, although cost revolutionized global commerce, directly or sensory perceptible, they do not have a retail trade, redefining the traditional principles physical existence, but, by real-virtual of marketing, electronic commerce became correspondence, the tangible features with synonymous with profit growth. physical existence . With this type of commerce, also occurred Furthermore, by assigning a value, as are the offenses on electronic commerce. The analysis spellings, these assets become property on these offenses provided under the law no. values, some made extremely important by 265/2002 referrers to crimes of: design. [13] - forgery of electronic payment As in case of theft of goods in cyberspace, instruments; the law does not provide conformance to - possessing counterfeiting equipment features, nor associates the economic value specific to electronic payment to this new categories of goods . instruments; Thus, it remains an area where the legislator - conduct fraudulent financial should intervene and adapt the legal text, transactions; making it applicable to virtual space as well, - acceptance of financial operations by the simple and extensive definition of performed fraudulently. goods or indicating the extension of For example, "no right to a network regulation on illicit activities in cyberspace. connection", addressing purely technical, Internet can be also used as a " comfortable simply connecting to Wi-Fi signal (radio umbrella " for transactions outside virtual waves) can be often automatically, worlds, for automating transfer of money, depending on device settings used by the without possibility on the phenomenon to be alleged offender without his knowledge, monitored. case that his guilt cannot be established. Within the national regulatory space, Analyzing the many technical means that notions of "money laundering" by means of allow "access", meaning, "the program, run computer or "cyber terrorism", do not a program to intercept, to establish, currently have an impact, the subject being communicate, store / archive / store or studied and treated accordingly, losing itself retrieve data from any other use of a sources in general usual concepts, giving substance provided by computers, including data or to field cybercrime through legal practice. computer programs, computer systems, So, by definition, cybercrimes (cybercrime), computer networks or databases” [12] are all crimes committed by electronic With the use of virtual worlds, criminals means and investigating these types of have found an ideal means to "launder crimes involves certain challenges: money" that hide the origin and actual - the opportunity to acquire a transnational possession of their income from illegal or organized character and the effects activities. arising for prosecution; Economy of virtual worlds like SecondLife - virtual place of the offense; has no fiscal rules in the real economy. - data theft; Freedom of action is virtually unlimited and documents formalism nonexistent, guarantees on transactions are secured by

56 Borderless Crime - Computer Fraud

- difficulties with intercepting ,with credit card fraud (compromised communications (encryption ATM), capturing information on the communications interception servers); magnetic strips of credit cards, forgery of - management of electronic evidence; electronic payment instruments), - organs of the criminal investigation are manifestation forms of cybercrime in limited to legislation and national obvious increase. jurisdiction; Transnational character, whether it is given These issues generate new management by where the facts are committed , or it is tools, leading to fighting cybercrime: about the location of victims represents an - establishment of preventive measures objective factor to increase in cybercrime, current threats (SIRENE application); with recruitment by means of increasingly - liability to be established since the early sophisticated "arrows", and their space; specialization as needed (opening bank - harmonization of national legislation; accounts, transport of money or creating - agreements with Internet service money laundering networks comprising providers, financial institutions, credit, Romanian and foreign citizens, as well. etc. The transboundary nature of computer - specialized professional staff, with the crime, the specialized networks located evolution of new information abroad, respectively, still remains one of the technologies; difficult problems to overcome in - use of international instruments of operational solution on the files recorded . cooperation in the field (SIRENE, SIS). Not least ,the effective investment in As electronic media become more accessible to creating/ purchase of criminal schemes, all, cybercrime is diversifying and intensive, far investment in technology and development outstripping the traditional fraud and forgery. of counterintelligence activities, determines In this context, a European strategy is not that the groups investigated present an simply a desire, but an important necessity. increasingly higher danger. Thus, the Prevention and Combating Crime Specific analysis of cases solved, for 2011 Service, in its Progress Report for 2011 also confirms the trend observed in recent states that, in 2011 increasing trend of years on the migration of people from crimes against systems / computer data or organized crime to ordinary computer crime, committed using information technology, is especially in the fraudulent operations with fully revealed by statistical indicators electronic payment instruments. pursued , represented as the number of cases Such facts remains a significant source of recorded, as well as the number of cases revenue for prominent members, without the solved or remaining in work progress. latter to become directly involved in crime It is also noted that, besides false enforcement. informatics (work of "phishing") and the ” Regarding credit card fraud, counties actual computer fraud, deception committed Prahova, Vâlcea, Teleorman, which are through information technology represented known as the manifestation areas of the by fictitious goods auction sites specialized phenomenon of computer fraud. in electronic commerce is a big part of Counties of Vâlcea, Arges, Constanta, notified facts, which are the subject of cases Teleorman as well the City of Bucharest registered or resolved during 2011. keep being areas with high criminal Undermining access accounts belonging to potential for computer crime, being equally users of e-commerce sites, financial noted facts both in the field of credit card institutions or social networks, unauthorized fraud, and computer crimes area in ”stricto access to systems followed by blackmail or sensu”, as well . misuse of confidential data obtained (electronic payment tools data) represents

