MOVE-1: Progress Dynamics

1
MOVE-1 Progress Dynamics on Steroids
Anthony D Swindells
Engineering Fellow
2
Agenda

• Dynamics Roadmap Overview
• Dynamics as a Trusted Authentication Domain
• Integrating OpenEdge Auditing
• OpenEdge Reference Architecture Compliant Logic
• Achieving a Competitive UI

This presentation includes annotations with
additional complementary information
3
Under Development

• This talk includes information about potential
  future products and/or product enhancements.
• What I am going to say reflects our current
  thinking, but the information contained herein is
  preliminary and subject to change. Any future
  products we ultimately deliver may be materially
  different from what is described here.

4
Progress Dynamics Today a fresh look
In a single slide!

• Integral part of OpenEdge Studio Development
  Environment
• In the box Framework for rapid development of
  Stateless n-tier rich client GUI applications
• Leverages ADM2 and ABL
• Defined approach to UI development using
  Repository
• Optional use of UI definitions at runtime
• Managers to provide common infrastructure
• Security, Context, Localization, Personalization,
  etc.
• Productivity Tools for development and deployment

5
Progress Dynamics Product Status
Dynamics is alive and well!

• Fully supported, evolving and shipping as a part
  of OpenEdge Studio
• Latest active version is 10.1A01
• Upgrade path from 2.1B01 or 10.0B03 (via 10.1A)
• Primary focus on stability and performance
• New features and functionality provided to
  Dynamics by core OpenEdge platform capabilities
• Optional tools / framework support for new
  platform capabilities where relevant
• ProDataSet
• XP manifest

6
Progress Dynamics Roadmap
Functionality specific to Dynamics

• Latest maintenance releases for previous versions
• 10.0B04
• 2.1B02
• No current plans for additional service packs
• Planned next major release 10.1B
• Bug fixes
• Dataview completeness (dynamic treeview, caching)
• Deployment automation
• int64 data-type support
• Browse view-as support
• Browse column sort indicator support
• Support in OpenEdge Architect?

7
Progress Dynamics Roadmap
A natural evolution
8
Moving Forward with Progress Dynamics
Excellent starting point for 10.1A feature
adoption
9
Moving forward with Progress Dynamics
Steroid Prescription OpenEdge 10.1A

• Take advantage of core platform capabilities
• Enhanced security
• Secure and non-repudiable audit trails
• OERA compliant logic through DataViews and
  ProDataSets
• Modern XP look and feel
• Object Orientated Language Extensions
• OpenEdge Architect

Upgrade to the latest release of 10.1A01
10
Agenda

• Dynamics Roadmap Overview
• Dynamics as a Trusted Authentication Domain
• Integrating OpenEdge Auditing
• OpenEdge Reference Architecture Compliant Logic
• Achieving a Competitive UI

11
Dynamics as a Trusted Authentication Domain
The Goals

• Register Dynamics as a
• Trusted Authentication System
• Automate maintenance of default
• Dynamics Application Domain
• Assert Dynamics user as identity for OpenEdge
  Auditing and DB Security
• Leverage existing Context Manager
• Support re-authentication functionality
• Ensure clean session shutdown

12
Adopting New 10.1A Security Core Services

• CLIENT-PRINCIPAL handle (ghCP)
• ghCPSEAL (your-domain-password)
• rawVar ghCPEXPORT-PRINCIPAL ()
• ghCPIMPORT-PRINCIPAL (rawVar)
• ghCPLOGOUT ()
• Trusted Domain Registry
• Runtime Permission Checking Option
• SECURITY-POLICY
• REGISTER-DOMAIN
• LOCK-REGISTRATION
• SET-CLIENT (ghCP)

Common Infrastructure
13
Dynamics as a Trusted Authentication Domain
Preparation

• Upgrade ICFDB to 10.1A
• Add Type II Storage Areas for Auditing
• prostrct add ICFDB addaudit.st
• Enable Auditing

d "Audit_Data"20,32512 . f 40960 d
"Audit_Data"20,32512 . d "Audit_Index"21,164
. f 5120 d "Audit_Index"21,164 .
proutil ICFDB -C enableauditing area Audit_Data
indexarea Audit_Index deactivateidx
14
Dynamics as a Trusted Authentication Domain
Preparation
15
Asserting the Trusted User Identity (who)
Re-establishing identity
Client Processes
Application Server
Create CLIENT-PRINCIPAL
Retrieve CLIENT-PRINCIPAL
ContextData
Reset User identity
Retrieve CLIENT-PRINCIPAL
Context Sub-system
hCpLOGOUT
Application ServerShutdown
16
Customize Dynamics Framework to adopt new
Security Core Services
Intercept session activity that changes the user
identity

• PROCEDURE establishSession
• For Appserver roundtrips via as_activate.p
• FUNCTION setPropertyList (currentuserlogin)
• At session startup and user re-logon

• RUN assertUserIdentity in Security Manager (see
  next slide)

Modify Session Manager af/app/afsesmngrp.i
17
Customize Dynamics Framework to adopt new
Security Core Services
Manage CLIENT-PRINCIPAL in Security Manager

• Define global variables for trusted domain and
  register via new setupTrustedDomain
• Setup global handle for CLIENT-PRINCIPAL
• Subscribe to session shutdown to cleanly logout
  user via new ICFCFM_StartSessionShutdown and new
  logoutUserIdentity (proxy af/app/afseclogoutp.p)
• Add new PROCEDURE assertUserIdentity called when
  user changes
• Add new FUNCTION getClientPrincipal to expose
  object

Modify Security Manager af/app/afsecmngrp.i
18
Dynamics Field Security
Enhance Security with DB Runtime Permission
Checking

• Setup DB field CAN- permissions using Data
  Administration
• Use Dynamics user ids
• Always checked
• Non-Dynamics
• Access
• Use Combined
• approach for
• maximum security
• and flexibility

19
Agenda

• Dynamics Roadmap Overview
• Dynamics as a Trusted Authentication Domain
• Integrating OpenEdge Auditing
• OpenEdge Reference Architecture Compliant Logic
• Achieving a Competitive UI

20
Existing Dynamics Auditing


Entity Maintenance
API

ICFDB
gsc_entity_ mnemonic
Schema Triggers
af/app/ afauditlgp.p
4GL Client
Application Code
gst_audit
Session Manager (current user, etc.)
Generic Audit Data Query Tools
AuditReport
21
To Auditing in OpenEdge 10.1A


Audit Policy Subsystem
API

App DB
Policy Data
Audit Event Subsystem
Audit Data Subsystem
Application Data
Audit Data
Security Subsystem
Database
Internal
Application

Archive DB

Application Code
Archiving Subsystem
Reporting Subsystem
Archive Daemon
SQL Client
Audit Data
OfflineAuditData
AuditReport
22
Customize Dynamics Framework to adopt new
Auditing Core Service
The Goals

• Leverage new OpenEdge Auditing
• Satisfy Regulatory Compliance
• Guarantee non-repudiation
• Improve security
• Improve performance
• Improve scalability
• Leverage application auditing for framework
  events (in addition to DB events)

Retain existing Dynamics Auditing as an option
23
Customize Dynamics Framework to adopt new
Auditing Core Service
We are part of the way there already

• Upgraded ICDFB to 10.1A
• Enabled OpenEdge Auditing
• Setup new Security Options
• Registered Dynamics as a Trusted Authentication
  System
• Modified framework code to assert Dynamics user
  as trusted identity to use for Auditing

24
Customize Dynamics Framework to adopt new
Auditing Core Service
Define Audit Permissions
25
Customize Dynamics Framework to adopt new
Auditing Core Service
Administer Audit Policies

• Leverage shipped Audit Policy Maintenance Tool
  auditing/_apmt.p
• Run from outside of Dynamics application due to
  ADM2 customizations
• Beware audit permissions run via new
  auditing/setclient.w to do a SET-CLIENT
• Alternatively use APMT public API
• Load shipped policies auditing/policies.xml
• Define custom Dynamics events and policies
• Deploy custom Dynamics audit policies

26
Disable Existing Dynamics Auditing and Check Key
Fields
Ensure key fields match audit policy
Audit Enabled Flag
27
Imported Shipped Audit Policies / Define
Dynamics Audit Policies
auditing/setclient.w
Import shipped policies
Import sample Dynamics policies
28
Add New Product Module for Auditing Objects
29
Register New Auditing Manager in Repository
auditing/audmngrclntp.p and auditing/audmngrservp.
p
Client Version
Server Version
30
Add New Auditing Manager Type to All Sessions
31
Modify Session Startup

• Modify ICFCFM_InitializedServices to create the
  AUDIT-DB alias for ICFDB
• Used to prefix any _aud table references in code
• Used to compile sample Audit Data Access Object

