This document contains requirements for an online membership and class booking system for FeelGood Fitness Group. It includes:
1. An introduction and general requirements for the system. Interviews were conducted with the owner, operations manager, and sales manager to determine additional needs.
2. Functional requirements like online membership signups, class booking, telephone and walk-in bookings, and administrator functionality were identified.
3. Data requirements and an entity relationship diagram were provided. Discovery prototypes were created to explore designs.
4. The scope, business actors, and specific process requirements were defined through use case diagrams showing functions like account creation, class booking, and membership renewal.
2. 1
Table of Contents
MS322 Deliverables .................................................................................................................... 1
Requirements Statement............................................................................................................ 2
Introduction.......................................................................................................................... 2
General Requirements ........................................................................................................... 2
Interviews Conducted............................................................................................................ 2
Scope ................................................................................................................................... 6
Business Actors .................................................................................................................... 6
Functional/Process Requirements........................................................................................... 7
Data Requirements...............................................................................................................13
ERD....................................................................................................................................14
Discovery Prototype.............................................................................................................14
Additional Comments...........................................................................................................16
Gantt chart................................................................................................................................ 2
Work Breakdown Structure ....................................................................................................... 2
Project Plan Two Comments...................................................................................................... 2
MS322 Deliverables .................................................................................................................... 4
Advanced Database Technologies Report ................................................................................... 5
PHP vs ASP.NET.................................................................................................................. 6
System Logic and Architecture .............................................................................................. 6
CRUD Matrix........................................................................................................................... 5
Mock Ups................................................................................................................................. 5
Original Sketches.................................................................................................................. 6
Mock Up with Use Cases...................................................................................................... 6
Create table SQL code.............................................................................................................. 5
MS320 Deliverables .................................................................................................................... 4
Software List............................................................................................................................ 5
Code Design Report .................................................................................................................. 5
Technology Design Report ........................................................................................................ 5
MS216 Deliverables .................................................................................................................... 4
Networks and Communication Report ........................................................................................ 5
Overview.............................................................................................................................. 6
Upgrading the Current System............................................................................................... 6
Security ............................................................................................................................... 6
Hosting Options ................................................................................................................... 6
Comparison of Alternatives................................................................................................... 6
References............................................................................................................................ 6
3. 2
MS314
Requirements Statement
Introduction
FeelGood Fitness Group are an organisation that specialise in personal fitness. In order to increase their
capabilities as a business, they have chosen to commission our team to create a fully functional online
booking system. A functioning website already exists, however, it has been created to be more of a
promotional tool than a website that provides useful functions. FeelGood Fitness Group consists of six
branches Galway, Athlone, Castlebar, Drogheda, Tralee and Cork. They want the systems to be
integrated across each separate branches. They require us to create a multifunctional site that allows
interaction for their users including online membership sign up and booking classes. The system must
generate more contact with the public and attract more members to join, creating more revenue for the
company. It is vital that we create a system that not just meets the general requirements but is also very
functional across all levels of the business. There will be many points of interaction with the system
from management, admin and employee’s to customers/members. The system will adhere with all
security checksneeded to keep information private and not allow the system to generate any foreseeable
problems for the company in the future.
General Requirements
Online Membership – The club offers three separate types of memberships which willbe implemented
as Adult, Student and Off Peak. The price plan will remain the same for all six branches which the
option to pay monthly through direct debit or to pay for the year in advance which will include a slight
discount. Users should be able to reviews and change their membership before submitting it. The new
members who sign up online through this system will be given an account with a password login where
they can modify their personal details at any time or manage their classes through the online booking
class system.
Online Class Booking System– The next part of the systems is to create an interactive booking system.
Users should be able to view upcoming classes by filtering what they are looking for such as club, class
type, date and time and the instructor. The site should show if there is any spaces left and proceed to
the booking process if spaces are available.
Telephone and walk-in Class Bookings – The system should allow users to be able to place telephone
and walk-in class bookings in the normal manner.
Interviews Conducted
We conducted three separate interviews to gain a more comprehensive working knowledge of the
group’s requirements for the system. This allowed us to carry out a more in depth analysis. The persons
interviewed are as follows:
1. The owner of Feel Good Fitness Group – Chris Barry.
2. Group Operations Manager – Michael Lang.
3. Sales and Marketing Manager – Anatoli Nachev.
4. 3
1. Owner’s Requirements from Interview (Chris Barry)
Administrator functionality is implied.
System should attract new customers.
2. Operations Manager’s Requirements from Interview (Michael Lang)
The system needs the ability to create new customers.
It should be able to record information on members depending on whether or not they are a
member or a guest.
Recorded info should consist of; member activity for example the events/classes they attend
and from there we can market certain deals/offers to them.
The system needs to be able to record medical info of its members. And recorded medical
intervention consent must be given and stored to treat members should they fall ill whilst in the
gym or attending classes.
Record metrics of its members i.e. height, weight, BMI etc.
Membership renewal automatic or manual?
A mixture of both is preferred.
It should be automatic in general but with an oversight for renewal dependent on the member.
Choice needs to be made to discontinue service to said member and issue them with a notice.
Details of why we are denying service to this member must be recorded in detail to avoid legal
action against the company.
Employee admin access
Dependent on position.
Certain positions have certain views where needed.
Interactive table of contents.
When a member books a class they should be continuously booked into the following classes
also.
In order to cope with capacity information displayed, a member who is continuously booked
into a class will be sent a booking confirmation 24hrs before the class to verify whether or not
they will be attending. If they decline then that spot becomes available to reserve.
Aesthetics vs Functionality
Mix of both
Keep things simple
Criteria regarding functionality – 1) Ease of use. 2) Usefulness; specific to each customer.
3) Security regarding members personal and medical information as well as financial info.
3. Sales and Marketing Manager’s Requirements (Anatoli Nachev)
Additional Requirements
The user should be able to see those who are members and those who are not members.
5. 4
The employee should have full access.
Current members should also be visible.
Renewalfor customers should be made simple, i.e. one click awayand not having to go through
the process again.
Provide financial resources, statistics and analysis.
There should be some sort of social media presence.
Expand on the services offered, i.e. Classes such as Yoga.
Any other specifications regarding the database?
Be able to report on a database which shows members have joined from today and those whose
memberships have expired from today.
Any specifications regarding classes?
If users book classes it should be done on a recurrent basis, bringing in the user friendly aspect.
Allow for future classes and not hard coding them into the system.
Scope of the System
In-Scope - Requirement we needed and were successful in implementing.
Firstly we focused on the core functions that the system should be able to carry out.
Gym member’s requirements:
User login and registration.
Browse and search classes.
Change user details.
Renew membership.
Employee Requirements:
Create, delete and modify class, booking and user data.
Generate reports.
Out of Scope - Additional requirements that were not used or relevant and reason they weren't
implemented
Continuous bookings – Due to technicalconstraints. We found it difficult to figure out how we would
incorporate this into the system. This is also linked to the emails. Part of the requirements for this was
that admins would automatically send an email 24 hours in advance. As we could get emails to function
correctly this proved to be a problem we could not overcome.
Multiple levels ofemployee access – The system is divided into 3 levels – guest, ordinary user and
admin user. Perhaps if we had more time we would’ve made more levels for admin such as instructor
and manager, who could each only see or change certain data that’s relevant to them.
Emails – Unfortunately we could not get the email functions working within the system. We had
problems with this asthe website wasmade using a localhost and couldn’t connect to my Gmail account.
We tried many workarounds but could not find a solution.
6. 5
Financial – An optional requirement of this system, we decided not to try to implement it. After
researching online, there are various laws and security with regards to storing member’s credit card and
other financial information. We decided that it would be best to leave this to the third party who is
dealing with the payment processes.
Membership Overview – Another optional requirement was that the administrators would be able to
review membership renewals in order to cross check if the user has had complaints made about them or
have been issued with warning. This functionality was desired with the intention of reviewing the
request and if deemed to be disruptive, then a denial of service notice would be issued with a valid
reason as to avoid any legal action.
Interviews were conducted on students from NUIG who were not in Business Information to get an
outsidersprospectiveonwhatthey asuserswould expectfrom a website forFeelGood FitnessGroup.
1. “It should be simple and easy to navigate around the website” – Liley-Beth Griffin.
2. “I think it would help if there was information about the classes and if you could easily go
and book classes online without all the complicated steps I find with the Kingfisher
Website”.
3. “Renewing your membership without going through the process from scratch and re-
entering all your details again would make it much easier. I would like to be able to check
on my account when my membership is finished also” – Shauna Henderson.
Contact was made with a real website developerto be advised on design issuesand Web technologies
that may benefit the system – Sheena Van Den Oosten (Creative media and design)
"In regards to design issues I would advise you to keep it simplistic along with being attractive. If you
pick a colour scheme stick to it and keep the overall theme of the site concise. While a stunning website
facade is great, it's worthless if it isn’t useable or doesn't fulfil its purpose. Well-built sites generate
extra traffic, create new leads and convert browsers into paying customers so keep this focus in mind."