Database Systems Journal vol. III, no. 1/2012 57

In 2011, 873 cases were resolved, an - damage - loss or overloading a component increase of 62.87% compared to 2010, when application or network service; 536 cases were solved”.(14). (iii) The application content- these types of Cybercrime is an ascendant "process", attacks send improper data application involving numerous domestic and rather than the network components. In this international organizations in this respect, situation traffic is properly formatted. The all countries are "united front" against this problem is related to the content of traffic scourge. and as in the case of attacks on access to "Models of computer attacks: network , these examples do not require an (i) Access user-attack in this class requires attacker to gain access to the user. The steps access to system by users having certain are as follows: privileges, as the following steps: - Obtaining information – is done the - obtaining information- a complete search identification on the target application. This is effected ,in order to get data to identify can be either a network application such as a security vulnerabilities. This process is often Web server or a browser or an application like being authorized by instruments such as such as Microsoft Office, where emails are "nmap" or instruments or tools that target a used to transmit data to applicants; specialized application such as a Web - Exploitation- the content is directly or server. Vulnerabilities can exist in the indirectly sent to the target application; system components , may result from errors - Damages – following such attacks user on system administration ,or can be reflected files are deleted, configuration changes a in poor security policies of the system. user’s account or user files are exported. - operation- of a security breach is done to [15] gain access or obtain system information for their use in future cues. In the early stages of Conclusions an attack vulnerability may come from Thus, UNAFEI, ENISA, DIICOT, EA DS, information such as computer name or FBI, USAID, SIRENE, jointly elaborated names of user accounts projects, guidelines for application of the - damages -the desired effects as a result of law on computer crime, and providing an attack are ,for example, changing data, assistance to law enforcement authorities access to classified information or and to all those involved in crime prevention establishing permanent connections that can information. be used for ongoing access. The final step in UE also, supports in 2012, an European this attack is changing logos files, so the emergency plan in case of cyber attacks and attack cannot be not identified make recommendations for the ii) Access to components- an attack of this establishment of effective networks for category does not require user access to urgent intervention in the event of the system. These attacks create denial of information worldwide. services by sending improper requests. In IGPR and BSA, signed a protocol providing some instances, such a request may result in for the prevention and combating software loss of certain weaker system components . piracy. In other cases, the extra time needed for Dimensions of cybercrime, was exemplified processing such a request is sufficient to by specific data provided by authorized slow processing much down . Steps in this institutions (DIICOT, IGPR), the attack are: transboundary nature may also be - obtain information – is identified a highlighted by the interest of many component of the system and a countries, for this, and targeting the communication port economic and financial with predilection for - operation- messages are sent to the port; .

