(D)COM & ActiveX in Banking

lntroduction
As we fast approach the millmniuq banks are faced with a dilemua. The age of electronic commerce o p m up new possihilitia, niw ways to reach the customer> n m smites to offer, and the potential to understand Ihe custonm, corporate or pasor4 as never bdore. Yet banks also find thmsclvcs wondering whetherthey are at a disadvantagc to intdlopm startixtg with a clean sheet Can today's major b & g instiWionsbe flmile and flcct of foot enough LO m s m d quickly to midiet changcs, to mtmduce new p d m fast in response to changes m cusloiiia denmid? Established banks havc an advantage m terms of Lheir acquired exiatisc aad howledge of ULUcustomers, but faced with a hailagc of dispnnte systems it can prove hard to locate and orgbr: rlmr data to full advantage. A prolifccation of divami? sysrems can as0 be espcnsive to maintain as well as m a b g it hard t o take an entapisc-wide viem of the business.

Technology should be a i enabler for banks, assisting than to exploit the age of e-commercc to &e full=not hu1di1~ them back and resnicting thcir ability to act swiftly.To this end t h q need a systems architecture wluch g;vts them flexibility to "face easily with legacy databases and transaction systems, and with new defveq channels as they merge. This paper discusses how Microsoft and its partners hme dqlayed compelling componcnt-based solutionsfor h e i r customas enabling than lo s a w the mtmse cusiomer demand for altcmative delivery ~ h y m e lwhile ~ , taking full advantageof Wcisting systems mfsaucnlre.

Using COM 8 DCOM to enable alternative delivery channels.

Bsnks are facing inneasingprcssure from their customers to improve &e level of Savice they OJTLT. Batdcs are also facing pressure from thcir shareholders to improve profirabiliry, Surprisingly, a siugle come of action can at least partly satisly both of these r q u t e c l l a ~ provision . of allmlalive delivery channels i n the form of telephone snd online banking can borh improve customer s&ce and alleviate the need to maintain the immensely cxpmsive branch network on the skilc 10 whidi it is mainOined today.
A s i e i ficanx mount of tcchnolog is requiwd to support the dclivezy of tclcplionc and online banking yet ihc bank's uaditional operational systems. based on dumb tetmhals conncctcd to " n e cavi."ats, are unablc to mea these demands. lu addition, the dual spectm of thc Euro and the Y ex 2000 are consuming vast amoimts drilaiuframe development resource, making the modifidion of host cnvirOnments to supporL these uew delivuy chann& =ai h s likely.

Banks are ituudore ~iiovhg to build the systms rcquired for their online and phone services on nav platlorus tlut pmvids a d i d u t e d "front-cnd" to the mainfrvne envinmments. Thesc front-end s y s t e m s provide the bulk of the new functionality rcquired. and COIIUUKI~GL~ with the host to retrieve and update customer i a f b d o n . Many of these front-end systems are being built an top of Windows NT S m e r and am using COM and DCOM mensivdy a s their software intewon technology.
A typical systems zchit&ure for the dclivery of onlinc a n dphone banking could bc described as m diagram 1.

I n this architechire COM and DCOM are uscd as the pximiq software inregration Lcdu~olo@es on the
cheat PC's and applicslion servers and between the mad&m Wit make up the 1* ad Zd tiers in this architecture Fuahcr, developing crihcal business compoiients using COM/DCOM u h g on applicath servers allows developers TO build an abstraction l q c t whi& becomes indepmdmtof the underlyinS systems infrasnuchare, allowing for more flexibility for zhe future. It is also impomt to note however that whilsL coniponent software technologies play a key role i n the delivery or system built upon this arcl~ecturc, r u m ?other system services are requircd t o ~ S I K C fila1 &e systm performs adcquatdy M ~ J of these servlccs are lugldi&ted i n thc rest of this p a p .

Q 1997 hticrosoft Corporation

211
Authorized licensed use limited to: G H Raisoni College of Engineering. Downloaded on October 8, 2009 at 06:48 from IEEE Xplore. Restrictions apply.

call Cmke PC'S

Host Systems

Mid tier application

servers

What are COM, DCOM and AcfiveX

Bankkg producrs are changing and being mtroduced far more f!reqiimUy today than has been typical hi the past. As idormation s y s t e m becomc increasingly ccntral to the dclivery of thcse products, it is imperative that ihc development of such systems does not prevent timely delivery of these products to the market. In a nutsha n significantportion of software arrchitecture design inm be focused on iixpfoving the productiviQ of software dwclopers. Thc most @oTtant areas to coneatrate 011 are the followin[;:

SoFtware re-use. Efficiat use of software tcams. Commcrrial wailiibiliy ofpre-bdt software. Good support by mainstream software devdopment tools.

The Componcnt Object Model (COM) is fundammtdly a softmm integration technology A sirrnificant aspect of COM is the model that forms irS foundation -this model provides features t.lril dh-ectiysupport the abovc productivity imperatives.

To adfieve software re-usc, it is now accepted that sortware designcrs mist focus on encapsulating lhc implementation of softwarc componenubehind well-dcsigned intufaces. COM duecUy supports rllc notion of 3n " f a c e that c m be defined using an InLaface Defmition Language (IDL), or directly i n8 specific languagc (where thnlmguage canlains an interface specification syntax). Examples of languages that have a n interface specification syntax are Visual Basic, Java or illaybe futlrrevasjons of C++. COhlI also defines h e idea of a n object tha is the implementation of one 01more inrerfaccs. Tlus provides designas tvhh afrimiliar ahstrxtion (ie objaa oriented design) within which to erate systems d e s b that directly encourages h e re-use ofboth desigos and implementations.

Q 1997 Microsoft Coxpondon

212
Authorized licensed use limited to: G H Raisoni College of Engineering. Downloaded on October 8, 2009 at 06:48 from IEEE Xplore. Restrictions apply.

Using software developen Crriciutly relies upon bcing able to create loosely couplcd sub-systemswhidr
tcams can work on jndcpmlrtuitly. This approach is facilitated by COM through the ability to ddme n aneulrii language (typically IDL) giving teams a common dcfintion o f at least Uie syntr+\: o f interfaces i the sub-syslcm iitufacas. This trwbles hem to work on systcm design and the implementadon of thcir corrpuiieiitswithout having to understand thc intricacies of implement;ltion of e v e q component m the
sySten1.

Howwcr, many people do not considerissues related lo mmponent versioning and the independen1 wohuon of componats that affect the teams d l e r release 1. The ability to be able t o reliably cvolve the functionality of sub-system components is crucialto the succcssful operation of a de-mupled development team modcl. COM proxides thebasic infrastructure to achicvc successful "penal cvolution, primrily duc to the ability of COM components to support mulliple distinct htdaccs , each of which is uniquely identified. This allows new b b y componentsIO be integrated transparmtly into existing sysrems through their SUP~OTLof exining interfaces, whilst simultaneously supportingnew hterfaccs for h e evoked functionality of new systems.
Comercial availability of pre-built components w i l l be NI increasingly significant factor i n our ability to rapidly deliver n w systems. COM provides the necessary m f m l r u a e to enablc commacial sofhvarc suppliers to build and supply binary componmts. Two parlicular issues affea commercial supplicls. Firstly, m tams or comnercial viability COM is supported aatively by Windows, iuakiufi it the most widely deploved, Iangwge neuual, component model by several ordm of Iugutude. This is very significant a c ilpmvides cummcfcialsoftvare supplias with a large and weJl=undcrstoodmarkct fur thcir softwrpc. Secondly, &e issucs of component vers5mh.g and independent evolution are evcn morc critial
i n a commercial markct place where the t a m s building and u i g componeuts will bc unknown to each orher. This macs the delivery of uew versions o f binary components that reliably support existing applicalions critical to the coriuilcrual success of the Component vendor.

Development 1001s lravc probably the largest single -act c m our ability to deliver software in a timely manner. COM is now supportedby the majoriv of Windowsdevelopmattools making it usable from programming languages ranging from Obcron to Delphi An irnpomnt aspect of how easy 3 particular componat technoloa is to usc, is the amount of d d i ~ o boiler-plate, d code &at is rquircd to build a component i n a dcvclopmentlanguage. In.paticuk, if the language already supports the notion of objects, idcally thc creation of componm objects should be sedessly mtegmlcd into the developmenttool to rcduce the develope l&g curve. COM has a significant advantage over other language nmtral component models i n &at it d e b s a binary standad for the layout of mterfaces. This allows development tools LD provide facilities to allow developen lo bypass the m e of TDL, avoiding the nccd to leam infiastrume and languages other than thosc that area intrinsic part of &e language that they hme choseti to use. This is demonstratedvory effectivdy by the currentversions of Microsofts Wsual Basic aud Visual 3++

DCOM (DiskibutcJ COW is the named used to descnbc the general-purposertxwting protocol built into COM. DCOM i s ofim described as COM with a longer wirc, 1UgldigMngthc fact that COM components c m be reinoted (executed on a differerit mclrine) without chanjjng a single linc of code i n either client or server A key issue m the provision of completelocalhemotefmsparcncy is the need Lo be able t o oprimise the usc of 3 particular object class i n thc m o t e case. An interface design that works well where die componcnt implemenhg ~e iuterface is loaded into the samc proccss as its client i n q not work well i fthat component is on a different m d n e from its client. To handle this, COM also provides the infmmcturenecessq to ow a componcnt to change thc rcmoling mechanism at run-time. injecting a smm proxy into Lhc diaits address space to handlc thc cross machine imp1eauon of the interface more intelligently.
ActivbX is a marketbg term used to dcsaibc technologies that are builtupon COM Examples aP these are Active Conmls and Active Docummts. Active Conuok are definedby a specification that describes the protocol that must be a d h a dt o b m e e n the conwl and its contabcr. This protocol i s described in terms of COkl interfaces.

Q 1997 Microsoft CoTporation

213
Authorized licensed use limited to: G H Raisoni College of Engineering. Downloaded on October 8, 2009 at 06:48 from IEEE Xplore. Restrictions apply.

Flexible Deployment configurations. Microsoft and onc of its parhers WE currenlly engaged i n assisting OIIG of the largest UK clcaring banks in
developingits ncxt generation corporate clectronic banking senice. Tlie archfieme adopted is identical to that picturd above. The scrvice is htendcdto pmt-ide a varieq 01different customa offerings, mighg from a Wcb Browset fronted semicc or small cus~omc~s througli tu a full Win32 application " h ga t the customus site. One of the mosf inkresting and important archilectunl goals in thc development of this system is the design of components which are rcusable acm~ss the full m e of customer offerings built upon COM and DCOM technologies.

In the Web Browsa fronted s&cq d l of the application logic is provided by compunents that run on thc
Windows NT applimtion . c c n 7 e f s located i n ffICbank. Customas connect to a bank hosted wcb s m e r t o conduct thcir business ,and the wcb semer uuka rquests via DCOM to &e applic&on components tha~ are distributed a m s s avariety of other servers to ensure adquate load balancing. In Qe Windows
applitatmiioffering, many orhe smic cDolponmtsarc dqloped on rhe customer's Windows PC along with alternative components that support a n o d Windows style qqdication interface.

Tlus example demonsmites bvo key aspects of COM and DCOM that make this tle~bility possible. Fintly, COM components cini mn idcnrically inthree d i s t i n a situations, i n the same process as the client appliwtioq i n a cliJIwent process on thc sane computer, and on a different coinputer. Secondly, by dowing the rqkicement of the rcmoting inlnstmchae, we arc able to create a customremohig layer betveen cediin components that &low as to remote over HTI'PS (secure HIT? protoool) rather than thc standard DCOM u4re protocol This allows us to usc standard firewall mfl$graths and take advantage of 12Sbit security.