To gain an insight into the current market and functionalities of other fitness clubs we critically
examined other websites.
1. Kingfisher – As a leading fitness club that was located in different areas similar to FeelGood
Fitness Group, we examined their web site to see whatkind functionality and aspectstheyused.
The site itself is very interactive and easy to navigate around. Functionality which we are
focusing on was very good and efficient to use. Overall this systems functionality was similar
to ours and a good example of what our finished project aimed to be.
2. Planet Health and fitness club – This club is also based in Galway but only in one location
with no other brancheshad another interactive website which we reviewed. It wasaesthetically
pleasing and again easy to navigate. The system was let down in some aspects of functionality
as there was no drop down menu or interactive class timetable just a poster.
Scope of the System
The initial system requirements that outlined the basis of the system were given to us very soon after
being approached by FeelGood Fitness Group. This meant that the scope of the project could be
determined from the off. Based on this first overview of the project and of the requirements given, we
estimated the scope of the project to be well within reason. This estimate was based on the premise that
all that was required of the system was to enable membership creation and the ability to choose a
membership type, online class bookings including choosing the date, time and venue of the class, and
the traditional methods of booking classes via telephone and walk-in bookings.
7. 6
However, as the team conducted standard exploratory interviews with key personnel of the company
(Owner, Group sales and marketing manager and the Operations manager) to gather additional
information and requirements from said personnel, we began to find the scope of the system becoming
increasingly broader. Additional functions and requirements requested by the interviewees such as
report generation, member activity tracking and additional booking methods meant the scope of the
system was becoming considerably more complex and hence more technically difficult to design and
implement.
Conscious of the risk of scope creep occurring, requirements running out of control and of course the
team’s ability to complete the task set before us, we proposed that the most effective way of controlling
these factors would be to break the system down into individual functions and create a basis for starting
the project. The process of breaking down the system’s functions was carried out through the creation
of a functional decomposition diagram (FDD). The FDD was composed and based on the initial
requirements stated and the additional requirements attained through the interviewing process. From
these requirements, the basic functions of the system such as class bookings, member creation etc. were
identified and used to create the FDD.
Once the functional decomposition diagram had been created and all the functions of the system had
been identified and represented in diagram form, the scope of the system seemed more manageable
once again. This helped in renewing confidence among the team and believing that we could indeed
produce what was asked of us from the FeelGood Fitness Group.
Business Actors
From the functional decomposition diagram produced, it wasthen possible to create USECASESwhich
further broke down each function into processes and identify the entities/actors involved with these
processes. This made visualising how the system would be designed and how it would function a lot
clearerto the team. Which gave us another boost in confidence regarding the system’s feasibility. Based
on the diagrams created,the main business actor identified was the company itself (FeelGood Fitness
Group), which canbe broken down into severaldepartments.These departments consist of: membership
management – creation, renewal and review – class management – bookings and confirmation – and
report generation. Each of these departments carries out a particular function with business actors also
present on these levels. For instance the class instructors are business actors that carry out a vital part
of the company’s business process, which is conducting classes. The employee administrators, who
carry out business processes such as report generation, membership overview and class modification
are also counted among business actors. The final two business actors we identified are the third party
that process the financial transactions of the FeelGood Fitness Group and each individual member that
carry out the role of the customer. A third-party was commissioned to handle financial transactions, as
the company did not want to take on the responsibility of maintaining such sensitive customer
information regarding customers and of course adhering to the stringent rules and regulations that
accompany the storage of financial details. Which was information we gathered from conducting our
preliminary interviews.
Functional/Process Requirements
The FeelGood Fitness Group intend to carry out a wide range of functions with the implementation of
the new online booking system which we have been commissioned to design and implement. These
functions can be seen in the following Functional Decomposition Diagram (Fig.1).
8. 7
Fig.1
Functions such as online class booking were outlined in the initial project requirements. While the need
for other functions such as booking confirmation and report generation were obtained through the
interviews we conducted with key personnel as we have previously mentioned. While the system is
currently fully functional and incorporates all of the core functions that were required, some of the
additional requirements proved to be rather difficult to implement. Further details on this matter will be
discussed later.
EachFunction on the FDDwasdissectedto create a USECASEfor said function. The following images
depict the processes involved with each of the functional scenarios. The first of which is the process in
which a customer can create anaccountonline to become a member of the Gym, asrepresentedin Fig.2.
Create Account
9. 8
Fig.2
The above USE CASE represents some of the core functions required by the owners which were
outlined in the beginning such as the ability to create an online account. As well as containing functions
gathered through our interviewing process,such as the inclusion of medical information when inputting
personal information.
Online Class Booking
Fig.3
Fig.3 represents the CASE in which a member or a guest can book a class using the online system. As
specified, members are capable of browsing the classes available and filtering their search by spaces
available, date and time, location and by the instructor conducting that class. Once a class has been
booked, the booking is recorded by admins and a €5 fee is charged to guests which is processed by a
third-party.
Booking Confirmation
10. 9
Fig.4
Booking confirmations are sent to both members and guest that have booked a class online in advance.
From there they can either confirm the booking or decline it. When the confirm option is chosen, the
system simply records that member as taking part in the class by decreasing the available spaces. The
alternative scenario is to decline the booking, in which case a space is made available for this class by
increasing the capacity by one. The system provides the instructors with the function of reviewing their
class size in advance of the class. This enables them to better prepare for each class. This case can be
seen above in Fig.4.
The way in which members renew their membership can be seen below in Fig.5. Members access the
online system where they can choose to renew their membership in two ways; monthly renewal or
yearly renewal.The monthly option would mean that the customer will have to renewtheir membership
on a rolling monthly basis at a cost of €45 or €25 depending on whether they choose the adult option or
the student option. The yearly renewaloption which is perhaps more practical, as members need only
renew once per year and save themselves €41 (yearly = €499, monthly = €45*12 = €540. €540 - €499
= €41) as an adult or €25 (yearly = €299, monthly = €27*12 = €324. €324 - €299 = €25) as a student.
The system then passes on the payment requirements to the third-party that deals with financial
transactions. Once the payment has been processed, the membership will successfully be renewed.
11. 10
Membership Renewal
Fig.5
The report generating functionality is used to display key statistics to managers. These statistics enable
mangers to obtain a more rounded view of how the business is operating. Statistics such as class by
popularity, location by popularity and number of users all enable management to make better decisions
as regards to running classes. The report also allows administrators to view members with expired
accounts on a daily basis, as well as the total number of users with expired accounts. After full review
of these reports admins will be better equipped to handle membership management as well as making
operational decisions such asincreasing class sizes, or the frequency of certain classesin certain venues
due to popularity. And vice-versa if necessary. This scenario may be seen below in Fig.6.
Originally we had a different idea as to how the report generation function would be designed and how
it would operate. Initially we had designated the CASE as Marketing/Report Generation, in which the
system would be able to track the activity of members – the classes they attended, where they attended
etc. – and send them offers/promotions based on the information gathered by the system. While also
generating statistics for management to review. However, this functionality proved to be one step to
many and we were unable to successfully implement and therefore had to change our design to
accommodate this. The original CASE can be seen below in Fig.6.1.
13. 12
User Access
The useer access CASE which can be seen in Fig.7, demonstates the functions members can carry out
when they login to their accounts. From here it’s possible for users to update their personal information
be it personal, fincancial or medical. As well as search for classes and view the infomartion appertaing
to these classes. And finally book desired classes.
Fig.7
Admin/employee Access
As per the requirements obtained through our interviews, employee access information on the system
is limited to the role in which the employee carries out, or a ‘need-to-know basis’ you could say. This
function was requested for security reasons. For example, management did not want an employee who
has no need to access to a member’s personal information to be able to do so, as the company would be
held liable if this information was to be used in an innapropriate manner. Therfore we implemented
restricted employee access.
The system allows admins/employees to modify class information, user information and booking
information as well view the reports generated by the system. This functionality can be seen below in
Fig.8.
14. 13
Fig.8
Data Requirements
The proposed system includes the flow of a great deal of information between entities. These entities
may be seen in the Entity Relationship Diagram (ERD) below (Fig.9). In this diagram we can see the
entities involved in the system, the relationship between these entities and the information each entity
contains. Initially we had designs to represent this information and its flow in context level diagrams of
different levels, however, time began to become restrictive and therefore we were forced to prioritise.
We believed that the information that we had already represented on various other diagrams including
the FDD, ERD and various USE CASES, was sufficient in representing the data we needed to create
the system.