58 Borderless Crime - Computer Fraud

Thus, SIRENE, appeared due to the need for computers in all areas of socio-economic data exchange and additional information life. from the Schengen area and it is designated Computer fraud can have a very high price for storing information by the Romanian in economic terms, for all the world, authorities and the European common data everything depends on their extent, and the exchange, border monitoring, SIS problem of defining computer crime may ,respectively. appear as a new concern for societies where Several definitions have clarified the notion access to new technology was delayed and of computer fraud, which means because of where some states precautionary measures the state known beyond the frontiers of the have not yet established. country, manifested globally, which required the need for a mechanism for References "reporting" international internet service [1] www.criminalitatea-informatica.ro providers (ISP-Internet Service Provider). [2] Data delivered by Service for Computer fraud is not just stealing goods Combating Organized Crime Vâlcea- from virtual space, criminals have found an Indictment, 2011. ideal means to "launder money" and hide the [3] www.europarl.eu/meetdocs/2009-2014 origin and actual possession of their income [4] www.securitatea-informatica.ro from illegal activities. [5] bursa.ro One can thus conclude that any or all means [6] V. Patriciu .a, Internet and Law, would set, as the means information is Editura ALL BECK, Bucure ti, 1999, developed, there is virtually impossible to p 21. have a "percet sync" in terms of prevention. [7] I. Vasiu, Cybercrime, Nemira, Practically taking advantage of this Bucure ti, 1988, p 121-122 situation, computer fraud is growing and [8] Bulletin of Information and diversifying extensively, and establishing Documentation MI, anul, XII, nr. 6 (53), comprehensive strategies on international 2002.pg 131-133 (Bulletin of instruments of cooperation, (SIRENE, SIS), information) becomes necessary. [9] EuroAvocat.ro/20/04/2011 For examples, we can say that computer [10] Directive 95/46/CE fraud in Romania concerns with predilection [11] Reason presentation for Bill NO. for financial institutions or foreign citizens, 365/2002, as to e-commerce. thus reducing confidence in financial [12] T. Amza .a., Cybercrime, Ed. Lumina systems on the network security. Lex, Bucure ti, 2003, p.14. Expansion of information technologies, in [13] https//marketplace.secondlife.com/p/ addition to positive effects on socio- [14] www.diicot.ro/pdf - Directorate for economic and political life of the world, Organised Crime Crime and Terrorism generated, as mentioned, and some / no 4/CD/2012-Prelucrare, pg 39-45. behaviors outside the law, taking forms that [15] http://www.ciminalitatea-informatică.ro did not exist previously. But in a society that supports economic and social repercussions daily cybercrime, daily use is made of Raluca Georgiana POPA is a PhD student in the field of Economy and International Affairs at the Academy of Economic Studies. She graduated the Faculty of Law within the University of Bucharest and she has a master in economy. Currently, she works within the Management Authority of the General Programme ‘Solidarity and Management of Migration Flows’, programme which sets out to support the common policy on the management of the external borders of the European Union and to help implement the common policies on asylum and integration.

Database Systems Journal vol. III, no. 1/2012 59

Perspectives on the Role of Business Rules in Database Design

Anca Ioana ANDREESCU, Marinela MIRCEA Economic Informatics and Cybernetics Department, Academy of Economic Studies, Bucharest, ROMANIA [email protected], [email protected]

Business rules are at the foundation of every information system as they drive and offer guidelines for managing and conducting all activities within an organizations. They are important both for operational systems and for analytical ones, as they can serve as data quality rules. Several business rules implementation solutions are presented and analyzed, according to some basic criteria that have to be taken into account when choosing a business rules implementation strategy. This paper also emphasizes how an explicit manipulation of business rules influence the database design. Keywords: database design, business rules, implementation strategies

Introduction 2 Business rules overview 1B usiness rules approaches in software Over time, numerous studies and research development are concentrated in finding projects aimed at the discovery, analysis, ways and facilities that would support modeling, classification, formalizing and automatic propagation of business documenting business rules. It must be changes from business environment to noted that in all researches, reference was software systems. This would help to made (explicit or not), on how the scientific bridge the gap between business and approach relates to dimensions from the technology, as aligning information Zachman framework [2]. From this point of systems and business operation is one of view, we have identified two research the fundamental problems in all groups: organizations [1]. To reach that goal, it • which are based on a business vision, has to be clear how business rules should aiming at developing a business model, be dealt with, as a special kind of therefore on the activities conducted software requirements, in each phase of within the organization; remarkable here the software development lifecycle. is the study Business Rules Team. Accordingly, at least the following • which are based on a system vision, and aspects have to be considered in this therefore aim at modeling the information process: rules identification, business system; representative examples of such rules specification, rules implementation projects are : ESPRIT-I FIELD GUIDE and rules management. A business rules Temporal or ESPRIT-II. implementation strategy assumes As part of a consortium of 17 organizations, identifying both the place and the way of known as "The Business Rules Team", how to implement a business rule. The Business Rules Group (BRG) participated in next sections of the paper will address the proposal from the Object Management several issues and challenges related to Group (OMG) to analyze the semantics of business rules, aiming to act as guidelines business rules from a business perspective. during business rules implementation. The answer of BRT, called Semantics of Particular emphasis will be given on the Business Vocabulary and Business Rules - rules that govern the database model of SBVR, is a comprehensive study on the an information system and various semantics of business vocabulary and guidelines will be addressed in this business rules, which have considered the regard. following aspects [3]:

