Contents
Overview 1
Selecting a Transport 2
Time-Bound Operations 13
Security and Authentication 26
Lab 7: Creating and Using Web Services 44
Review 52

Module 7: Integrating
with External Systems

Information in this document is subject to change without notice. The names of companies,
products, people, characters, and/or data mentioned herein are fictitious and are in no way intended
to represent any real individual, company, product, or event, unless otherwise noted. Complying
with all applicable copyright laws is the responsibility of the user. No part of this document may
be reproduced or transmitted in any form or by any means, electronic or mechanical, for any
purpose, without the express written permission of Microsoft Corporation. If, however, your only
means of access is electronic, permission to print one copy is hereby granted.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.

 2001 Microsoft Corporation. All rights reserved.

The module concludes with an architectural overview of security for B2B
solutions.
After completing this module, students will be able to:

Describe the transport options available to B2B solutions.

Decide whether to perform an operation synchronously or asynchronously
in B2B solutions.

Explain the security and authentication issues in B2B solutions and the
technologies that address these issues.

Create and use Web Services in an e-business application.

Materials and Preparation
This section provides the materials and preparation tasks that you need to teach
this module.
Required Materials
To teach this module, you need the following materials:

Microsoft
®
PowerPoint
®
file 2260a_07.ppt

Module 7, “Integrating with External Systems”

Lab 7, “Creating and Using Web Services”


the topic. The description of DCOM is included for the sake of
completeness and must be used as a suitable comparison against which the
advantages of XMLP must be explained.

Time-Bound Operations
It is very important that you cover the requirements for synchronous and
asynchronous operations thoroughly. Students must be able to identify
which types of operations must be implemented in a synchronous manner
and which types of operations can be implemented by using an
asynchronous solution. After you are sure that they understand the
distinction between the two types of solutions, you can then discuss the
queuing details in greater depth.
You must fully discuss the interaction between MSMQ, queued
components, and COM+. Where relevant, stress that queued components
offer rapid application development (RAD) advantages over MSMQ
solutions.

Security and Authentication
Because B2B solutions are expected to integrate with external
organizations, emphasize that this integration feature raises some extra
security issues for applications that are for internal use and B2C solutions.
Your discussion of the topics in this section must be focused on B2B
solutions, rather than going into any depth about specific technologies.
Next, discuss virtual private networks (VPNs) and the protocols used to
implement them. Ensure that the students understand that VPNs can use the
basic backbone infrastructure of the Internet to provide what is effectively a
private network similar to a local area network (LAN).
Conclude this module with a discussion on how Microsoft Internet Security
and Acceleration (ISA) Server 2000 enables you to implement firewalls and
VPNs.

communication between trading partners. In this module, you will learn about
some of the options relating to transport mechanisms and data formats, such as
Extensible Markup Language (XML) and Extensible Markup Language
Protocol (XMLP). XMLP is the new name for Simple Object Access Protocol
(SOAP).
When interacting with external systems, it is often useful to queue or batch
requests because real-time or synchronous operations may not always be
possible or suitable. You will learn how asynchronous operations can be used
for queuing request. You will also learn about the security requirements for
cross-organization data exchange.
After completing this module, you will be able to:

Describe the transport options available for B2B solutions.

Decide whether to perform an operation synchronously or asynchronously
in B2B solutions.

Explain the security and authentication issues in B2B solutions and the
technologies that address these issues.

Create and use Web Services in an e-business application.

Topic Objective
To provide an overview of
the module topics and
objectives.
Lead-in
In this module, you will learn
about selecting a transport
mechanism, implementing

There are a number of transport options available to allow communication
between companies participating in B2B e-commerce. One of the decisions that
you will have to make is which transport protocols are to be used in your
application. Other decisions that you will have to make include how distributed
object calls are made by your application.
This section examines some of the transports options and discusses the features,
advantages, and limitations of each option.
Topic Objective
To introduce the topics in
this section.
Lead-in
There are a number of
transport options available
to allow communication
between companies
participating in B2B
solutions.
Module 7: Integrating with External Systems 3 Transport Options

Value Added Networks

The Internet

Point-to-Point Protocol

*****************************I
LLEGAL FOR

all companies to become Internet trading partners and function as suppliers,
consumers, or both. This integrated trading tightens relationships between
businesses while offering them greater choices in supplier selection.
Topic Objective
To explain the transport
options available for B2B
solutions.
Lead-in
There are several transport
options available for B2B
solutions.
4 Module 7: Integrating with External Systems

Point-to-Point Protocol
PPP is a set of industry-standard protocols that negotiate configuration
parameters for multiple layers of the Open Systems Interconnection (OSI)
model. Microsoft
®
Windows NT
®
and Microsoft Windows
®
2000 support PPP.
Computers running Windows can dial into remote networks through any server
that complies with the PPP standard. PPP compliance also enables both
Windows NT–based servers and Windows 2000–based servers to receive calls
from, and provide network access to, other vendors' remote access software.
PPP has made substantial progress in becoming a standard for Integrated
Services Digital Network (ISDN) communications. ISDN is a system of digital
phone connections, which has been available for more than a decade. The

ON
-T
RAINER
U
SE
*****************************
There are a variety of transport protocols that can be used in B2B solutions:

Hypertext Transfer Protocol (HTTP)

File Transfer Protocol (FTP)

Simple Mail Transfer Protocol (SMTP)

Distributed Component Object Model (DCOM)

Microsoft Message Queue Server (MSMQ)

HTTP
HTTP is the standard protocol that is used in Internet and intranet
communications. It is a lightweight application-level protocol. HTTP is based
on Transmission Control Protocol (TCP). TCP is a part of Transmission Control
Protocol/Internet Protocol (TCP/IP), which deals with connection-based
communication. Because HTTP uses a single request and single response
mechanism, it might seem better suited to a connectionless protocol such as
User Datagram Protocol (UDP). The reason TCP, rather than UDP, is used is
that the response to an HTTP request often carries a large amount of data, and
TCP has the capacity to transfer large amounts of data reliably without
complicating HTTP.
Secure Sockets Layer (SSL) can be used to encrypt data between the transport

SMTP is an appropriate transport for one-way business transactions, such as
purchase orders, order status updates, shipping notifications, and payment
reminders.
DCOM
DCOM is an integral part of Microsoft's strategy for distributed objects. With
DCOM, a client program can invoke the methods of a remote object located on
the server. DCOM is an appropriate protocol for synchronous communications
between tightly coupled applications in which the client knows the location and
methods of the remote object.
For more information about DCOM, see Distributed Object Calls in this
module.
MSMQ
In conventional application design, applications usually communicate to other
applications directly. With message queuing, applications communicate directly
with a message queue server, which queues the messages/requests and transmits
them to another message queue server for processing.
MSMQ is a Windows NT and Windows 2000 service that provides guaranteed
transactional asynchronous communication of messages between distributed
programs. MSMQ reduces the coding and administration effort needed to
implement asynchronous applications and can shorten the time needed to
develop e-business systems that include the need for asynchronous
communication.
Module 7: Integrating with External Systems 7 Distributed Object Calls

DCOM

Binary communication

information for each interface:

Name of the interface

Methods in the interface

Attributes in the interface

After an interface has been defined, it must be implemented by a program at the
server by using an appropriate language such as Microsoft Visual C++
®
and
Microsoft Visual Basic
®
. To implement an interface, you must provide an
implementation for each of the methods and attributes defined in that interface.
After these methods have been implemented in the server program, the server
program polls a port (or a group of ports) on the server host computer and waits
for client requests for its methods. Server host systems maintain a list of these
ports, known as object endpoints, in the registry.
Topic Objective
To explain distributed object
calls.
Lead-in
Being able to make object
calls between different parts
of your B2B solution is
fundamental to the success
of your e-business
application.

