Strategic IT Architectures and The SAS System A Case Study of the Application of The SAS System within British Gas Trading

Similar documents
BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

Sysgem Enterprise Manager

WHITE PAPER. Title. Managed Services for SAS Technology

New Zealand Government IBM Infrastructure as a Service

Data Protection. Plugging the gap. Gary Comiskey 26 February 2010

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

ANZSCO Descriptions The following list contains example descriptions of ICT units and employment duties for each nominated occupation ANZSCO code. And

VMware vcloud Air Accelerator Service

IoT & SCADA Cyber Security Services

IBM s Integrated Data Management Solutions for the DBA

Virtustream Managed Services Drive value from technology investments through IT management solutions. Tim Calahan, Manager Managed Services

Microsoft SQL Server Training Course Catalogue. Learning Solutions

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

REPORT 2015/149 INTERNAL AUDIT DIVISION

Deploy. Your step-by-step guide to successfully deploy an app with FileMaker Platform

Securing Your Digital Transformation

Software Requirements Specification. <Project> for. Version 1.0 approved. Prepared by <author(s)> <Organization> <Date created>

SAS Solutions for the Web: Static and Dynamic Alternatives Matthew Grover, S-Street Consulting, Inc.

Fusion Registry 9 SDMX Data and Metadata Management System

This Document is licensed to

Standard CIP Cyber Security Critical Cyber Asset Identification

Transition Plan. Data Center Operations Outsourcing. Implementation: Final. Ref: TR0007

NEN The Education Network

IT Attestation in the Cloud Era

Creating Enterprise and WorkGroup Applications with 4D ODBC

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

CAPABILITY STATEMENT

Standard CIP Cyber Security Critical Cyber Asset Identification

Ingram Micro Cyber Security Portfolio

CwJ Consulting Ltd Technology & Roadmap guide. Author: Christopher Cantle Date: 7 th March 2017 Version: 2.5

IT Managed Services. Schedule 1 Specification 11/07/18

IT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)

Introduction to AppDev Studio Software

Massimo Nardone, TKK, S Security of Communication Protocols

PROTECT YOUR DATA, SAFEGUARD YOUR BUSINESS

AUDIT OF ICT STRATEGY IMPLEMENTATION

Google Cloud & the General Data Protection Regulation (GDPR)

SAS/ACCESS Interface to R/3

TEL2813/IS2820 Security Management

Sparta Systems TrackWise Digital Solution

INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK

Zero impact database migration

Enabling efficiency through Data Governance: a phased approach

New Zealand Government IbM Infrastructure as a service

Managed Services.

Three Key Considerations for Your Public Cloud Infrastructure Strategy

TRACKVIA SECURITY OVERVIEW

Enterprise Data Architect

Vulnerability Assessments and Penetration Testing

Nesstar Server Configuration Tool User Guide

ISO27001:2013 The New Standard Revised Edition

SMR Deployment Enablers

JOB TITLE: Senior Database Administrator PRIMARY JOB DUTIES Application Database Development

Administration and Data Retention. Best Practices for Systems Management

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Data Warehouse. T rusted Application. P roject. Trusted System. T echnology. System. Trusted Network. Physical Security

ORACLE SERVICES FOR APPLICATION MIGRATIONS TO ORACLE HARDWARE INFRASTRUCTURES

Version 1.4 Paribus Discovery for Microsoft Dynamics CRM User Guide

Microsoft Developing SQL Databases

Achieving effective risk management and continuous compliance with Deloitte and SAP

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

NORTH CAROLINA NC MRITE. Nominating Category: Enterprise IT Management Initiatives

IT or Application or Test Environments Management and Terminologies.

