Sybase Unwired Platform- Developing Secure Mobile Applications for BlackBerryAuthor:        Edwin RamosPosition:      Mobi...
Introduction ................................................................................................................
IntroductionSince the birth of mobile devices produced with historical operating systems such asVxWorks, DOS, Epoc-16, Pal...
Synopsis – Sybase Product PortfolioSybase is one of the largest enterprise software and services company exclusivelyfocuse...
6. Built on top of existing proven synchronisation and local data storage technology ML+ UL with added benefits of the app...
Cons:1. Could potentially increase development timeframe, but this is directly dependant onindividual developer skills.2. ...
Data SynchronisationThe MobiLink data synchronisation server has been available for the past decade andcan be classed as a...
These synchronisation logic generated from the diagrammatic design tool are storedinside the Adaptive Server Anywhere cons...
synchronisation. The UltraLiteJ runtime keeps track of changes made since the previoussynchronisation.The level of control...
The transport layer for SUP utilises MobiLink synchronisation technology and works inconjunction with the CESG accredited ...
Because MobiLink is used as the transport layer by SUP, it basically piggy backs on top ofthe accredited CESG approved Bla...
Page 12 of 12
Upcoming SlideShare
Loading in …5
×

Sybase unwired platform 1.2 developing secure blackberry applications

375 views

Published on

analysis of SUP 1.2 March 2010

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
375
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Sybase unwired platform 1.2 developing secure blackberry applications

  1. 1. Sybase Unwired Platform- Developing Secure Mobile Applications for BlackBerryAuthor: Edwin RamosPosition: Mobile Technology ConsultantCompany: Cell Telecom LtdDate: 26th March 2010Page 1 of 12
  2. 2. Introduction ........................................................................................................................ 3Synopsis – Sybase Product Portfolio ................................................................................... 4Alternative Development Options ...................................................................................... 4What is the Sybase Unwired Platform ................................................................................ 6“Nuts and Bolts” Of SUP ..................................................................................................... 6 Data Synchronisation ...................................................................................................... 7 Backend Integration ........................................................................................................ 8 Local Data Storage .......................................................................................................... 8Development Environment ................................................................................................. 9 Security ........................................................................................................................... 9 About CESG ................................................................................................................. 9 Mobilise Restricted Data ........................................................................................... 10 HTTPS Secure Data Access – Varying Modes ............................................................ 10Conclusion ......................................................................................................................... 11Page 2 of 12
  3. 3. IntroductionSince the birth of mobile devices produced with historical operating systems such asVxWorks, DOS, Epoc-16, Palm O/S and Windows CE the enterprise mobile revolution hascontinued to accelerate rapidly. A number of Integrated Development Environments(IDE) and M-enabling platforms have been created to support the development ofmobile solutions that targets these device operating systems. Taking into considerationthe days of Penright Mobile Builder, AppForge Mobile VB and the current popular toolssuch as the latest Visual Studio with .NET Compact Framework and BlackBerry JDE thetechnology currently available in the mobile industry has come a very long way eversince. It is clear that the methodologies that are now involved for creating mobileapplications enabling remote access to data from the corporate infrastructure is inconstant evolution.One can only make a true or false assumption that a mobile platform is suitable duringthe process of evaluation after all the necessary success criteria’s have been taken intoconsideration. We are unable to conclude one true answer to this question. We havealready learned from historical projects that each M-commerce requirement may haveits own characterised success criteria attached to