Internet EDI Grows Up
Using the new AS2 protocol, Web-based EDI saves thousands of dollars, but you have to become your own VAN.
Computerworld - When a company as big as Wal-Mart talks, everybody listens. When the retailer announced in September that it would do electronic data interchange (EDI) with suppliers over the Web instead of using value-added networks (VAN), it was a signal that EDI over the Web is ready for heavy-duty corporate use after years of development.
Driven by the prospect of saving thousands of dollars a month, more and more trading partners are sending EDI messages over the Internet -- the closest thing in networking to a free lunch -- rather than over third-party network services, according to vendors and analysts.
Although such a move can pay for itself in as little as two months, it requires customers to do some of the work the VAN used to do, such as making sure the proper person is notified if a purchase order or invoice doesn't get through. However, if customers can cost-effectively become their own VANs and choose the right Web EDI tools, the savings can be compelling.
Credit: Richard Borge
Wal-Mart Stores Inc., which declined to comment for this story, is using Commerce Suite software from iSoft Corp. in Dallas to do EDI over the Internet. It's something iSoft CEO Christian Putnam says "some of Wal-Mart's largest trading partners have been doing" for almost a year.
Jewelry and eyeglasses distributor AAi.FosterGrant Inc. in Smithfield, R.I., has so far moved only four of its 30 customers to EDI over the Web, but its VAN bills have already dropped 8% to 10% per month, says IT director Martin Temple. And office furniture manufacturer Haworth Inc. expects to save $3,000 per month by moving EDI traffic at headquarters from a VAN to the Web, says Steve Wilkins, a manager of application support and development at the Holland, Mich.-based company.
Of course, it has been possible to do EDI transactions over the Web for years. But it often meant installing software from the same vendor at both ends of the transaction, something that's hard to do for thousands of trading partners, many of which are small businesses. But over the past year, two things have greatly boosted acceptance of EDI over the Web, says Pete Abell, director of retail research at AMR Research Inc. in Boston.
One is the widespread adoption of AS2, the Electronic Data Interchange Internet Integration Applicability Statement 2 protocol. AS2 provides certificate-based encryption for security and data compression for better performance.
The second is interoperability testing of AS2 products. The testing is sponsored by Lawrenceville, N.J.-based Uniform Code Council Inc. and performed by Fort Worth, Texas-based Drummond Group Inc.
So far, more than a dozen vendors have made the Drummond cut, including bTrade Inc., iSoft, Cyclone Commerce Inc. and Sterling Commerce Inc. This means a large supplier can buy a single Web EDI package and be sure it will work with all of its customers, rather than having to buy different software for use with the various VANs its major customers use.
AS2 also eliminates the need to install proprietary software at supplier sites, because suppliers can conduct EDI either through a Web browser or by using AS2-compliant client software, often provided free or at a nominal cost by a supplier's customer or a software vendor.
With AS2, managing the certificates that encrypt and decrypt EDI documents "is not real difficult," because TDPeer from bTrade provides a "structured library" to track and manage the keys used by trading partners, says Eileen Newell, a systems analyst at AAi.FosterGrant.
Newell says she's not too worried about security, especially after seeing an EDI document a trading partner had encrypted using the wrong key. The message was totally unrecognizable -- just as it would be to a hacker who used the wrong key.
Not everyone is so confident. John Semenek, manager of strategic technology at Levy Home Entertainment LLC, is used to doing EDI transactions with customers using the earlier AS1 protocol, in which security is managed by the Simple Mail Transfer Protocol and EDI transactions flow to a specific mailbox on his system. When the Hillside, Ill., book distributor moves to AS2, as required by Wal-Mart, he'll need to open his internal systems to HTTP traffic coming directly from his customers.
"Obviously, I'm going to try to lock that down as tightly as I can," by allowing inbound traffic only from specific IP addresses, he says.
"But it becomes very dangerous if they change IP addresses or have a range of IP addresses," Semenek says, which would require him to constantly reconfigure his firewall to maintain security.
One early concern -- that the Web is slower and less reliable than VANs -- doesn't seem to be a big issue for IT shops. Customers say they've seen dramatic performance increases by moving trading partners from dial-up connections to high-bandwidth Web connections. The data compression provided by AS2 doesn't hurt, and neither do capabilities such as load balancing and queuing, which are offered by vendors such as iSoft.
Another service typically provided by VANs is nonrepudiation, that is, proving a customer sent a transaction in case of a dispute. Nonrepudiation is handled by the AS2 protocol and isn't much of a problem in the business-to-business world, says Putnam, since suppliers typically "don't argue with their major customers" over such issues.
One job that can take extra time, though, is configuring firewalls to make sure that only the right traffic gets through. Tasks such as this are why it takes longer to bring a new trading partner into the EDI loop, Newell says.
When Newell used a VAN, bringing up a new business partner on EDI took only about eight hours. But doing the same thing for one new customer on the Internet, along with testing EDI Web links for two other customers, "has been my full-time job" for the past two months, she says.
Other problems can arise when steps that improve security cause data formatting problems, says Kerri Apple, vice president of development and operations at bTrade in Irving, Texas. One example: Putting a Windows-based AS2 server outside the corporate firewall will help keep the internal network secure, but then you'll have to translate that data into a form that can be read by an AS/400 behind the firewall.
According to Newell, monitoring EDI transactions to make sure that the proper transactions went through over the Internet takes an extra half-hour per day on top of the hour she already spends monitoring transactions done over a VAN.
Vendors build alerts into their software that trigger when a trading partner fails to send a "message-disposition notification" to the sender, says Apple, but the sender must still have someone who knows "what to do in the event of these failures."
Semenek is also concerned that he'll lose control over when he receives and must respond to EDI transmissions from his trading partners. "If they just start banging out transactions whenever they choose and as often as they choose, they might expect an immediate response," he says, which could interfere with other scheduled systems work, such as backup or maintenance.
But Frank Kenney, an analyst at Gartner Inc., says most companies are turning to EDI over the Web to cut costs, not to process transactions more quickly. Even if it's not a free lunch, it's plenty appetizing for many former VAN customers.
Scheier is a freelance writer in Boylston, Mass. He can be reached at email@example.com.
- Network Turbulence Ahead!
- The Story So Far: The Telecom Industry
- Coping With Telecom Turmoil
- Internet2 and You
- Internet Protocol Version 6
- Ethernet Goes Metro
- Wringing Savings From VOIP
- Internet EDI Grows Up
- How Your Career Can Thrive in the Networking Field
- The Next Chapter: Wide-Area Networks
- The Almanac: Enterprise Networking
- User cuts telecom costs by 20%
- Where computers and telephony meet
Read more about Networking in Computerworld's Networking Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Separating Work and Personal at the Platform Level: How BlackBerry Balance Works BlackBerry® Balance™ separates work from personal on the same mobile device, right at a platform level. Find out how it can work for...
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of... All Networking White Papers | Webcasts