Choosing a Secure Cloud Service Provider

Data Center Operations Guide

Enterprise Services for NFuse (ESN) February 12, 2002

Implementing Problem Resolution Models in Remedy

HPE Proactive 24 Service

Information Security Policy

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Deploy. A step-by-step guide to successfully deploying your new app with the FileMaker Platform

TRIREME Commander: Managing Simulink Simulations And Large Datasets In Java

Migrating a Business-Critical Application to Windows Azure

Database Environment. Pearson Education 2009

Support for the HIPAA Security Rule

Meltem Özturan misprivate.boun.edu.tr/ozturan/mis515

Controlling Costs and Driving Agility in the Datacenter

IT Service Delivery and Support Week Three. IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao

Siebel Brightware. Implementation Readiness Guide. Version 8.1.6

ITIL: The Key Differences Between Versions 2 and 3

Introduction to ISO/IEC 27001:2005

Wipro s Endur Test Automation Framework (W-ETAF) Reduces time and effort for the implementation and maintenance of an automated test solution.

Green Star Volume Certification. Process Guide

Dell helps you simplify IT

The ITIL v.3. Foundation Examination

Copyright

AUTOMATED RESOURCE MANAGEMENT SYSTEM (ARMS)

Accelerate Your Enterprise Private Cloud Initiative

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

ISO/ IEC (ITSM) Certification Roadmap

Secure Messaging Mobile App Privacy Policy. Privacy Policy Highlights

M&A Cyber Security Due Diligence

Canada Life Cyber Security Statement 2018

Unifia Environment (UE) Application & Security Overview

Contents. Microsoft is a registered trademark of Microsoft Corporation. TRAVERSE is a registered trademark of Open Systems Holdings Corp.

An Oracle White Paper May Oracle VM 3: Overview of Disaster Recovery Solutions

STRATEGIC PLAN

July 20, 2006 Oracle Application Express Helps Build Web Applications Quickly by Noel Yuhanna with Megan Daniels

Seamless Dynamic Web (and Smart Device!) Reporting with SAS D.J. Penix, Pinnacle Solutions, Indianapolis, IN

August Oracle - GoldenGate Statement of Direction

Transcription:

Strategic IT Architectures and The SAS System A Case Study of the Application of The SAS System within British Gas Trading Presenters: John Ingram - British Gas Trading Ty Sapsford - OCS Consulting Plc British Gas Trading embarked upon a major development project in 1996/97 in order to enter the electricity market at deregulation in April 1998. One of the systems within the programme required both OLTP and OLAP functionality to support a Trading business division initiative. Trading selected The SAS System for delivering the OLAP functionality. Business constraints, driven by external market factors, created a situation requiring a quick response concerning the OLTP functionality. The SAS System s flexibility and functional breadth made it a leading choice to respond to this situation. The SAS System enabled IT to deliver to the business division a system that satisfied the business requirements, while meeting IT strategic objectives. This paper shall describe the IT architecture and how The SAS System supported this architecture. A brief summary of the costs and benefits of the SAS System within a strategic IT architecture will conclude this paper.

Presenters Notes: Corporate Strategic IT Architecture defined the hardware and software configuration of the system as: Hardware: Servers Digital Clients Compaq.. Software: Servers Database Server - Digital Unix v4.0b Oracle v7.3.3.3 Open Process xxx.xx Redbox xxx.xx Application Server - Windows NT v4.0 service pack 3 SMS Server xxx.xx Clients Windows NT v4.0 service pack 3 Clients Lotus 1-2-3 Excel v7 SMS Client xxx.xx The application scoping study deliverables identified the additional requirement for the selected solution to be located in the software configurations of both the Database and Application servers. The SAS System v6.12 ts020 was selected. The following SAS modules are located on the servers: Database Server SAS/Base SAS/Connect SAS/Access to Oracle Application Server SAS/Base SAS/Connect SAS/Access to PC File Formats SAS/Assist SAS/AF * * SAS/AF was used in the development environment to build the Graphical User Interface (GUI).

