of 24
8/13/2019 Client Server(Maybank)
1/24
MULTIMEDIA UNIVERSITY
CLIENT-SERVER COMPUTING
TCS 3191
Client-Server Proposal for Maybank
LECTURER:
DR. LEW SOOK LING
PREPARED BY
Name Matrix Number
Abdul Fatah MohamadAdrian O'neil Stephen
1111112567
1071117045
Muhammad Idham Mokhter 1091106010
Mohd Aiman Abdul Halim 1101110632
Hazwan Burhanudin 1091106280
8/13/2019 Client Server(Maybank)
2/24
1.0 Background of the company
Overview
Maybank is among the top 5 banks in South East Asia with total assets of more than USD 150
billion. It has an international network of over 2,200 branches and offices in 20 countries,
employing 46,000 employees who serve over 22 million customers.
About
Maybank was established in 1960, and today is the largest company by market capitalisation on
the Malaysian Bourse (Bursa Malaysia). It is ranked first among listed Malaysian companies and
among the top 500 companies in the Forbes Global 2000 leading companies of the world.
The Maybank Group offers a comprehensive range of products and services that includes
commercial banking, investment banking, Islamic banking, offshore banking, leasing and hire
purchase, insurance, factoring, trustee services, asset management, stock broking, nominee
services, venture capital and Internet banking.
Maybanks mission is to humanise financial services across Asia, by providing access to
financial services to the people at fair terms and pricing, and to be always at the heart of the
community.
Vision
To be a regional financial services leader.
MissionThey want to humanize financial services across Asia by:
I. Providing the people with convenient access to financing
II. Having fair terms and pricing
III. Advising customers based and on their needs
IV. Being at the heart of community
8/13/2019 Client Server(Maybank)
3/24
Figure 1: Maybank Company
Maybank2U Homepage
8/13/2019 Client Server(Maybank)
4/24
2.0 The companys business operation.
I. Maybank operates consumer banking, business and corporate banking as well as private
banking services, through a network of 401 branch offices and more than
2,900automated teller machines in Malaysia. The company operates 22 branches in
Singapore providing a full range of banking and financial products and services.
Maybank, through Maybank Philippines Incorporated, has 55 branches in the Philippines
and also has a banking presence in most of the otherSoutheast Asian markets, including
Brunei, Papua New Guinea, Indonesia, Cambodia, Vietnam and Laos. The bank also
operates branches in New York, London, Hong Kong and Bahrain.
II. Beside its commercial banking network, Maybank operates a number of specialized
subsidiaries in the insurance, investment banking and assets management, and financesectors. The group's subsidiaries include Etiqa Insurance and Etiqa Takaful which
provides conventional and Shariah-compliant insurance products respectively, and
Maybank Investment Bank which is the Group's investment banking division following
the acquisition of Mayban Discount and Mayban Securities. Maybank was the first
Malaysian bank granted the right to establish a branch office in China.
III. The companys website service are :
a. Account Summary: Account Details, Today's Transaction, Transaction History
(last 60 days) and M2U History ( Last 30 days)b. Cheque Services: Cheque status, stop cheque, request for cheque book
c. Registered Bill Payment: Pay Over 500 bills and make future payments, enquire& cancel future payment.
d. Fund transfer: Own Account, Favourite 3rd Party, Favourite Interbank GIRO,
Favourite FTT, enquire & cancel future transfer
e. Bills & Statement: CASA, Advices & Notices, Bills (TNB, Telekom, DiGi)
f. Utilities: Change M2U Biz password
g. Mobile banking (M2U mobile): Account Summary, Registered Bill Payment,
Favourite Fund Transfer, View Forex & Deposit rates
h. Online viewing of Foreign Currency Account (FCA) and Master ForeignCurrency Account (MFCA).
http://en.wikipedia.org/wiki/Automated_teller_machinehttp://en.wikipedia.org/wiki/Southeast_Asianhttp://en.wikipedia.org/wiki/Southeast_Asianhttp://en.wikipedia.org/wiki/Automated_teller_machine8/13/2019 Client Server(Maybank)
5/24
3.0 Client Side
PLATFORM
We propose to use Microsoft Windows and Unix based operating system as a platform for our
system in normal browser. For mobile application, we propose to use Android and iOS (Apple)based operating system.
