1.1 project summary

1

CHAPTER 1

Introduction

1.1 Project Summary

All the data security technical is built on confidentiality, integrity and availability of these three

basic principles. Confidentiality refers to the so-called hidden the actual data or information,

especially in the military and other sensitive areas, the confidentiality of data on the more

stringent requirements. For cloud computing, the data are stored in "data center", the security and

confidentiality of user data is even more important. The so-called integrity of data in any state is

not subject to the need to guarantee unauthorized deletion, modification or damage. The

availability of data means that users can have the expectations of the use of data by the use of

capacity.

The main problems cloud computing faces are preserving confidentiality and integrity of data

in aiding data security.

Trust between the Service provider and the customer is one of the main issues cloud

computing faces today.

There is no way for the customer to be sure whether the management of the Service is

trustworthy, and whether there is any risk of insider attacks.

The only legal document between the customer and service provider is the Service Level

Agreement (SLA).

Preserving confidentiality is one of the major issues faced by cloud systems since the

information is stored at a remote location that the Service Provider has full access to.

Therefore, there has been some method of preserving the confidentiality of data stored in the

cloud.

Preserving Integrity, like confidentiality is another major issue faced by cloud systems that

needs to be handled.

2

1.2 Object

The aim of project is to secure the data of CRM system.

Secure it from other users and even from Admin

Data Security Technical is built on Confidentiality

We are securing Our System By Using Encryption

1.3 Scope

To ensure the data storage security and to allay users’ concerns, we aim to design a

efficient mechanism which will give highly secure services and will achieve the

following goals:

Storage Correctness – The users’ data on the cloud should remain consistent and must be

at the cloud all the time.

Availability of data- The data stored on the cloud must be always available to the users.

Dynamic updating- The data should be updated dynamically with proper storage without

violating contents of data.

Data Recovery- the Chunks of data stored at slave server must be placed

Efficiently for easy retrieval.

Light-Weight - To satisfy users about the storage correctness and make its verification

with minimum overhead

3

CHAPTER 2

Introduction to Project

2.1 Problem Summary:

All the data security technical is built on confidentiality, integrity and availability of these three

basic principles. Confidentiality refers to the so-called hidden the actual data or information,

especially in the military and other sensitive areas, the confidentiality of data on the more

stringent requirements. For cloud computing, the data are stored in "data center", the security and

confidentiality of user data is even more important. The so-called integrity of data in any state is

not subject to the need to guarantee unauthorized deletion, modification or damage. The

availability of data means that users can have the expectations of the use of data by the use of

capacity.

The main problems cloud computing faces are preserving confidentiality and integrity of data

in aiding data security.

Trust between the Service provider and the customer is one of the main issues cloud

computing faces today.

There is no way for the customer to be sure whether the management of the Service is

trustworthy, and whether there is any risk of insider attacks.

The only legal document between the customer and service provider is the Service Level

Agreement (SLA).

Preserving confidentiality is one of the major issues faced by cloud systems since the

information is stored at a remote location that the Service Provider has full access to.

Therefore, there has been some method of preserving the confidentiality of data stored in the

cloud.

Preserving Integrity, like confidentiality is another major issue faced by cloud systems that

needs to be handled.

4

2.2 Defination:

Data Protection and Security in Cloud using Encryption

SaaS is a software application shared with others, and even the most secure providers

usually need access to our data at some point. They might never take a peek, and might

have a hearty array of security and auditing controls around access, but in the end, our

data is in a database someplace that someone else needs to manage and keep running. I'm

not saying this to generate a bunch of FUD. I provide plenty of private data to the

different SaaS providers we use to maintain our business, but that doesn't mean there isn't

some risk involved. In our case, that sometimes means keeping certain data in-house. For

some of you, this will mean using SaaS, but protecting your data in their environment.

SaaS security involves a number of different controls, including identity management

(and federation), internal security settings and role management, incident response and

service outage planning, and auditing. In this tip, we'll focus on techniques for protecting

sensitive data stored within a SaaS application, including SaaS encryption.

2.3 Abstract

SaaS is a software application shared with others, and even the most secure providers

usually need access to our data at some point. They might never take a peek, and might

have a hearty array of security and auditing controls around access, but in the end, our

data is in a database someplace that someone else needs to manage and keep running. I'm

not saying this to generate a bunch of FUD. I provide plenty of private data to the

different SaaS providers we use to maintain our business, but that doesn't mean there isn't

some risk involved. In our case, that sometimes means keeping certain data in-house. For

some of you, this will mean using SaaS, but protecting your data in their environment.

SaaS security involves a number of different controls, including identity management

(and federation), internal security settings and role management, incident response and

service outage planning, and auditing. In this tip, we'll focus on techniques for protecting

sensitive data stored within a SaaS application, including SaaS encryption.

There are four main options, but as you'll see unless you are using a file-oriented service,

only two of the options are usually realistic:

Trust the provider and rely on their internal controls (which may include encryption,

data dispersion and other options).

Encrypt data in a client application before sending it to the provider -- usually only

an option if the service provides a client application with this capability.

5

Encrypt data locally before sending to the service.

Use a local or remote encryption proxy to encrypt and decrypt data going to the

provider.

Relying on the provider isn't always bad; many have far better security controls than you

probably do on internal applications. Still, we do see use cases where you might want to

protect some of the information you keep with them, and that's where the other options

come into play.

2.3.1 SaaS encryption options

Certain services provide a client application and don't necessarily run everything through

a Web browser. This is common with file storage and backup applications that combine

SaaS and PaaS capabilities. Some of those services allow you to encrypt your data in the

client application before it's sent to their servers, and secure services even allow you to

manage your own keys. This completely blinds them from your data, although they can

usually see metadata. Over time I expect to see some of this expand to encrypt data

within the Web browser, but I haven't seen anyone implement that yet.

Client encryption is great, but isn't always an option (especially for non-file oriented

services). Another option is to use your own software to encrypt the data locally before

sending it up to the Internet. This can be difficult to manage and I almost only ever see it

used for file-based data. There are some niche masking solutions that will intercept Web

forms locally to encrypt pieces of data, but that isn't in common use yet and is bleeding-

edge early to the market.