Mixed Ianguage programming model

DCOM is dcsigoed to provide a h p g e neubl progammhg model. In addition, most commercial 'Ivindows software developmenttools can build COM components, E;nsUringthem is a wide selection of languages and .tools that can be u s & to bnild DCOM componmls. In many of thc bauking developmcnls that are currenty progressing, specifjc choices have been Tilade regardhg which languages should be used b a e d on the trade-off betweeu skill availability and p d o m n c e of the resulting qpkation.

Visual Basic has been chosen i n many situations duc to the largc pool of resourcc availablc and the m e with which Vimal Basic dlovs a developer t o build DCOM components. There is currently a s m a l l perfommce diffscnce behvccn a V i s d Basic componcnt and a Visual Ctc component, primarily due to the call werhead inuoduced by h e Visual Basic runtime. Howwer it is important to put the performance diferencc inr0 &e context of daveloperprodudvity, Ifthe choice is betwecn spending a few thousand prnmds e x m on hardwae tu account for thc pcrformimce difference and shippmg the new savice sevrsd .months earlier, mod bads (and their customers) would opt for earlier delivq every time.

Mission critical applications

Whilst impoWL the basic dismibuted object hfmhudure provides only a small part or Uie o v d supporT required L o build highly scalable and reliable a p p l i u t i ~ .Since the introduction o f die Microsoft lkims;ictiofi S e w s @ITS), many DCOM based development pmjem have atiliscd llie facilities provided by MTS to simplify thc dcvelopInent of the application. h4TS provides two kcy additional pieccs of h m c n u c to DCOM; s e t \ " resource management amd implicit Innsaclion suppm
online b m g npplicauons nced to bc able to manage high tr-Jxlsadon valumes rclisbly. Building highly scahbk applications r q u h the usc of significant mounts of idrastrucblre i n thc form ofrquest p ~ k , thrcad pools and general resource rnanagemenr MTS provides this additional infr;lstrume for the DCOM dmdopa, alleviatingthe need for an application developer lo wony about thrcadjng o r resomcc

man3ggement, leiwingjust the ap-plimtionlogic to be codd.

Anotlm equally importanl aspect of onlint banking applications is thc need for tIiem to suffer failure gmcefully. Due to thc clistribvted nature of t h e cypiml achitecturc being dis~~ssed, there arc a nnich Wge~

Q 1937 Microsoft Corporation

214
Authorized licensed use limited to: G H Raisoni College of Engineering. Downloaded on October 8, 2009 at 06:48 from IEEE Xplore. Restrictions apply.

have to hcl I~andled.MTS pmvides DCOM componem with jmplicit transaction support, ensuring that, i n the case of failure, applidon code docs not need to be wrhten to identify and perform data clcan-up all modifications to pmsistent d a updormed within thc aansactiun will automatically be rolled hack by die Disaiuted Trasaction Coordinator(pan of MTS). The DTC u s e s industry standard protocols to m.mage transaction wordination including XA and OLE Transactions.

numb= of possible fdw cases

By providing transpwcnt support for sewer raouce "agemm and "actions, MTS removes B major h e m to wiicmtrate on thc creation of the application logic that is burden from developm, allowing t required to slippart rbeirbusmess. "he PauiciaSeybold group estimates that appmdmately 40%of T h e development efhn involvedi n building s w e r applications i s spent building the basic inlhistnicnue using W S would allow that t j m LO ~ be spent on building &e real application logic so hpmving developer

productiwry and tixneto-market.

Anaher aspect of blTS deserves a mention is its support for " p o x " re-usc. A major issue wiUl most aimsaction systans is coordinatingthc scope of the transaction and participation (or not) of each component -lis problem is especially real when some of die components have been purchascd f r o m external suppliers. ElTS resohrcs this issue by mcrrpsda trmsa&on semantics as part of &e implclueutation of an individual componat, removing the need for any onc componwll to be responsible for committing or rollingbn& the entire transacfion. This m m rhat components built in camplac isolatian from each other can participate m coordinated and rcliabletransactions - quite a boon for componentreusc

