Best practices in designing Architecture/solution for EDI implementation in Organization

Best practices in designing Architecture/solution for EDI implementation in Organization:

Following the best practices in implementation of EDI in an organization will improve business processes, reduce operational costs and minimize the risk to business continuity. A successful EDI Implementation provides visibility into core business operations that enables the optimization of business processes with increased business performance and strong return on investment.

While designing Architecture for EDI implementation in Organization we should consider the following best practices. The below mentioned are some of the best practices and these need to be implemented according to the feasibility and according to the two important constraints such as Time and Cost

1.       EDI Integration services

• Application back end systems and the data standards need to be studied and the EDI services need to be planned accordingly.
• How the inter-applications communication working?  Should access the inter-applications communication requirements. How do EDI application/Tools interact effectively with applications?
• Should perform assessment and provide diagnostics approach solution. Also consider future IT/Business environment impacts.  For this we should note down the constraints of the tools/software we are considering for EDI Implementation. Constraints are to be evaluated and discussed with the business and application teams to come up with an applicable solution.
• Should have the transaction flow statistics from business and application support personals and use this data in evaluating and planning of the EDI applications and servers that are needed for the current and future use. Should perform assessment and provide diagnostic approach in having different EDI application and servers

2.       EDI Implementation services

• Standardizing the application documents. That is organization EDI implementation standards are to be considered while designing the architecture.
• Should consider the application access services, different communication protocols that need to be used. Does the organization require any special network facilities or any value added network services?
• How the data storage should be done? Is the data stored in database or file system?  The Implementation services need to be designed accordingly.
• Should plan, evaluate and select different services and implementation facilities that are provided by the EDI tool.

3.       EDI Application Management services

While designing the EDI implementation for the organization the below few management services need to be considered

• Data Archiving and retrieval: Should evaluate the existing process of data archiving and retrieval methodologies. Should redesign if necessary according to the EDI tool. Should check whether to use database in conjunction of file system or only file system or only database and compare all possibilities if the existing data archiving and retrieval system has shortages.
• Security and Application Disaster Recovery : First check the organization Disaster Recovery Plan and design accordingly.
• Check whether DMZ zone and load balancer should be used. Estimate and evaluate the software and systems that need to be used for security, load balancer and for application recovery. The architecture and EDI solution depends on this
• Application and Data failure support: The maintenance and support cost should be estimated while designing the EDI architecture and solution for any organization. The application maintenance and support should be well thought and should be easy for debugging and fixing of the issues are failures. Need to have a centralized, easy access and readable data for business as well as IT users for debugging and recovering the application and data when there is a failure
• Interface & Batch Job Failure Support: Most of the applications send / receive data files as batch. EDI applications should support these batch jobs and should have interfaces to easily recover and start the data processing from the time of the failure.
• Regulatory Updates: Should support all industry and government regulatory updates and EDI versions. Should check how feasible and easy for updating the EDI standards, schemas and DDF etc.

4.       EDI Application Hosting Services

• We should check how the application hosting services like Installation, Administration, Application testing, System administration services, storage management services are supported by the EDI tool/application. Generally most of the EDI Tools do have all these services but need to plan evaluate and select them very systematically and judge so as to have a cost effective EDI system.

5.       EDI Business activity monitoring Services:

• Not all the EDI tools/applications have the business activity monitoring facilities. If exists these facility services / application need to plan, evaluate and implement with the help of the business and back end system users. If there are no inbuilt mechanism for business activity monitoring then the application services, business processes, error handling etc need to be designed so as to accomplish the task. This needs to be planned according to the business need, feasibility, time and cost.

File Transmission Protocol : AS2 basics

Applicability Standard 2 Defined:

AS2 (Applicability Standard 2) is an EDI specification intended to ensure the proper level of security for data transmitted over the Internet. Although it was developed specifically for EDI, it can be applied to virtually any type of file, including XML.

