Facilitating Supply Chain Management through Internet Infrastructure

Enterprise Resource Planning (ERP) has become an important focus area among companies worldwide. With a push towards becoming lean in operations and cost cutting, resource planning and related activities are being seen as the key to be more profitable in current marketplace. One key aspect of these efforts is Supply Chain Management (SCM). SCM attempts to manage the vendor-customer relationship in a manner that is beneficial to both parties involved in the activity of the sale and corresponding procurement.

Information and business transaction systems are a vital set of tools available to achieve the goals of successful supply chain management. Due to the automation of business processes involved in trade of goods, a variety of information and knowledge are embedded in an information system’s database. In this paper we describe how we have used one such database at Hewlett-Packard (HP) – the order database – to extract information of significant importance to our customers. Using this database, we have developed an application to inform the customer of the order status. It is our belief that the order status information will be an area in supply chain management that will have a significant impact on HP’s relationship with its customers.

In order to deliver this information, we have used a communication medium that has revolutionized the way companies are doing business. This medium – the World Wide Web (WWW) - has provided a de facto standard for inter-company information exchange. In the subsequent sections we describe the efforts undertaken at HP to use the web to communicate order status information to customers. Each of the first few sections below address a different facet of the problem we are tackling. The subsequent sections describe the solutions to each of the issues presented as well as the overall architecture.

While developing any application it is important to have a clear understanding of the customer requirements. This requirement becomes even more stringent in case of any Internet-based application since almost always the contact with the end-user of the application, a vital part of the application's success, is missing. By definition, an Internet application is written for users with whom the developers have little or no contact. Even if the specifications were designed with a particular user group in mind, over a period of time the user expectations and user profile changes. This disconnect between the users and the developers of an internet-based application makes it important that we do a careful analysis of the customer profile in order to understand their expectations.

One of the many ways to understand the customer is to classify them based on their data/information requirements and the frequency of the communication desired. Figure 1 below describes such a profiling.

The customers can be divided into broad categories based on the level of their relationship needs and information needs. The low and high degrees of these two aspects together give us four different classes of customers. Each class has a different set of expectations. While the relationship-oriented customers are less concerned about the amount of information, they are more sensitive to relationship-building measures a vendor uses. On the other hand, the channel partners want more information and they want a tight coupling with the vendor. This difference in expectations also translates in difference in demands from an application. In the Order Status application that we built, we targeted the relationship-oriented "Enterprise Customer" class.

The goal of Enterprise Resource Planning (ERP) is to facilitate optimal and efficient use of the resources available to an organization. The ideas such as Just-in-Time inventory management, rapid turnaround time to customer desires and efficient logistics were developed in order to make that goal more realizable. However, such goals are difficult to attain without cooperation between the vendor and its customers. A tight connection between vendors and customers is at the foundation of ERP planning process and defines the basic concepts of Supply Chain Management (SCM). The relationship between the ERP and SCM goals and how it fits within vendor-customer relationship is shown in figure below.

A supply chain can be considered as a (theoretically) infinite chain of entities in which each entity acts as a vendor and as a customer from time to time. Each entity goes through a Procure-Build-Sell cycle as shown in the figure. The Sell activity of one entity corresponds to the Procure activity of another entity. The activity makes up the vendor-customer link and is vital to the vendor's business success.

From a customer point of view, the Sell-Procure link between the two organizations is the most important aspect of the relationship. Thus as a vendor, one's aim should always be to improve this link in order to achieve better relationship. While the quality and quantity of products and related discounts are important factors for a better Sell-Procure link in general, for an enterprise customer the order status is the most important factor. This is because the enterprise customer is almost always assured to get quantity and other discounts by sheer volume of the demand. Also, usually the quality check is done before choosing the particular vendor. What an enterprise customer really expects from a vendor is timely delivery of goods almost all the times and adequate notice of any changes in the schedule of delivery. The reason for sensitivity towards this kind of information is that an enterprise customer has significant resources tied in planning the procurement and deploying these products in its operation. At times, such a customer also has made promises to its customers the delivery of its own products that may depend on the original procurement. Under such conditions, order status information tools bear a lot of importance.

We now discuss the technologies available today to fulfill these requirements.

The Internet has helped in many ways in making the goals of ERP and SCM a reality. It has brought the companies around the world, of varied background and industry sectors, together to agree upon a common medium of communication and information exchange. Several new technologies have emerged in past few years in the Internet technology area. Although a description of all the technologies is outside the scope of this paper, we briefly describe the technologies that are relevant to our work.

1. Data communication technologies

At the heart of the Internet lie the basic communication technologies used for information exchange between two or more computers. HTTP - The protocol used for this - is a TCP/IP based communication protocol. It is stateless in the sense that using this protocol it is not possible, at least directly, to remember user responses across multiple transactions. The user can exchange the information over this protocol base using a special language HTML (HyperText Markup Language). HTML documents are viewed using a browser program that interprets this language and displays the information. The language provides constructs to format data in a certain way and the process of documenting using HTML is now largely automated. For user specific formatting, any program could be embedded in the browser (this is called a plug-in).

Although this setup provides the means to facilitate the information exchange, it is not sufficient to commit any transactions. For this purpose, a separate mechanism, called Common Gateway Interface (CGI) has been established. A CGI program can be any ordinary program that can execute on the machine where the web server resides. The web server creates the environment for the CGI programs. However, CGI still does not completely solve the problem of memorylessness of the basic protocol. Remembering user responses and driving a transaction according to that is vital for any transaction processing system. A variety of solutions have been devised to solve this issue.

 

2. Data encryption technologies

Most of the transactions committed using the Internet have information that can be sensitive. Due to open nature of the networking technologies, it is possible to snoop into the information flowing over the network. This necessitates that some kind of encryption method is employed in order to build a secure transaction environment. To date the most popular technology used for this purpose is Secure Socket Layer (SSL). This method is fairly robust and has been successfully employed by many companies. SSL provides means for communicating data in encrypted fashion either one way or both ways.

3. Digital certificates

Digital certificate technology is used for client authentication and authorization and could be considered as an extension to the SSL technology. The idea behind digital certificates is to create an equivalent of a signature in the electronic world in order to verify the client's identity. Based on the information contained in a digital certificate it is possible to identify the client or user to a very finer level such as an employee within a specific department of an organization. The digital certificates use the Lightweight Directory Access Protocol (LDAP) to store the information about the client. It also contains the digital signature for the particular certificate.

All the major web browsers provide the process for authentication of the digital certificate. As an application developer, it is sufficient to know how and where a certificate is used and how to get the information embedded in a certificate and use it in the application facilitating some transaction.

We used the concepts described above to establish a link between HP and its enterprise customers. The purpose of the application was to provide order status information. For a better understanding of ECIK it would be useful to know the business environment in which it will operate.

The primary purpose of the ECIK application was to disseminate the information related to order and installation schedule. HP has a number of enterprise customers that place orders of significant volume and dollar value. Due to the volume these customers are of immense strategic importance to HP and efforts have been made to make these customers ordering easy via different channels and forms.

Due to large volume it is difficult to fulfill these orders in a short span of time. Thus some of the orders are fulfilled in segments. Also for some of the customers, HP does site installation of certain equipment. This can be a multi-day or multi-week activity. Due to this, the customers always want to know what the current status of their order or the "installation project" in order to do better materials management on the customer side.

HP has always catered to the special needs of these customers by providing tools that can ease their procurement process. Some of these tools include special packages that would provide access to HP's information databases. Previously HP had provided dial-up access on a periodic basis to these customers.

While the arrangement has been sufficient until this point, there was a need to enhance features available through the existing infrastructure. The chief driving factor was of course the advent of and the flexibility provided by World Wide Web and push towards E-commerce environment in the industry.

One of the chief problems with the existing setup was that the dial-up service was available only on a one-to-one basis, as it could not handle a lot of load. Also, the infrastructure requirements for each dial-up service were high for HP. One concern clients had voiced was that the service did provide access for a generic user of the system and all the information needed to be downloaded and disseminated within the customer organization to "keep all concerned parties in loop". The service also required a special software and hardware setup at the customer site.

The drawbacks in existing setup reinforced the need for a new solution such as web based application. The WWW environment also brought in some changes that made a lot of new features possible. The web brought in an easy and industry standard way to provide information to the customers. This eliminated any special setup necessary for the order status information application. Also, due to the ease of use of HTML, it was possible to create and change the user interface to suite customer needs in a reasonable fashion. This had potential to reduce the user training costs. Last but not the least; the interest in the Internet that spurred the development of a variety of software components that were available from a variety of software vendors. This resulted in reduced development cost which had a significant impact on the viability of the overall solution.

With these ideas in mind we developed the business specifications for ECIK with the help of the HP sales organizations and the enterprise accounts managers. The chief goal was still to provide the order status information to the HP customers. However, we enhanced certain features to enhance the service to the customers. Some of the main specifications were:

• Ability to tailor the order searches and display the information based a specific sales force.
• Flexibility to provide order search based on a number of fields including: HP quote number, Customer PO number, HP product number and SOLD-TO and SHIP-TO customer ID's
• Order Summary and Order Detail information
• Ability to project a unified view from multiple data sources to get the relevant information
• Customer registration and authentication capabilities
• Maintaining the confidentiality of the data between HP and the specific customer

One of the constraints we had was to provide a fair level of functional similarity between the existing application and ECIK.

Based on prior experience with providing similar information to the customers it was important that the application was technically sound enough to prove its value-add. Thus the technical specifications were as follows:

• An Internet based solution due to popularity of that medium
• Ability to access the data residing on HP 3000 machines in an IMAGE database
• Ability to host reasonable level of hits on the web server for the application
• Piercing the firewall in order to access the company data
• Reasonable turnaround time for the search query
• Design of an architecture that scales to demands for order entry in future
• Native language support (for example, Kanji) in the browser
• On-line as well as downloadable information presentation
• Application independent data formatting to provide the flexibility to load data in any application product suite including spread sheets and word processors

Choosing the architecture

Due to changing technologies and Internet environment, there were several architectural alternatives available for the solutions. There were a variety of choices available to us at the time we defined the architecture. We identified a number of different alternatives before concentrating on a few. These alternatives are depicted in Fig. 3.

Of these alternatives, we had to abandon the ones that required the web server to be on HP 3000. Although the web server was available on the platform, at the time of decision making it was not an officially supported product and it was a direct port of the original software available from NCSA that lacked many features that were later introduced in Netscape or Microsoft web servers. HP has recently announced plans to port the Netscape server to that platform.

After the first round of elimination, we embarked on a phase to test all other alternatives in order to find out pros and cons of each of the alternative. The details of the experimentation done are beyond the scope of this paper. Suffice here is to say that we found that CGI based model outperformed all other alternatives.

Same level of trust could not however be assumed between the outside users of the application and the HP database access components. Thus we decided to implement a trusted transaction environment so that the application developers need not be worried about whether the client browser that made the query was an authentic one. Digital certificates provide an efficient mechanism to fulfill this. The modalities of acquiring and processing a certificate are solid enough to ensure that only the authenticated clients can connect to the web server. The browsers and web servers from Netscape and Microsoft both provide built-in processing of handshaking protocol between the two communicating processes. We used this technology for client authentication and authorization.

Once an authenticated user is allowed to connect to the server, (s)he should be checked for "authorization" to view the information. For example, even though users from Company A are authenticated to use the application, they should not be allowed to view any data related to Company B. Since the web server is oblivious to any such user level permissions checking, this has to be implemented in the CGI application that processes the request. This can be facilitated in several ways. One possible way is to use the Access Control Lists (ACLs) that are available within the web server. However, this requires the user to enter an additional user name and password. On the other hand, it is possible to implement the authorization process using the information the client has already provided - viz. The digital certificate components.

The digital certificate contains the information about the client browser that can uniquely identify it. It must be noted that since the client authentication is done by the web server, the information from the certificate is not directly available to the CGI program that is launched by the server since it runs in its own environment. This information has be provided through the environment that the server passes on to the CGI program. We used this technique to communicate the certificate information to the program. This information is encrypted using MIME format and is organized as an LDAP structure.

The LDAP structure provides a way to organize the users in different categories. These categories can be used to set user authorizations. It is also possible to create user hierarchy. Such an hierarchy can be used to create different levels of services to different user groups within the same client organization.

The firewall that separates the Intranet of an organization with rest of the Internet can hinder an easy solution using this architecture. Because the order information databases are HP internal information sources they must be kept inside the firewall, while the web server being a public information server must be outside the firewall. Stringent security measures make it impossible for machines inside and outside the firewall to communicate with each other. The firewall has to be "pierced" in order to allow communication. In our case we used the limited access provision technique. This allows a one-way traffic between the two machines (inside-to-outside) and limits the type of connections that are possible between the two machines. Such techniques are common in the industry. The resultant solution is shown if Fig. 4.