APPLICATION
Online electronic banking systems give everybody the opportunity for easy access to their
banking activities. These banking activities may include retrieving an account balance, money
transfers between a users accounts, from a users account to someone else account, and retrieving
an account history. As technology evolves, different kinds of electronic banking systems
emerge, each bringing a new dimension to the interaction between clients and Maybank. TheAutomated Teller Machine (ATM) is the first well known system that was introduced to
facilitate the access of the user to their banking activities. The user can perform some of the
transactions mentioned above via a graphical user interface. These are transmitted to the banks
computer system with which the device has established a communication link. The next propose
is the introduction of phone banking, users can use the phone keypad to perform banking
operations. The Internet offers a new alternative to the phone banking system. By means of a
more sophisticated and user friendly interface, a browser or a dedicated standalone application,
people can use the Internet to connect to the bank computer system. Electronic devices are
constantly getting smaller, while their functionality is extending. Now, mobile phones even offer
the possibility to perform electronic banking.
Example of normal browser for online banking Example of mobile banking application
8/13/2019 Client Server(Maybank)
6/24
PROCESS
Basic architecture of an Internet electronic banking system there are two participating entities
which is the client and the bank. When the user has a PC with a network connection, the most
common way to communicate with the Maybank is via a Web browser. The standard protocol for
communication between the browser and the banks Web server is then used. It is often referred
to as HTTPS, which is the HTTP protocol on top of a security layer HTTP is the communication
language of the WWW.
To avoid the problem of distribution and installation of extra software on the clients computer,we propose to deploy an intermediate solution. An ordinary browser is used at the client side, but
to increase the functionality, a Java applet is downloaded from the Maybank website. This applet
is a relatively small piece of software code that runs within the users browser, and that will
provide extra security functionality. A big advantage of this approach is that the applet
technology allows the bank to easily maintain and update the client software. Clients will
automatically download and use new versions of the software. Banks do not need to distribute
new software in an old fashioned way.
8/13/2019 Client Server(Maybank)
7/24
CONFIGURATION
We propose more security functionality than an ordinary browser is able to provide. This extra
security functionality included strong cryptography by using HTTPS, due to the normal transfer
protocol like HTTP traffic is very insecure and all data is transferred in clear text, the
authentication User ID or Password will be transmitted as clear text as well. This creates a
problem. Anyone can sniff these User ID or Password and gain access to server. To prevent this
we have to encrypt HTTP traffic, essentially HTTP with Secure Socket Layer (SSL) or as known
as HTTPS. Anything transferred over HTTPS is encrypted, so the user ID and Password cannot
be easily deciphered. HTTPS runs on port 443.
Step to configure SSL
SSL (Secure Socket Layer) is a protocol layer that exists between the Network Layer and
Application layer. There are three kinds of cryptographic techniques used in SSL which are
Public-Private Key, Symmetric Key, and Digital Signature.
1. The client request content from the Web Server using HTTPS.
2. The web server responds with a Digital Certificate which includes the server's public key.
3. The client checks to see if the certificate has expired.
4.
Then the client checks if the Certificate Authority that signed the certificate, is a trustedauthority listed in the browser. This explains why we need to get a certificate from a
trusted Certificate Authority.
5. If everything is successful the SSL connection is initiated.
Public-Private Key Cryptography
The Web server holds the private Key, and sends the Public key to the client in the Certificate.
Symmetric Cryptography
After the SSL connection has been established, Symmetric cryptography is used for encrypting
data as it uses less CPU cycles. In symmetric cryptography the data can be encrypted and
decrypted using the same key. The Key for symmetric cryptography is exchanged during the
initiation process, using Public Key Cryptography.
8/13/2019 Client Server(Maybank)
8/24
Encryption Process
1. In this step the Original "Clear Text" message is encrypted using the Sender's Private
Key, which results in Cipher Text 1. This ensures the Authenticity of the sender.
2. In this step the "CipherText 1" is encrypted using Receiver's Public Key resulting in
"CipherText 2". This will ensure the Authenticity of the Receiver i.e. only the
Receiver can decipher the Messsage using his Private Key.
3. Here the SHA1 Message Digest of the "Clear Text" is created.
4. SHA1 Message Digest is then encrypted using Sender's Private Key resulting in the
Digital Signature of the "ClearText". This Digital Signature can be used by the
receiver to ensure the Integrity of the message and authenticity of the Sender.
5. Step5: The "Digital Signature" and the "CipherText 2" are then send to the Receiver.
8/13/2019 Client Server(Maybank)
9/24
8/13/2019 Client Server(Maybank)
10/24
SYSTEM AND HARDWARE REQUIREMENT
Hardware Requirement:
Intel Pentium 4 Processor or higher
120 GB hard disk or higher
1GB MB RAM.
Monitor.
Keyboard.
Supported Browsers:
1. Chrome
2. Firefox3. Safari (not supported on Windows)4. Internet Explorer
Desktop:
For Windows
1. Windows Vista2. Windows XP3. Windows 7
4. Windows 8
For Mac
1. Mavericks (10.9)2. Mountain Lion (10.8)3. Lion (10.7)4. Snow Leopard (10.6)
Mobile and tablet:
For Android phones or tablets
1. Eclair and up (Android 2.1+)
For iPhone or iPad
1. iOS 5.0+
8/13/2019 Client Server(Maybank)
11/24
4.0 Middleware side.
PLATFORM
The most suitable platform to be used for banking portal such as MayBank shall be Service
Oriented Architecture(SOA). The Service Oriented Architecture(SOA) is used to restrict the
customer access for services only it is implement due to security purposes. Moreover, the
purpose of SOA is to enable the function especially for large software applications that in this
case, it is an online banking portal, which means there will be thousands of services provided.
Service orientation is also platform independent and has support for stateless communication
model. A stateless communication protocol treats each request independent transaction that is
unrelated to any previous request that fit really well with the required specifications as
middleware for online banking portal.
APPLICATION
Oracle database is known for any mission-critical commercial applications and online banking
portal is considered as one. Oracle provides Flashback Database, Table , Query , and Transaction
that fits really well with the needs of the entire framework . Since online banking portal database
will be very heavy , so oracle will be preferred as the applications . And then to piece it all
together , the application will be written in java as it is supported by Apache Struts web
framework . Web applications differ from conventional websites that only deliver static pages .
A website is a dynamic web application can react and interact with databases and business logic
engines to customize client server response , and Apache Struts is a specialized solution for
creating Java web applications . Moreover, by using java naturally allows the use of object-
oriented architecture . Since java is , the tools that will be used will be java SDK using the
command line and notepad to code . Alternative java IDE like Eclipse can be used as well, and in
this case, the eclipse has native support for developing web applications ; apache struts included.
STUB
RPC allows the implementation of client / server distributed system that allow customers to
connect to the remote server and request one of the services provided by the server. Both client
and server stubs will be attached to the middleware, in a way; middleware acts as an important
8/13/2019 Client Server(Maybank)
12/24
part for the RPC happens. Since the environment will be java so it will invoke a call method and
not the procedure call; it is also called all the Java RMI (Remote Method Invocation). Java RMI
principle is similar to RPC which allows access to remote objects, allowing an extension of the
local environment with using dynamic code loading.
HARDWARE
Middleware hardware is actually a software because it is usually doesn't need any specialized
hardware. It is used to connect two application in this case the middleware is used to connect
client and server and passes data among them. The middleware exists is in both of the client and
server machine. It includes needed API for client to server and send request back to client from
server.
8/13/2019 Client Server(Maybank)
13/24
PROCESS
Since this is an online banking portal where security is critical, the process is done
simultaneously which explains all the previous implementation. In RMI, when a method calls
another, it must wait for the called method to return before it can do any other job. Middleware
functions partly as a super-linker, finding a method that is called in the network and use network
services to pass a parameter or a function to the procedure and then return back the results.
CONFIGURATION
The Banking Portal will run entirely on the Struts framework, so all applications are stored on
the server side that includes web hosting will be placed inside the apache tomcat. Instead,
customers will have access to using JavaServer Pages (JSP) that is stored on servers and linked
by the Apache Struts framework. The middleware will play a role in use by customer demand,
which acts as a temporary database for cases such as a monthly summary of the transaction as an
example and change the relay, finally processed by the server back to the client JSP to be seen.
Below shows a general framework Apache Struts framework.
The Struts Architecture
As seen in the diagram above, the middleware is generally the controller Servlet that are defined
in the struts-config.xml file and the Business Logic that contains action scripts to invoke the
model which is in the server.
8/13/2019 Client Server(Maybank)
14/24
Sample of struts-config.xml file
SN Interceptor & Description
1struts-config
This is the root node of the configuration file.
2
form-beans
This is where you map your ActionForm subclass to a name. You use this name as an alias for your
ActionForm throughout the rest of the struts-config.xml file, and even on your JSP pages.
3global forwardsThis section maps a page on your webapp to a name. You can use this name to refer to the actual
page. This avoids hardcoding URLs on your web pages.
4action-mappings
This is where you declare form handlers and they are also known as action mappings.
5controller
This section configures Struts internals and rarely used in practical situations.
As you can see, the HelloActionForm.java file is located in the server and the index.jsp is the
clients request page. The middleware will take these information in the .xml and invoke the
HelloWorldActionForm. java method in the server when index.jsp is accessed and then the string
hello world will be relayed to the helloWorld.jsp from the .java file. on the clients browser,
the index.jsp is now replaced with helloworld.jsp and the string hello world will appear on
screen.
8/13/2019 Client Server(Maybank)
15/24
5.0 Server side.
PLATFORM
For the server side, we propose for the server side to use Oracle engine as the base platform. For
a banking portal, Oracle Server is a very stable, fast, extremely popular and affordable database
engine. There is a tremendous amount of support and resources available on the web and from
Information Technology (IT) providers. Plus, its relatively easy to work with.
APPLICATION
For application, it is better to use Oracle because of its database capabilities. Oracles
Application Server consists of an integrated, standards-based software platform. The Oracle
Application Server configurations are designed to ensure security of all transactions, maximize
hardware resources, and provide a reliable, standards-compliant system for enterprise computing
with a variety of applications.
HARDWARE
The specific hardware used for Server deployment can vary, depending on size and usage
requirements. These are the recommended hardware for the server.
CPU : 64-bit dual processor, hex-core, 2.26 gigahertz (GHz) or higher
Memory : 32 gigabytes (GB)
Disk : 8 or more 10,000 RPM hard disk drives with at least 72 GB free disk space. Two
of the disks should use RAID 1, and six should use RAID 10.
Network: 1 dual-port network adapter, 1 Gbps or higher (2 recommended, which requires
teaming with a single MAC address and single IP address)
8/13/2019 Client Server(Maybank)
16/24
PROCESS
Oracle Database creates server processes to handle the requests of client processes connected to
the instance. A client process always communicates with a database through a separate server
process.
Server processes created on behalf of a database application can perform one or more of the
following tasks:
Parse and run SQL statements issued through the application, including creating
and executing the query plan (see "Stages of SQL Processing")
Execute PL/SQL code
Read data blocks from data files into the database buffer cache (the DBW
background process has the task of writing modified blocks back to disk)
Return results in such a way that the application can process the information
Configuration
Since the server uses Oracle, the steps for configurations are:
Basic Initialization Parameters
Cloning Databases Using DBCA
Database Usage Statistics
Basic Initialization Parameters
The following parameter basic parameters that needs to be adjusted:
CLUSTER_DATABASE
COMPATIBLE
CONTROL_FILES
DB_BLOCK_SIZE
DB_CREATE_FILE_DEST
DB_CREATE_ONLINE_LOG_DEST_n
DB_DOMAIN
8/13/2019 Client Server(Maybank)
17/24
DB_NAME
DB_RECOVERY_FILE_DEST
DB_RECOVERY_FILE_DEST_SIZE
DB_UNIQUE_NAME
INSTANCE_NUMBER
JOB_QUEUE_PROCESSES
LOG_ARCHIVE_DEST_n
LOG_ARCHIVE_DEST_STATE_n
NLS_LANGUAGE
NLS_TERRITORY
OPEN_CURSORS
PGA_AGGREGATE_TARGET
PROCESSES
REMOTE_LISTENER
REMOTE_LOGIN_PASSWORDFILE
ROLLBACK_SEGMENTS
SESSIONS
SGA_TARGET
SHARED_SERVERS
STAR_TRANSFORMATION_ENABLED
UNDO_MANAGEMENT
UNDO_TABLESPACE
8/13/2019 Client Server(Maybank)
18/24
Cloning Databases Using DBCA
After the above parameters have been adjusted, databases need to be cloned using DBCA:
The "Template Management" section of the Database Configuration Assistant (DBCA) can be
used to clone databases. The following method creates a clone of and existing database including
both the structure and the data.
Start the Database Configuration Assistant (DBCA).
On the "Welcome" screen click the "Next" button.
On the "Operations" screen select the "Manage Templates" option and click the "Next"
button.
On the "Template Management" screen select the "Create a database template" option
and select the "From and existing database (structure as well as data)" sub-option then
click the "Next" button. On the "Source database" screen select the relevant database instance and click the
"Next" button.
On the "Template properties" screen enter a suitable name and description for the
template, confirm the location for the template files and click the "Next" button.
On the "Location of database related files" screen choose either to maintain the file
locations or to convert to OFA structure (recommended) and click the "Finish" button.
On the "Confirmation" screen click the "OK" button.
Wait while the Database Configuration Assistant progress screen gathers information
about the source database, backs up the database and creates the template.
By default the template files are located in the "$ORACLE_HOME/assistants/dbca/templates"
directory.
Database Usage Statistics
Database usage statistics helps us to monitor database usage statistics. :
DBA_HIGH_WATER_MARK_STATISTICS - Displays high waternmark statistics
(db_usage_hwm.sql).
DBA_FEATURE_USAGE_STATISTICS - Displays database feature usage statistics
(feature_usage.sql).
This information can be viewed in Enterprise Manager (Administration > Database Usage
Statistics). The page gives you access to both types of usage statistics.
8/13/2019 Client Server(Maybank)
19/24
ARCHITECTURE
For this assignment, we will use a dedicated server as its architecture. In dedicated server
architecture, the server process created on behalf of each client process is called a dedicated
server process (or shadow process). This server process is separate from the client process and
acts only on its behalf.
Oracle Database Using Dedicated Server Processes
As seen on the figure above, a one-to-one ratio exists between the client processes and server
processes. Even when the user is not dynamically making a database request, the dedicated
server process remains, although it is inactive and can be paged out on some operating systems.
The figure shows user and server processes running on networked computers. However, the
dedicated server architecture is also used if the same computer runs both the client application
and the database code but the host operating system could not maintain the separation of the two
programs if they were run in a single process. Linux is an example of such an operating system.
In the dedicated server architecture, the user and server processes communicate using different
mechanisms:
If the client process and the dedicated server process run on the same computer, then the
program interface uses the host operating system's interprocess communication
mechanism to perform its job.
8/13/2019 Client Server(Maybank)
20/24
If the client process and the dedicated server process run on different computers, then the
program interface provides the communication mechanisms (such as the network
software and Oracle Net Services) between the programs.
8/13/2019 Client Server(Maybank)
21/24
6.0 Sample Maybank banking clients request up to servers reply scenario
Automated Teller Machine(ATM)
As we all know, Maybank is a multinational company, which involve in banking industry. The
company communicates with millions of client every day. Here author want to show some
scenario involving client server communication using Automated Teller Machine (ATM).
Figure 1.1 : Automated Teller Machine (ATM) Scenario
Figure 1.1 shows the Automated Teller Machine (ATM) Scenario. Client of Maybank
Company will use this Automated Teller Machine (ATM) as mechanism to connect to the server. This
ATM will acts as client system interface. When client make the transaction with bank, this ATM will
connect to the bank account server. In the server side, its contain Tele-processing monitor which control
the transaction. Inside the account server also have the customer account database which will reply the
client request to the client. The client will get the reply message through ATM machine.
8/13/2019 Client Server(Maybank)
22/24
Internet Banking System
Nowadays, Internet banking system is the most popular ways that people use when they make
the transaction. This Internet banking is a system that allowing individuals to perform banking
activities at home, via the Internet. Figure 1.2 below show the Internet banking scenario.
Figure 1.2 : Internet Banking System Scenario
Figure 1.2 show the internet transaction processing which involving client server
system architecture. Client will use their computer or what ever device that can connect to thebank URL website htttps://www.maybank2u.com.my. By using Secure Socket Layer (SSL), it
will make the connection between client and server become more secure. After that, client will
have the HTTPS interaction with the web server which contain account service provision. This
web server will connect to database server using SQL query to have accessed to customer
account database. This database server will reply the request make by client. Client will get the
message after the server make HTTPS interaction back to the client.
8/13/2019 Client Server(Maybank)
23/24
SUMMARY
As in a nutshell, we manage to complete this proposal successfully by following all the
requirements. For client side, operating system like windows and Unix become the major
platform to the client side to view it in web browser. Client that normally use mobile phone to
do the transaction, author has suggest that iOS and Android is the most suitable operating
system. To connect to the web browser, Secure Socket Layer (SSL) is highly recommended. For
middleware, we suggest that Maybank should use Service Oriented Architecture (SOA) which
restrict customer access for service only it is implement due to security purposes. For the server
side, author has proposed to user Oracle engine as the base platform. The main reason is because
it is very fast, stable and extremely popular among the users.
We got the opportunity learn deeper about the client/server environment for a client
server system especially in banking industry called Maybank. Special thanks to our lecturer Ms.
Lew Sook Ling who guided us for this assignment throughout this semester. Not to forget to all
group members who have put all their efforts for this assignment.
8/13/2019 Client Server(Maybank)
24/24
REFERENCES:
1. The Struts Architecture :
http://www.onjava.com/pub/a/onjava/2005/11/02/what-is-struts.html?page=3
2.Sample Of struts-config.xml File :
http://www.tutorialspoint.com/struts_2/struts_configuration.htm
3.what is SSL:
http://www.digicert.com/ssl.htm
4.Inroduction Of Web Service:
http://acs.lbl.gov/projects/gtg/projects/pyGridWare/doc/tutorial/html/x284.html
http://www.onjava.com/pub/a/onjava/2005/11/02/what-is-struts.html?page=3http://www.onjava.com/pub/a/onjava/2005/11/02/what-is-struts.html?page=3http://www.tutorialspoint.com/struts_2/struts_configuration.htmhttp://www.tutorialspoint.com/struts_2/struts_configuration.htmhttp://www.digicert.com/ssl.htmhttp://www.digicert.com/ssl.htmhttp://acs.lbl.gov/projects/gtg/projects/pyGridWare/doc/tutorial/html/x284.htmlhttp://acs.lbl.gov/projects/gtg/projects/pyGridWare/doc/tutorial/html/x284.htmlhttp://acs.lbl.gov/projects/gtg/projects/pyGridWare/doc/tutorial/html/x284.htmlhttp://www.digicert.com/ssl.htmhttp://www.tutorialspoint.com/struts_2/struts_configuration.htmhttp://www.onjava.com/pub/a/onjava/2005/11/02/what-is-struts.html?page=3