AMS on the World-Wide-Web

David W. Filiatrault, Craig A. Lightle, James E. Simmons, Jerrold M. Grochow
Center for Advanced Technologies
American Management Systems, Inc.
Fairfax, VA 22033

Abstract

The initial services we sought to provide included:

General corporate recognition and marketing information
Information for potential employees
Specific information about products and services
Customer support for current clients
Software updates

Developing a commercial server on the Web also meant that we had to deal with a number of issues including:

Overall network security
Copyright and intellectual property rights
Trade secrets
Two-way communication
Consistency of user interface

This presentation discusses the approach that we took and the various issues that our organization had to deal with in establishing AMS on the World-Wide-Web.

Introduction

American Management Systems is an international consulting, system design and development firm specializing in working with large scale strategic business applications. With the advent of significant commercial use of the Internet, many of our clients, prospects, vendors, and potential employees have access to the Internet. Our client base includes the largest commercial organizations in the financial, telecommunications, insurance, and pharmaceutical industries, as well as large governmental organizations and educational institutions. Many of these organizations have started to use the Internet for electronic mail and several are involved in discussions of broader electronic commerce. Since most of our vendors are themselves in the computer industry, they are also active in using the Internet. Similarly, many of our potential employees are college students who are issued Internet access from the beginning of their studies! While AMS has had direct Internet access for more than a year (domain name “amsinc.com”), we had primarily been using its mail facilities.

To provide better service and to open new opportunities for collaboration, we made the decision to develop a World-Wide-Web server. The advent of Mosaic as a “user friendly” tool for accessing the Internet has changed the perception of Internet use (and users) literally overnight. We saw this as an opportunity to establish a new way of providing access to our services - and of accessing our public.

This presentation discusses the approach that we took and the various issues that our organization had to deal with in creating a Web server for a commercial organization.

Description of the AMS World-Wide-Web Service

The services that we initially sought to provide on the AMS World-Wide-Web (WWW) Server included:

General corporate recognition and marketing information: based around the corporate annual report and other corporate marketing information
Information for potential employees: job availability, career paths, interviews with current employees, office locations, etc.
Specific information about products and services: descriptions from all of AMS's business units
Customer support for current clients: product questions and answers, release information, ability to request information
Software updates: distribution of interim software fixes to registered users

In other words, our intent was to provide a “full service” operation for all of the organizations and people with whom we interact.

Release 1 of the AMS WWW Server is currently available internally to AMS users over our world-wide network (AMSWAN). Internal users use TCP/IP to access our WWW Server running on a 486-based personal computer under the Windows NT operating system.

AMSWAN has been connected to the Internet using UUNET as our service provider for over a year. Anyone on AMSWAN with TCP/IP access has access to most Internet capabilities. On October 31, we will make the AMS WWW server publicly accessible over the Internet by accessing http://www.amsinc.com.

Implementation Issues

After an initial prototyping effort in the spring, development of the AMS WWW Server proceeded over about a three month period. During that time, we dealt with a variety of technical and management issues. However, even the technical issues sprang from management concerns. Once these were dealt with, the actual implementation was fairly straightforward.

Two key types of concerns were expressed in meetings of our internal Internet Task Force:

How to maintain network security while opening a link to the outside world
How to deal with the various issues of ownership, timeliness, and quality of the material to be presented on our server

The first issue could be dealt with by appropriate technical architecture of our Internet gateway, but the second would require an on-going effort as well as the establishment of new policies. Both the design of the technical architecture and the discussion of policy were carried out primarily on-line via Lotus Notes with the sponsorship of AMS's Center for Advanced Technologies.

Technical Architecture

The technical architecture team considered several approaches to ensuring that outside users had acceptable access to our server while other aspects of our internal network were protected. After several design sessions and consultation with technicians at UUNET, we designed a two-tier firewall system using a single leased line into UUNET. This would allow us to have both a WWW server and an FTP server, which we intended to use primarily for updating the contents of the WWW server.

The two-tiered firewall system is built using two Ethernet segments and one IP router. The IP router is used to link AMS to UUNET providing minimal packet filtering on an unsecure Ethernet segment and full packet filtering on the secure segment. The combined WWW/FTP server resides on the "unsecure" network. The secure segment is configured with appropriate IP packet filtering to prevent inbound Internet requests from passing onto the secure Ethernet which could then compromise AMS's wide-area network.

Management Issues

Most of the discussions in designing our Web server were focused on a broad range of management issues. It is impossible to bring up a new corporate communications mechanism like a Web server without surfacing many of these issues. While we did not "solve" them all, we found approaches that provided AMS with an acceptable degree of protection without unduly hampering our ability to create a complete Web server.

Overall network security
Security of our internal network was of primary concern. If we had not been able to deal with this issue, we would not have proceeded any further. One approach considered was to create a totally separate Internet connection for externally accessible servers but it was felt that this was not sufficiently flexible for our purposes. The two-tiered firewall described above provided the right combination of security and flexibility for AMS.
Copyright and Intellectual Property
Some of the issues we are dealing with here are still awaiting legal precedent and court resolution. At the current time, we feel confident that we can maintain appropriate legal rights over any AMS copyrighted materials that we put on our server. We will secure permission from other organizations directly for any other copyrighted works that we want to put on-line.
Trade secrets
The simplest way to protect trade secrets is to keep them secret. We will not put any information on our server that falls into this category. We are awaiting the arrival of secure communications on the Web before dealing with this type of information.
Two-way communication
Two-way communication, e.g. allowing people to request that we send them more information, is an important capability provided via a Web server. The issue we have to deal with is how to control access to this capability. If we were to get thousands of requests for information, for example, this would present a significant problem (our business is focused on doing larger projects with a small number of client organizations, perhaps only a few hundred in total). With the potential Internet audience of millions, most of whom are neither potential partners nor clients, this causes a great deal of concern.
Our initial approach is to provide e-mail addresses for requesting further information. If this results in an acceptable response rate, we will probably add data entry forms to Web documents. We will also carefully monitor requests and our ability to respond to ensure that we provide good service to legitimate requests.
Consistency of user interface
AMS is a very decentralized organization and many different groups will be preparing information to be included in our Web server. We needed a mechanism to ensure quality and consistency of presentation across services and across areas of the company. Our approach was to treat information on the Web server the same way we would treat a marketing brochure or even our annual report. These types of documents go through stringent review processes within the company and we are subjecting all Web server content to that same level of scrutiny.

Our Ad Hoc Internet Task Force has become an on-going group. We discuss issues. We review policies. We come up with new ideas for additional Web services. We were able to deal with each of these issues at least to some degree and have been able to establish AMS on the World-Wide-Web

Conclusion

Having the opportunity to create a new business medium for your company does not happen very often. The Internet, the World-Wide-Web, and particularly Mosaic, have provided an opportunity that has enormous potential for changing the way in which many business interactions occur. Our ability to set up a World-Wide-Web server for AMS in a relatively short time is just one indication of why thousands of organizations are flocking to the Web as a potential marketplace. We plan to continue the evolution of our server, both with new materials and with new services. We fully expect that all of our customers, vendors, business partners, employees, and recruits will find something of interest and importance on AMS's server on the Web.

Author Biographies

David Filiatrault, Craig Lightle, James Simmons, and Jerrold Grochow are all associated with AMS's Center for Advanced Technologies in Fairfax, VA. Mr. Filiatrault is a technical staff member in AMS's Financial Industry Group. Mr. Lightle is a Principal in the Network Services Group. Mr. Simmons is a Senior Principal in the Corporate Technology Group. Dr. Grochow is AMS's Chief Technology Officer and Director of the Center for Advanced Technologies. Research and development of AMS on the World-Wide-Web is sponsored by the Center for Advanced Technologies. The authors would like to acknowledge the contributions of Arlette Hart, Michael Jokich, Betsy Lee, Robert Lindsay, and Michael Palmer.

Author contact: jerry_grochow@mail.amsinc.com