The general data flow is as follows. The user connects to the ECIK web site. During this connection (s)he is prompted for digital certificate for authentication purposes. After the user is authenticated, the web server launches the ECIK application as a CGI program. The web server also provides the certificate information to the application in MIME encrypted format through an environment variable. ECIK extracts relevant information from this variable to get the customer name and user name. An HTML form is then displayed that can be used to format the customer query. This query is then translated to SQL statement. The information extracted from the digital certificate is used at this point to limit the SQL search through the database. After the query is executed the results are rendered to the client browser in HTML format.

The implementation was a two-phase process. In the first phase the application was made available to the internal HP users. This helped us in finding any shortcomings in the features. The security issues were not as prominent in case of the internal deployment. Thus for the internal implementation, we did not implement SSL or digital certificates. The second phase includes those features.

There has been significant interest in the E-commerce market about Java applications, its capabilities and its ease of use. While we did consider Java as a platform for implementation, we did not use it into final solution because of two reasons.

1. The Java applet did not provide a performance-optimal solution. Our experiments showed that the CGI program was still outperforming the Java code.
2. Java still has some security holes that have made it an unpopular choice in corporate IS environment. For this reason, many companies have prohibited running Java applets on corporate desktops. Such a policy could have proved to be a major roadblock to the general rollout of the ECIK application.

After the implementation, the natural question that follows is "How can we enhance such an application further?" There are a variety of features that can be added to applications such as ECIK. Some of the possible features are listed below.

• On-Line Transaction Processing (OLTP) capabilities – Currently we are providing only the lookup facility to the order database for the customers. It is possible to give the power to the customer to initiate order placement transactions. Due to the use of digital certificates, an application that puts some trust in the customer can be easily built with these transactional capabilities, facilitating the quote and order management business processes. This could also reduce the order fulfillment infrastructure since the customer now shares the load of order placement to a significant extent. However, in order to do so, the business processes behind this must be closely analyzed.

• Push and Pull technology based infrastructure – The current ECIK mechanism provides the order status information on demand. However, in some cases it is desirable to provide the information proactively as the status on some order changes. This can be done without any user intervention. Such a feature can provide users with the order status information without having them to refresh the browser screen periodically. The web technology currently provides some solutions to this. Push and pull mode web servers and browsers are available as well as the channel technology. The scalability of these technologies needs to be asserted before a wide spread implementation.

• Flexible data formatting – As the web-based applications become more pervasive the need for various formats also grows since different user bases want the data in their native format in order to minimize the complexity of the interfaces. In such cases, on-line as well as native-formatted off-line data delivery is a key factor for better user satisfaction. XML (Extended Markup Language) standards released by World Wide Web Consortium (W3C) have proposed a solution for this. Using XML it is possible to exchange data across the architectural boundaries without the need to know the local data structure at the communicating architectures. This will allow heterogeneous architectures to communicate with other in a seamless fashion.

A number of companies are actively working in the E-commerce area in order to better serve their client needs using the communication medium provided by Internet. Web-enabled application solving business needs in the supply chain management area has become an area of significant interest among these companies and the IT industry in recent times. Order Status is an area within the supply chain that has vast potential of improving the vendor-customer relationship. In this paper, we described one such effort undertaken at HP to fulfill these needs for HP’s enterprise customers. The solution uses many newer technologies to achieve this goal. Some of the achievements in development of this solution are:

• Understanding the customer profile and its effect on supply chain management applications
• Ability to connect legacy databases and Internet technology together to satisfy the supply chain needs
• Use of Internet security mechanisms to provide a trusted infrastructure for web transactions
• Provision of a real-time link between a vendor and its enterprise customers for order status information thus strengthening the supply chain
• Customized HTML rendering to configure the web page for a particular customer; thus maintaining the confidentiality of customer data
• Setup of an infrastructure that will enable the solutions for the future challenges of E-commerce environment such as OLTP, Push-Pull mode web clients and architecture independent data formatting

The authors would like to thank the EBS management for their support throughout this project as well as during the research work done during initial phases. Special thanks are due to Milind Gole and Cliff Bryant for being the driving force behind this entire effort. Without their vision this project would not have been possible. The team would also like to thank other HP organizations, especially our business partners for participating in this effort and making it a success. Discussions with Andrea Dodini and Joe Ellsworth also helped in shaping this paper.

Send email to Interex or to theWebmaster
©Copyright 1998 Interex. All rights reserved.