Internet protocol and, therefore, presents no problems to the firewall.
By using XMLP, an RPC is delivered as an HTTP request and response. The
method call is represented as an XML message and contains invocation
information about the target server and the target method. Method calls usually
include parameters. These parameters are also included as part of the XML
message. The XML message can pass easily through any firewalls that might
exist, thereby allowing the client application to invoke operations on the server
computer.
An XMLP request is an HTTP POST request. XMLP uses an HTTP-based
Uniform Resource Locator (URL) to identify an object endpoint at the server.
The server implementer can decide how to configure this endpoint such that it
points to an actual server-side object. An XMLP request also indicates which
method to invoke. This is defined in the SOAPMethodName HTTP header as
follows:
SOAPMethodName: namespaceURI#methodName

The namespaceURI is equivalent to an interface identifier (ID) in DCOM. The
name of the method is delimited by a # character, as shown in the preceding
syntax.
Syntax
Module 7: Integrating with External Systems 9 The method parameters are contained as an XML document in the body of the
HTTP request. The following example shows the HTTP header (which
identifies the method to call) and the HTTP body (which defines the input and
input/output parameters for the method):
POST server HTTP/1.1
Host: 123.456.789.0
Content-Type: text/xml

An application delivered as a service that can be
integrated with other applications using Internet standards

Examples: Passport, Hotmail, and calendar service

Web Services communicate through XML and XMLP

Requirements of Web Services:

Web Services must be easily exposable

It must be possible and easy to use Web Services and to
program against them in a straightforward manner

Applications must be able to use Web Services with
minimal configuration overhead

SOAP Toolkit for Visual Studio 6.0 addresses these
requirements

*****************************I
LLEGAL FOR
N
ON
-T
RAINER
U
SE
*****************************
A Web Service is an application delivered as a service that can be integrated


Topic Objective
To describe how to use Web
Services in e-business
solutions.
Lead-in
As the Internet becomes
more integrated with
mainstream businesses, the
need to have Web Services
interwoven with mainstream
business computing
increases.
Module 7: Integrating with External Systems 11 Web Services Communication
Web Services use asynchronous messaging for robustness and scalability, and
they rely on XML because of its simplicity, openness, and extensibility.
XMLP can be used as a common wire format for the XML messages sent
between Web Services. XMLP is a good choice because it is designed to
perform method invocations and it is not restricted to a particular operating
system, object model, or programming language. Furthermore, XMLP works
over the existing Internet infrastructures.
There is a need for Web Services to describe their functionality to client
applications. In other words, Web Services need to make available their names,
attributes, and methods. Because they are based on XML, this is easily achieved
by creating XML schemas that describe the content of the Web Service. XML
schemas are used to describe the contents of an XML document, usually in
terms of the business data that it contains. In the case of Web Services, schemas

Service object.

When the client application starts, the proxy uses SOAP to make calls
across the network to the Toolkit’s listener application on the Web server.
This listener application is either an ASP page or an Internet Server
Application Programming Interface (ISAPI) application. The listener
application takes care of starting up the service application and handles all
subsequent interaction with that application.

12 Module 7: Integrating with External Systems

The SOAP Toolkit for Visual Studio 6.0 can be downloaded from the following
link:

For more information about Web Services, see Note
Module 7: Integrating with External Systems 13 



Time-Bound Operations

Synchronous vs. Asynchronous Operations

Asynchronous Operations: Requirements and Caveats

This section compares the
use of synchronous and
asynchronous
communications between
applications in B2B
solutions.
14 Module 7: Integrating with External Systems

Synchronous vs. Asynchronous Operations

Synchronous Operations

Asynchronous Operations

Applications can have different running times

Disconnected mobile users can communicate effectively

Server downtime can be handled more effectively

Suitable for workflow applications, log maintenance, and updates
of slowly changing data

Rudimentary load balancing

Server scalability and
reliability can be an issue

Sending and receiving applications
must have overlapping running times


Server scalability can be an issue.
If the server has to respond to a heavy demand of synchronous operations
requests, response times might suffer as the server attempts to service all of
the requests.

Server reliability can be an issue.
Synchronous operations rely on the availability of the server at all stages of
the communication and are not robust enough to deal with factors such as
server failures. Availability of your solutions can be improved with fail-over
clustering so that even if a server crashes, a secondary node can take over
the processing load; however, your solution is still dependent on servers
being available when needed.