The last option is to use some sort of network-based encryption proxy, and this is what

we see most organizations turning to when they don't completely trust their provider.

The proxy is placed on the network and works like a Web gateway. When a user goes to

access the SaaS website, they are redirected through the proxy. The proxy relies on deep

knowledge of the SaaS application and intercepts key form fields in the webpages.

Sensitive data placed in these fields is encrypted before going to the provider, and

decrypted before going back to the user.

To the user it looks like normal access to the service as long as they are on the network

with the proxy. But if they try and access, say, customer account numbers through a

direct connection to the SaaS application, all they will see is encrypted data. For services

that don't provide as fine-grained access controls as you want, you can mask data to users

and gain security above and beyond the application's internal controls. Also, you can

technically host the proxy itself in the cloud to support remote access.

http://searchcloudcomputing.techtarget.com/definition/Platform-as-a-Service-PaaS

6

It should be glaringly obvious that this option isn't available for anything except major

cloud services due to the large effort it can take to build the intercept functions and

seamlessly integrate with the destination service. Plus, one change in the SaaS application

user interface can break functionality until the proxy provider can update things.

2.3.2 SaaS security recommendations

In light of those SaaS encryption challenges, I tend to recommend the following:

Your best bet is to work with a SaaS provider you can trust, and protect yourself with

good contracts and maybe some audits.

If you are concerned about file-based data, there are plenty of encryption options that are

effective; most file-based enterprise encryption tools will work well.

If you don't completely trust your provider, look for a proxy encryption solution. Encrypt

as little as possible to reduce the risk of breakage. Understand that unless you put the

proxy itself in the cloud, you may lose some mobility.

7

CHAPTER 3

Project Planning

3.1 Project Scope

To ensure the data storage security and to allay users’ concerns, we aim to design an

efficient mechanism which will give highly secure services and will achieve the

following goals:

Storage Correctness – The users’ data on the cloud should remain consistent and must

be at the cloud all the time.

Availability of data- The data stored on the cloud must be always available to the

users.

Dynamic updating- The data should be updated dynamically with proper storage

without violating contents of data.

Data Recovery- the Chunks of data stored at slave server must be placed efficiently

for easy retrieval.

Light-Weight - To satisfy users about the storage correctness and make its

verification with minimum overhead

3.2Software Process Model

A (software/system) process model is a description of the sequence of activities

Carried out in an SE project.

Project plan = process model + project parameters

Spiral Model:

Project risk is a moving target. Natural to progress a project cyclically in four step phases:

1. Consider alternative scenarios, constraints

2. Identify and resolve risks

3. Execute the phase

4. Plan next phase: e.g. user req, software req, architecture then go to 1

8

Advantages:

Realism: the model accurately reflects the iterative nature of software development

on projects with unclear requirements

Flexible: incorporates the advantages of the waterfall and evolutionary methods

Comprehensive model decreases risk

Good project visibility.

Disadvantages:

Needs technical expertise in risk analysis and risk management to work well.

Model is poorly understood by non-technical management, hence not so widely used

Complicated model needs competent professional management. High administrative

overhead.

9

CHAPTER 4

System Analysis

4.1 Leterature Survey

The purpose of such a survey is for you to demonstrate to your employer or tutor that you

are knowledgeable in the area of expertise that they require. You are proving to them that

you are well read and aware of the relevant theories and practices in your field.

The researcher could start the literature survey even as the information from the

unstructured and structured interviews is being gathered. Reviewing the literature on the

topic area at this time helps the researcher to focus further interviews more meaningfully

on certain aspects found to be important is the published studies even if these had not

surfaced during the earlier questioning. So the literature survey is important for gathering

the secondary data for the research which might be proved very helpful in the research.

The literature survey can be conducted for several reasons. The literature review can be

in any area of the business.

Based on the specific issues of concern to the manager and the factors identified during

the interview process, a literature review needs to be done on these variables. The first

step in this process involves identifying the various published and unpublished materials

that are available on the topics of interest and gaining access to these. The second step in

gathering the relevant information either by going through the necessary materials in a

library or by getting access to online sources. The third step is writing up the literature

review. A modern technology locating sources where the topics of interest have been

published has become easy. Almost every library today has computer online systems to

locate and print out the published information on various topics.

Objectives of literature survey

Gaining an understanding on the fundamentals and state-of-the art of the area

Learning the definitions of the concepts

Access to latest approaches, methods and theories

Discovering research topics based on the existing research

Concentrate on your own field of expertise

Even if another field uses the same words, they usually mean completely different thing

It improves the quality of the literature survey to exclude sidetracks

–Remember to explicate what is excluded

10

“Jack of all trades is master of none.”

Valid sources

Refereed article in a journal or a conference.

Book published in scientific series.

Articles referred to in other articles are excellent sources.

At some stage you will learn to evaluate the coherence and concept definitions.

Wikipedia and other sites for other relevant information

Google-code-prettify

Gdocs API

W3schools.com

www.webresourcesdepot.com

Dropbox Help files

Pressman, Roger S., Software Engineering: A Practitioner’s Approach. McGraw-Hill,

2001.

4.2 STUDY OF CURRENT SYSTEM

At present ensuring security in cloud computing platform has become one of the most

significant concerns for the researchers. We have undertaken these problems in our

research, to provide some solution correlated with security.




At the present world of networking system, Cloud computing is one the most important

and developing concept for both the developers and the users. Persons who are

interrelated with the networking environment, cloud computing is a preferable platform

for them. Therefore in recent days providing security has become a major challenging

Issue in cloud computing

11

4.3 PROBLEM AND WEAKNESSES OF CURRENT SYSTEM

The traditional data centre security measures on the edge of the hardware platform, while

cloud computing may be a server in a number of virtual servers, the virtual server may

belong to different logical server group, virtual server, therefore there is the possibility of

attacking each other ,which brings virtual servers a lot of security threats.

4.4 REQUIREMENTS OF NEW SYSTEM

In the proposed model AES encryption algorithm is used.