Benefits of AS2:

The internet is one of the more common methods of exchanging EDI and other data because it is easy and relatively inexpensive. But the Internet can also present some challenges for security. AS2 is intended to address these challenges by providing a common set of conventions for security, verification, message integrity and privacy.
Due to the security standards, many organizations require that their partners utilize AS2 for all EDI or other B2B communications. AS2 also addresses many of the requirements of HIPAA for those working in healthcare.

A second benefit of AS2 is that it allows for immediate transmission of files, directly between trading partners. That is, it eliminates the need for a VAN (Value Added Network) to handle the exchange of data. Any organization with constant access to the Internet is capable of handling AS2 communications.

How AS2 Works:
AS2 addresses security for data transmitted via the HTTP (Hypertext Transfer Protocol) transport protocol (or its more secure version, HTTPS) over the Internet or over any TCP/IP network. It does this through the use of encryption and digital signatures, using a format called S/MIME (Secure Multi-Purpose Internet Mail Extension), and the use of receipts called MDNs (Message Disposition Notifications).
MDNs contain information about the delivery status of the message. In this way, MDNs allow for a particular benefit called "no repudiation," which means the recipient of a message cannot deny having received it.
AS2 vs. AS1 and AS3
AS1, AS2 and AS3 are all standards from EDIINT (EDI over the Internet) for the secure transfer of data over the Internet. All include the same conventions for encryption and digital signatures. Where they differ is in the communications protocol they each address. While AS2 is specific to HTTP (or HTTPs), AS1 refers to data transmitted via email, using SMTP (Simple Mail Transfer Protocol). AS3 applies to files exchanged via FTP (including sFTP or FTPs).
Communicating Via AS2:
Although exchanging data via AS2 is typically handled automatically by AS2 software, it is important to understand the process and what you need to get going. Here are the key elements:

• Secure Certificates and Keys - AS2 utilizes a very common method called public-key cryptography for securing AS2 messages. Certificates are created that contain keys for encrypting and decrypting your data. One key, called the "Private" key, is used for both decryption and signing messages and should always be protected. A "Public" key, which is used for encryption and verifying the sender's signature, is intended to be shared with your trading partners so they can "encode" messages for you.
• AS2 ID - essentially the name that identifies you as the source of your messages, an AS2 ID is for verification through the use of digital signatures.
•  AS2 URL - to send and receive information over the Internet, you need a unique AS2 web address. This is typically set up as as2.yourdomain.com.

Sterling Integrator Map Editor translation Process

These steps list the sequence of how the translator executes rules while processing the Input side of a map.

1. Load the Input definition.
2. Read a block of data from the Input file.
3. If the record is the first record of a group, run On_Begin rule, if present.
4. Load each field within the first/next record within the current group and then execute field level rules (for each field) in the following sequence:
1. Execute standard rules
2. Execute extended rules
5. At the end of the group, execute the On_End rule, if present.
6. Repeat steps 2 - 5 for each group in the Input file.

 These steps list the sequence of how the translator executes rules while processing the Output side of a map.

1. Verify whether or not data exists for the first/next record.
2. If the record is the first record of a group, run On_Begin rule, if present.
3. Load each field (via simple links) within the first/next record within the current group and then execute field level rules (for each field) in the following sequence:
1. Execute standard rules
2. Execute extended rules
4. Format data according to specified field properties on the Field Properties dialog box.  This refers to field length and field format settings (string, date/time, numeric).
5. Write the record to the Output file.
6. At the end of the group, execute On_End rule, if present.
7. Repeat steps 1 - 6 for each record in the Output file.
8. Create or update the document entry in the database

Difference Between FTPS and SFTP

* FTP is an unsecure protocol
*SFTP (SSH File Transfer Protocol) is completely different from FTP, as it was built from the ground up, to add FTP capabilities to SSH, while FTPS (FTP over SSL or FTP Secure) is an extension to FTP that uses the security mechanism of SSL
*FTPS was created as an extension of FTP to add security mechanisms, while SFTP is an extension of SSH that adds easy file transfer capabilities to the already secure SSH.

*FTPS uses two channels to facilitate communications and data transfer, while SFTP only uses one.

* FTPS sends and receives messages in a human readable format, while SFTP sends and receives messages in binary.