Initial data requirements were outlined in the project brief. However to create a more comprehensive
system, more information was needed. As mentioned above, information was ascertained with the
conduction of several interviews with key personnel associated with FeelFood Fitness. From these
interviews, a great deal of information was gathered and documented. A large part of the information
gatheredwasdetails on further functional requirements requestedby the interviewees. With the addition
of these function came a large degree of additional data associated with members, classes and system
data. Examples of this data include:
Members medical information
Medical consent
Metrics such as height and weight
Report data and statistics including class by popularity, location by popularity and number of
users
Instructor Information.
All of which may be seen in the USE CASES and ERD diagram.
15. 14
ERD
Fig.9
Discovery Prototypes
During the course of the design process,there were severalprototype systems developed in order to test
functionality that we attempted to implement. These functions were that of the requirements that were
gathered during the interview stage of our analysis, as previously mentioned. We used prototyping to
augment the System Development Life-Cycle (SDLC) and to keep in line with our agile methodology.
We chose not to carry out an extensive system design at the start of the project, opting in favour of
continually testing the system as we stepped through various iterations. This path was chosen as we felt
16. 15
it bestadhered with the principles of agile methodologies and that we did not wantto restrict the creation
process with the initial plans of the system, as all developers know, things very rarely stick to the plan.
The prototyping process was also most convenient as we were not fully certain as regards to what
functions were feasible in the beginning. Prototyping allowed us to continually test what was feasible
for our team.
Several attempts to implement certain features were attempted. In some instances they were successful
and less so in other instances. A prime example would relate to the report generation functionality we
initially tried to implement based on the information gathered from company personnel. Our initial plan
for this functionality can be seen above in Fig. 6.1. However,after attempting implement the function,
we found it be infeasible and therefore redesigned the process as seen in Fig.6. This scenario
demonstrates the usefulness of continually testing each prototype of the system as it is designed.
Under the booking confirmation process,we attempted to implement a function that enabled the system
to send a notification to members that had booked a class via e-mail, asking them to confirm whether
or not they would be attending the class in question. After initial attempts to carry out this function
failed, we deemed it to be another infeasible step and was one more prototype system that we tested.
The initial CASE for this functionality may be seen below in Fig.10.
Fig.10
To reiterate our point, we used prototyping when creating the system in order to continually test
functions as we went along and if something was deemed to be infeasible, then the system was changed
in order to adapt.
As regards to feasibility, anything that was deemed infeasible was only done so after initial research
was done on the topic. For instance our chief developer (Ryan McGuinness) would search for methods
on how to implement the function and attempt to apply it to our system.He would then testthe prototype
to deem whether or not it met the requirements. If not, then we would deem it to be infeasible, mention
it in our report and try another method of meeting the requirements.
17. 16
Additional Comments
Security
Security was identified as an important feature of this system. A lot of personal information is being
collected by FeelGood therefore this information needs to be protected. Firstly, all passwords are md5
encrypted. This means that if a potential hacker got into the database they would get a scramble of
letters rather than a plaintext password. Also important is the user levels in this system. Guest are 0,
ordinary users are 1 and admins are 2. Certain pages only allow certain user types to access the content
available on said pages. This prevents guests from, for example, booking a class as a member or an
ordinary member from being able to edit or delete class information.
Reliability
We noted that reliability would be an important aspect of this system especially with regards to the
foreign keys in the system. It was noticed that editing and deleting them led to errors with the queries.
This is where we learned to utilise the CASCADE function in MySQL. Using CASCADE DELETE
and UPDATE ensures that these foreign keys are removed or changed in the tables there are referenced
in.
Usability
For the system, we decided that usability should be prioritised over aesthetics. We tried to keep the
system as clean as possible, with minimal clutter on the screen. The user should naturally know at all
times where to go next and not be left scratching their head with regards to what step must be taken
next.
Reporting
We put a lot of time thinking about how reporting should work for this system. We decided that a
management report would fulfil a lot of requirements of the system. It would tell the management what
is the most and least popular classes, amount of expired accounts and average class size. Initial plans
for the reporting function could not be met so an alternative solution was created and that is what is
visible when using the finished system.
Description ofthe development approach taken.
On reflection of the approachtaken, we would determine that our development approachis mostly agile.
This would be due to meeting much of the criteria agile entails such as frequently delivered working
software. We would strive to get the various smaller pieces of the project working every few days.
Trying to work on too large of a chunk at once is a recipe for disaster so we believe that splitting it up
into smaller pieces and completing those is a far more practical procedure. Our prototyping
methodology was used to augment our agile approach and the SDLC. However, as depicted in the
SDLC, we will have a more comprehensive testing phase at the end. We will produce incremental
functioning software,with the majority of bug testing being left until the end of the development phase.
However, we don’t believe that we need to be completely agile. Our requirements are quite concrete
and we don’t expect them to change throughout the duration of this project. Therefore, having to
respond to changing requirements isn’t essential so neither is agile methodologies.
21. 20
Project Plan 2
There were some changes between the two iterations of the project plan. Firstly I will talk about the
differences in the Work Breakdown Structure. We added a new section to the client side development,
the Administrative Controls. This is where the FeelGood Fitness employees could manage the
customer, class, booking, and other employee data and also generate a management report. As we
began to develop the system we identified this as an integral aspect of this system. Therefore we felt
like the coding, development and integration of this with the php and databases should be added.
Other than that, the work breakdown structure remained the same.
Due to this change, we had to add a few modifications to the Gantt chart. Certain tasks ended up being
delayed as sections such as testing took longer than expected. This was due to the administrative
controls being such a large section that there were numerous bugs to be found within it. We had to
ensure that normal users or guest couldn’t access this admin data due to its sensitive and private
nature so we had to ensure the system’s security was up to scratch. However we knew that we
couldn’t let testing go on too long due to it being on our critical path. Also on the critical path was
complete the competition of the documentation, so therefore we started it as soon as we could; for
example we started the code design report before testing was complete, adding in the working code as
it was being done. There were also other slippages throughout the project. These can be put down to
our own technical constraints where we couldn’t, for example, figure out how to implement guest
bookings into the system, and it took us an extra day or two to complete this. Other slippages
throughout the project were down to poor estimations and also this project conflicting with work in
other college assignments, resulting in some of the final documentation taking longer than expected.
Finally, when we were told that we were given an extension, I believe we all took our foot off the
pedal slightly and slowed down our pace of work. However,I think this may have been beneficial for
the project as we didn’t have to push out a rushed system as we had more time to ensure it and our
reports were more complete and polished.
22. 21
MS322
Advanced Database Technologies Report
PHP VS ASP.NET
Below I will outline the compare pros and cons of these two languages
Cost
Firstly you must compare the cost of the two. PHP,MySQL,Apache server,and Linux OS are all free
and upgrades are also free. In addition, there is no additional licensing cost for having another standby
server as a backup, or needing to run multiple servers for server clustering. There are also numerous
free IDE’s to develop your code in. LAMP is also much more popular among hosting companies, and
this results in a lower monthly hosting cost for LAMP hosting compared to Windows hosting.
ASP.net and IIS are free if you purchase Windows OS. There is a substantial licensing cost for a
Microsoft Windows Server, Microsoft SQL Server and future upgrades. For example, a quick search
on Amazon.com shows Microsoft SQL Server 2008 Standard Edition for Small Business costing at
least $1299. These fees may not be suitable for a smaller businesses. The above licensing costs for
Microsoft can substantially increase if the site becomes popular and there is a need to run the site on
multiple servers or requires server features such as load balancing or server clustering. Also, if you
want to develop your code in a more professional environment you will have to spend money on
something like the full version of Visual Studio which could set you back another few hundred euros.
Development Support and Online Resources
Since LAMP is open source, there is a vast amount of dedicated developers around the world who
continuously make improvements and updates, and provide support for the platform. Additionally,
there is a large amount of support resources and developers available for PHP and LAMP Platforms.
On top of that, one can find a multitude of PHP forums out there where contributors will help and
advise you on any PHP queries you may have. This means that if you run into any problems with your
code or wish to change it, there are many resources available for you to do this.
ASP.net relies on an available number of developers at Microsoft for making improvements and
updates. Even though there are many forums out there which will give you a helping hand, there are
still a lot less support contributors available to solve ASP.net challenges.
Scalability
Both of these are quite scalable. Some of the largest websites in the world run PHP (Facebook) and
ASP.NET ( Myspace),so having to scale upwards shouldn’t be a problem for an organisation. As long
as you have skilled developers, there really shouldn’t be that much of the difference between the two.
.Platform Dependence
PHP is platform independent and can run on any platform — Linux, Unix, Mac OS X, Windows. This
is handy as users and support staff won’t have to install a thing on their computers to run it.ASP.net is
runs on IIS, which is a web server that runs on Windows.
Challenges ofPHP and why it was chosenoverASP.NET
As seen above, there are various reasons we choose PHP over ASP.NET. We believed that the cost
benefits, large online support and easy scalability would make it a perfect match for us as developers
23. 22
and FeelGood Fitness, our client. However, these technical explanations aren’t the only reason we
choose PHP. As our ASP.NET tutorials were delayed by a couple of week,it basically cemented our
decision to pick PHP. We wanted to finish this project with time to spare and we believed that waiting
around for these tutorials to begin would have been a waste of time.
However,PHP was not an easy language to make the website in, as we ran into various difficulties
along the way. We often ran into a blank page while testing our webpages. Spending an hour only to
realise you forgot to close a loop or missing a semicolon can be infuriating as our IDE(Dreamweaver)
often only gave vague clues as to what our problems where,thought it was better than no hints at all.
There were also a multitude of SQL query mistakes encountered throughout the project, showing us a
Query failed on the webpage. However,we quickly came to conclusion that echoing the problem
query and also testing in PhpMyAdmin greatly reduced the number of errors here.
Although not specific to PHP,forgetting to put in an == rather than an = in some of our IF statements
led to some confusing errors that resulted in a lot of valuable time being wasted. Even though we
decided to develop our project in PHP,we still attended some of the ASP.NET tutorials, just to see
what we were missing out on. We came to realise it had some powerful tools with regards to tables,
templates and various wizards to help make your websites and tables in the push of a button, rather
than fifty lines of code. However,I think we all enjoyed the challenge of working in PHP. Knowing
that you yourself created every element on a page is very rewarding and really helps you understand
what your code actually does.
System Logic and Architecture
The system that we created has a three-tiered architecture. The three tiers present are the presentation
tier, the logic tier and the data tier.
Presentation tier
The upper most level of the application is the user interface, in our case the web browser. This
presentation tier translates the results and data into something the end user can understand. For our
system we tried to make the user interface as simple as possible. We stayed away from fancy graphics
and animations instead ensuring that the core functionality was working properly.
Logic Tier
This layer manages the commands from the presentation layer, makes calculation and logical
decisions. It moves, manages and process data from the surrounding two layers around it. For our
system this is managed by the PHP code. This tier takes the user input and stores it to either be
POSTED on to the next page or creates a query based on the user’s input and passes it onto the data
tier.
Data Tier
This tier is where the information is stored and retrieved from a database or file/storage system, our
SQL database. It processes the query and churns out a result. This result is set back to the logic layer
where the data is process and is then presented in a way that makes sense to the user.
An example of these three tiers working together can be shown through the search class functionality.
For example, the user search for classes where the Class Name CONTAINS ‘Zum’. When the user
presses the search button the PHP turns this search into an SQL query – SELECT className,date,
time FROM class WHERE className LIKE ‘%Zum%’. In the data layer, the sql database takes this
query and retrieves all the data that matches this query. This data is then processed by the logic tier
where the PHP takes the data,stores it into variables and puts it into a table that the presentation layer
can display to the user.
24. 23
CRUD MATRIX
Activity/Entitity User Class Booking Instructor Guest ClassType Location
Register C
Create User C
Browse Users R
Display User R
Update User Details U U
Renew Membership U
Delete Users D
Create Class C
Browse Classes R
Search Classes R
Display Class R
Update Class U U
Delete Classes D D
Make Booking C
Create Booking C
Show all
Bookings(admin)
R R
Show my bookings(user) R
Display Booking R
Delete my booking(user) D
Delete bookings(admin) D
Create Instructor C
Browse instructors R
Update Instructors U
Delete Instructors D
Make Guest Booking C
Display Guest R
Delete Guest D
Due to time constraints we didn’t get to create the webpages for creating, reading, updating and
deleting the locations and class types. However these would follow the same format as previous
CRUD’s with, for example a location_index.php page where an admin could create,browse,delete
and update the locations . Also, the functionality to modify this data is still available in
PHPMyAdmin.
25. 24
Mock Ups
Original Sketches
This section will show you the mock ups we created when we were originally designing the product.
Some of these ended up being slightly different but gave us a good foundation to work towards.
Comment are added to pages where changes were made in the final version.
Register page.
In this end we added some more information such as the user’s current weight so that they could track
their progress. We also added a second password field to make sure the user knew their password well
that it would pass the matching logic. We also added a reset form button which would change all the
value back to blank.
26. 25
Login
GuestBooking
In the final page we added a section that explains that the €5 fee would paid on this page but that our
system doesn’t hand these transactions.
Display Class Record
27. 26
As you can see we had our idea for restricted access from the beginning. We wanted buttons that only
an admin would be able to see and use, along with the booking button that only an ordinary member
could use. This class record page also serves as the basis for all other display pages such as display
booking and user,which all look similar, just with different information being displayed.
Search Classes
This search classes page also serves as the foundation for the other search pages like search user,and
bookings. It allows the user to enter what they want under which category they wish to search from.
28. 27
Update User
Delete User
This also the same for the different entities, though the tables may have more columns based on what
information is in the SQL query.
35. 34
CREATE TABLE SQL CODE
CREATE TABLE IF NOT EXISTS `booking` (
`booking_id` int(11) NOT NULL AUTO_INCREMENT,`userid` varchar(12) DEFAULT NULL,
`class_id` varchar(8) DEFAULT NULL,`guestid` varchar(20) DEFAULT NULL,
PRIMARY KEY (`booking_id`), KEY `booking_ibfk_1` (`userid`),
KEY `booking_ibfk_2` (`class_id`), KEY `guestid` (`guestid`)
) ENGINE=InnoDB;
CREATE TABLE IF NOT EXISTS `class` (
`class_id` varchar(8) NOT NULL, `classname` varchar(12) NOT NULL,
`time` varchar(5) NOT NULL, `date` date NOT NULL,
`capacity` int(11) NOT NULL, `spaces` int(11) DEFAULT NULL,
`location` int(11) NOT NULL, `instructor` int(11) NOT NULL,
PRIMARY KEY (`class_id`), KEY `class_ibfk_1` (`location`),
KEY `class_ibfk_2` (`instructor`), KEY `class_ibfk_3` (`classname`)
) ENGINE=InnoDB;
CREATE TABLE IF NOT EXISTS `classtype` (
`classType` varchar(10) NOT NULL, `Duration` int(11) NOT NULL,
`Description` text NOT NULL, PRIMARY KEY (`classType`)
) ENGINE=InnoDB;
CREATE TABLE IF NOT EXISTS `guest` (
`guestid` varchar(20) NOT NULL, `forename` varchar(20) NOT NULL,
`surname` varchar(20) NOT NULL, `phoneno` int(12) NOT NULL,
`email` varchar(40) NOT NULL, PRIMARY KEY (`guestid`)
) ENGINE=InnoDB ;
CREATE TABLE IF NOT EXISTS `instructor` (
`instructor_id` int(8) NOT NULL AUTO_INCREMENT, `instr_name` varchar(15) NOT NULL,
PRIMARY KEY (`instructor_id`)
) ENGINE=InnoDB;
CREATE TABLE IF NOT EXISTS `locations` (
`location_id` int(11) NOT NULL AUTO_INCREMENT, ‘location_name` varchar(15) NOT NULL,
`capacity` int(11) NOT NULL, PRIMARY KEY (`location_id`)
) ENGINE=InnoDB;
36. 35
CREATE TABLE IF NOT EXISTS `user` (
`userID` varchar(12) NOT NULL, `password` varchar(32) NOT NULL,
`email` varchar(50) DEFAULT NULL, `forename` varchar(30) DEFAULT NULL,
`surname` varchar(30) DEFAULT NULL, `phone` varchar(30) DEFAULT NULL,
`county` varchar(10) DEFAULT NULL, `user_type` varchar(2) DEFAULT NULL,
`dob` date DEFAULT NULL, `subtype` varchar(10) DEFAULT NULL,
`startdate` datetime DEFAULT CURRENT_TIMESTAMP, `med_yn` varchar(1) NOT NULL,
`expirydate` datetime NOT NULL, `med_history` text,
PRIMARY KEY (`userID`)
) ENGINE=InnoDB;
ALTER TABLE `booking`
ADD CONSTRAINT `booking_ibfk_1` FOREIGN KEY (`userid`) REFERENCES `user` (`userID`)
ON DELETE CASCADE ON UPDATE CASCADE,
ADD CONSTRAINT `booking_ibfk_2` FOREIGN KEY (`class_id`) REFERENCES `class`
(`class_id`) ON DELETE CASCADE ON UPDATE CASCADE,
ADD CONSTRAINT `booking_ibfk_3` FOREIGN KEY (`guestid`) REFERENCES `guest`
(`guestid`) ON DELETE CASCADE ON UPDATE CASCADE;
ALTER TABLE `class`
ADD CONSTRAINT `class_ibfk_1` FOREIGN KEY (`location`) REFERENCES `locations`
(`location_id`) ON DELETE CASCADE ON UPDATE CASCADE,
ADD CONSTRAINT `class_ibfk_2` FOREIGN KEY (`instructor`) REFERENCES `instructor`
(`instructor_id`) ON DELETE CASCADE ON UPDATE CASCADE,
ADD CONSTRAINT `class_ibfk_3` FOREIGN KEY (`classname`) REFERENCES `classtype`
(`classType`) ON DELETE CASCADE ON UPDATE CASCADE;
ALTER TABLE `instructor`
ADD CONSTRAINT `instructor_ibfk_1` FOREIGN KEY (`location`) REFERENCES `locations`
(`location_id`) ON DELETE CASCADE ON UPDATE CASCADE,
37. 36
MS320
E-Business Technologies
Software List
Adobe Dreamweaver – Integrated Development Environment used to code the HTML and PHP to
develop the website.
WAMP – Used to turn laptop into a local server in order to test webpages as they were being created.
PhpMyAdmin – Allowed user, class, booking etc. data to be created,stored, modified and retrieved.
Google Chrome – Browser used to test the webpages.
Dropbox – Cloud based file sharing site we used to share our work so we could more easily edit,
collaborate and work apart.
Visual Paradigm – Used to create the ERD,FDD and other diagrams included within the requirements
statement
Microsoft Project – Used to create the Gantt chart that helped us track each other’s tasks and their
durations.
Microsoft Visio – Imported the above MS Project data in order to create the Work Breakdown
Structure.
Balsamiq Mockups 3 – Used to create the sketches we used at the beginning to lay out our original
designs for the website. Also used to create the mock ups that match our use cases.
Code Design Report
To preface,a majority of this code is a modified version of Michael Lang’s code provided for his
MS322 module. In particular, his login_script, books database and employee database php code. This
code was modified and reused by our team throughout the project.
I will divide this into 3 sections, based on what each type of user can access; the admins, the ordinary
member and guests. These restrictions are based on their user type; 0 for Guest, 1 for Ordinary User
and 2 for Admins. These access levels are set when an admin creates a user (setting their type at either
1 or 2), when a guest registers as an ordinary member (1) or when a non-member is browsing (0). If a
user tries to view a page that they don’t have access too they will be given an error message and be
prompted to sign in. This enhances the security of the website. This line of code compares the user’s
type to the access leveland either allows or denies them access to the page
$privileges_OK = check_privileges(ADMIN_USER);
$privileges_OK = check_privileges(ORDINARY_USER);
$privileges_OK = check_privileges(ANYBODY);
Guest:
The guest would have the least amount of access to the system. For their home page they have the
options to search for classes,sign in and register for an account. This home page works on a switch
based on the user’s type. The guest’s home page is under the “case ANYBODY:” code. Adding on to
this they can book a class like a member but would have to pay a €5 fee, though this payment
38. 37
functionality is not covered by our system. Their details are stored in a guest table, and their booking
is stored in the booking table, with the regular users. This is done using the INSERT sql function.
Register allows a guest to create an account. This involves entering a userid, password that’s at least 8
characters long, if they consent to medical intervention if they fall ill and contact details. They are
then sent to a confirmation page which displays the information they just entered so they can see if it
is correct. If so, the data is passed through the register.php page. This does a variety of checks to
ensure the sign up was done correctly. It makes sure the two passwords entered match, that it is at
least 8 characters long and then encrypts it using md5. This is used so that if a potential hacker gets
into the database they wouldn’t find a plain text password. This page also checks that the userID
entered is unique and that all required data was entered correctly. If so, the data is INSERTed into the
user table.
Ordinary Users:
Normal members have a larger range of options available to them.
Change Details:
Firstly they can change their own details. This takes their userID (stored in a cookie) and uses it in an
SQL query that finds their details. This then populates a user_form, similar to the one an admin would
use when creating a user. However using user_type checks,an ordinary member cannot change their
user_type,subscription_length or subscription type. The UPDATE function is then used to change the
details in the user table. If a user changes their username or password they then must sign out again
and re-login with their new details.
Search Classes:
They can also search the classes available to them. They can search based on the classes name,it’s
location or the instructor. The contains and exact modifiers changes how specific they want their
search to be. On clicking the search it gives a list of classes that fulfil the user’s search criteria. Only
classes that are in the future are shown.
Browse Classes:
This is similar to the search function but contains no specifics search criteria. It just displays a table
showing a list of all classes in the future, along with other details about them. When a user clicks on a
class’ ID it bring them to the display_classrec page. This page gives them more information on the
class and shows the book class button.
Booking Classes:
When the user presses the book class button the PHP retirves the class’ ID and uses the user’s cookie
to get their ID. They then check if the user has booked this class before by checking these IDs against
existing bookings. The dateDiff() function is also used here. It checks the time between two dates, in
this case the day of booking and the day of the class. As classes can only be booked 48 hours in
advance,if the dateDiff is more than 2 then the class cannot be booked. It also check how many
spaces are available in the class. If this is 0 then the class cannot be booked. Also, if a user somehow
tries to book a class that has already taken place there is code to stop that as well. If the user doesn’t
hit any of these errors then they can successfully book their class.
See My Bookings
This option allows a user to see what classes they have already booked. It takes the user’s ID and goes
through the booking table looking for all entries that contain the user’s ID and then displays the
39. 38
bookings and their information in a table. On clicking the booking ID the user has the option of
deleting their booking.
Renew Membership:
This option allows a user to extend their expiry date by a month or year. There is a cost to this based
on length and subscription type but this is all left to the third party finance handler. When the user hits
renew the DATEADD SQL function is called, added either a month or a year to their previous expiry
date.
Admin:
An admin has a diverse range of option available to him. This user can modify all users,bookings,
classes and instructors. These functions are carried out through create,browse,search,delete and
update pages. These pages are very similar for all entities and will go through them below:
Create:
This generates a form that would allow the admin to fill out the details of the entity. It goes through
validation similar to the register.php page ensuring that the password is the correct length, ID is
unique and all required data has been filled in.
Update:
User would see a dropdown list containing the details of the entity they wish to edit. On submitting
this, they are brought to a different version of the3 above create page. This page is different as the
edit_mode is Update rather than create. This means that the fields are already populated with the data
of the selected entity. However,booking doesn’t have an update booking function. This is because
that if a booking is changed an entirely different booking is made. A booking can only be really
updated if the corresponding class, user or guest is updated.
Browse:
This calls an SQL query that finds all instances of the selected entity. The attributes from this entry
are then put into a table so the user can easily see the ID of the entity and it’s corresponding details.
On clicking the ID it brings the user to the display page for that entity. In, for example, the
display_classrec page, there other different buttons available for the admin compared to an ordinary
user. A user can book a class, however they don’t have the update class button available to them. Like
the home page, the displayed buttons are based on the usertype of the user.
Search:
The user can select which attribute of an entity it will search. They can also select a Contains search
or an Exact search. On confirming the search,the resulting page will be similar to browse above, but
only containing instances with matching attributes to the search criteria.
Delete:
Selecting this function will bring about a list of instances of the selected entity. Beside each instance
is a check box, with multiple instances able to be selected. When the delete button is hit it loops
through all selected entries and deletes them. It generates an SQL DELETE query based on the
entity’s ID’s. In the case of deleting booking, it also find the associated class that the booking is from
and increases spaces by how many bookings are being deleted.
Management Report:
40. 39
Also unique to the admin interface is the management report. Clicking this will allow multiple SQL
queries to run. These queries find out the total number of gym users,how many gym users there are,
the most popular classes,the most popular class locations and the most popular instructors. We
believe this would be a handy tool for management. They would be able to see which classes are
doing poorly and therefore increase the marketing for it or perhaps cancelthe class completely.
Expired Accounts:
Finally, the admin interface is has the option to show all expired accounts. This checks a user’s
expiryDate attribute against today’s date. If its before today then management know that this user’s
account is expired. This allows management to make the decision to send them an email to try and
convince them to renew or just delete the user from their system.
Technology Design Report
Our decision to use PHP to code this system wasn’t purely from a technical standpoint, we believe
that it makes sense in business terms also. As also mentioned in our Database Technologies Report,
PHP,MySQL, Apache server,and Linux OS (LAMP) are all free and upgrades are free with no
additional licensing cost for having another standby backup, or having to run multiple servers for load
balancing. There are also multiple free IDE’s to develop your code in. LAMP is also much more
popular among hosting companies, and because of this there is a lower monthly hosting cost for
LAMP hosting compared to Windows hosting. However this wouldn’t be the case if we used
ASP.NET. It and IIS are free to use if you have Windows, but if not, this will incur a business cost.