British Gas Trading IT architecture strategic objectives are defined in detail in many internal documents. The IT architecture objectives of interest to this application may be summarised as (SAS Meeting IT Strategic Objectives:): Data Management Data Access External Interfaces Database Management Interface Definitions Security Backup and Recovery Audit Security Data Integrity Timely Complete Correct Valid Data Consistency Corporate Definitions Business Unit Area Definitions External Definitions Application Management Delivery Unix Environment Windows NT Environment Extendibility Vendor Pedigree Custom Application Code Year 2000 Recovery Backup Disaster Security User Interfaces Data Interfaces Code

The following table highlights the experienced strengths and weaknesses The SAS System provided towards the IT Strategic Architecture objectives (SAS Meeting IT Strategic Objectives:): Objective: Strength Weaknesses Data Management Data Access External Interfaces Database Management Interface Definitions Security Backup and Recovery Audit Security Strong support of proprietary and non-proprietary file formats provided. Support for required file formats and proprietary access languages enable interface definitions to use optimal mechanisms. SAS datasets being proprietary are inaccessible to other products. SAS compiled code is equally inaccessible to other product access manipulation. The option exists to remove the access to the compiled code source via The SAS System tools or to apply access restrictions to the SAS datasets, though this was not persued in the actual system. SAS support of Oracle dbms system enabled leveraging Oracle s transactional recovery facilities. SAS metadata facilities enabled uncomplicated data management systems to be provided that required limited effort to build. SAS cross functional use, providing both OLAP and OLTP functionality, enable audit tracking to be more comprehensive than normally anticipated by multi-vendor solution. Operating and Oracle system security is fully supported by SAS. Customisation of standard SAS scripts necessary to tailor to each operating environment is relatively simple. Additionally, SAS provided further security layer, using Oracle as a profile storage container. Integrating Oracle into the SAS security enable British Gas Trading Oracle skills to be used in the security maintenance area. Separate SAS modules required for proprietary file formats. Multiple skills required to support SAS files, spreadsheet files, and Oracle tables manipulations. The SAS System was required for accessing the data or source code. SAS not being a transactional relational database system, meant provisioning for transactional recovery facilities was required. NOTE: This only became necessary when project restrictions decided The SAS System would provide transactional facilities. Audit functionality not inherent in SAS modules. SAS support for object orientated approach reduced much of the effort. Support for multiple security layers increased development efforts and user interface complexity.

Objective: Strength Weaknesses Data Management Data Integrity Timely Complete Correct Valid The SAS applications integrated well into the scheduling tool, Open Process. All processing completed within the business and IT requirements as demonstrated by the allocated batch window. Notable gains during later tuning efforts have been made. The ability to capture an extensive range of data formats within SAS enable the solution to meet its completeness criteria. Several elements of the data model required integration of the business rules to ensure that a correct values are maintained, i.e. data values treated differently due to business environment conditions. The ability to represent these element s data values was met using SAS flexible data manipulation methods and data representation formats. The ability to validate a data representation using a mixture of SAS functions and data types within a single procedure or simple program module reduced effort and increased both the range of validity checking and its robustness. Customise loading mechanism required for Oracle in Digital Unix environment. Not provided by the default SAS/Access to Oracle product This was resolved using SAS/Base and SAS/Access to Oracle solution that OCS built into the system. Program complexity was increased by completeness requirements. Perceived weaknesses during early phases was restriction of supported data types within SAS of char (max length 200) and numeric (max 8 bytes), though no formal business requirement for more than these data types was identified. Providing data correctness required the data model to integrate business rules. This included all stages of the project, i.e. documentation and diagrams, pseudocode and program modules. Integration of SAS within a CASE tool would have minimised this effort, though some additional effort may have been required to operate the CASE tool. Duplicate processing occurred to enable more than simplex read error failures. More sophisticated maintenance requirements, particularly with the database feed, i.e. Year 2000 support increased complexity of code.