it. Some aspects of a perceivedprojects success criteria’s may include “developer productivity”, “rich product features”,“shorter development timeframe”, “security”, “faster time to market”.This paper will clarify some aspects of the technology behind the Sybase UnwiredPlatform (SUP) v1.2, taking a closer view of this mobility platform from a developer’sperspective and identifying the individual strength and weakness of the features behindthis latest mobilisation technology available in the market.It is important to remember that like any new product offering, it has costs and risks aswell as benefits and some of the promised benefits may or may not materializeaccordingly.As part of this document we will also be looking into the UKBA POC mobile applicationwhich was developed using SUP 1.2 as part of the development workshop hosted byAirpoint Ltd. A number of use cases defined in which a secured BlackBerry mobileapplication was created by representatives of Sybase.Page 3 of 12
  4. 4. Synopsis – Sybase Product PortfolioSybase is one of the largest enterprise software and services company exclusivelyfocused on managing and mobilizing information. With global presence, enterprises canextend their information securely and make it useful for employees anywhere using thelatest devices. Since the late 1990’s the Sybase product portfolio has included the datasynchronisation software known as MobiLink and the UltraLite local databasetechnology, these have been flagship products for Sybase ever since. In essence in thispast decade Sybase has released into the market a number of major Mobile Platformslike the iAnywhere iWireless Server [solution offering based on the popular SybaseEAServer which was a J2EE solution comprising of a bunch Enterprise Java Beans andSAP BAPI connection generator]/ mBusiness Anywhere [based on AvantGo technology]and the Sybase Unwired Accelerator(UA) & Unwired Orchestrator(UO) [wizard drivenapplication server – with connectors to enterprise systems such as SAP]. The latestderivative from the UA/UO offering is a new product called the Sybase UnwiredPlatform version 1.2.Alternative Development Optionsa) SUP 1.2 > Mobile Application DesignerMobile Business Objects – “underlying ML download cursors + row level handling forJava API” for data transportUltraLiteJ + AES layer for secured data access layer + BES/MDS secured HTTP(s)connection. SUP Generated mobile client application through DAD/BOBPros:1. Based on industry standards SOA architecture, good designer support for creating mobile data workflow:2. SUP Workflow for developing apps a) Connection Profile b) Mobile Application project c) Drag & Drop functionality for MBO’s d) Deployment Profile e) Device application designer & API framework f) Code generation g) Integrated with BB simulator With the above functionality provided by SUP the developer is given good tools for all necessary development of BB apps.3. Provides a good foundation and a sense of structure to the developer and uses themost popular IDE in the market such as Eclipse & Visual Studio through SUP plug-in.4. 4GL + Rapid Application Development methodology with no real developerknowledge needed to quickly mobilise a db schema.5. Adheres to CESG security standardsPage 4 of 12
  5. 5. 6. Built on top of existing proven synchronisation and local data storage technology ML+ UL with added benefits of the application designer for the extra value add to creatingmobile apps.7. Synchronisation cycle is fast but due to additional encrypt/decrypt both from thenetwork and client there is a small amount of additional processing. Based on UKBA usecases the user should be able to search and display data within 60-90 seconds flat.However, it is directly dependant on network coverage & signal strength, optimised syncscripts and consolidated database. During real live implementations certain tasks can bedone to ensure quick sync capabilities.Cons:1. Restricted ML functionality exposed by SUP designer. ML provides moresynchronisation events + procedures as part of built in synchronisation cycle both fromthe upload + download phase.2. Restricted RDBMS functionality accessible from the mobile application designer anddeployed application due to layer generated by SUP DAD/BOB.i.e. ULJ may be fragmented over time due to the constant inserts and updates on theremote database. No way to defragment or reorganise indexes.3. Restricted integration to types of web services.4. User interface controls is currently limited but is addressed during the v1.5 release.This resulting mobile application may not be as native/fluid as a normal BB rimlet app.5. Data transferred during upload statements incurs row level data. Which means if atable consisted of 10 columns and only 1 column has been modified, during the uploadcursors the whole row consisting of 10 columns is uploaded resulting in non-optimizeddata transfers plus on top of this the before image and after image is also uploaded.This means that if 1 column is changed there is an additional 19 column worth valuesbeing uploaded for no reason apart from possible conflict resolution purposes on thewhole row.6. Completely dependant on Sybase technical support when a feature does not functionas expected. Due to the SUP designer the developer is unable to troubleshoot theunderlying sync script or client code. i.e. during workshop > image capture beinguploaded to consolidated db and experienced issues with right truncation error duringuploads.b) UL JAVA + ML + RIMLETPros:1. Full support for ML synchronisation events. i.e. connection level, table level2. Full control of available ML options3. Full control for ULJ options4. Full control for mobile application look and feel plus controls and events exposed tothe developer.5. Can adhere to CESG security standards, can utilise existing BES/MDS infrastructure.AES as standard for data access layer on mobile application to ULJ.Page 5 of 12
  6. 6. Cons:1. Could potentially increase development timeframe, but this is directly dependant onindividual developer skills.2. Typical use cases tackled during the UKBA workshop will probably take an additional30%>45% effort due to hand-coding.3. Data transferred during upload statements incurs row level data. Which means if atable consisted of 10 columns and only 1 column has been modified, during the uploadcursors the whole row consisting of 10 columns is uploaded resulting in non-optimizeddata transfers plus on top of this the before image and after image is also uploaded.This means that if 1 column is changed there is an additional 19 column worth valuesbeing uploaded for no reason apart from possible conflict resolution purposes on thewhole row.c) SECURED WEB SERVICE + XML/JAVA OBJECTS Local datastoreRIMLETPros:1. Full support for what data is uploaded and downloaded to the BB mobile applicationmajor disadvantage of having to write from scratch. Software developers may haveexisting mechanisms that have template approach to developing web services.2. Full control of all UI elements can fully utilise RIM API’s controls & events etc3. Full control for mobile application look and feel plus controls and events exposed tothe developer.3. Can adhere to CESG security standards, can utilise existing BES/MDS infrastructure.Cons:1. Typical use cases tackled during the UKBA workshop will probably take an additional30%>45% effort due to hand-coding.2. Time consuming but dev timeframe can be decreased ensuring the right team isutilised.What is the Sybase Unwired PlatformSUP is a development and deployment vehicle, enabling the creation of mobile clientsfor back-end enterprise applications. SUP enables developers to push applications outinto todays heterogeneous mobile device environment.“Nuts and Bolts” Of SUPThe following sections will provide a detailed insight into the mechanics of the SUPmobility platform.Page 6 of 12
  7. 7. Data SynchronisationThe MobiLink data synchronisation server has been available for the past decade andcan be classed as a proven platform for taking subsets of data on a mobile level.Typically this is paired up with an UltraLite remote database deployed on the specificmobile operating system in conjunction with a mobile application that acts like awindow view to the data from a consolidated database.The Sybase SUP embeds this technology as a transport layer. This is completely enclosedand wrapped up in a designer tool that generates the synchronisation objects known asMobile Business Objects. The MobiLink data synchronisation technology implementsnumerous synchronisation events such as connection level events and table levelevents.The generated code within the MBO’s effectively hooks into the synchronisation eventsfrom the MobiLink server, in turn invoking the classes and methods through themechanics of the MobiLink Java API. One of the features of this is known as direct rowhandling. This mechanism allows the interception of the rows of data that is beinguploaded from the remote database and be passed on to external classes and methodsfor processing as defined in a mobile business workflow. I.e. save to external RBMStables, consume a webservice and use columns within a row of records as parameters.An example of this could be:-A remote database with an Orders table which stores order details for a CRM mobileapplication and during the upload cursor of this table the direct row handling couldintercept the rows being uploaded to the consolidated database table and passed to anexternal java class or .net class with a method that implements custom code. This codecould be integration into other systems such as connection to other RDMBS, web serviceconsumption or any other code that may be written in JAVA or .NET.Through the SUP these MBO’s represents the code as described above, the MBO’s canbe instantly created and enable data synchronisation from applications on supportedmobile devices rapid.Each remote database can contain