| At the foundation of any SIF deployment is a Zone Integration Server
(ZIS) (not to be confused with the 1954 Autosoviet ZIS, a race
car of the mid 1950's). It is software, the invisible courier that reliably delivers
information from one source to one or more destinations. Not
blindly, but aware of the information objects that are of interest
to the various applications, aware of what they're privileged to
send and receive, and aware of the security requirements of each
application's connections. Translating this awareness into enforced
policies, it provides secure and reliable message broker services. |
(Autosoviet ZIS) |
|
ZIServer is
Visual Software's Zone Integration Server, built for today's
needs and tomorrow's growth.
Now with
PrivacyPlus
Dynamic Element-Level Filtering
ZIServer, Visual Software's Enterprise class Zone
Integration Server is all new for 2008 and for SIF 2.x.
Built using Microsoft's .NET 3.5 Platform, LINQ and SQL
Server, it is designed for flexibility, performance,
scalability, auditability, manageability and security.
Features:
-
Compatible with any SIF
1.1/1.5/2.x
compliant agent
-
Compatible with US and
UK SIF specifications
-
Supports
multiple zones in one server
- multiple zones would be useful for regional or hosted
implementations or where the district's student information
system is implemented at the school level
-
Supports multiple
contexts concurrently
-
Provides web-based
administration and management
-
Provides tracing and
auditing capabilities
-
Maintains object level privileges by agent
-
New: maintains element-level
privileges by agent - see more
-
Monitors activity in real time
-
Persists messages across agent and
system failures
-
Supports Push (asynchronous) and
Pull (polled) agents
-
Supports Certificates and Encryption
-
Can be installed using any version of SQL
Server, from SQL Server 2005 Express (available free of charge)
to large scale, clustered Enterprise Editions for state or
regional implementations
ZIServer is available in three editions:
-
Compact: for districts with up
to 3,000 students
-
Standard: for districts with up
to 10,000 students
-
Enterprise: for districts with more
than 10,000 students or organizations wanting support
for multiple processors or redundant back-end databases
|
(context/zone/agent settings)
(context/zone/agent settings - agent
details)
(security settings)
(audit messages)
(click to see full size screen images) |
|
|
|
|
|
|
ZIServer
PrivacyPlus
Dynamic Element-Level
Filtering
|
PrivacyPlus is a feature unique to ZIServer
that provides an optional layer of privacy on top of the
privacy that is already mandated by the SIF specification.
ZIServer's default configuration (that required by the SIF
specification) is to allow administrators
to set up permissions restricting information being sent to
applications at the object level. This is good and
this is needed. But, what we've heard from customers
is the desire to have finer control over how data is being
distributed.
The issue...
For example, in the US, the StudentPersonal object has an
element named "NeglectedDelinquent". Since it is in
the StudentPersonal object, all applications subscribing to
that object would receive the StudentPersonal, complete with
the NeglectedDelinquent status. We would need to trust that all the
receiving applications that did not need that information would be responsible enough to
receive then properly discard this information. Many feel
uncomfortable with it going there in the first place.
Other information in the StudentPersonal
SIF object that people might feel uncomfortable having
distributed to a wide audience might include:
- EconomicDisadvantage
- IDEA - Is the student IDEA-eligible ("special
education")?
- MedicalAlertMessages
- Migrant - Is this a migrant student?
- Title1 - Is this student in Title 1 programs?
- EconomicDisadvantage
- ELL - Is this an English Language Learner?
- Homeless
How we addressed it...
First, we define for each object a list of the elements that
are questionable for each object (like the one mentioned above).
(We
don't include elements like BirthDate or
FirstName for two
reasons: we don't want to require the administrator to
look past all of the elements that will never be selected
and we want ZIServer to be able to process these filters
quickly.)
Then, when you are assigning permissions to agents in ZIServer,
if an agent is subscribing to an object that has
restrictable elements, the object name shows up in
the list as a hyperlink (as in this screen shot): |
(Click on the thumbnail to see
a full sized screen) |
When you click on the object
name, you are shown the list of restrictable
elements. Here you get to choose which
elements' values will never make it to this agent.
So, for a single message being sent to ZIServer,
there may be several different versions distributed
to subscribing agents. This is because the
filters are set up for each
subscriber independently.
For example, information that may be appropriate to
send to a nurse's office application may not be
appropriate to send to a library application, so the
two may be configured differently. |
(Click on the thumbnail to see a full sized screen) |
What about
auditing?
Having several versions of the same
message is unusual - excellent for security and privacy
protection, but unusual. For this reason, ZIServer
audits what it does. For each variation of a message
it creates, it creates an audit copy and logs it.
Furthermore, for all versions of ZIServer that support full
auditing (Standard and above), the audit database is
maintained separately so that it can be kept on a separate
secure server. If you prefer, the data in the audit
database can be kept encrypted as well for added security.
