CS 193

Design and Development of a Three-Tiered Corporate Extranet System

Patrick Rayes


During the midpoint of my education at UCSB I decided to pursue a part-time position at a local company that would involve me in the management of information systems and technologies. My efforts for locating such a position entailed sending resumes via E-mail to numerous local company's listed on our Computer Science Department's Job Listing Web site. In late October of 1998 I was contacted by the Chief Executive Officer (CEO) of a somewhat young local company named Event Electronics. Over a brief telephone conversation he had mentioned that he was looking for someone to establish and manage the company's Management Information Systems (MIS) department. Surprisingly, the resume which I had sent them only a few days ago fit the requirements hand-in-hand - this great opportunity was undoubtedly what I had been looking for and I was determined to take advantage of it immediately.

A few days later I met with the CEO and Chief Financial Officer (CFO) of the company, and before I could even express my enormous interest in the position I found myself signing the necessary documents to employ me at the company as a part-time employee. School was still a priority in my life, which was well understood by the people hiring me, so I was required to work part-time during regular school quarters with the option of working full-time during school breaks. Consequently, another individual was hired as a full-time Network/Systems Administrator to aid me in the organization of the company's already established Local Area Network (LAN). My career had just taken a positive turn and I was eager to excel my work experience and essential business skills. The next twelve months involved the coordination of various exciting projects to aid the company in its efforts to extend its business processes with cutting-edge information systems and technologies.

The first few months at the company were extremely demanding, and required a clear and open mind to absorb the various issues at hand and how they should be best dealt with. Since a new department was being established at the company, I took the responsibility of typing up a mission statement to be handed out to each and every employee at the company. This document acted as a primer for the evolution of the department - it entailed a brief introduction of what the MIS department stood for and the value-added services it offered, along with outlooks for various projects, budgeting, organization, key initial goals, infrastructure and business integration. The results of this document were incredibly positive, since it allowed everyone at the company to understand the importance behind information systems and where the company will be taking itself through the use of this valuable resource.

During the midpoint of my career I was involved with a sizeable project that required the interaction and business process alignment of all departments in the company. The project involved the implementation of a $60,000.00 corporate-level financial and Enterprise Resource Planning (ERP) centric database system named Navision Financials. An outside contractor, key department heads and myself headed this four-month long system implementation and training project. Close to the end of the implementation phase, the company’s CEO had asked me to design and develop an Extranet system directly integrated with Navision Financials' Sales and Receivables database. This system was to offer various information (refer to orders.asp and ordersbyproduct.asp for detailed information) on past and current orders for use by the company’s dealers, distributors and sales representatives across the nation. Through this information they would be able to keep track of their orders in real-time over the Internet while better outlining their projected supplies and demands for each product ordered. In addition, orders would be traceable through the Web sites of common shipping carriers for immediate location and order delivery dates.

This project required skills which I had not yet completely developed and resources that were not yet available - at this point I was facing something which I had initially thought was beyond my reach. As a primary objective I began researching the implications of designing and developing an Extranet system, and how to gear my programming expertise towards a new array of development tools. Obviously, my single resource for the information that I acquired was the Internet - specifically discussion groups and developer Web sites focused towards Extranet systems. After one week of researching I began outlining a Requirements Analysis (RA) and Domain Analysis (DA) of the project, along with information regarding the available development tools for developing and deploying a Rapid Application Development (RAD) type system. Additionally, this one week long research period helped align the tasks and costs required while clarifying the base of development tools and server systems to be applied. Due to a limited budget and timeline, I was required to select low-cost and rapid solutions for this project. Therefore, I chose to build the project upon Microsoft BackOffice server components and Microsoft Visual Studio development tools. These software systems were geared towards quickly developing and deploying scalable database-integrated Web sites within corporate LAN's, and were clearly a solution to the project's architecture. In addition, my fluency in the use of these tools and server components, due to their not-too-recent availability on my home computer, aided the acceleration of the project.

My role in the project was "singular" - I designed, developed and managed the project from conception to creation. The skills I applied were somewhat already known to me, however most of the project required me to develop new skills quickly in order to keep up with the pace of the project and meet the project's deadline. I was determined to complete the project, and through this determination and accelerated learning I was able to deliver it on time and fully complete.

System and Project Outline

The system was named Event Order System (EOS) and was composed of the following base system functions:

The project entailed the deployment of a $5,000.00 Hewlett Packard Web-application server running Microsoft Windows NT Server 4.0 and Microsoft Internet Information Server 4.0. In addition, the following development timeline and project management issues had been agreed upon:

In addition, an Intranet project management Web site was setup to provide the following key information on EOS and Navision Financials to all employees within the company:


Web-Application Server

The preparation of a back-end for a three-tiered system generally involves verifying the integrity of the back-end database system(s), deploying a Web-application server, and establishing a dedicated communication channel between the database and Web-application server. The following installations were performed as part of the deployment of the Web-application server:

The diagram below illustrates the implemented back-end system:

Back-End Databases

The Navision Financials and Extranet Web-application Server User databases comprise of the following table/field structures (only tables/fields which are used in this system are listed):

Navision Financials Database

Extranet User Database


The front-end of this system comprises of the second and third tiers of the entire system, which includes the business logic (SQL queries against Navision Financials and the Extranet user database) and the Active Server Pages (ASP).

All ASP pages use JavaScript to validate proper data entry in form data fields, which places data verification to the client’s side for faster processing. In addition, all ASP pages check to see if the AccountVerified session variable[5] is set to true – if it is false (meaning that the user never logged on) the system redirects the user to default.asp, otherwise the system continues through every ASP page normally.

The following is a list of all the ASP pages[6] including the implemented SQL queries (business logic) within them for each type of user (some pages are not unique to the user type):
















  1. Authentication was implemented by storing and retrieving user names and passwords from a separate back-end database.
  2. Security was implemented by use of a 128-bit Secure Socket Layer key issued from Verisign (
  3. An IP address that is not registered on any Domain Name Server and usually used within LAN’s behind firewalls.
  4. The company’s Internet Service Provider for Frame Relay service (
  5. A session variable is a unique per-user variable that resides in memory and is accessible on any ASP page.
  6. Source code is available upon request.
  7. Quantities, cost and net total per grouping.