In this model, the encryption key for a particular file of a particular user is only known to

the main system server. The path of the encrypted file is only known to the storage server

which is only known to the main server. For this, the key as well as the encrypted file is

hidden from the unauthorized persons. In this communication system when a file is sent

from the main system server to the storage server it is already in its fully encrypted form.

That’s why there is no need to provide security in this communication channel. At last,

we propose hardware encryption for making the databases fully secured from the

attackers and other unauthorized persons.

4.5 FACT FINDING

Fact-finding used throughout the database application lifecycle. Crucial to the early

stages including database planning, system definition, and requirements collection and

analysis stages

Enables developer to learn about the terminology, problems, opportunities, Constraints,

requirements, and priorities of the organization and the users of the system

A database developer normally uses several fact-finding techniques during a single

database project including:

examining documentation

interviewing

observing the organization in operation

Research

Questionnaires

12

Examining documentation

Can be useful

To gain some insight as to how the need for a database arose.

To identify the part of the organization associated with the problem.

To understand the current system.

Interviewing

Most commonly used, and normally most useful, fact-finding technique, Enables

collection of information from individuals face-to-face.

Objectives include finding out facts, verifying facts, clarifying facts, generating

enthusiasm, getting the end-user involved, identifying requirements, and

gathering ideas and opinions.

Observing the Organization in Operation

An effective technique for understanding a system.

Possible to either participate in, or watch, a person performs activities to learn

about the system.

Useful when validity of data collected is in question or when the complexity of

certain aspects of the system prevents a clear explanation by the end-users.

Research

Useful to research the application and problem.

Use computer trade journals, reference books, and the Internet (including user

groups and bulletin boards).

Provide information on how others have solved similar problems, plus whether or

not software packages exist to solve or even partially solve the problem.

Questionnaires

Conduct surveys through questionnaires, which are special-purpose documents

that allow facts to be gathered from a large number of people while maintaining

some control over their responses.

There are two types of questions, namely free-format and fixed-format.

13

4.6 Feasibility Study

CRM feasibility study aims to kick start or accelerate your organization’s discussion in

CRM and customer related initiatives. The outcome of this study provides you with

clarity on the current issues relating to the overall CRM landscape in your organization

and facilitates your organization’s decision making process on whether to embark on a

CRM program to achieve specific organization goals and objectives.

Customer Capital Consulting can perform a high level reality check using our structured

framework to identify customer, marketing, selling and account management, contact

points (or channels), customer service and support-related issues etc and help you gain an

understanding of your customers, key stakeholders and the management’s perspectives

on how customer- centric your organization is.

Information has value. All kinds of business should have information systems for

Business growth. Software is used for business management and entrepreneurship

resource planning worldwide. However, its shortages turn out to be more and more

obvious in recent years. Software as a Service (SaaS) is thus regarded as one serious

alternative of software. Customer Relationship Management (CRM) is of vital

importance in today’s business. SaaS adoption for CRM then becomes a trend in Small

and Medium Businesses. Home delivery business operation in a small restart grant calls

for such adoption.

The purpose of this research was to demonstrate a CRM - oriented SaaS prototype for

home delivery business operation in a small restaurant. Another aim was to report the

feasibility of SaaS for CRM in this restaurant business operation.

Finally, the question that what kind of SaaS application for CRM might work in such

business operation was answered in this study.

Data was collected through experimental Drupal implementation of the Home Delivery

Customer Relationship Management system (HDCRM) and then analyzed against home

delivery business workflows and time spent for each activity in real life.

This study discovered that Software as a Service is adoptable for Small & Medium

Businesses. The results also indicated that home delivery business demands Customer

Relationship Management system. The principal conclusion was that the HDCRM

demonstrated in this paper meets home delivery business needs.

14

4.7 Overall Description

4.7.1 Product Perspective

At the present world of networking system, Cloud computing is one the most important

and developing concept for both the developers and the users. Persons who are

interrelated with the networking environment, cloud computing is a preferable platform

for them. Therefore in recent days providing security has become a major challenging

Issue in cloud computing.

Cloud computing can also categorized into service models.

Cloud Software as a Service (SaaS). The capability provided to the consumer is

to use the provider’s applications running on a cloud infrastructure The

applications are accessible from various client devices through a thin client

interface such as a web browser (e g , web-based email) The consumer does not

manage or control the underlying cloud infrastructure including network, servers,

operating systems, storage, or even individual application capabilities, with the

possible exception of limited user-specific application configuration settings

Cloud Platform as a Service (PaaS) The capability provided to the consumer is

the ability to deploy onto the cloud infrastructure consumer-created or acquired

applications created using programming languages and tools supported by the

provider The consumer does not manage or control the underlying cloud

infrastructure including network, servers, operating systems, or storage, but has

control over the deployed applications and possibly application hosting

environment configurations

Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer

is to provision processing, storage, networks, and other fundamental computing

resources where the consumer is able to deploy and run arbitrary software, which

can include operating systems and applications The consumer does not manage

or control the underlying cloud infrastructure but has control over operating

systems, storage, deployed applications, and possibly limited control of select

networking components

In the cloud environment, resources are shared among all of the servers, users and

individuals. As a result files or data stored in the cloud become open to all. Therefore,

data or files of an individual can be handled by all other users of the cloud.

.

15

In this project we have proposed new security architecture for cloud computing platform.

This ensures secure communication system and hiding information from others. File

encryption system and asynchronous key system for exchanging information or data is

included in this model. This structure can be easily applied with main cloud computing

features, e.g. PaaS, SaaS and IaaS. This model also includes onetime password system for

user authentication process. Our work mainly deals with the security system of the whole

cloud computing platform.

In this we have proposed new security architecture for cloud computing platform. In this

model high ranked security algorithms are used for giving secured communication

process. Here files are encrypted with AES (Advanced Encryption Standard) algorithm

in which keys are generated randomly by the system. In our proposed model distributive

server concept is used, thus ensuring higher security

4.7.2 Product Features

At present ensuring security in cloud computing platform has become one of the most significant

concerns for the researchers. We have undertaken these problems in our research, to provide

some solution correlated with security. We have proposed the following security model for cloud

computing data storage shown in Figure.

16

4.8 System Features




As per our proposed scheme four different network entities can be identified as follows:

o User: users, who have data to be stored in the cloud and rely on the cloud for

data computation and also rely on admin for authentication of users.

4.8.1 System Feature 1

Description and Priority

Encryption / Decryption algorithm: High Priority

System document work flow: Medium Priority

Stimulus/Response Sequences

Sales person prepare customer master

Sales person place customer documents inside system

(Pre-qualification documents)

4.8.2 System Feature 2 (and so on)

In the proposed model AES encryption algorithm is used for Encryption.

After connecting with the system a user can upload or download the file(s). For

the first time when connected with the system the user can only upload file(s).

After that users can both upload and download their files. When a file is uploaded

by a user the system server encrypts the file using AES encryption algorithm. In

the proposed security model 128 bit key is used for AES encryption. 192 bit or

256 bit can also be used for this purpose. Here the 128 bit key is generated

randomly by the system server. A single key is used only once. That particular

key is used for encrypting and decrypting a file of a user for that instance. This

key is not further used in any instance later.

17

Login into the main system is compulsory when a user wants to download a

previously stored file. When the user selects a file to download, the system

automatically retrieves the key for the requested file from the main system server.

The system matches user account name saved in its database table with that saved

in the storage server the path of the encrypted file from the storage server is found

by using the user account name.

In this model, the encryption key for a particular file of a particular user is only

known to the main system server. The path of the encrypted file is only known to

the storage server which is only known to the main server. For this, the key as

well as the encrypted file is hidden from the unauthorized persons. In this

communication system when a file is sent from the main system server to the

storage server it is already in its fully encrypted form. That’s why there is no need

to provide security in this communication channel. At last, we propose hardware

encryption for making the databases fully secured from the attackers and other

unauthorized persons.

An algorithm is developed, which is used for inserting the file in the main server

(System), and in the database table where the encrypted file is kept. This is

saturated from the system server for the cloud computing platform. In the system

server, the file is inserted by maintaining the sequence. In file saving server, the

file is inserted in a random order which becomes the output of the algorithm. The

relations between the system server table and database server tables can be

thought as disjoint sets. The pseudo code of the algorithm used is described in

table.

4.9 System Requirements Engineering

4.9.1 User Classes and Characteristics

List of users

Sales person: CRM work flow

Agent: CRM Work Flow

Admin: CRM Work Flow

Client: CRM Work Flow

18

4.9.2 Operating Environment

Software

1. Operating system: window XP, Window 7 or Updated Microsoft OS

2. .Net Framework: .Net framework 4.0

3. Reporting tool: Crystal Report 12.0

4. Web server: IIS6.0 or updated web server

Hardware

1. Processors: 2.0 GHZ or higher

2. RAM 1 GB or above

3. Disk space 20 GB or above

4.9.3 Design and Implementation Constraints

Development tools

Visual studio: Microsoft visual studio 2010

Crystal Report: Crystal report for visual studio 2010

Development language: C#

Server side programming: Asp.Net

4.9.4 Assumptions and Dependencies

1. Web services for algorithm of encryption and decryption

4.9.5 External Interface Requirements

4.9.5.1 Hardware Interfaces

1. Intel dual core 3.0 GHZ Processor

2. 2GB of physical memory

3. 500 GB of HDD

4.9.5.2 Software Interfaces

1. Web design : HTML , CSS

2. Web development: ASP.Net

19

3. Client side scripting: JQuery

4. Development language : C#

4.9.6 Communications Interfaces

1. Communication standard web based standard protocol : http

4.9.7 Other Nonfunctional Requirements

Performance Requirements

The selected benchmarks are intended to treat (i) Memory IO; (ii) CPU; (iii) Disk IO; (iv)

Application; (v) Network. This offers a relationship both to existing literature and reports

on Cloud performance, and also keys in to the major categories presented by Cloud

Harmony. There are numerous alternatives available, and reasons for and against

selection of just about any individual benchmark

Memory IO

The rate at which the processor can interact with memory offers one potential system

bottleneck. Server specifications often cite a maximum potential bandwidth, for example

the cited maximum for one of our Open Stack Sun Fire x4250s is 21GB/s, (with a 6MB

L2 cache).

STREAM

STREAM [23] is regarded as a standard synthetic benchmark for the measurement of

memory bandwidth. From the perspective u b

of applications, the benchmark attempts to determine a sustainable “realistic” memory

bandwidth, which is unlikely to be the same as the theoretical peak.

CPU

There are various measures to determine CPU capabilities. We might get a sense of the

speed (GHz) of the processor from the provider.

20

4.10 Safety Requirements

The Existence of Super-user

For the enterprise providing cloud computing services, they have the right to carry out the

management and maintenance of data, the existence of super-users to greatly simplify the

data management function, but it is a serious threat to user privacy.

Consistency of Data

Cloud environment is a dynamic environment, where the user's data transmits from the

data centre to the user's client. For the system, the user's data is changing all the time.

Read and write data relating to the identity of the user authentication and permission

issues. In a virtual machine, there may be different users’ data which must be strict

managed.

4.11 Security Requirements

Security Problem Drive from VM

The traditional data center security measures on the edge of the hardware platform, while

cloud computing may be a server in a number of virtual servers, the virtual server may

belong to different logical server group, virtual server, therefore there is the possibility of

attacking each other ,which brings virtual servers a lot of security threats.

4.12 Software Quality Attributes

Requirement Of Security

The client authentication requirements in login: The vast majority of cloud computing

through a browser client, such as IE, and the user’s identity as a cloud computing

applications demand for the primary needs.

4.13 Other Requirements

Following modules we are going to develop for above proposed model.

1 User authentication / authorization

2 CRM Document Management

3 File security algorithm ( as per above discussion)

4 Encryption / Decryption of file in CRM work flow

21

CHAPTER 5

System Design

5.1 Use Case Diagram

5.1.1 Use case diagram for user creation process, login process

22

5.1.2 Use case diagram for creating customer master and uploading visiting card

23

5.1.3 Use case diagram for document encryption / decryption process

24

5.1.4 Use case diagram for document uploading process

25

5.1.5 Use case diagram for customer follow up process

26

5.2 Activity Diagram

5.2.1 Activity for User

27

5.2.2 Activity for Sales and Follow up Process

28

5.2.3 Activity Diagram for Customer/User Management by Admin

29

5.3 E-R Diagram

5.3.1 Entity Relationship Diagram

30

5.4 Class Diagram

5.4.1 Class Diagram1

31

5.4.2 Class diagram2

32

5.5 Data Dictionary:

5.5.1 Login Master

5.5.2 Registration master

Field Name Field Type Constraint Description ID Varchar(50) Primary Key User Identification

username Varchar(20) Not null Username

Password Varchar(50) Not null Password

Field Name Field Type Constraint Description

ID int Primary Key Register ID

Full Name Varchar(256) Full Name

Address Varchar(50) Not null Address

Gender Varchar(10) Not null Gender

dateofbirth Varchar(50) Not null Birthdate of User

MobileNo Varchar(100) Not null Contact Number

Email Datetime Not null Email Id

Department Varchar(50) Not null Department

Designation Varchar(100) Not null Designation

DateOfJoin Varchar(50) Not null Joining Date

UserName Varchar(50) Not null User name

Password Varchar(50) Not null Password

33

5.5.3 Customer Master

Field Name Field Type Constraint Description ID Int Primary Key Company ID

CompanyCode Varchar(50)

CompanyName Varchar(50) Not null Company Name


Website Varchar(40) Null Company Website

Faxno Varchar(20) Null Fax Number

Country Varchar(50) Not Null Country

Notes Varchar(500) Notes

FileName Varchar(256) File Name(Visiting

card)

FilePath Varchar(256) Path Of File

Status Varchar(10) Status

Createdby Varchar(50) Foreign key Reference to

userID(userMaster)

Creation_date Datetime Not null Contact Creation Date

ModifiedBy Varchar(100) Modified By

ModfiedDate Varchar(50) Modified Date

5.5.4Customer Contact Person

Field Name Field Type Constraint Description CustomerCode Varchar(10) Foreign Key Company ID

ID int Primary key Contact Person ID

Personname Varchar(100) Not null Contact Person name

Designation Varchar(50) Not null

Mobileno Varchar(50) Null Mobile Number

Email Varchar(256) Not null Email address

34

5.5.5 Customer Visiting Card

5.5.6 Agent Master

Field Name Field Type Constraint Description ID Int Primary Key Company ID

AgentCode Varchar(50)

AgentName Varchar(50) Not null Company Name


Faxno Varchar(20) Null Fax Number

Country Varchar(50) Not Null Country

Notes Varchar(500) Notes

FileName Varchar(500) File Name(Visiting

card)

FilePath Varchar(256) Path Of File

Status Varchar(10) Status

Createdby Varchar(50) Foreign key Reference to

userID(userMaster)

Creation_date Varchar(50) Not null Contact Creation Date

ModifiedBy Varchar(50) Modified By

ModfiedDate Varchar(50) Modified Date


ID bigint Primary key Visiting Card ID

ParentID bigint Not null Parent ID of Directory

ImageName Varchar(256) Not null

ImagePath Varchar(256) Null Image Path

UploadBy Varchar(256) Not null Uploaded By

UploadDate Varchar(50) Upload Date

35

5.5.7AgentContactPrson

5.5.8AgentVisitingCard

5.5.9 Sales Lead


AgentCode Varchar(10) Foreign Key Company ID

ID int Primary key Contact Person ID

Personname Varchar(100) Not null Contact Person name

Designation Varchar(50) Not null

Mobileno Varchar(50) Null Mobile Number

Email Varchar(256) Not null Email address


ID bigint Primary key Visiting Card ID

ParentID bigint Not null Parent ID of Directory

ImageName Varchar(256) Not null

ImagePath Varchar(256) Null Image Path

UploadBy Varchar(256) Not null Uploaded By

UploadDate Varchar(50) Upload Date

Field Name Field Type Constraint Description ID int Primary Key ID

CustomerCode Varchar(50) Foreign key Company ID

PersonID Bigint Not null

Item Varchar(50) Not null

LeadDescription Varchar(500) Not null

FileName Varchar(256) Not null

FilePath Varchar(256) Not null

Status Varchar(10) Not null

CreatedBy Varchar(50) Not null

CreatedDate Varchar(50) Not null

36

5.5.10 Sales Lead Follow-up


Id Int Primary Key Follow up ID

parentId Int Foreign key Reference to sales Id

(sales_lead_master)

Typeoffollowup Varchar(50) Varchar(50) Type of follow up for

e.g. by phone, email,

fax

Followupby Varchar(50) Foreign key Reference to UserID

(User_master)

Followupdesc Varchar(100) Not null Follow up description

Next_follow_date Datetime Not null Next Follow up date

Status Varchar(20) Not null Lead status

FileName Varchar(256) Not null File name

FilePath Varchar(256) Not null File Path

CreatedBy Varchar(50) Not null Followup Created By

CreatedDate Varchar(50) Not null Followup Created

Date

37

CHAPTER 6

Implementation Details

6.1 SYSTEM ARCHITECTURE

Systems Architecture is a generic discipline to handle objects (existing or to be created)

called "systems", in a way that supports reasoning about the structural properties of these

objects.

Each one differs in the environment in which they are tested and you will lose control

over the environment in which application you are testing, while you move from

desktop to web applications.

Desktop application runs on personal computers and work stations, so when you test the

desktop application you are focusing on a specific environment. You will test complete

application broadly in categories like GUI, functionality, Load, and backend i.e DB.

In client server application you have two different components to test. Application is

loaded on server machine while the application exe on every client machine. You will

test broadly in categories like, GUI on both sides, functionality, Load, client-server

interaction, backend. This environment is mostly used in Intranet networks. You

are aware of number of clients and servers and their locations in the test scenario.

Web application is a bit different and complex to test as tester don’t have that much

control over the application. Application is loaded on the server whose location may or

may not be known and no exe is installed on the client machine, you have to test it on

different web browsers. Web applications are supposed to be tested on different

browsers and OS platforms so broadly Web application is tested mainly for browser

compatibility and operating system compatibility, error handling, static pages,

backend testing and load testing.