Objective: Strength Weaknesses Data Consistency Corporate Definitions Business Unit Area Definitions External Definitions IT Strategic Architecture established the database environments, i.e. Oracle as the strategic data repository. SAS ability to actively integrate within an Oracle environment ensured that data was captured, updated and if necessary removed as defined by the corporate data strategy policies. Business requirements meant the data required metamorphosing from the corporate definition to another format was required. The application of SAS SQL views and reformatting functions to transpose and manipulate the data tables enable the project to meet both corporate and business requirements. The system interfaces with several external entities, being both internal and external to the organisation. SAS/BASE product provided all the mechanisms to meet the external organisation entity interface requirements. The internal interfaces were meet again using SAS/BASE with the addition of SAS/Access to PC File Formats. Performance was effected by the inherent overhead associated with a transactional dbms system versus a informational. This is partially offset by the advantages of a transactional dbms with recovery and to some degree with database integrity. Controls implemented within the solution assisted with ensure a consistency was maintained between the two definitions. These controls required additional effort. Using objects to perform the transformations reduced this effort, plus gains from operating on an information dbms (SAS) data table with later processes counteracted part of the effort cost. Additionally effort necessary to

Objective: Strength Weaknesses Application Management Delivery Unix Environment Windows NT Environment Extendibility Vendor Pedigree Custom Application Code Connectivity was easily established with SAS/CONNECT product, with minimal customisation of the connect script and using the chosen communication protocol, i.e. TCP/IP. Access to the application is controlled by an Oracle table containing users profiles. SAS catalogues minimised file management and complement security standards. SAS ability to communicate with the operating environment enable leveraging the Unix operating system to perform maintenance functions on non-sas file types and to communicate with the support message system Redbox. The trading system was to support the ability for a user to have their profile fully portable. SAS initiation process is managed by files in ASCII text format, i.e. config and autoexec files. The text format enable ready customisation to ensure the application met the profile criteria. The application profile while maintained in a SAS proprietary file, i.e. profile.sc2, was known to the system as a standard file, thus was also readily integrated into the NT environment. The stability and multi-platform support of The SAS System met British Gas Trading software vendor pedigree standards. The modular approach to configuring SAS fulfilled scalability requirements. Structured programming and object orientated approaches maximised reuseability which reduced effort, actively assisted interface consistency reducing effort by development team and by users in learning the application, and lasted have increase ease to analysis and remedy changes to the trading system. Unix connectivity and relatively poor inherent access and security controls increase exposure to unwanted access. The text format of the config and autoexec files are a strength and weakness. A skilled person can readily access and understand the files, thus additional access controls were required. The breadth of SAS led to some extra efforts being required to identify certain operational system specific behaviours. This would not be unique to SAS. Requires more analysis and design effort to be expended initially to identify modules/objects.

Objective: Strength Weaknesses Application Management Extendibility Year 2000 Recovery Backup Disaster Security User Interfaces Data Interfaces Combination of yearcutoff option and range of date formats and functions made meeting year 2000 compliance simple to perform. The SAS System version 6.12 year 2000 compliant certificate and SAS support of providing year 2000 setinit enable year 2000 testing to be performed. Use of SAS metadata and data processing facilities supplied the application with the capability to validate backups during operation, which was critical particularly during some of the overnight batch routines. Access to operating system enable SAS to perform backup functions on non- SAS files. Use of similar metadata and data processing facilities within the SAS System enabled the application to registered and performed disaster recovery or disaster notification where recovery not possible. Three levels of security provided by vendors, i.e. Windows NT, Unix and Oracle are integrated into the application. Additionally a further level of security is encoded into the SAS/AF interface. Use of initcmd, custom profile, custom config and autoexec files delivered via SMS enable users to be restricted access to the SAS System except where this is provisioned within the application. SAS and Oracle security are incorporated. Oracle users are defined roles which control privileges a users has within Oracle. SAS datasets and views support encryption and access controls where the functional requirements stated such requirement. All custom code and libraries are supplied to the users in readonly mode, with the users Performing full year 2000 compliance was not possible due to non-compliance of operating system, thus some assumptions of validity of year 2000 compliance were necessary. Difficult for tester to validate SAS files were correctly backed up without experience and access to the SAS System. This was the same for Oracle tables. The SAS System being an informational database is not provisioned with roll-back, journalising and other disaster functions. This was not critical due to the system as Oracle was defined as the data repository. The only risk was during Oracle updates by SAS within the application. Extra effort is required to support the levels of security, which is an on-going cost for the business. A user with the appropriate levels of skills could alter the library mode, as could a user with the appropriate Oracle user id and password edit the data tables.