Topic Objective
To compare synchronous
and asynchronous
operations.
Lead-in
Some tasks associated with
e-business have to be
completed in real time,
whereas others can be
performed asynchronously.
Module 7: Integrating with External Systems 15 Asynchronous Operations
Asynchronous distributed applications can be easier to develop than their
synchronous counterparts, because there is no need for all of the participants to

Suitable for updates of slowly changing data
If one organization contains a copy of a portion of a catalog from one of its
suppliers, the real-time accuracy of that catalog is not necessarily vital.
Updates to prices or specifications could be sent by using asynchronous
messages to be applied when the application has spare capacity to handle
the updates.

Rudimentary load balancing
Asynchronous queuing systems can provide simple load balancing by
placing requests on a common work queue. Multiple servers can then
remove requests from the queue as and when they have the capacity to
handle them.

16 Module 7: Integrating with External Systems

Asynchronous Operations: Requirements and Caveats

Requirements and Caveats

The need for a queuing system

Timing requirements

No definitive answer

Transactional limitations

Need for Flexible Systems

*****************************I

tasks in a transactional unit fails, COM+ Transaction Services can rollback
the other tasks and, therefore, ensure consistency for your applications.
MSMQ provides transactional queues that can be used as part of a COM+
transaction. It is important to understand the meaning of this transaction
support. A transactional queue uses transactions to guarantee that a message
will be delivered. However, it does not guarantee that any operation
resulting from the message will succeed. If such an operation fails, it will
have no impact in the transaction used by the application that queued the
message.
Topic Objective
To explain the requirements
and caveats involved in
asynchronous
communication.
Lead-in
Although using
asynchronous
communication provides
certain benefits, it comes
with a set of requirements
and caveats.
Module 7: Integrating with External Systems 17 For example, one of your employees creates a purchase order request. In
response to this business action, you have two tasks to be completed. One of
the tasks is to update a database with details of the purchase order request.
The other task is to use MSMQ to call an object that creates an actual
purchase order. Assume that the purchase order is an XML-based business
document that must be validated with your company’s schema for purchase

18 Module 7: Integrating with External Systems

Queuing

An MSMQ message can be set to expire when it does not
reach or read from a receiver’s queue in a time interval

For an MSMQ message, you can request a receipt when it
has been received or when it expires

*****************************I
LLEGAL FOR
N
ON
-T
RAINER
U
SE
*****************************
In conventional application design, applications communicate with other
applications directly. With message queuing, applications communicate directly
with another message queue server, which queues the messages/requests and
transmits them to another Message Queue server for processing.
MSMQ is an integral part of Windows 2000. It is a set of run-time services that
enable applications to send and receive asynchronous messages to other
applications on different computers.
Working of MSMQ
For an application to receive messages, the application must create a message
queue. For another application to send a message to this application, it has to
locate the queue by using system services or it must have prior knowledge


The sender of a message can indicate that a message should expire if it is
not read from the receiver's queue in a particular time interval.

The sender of a message can request a receipt when the message is received.

The sender of a message can request a receipt if the message expires before
it has been read.

20 Module 7: Integrating with External Systems

COM+ Events

COM+ event service allows applications to publish
notifications that might be of interest to a number of
subscribing applications

Any COM+ component can become a publisher or
subscriber of COM+ events

COM+ events can be used in B2B solutions

*****************************I
LLEGAL FOR
N
ON
-T
RAINER
U
SE

To explain the role of COM+
events.
Lead-in
Windows 2000 supports
COM+ events.
Delivery Tip
Use the diagram on the
preceding slide to explain
the steps that are outlined in
the student notes.
Module 7: Integrating with External Systems 21 3. The publisher creates an object of the required event class by using
conventional object creation functions, such as CreateObject or
CoCreateInstance.
This is known as the event object, and it contains the event service’s
implementation of the specified interface.
4. The publisher calls the event method that it wants to generate for
subscribers when the event occurs.
5. The event service’s implementation of the interface examines the COM+
catalog to find the list of subscribers that have registered an interest in this
interface and method.
6. The event service connects to each subscriber and calls the specified
method.

Creating COM+ Publishers and Subscribers
Any COM+ component can become a publisher or subscriber of COM+ events.
Neither the publisher nor the subscriber needs to know how the event service
delivers events from the publisher to the subscriber(s).