In two-tier client/server architecture, the client communicates directly with the database

server. The application or business logic either resides on the client or on the database

server in the form of stored procedures.

A two-tier (C/S) model first began to emerge with the applications developed for local

area networks in the late eighties & early nineties, and was primarily based upon

simple file sharing techniques implemented by X-base style products (dBase,

FoxPro, Clipper, Paradox, etc.).

38

6.2 CODING STANDARDS

In database all tables are having names according their data content.

Tables and their fields name are having identification character. For ex: fields of table

user are uid, name, email, address etc.

All functions are using pass by value type of parameter passing.

All global variables are stored in session.

Each modules are having specifications for functionality which it perform, environmental

effects and error conditions listed in APIs.

Comments are written at each looping code for estimated iterations.

Constant values are assigned in capital variable names. ex: MAX = 10

Reusable codes are separated and called dynamically.

Allocated memory is released using coding only to increase system performance.

Code optimization is taken care at sub revision coding update part.

Event handling is done based on subroutines on operation on objects of components.

6.3 SOURCE CODE: MASTER PAGE:

<%@ Master Language="C#" AutoEventWireup="true"

CodeFile="MasterPage.master.cs" Inherits="MasterPage" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head runat="server">

<asp:ContentPlaceHolder ID="head" runat="server">

</asp:ContentPlaceHolder>

<title>Customer Relationship Management</title>

<link href="style.css" rel="stylesheet" type="text/css" />

<style type="text/css">

.newtextbox

{

width: 200px;

color: Black;

border-radius: 3px;

height: 25px;

}

.newtextarea

{

39

width: 200px;

resize: none;

color: Black;

border-radius: 3px;

}

.modalBackground

{

background-color: Gray;

filter: alpha(opacity=80);

opacity: 0.8;

z-index: 10000;

}

</style>

</head>

<body>

<div id="header">

<a href="#">

<img src="images/logo.png" title="Affiliate Promo logo"

id="logo" alt="Logo" /></a>

<ul id="navBar">

<li class="current"><a

href="emp_welcome.aspx">Home</a></li>

<li><a href="search_customer.aspx">Customer</a></li>

<li><a href="search_agent.aspx">Agent</a></li>

<li><a href="saleslead.aspx">Sales Lead</a></li>

<li><a href="change_password.aspx">Change

Password</a></li>

<li><a href="logout.aspx">Log out</a></li>

</ul>

</div>

<div id="welcomeMessage">

<h1>

WELCOME TO CUSTOMER RELATIONSHIP MANAGEMENT</h1>

<p>

Customer Relationship Management (CRM) is a model for

managing a company’s interactions

with current and future customers. It involves using

technology to organize, automate,

and synchronize sales, marketing, customer service.</p>

40

</div>

<div id="wrapper">

<div id="secWrapper">

<div id="container" class="clearfix">

<form id="form1" runat="server">

<asp:UpdatePanel ID="up1" runat="server">

<ContentTemplate>

<div id="mainCol" class="clearfix"

align="center" style="background-image: url('images/bg2.jpg');">

<div>

<asp:ScriptManager ID="sc1"

runat="server">

</asp:ScriptManager>

<asp:ContentPlaceHolder

ID="ContentPlaceHolder1" runat="server">

</asp:ContentPlaceHolder>

</form>

</div>

</div>

</ContentTemplate>

</asp:UpdatePanel>

</form>

</div>

</div>

</div>

<div id="footer">

<p>

Copyrights © 2013 CRM, All Rights Reserved</p>

</div>

</body>

</html>

41

CHAPTER 7

Screen Layouts

Register Page

For New user Registration .It takes all the information of the user and Creates New Accounts

42

Login

Login Page Provides the Facility to Logged in the user to the System. It also takes Cookies from

the Client Side

43

Admin Customer Pending Request

44

User Home

After successfully logged in into the system. System Redirected to this page. This page shows

the Info of the Company or Sales Person

45

User Edit

This Page provides the facility to update the information of the user.

46

Customer Master

This Page provides Facility to maintain the customers of the Company or agent.

It provides the facility to Create Customer, Search Customer.

47

Create Customer

If company or Sales Person wants to create a new customer then this page provides to store the

customer Information. It also takes the Visiting card or any other file or authorized documents

from the user.

48

Edit Agent

On agent edit detail form we can able to edit the information of the agent. And we can also and

the more than one contact person to the agent. If we upload the document for the once then

upload button function is disabled and only download button enables. We can download

document more then on time. At the time of uploading the document will be encrypted with the

AES and at the time of downloading encrypted file is decrypted with the AES algorithm

49

Edit Contact Person Detail

This form is used to change the selected contact person detail. We select the edit button for

specific customer button then one popup window will be opened. In that popup we can update

the info of the contact person.

50

Sales Lead

If Sales Person Wants to Create the Sales Lead then This page provides the facility to Create the

Sales lead for specific Product or Service.

51

Change Password

This Page Provides The Functionality to Change the Password of the Account.

52

CHAPTER 8

Software Testing

Software testing is a process of executing a program with objective of finding an error. Software

quality should be a primary concern in software development efforts. Software testing and

evaluation are traditional method of checking software quality. It consists of putting together

various coded pieces of a design, testing them and correcting the parts of the code or the design

that is not correct. At this stage some errors are introduced purposely to test whether the program

will spot them.

8.1 COMPONET TESTING:

Unit testing: In unit testing individual components are tested independent of other

system components. I have tested each form independently to check their proper

functionalities.

Module testing: A module is a collection of different components such as object class

and abstract data types or some procedures and functions. I have tested two modules like

Master File data manipulation, Transaction File data manipulation.

INTEGRATING TESTING:

It involves testing collection of modules that which have been integrated into a system.

White Box Testing (WBT): WBT is related with the structure of the program to test the

logic of the program various test case are designed which takes care of following

Every statement in a program was executed at least once. Path analysis was performed

with every statements of the program.

Advantage of white box testing

As the knowledge of internal coding structure is prerequisite, it becomes very easy to find

out which type of input/data can help in testing the application effectively.

The other advantage of white box testing is that it helps in optimizing the code

It helps in removing the extra lines of code, which can bring in hidden defects.

53

8.2 Unit Testing:

Module Name: Admin

Page Name Data Expected Result Result Generated

Admin Login Loading of page –

check if it loads with

correct format

All controls are

correctly displayed

with their default

values

All controls are

correctly displayed

with their default

values

Link- Check all links

for correct redirection

All links are working

well


well

Controls - Check all

controls at load and at

run time for correct

result

All controls are loads

well and generates

correct result at

runtime


well and generates

correct result at

runtime

Pending Customer Loading of page –


correct format

All controls are

correctly displayed

with their default

values

All controls are

correctly displayed

with their default

values




well


well




result


well and generates

correct result at

runtime


well and generates

correct result at

runtime

Search Customer Loading of page –


correct format

All controls are

correctly displayed

with their default

values

All controls are

correctly displayed

with their default

values




well


well




result


well and generates

correct result at

runtime


well and generates

correct result at

runtime

54

Module Name: Agent

Page Name Data Expected Result Result Generated

Agent Master Loading of page –


correct format

All controls are

correctly displayed

with their default

values

All controls are

correctly displayed

with their default

values




well


well




result


well and generates

correct result at

runtime


well and generates

correct result at

runtime

Customer Master Loading of page –


correct format

All controls are

correctly displayed

with their default

values

All controls are

correctly displayed

with their default

values




well


well




result


well and generates

correct result at

runtime


well and generates

correct result at

runtime

Agent Home Loading of page –


correct format

All controls are

correctly displayed

with their default

values

All controls are

correctly displayed

with their default

values




well


well




result


well and generates

correct result at

runtime


well and generates

correct result at

runtime

Sales Lead Loading of page –


correct format

All controls are

correctly displayed

with their default

values

All controls are

correctly displayed

with their default

values




well


well




well and generates


well and generates

55


result

correct result at

runtime

correct result at

runtime

Open Sales Lead Loading of page –


correct format

All controls are

correctly displayed

with their default

values

All controls are

correctly displayed

with their default

values




well


well




result


well and generates

correct result at

runtime


well and generates

correct result at

runtime

Sales Lead Follow-up Loading of page –


correct format

All controls are

correctly displayed

with their default

values

All controls are

correctly displayed

with their default

values




well


well




result


well and generates

correct result at

runtime


well and generates

correct result at

runtime

Search Agent Loading of page –


correct format

All controls are

correctly displayed

with their default

values

All controls are

correctly displayed

with their default

values




well


well




result


well and generates

correct result at

runtime


well and generates

correct result at

runtime

Search Customer Loading of page –


correct format

All controls are

correctly displayed

with their default

values

All controls are

correctly displayed

with their default

values




well


well

56

CHAPTER 9

Tools and Technology

9.1 NET Framework

The .NET Framework is a technology that supports building and running the next generation of

applications and Web services. The .NET Framework consists of the common language runtime

(CLR) and the .NET Framework class library, which includes ADO.NET, ASP.NET, Windows

Forms, and Windows Presentation Foundation (WPF). The .NET Framework provides a

managed execution environment, simplified development and deployment, and integration with a

wide variety of programming languages.

The .NET Framework is an integral Windows component that supports building and running the

next generation of applications and XML Web services. The .NET Framework is designed to

fulfill the following objectives:

To provide a consistent object-oriented programming environment whether object code is

stored and executed locally, executed locally but Internet-distributed, or executed

remotely.

To provide a code-execution environment that minimizes software deployment and

versioning conflicts.

To provide a code-execution environment that promotes safe execution of code, including

code created by an unknown or semi-trusted third party.

To provide a code execution environment that eliminates the performance problems of

scripted or interpreted environments.

To make the developer experience consistent across widely varying types of applications,

such as Windows-based applications and Web-based applications.

.

57

Use the Microsoft .NET Framework 3.5

The .NET Framework enables the rapid construction of connected applications that provide

outstanding end-user experiences by providing the building blocks for solving common

programming tasks. Connected applications built on the .NET Framework model business

processes effectively and facilitate the integration of systems in heterogeneous environments

.Together Visual Studio and the .NET Framework reduce the need for common plumbing

code, reducing development time and enabling developers to concentrate on solving business

problems. The .NET Framework 3.5 builds incrementally on the .NET Framework

3.0.Enhancements have been made to feature areas including the base class library, Windows

Workflow Foundation, Windows Communication Foundation, Windows Presentation

Foundation, and Windows Card Space

. The Common Language Runtime (CLR)

CLR manages the execution of .NET code, including memory allocation and garbage

collection (which helps avoid memory leaks), security (including applying differing trust

levels to code from different sources), thread management, enforcing type safety, and many

other tasks. The CLR works with every language available for the .NET Framework, so there

is no need to have a separate runtime for each language. Code developed in a .NET language

is compiled by the individual language compiler (such as the Visual Basic .NET compiler)

into an intermediate format called (appropriately enough) Intermediate Language (IL). At

runtime, this IL code generated by the compiler is just-in-time (JIT) compiled by the CLR

into native code for the processor type the CLR is running on. This compilation provides the

flexibility of being able to develop with multiple languages and target multiple processor

types while still retaining the performance of native code at execution time.

ASP.NET

ASP.NET is Microsoft's latest technology for building web-based applications and services, a

successor to Active Server Pages (ASP) that draws on the power of the.NET Framework

development platform and the Visual Studio .NET developer tool set. To better understand

ASP.NET, it is important to understand some key concepts of Examination System NET

development platform. It is also helpful to grasp object-oriented development (OOD), which

is at the very heart of the .NET Framework that provides the foundation for ASP.NET

development. At the core of Microsoft's .NET platform initiative is a new set of technologies

known collectively as the .NET Framework, which we'll refer to commonly as the

Framework. The Framework provides a platform for simplified rapid development of both

web-based and Windows-based applications. The Framework has two primary components,

the Common Language Runtime (CLR) and the Framework Class Library (FCL).

58

Microsoft SQL server 2008

Plug-in model for SMS. SSMS 2005 also had a plug-in model, but it was not published,

so the few developers that braved that environment were flying blind. Apparently for

2008, the plug-in model will be published and a thousand add-ins will bloom.