On top of that, there is a large licensing cost associated with Microsoft SQL Server and Microsoft
Windows server,which could end up costing the business over €1000. Also, if the company wanted to
scale more and increase the size of the system, a full version of Visual Studio may be needed which
would cost the firm even more money. Therefore,it makes financial sense for the system to be
developed in PHP.
LAMP’s open-source model also has its advantages in terms of being locked in. With closed
proprietary code, there may be very little support from proprietors when the product life cycle is over
and any scaling is not available within the original project scope. In LAMP,users can control the
source code, modifying it and maintaining in the case that support stops. There is also a lot of free
support from friendly open source developers online, which saves the company from having to pay a
premium for support for out of date software. This online support could prove to be invaluable to a
firm. As php is one of the most popular scripting languages in the world, it has a large number of
forums dedicated in answering people’s queries and requests. This is another cost saving benefit for
the firm. They won’t necessarily have to pay someone to come fix their code if a problem occurs,they
could hopefully just find the answer.
One of the functionalities that we tried to implement was an email system. This would have tied into a
lost id and lost password system. The user would have entered their email address and their id or
password would have been sent to them through the php mail() function. This didn’t come to fruition
in the end though. We tried to use gmail as our outgoing email server by changing the php.ini file but
that didn’t work. We downloaded other various programs like Stunnel to enable this mail function to
work but none of them worked. This also stopped us from being able to confirm bookings too. We
wanted the admins to be able to send mail to users so they could confirm their place in a class though
due to the mail function not working this could not be done.
41. 40
MS216
Networks and Communications Report
Overview
The current state of technology in Feel Good is one of obsolescence where both the routers and
overall set up of the frame work of the business could be completely transformed and Feel good could
experience multiple benefits of this change. The computers although not fully disclosed in the briefing
using the assumption that if the routers haven’t been updated then neither have been the computers.
To the shareholders in Feel Good new I.T such as new computers can be a massive investment but
recent studies have shown that keeping computers past their prime can actually be inflicting the same
financial impact as much as just updating to new computers over the long term. The current status of
computing capabilities in the business is that they are restricted in there mobility as the computers are
dependent on the Ethernet cables.
The owner is also worried with security ricks which leads us to believe that at present its storage and
transfer is data is a concern to the Owner. The internet access at present is one which is posing serious
issues for the employees and they are becoming frustrated with the dated technology they have to
work with. The employees are tethered to using strictly Ethernet cables as the routers don’t have the
capability of WIFI which is a common piece of technology in any home or business in today’s world.
The other issue is that employees are becoming irritated at the with the speed of the internet which as
it stands is 15mb/s which is pretty average but if the business wishes to expand the business and also
address this pressing matter with employees it would be advised to look into upgrading its internet
speed.
42. 41
Upgrading the Current System
The first part of the redesign is upgrading Feel Goods personal computers both in the Head office and
those used by the local operational staff. This will be a major investment by the business side as the
purchase of these desk tops will not be cheap but it is necessary that the business firstly upgrade their
PC’s before they think of any further step in improving I.T. Although we will look at alternative
technologies that are making a huge impact on businesses lately, one in particular is thin clients. Thin
clients also known as lean clients are a low cost alternative in which a client computer depends solely
on a server computer for its computational needs. This type of technology can allow the business to
reduce the overall cost of purchasing new computers and also minimising space used by its
predecessor the fat client as the thin client is tiny in comparison.
Another major benefit of thin clients is the major security aspect that is being emphasized by clients
such as Hewlett Packard,that the thin client once detached no data can be found and there are built in
firewalls. This would be a great option for Feel Good as all management can be centralized in their
head office which reduces their susceptibility of malware or virus. The benefit for a growing business
such as FeelGood whose PC numbers will only grow is that with thin client allows the business to
avoid the hassle of having to update each PC individually but instead just updating the server client.
Thin clients also boast huge savings in electricity compared to normal PC’s.
This illustrates the carbon footprint of Pc’s versus Thin clients and this study was conducted by
University of Pennsylvania on their campus PC’s. This is a point Feel Good should also take into
consideration when choosing their upgrade as power consumption cost can greatly differ.
Mobile and Tablet devices could also be introduced as a supplementary product along with the
upgrade of PC’s. Tablets can be a very useful tool for Feel Good as this business would be very
dependent on social media and face to face interactions to conduct the majority of its business. This
powerful handheld device allows the employee to be mobile and interact with customers without the
43. 42
barrier of a desk denying the employee to sign people up away from the desktop. The choice of a
mobile/tablet device is an essential for this business. The benefits of a tablet is that it contains a
staggering amount of the capabilities of a PC and would allow employees to explain things to its
members in regard to exercise form in the gym through the visual aid of the tablet while being able to
take notes on members in realtime. If financially feasible then we would suggest the business invests
in the purchase of a few tablets on a trial period to investigate whether the benefits are evident in this
business model.
Upgrading internet service providers and router options was one of the upgrades that were a necessity
for Feel Good and its employees so we will explore the options available to the business. The
employees want more than 15mb/s so we will have to acquire a new vendor who has the capacity to
provide well above that number. The internet provider should be reputable and have a good customer
service along with business tailored plans to suit the needs of this business. Businesses such as Virgin
Media are bringing the future of internet providers in the form of fibre optic broadband. The
advantages of fibre optic is the speed of transmission and low power loss as fibre optic allow for
longer transmission distances. The downfalls of fibre optics is that it can be quite costly to install
although it last longer than regular copper cables.
The main let down in fibre optics is the availability of it in Ireland at the moment fibre optics
coverage especially in the west coast isn’t up to grade if the business is looking to install this in all
their regional gyms. We suggest using standard broadband along with a router which can output a
sufficient distance to allow WIFI in every part of the gym. Router options will vary from selected
purchase or combined modem and router that may be supplied by your internet service provider. The
router should contain a firewall along with unified threat management which was a security concern
that the business was worrying about. The router will also have to have wireless distribution not only
for employees but this privilege should be extended to the members. Repeaters should be placed in
certain locations around the building in order to maintain a strong signal. To ensure that sensitive data
that passes from regional offices to head office is not disrupted by hackers etc. the business should
employ a strong virtual private network which will provide the same experience to the user but will
have stronger security. Another essential part is adding a content filter in order to stop unnecessary
traffic on the network such as streaming which will slow down the network down. Another way to
increase security and decrease traffic on the network is the application of login user identification and
password, this will allow only authorised personnel use of the network.
44. 43
Security
Security plays a major role in any company especially an online company which deals with
transactions and personal details on an everyday basis. Keeping that information secure form threats
and also viruses can be somewhat of a daunting task. There are certain precautions that one should
take when deciding to set up a security system or Expanding on their current system. When
considering expanding, the business must take into account specific security measures to ensure the
safety of not only the current information being stored but also the information that is yet to come
from new customers. Privacy, Authentication, Integrity, Nonrepudiation and availability are the main
security requirements when it comes to the expansion of a company whose systems also need security
expansion. With the use of UTM or Utility threat management, data can be more secure and kept
confidential when dealing with large amounts of information being processed. Implementing UTM
into your company may come at a price however in terms of the size of the company your dealing
with.
Expanding online businesses with caution
Digital signature
When expanding a business and trying to keep all members data safe and secure while also trying to
entice new members to join and to enrol in new classes,to there are certain procedures to be called
upon to uphold that safety. Such things as digital signatures are of upmost importance when it comes
to safe and secure information and data. The concept of a digital signature is similar to that of signing
transaction documents when you do business with a bank. To withdraw large amounts of money from
your bank, you go to the bank and fill out a withdrawal form. The bank requires that you sign the
form and keeps the signed form on record. The signature is required in case there is any question later
about authorisation for the withdrawal. If, for example, you say later that you never withdrew money
in that amount, the bank can show you your signature (or show it to a judge in court), proving that you
did. The authentication, integrity, and nonrepudiation can be achieved using digital signature.
Integrity
The integrity of a message is preserved because,if an intruder intercepts the message and partially or
totally changes it, the decrypted message would be (with a high probability) unreadable. This is very
important when increasing or expanding on the size of the website or the database,as larger data is to
be processed.
45. 44
Authentication
We can use the following reasoning to show how a message can be authenticated. If an intruder (user
A) sends a message pretending that it is coming from someone else (user B), she must use her own
private key (private A) for encryption. The message is then decrypted with the public key of user B
and will therefore be non-readable. Encryption with B's private key and decryption with B's public
key results in garbage. It's is Important the current embers as well as new members data is kept secure
as to not be hacked by unknown intruders.
Nonrepudiation
This is where the sender doesn't actually own up to sending the message,her private key
corresponding to her public key can be tested on the original plaintext. If the result of decryption does
matches the original message then we know the sender sent the message. This is a key input to the
system as it can catch out spammers, which is vital to a company such a feel good fitness.