Host integration Most banks still run their main accounringapplica~ons on CICS OT IMS based " m e systems. Good hon integration is thereforevital to the sicccSsfJ dclivecy of systems to mppon new b&g delivcry channels. MicrosoftTransaction S e n m allows DCOM components to invoke CICS1u.Is tmsactionsvia COM stubs thaz are gmerated auLonlabca3ly using a W i z a r d dwclopmcnttool. This pn-ides applicarim
developas with P "man programming model, COM, to cambinc both Widows and mainfiwne transactions into a single atomicpiece of work

In addition to the use of CICS/IMS musactiom, IBM is working to provide an XA compliam ODBC driver lor DB2 .and Microsoft are dose IO shippmg an OLE-DBdriver for flat VSAM AS/400files-providing
more allerrdves for host dau integratim
Anorher important area for host integation is messagirY technology. The Microsoft Message Qucue e s use of COM to intepte a messaging M I into the scwicesprovided Tor iuid-tier application dwdopers. This mcsaging queue is also integratedvk OLE Transactions wiW4"S me3ning that any mcssage queue updatcs c m alsopanicipde i n a coordinated transaction. Many customers are running IBM's MQ Series on their host arvironments andvia a n MQSeries gatway developedby Lcvel S Coztyuting, messrtgcs w&en to a MSMQ smer c mW thek way on to the niah&amc.

(MSMQ) 3gab d

Finally Software AG are rapidly completing their pons of DCOM onto other pldforms which will include 09390,Dig$.aI Unix, HP/UX, Solaris, These ports arebdng aaivdy evaluatedby mnny banks as a way ofpmviding an exaemcly flexible host integration technology.

Security
DCOM s e d @ falls into WO differcn~ "ps, Intr;meL security and Intunet seaEily.
Xntmnet s&Q' is well c t c r c d for m the existing DCOM infrastructure throughits use o f stmdzud Windows FTLM challenge responsc mthenticatioii protocol and RC4 encryption for message privacy. This illfraSt"1Te pmcicles for fully aul-hairicated and plivalc DCOM calls i n all env4roment.s supported by DCOM hcludingWindows and thc other platforms supportedby Soflware AG. Within an enterprise envbnment, hom s e a 5 integr-onis pmvided vis die CICS/LNS Megration componwts within MTS.

0 1997 Minosoft Corporation

215
Authorized licensed use limited to: G H Raisoni College of Engineering. Downloaded on October 8, 2009 at 06:48 from IEEE Xplore. Restrictions apply.

This tcclmology uses SNA (via SNA Sever) to co1111riu1~c3te with the host etn%'"en2s gains the Tull host security integmtionprovided by SNA Server.

and through this

Full Internet se&@ will be cnabled vi3 the usc o f SSL to secme DCOM calls, allowing 3 point lo point mutual authmtication via piiblic key certif~calcs Authorisation control will also be enabled through thc ability to map cErtificatcs IO certain NT user and group accounts. This will provide a scalable and st~~dardised mechnnism to control access for pcople that are not given nandNT domain accounts. While standards DCOMSSL kegration is not yet available,thc custom marshalling kJkstnicture can be used io implemcat a completely custom reiuoting layer that does use SSL.

Conclusion
Distributed object coiuputing is a kcq cnobliylg technology for true clistribured systems. CObVDCOM provides an elegant$ simple, yet powerful object model that can be used to c r a t e distributed object based systems. DCOM supports t h e fuadamentalrecpikements of language neutrality, locatiou lxansparency, coinponcnt vmioiring and indcpcndent wolution necessary in a robust, commerLd objccr technology. Within Windows, COM (md DCOM)x e used as rhe priacipal sofiware integatiou lechnology usd to expose all oZ the hsmbutcd senices, so ensuring a Uaifompmgramming model for dcvelopcrs, reducing the 1e;inhq curve Within Windows COh4 and DCOM are supportcd by a variety of othct senices h t arc being used today to deliwr mission critical applicatiollsin the banking hldustry.

Q 1997 Mjausoft Corporation

216
Authorized licensed use limited to: G H Raisoni College of Engineering. Downloaded on October 8, 2009 at 06:48 from IEEE Xplore. Restrictions apply.