a different subset of the data in the consolidateddatabase. The partitioning can be disjoint, or it can contain overlaps. For example, ifeach employee has their own set of customers, with no shared customers, thepartitioning is disjoint. If there are shared customers who appear in more than oneremote database, the partitioning contains overlaps.Partitioning is implemented in the download_cursor and download_delete_cursorscripts for the table, which define the rows to be downloaded to the remote database.Each of these scripts takes a MobiLink user name as a parameter. By definingsynchronisation scripts using this parameter in the WHERE clause, each user gets theappropriate rows.The MBO’s are generated on the fly through a process of clicking, pointing, dragging.Page 7 of 12
  8. 8. These synchronisation logic generated from the diagrammatic design tool are storedinside the Adaptive Server Anywhere consolidated database.The SUP uses this consolidated ASA database like a take off/landing pad for the databeing used by the remote users.Although SUP cleverly creates this synchronisation logic on the fly and inevitablyresulting on shorter development timeframes due to the wizard approach thedeveloper/super user is completely shielded from other functionalities that MobiLinksynchronisation technology offers. There are numerous other events that the developermay want to make use of during the synchronisation process which may not be availabledue to the loss of granularity and control through the use SUP MBO designer.This could allow a user to write external functions to be invoked using either .NET orJAVA code. This cannot be done if through the use of SUP however by implementingMobiLink on its own the developer can have more control of the synchronisation setup.Backend IntegrationThe SUP uses a Service Oriented Architecture (SOA). In fact one of the very firstenterprise mobile platform vendors that encompassed this methodological approachincludes companies like Dextera (2006) now taken over by Antena. Also other popularenterprise mobile vendor such as Syclo already has this approach implemented within.This Service-orientation defines loose coupling of services and SOA separates functionsinto distinct units.Due to the many variations of Web Services and no code written by the developer toconsume a web service from within SUP the result, only certain amount of support forWebservices which becomes resticted due to code generation and granularity of controlby the user if created from within the SUPThis barrier can be removed if the MobiLink synchronisation technology is utilisedoutside of SUP. As external JAVA or .NET code can be invoked by registering a class anda method call during sync events as defined by the MobiLink Server API.Local Data StorageThe mobile application generated by the SUP uses the UltraLiteJ component which ispart of the SQL Anywhere product line. UltraLiteJ provides Java applications with aMobiLink synchronisation client, together with change-tracking and state tracking toensure robust synchronisation. UltraLiteJ applications are automatically MobiLink-enabled whenever the application includes a call to the appropriate synchronisationfunction.The UltraLiteJ application and libraries handle the synchronization actions at theapplication end. UltraLiteJ applications can be written with little regard toPage 8 of 12
  9. 9. synchronisation. The UltraLiteJ runtime keeps track of changes made since the previoussynchronisation.The level of control that the developer has with the underlying UltraLiteJ database isvirtually none. This is due to the fact that SUP generates a data access layer “DPL” intogether with the SUP layer. A mobile application with an underlying UltraLiteJ databasecan be written independently written without the use of SUP. This will allow thedeveloper to gain more control of the features of UltraLiteJ but the disadvantage ofpossibly increasing the development timeframe. This may not be ideal for companiesthat want to rapidly market their mobile solutions.Development EnvironmentIncludes a powerful 4GL tooling environment that speeds mobile applicationdevelopment. Integration with common IDEs, such as Visual Studio and Eclipse, enablesdevelopers to leverage existing tools and expertise. • Offers seamless integration with a variety of enterprise applications, including SAP and Remedy, or any other application that leverages databases or Service Oriented Architecture (SOA )/Web Services. • Provides an excellent tool for rapidly creating mobile applications which supports BlackBerry and Windows Mobile operating systems.SecurityAbout CESGCESG is the Information Assurance (IA) arm of GCHQ and is the UK GovernmentsNational Technical Authority for IA, responsible for enabling secure and trustedknowledge sharing to help their customers achieve their business aims.There are five key principles, essential for safe electronic transactions: * Confidentiality- keeping information private * Integrity - ensuring information has not been tampered with * Authentication - confirming the identity of the individual who undertook thetransaction * Non-repudiation - the individual who undertook the transaction cannotsubsequently deny it * Availability - ensuring information is available when requiredInformation Assurance is about meeting these requirements.Page 9 of 12