Inline variable assignment. I often wondered why, as a language, SQL languishes

behind the times. I mean, it has barely any modern syntactic sugar. Well, in this version,

they are at least scratching the the tip of the iceberg.

Instead of:

DECLARE @my Variant

SET @my Var = 5

You can do it in one line:

DECLARE @my Variant = 5

C like math syntax. SET @i += 5. Enough said. They finally let a C# developer on the

SQL team.

Auditing. It's a 10 dollar word for storing changes to your data for later review,

debugging or in response to regulatory laws. It's a thankless and a mundane task and no

one is ever excited by the prospect of writing triggers to handle it. SQL Server 2008

introduces automatic auditing, so we can now check one thing off our to do list.

59

Compression. You may think that this feature is a waste of time, but it's not what it

sounds like. The release will offer row-level and page-level compression. The

compression mostly takes place on the metadata. For instance, page compression will

store common data for affected rows in a single place.

The metadata storage for variable length fields is going to be completely crazy: they are

pushing things into bits (instead of bytes). For instance, length of the varchar will be

stored in 3 bits.

Filtered Indexes. This is another feature that sounds great - will have to see how it plays

out. Anyway, it allows you to create an index while specifying what rows are not to be in

the index. For example, index all rows where Status! = null. Theoretically, it'll get rid of

all the dead weight in the index, allowing for faster queries.

Resource governor. All I can say is FINALLY. Sybase has had it since version 12 (that's

last millennium, people). Basically it allows the DBA to specify how much resources

(e.g. CPU/RAM) each user is entitled to. At the very least, it'll prevent people, with

sparse SQL knowledge from shooting off a query with a Cartesian product and bringing

down the box.

Actually Sybase is still ahead of MS on this feature. Its ASE server allows you to

prioritize one user over another - a feature that I found immensely useful.

Plan freezing. This is a solution to my personal pet peeve. Sometimes SQL Server

decides to change its plan on you (in response to data changes, etc...). If you've achieved

your optimal query plan, now you can stick with it. Yeah, I know, hints are evil, but

there are situations when you want to take a hammer to SQL Server - well, this is the

chill pill.

Processing of delimited strings. This is awesome and I could have used this

feature...well, always. Currently, we pass in delimited strings in the following manner:

9.2 APPLICATION DATABASE

MySQL. The Main Features of MySQL:

Internals and Portability

Security

Scalability and Limits

60

Connectivity

Localisation

Clients and Tools

9.3 SERVER MANAGER

Internet Information Services (IIS) – formerly called Internet Information Server – is

a web server software application and set of feature extension modules created

by Microsoft for use with Microsoft windows. IIS7.5

supports HTTP, HTTPS, FTP, FTPS, SMTP .It is an integral part of the Windows

Server family of products (and their client counterparts in the cases of Windows NT

4.0 and Windows 2000), as well as certain editions of Windows XP, Windows

Vista and Windows 7. IIS is not turned on by default when Windows is installed. The IIS

Manager is accessed through the Microsoft Management Console or Administrative Tool

sincontrolpanel.

9.4 CSS

CSS saves time

Pages load faster

Easy maintenance

Superior styles to HTML

9.5 JS

Java script is executed on the client side

Java script is a relatively easy language

Java script is relatively fast to the end user

Extended functionality to web pages

9.6 AJAX

XML Http Request - It is used for making requests to the non-Ajax pages. It

supports all kind of HTTP request type.

I Frame - It can make requests using both POST and GET methods. It supports

every modern browser. It supports asynchronous file uploads

Cookies - In spite of implementation difference among browsers it supports large

number of browsers

The interface is much responsive, instead of the whole page a section of the page

is transferred at a time.

Waiting time is reduced

61

9.7 JQuery

Ease of use

Large library

Strong open source community. (Several jQuery plugins available)

Great documentation and tutorials

Ajax support

9.8 JSP

Advantages of JSP:

JSP are translated and compiled into JAVA servlets but are easier to develop

than JAVA servlets.

JSP uses simplified scripting language based syntax for embedding HTML into

JSP.

JSP containers provide easy way for accessing standard objects and actions.

JSP use HTTP as default request/response communication paradigm and thus

make JSP ideal as Web Enabling Technology.

62

CHAPTER 10

Advantages and Disadvantages

9.1 Advantages:

Realism: the model accurately reflects the iterative nature of software development on

projects with unclear requirements

Flexible: incorporates the advantages of the waterfall and evolutionary methods

Comprehensive model decreases risk

Good project visibility.

9.2 Disadvantages:

Needs technical expertise in risk analysis and risk management to work well.

Model is poorly understood by non-technical management, hence not so widely used

Complicated model needs competent professional management. High administrative

overhead.

63

CHAPTER 11

Future Enhancements

FUTURE ENHANCEMENTS

System will be able to be used by mobile user.

Employee can generate reports from mobile device.

Integration of mobile application with existing system.

Employee can be notified via SMS sent from GSM server integrated with System.

64

CHAPTER 12

Conclusion

Conclusion:

This project is the result of many dedicated minds. The major goal is to provide computerized

‘Video and Image Sharing’. The effort has been towards computerizing the manually handled

database system of the ‘Video and Image Sharing’. At the time of practically executing our

knowledge we were fortunate to have very cooperative and supportive project guide and

colleagues. Their attitude toward us was very helpful. Initially, when we started developing the

system and as and when the requirements poured in, it was really exciting for us to know that the

things which initially look simple can include so many features, and developing it was a

knowledgeable experience for us. Finally, we would like to conclude the nothing is perfect and

so isn’t this project, but we have tried to put in our efforts to the maximum possible for this

project.

65

CHAPTER 13

Bibliography

Refer Related Links:

WWW.Wikipedia.com

WWW.StackOverflow.com

WWW.Google.com

WWW.Quickstart.asp.net

Refer Related Book

ASP.net Black Book

http://www.wikipedia.com/

http://www.stackoverflow.com/

http://www.google.com/

http://www.quickstart.asp.net/

1.1 project summary

Documents