Modify Startup Procedure dynamics/icfstart.p
32
Add Application Audit Events
checkUser in af/app/afsecmngrp.i
launchProcedure in af/app/afsesmngrp.i
launchContainer in af/app/afsesmngrp.i
33
Manage Application Context
Sample scoping to UI Container (ADM2)

• PROCEDURE initializeVisualContainer
• Set Application Context
• PROCEDURE destroyObject
• Clear Application Context
• Each runs af/app/auditcontextp.p on Appserver if
  no local ICFDB

Modify adm2/containr.p
34
Ensure Audit Toolbar Button is always Enabled
Delete the AuditEnabled check
35
Modify General Manager Audit Data Checks
Fix Audit Filter Tick Checking ?

• Modify all CAN-FINDs on gst_audit to use APIs in
  new Audit Manager
• checkAuditDataExists
• checkAuditDataForTable

• PROCEDURE cacheEntityMapping
• Called from cacheEntity
• PROXY af\app\afgencchentmapp.i
• PROXY af\app\afgencchentmapp.p

• PROCEDURE getRecordUserProp
• Called from src/adm2/entityfields.i used in
  adm2/query.p for transferDBRow and
  transferRowsFromDB

Modify General Manager af/app/afgenmngrp.i
36
Replace Audit Data Query Window

• Integrate new Dynamics Query Window for Auditing
  dynauditquery
• Register new object into repository
• Add to transaction menu ICFAF-Tran
• Modify adm2/datavis.p PROCEDURE toolbar
• WHEN 'Audit'U THEN runs launchcontainer for
  gstadobjcw
• change to launch dynauditquery

37
Add Audit Data Query Window to Menu
38
Add Audit Application Events Optionally Migrate
existing Audit Data

• Optionally
• Set / clear audit context at appropriate points
• Insert application events as required, e.g.
• launchContainer in Session Manager
• launchProcedure in SessionManager
• sessionShutdown in Config Manager
• Etc.
• Optionally write migration for old audit data
• See sample auditing/migrateaudit.p

39
Lets see all this in Action
40
Agenda

• Dynamics Roadmap Overview
• Dynamics as a Trusted Authentication Domain
• Integrating OpenEdge Auditing
• OpenEdge Reference Architecture Compliant Logic
• Achieving a Competitive UI

41
ADM2 OpenEdge Reference Architecture

• SmartDataObject
• Presentation logic
• Business logic
• Data access logic

ADM2 UI
Smart Data Object
Presentation
Enterprise Services
Business Services
Common Infrastructure
Data Access
Data Sources
Monolithic data provider
42
Introducing the new DataView
SmartWindow
VisualObjects
DataView
Data container
Dataset
Temp-table
ADM Dataset Object
Temp-table
SmartWindow
Service Adapter
Service Interface
Service Interface
Business Entities
Business Tasks
Business Workflow
43
OERA compliant logic with a Dynamics GUI
The Steps

• Implement Service Adapter adm2/serviceadapter.p
• retrieveData
• submitData
• Develop Business Entities and Data Access Objects
• Use OpenEdge Architect T4BL
• Optionally migrate existing logic from SDOs
• Build viewers and browsers
• Build Window
• Add Dynamic DataView object (in place of SDO)
• Specify BusinessEntity property
• Specify DataTable property
• Add visual objects and create links as usual

44
New OERA Compliant Audit Query Window
Dynamic Object DynAuditQuery

• Provided sample service adapter / client proxy
  implementation
• adm2/serviceadapter.p
• Provided sample server gateway
• auditing/proSIgateway.p
• Provided Audit Data DataSet (plus supporting
  temp-table includes)
• auditing/ds_aud-audit-data.i
• Provided Business Entity (BE) and Data Access
  Object (DAO) to query audit data
• auditing/beauditdata.p
• auditing/da_aud-audit-data2.p
• Uses sample CLASS to manipulate query in DAO
• ADMClass\DSQueryString.cls

45
Moving to Session Free Appserver (statefree)
Longer Term (no sample code provided yet)

• No automatic CLIENT-CONNECTION-ID and
  SERVER-CONNECTION-ID matching
• Must supply Session ID with EVERY request
• From client use a GUID for the Session ID
• Modified ry/app/rysessnidp.p and
  af/sup2/afsessnidp.p to use new GUID rather than
  seq_session_id
• Push client session info into context DB at time
  of authentication keyed on above Session ID
• Implement re-establishing session in Service
  Interface rather than as_activate.p using
  passed in Session ID
• Push correct session ID into gscSessionId so rest
  of code works as is.