Secret-key encryption
A secret key encryption is a cryptographic algorithm that uses the same key to encrypt and to also
decrypt data. The US department of Defence’s Data Encryption Standard or simply stated as DES is
one of the main examples of the algorithm.
Secret - key would especially be very important when expanding a business, such a booking system. It
has been used for secret communication by countless individuals and groups, from Julius Caesar to
the German U-boat force to present-day diplomatic, military, and commercial users. It remains by far
the more widely used of the two types of cryptography. A key is a number (value) that the cipher, as
an algorithm, operates on. In secret-key encryption/decryption (conventional encryption/decryption),
the same key is used by both parties. The sender uses this key and an encryption algorithm (program)
to encrypt data; the receiver uses the same key and the corresponding decryption algorithm to decrypt
the data.
The encryption and decryption algorithms are publicly available (not secret); anyone can access them.
The keys are secret; they need to be protected.
In secret-key cryptography, the algorithm used for decryption is the inverse of the algorithm used for
encryption. This means that if the encryption algorithm uses a combination of addition and
multiplication, the decryption algorithm uses a combination of division and subtraction.
46. 45
A secret-key encryption scheme has five ingredients:
Plaintext: This is the original message or data that is fed into the algorithm as input. It is text
that is not computationally tagged specially formatted or written in code.
Encryption algorithm: The encryption algorithm performs various substitutions and
transformations on the plaintext.
Secret key: The secret key is also input to the encryption algorithm. The exact substitutions
and transformations performed by the algorithm depend on the key.
Cipher text: This is the scrambled message produced as output. It depends on the plaintext
and the secret key. For a given message,two different keys will produce two different cipher
text.
Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the
cipher text and the secret key and produces the original plaintext.
Keeping data Confidential and secure
Valuable data and information
The more valuable the information in your database,the more likely it is to be targeted. So, data such
as credit card numbers and addresses of clients are very important and should be one of the main
priorities of any size company to keep safe and confidential. If your records include sensitive or
financial information, such as credit card information mentioned earlier, that could facilitate fraud,
then your database will be more appealing and more vulnerable to hackers who can then in turn be
able to use or sell this information for financial gain. As a way of protecting consumers against this
kind of risk, ecommerce and other websites that collect customer credit and payments must be PCI
(Payment Card Industry) compliant. Even basic personal information can also be valuable. It may be
used to impersonate someone, to spread malware or simply as a means to disrupt your services for
personal motivations.
Industrial and political espionage
Information that’s located in your databases or on your company servers may not be useful to hackers,
but may be very useful to competing or related companies, industries or even governments. Stolen
data or usernames and passwords could provide someone with unauthorized access to your customer
accounts and data, or to your organization’s intelligence, confidential files or emails. This in return
47. 46
makes you very substantially vulnerable to threats such as wrongful doing of actions which may be
made against you.
As Bloomberg reported:
“China has made industrial espionage an integral part of its economic policy, stealing company
secrets to help it leapfrog over U.S. and other foreign competitors to further its goal of becoming the
world’s largest economy, U.S. intelligence officials have concluded in a report released last month.”
If your differentiator or your competitive advantage spread out from proprietary intelligence or code,
or even from a first mover advantage or campaign that you want to keep under wraps,you could be
the target of espionage or theft.
Types ofsecurity threats
There are quite a lot of security threats when it comes to securing data online or in a database.
Security threats evolve as fast as the technology they seek to compromise. The CVE (Common
Vulnerabilities & Exposures) database alone includes over 59,000 known information security threats,
and a search in the database for apache brings up a list of over 500 known vulnerabilities. While the
techniques used to access data and alter code vary greatly, a security breach usually has one of the
following four goals:
Database access and the theft or corruption of personal or sensitive data
Altering website code in order to change what users see
Intercepting personal and sensitive data
Denial of Service (DoS) attacks that render services unavailable
Being an easy target to identify
Automated vulnerability scanning, combined with the increasingly fragmented social interaction
between businesses and their customers,mean SMBs (Server Message Block) who put fewer
resources towards combating threats represent an increasingly higher volume of increasingly easier
targets. According to Symantec.com, target attacks against small businesses accounted for 31% of all
security attacks in 2012, up from 18% the previous year.
48. 47
Web Application Vulnerability Scanners scan websites for insecure server configuration and other
known security vulnerabilities that facilitate attacks like XSS (cross-site scripting), SQL injection,
command execution, directory traversaland insecure server configuration. If your site has
vulnerabilities, it is increasingly likely they will be identified and exploited by hackers. This means
that all data which is processed will be accounted for and alerted if being attacked by viruses or data
malware.
As Social Media interaction and communication increases,consumers have now, more than ever used
to receiving remarketing and CRM (Customer Relationship Management) communications from
companies via a range of social media, often offering coupons, discounts and other incentives. This
makes the phishing scams – the impersonation of an organization to obtain personal and financial
information, or to spread malware – more popular than ever with would-be attackers.
Springboard attacks
Smaller business are not also immune to espionage. Those with weak security defences are
increasingly targeted as the ‘springboard’ to more valuable attacks against the larger organizations to
which they are suppliers. This makes them also as or not if more vulnerable to a threat of security in
the defensive strategy
For example, attackers could steal personal information and files relating to one of your larger
customers to create a well-crafted email aimed at someone in that organization (known as “social
engineering”). Your website or application could also be used to facilitate the installation of malware
on the computers of a target organization who is known to use it, achieved by injecting code into your
website to redirect the user to a separate site,that then infects the target’s computer (known as a
“watering hole” attack).
Non-financial motivation
Some hackers don’t hack for the sake of financial motives or other luxuries. For hackers who treat
attacking websites as a sport, websites with the best security, such as those of Internet security experts
themselves, can make a challenging and quite rewarding in terms of the satisfaction gained by the
hacker target. Similarly websites with natural political or social enemies can be popular targets.
Recently the newly launched ‘Obamacare’ website was no stranger to security attacks from its
detractors. Banks are common targets of anti-capitalist and other organizations. And this article on
darkreading.com considers the potential for large-scale security attacks during busy ecommerce
periods, as more and more commerce moves online.
49. 48
Eliminating Threat using Utility Threat Management
What is UTM?
UTM (Unified Threat Management) is in theory the evolution of the so called “traditional Firewall”
and turned it into an all exclusive security product that is able to perform multiple security functions
within around one single system: network firewalling, gateway antivirus and gateway anti-spam
which are a few to name. Companies use UTM to its full advantage as it’s the most reliable source in
terms of keeping data safe from any sort of threat.
Benefits ofUsing UTM:
Reduce security incidents
Using a single integrated product instead of severaldisparate products tends to improve the
effectiveness and efficiency of attack detection and prevention capabilities. In turn, this reduces the
number of data breaches and other incidents that occur in an organization. When separate products are
used, the analysis required to detect attacks must be repeated; with an integrated UTM product, in
contrast, analysis is done once. For instance, if you want to check Web requests and responses for
malicious activity, you must parse the applicable Web protocols, then study the content packaged
within these protocols. With a single product, however, this parsing occurs only once, and the content
studying is also performed more efficiently, compared to severalproducts each independently doing
its own check.
If a product is truly integrated, if its detection and prevention capabilities all work together, sharing
information and results then the single product is capable of detecting and stopping attacks that
individual component products could not detect because they lack that level of cooperation. This is
particularly true for previously unknown attacks (those that cannot be detected through signature-
based methods). If such an attack is attempted, it might be noticed as suspicious independently by
multiple detection capabilities. Noticed independently, none of these levels of suspicion would be
great enough to declare definitively that an attack is occurring, but when multiple components are
suspicious of an activity and correlate those suspicions, the overall decision can be to treat the activity
as an attack.
To Minimize Latency
Another benefit of using a UTM system is that when we speak historically is that one of the most
common complaints about network security technologies is that they are able to introduce excessive
50. 49
latency into network communications. This is most frustrating to users who experience mild medium
or severe interruptions. The reason that this interruptions is happening is that then amount of
analysing and examining that goes into causing the latency. Because UTM appliances will
significantly reduce the overhead involved in network examination and analysis, they also tend to
reduce the effect of latency, which in turn supports better performance for network users and systems.
Key Features:
A corporate firewall to stop unwanted traffic from filtering into the company network
An internet gateway security
A network intrusion prevention system
Secure Remote access,which enable employees to connect to the company while outside the
office
Best UTM Appliances for Midrange companies
*Virtual Private Network
Series Firewall
throughout
VPN* throughout Price range from
low to high
MaximumUsers
Barracuda X Series 2.1 – 6 Gbps 300 -800 Mbps $1,430 - $12,620 300 -1000
Cisco Meraki 250 – 750Gbps 70 – 200 Mbps $895 - $47,995 Up to 1500
Dell Sonic WALL
NSA Series
3.4 – 9 Gbps 1.5 – 4.5 Mbps $1,700 - $29,995 1000 - 4000
Recommendations
51. 50
From gathering data and information from a specified group of utm appliances these three were the
most powerful but also modest in price. The barracuda and dell sonic wall cater mainly form medium
size businesses such as feelgood fitness, although dells high end nsa 6600 is advertised for “emerging
large businesses” and is included in the “high – end” category. From the details above the Dell
SonicWALL seems to be the best one to choose in terms of firewall data and VPN data transfers,as it
caters for medium to high end businesses. The price seems reasonable as its just 270$ dearer than its
next rival the Barracuda,but has more data processing abilities. It also caters for more users.