60 Perspectives on the Role of Business Rules in Database Design

• The focus on business, in that there's fully implemented in the information no reference to information systems system. or concepts of information systems - focuses exclusively on how business 3 Business rules implementation solutions people think. Last decade was marked by the development • Business rules are fully specified of a wide variety of technologies, from business vocabulary. instruments and software products that • Semantics integrity rules should be support the implementation and maintenance based on predicate logic. of business rules. This section presents the • People involved in the business (as main conclusions of an ample study [6] "customers") communicate regarding a large set of possibilities to vocabulary and business rules to translate business rules from the business computer professionals (as domain to the technology domain. The "suppliers"), in the form of system considered solutions will be gradually requirements specifications. presented, starting from those who offer a Regardless the perspectives from which minimum support for business rules they are being analyzed, business rules management and getting to those who offer always belong to an organization and the premises for an efficient rules must occur in such a way that is management. Likewise, a wide area of acceptable to the business [4]. technical solutions was covered. Graham Witt [5] distinguishes two main Probably the most common way to types of rules: a) operative rules, which implement a business rule is to mingle it describes behavior and state what must or inside de application source code. In this must not happen in particular case, it is advisable to use some style circumstance. They include the so-called conventions in order to mark the source “if-then-else” rules or event-action rules; code parts that implements business rules and b) definitional rules which constrain [7]. Subprograms and program statements the definition of various constructs separated by user defined limits are a first created by the organization. These may step towards emphasizing and encapsulating be simple business facts, derivation rules, business rules. complex decision table rules etc. The specific constructors of the Design by Additional, the author mentions several Contract (DbC) method (pre-conditions, ways in which rules may be applied in an post-conditions and invariants), advocated organization: by Berthrand Meyer in [8], are suitable for • rules governing the business implementing business rules, allowing rules processes performed by the identification in the source code and organization through their increasing software reliability. Starting from employees, customers, suppliers and this remark, in [9] and [10] we have partners; proposed and illustrated various ways of • rules governing user interfaces and DbC-like rules specification and electronic messages; implementation using: a) formal languages (Object Constraint Language), b) • rules ensuring database integrity; programming languages that supports DbC • rules governing human behavior (Eiffel, XC#) and c) a business rules other that business processes. extension of the „Contract” design pattern Because some of the business processes [11]. may be automated or not (or partially Aspect oriented programming intends to automated) we can conclude that rules complete object oriented programming (or related to user interfaces, electronic other paradigms), by extending the messages and databases are likely to be possibility to modularize applications. As

Database Systems Journal vol. III, no. 1/2012 61 aspect allows separating and reusing But, above all things, a rule engine must certain software requirements, they are a manage the dependences between rules, good candidate for implementing using inference mechanisms. It can be used business rules, as stated and illustrated in as a standalone toll, without storing business [12]. rules in a dedicated repository (like Jess or Another step forward in rules Drools), or it can be part of a special type of modularization is the separation of rules software system, named Business Rules in files that contains source code written Management System (like IBM JRules). in a script language, like VB Script. Very often business rules are associated with Choosing this implementation solution the control of business behavior. Research will have to take into account the low and practical solutions in the field of application performance, due to the fact business process management and that, for interpreted languages the code automation, have dealt with the problem of runs rather slow. business rules implementation. Therefore, The existence of software components as most of the process engines are able to stand-alone entities represents a good reference other components that implement premise for encapsulating decisions based rules, while the rules that are internally on business rules into such components. implemented within a process engine will be Their main advantage is due to the most probably represented in a proprietary possibility to modify a rule format, as part of the product that automates implementation without affecting the the business processes (for example, base applications that reference the Microsoft Windows Workflow Foundation component. Rule components are seldom [14]. provided from external sources, because Rules that influence or constraint business they implement a part of the application objects will be, most probably, included in business logic, and therefore, are not very the system’s database, from where they have general. the fastest access to data. Database Business rule markup languages play an mechanisms are able to implement business important role within the Web rules as constraints, stored procedures and environment, as they allow the triggers. specification of business rules as modular Table 1 depicts a comparative analysis of and independent units, in a declarative the implementations solutions presented manner, as well as rules publication and above, by emphasizing their main interchange between different systems or advantages and disadvantages with respect tools. The proposal for the to the following criteria: (S) rules are standardization of the RuleML [13] separated by other implementation aspects, language proves an intense work in but they are still placed in the same file as amending rule markup languages, despite the rest of the code. By dignifying rules their lack of usage in practice. position in the source code, they can be Business rules engines are a software easily located. (E) rules are externalized and technology that guerdons the efforts to separated from the system’s business logic. identify efficient business rules (L) rules are expressed in a high level implementation solutions, as they were specification language, suitable for the non- designed with the exclusive scope of business people. (R) relations among rules rules administration. As opposed to can be determined, similar to inference business rules components, a rule engine mechanisms. (D) the solution is dependent do not solve a particular problem, but of a software producer. provides a set o generic capabilities to define, store and apply business rules.