  10. 10. The transport layer for SUP utilises MobiLink synchronisation technology and works inconjunction with the CESG accredited security algorithms for data transfer layer anddevice data storage. This can be implemented without the use of SUP as the encryptionalgorithm is provided as part of the core SQL Anywhere product portfolio.Mobilise Restricted DataThrough intensive security evaluation, the Government Security Authority, CESG, hasissued a final guidance document that assures the BlackBerry® wireless communicationssolution for use by government employees to handle restricted data.With a BlackBerry solution, government and public sector professionals can securelyconnect to colleagues and operational data on the move. CESG approval means thatBlackBerry solutions can now be deployed with confidence by government organisationsto provide mobile access to restricted data.Through this accreditation, BlackBerry devices offers government users the assurancethat data and emails are secure, both in transit and on the device. The BlackBerryEnterprise SolutionTM uses widely trusted encryption technologies that are consideredcomputationally infeasible to break, namely:• Data Encryption Standard (Triple-DES) and Advanced EncryptionStandard (AES) for data in transit. All data remains fully encrypted during transit.• AES for data on the device.HTTPS Secure Data Access – Varying ModesBlackBerry MDS Services act as a secure gateway between the wireless network andcorporate intranets and the Internet. They leverage the BlackBerry AES or Triple DES*encryption transport and also enable HTTPS connections to application servers.BlackBerry smartphones support HTTPS communication in one of two modes,depending on corporate security requirements: * Proxy Mode: An SSL/TLS connection is created between BlackBerry Enterprise Serverand the application server on behalf of BlackBerry smartphones. Data from theapplication server is then AES or Triple DES* encrypted and sent over the wirelessnetwork to BlackBerry smartphones. * End-to-End Mode: Data is encrypted over SSL/TLS for the entire connection betweenBlackBerry smartphones and the application server, making End-to-End Modeconnections most appropriate for applications where only the transaction end-pointsare trusted.Page 10 of 12
  11. 11. Because MobiLink is used as the transport layer by SUP, it basically piggy backs on top ofthe accredited CESG approved Blackberry security architecture and end to end securitypolicies.ConclusionDelivering on the promise of Service Oriented Architecture (SOA), SUP does allow rapidresponse and adaptation to business change without the high cost normally associatedwith such challenges. In order for adaptive mobility to be successful, it is critical forcompanies to deploy solutions rapidly with the aide of SUP and its wizard drivenmethodology this is achievable.The only caveat is that the end product may be restricted in some manner incomparison to developing a mobile application from the standard IDE’s and API’s due tothe level of control that is available to the developer. i.e. Controls and events associatedwith the controls. With the up and coming SUP v1.5 these restrictions will be resolvedfurther. It is now up to the mobile market to take adaption of this new Mobile Platformfrom Sybase for this product to be deemed as an innovative solution. One thing to keepin mind is that the underlying technology has been around for many years and itcertainly is a proven data transport layer and local data storage technology.In addition, SUP is about ease of development and deployment for in-house customapplications. This means mobile applications and business processes can be created bybusiness analysts who understand the individual departments or group’s best withouthaving to wait for a package application vendor to provide a generic set of applications.All in all SUP does seem to provide rapid mechanisms for creating mobile applications onthe fly without too much development knowledge. It would be interesting to see whatthe cost implications would be in comparison to licensing MobiLink and UltraLite to theSUP product portfolio. In essence it is up to the customers to gauge out if its worthpaying the price for a wizard driven mobile platform with less development control bothfrom the data synchronisation and mobile client UI perspective to using the underlyingcore technology MobiLink and UltraLite created by experience mobile developers. In theend this really remains in the hands of key decision makers.Page 11 of 12
  12. 12. Page 12 of 12

×