What about compatibility?
Visual Software has been able to make
these changes without compromising compatibility with any
existing agents. It is compatible with US versions
1.1, 1.5r1, 2.*, and the UK version 1.1. ZIServer's
default configuration (without any filtering) is the same as
the standard SIF definition.
What about Vertical Reporting?
If your ZIS is used to pass information
for vertical reporting, you can use this feature to
guarantee that only the information you want leaves your
server - you now control who sees what
information, down to the element level.
|
|
|
|
|
ZIServer Compact Edition |
The Compact Edition is expressly
designed for smaller districts or organizations that would
like to set up a test lab for SIF simulations or parallel
test environments.
Teamed with Microsoft SQL Server Express Edition (freely
downloadable from the Microsoft web site), the Compact
Edition can be installed on either a Windows Server or
Professional Desktop Edition computer.
The compact edition supports multiple zones, multiple
contexts and has all the security features of the other
editions of ZIServer. It supports both Push and Pull
agents, all supported SIF versions, for both the US and UK
versions of the specification.
The administration utilities that accompany this version are
the standalone website version (not the SharePoint version)
and the auditing capabilities are restricted (limited by SQL
Express' 4GB database size limitations). |
ZIServer Compact Edition |
| |
|
ZIServer Standard
Edition |
The ZIServer Standard Edition is intended for most mid-sized
school districts. It is paired with the Standard
Edition of Microsoft SQL Server (not included) and runs on a
single processor server (multiple cores are allowed).
In this example, the Standard Edition is installed on a
single processor (possibly multi-core), single server,
paired with SQL Server Standard Edition. The ZIS admin
utilities can either be installed as a standalone web site
or as a SharePoint site. |
ZIServer Standard Edition
Server and database installed on same machine |
In this example, the database is installed on a separate
server. Although not visible in the diagram, the ZIS
and Audit are separate databases and can actually be
installed on separate servers if required, giving the
district the option of moving the audit information to a
more secure location. |
ZIServer Standard Edition
Server and database installed on separate machines |
| |
|
ZIServer Enterprise
Edition |
The Enterprise Edition is our most powerful and flexible
option. Although it can be run in a stand-alone
configuration, it can also support multi-server farmed
configurations with redundant database servers and load
balanced front-end servers for the most demanding workloads.
The configuration to the right is a simple configuration,
with a single front-end server and a single database server.
As with the Standard Edition, the Audit Database can be on
the same database server or can be located on a separate
server for added security. |
ZIServer Enterprise Edition
Server and database on separate machines |
In this configuration, the database server is mirrored and
ZIServer is set up to "fail over" to the mirror database
server should the primary server encounter problems.
In this scenario, SIF traffic would continue uninterrupted. |
ZIServer Enterprise Edition
Server and redundant database servers |
This diagram illustrates a ZIServer farm configuration where
the ZIS engine and the administration utilities are
installed on more than one server in a load balanced
cluster. In this example, there are three
(multiprocessor) servers in the cluster and two mirrored
(multiprocessor) database servers holding the working and
audit databases.
Incoming traffic (requests, events and other SIF messages)
will be received randomly by the three servers and outbound
traffic will likewise be distributed among the three
servers. If one of these servers goes down, the
remaining servers will continue to handle the traffic.
|
ZIServer Enterprise Edition
Server farm and redundant database servers |
Warning: Technical (but important) stuff ahead!
There is a significant difference between between
applications that were retrofitted to work in multi-server
environments and those that were designed to work in them.
For example, one of the key responsibilities of a ZIS is to
deliver messages waiting to be sent to SIF push agents.
This is a significant amount of work - if they are all
routed from a single server, then your server farm is
unbalanced and one server becomes overloaded.
ZIServer balances both outbound as well as inbound activity
in server farm configurations. The screen to the right
shows ZIServer's thread manager that displays the different
threads it starts and the machines in your farm it starts
them on. It also allows the administrator to override
this assignment and move them from one machine to another.
|
Server Farm Thread Management Screen |
Considering a
server farm? Ask how outbound traffic to SIF push
agents is balanced between servers and how it can be
re-balanced if one of the servers in the farm goes down.
If it isn't balanced, you may not get much better
performance than a single server ZIS in production because
you will end up being bottlenecked by the dedicated
push-service output machine.
|
|
 SIF
Certified
ZIServer, with all of the features shown above, is SIF certified for
SIF version 2. Although the privacy features in PrivacyPlus
are not in the SIF specification, they do not interfere with it
working in a standard way with SIF-certified applications. To
prove this, we used our PrivacyPlus equipped ZIServer when we tested
for certification.
For more information, please call (215) 493-8210, x114 or send us a
request at Contact Us. |
|
|