62 Perspectives on the Role of Business Rules in Database Design

Table 1. Comparative analysis of the business rules implementation solutions SOLUTION CRITERIA ADVANTAGES DISAVDANTAGES S E L R D Subprograms x • ease of • a rule change implies and program integration in base code modification statements code • high execution performances Design by x • rules are • a rule modification Contract separated by implies recompiling constructions subprograms the base application • testing facilities Aspect x • rules are placed • debugging problems Oriented in files external to Programming the base code Script x • rules are placed • low execution languages in files external to performance the base code Rule x • a rule • low generality, due to components modification does the method parameters not imply from the interface recompiling the base application Business Rules x x x • rule reuse in • rules tend to engines multiple system concentrate in one points place • allows the management of complex set of rules Business Rule x • rules can be • few tool support and markup interchanged practical applications languages • allows platform interoperability Database x • high application • low application mechanisms performance performance (Triggers) (Constraints and Store procedures) • insure consistence along all system modules Business x x x • separate • rule representation in process business rules a proprietary format engines from business processes

Database Systems Journal vol. III, no. 1/2012 63

SOLUTION CRITERIA ADVANTAGES DISAVDANTAGES Business rules x x x x • increased rule • significant financial management management investment systems facilities • implies additional • allow business security issues people to define and modify rules

It is highly probably that, for a certain information about business objects within a software system, a business rules database, the hypothesis stating that some implementation strategy will encompass a of the business rules will be implemented combination of different approaches at the database level is plausible, mostly discussed in this section. due to performance reasons, but also to The decision to choose one implementation force all the system’s applications which technology is influenced by many factors use the database, to follow the same among which the most important is the business rules. Starting from the above type of system which is being developed. observations, in Figure 1, is presented a Through a simple analysis, we have pattern that establish the link between the identified four main ways to implement type of software system and the ways to rules, as described in Figure 1. Assuming implement rules. that every software systems stores the

Type of software system Method of rules implementation ------

Business Rules Management System Rules Systems based on knowledge or rules engine

Database Management System Database oriented systems

Base application code

Workflow oriented systems Workflow system

Fig.1. Correspondence between the type of software system and the business rules implementation methods

The great variety of implementation that the business rules must be verified and solutions of business rules leads to the executed efficiently. Maintainability resides necessity for a well founded and in the degree of easiness necessary to update competent analysis of the system’s needs. the application in order to continue using it Therefore, at least three software quality even under modified conditions. From the characteristics must be explored: business perspective, the system must efficiency, maintainability and reliability. provide facilities for: business rules Efficiency will be evaluated with respect specification, adding new rules, deleting to the final user who demands a quick those who cease to operate, modifying answer from the system in such a way existing ones or restructuring relationships

