Cape Henry Technologies Inc.

Archive for February, 2010

I really like Ruby on Rails for personal application development. If I had more time, I would probably invest more of this time learning Rails to actually help small businesses develop applications. Anyhow, I have created an accounting program called “Books” that is really easy to use and I wanted to describe here how the database is used and created.

When you create your Rails application a ton of code is written for you. The key database file is called database.yml and it’s found in the project tree at /config/database.yml. Here’s my file.

20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

# Licensed by Cape Henry Technologies Inc. 
# Cape Henry Technologies Inc. licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.    
 
# SQLite version 3.x
#   gem install sqlite3-ruby (not necessary on OS X Leopard)
 
 development:
  adapter: mysql
  encoding: utf8 
  database: books_development 
  pool: 5 
  username: root 
  password: 
  socket: /tmp/mysql.sock
 
#  adapter: sqlite3
#  database: db/numbers_development
#  pool: 5
#  timeout: 5000
 
# Warning: The database defined as "test" will be erased and
# re-generated from your development database when you run "rake".
# Do not set this db to the same as development or production.
 
 test:
     adapter: mysql
     encoding: utf8 
     database: books_development 
     pool: 5 
     username: root 
     password: 
     socket: /tmp/mysql.sock
 
 production:
     adapter: mysql
     encoding: utf8 
     database: books_development 
     pool: 5 
     username: root 
     password: 
     socket: /tmp/mysql.sock

Notice the database name is “books_development” for all database schemas. I commit the project files to Github and tag versions. I then download a zip of the version I want and explode it into a directory called “books-2010″ and I then change the database.yml file database names to “books-2010″. This way when I run the application and actually use it, the production data is safely handled by this application source code I downloaded.

When I make the application public, one would download the version, and issue the following commands in the project root directory.

20
21
22

rake db:create <enter>
rake db:migrate <enter>
rake db:seed <enter>

The seed functionality is very cool in it’s own right. You can make up a file to preload reference data or in my case, initial accounts for your chart of accounts. Here’s a copy of seeds.rb and it’s found at /db/seeds.rb.

20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187

# This file should contain all the record creation needed to seed the database with its default values.
# The data can then be loaded with the rake db:seed (or created alongside the db with db:setup).
#
# Examples:
#   
#   cities = City.create([{ :name => 'Chicago' }, { :name => 'Copenhagen' }])
#   Major.create(:name => 'Daley', :city => cities.first)
 
 
general_ledger = GeneralLedger.create([
{
  :company_name => 'Acme Mousetraps Inc.',
  :address1 => '123 Pleasantville Road',
  :address2 => '',
  :city => 'Omaha',
  :state => 'Nebraska',
  :zip => '76499',
  :registered_agent => 'John Doe',
  :tax_id => '1234567890'
}
])
 
accounts = Account.create([
    {
      :acct_no => '100',
      :acct_name => 'Cash',
      :acct_type => 'A',
      :balance => '1000.00',
      :general_ledger_id => '1'
    },
    {
      :acct_no => '102',
      :acct_name => 'Accounts Receivable',
      :acct_type => 'A',
      :balance => '0.00',
      :general_ledger_id => '1'
 
    },
    {
      :acct_no => '109',
      :acct_name => 'Capital',
      :acct_type => 'A',
      :balance => '0.00',
      :general_ledger_id => '1'
 
    },
    {
      :acct_no => '103',
      :acct_name => 'Supplies',
      :acct_type => 'A',
      :balance => '0.00',
      :general_ledger_id => '1'
 
    },
    {
      :acct_no => '104',
      :acct_name => 'Equipment',
      :acct_type => 'A',
      :balance => '0.00',
      :general_ledger_id => '1'
 
    },
    {
      :acct_no => '202',
      :acct_name => 'Accounts Payable',
      :acct_type => 'L',
      :balance => '0.00',
      :general_ledger_id => '1'
 
    },
    {
      :acct_no => '202',
      :acct_name => 'Tax Payable',
      :acct_type => 'L',
      :balance => '0.00',
      :general_ledger_id => '1'
 
    },
    {
      :acct_no => '300',
      :acct_name => 'Drawing',
      :acct_type => 'L',
      :balance => '0.00',
      :general_ledger_id => '1'
 
    },
    {
      :acct_no => '500',
      :acct_name => 'Rent Expense',
      :acct_type => 'E',
      :balance => '0.00',
      :general_ledger_id => '1'
 
    },
    {
      :acct_no => '501',
      :acct_name => 'Supplies Expense',
      :acct_type => 'E',
      :balance => '0.00',
      :general_ledger_id => '1'
 
    },
    {
      :acct_no => '502',
      :acct_name => 'Books Expense',
      :acct_type => 'E',
      :balance => '0.00',
      :general_ledger_id => '1'
 
    },
    {
      :acct_no => '503',
      :acct_name => 'Meals Expense',
      :acct_type => 'E',
      :balance => '0.00',
      :general_ledger_id => '1'
 
    },
    {
      :acct_no => '504',
      :acct_name => 'Auto Expense',
      :acct_type => 'E',
      :balance => '0.00',
      :general_ledger_id => '1'
 
    },
    {
      :acct_no => '505',
      :acct_name => 'Misc Expense',
      :acct_type => 'E',
      :balance => '0.00',
      :general_ledger_id => '1'
 
    },
    {
      :acct_no => '506',
      :acct_name => 'Electric Expense',
      :acct_type => 'E',
      :balance => '0.00',
      :general_ledger_id => '1'
 
    },
    {
      :acct_no => '507',
      :acct_name => 'Internet Expense',
      :acct_type => 'E',
      :balance => '0.00',
      :general_ledger_id => '1'
 
    },
    {
      :acct_no => '508',
      :acct_name => 'Liability Insurance Expense',
      :acct_type => 'E',
      :balance => '0.00',
      :general_ledger_id => '1'
 
    },
    {
      :acct_no => '509',
      :acct_name => 'Medical Insurance Expense',
      :acct_type => 'E',
      :balance => '0.00',
      :general_ledger_id => '1'
 
    }
 
])

The third rake command you issue, finds this files and pre-loads your database with this data.

I coined a new acronym the other day and I thought I’d share it here for historical reasons. Things get done during your day by completing each of your 15 minute to-do’s, tasks, honey-do’s, etc. These small tasks add up at the end of the day. And, the more you can get done, the more successful you are. It’s simple. Success comes in small wins. My acronym is SBSS or Success By Small Steps. Try it.

My contract with the North Carolina Department of Transportation (NCDOT) ends in April, 2010. A family medical situation restricts my moving again and I’d prefer to find a full-time position with a small but successful company because I’m looking to truly help their IT business thrive by providing more than just development skills. I would like to manage the development of medium to large enterprise Java development. My present position with NCDOT is an Enterprise Architect with the office of the CIO. I have been helping to steer and guide a large enterprise project that affects several State agencies. This project involves both mainframe and Java work. Please contact me with any opportunities you may have for the following:

• Enterprise Applications Architect
• Enterprise Java Architect
• Senior Java Developer
• Java Team Lead
• Senior Software Engineer
• Senior Development Team Lead
• Software Project Manager

I am available to start with a 2 week notice. I live in the Raleigh NC area and I’m willing to travel some if needed. I can also work well remotely. I’m dependable and I will get things done for you.

Introduction

I’m up against a rather difficult situation to solve a security issue for local WebSphere 7.0 developers. The network users are not allowed to install anything on their PC workstations, yet several teams of developers will be required to develop Java code on secured workstations using WebSphere 7.0. Even if an administrator were to install each WebSphere application server, the user would not be able to administrate the server properly because he/she would not have administrative rights to execute scripts, programs, tools, services, monitoring, port access, etc. I’m determined to find a good solution to this problem. I will share anything I find here.

Solution No. 1 (Unsuccessful)

I found some documentation online where individual profiles can be created from within the Rational Application Developer (RAD) tool (Custom IBM Eclipse). I tried using the profile management tools that came with the installation. I tried all permutations of check boxes, user selections, permissions modifications and did not find an acceptable solution. Usually something requiring special permissions would be part of IBM’s customization of Eclipse hence Rational Application Developer. This information would not be available on the Internet. I quickly accepted this solution to be a failure.

Solution No. 2 (Successful)

I have a local administration account and a general user account. As admin, I set permissions on two folders. These are:

• c:\Websphere
• c:\Program Files\IBM

The general user was added to both directories with write access. The directory c:\Websphere is used as extract_root, i.e. the directory is used to explode the 788 mb download of Websphere 7.0 at http://www.ibm.com/developerworks/downloads/ws/wasdevelopers/index.html. Next, I logged out as admin and logged in as the general user.

As general user, now I would extract the install into c:\Websphere and then do the install. The extraction of the install file was successful. No problems there. The install was a different story. The install will use a limited JRE, Java.exe and begin to install the application server. To begin the install run the following:

5

c:\Websphere\WAS\install.exe

The first dialog seen was a system dialog warning that a file called “install.exe” is being run. Click run. The next dialog is another system UI presentation asking “who” is going to run this file. I selected to run the program as a general user. The third system dialog asks if you want to run java.exe. Click “Run” and you will see the initial WebSphere Application Server 7.0 dialog. No frills, select “Next”. You are now presented with a license dialog. There are IBM and Non-IBM terms. Just check the radio button (accepting) and “Next”. Now, a dialog is presented informing you (general user) that your operating system prerequisites failed. Ignore this and select “Next”. That dialog did note that Service Pack 2 could not be found. Service Packs are installed but the general user does not have the level of access needed to verify them. The next dialog provides some information to consider. It says that it detected a non-root or non-administrative user. This will mean that the installation program cannot create a Windows service and also cannot write to the registry. Specifically, it would create a Windows service for WebSphere and write entries to HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services . It also notes that port access may be affected. Normally, locally running servers can access all ports locally as localhost. It “SHOULD” be okay to proceed. Select “Next”. You are now presented with a dialog for Optional Features Installation. You probably do want to select the checkbox for the Sample Applications. Select the check for the Sample Applications and then “Next”. Now you will see a dialog for specification of the installation directory. The default directory is normally for an administrator install c:\Program Files\IBM\Web, however in this case since we are installing something and not creating a Windows service, the installation has defaulted the directory to c:\IBM\WebSphere\AppServer . That “SHOULD” be okay. Accept that directory choice and then select “Next”. Another dialog is shown and it asks to select a particular environment. By default it’s set to Application Server. Select “Next” and proceed. You should now see a dialog called Enable Administrative Security. Select an administrative user name and password. I personally recommend that the password for the “samples” user be the same as your admin user. Now click “Next”. Now select the preview tasks and let the install begin. We will soon know if WebSphere Application Server 7.0 can be run and administrated by the general user.

It’s finished and … the dialog, Installation Results are in. The dialog noted “Partial Success”. The install of the IBM product WebSphere Application Server was successful. The IBM WebSphere Application Server Base is found at c:\IBM\WebSphere\AppServer . Some configuration steps have errors but these can be found at server_base\logs\install\log.txt . Also important information can be found server_base\profiles\AppSrv01\Logs\AboutThisProfile.txt . Click “Finish”.

I reviewed the install log and it looks like IBM is merely concerned that it cannot query the resident OS. We know the following about the partial success of this product.

• Installer cannot verify Service Pack 2 (It’s Installed)
• Installer cannot create a Windows Service
• Installed cannot write to Registry

The IBM product defines the “failure” where it cannot write to the Registry as “cannot perform a native registration with the operating system”. This should be okay. It only means that the general user has installed something that the administrators know nothing about unless they were to inspect the general user’s hard drive for this installation. The general user may not start and stop his development application using the Window’s service tools found under Control Panel/Administrative Tools. The start menu was modified during the install and start and stop options are available to the general user. I will test this thoroughly now.

When the installation completes it runs a Java application (dialog pop-ups) that provides a panel called WebSphere Application Server – First Steps – AppSrv01. AppSrv01 is the initial profile that is created during the installation. It should be sufficient for your local development. Select Installation Verification first. It should run some things and provide a log of its success.

20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

Server name is:server1
Profile name is:AppSrv01
Profile home is:C:\IBM\WebSphere\AppServer\profiles\AppSrv01
Profile type is:default
Cell name is:TestMachineNode01Cell
Node name is:TestMachineNode01
Current encoding is:Cp1252
Start running the following command:cmd.exe /c "C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin\startServer.bat" server1 -profileName AppSrv01
>ADMU0116I: Tool information is being logged in file
>           C:\IBM\WebSphere\AppServer\profiles\AppSrv01\logs\server1\startServer.log
>ADMU0128I: Starting tool with the AppSrv01 profile
>ADMU3100I: Reading configuration for server: server1
>ADMU3200I: Server launched. Waiting for initialization status.
>ADMU3000I: Server server1 open for e-business; process id is 3040
Server port number is:9080
IVTL0010I: Connecting to the TestMachine WebSphere Application Server on port: 9080
IVTL0015I: WebSphere Application Server TestMachine is running on port: 9080 for profile AppSrv01
Testing server using the following URL:http://localhost:9080/ivt/ivtserver?parm2=ivtservlet
IVTL0050I: Servlet engine verification status: Passed 
Testing server using the following URL:http://localhost:9080/ivt/ivtserver?parm2=ivtAddition.jsp
IVTL0055I: JavaServer Pages files verification status: Passed 
Testing server using the following URL:http://localhost:9080/ivt/ivtserver?parm2=ivtejb
IVTL0060I: Enterprise bean verification status: Passed
IVTL0035I: The Installation Verification Tool is scanning the C:\IBM\WebSphere\AppServer\profiles\AppSrv01\logs\server1\SystemOut.log file for errors and warnings.
[2/8/10 12:40:58:079 EST] 00000000 WSKeyStore    W   CWPKI0041W: One or more key stores are using the default password.
[2/8/10 12:41:06:782 EST] 00000000 ThreadPoolMgr W   WSVR0626W: The ThreadPool setting on the ObjectRequestBroker service is deprecated.
IVTL0040I: 2 errors/warnings are detected in the C:\IBM\WebSphere\AppServer\profiles\AppSrv01\logs\server1\SystemOut.log file
IVTL0070I: The Installation Verification Tool verification succeeded.
IVTL0080I: The installation verification is complete.

This proves that the general user can run the server. Now, the server sample applications should be tested to see if ports remain unblocked locally.

Select the link on the First Steps Dialog called “Administrative console”. You should get a browser with a block because of the self-signed certificate. Ignore the warning after you are sure that you understand what is happening. You will now see the login for the Administrative Console at URL https://localhost:9044/ibm/console/logon.jsp. I’m almost convinced that WebSphere only requires Java and use of ports locally. The server is running as localhost. An interesting note is that when you log in as the application administrator, the server switches the console server to port 9043 (security trick).

Cape Henry Technologies Inc. got a new theme today with the purchase of Artisteer.  This product creates Wordpress themes and it really does a good job.  We also switched our content management system from Joomla to the latest version of Wordpress.  We hope that this provides a more interesting site and also one that’s more pleasing to visit.  Please subscribe to our site by using the RSS syndication at the very bottom left of any page on the site.

The following paper was written by David Whitehurst, an independent contractor. It was prepared for a state government client as a first proposal for the installation of JBoss in promotional test, integration, and production environments. This is not the submittal for approval to the final enterprise solution. This document is closed for editing 7-1-2008.

Introduction

In the world of business today, the internet plays a big role in how you handle data, its administration, and storage. Everyone is concerned about security and that’s why it seems like every application we open requires another password. Microsoft has a built-in identity solution called Active Directory. This is used by many companies utilizing a Microsoft LAN/WAN (network) to require domain-level authentication on the network. This network authentication doesn’t prevent any application running on this network from waiving its authentication if needed. However, if your network users work with many applications, it’s very likely that they are entering a user and password many times a day. It’s also common to find that these applications will manage their own user accounts (including passwords).

The level of security implementations with each application may vary. An enterprise security solution should not consist of multiple application authentications. Authentication presents the question, “are you who you say you are?” When a user enters a password correctly, our systems assume the answer is yes, however, many forget that this question may be a lie because the password encryption was compromised, someone else saw the password, or they heard it and used it later, etc. The system or application is happy because the password was correct and therefore it has no further question of identity.

When each application in an enterprise has it’s own authentication, it’s as if each department, section, individual, etc. responsible for an application believes that it should implement another security solution. This is not a good philosophy. While one department, section, individual, etc. may be a security expert, another may not. Identity management should be a single enterprise service. Service oriented architecture (SOA) should be well understood and well documented. A single identity management system should require that each enterprise user identify herself and the system provide a fail-safe mechanism for this verification.

Problem Identification

Here at the Client Center, there are two specific systems of identification, facility entry and network entry. Each employee at Client must present a badge or be screened by a security guard before entry into a Client facility. All entries and exits are secure. Also the level of scrutiny is higher for those that do not have a badge. Network entry has one entry and exit as well. These entries and exits are maintained by one or more system administrators using Microsoft’s Active Directory. This user identification provides a high quality and very secure solution for identity management. What it does not do, however, is provide any assurance that this same username will be using the applications within the network boundary. And, when identity management is implemented at the application level, network identity is lost. Only active directory usernames should be used and/or identified.

Enterprise security should truly separate authentication from authorization. It’s very common that web applications require user and password logins. “Why?”, you would ask. Very often the response is “because we need to protect this application from outside threat.” Let’s examine security closely for a moment. The Oxford American dictionary defines security as the state of being free from danger or threat. Security is important because any application hosted on an intranet or the internet is subject to intrusion by unwanted visitors. And when your application is exposed to such threats, you need to protect it. Before you learn how to protect your applications, you should understand the two key concepts that define application security, authentication and authorization.

Authentication

If someone asks you for permission to do something, you first want to know who is asking and you then question yourself to be sure that you have identified this person correctly. In security terms, this person is a principal. A principal is the entity that is requesting access to a secure resource. An application that has secured its resources will first want to identify these principals that request access to these resources. This identification is called authentication. Authentication is the act of proving that the principal is genuine or real. This is normally done by requesting for a password input with computer programs. If the user can provide the correct password, then she must be genuine.

Many different technologies are employed by computer systems to verify identity. Some of these are public key cryptography, Kerberos, Java Cryptography Extension (JCE), Java Authentication and Authorization Service (JAAS), Secure Shell (SSH), Encrypted Key Exchange (EKE), Secure Remote Password Protocol (SRP), Lightweight Directory Access Protocol (LDAP), HTTP authentication methods, etc. These technologies are termed as authentication providers. Client’s network presently uses Microsoft Active Directory to prove identity using user/password authentication at network login. Please note that the levels of security between these different providers may vary greatly.

Authorization

Authorization provides access to system resources or methods once the principal has been identified. Authorization is usually based on predefined user roles. Normally, an application only has a few roles. Most commonly this is a user role and an administrative role. There is no standard list of application roles. The application requirements will dictate various actors and what operations they need to perform. And, the roles are derived from these actions and requirements. Authorizing methods are normally employed between public access points and requests that the system user could make. Authorization is the security method that should concern application developers, not authentication. Enterprise development has been slow to realize that authentication and authorization are two distinct and separate operations. Within the boundaries of an enterprise network, authentication should only occur once for users of system resources, intranet activity, business applications, common portals, etc. Operating systems, individual servers, web hosts, service providers, etc. would always require authentication and authorization for access to its resources. This scenario is very different from access and priviledge management of application data. This paper is focused specifically with application-level security.

It’s always the case that each application or product owner wants to protect his application. But, within the walls of a secure enterprise network, the application should only be concerned with privilege or authorization to use its services (what’s publically exposed).

Proposed Resolution

It is proposed that the Client network at the Client Center in Raleigh, North Carolina implement a Single Sign On (SSO) solution using Yale’s Central Authentication Service (CAS) and utilize the network Microsoft Active Directory using LDAP as an authentication means thereby using the existing network access identities. In addition to this, create a single configurable Spring servlet filter to verify authorization against the same Active Directory for any hosted JBoss application that does not manage its own user roles. Microsoft applications hosted on IIS do not have to use the proposed system, however, they can easily migrate to this enterprise system and use one of the Microsoft clients with CAS and quickly migrate. This would result in an inexpensive enterprise solution, proven security, and possibly better application performance over the hosting environment.

The present IIS reverse proxy can be easily replaced for JBoss by using a single SSO service (CAS) and adding a configured servlet filter and authorization role per URL.  Also, CAS is proven for large organizations and clients are provided for Java, Perl, Ruby, .NET, ASP, C#, ColdFusion, etc.  Presently, maintenance and implementation are of utmost importance here because the Technical Services group here in the Century Center should not have to program security solutions to a virtually undocumented single sign on (SSO) service.  Also, cookies are most commonly maintained on a session basis.  The reverse proxy in place on IIS now requires JBoss applications to authenticate repeatedly.  This is overkill.  The proposed system can adjust in-memory cookie timeouts easily.  But, if the authentication system (CAS) is trusting the identity of the application user, the JBoss applications only need to authorize this identified user.

The Central Authentication Service (CAS) is very popular and used by many large organizations to provide SSO.  Also, CAS is very secure and uses SSL. CAS provides a service manager that allows an administrator to just add the service URL for newly deployed application requiring single sign on and a security proxy call. These secured services will be kept in an Oracle database for presentation link reference.

Single Sign On (SSO)

SSO or Single Sign On is a quality method that’s being employed in Enterprise development to reduce password compromise and to require that application users only need to log in once within a browser session. The SSO concept is very logical, however, it’s always been difficult to implement and standards are slow to evolve. The IT folks at Yale University have developed a very popular solution to this problem called CAS.

What is CAS?

The Central Authentication Service (CAS) is a single server identity management or authentication system that provides an optional in-memory cookie or Single Sign On (SSO) service. CAS provides the ability to securely proxy to protected web applications or services. CAS was originally developed by Yale University and was adopted as a JA-SIG project in December 2004. JA-SIG is a non-profit global consortium consisting of educational institutions and commercial affiliates that promotes solutions to high-level architecture problems. CAS, one of the products they now manage, has now reached final release status and is used to provide a single point of authentication for a federated group of network or internet applications.

Why would do I personally recommend CAS?

I personally recommend its use because it’s successful, highly praised, used internationally, well documented, and it’s free. A list of happy customers is provided here.

In Production…

• Appian Corporation
• Athabasca University
• Azusa Pacific University
• BCcampus
• Bob Jones University
• California Polytechnic Institute
• California State University, Chico
• Campus Crusade for Christ
• Case Western Reserve University
• Columbia
• Darmstadt University of Technology (Germany)
• Dartmouth College
• Employers Direct
• The Evergreen State College
• Florida State University
• GET-INT
• H-E-B Grocery
• Hong Kong University of Science and Technology
• Indiana University
• Instituto Superior Tecnico (Lisbon, Portugal)
• Karlstad University, Sweden
• La Voz de Galicia, Spain
• Memorial University of Newfoundland
• Nagoya University
• NHMCCD
• Northern Arizona University
• Plymouth State University (used with SunGardHE Luminis)
• Pulaski Technical College
• Roskilde University
• Rotterdam University (Hogeschool Rotterdam)
• The Royal Institute of Technology (KTH)
• Rutgers, The State University of New Jersey
• Sabanci University
• SunGard HE Luminis
• Simon Fraser University (Vancouver, B.C.)
• Sony Online Entertainment
• Suffield Academy
• Tollpost Globe AS
• Universidad de Navarra
• Universita degli Studi di Parma
• Universite de Bourgogne – France
• Université de Bretagne Occidentale (Brest) – France
• Universite de La Rochelle, France
• Universite de Pau et des Pays de l’Adour, France
• University of Nancy 1, France
• Universite Nancy 2, France
• Universite Pantheon Sorbonne
• Universiteit van Amsterdam
• University Duisburg-Essen
• University of Arizona
• University of Bristol, England
• University of California, Berkeley
• University of California Merced
• University of California, Riverside
• University of Connecticut
• University of Crete, Greece
• University of Delaware
• University of Geneva
• University of Hawaii
• Uniwersytet Mikolaja Kopernika (Nicolaus Copernicus University)
• Uniwersytet Warszawski
• University of Illinois at Urbana-Champaign – Graduate School Library and Information Science
• University of Kansas Medical Center
• University of Nebraska-Lincoln (Center on Children, Families, and the Law)
• University of New England, Armidale Australia
• University of New Mexico
• University of Rennes1
• University of Saskatchewan
• University of Scranton
• University of Technology, Sydney
• University of Texas at Arlington
• SRCE – University Computing Centre, University of Zagreb (Croatia) English Version
• Uppsala University
• Valtech
• Virginia Tech
• Yale University

In Development…

• Brigham Young University
• Arizona State University

Conclusion

This document is in draft status and may be changed. A proper conclusion will be written after the proposal has been reviewed and implementation begins. The Client has the right to disapprove these suggestions and may opt to ignore any problems noted in this document.

The AppFuse Primer is now available on Amazon at http://www.amazon.com/AppFuse-Primer-David-Whitehurst/dp/0974884340/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1220880539&sr=8-1 If you’re looking for an excellent book to get you started with AppFuse this is the one. AppFuse has been around for a while and now you can buy a book to get you started. AppFuse is an excellent project to get you started doing enterprise level Java projects with a minimum time cost and understanding. Also, all of the source is available for your customization.

In 2009, we provided Java enterprise architectural consulting to the office of the CIO for the North Carolina Department of Transportation.  The goals to grow the company were not met, however we did strenghten our IT infrastructure to better support growth when the economy picks up.  The company is being poised for growth.  We are preparing for the opportunity of large enterprise Java projects.  This project could be yours.  Our 26 years of experience assures that we are focused on quality and delivery of your IT system.

Please contact us for your global IT consulting needs.  We are always looking for new business opportunity.  And, don’t forget, we do Java, Ruby on Rails, C, C++, PHP, Cocoa, Objective-C, and the iPhone SDK.