When Sony Corp. needed a new Web presence for its professional services division, it turned to Microsoft Corp.s .Net Framework and Visual Studio tools to build a secure site for customers ordering software, parts and services.
Sony chose a Microsoft-based solution over a Java-based platform, even though most of the companys applications run on J2EE (Java 2 Platform, Enterprise Edition), said Jim Bilchak, director of new business and technology at Sony Professional Services, a division of Sony Electronics Inc., in Park Ridge, N.J.
Flexibility and ease of integration are the key reasons for the selection of Microsoft technology, said Bill Swift, senior vice president and chief technology officer at Brierley & Partners Inc., a Dallas-based consultancy that helped Sony update its professional services site.
Completed in April, the site, called ServicesPlus, lets users access 700,000 Sony products, with real-time pricing and availability information.
.Net Frameworks security features played into the selection process, as the Sony solution includes a secure module, SIAM (Security Internet Application Manager), which is built in C#, Microsofts Java-like language. SIAM provides authentication and authorization for ServicesPlus.
Swift said that early in the process, Sony created a proof-of-concept application with Microsoft because it was “trying to come up with the best way to use Web services.” Sony was looking at Web services as an integration technology. “That was a key driver because they had a legacy system that had been around since the 70s,” he said. “The parts information was on a mainframe, and they needed to expose it.”
Meanwhile, “the security system, they decided, should be separate … so other groups within Sony could eventually use it” and the company could recoup its development costs, Swift said.
Bilchak said .Net Framework established a basis for Sony to continue to cut costs by enabling it to reuse components built on the technology, such as SIAM.
By creating the SIAM module, Sony will be able to save the $300,000 a year it was paying to license security certificates for business-to-business commerce with its customers, Swift said. “The key challenge with SIAM was an authentication service that acts like a broker, so the system can identify you based on your user type to log you on.”
Developing Tighter Applications
“The primary goal of the Sony Professional Services application was to enable sales via the Internet in a very secure manner—educating the B2B customer on Sony products and reducing the number of phone-in orders to their call center,” Swift said. “Security became an immediate focus due to a number of factors—their B2B customers and security policy dictate authentication must be driven through an existing LDAP directory. However, non-B2B customers that can also use the site can be authenticated differently.”
Swift said Brierley delved into other security areas for this solution and for other work it has done for Sony, including recommending physical security of the data center and audits; encrypting data sent via files; securing XML Web services via SSL (Secure Sockets Layer) digital signatures; X.509 certificate-based authentication and so on; securing customer-service-type applications using role-based security; and implementing technologies such as network security, dual firewalls and IP restrictions.
Meanwhile, .Net Framework and Visual Studio have technology that enables developers to create more secure applications.
Rick Samona, product manager for .Net Framework and Developer Tools at Microsoft, in Redmond, Wash., said the companys new tools help developers add security at the development stage.
“Developers require an innovative security architecture and features at both the application-platform and programming-tool level,” said Samona. “The .Net Framework and Visual Studio .Net provide developers with the necessary tools and information to write secure applications. Managed code and the .Net Framework make writing secure applications easier and help developers avoid one of the largest types of security breaches: buffer overruns.”
“Furthermore,” said Samona, “the .Net Framework contains added features like integrated garbage collection, the ability to do sandboxing, and several libraries such as Strsafe.h for safer string handling in C and Server.HTMLEncode to help prevent cross-site scripting. Another thing that the Common Language Architecture [CLR is part of the .Net Framework] provides is evidence-based security, including strong names for assemblies. In .Net, all the core libraries shipped by Microsoft are signed and strongly named.”
In addition, Samona said Microsofts lead in securing Web services attracts developers. “One area where we are ahead is in the ease of use in implementing WS-Security,” Samona said. “WS-Security is a fairly involved family of specifications, and it is not trivial for a developer to properly apply it to a Web services app. With WSE (Web Services Enhancements) 2.0 and Visual Studio 2003, a developer can set up a secure Web service with a few clicks and menu selections through the wizard. In other tool kits, this is a complex, error-prone process, involving many lines of hand-authored code.”
Sony officials said commercial customers who need to create, move, display, broadcast, store or manage video or data should know about Sony Professional Services, as the business unit provides competitive consulting on systems, software development, integration and implementation, and service and support.
Bilchak said Sony wants to increase sales and customer satisfaction relating to its professional services groups Web presence. “We wanted to improve the customer experience,” while driving orders through the site, he said.
Sony said that three months into the deployment of the new system, the number of orders handled over the Web grew 300 percent and sales rose by 15 percent. Meanwhile, the company projected savings of more than $1.5 million over two years.
The electronics company moved away from a system with two nonintegrated Web sites for ordering hardware and software, officials said. Those systems were unwieldy and required custom software for users to access the Sony parts catalog.
In addition, these sites handled less than 7 percent of the Sony Professional Services orders, with most orders coming in via phone and fax. However, the ServicesPlus site handled 25 percent of the groups orders during the first three months of its use. Sony hopes that the site will handle 15 percent of the professional services orders overall in its first year, said Tim Lindner, manager of professional services administration for Sony.
Brierleys Swift said the Sony Professional Services application provided interesting integration challenges that the company overcame mainly with Web services.
The ServicesPlus site uses .Net Web services to integrate Sonys internal systems, including an SAP (Service Advertising Protocol) system, an LDAP database, a mainframe-based IBM CICS, a VeriSign Inc. credit card validation system, and an Oracle Corp. database for account and order status information for credit card customers.
Check out eWEEK.coms for the latest news, reviews and analysis in Web services.