64 Perspectives on the Role of Business Rules in Database Design between rules. Reliability has to be Database design should be influenced on the analyzed especially from the perspective meaning that business people and business of correctness, meaning the degree in analysts give to certain objects or terms which the system fulfills intended from the business vocabulary. And functions and imposes the business rules discussions regarding these aspects might be required by the beneficiary. endless. If we consider a very simple e- commerce application, we must define who 4 Business rules in databases a client is: a) the one who visit the web site; As mentioned before, besides rules that b) the one who places an order not being affect business processes, there are also authenticated; c) the one who places an rules that apply to the data. Rules that order being authenticated; d) or the one who affect data will fit, most likely, in the finalize an order being authenticated. database system, a place where they will Depending on these different interpretations, be best positioned for access to data. the database design could slightly differ. For Database technology that is currently the more restricted scenario of case c), in most commonly used is the relational business rules modeling, such a situation is model, represented by products such as expressed in the form of a simple fact: A Oracle or Microsoft SQL Server, so we Client can place one or more Orders. One build the discussion around them. way to enforce this when entering a new Relational Database Management order in the database is to specify the NOT Systems (RDMS) as the one referred to NULL property for Client column. This above, do more than store and collect means we have provided a value for the information: it offers mechanisms client to create an adequate record. An capable of controlling the characteristics alternative to referential integrity is to allow of application data [15]. NULL values for reference (case b) from the In the following, we analyze three types above example). This would allow an object of database features that can be used to Order to be created and initially implement rules: constraints, stored disassociated and an association to be added procedures and triggers. later. Since both scenarios are plausible, A. Constraint is a generic term related to their associated business rules will table columns which limits data values in determine which of them is correct in a order to preserve database integrity. particular case. Integrity of the relational model Behavioural constraints are those which restrictions are structural and behavioral are defined by the behaviour of data and [16]. Structural constraints include: take account of existing values in relational 1) Unique key restriction: a table should database. By restricting the field, it can be not have multiple tuples with the same checked whether the corresponding attribute value for all keys. This restriction is in a table is between certain values or provided by a RDMS by not allowing whether it conforms to a prescribed format. duplicate values for a primary key field. The relationship between columns of the 2) Entity restriction: for a table, the same table can also be. Behaviour primary key attributes must not take constraints being very general are managed NULL values. This restriction is provided either when data description (e.g. CHECK by a RDMS also by not allowing null clause) or outside the model at runtime. We values for a primary key field. present two examples of constraints that 3) Referential restriction: in a table t1that apply to Customer and Order tables, using reference a table t2, foreign key values SQL Server specific syntax. must include the primary key values of t2 Rule 01: A customer identification code is or the value NULL (unspecified); defined as a four-digit integer.

Database Systems Journal vol. III, no. 1/2012 65

ALTER TABLE Client created applications that will not have to re- ADD CONSTRAINT implement the rules that apply to the entire BC_R01_ClientFormat system. CHECK C. A trigger is a special type of stored (IDClient LIKE ' [0-9] [0-9] [0-9] [0- procedure that is not invoked explicitly, but 9]') is triggered automatically when a certain Rule 02: An order is, by definition, in one condition is detected. Triggers are attached of the following states: Pending, to an event within a database table. The Approved, Finalized and Delivered. event can be an action to add, modify or ALTER TABLE Order delete entries in the table or a combination ADD CONSTRAINT of these actions using logical OR operator. BC_R22_OrderState Although is triggered by an event occurring CHECK in a table, a trigger is not limited to the (state = ‘Pending’ OR state = ‘Approved’ characteristics of that table. Unlike simple OR state = ‘Finalized’ OR state = constraints discussed above, a trigger can be ‘Delivered’) used to implement constraints in a table, Incorporation of control mechanisms in a between the tables, between databases and database prevents the occurrence of any even between servers. However, these actions that contravene the rules, not only advanced capabilities require taking some when the object is created, but also for compromises. Triggers are slower than other any future attempts to change it. The approaches, such as simple constraints. It major disadvantage of these constraints is must also be taken into account the danger that they simply can’t be used for more that inexperienced users can do when using complex conditions, involving several these facilities ineffective, because overall objects, resulting in association of system operation can have strong negative multiple tables in a relational database. effects. Therefore, some authors even As with other solutions that implement recommend avoiding the use of triggers, at rules, it should not be forgotten that we least when we are not sure of the effects will need to find a way to determine they can generate. where the rule has been codified. For example, you can adopt a naming 5 Conclusions convention rules, as in the examples The construction of a rules repository and above, which can be used to track or to the specification of business rules in a extract rules from the system [7]. structured and/or formalized manner B. As their name suggests, stored constitute important steps towards raising procedures are procedural code modules the quality of a software system that treats compiled and stored in the database (as rules as explicit requirements. any object manipulated by a RDMS) As guideline for developing a database without having to be screened a second model it is very important to use a time to execute [17]. Compared to any standardize vocabulary because business other source code, it has some stakeholders will comprehend the meaning advantages. First, because they are so of a rule more precisely if those close to the data, can be more efficient to specifications use business terminology implement data-centric rules. Also, for rather than the names of database tables or distributed systems where there are columns. Experience shows that, despite the several applications that share the same fact that all concepts seems to save a well- database, stored procedures can be a defined meaning inside the organization, guarantee that the rules contained therein many business terms turn out to have several are used consistently within each meaning depending on the context and the application. The same is true for newly person who uses them. In this regard, we

66 Perspectives on the Role of Business Rules in Database Design have presented in [18] a set of business [8] B. Meyer, Object-Oriented Software rules patterns for rules specification. Construction, Second Edition, Prentice Concerning efficiency and Hall Professional Technical Reference, maintainability, these must not be Santa Barbara,1997. analyzed separately, as between they [9] A. Andronescu, How to Build Reliable exist certain interdependent relationships. Business Applications with Design by The end result is that the evaluation of Contract, Seventh International implementation strategies must balance Conference on Informatics in Economy, the efficiency and maintainability ASE Publishing House, INFOREC requirements of the system. Publishing House, Bucharest, 2005. [10] A. Andreescu, Dezvoltarea sistemelor Acknowledgements software pentru managementul This work was supported by CNCSIS- afacerilor, ASE Printing house, 2010. UEFISCSU, project PN II-RU (PD), [11] M. De Champlain, The Contract “Modern Approaches in Business Pattern, PLoP ’97 Conference, Intelligence Systems Development for Monticello, Illinois, SUA, September Service-Oriented Organizations 1997. Management”, code 654/2010, contract [12] M. A. Cibrán, Connecting High-Level no. 12/03.08.2010. Business Rules with Object-Oriented Applications: An approach using References Aspect-Oriented Programming and [1] M. Bajek, M. Krisper, Issues and Model-Driven Engineering, PhD Challenges in Business Rule-Based Thesis, Vrije University, Brussel, June Information Systems Development, 2007. Conference on Information Systems, [13] DATA H. Boley, The RuleML family 2005. of web rule languages, the fourth [2] J.A. Zachman, A framework for workshop “Principles and practice of Information Systems Architecture, semantic web reasoning” , Budva, IBM Systems Journal, Vol. 26, No. Montenegru, June 2006 . 3, 1987. [14] D. Chappell, Introducing Windows [3] Semantics of Business Vocabulary Workflow Foundation, Microsoft and Business Rules, available at: Corporation, 2007, available at: http://www.omg.org/docs/dtc/06-03- www.davidchappell.com/IntroducingW 02.pdf CFv1.2.1.pdf. [4] B. Von Halle, Business Rules [15] C. Strîmbei, Modalităţi de organizare a Applied, John Wiley & Sons, 2002. datelor în sistemele informaţionale [5] G. Witt, Writing Effective Business economice, PhD Thesis, “Alexandru Rules, Morgan Kaufmann, 2012. Ioan Cuza” University, Iaşi, 2005. [6] A. Andreescu, A. Uta, R. Mihalca, [16] I. Lungu, Baze de date oracle limbajul Business Rules Implementation SQL, ASE Printing house, Bucureşti, Strategies, The Ninth International 2005. Conference on Informatics in [17] I. Popescu, Prelucrarea avansată a Economy, Bucharest, ASE informaţiei.Oracle 8, Tehnică Pronting Publishing House, INFOREC House, Bucureşti, 1999. Publishing House, 2009. [18] A. Andreescu, M. Mircea, Managing [7] T. Morgan, Business Rules and Knowledge as Business Rules, Information Systems: Aligning IT Informatica Economica Journal, with Business Goals, Addison nr.4/2009. Wesley, 2002.

Database Systems Journal vol. III, no. 1/2012 67

Anca Ioana ANDREESCU is university lecturer in Economic Informatics and Cybernetics Department, Academy of Economic Studies of Bucharest. She published over 15 articles in journals and magazines in computer science, informatics and business management fields, over 20 papers presented at national and international conferences, symposiums and workshops and she was member in over nine research projects. In January 2009, she finished the doctoral stage, the title of her PhD thesis being: The Development of Software Systems for Business Management. Her interest domains related to computer science are: business rules approaches, business analytics, requirements engineering and software development methodologies.

Marinela MIRCEA received her degree on Informatics in Economy from the Academy of Economic Studies, Bucharest in 2003 and his doctoral degree in economics in 2009. Since 2003 she is teaching in Academy of Economic Studies from Bucharest, at Informatics in Economy Department. Her work focuses on the programming, information system, business management and Business Intelligence. She published over 25 articles in journals and magazines in computer science, informatics and business management fields, over 20 papers presented at national and international conferences, symposiums and workshops and she was member over 15 research projects. She is the author of one book and she is coauthor of four books. In February 2009, she finished the doctoral stage, and her PhD thesis has the title Business management in digital economy.