Hosting Options
There are many different options when it comes to hosting and we will explore all options to find the
most suitable for this business. The current Host is charging upwards of 8.00 euros for the domain and
9.98 euros per month for web hosting, we feelthere are superior vendors that will perform better and
at a cheaper price. Hosting. To begin just to explain what hosting is, it is the way in which a business
makes its website available through the World Wide Web. Over the past few years alternative ways of
hosting have come about such as in-house, outsourcing and cloud. In-house is the ideology of having
all hosting technology on site, this has begun to lose popularity especially with small-medium sized
business similar to Feel Good as it takes major investment in the purchasing of all the equipment.
Outsourcing is becoming the alternative to in-house hosting. Outsourcing is the delegation of the
hosting duties out to a third party company. This is very beneficial to the business as it takes no large
investments and the membership is paid in monthly instalments. This type of hosting model could be
very useful for Feel Good as a gym would like to make use of all space available and in-house hosting
would take up a lot of room. The third party hosting company can also provide a support service
which will help the employees make the transition to the new system. Outsourcing also has its
drawbacks contrary to in-house hosting you forfeit a lot of your control by handing over the hosting to
a third party. Cloud hosting is a hosting service provided to the customer through the use of multiple
servers to form a cloud. This is an exciting concept and a lot of reputable companies have joined the
market, for example Amazon, Google and Microsoft. This has made the market very competitive
allowing the customer to get this resource for a reasonable cost. This will aid in economies of scale as
the cost per annum of web hosting will be dramatically reduced. The big advantage of this to the
business will be the accessibility along with the user friendly set up which will reduce the amount of
training needed by the employee. Cloud computing also has the advantage that it is very reliable and
even if one server falls it will maintain hosting as it’s connected to multiple servers. They’re some
major issues around risk to security that a cloud hosting service can bring to the business. After the
leaking of sensitive celebrity pictures there has been questions asked how susceptible to attacks a
cloud hosting service is. This is something FeelGood should consider as it has multiple pieces of
52. 51
sensitive information about all its members and the loss of it to a hacker could result in the loss of all
its present and future members. A notable disadvantage of cloud computing is the issue that the
customer is locked into the vendor. The vendor possesses all your information can make it difficult to
migrate away from the current vendor.
The concept of dedicated servers is one that might suit Feel Goods business. The business would
lease a server to manage the data and if the business needed more data storage it would lease another
server. This would be a very secure way of keeping the sensitive data private. Although this option
could suffer from some downtime which could affect revenue for the period in which it is down due
to the fact that the employees would be unable to access the server to register new members or get
existing details. The period of downtime would depend on the reasoning behind the downtime and
customer service of the company Feel Good would be leasing off.
Comparison ofAlternatives
We will now examine each aspect that we have discussed and evaluate the most financially beneficial
option for Feel Good Fitness Group:
PC Options
Option Price Model
Desk Top €2,000 HP 2220 Workstation
Thin Client ^ €791 HP thin client
Tablet €844 Microsoft surface Pro 4
We picked these three models as they are among the leading brands in each of the selected options.
The HP 2220 workstation has been hailed as a speedy well equipped model that is very useful for
intensive day to day work which is exactly the type of work it would be put through at Feel Good
Fitness Group. HP thin client is the leading vendor in thin client software and praised for its effortless
installation and usage,which is ideal for the employees to adopt to the new system. The tablet chosen
is the Microsoft surface Pro 4,it’s a brand new tablet which has the capability of replacing PC
altogether but we believe it’s more suitable as an accessory product to the business.
Recommendation:
53. 52
We recommend that the business choose the thin client as its small nature allows conservation of
space and its low power usage will allow the business to make a major difference in its power
consumption. The thin client also has the security features of flash memory and its ability to be
centrally managed is a benefit for higher level staff. We also recommend that the business invests in
the Microsoft surface Pro 4 on a trial/lease basis to evaluate if the need to be mobile as the employees
requested is a major part of the process of operating a gym.
Internet Service Providers
Model Price
Eir €60
Sky €50 + additional charges
Virgin Media €75
We identified these as prospective deals for the business to choose from. Eir is offering internet of
100mb and unlimited landline which is a very good deal and quite financially affordable although the
internet output is too low and could frustrate the employees. Sky is offering 100mb download speed,
unlimited usage and a Dublin based support team. Virgin media is offering guaranteed 150mb, static
IP’s available and six phone lines included. This offer although it seems rather overpriced compared
to the other options it is far superior in what it is offering and fulfils all the needs of the employees.
Recommendation:
We suggest choosing the Virgin Media deal as it is tailored towards the type of business that Feel
Good Fitness group is. Virgin media also guarantee no drop in the performance of the internet
regardless of the amount of clients on their server.
Routers
In terms of routers we suggest the use of Asus RT-AC68U Dual-band Wireless-AC1900 Gigabit
Router as it has been recommended for SME’s for its speed and range. This router is valued at €184
and it would be a great investment to enhance the capabilities of network. We also think that the
54. 53
business should invest in a repeater in order to maintain the strength of the signal throughout the gym.
The repeater we chose was the Amped Wireless High Power Gigabit Dual Band Repeater
(SR20000G) because of its fantastic ability to provide great coverage and avoid the risk of having any
WI-FI dead zones in your gym. This router is valued at €154 and is a highly recommended purchase.
Hosting Options
Option Price Model
In-House €10,000* Varied vendors
Outsource €‘000’s Varied Vendors
Cloud Hosting $0.0300 per GB Amazon S3
Dedicated Server €249 per month Hosting Ireland
*may vary
Recommendation:
We recommend that the business purchase/lease a dedicated server for its hosting requirements. The
dedicated server allows the business an abundant amount of storage for a very reasonable price. This
plan of €249 a month is 500 gigabytes which is enough to suffice the need of storage of customers etc.
55. 54
References
HP Thin Client benefits | HP® Official Site. 2015. HP Thin Client benefits | HP® Official Site.
[ONLINE] Available at: http://www8.hp.com/us/en/thin-clients/benefits.html. [Accessed 22
November 2015].
Thin Client Benefits | Thin Client Computing | Devon IT. 2015. Thin Client Benefits | Thin Client
Computing | Devon IT. [ONLINE] Available at: http://www.devonit.com/thin-client-
education/benefits-of-using-thin-clients. [Accessed 22 November 2015].
The Green Benefits of Thin Client Computing | Penn ISC Computing Resources. 2015. The Green
Benefits of Thin Client Computing | Penn ISC Computing Resources. [ONLINE] Available
at:https://secure.www.upenn.edu/computing/resources/category/green-it/article/green-benefits-thin-
client-computing. [Accessed 22 November 2015].
Advantages & Disadvantages of Optical Fibres. 2015. Advantages & Disadvantages of Optical
Fibres. [ONLINE] Available
at:http://services.eng.uts.edu.au/~akadi/ite/major_assignments/barber/advdisad.htm. [Accessed 22
November 2015].
Web Hosting Ireland - Buy Hosting, ie Domains, Cloud Computing, VPS & Dedicated Servers.
Register Cheap ie Domains.. 2015. Web Hosting Ireland - Buy Hosting, ie Domains, Cloud
Computing, VPS & Dedicated Servers. Register Cheap ie Domains.. [ONLINE] Available
at: https://www.hostingireland.ie/. [Accessed 22 November 2015].
How Much Will a Server Cost? Webopedia.com. 2015. How Much Will a Server Cost?
Webopedia.com. [ONLINE] Available
at:http://www.webopedia.com/DidYouKnow/Hardware_Software/how_much_will_a_server_cost.htm
l. [Accessed 22 November 2015].
Best business tablets: 9 great slates for work | TechRadar. 2015. Best business tablets:9 great slates
for work | TechRadar.[ONLINE]Available at: http://www.techradar.com/news/mobile-
computing/tablets/top-10-tablets-for-business-1093241. [Accessed 22 November 2015].
Business Broadband, TV,Phone & Mobile | Virgin Media Ireland. 2015. Business Broadband, TV,
Phone & Mobile | Virgin Media Ireland.[ONLINE]Available
at: https://www.virginmedia.ie/business/. [Accessed 22 November 2015].