46
Agenda

• Dynamics Roadmap Overview
• Dynamics as a Trusted Authentication Domain
• Integrating OpenEdge Auditing
• OpenEdge Reference Architecture Compliant Logic
• Achieving a Competitive UI

47
Use Case Achieving a competitive UI
The Steps

• Use XP manifest
• Review colors / icons
• Use left-align labels
• Implement MDI ActiveX container / menu
• Replace dynamic objects with ActiveXs e.g. new
  grid control
• Codejock ActiveX Controls
• See PSDN for more details
• http//www.psdn.com/library/entry.jspa?externalID
  1244categoryID77

48
Use Case Achieving a competitive UI
49
Connecting OERA compliant logic with a
Competitive Dynamics GUI
50
In Summary
OpenEdge 10.1A provides the Steroids!

• Dynamics is still alive and well
• Existing users well positioned to adopt new 10.x
  functionality
• No requirement to do anything
• Upgrade to the latest release 10.1A01
• Achieve a competitive UI
• Move to OERA compliant logic
• Leverage secure non-repudiable audit trails
• Leverage new security capabilities
• Leverage OpenEdge Architect
• Leverage OO extensions to ABL

51
Relevant Exchange Sessions
Where to get more detail

• DB-4 Who does What and When regarding Auditing?
• DEV-4 Extending Progress Dynamics
• DEV-17 Effective Design and Deployment of
  OpenEdge Audit Policies
• MOVE-5 Improving the look and feel of your
  Application
• MOVE-9 Audit enable your application the easy
  way
• MOVE-14 Migrating Your Authentication System to
  OpenEdge 10.1A and Beyond
• MOVE-15 Leveraging Business Entities, Data
  Access Objects and ProDataSets with a Progress
  Dynamics or ADM2 GUI

52
Questions?
53
Thank you foryour time
54
(No Transcript)
55
Bonus Slides for Reference Only

• Not part of actual presentation included to
  help explain how to use sample code referenced in
  the presentation

56
Notes about Demo Code

• Code is sample only and is incomplete
• shortcuts taken for simplicity (but commented)
• Does not cater fully for internationalization,
  e.g. assumes American format in some places
• Sample serviceadapter.p is massively simplified
  and only caters for AuditData Business Entity
• There is no support for batching implemented
• Code assumes Dynamics 10.1A01
• Customizations are made in actual Dynamics and
  ADM2 source rather than in custom supers for
  simplicity issues for future upgrades
• Code makes use of 10.1A01 core functionality,
  e.g. OOABL.

57
Using the Demo Code

• Unzip contents of auditdemo.zip into your working
  directory
• Be sure to keep folder names
• Need to add additional PROPATH entries
• dynui\src
• dynui\src\adm2
• dynui\src\dynamics
• Audit enable ICFDB and any application databases
  as explained in slides
• Load audit policies as explained in slides
• Load sample ADOs using dataset import see next
  slide
• Regenerate your icfconfig.xml to include the new
  Audit Manager in all Dynamics sessions

58
Using the Demo CodeImporting the sample ADO files
59
REFERENCE Other ADM2 Customizations
FUNCTION getRequestHandle

• Fix limitation preventing containers with
  dataviews being run from non dataview containers
• Fix will be part of a future service pack /
  release of ADM2

Modified Container Super adm2/containr.p
60
REFERENCE Other ADM2 Customizations
FUNCTION initializeVisualContainer

• Get Dynamics / ADM2 windows to dock into the
  Appbuilder perspective when launched from inside
  OpenEdge Architect
• NB Also need to bootstrap Dynamics session when
  open a project in OpenEdge Architect
• For now can be done by manually running
  icfstart.p from the Appbuilder perspective OR
• Adding RUN icfstart.p to _idestartup.p and ensure
  it is in your project PROPATH

Modified Container Super adm2/containr.p
61
REFERENCE Other ADM2 Customizations
FUNCTION obtainContextForServer

• To support passing application data from
  contained objects through to business entity
  using application context
• Need to link objects from the dataview with a
  link type of appcontext
• Add internal procedure to object called
  getApplicationContext that outputs a single
  character string
• Delimit context values in string with CHR(7) and
  CHR(8), e.g.
• name CHR(7) value CHR(8)

Modified DataView Super adm2/dataview.p