Code having only their private libraries available in write mode. Access privileges are controlled using NT file and folder privilege controls. This is further complemented by access privileges assigned to the SAS catalogues. The option to provide the production environment with compiled code missing source is also available. Operational support can be adversely effected by too much code security. Code security is an area require content revision during the system life cycle.

Summary: Balance Sheet Assets Flexibility - providing transactional and informational facilities which are integral to a trading system Multi-platform support - enabled the trading system to implement the designated optimal client/server solution Open data support - ability to access and produce multiple file systems, i.e. Oracle, Lotus 1-2-3, MS Excel, etc. provided flexibility and data options not readily available to other systems 3 rd and 4 th generation language support - use of structured and object-orientated approaches code to integrated readily into the solution. Selective use of appropriate methodologies to sections of the solution code be supported by the development team Year 2000 compliance - year 2000 compliance within the SAS System and the SAS custom code was able to be tested and documented Extendibility - The SAS System being readily expanded with new modules. The custom code using structured and object-orientated programming standards coupled with coding standards enable both extensions and long-term support to be provided with minimal additional effort. Liabilities Provisioning of printing methods with the vendor software not as strong as required. Thus increasing effort in development to provide hardcopy output Proprietary nature of SAS data tables increases complexity of access to data held within SAS. Thus increasing effort to ensure data stored within Oracle tables where data to be available to other systems, or where transactional functionalities required Service Level Agreement more complex as production support provisioning not within current British Gas Trading IT skill portfolio (SAS Skills). Commitment to skill transferral and training required of both the vendor (SAS) and third party consultancy (OCS). Way Ahead Business Requirements Review User Acceptance Testing Phase 2

Questions?

OCS Consulting plc acknowledges all other copyrights and trademarks OCS Consulting plc 1

JOHN INGRAM - STRATEGIC CONSULTANT, BRITISH GAS TRADING TY SAPSFORD - SENIOR CONSULTANT, OCS CONSULTING plc IT STRATEGIC ARCHITECTURE MILESTONES TRADING SYSTEM MILESTONES IT STRATEGIC ARCHITECTURE TRADING SYSTEM ARCHITECTURE DATA MANAGEMENT APPLICATION MANAGEMENT OCS Consulting plc 2

OCS Consulting plc 3

OCS Consulting plc 4

OCS Consulting plc 5

SERVERS DATABASE SERVER (SAS 6.12 TS020) SAS/BASE SAS/CONNECT SAS/ACCESS TO ORACLE APPLICATION SERVER (SAS 6.12 TS020) SAS/BASE SAS/CONNECT SAS/ACCESS TO PC FILE FORMATS SAS/GRAPH SAS/ASSIST SAS/AF* CLIENTS DESKTOP NONE * SAS/AF APPLICABLE IN DEVELOPMENT ONLY OCS Consulting plc 6

OCS Consulting plc 7

EXTERNAL INTERFACES DATABASE MANAGEMENT INTERFACE DEFINITIONS SECURITY BACKUP AND RECOVERY SECURITY TIMELY COMPLETE CORRECT VALID CORPORATE DEFINITIONS BUSINESS UNIT AREA DEFINITIONS EXTERNAL DEFINITIONS OCS Consulting plc 8

UNIX ENVIRONMENT WINDOW NT ENVIRONMENT VENDOR PEDIGREE CUSTOM APPLICATION CODE YEAR 2000 BACKUP AND RECOVERY DISASTER USER INTERFACES DATA INTERFACES CODE OCS Consulting plc 9

OCS Consulting plc 10

OCS Consulting plc 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback