Internet EDI Grows Up

Using the new AS2 protocol, Web-based EDI saves thousands of dollars, but you have to become your own VAN.

When a company as big as Wal-Mart talks, everybody listens. When the retailer announced in September that it would do electronic data interchange (EDI) with suppliers over the Web instead of using value-added networks (VAN), it was a signal that EDI over the Web is ready for heavy-duty corporate use after years of development.

Driven by the prospect of saving thousands of dollars a month, more and more trading partners are sending EDI messages over the Internet -- the closest thing in networking to a free lunch -- rather than over third-party network services, according to vendors and analysts.

Although such a move can pay for itself in as little as two months, it requires customers to do some of the work the VAN used to do, such as making sure the proper person is notified if a purchase order or invoice doesn't get through. However, if customers can cost-effectively become their own VANs and choose the right Web EDI tools, the savings can be compelling.

Internet EDI Grows Up
1pixclear.gif
Credit: Richard Borge
1pixclear.gif

Wal-Mart Stores Inc., which declined to comment for this story, is using Commerce Suite software from iSoft Corp. in Dallas to do EDI over the Internet. It's something iSoft CEO Christian Putnam says "some of Wal-Mart's largest trading partners have been doing" for almost a year.

Jewelry and eyeglasses distributor AAi.FosterGrant Inc. in Smithfield, R.I., has so far moved only four of its 30 customers to EDI over the Web, but its VAN bills have already dropped 8% to 10% per month, says IT director Martin Temple. And office furniture manufacturer Haworth Inc. expects to save $3,000 per month by moving EDI traffic at headquarters from a VAN to the Web, says Steve Wilkins, a manager of application support and development at the Holland, Mich.-based company.

Of course, it has been possible to do EDI transactions over the Web for years. But it often meant installing software from the same vendor at both ends of the transaction, something that's hard to do for thousands of trading partners, many of which are small businesses. But over the past year, two things have greatly boosted acceptance of EDI over the Web, says Pete Abell, director of retail research at AMR Research Inc. in Boston.

One is the widespread adoption of AS2, the Electronic Data Interchange Internet Integration Applicability Statement 2 protocol. AS2 provides certificate-based encryption for security and data compression for better performance.

The second is interoperability testing of AS2 products. The testing is sponsored by Lawrenceville, N.J.-based Uniform Code Council Inc. and performed by Fort Worth, Texas-based Drummond Group Inc.

So far, more than a dozen vendors have made the Drummond cut, including bTrade Inc., iSoft, Cyclone Commerce Inc. and Sterling Commerce Inc. This means a large supplier can buy a single Web EDI package and be sure it will work with all of its customers, rather than having to buy different software for use with the various VANs its major customers use.

AS2 also eliminates the need to install proprietary software at supplier sites, because suppliers can conduct EDI either through a Web browser or by using AS2-compliant client software, often provided free or at a nominal cost by a supplier's customer or a software vendor.

With AS2, managing the certificates that encrypt and decrypt EDI documents "is not real difficult," because TDPeer from bTrade provides a "structured library" to track and manage the keys used by trading partners, says Eileen Newell, a systems analyst at AAi.FosterGrant.

Newell says she's not too worried about security, especially after seeing an EDI document a trading partner had encrypted using the wrong key. The message was totally unrecognizable -- just as it would be to a hacker who used the wrong key.

Addressing Concerns

Not everyone is so confident. John Semenek, manager of strategic technology at Levy Home Entertainment LLC, is used to doing EDI transactions with customers using the earlier AS1 protocol, in which security is managed by the Simple Mail Transfer Protocol and EDI transactions flow to a specific mailbox on his system. When the Hillside, Ill., book distributor moves to AS2, as required by Wal-Mart, he'll need to open his internal systems to HTTP traffic coming directly from his customers.

"Obviously, I'm going to try to lock that down as tightly as I can," by allowing inbound traffic only from specific IP addresses, he says.

"But it becomes very dangerous if they change IP addresses or have a range of IP addresses," Semenek says, which would require him to constantly reconfigure his firewall to maintain security.

One early concern -- that the Web is slower and less reliable than VANs -- doesn't seem to be a big issue for IT shops. Customers say they've seen dramatic performance increases by moving trading partners from dial-up connections to high-bandwidth Web connections. The data compression provided by AS2 doesn't hurt, and neither do capabilities such as load balancing and queuing, which are offered by vendors such as iSoft.

Another service typically provided by VANs is nonrepudiation, that is, proving a customer sent a transaction in case of a dispute. Nonrepudiation is handled by the AS2 protocol and isn't much of a problem in the business-to-business world, says Putnam, since suppliers typically "don't argue with their major customers" over such issues.

One job that can take extra time, though, is configuring firewalls to make sure that only the right traffic gets through. Tasks such as this are why it takes longer to bring a new trading partner into the EDI loop, Newell says.

When Newell used a VAN, bringing up a new business partner on EDI took only about eight hours. But doing the same thing for one new customer on the Internet, along with testing EDI Web links for two other customers, "has been my full-time job" for the past two months, she says.

Time Eater

Other problems can arise when steps that improve security cause data formatting problems, says Kerri Apple, vice president of development and operations at bTrade in Irving, Texas. One example: Putting a Windows-based AS2 server outside the corporate firewall will help keep the internal network secure, but then you'll have to translate that data into a form that can be read by an AS/400 behind the firewall.

According to Newell, monitoring EDI transactions to make sure that the proper transactions went through over the Internet takes an extra half-hour per day on top of the hour she already spends monitoring transactions done over a VAN.

Vendors build alerts into their software that trigger when a trading partner fails to send a "message-disposition notification" to the sender, says Apple, but the sender must still have someone who knows "what to do in the event of these failures."

Semenek is also concerned that he'll lose control over when he receives and must respond to EDI transmissions from his trading partners. "If they just start banging out transactions whenever they choose and as often as they choose, they might expect an immediate response," he says, which could interfere with other scheduled systems work, such as backup or maintenance.

But Frank Kenney, an analyst at Gartner Inc., says most companies are turning to EDI over the Web to cut costs, not to process transactions more quickly. Even if it's not a free lunch, it's plenty appetizing for many former VAN customers.

Scheier is a freelance writer in Boylston, Mass. He can be reached at rscheier@charter.net.

Special Report

Network Turbulence Ahead!

Stories in this report:

FREE Computerworld Insider Guide: IT Certification Study Tips
Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies