Secure Mail DNA Platform

CertifiedMail.com is the emerging leader in providing secure electronic document delivery through a Web browser. Companies such as law firms, financial institutions, and healthcare organizations can now send confidential data over the Internet with the assurance that they are delivered safely to the intended recipient. CertifiedMail.com chose to develop its service on the Windows® DNA platform because of the performance, reliability, interoperability, and flexibility provided by Microsoft® Windows DNA-based products. CertifiedMail.com continues to enhance its product at Internet speed, thanks to the breadth of easy-to-use Internet services integrated into the Windows DNA family.

Situation
If It's Not Easy, They Won't Use It
CertifiedMail.com emerged in 1999 as a spinoff from Safetynet, Inc., a PC and network security firm. When the idea for certified email hit, Safetynet spent two years developing the technology and then launched the Internet venture to run under its own steam. Bob Janacek, Executive Vice President of CertifiedMail.com, explains that requirement number-one was ease of use for customers. "We learned in Safetynet that if it's not easy to implement, it won't get implemented and eventually will be taken off an organization's machines."

CertifiedMail.com crafted a security product that is easy to use and easy to deploy. A local PC support person, or even the resident Microsoft Office expert, can implement it in a branch office without calling in security experts. The infrastructure behind the successful CertifiedMail product is the Microsoft Windows DNA platform, including the Microsoft Windows NT® Server 4.0 operating system, SQL Server™ 7.0, and Microsoft Exchange Server 5.0. Critical in the development process were Microsoft's Component Object Model (COM) components, the Visual Studio® 6.0 developer system, and Active Server Pages (ASP) technology.

A Burgeoning Market
CertifiedMail.com sees a big market for Internet certified mail. Janacek explains, "Most email systems have the ability to encrypt messages using S/MIME or digital certificates. But activating and registering keys is a hassle; most people just don't do it. Less than one percent of the population has personal digital certificates, even though the technology has been available for over 15 years."

Plus, more and more devices that communicate with the Internet-from cell phones to digital assistants-will need their own personal certificates, increasing the difficulty of widespread personal certificate use. Beyond the legal market, financial institutions can now electronically send financial information to customers, like monthly statements and trade confirmations. In fact, the Securities and Exchange Commission (SEC) recently announced that if banks, brokerage firms, and other companies can securely send financial data over the Internet, they don't have to send paper. This will save these companies about 70 cents per paper transaction, resulting in millions of dollars per month in savings.

Solution
How CertifiedMail Works
An individual can compose a CertifiedMail message from the CertifiedMail.com website, or by clicking the company's "Send Certified™" button installed in the Microsoft Outlook® messaging and collaboration client. Their message is encrypted and travels over the Internet to CertifiedMail.com's secure Web server, where it is logged, time-stamped, and stored in a SQL Server 7.0 database. The business logic performing these functions is written in the Microsoft Visual C++® development system. If the email recipient is already in the CertifiedMail system, it immediately sends him an email telling him that he has a certified mail message waiting for him and provides a URL link. If the recipient is not already in the CertifiedMail system, the CertifiedMail server creates a receive-only/reply-to-sender account and inbox for the recipient and sends them an email, which arrives through their regular email system.

When the recipient receives notification that he has a certified message, he clicks on the link (protected by Secure Socket Layer - SSL - encryption) and is taken to the CertifiedMail site. There, he is authenticated by a password and allowed to pick up his message. When the recipient opens his message, CertifiedMail records the fact that the message was opened by the authenticated user, logs the time and IP address of the recipient's computer (or wireless phone number), and notifies the sender that the mail was received.

CertifiedMail.com's site has a traditional 3-tier architecture, with presentation, business logic, and database layers. The Web server farm-the presentation layer-runs the Windows NT Server 4.0 operating system with its built-in Web server, Internet Information Server (IIS) 4.0 . These servers will soon migrate to Windows 2000 Advanced Server and Internet Information Services 5.0. CertifiedMail uses Microsoft Windows Load Balancing Server (WLBS) to perform load balancing between three Web servers. The Web servers communicate with the database servers via ODBC software.

Microsoft Exchange Server is used for high-volume incoming and outgoing email. It sends notices to individuals and receives encrypted messages sent from the "Send Certified™" button in Microsoft Outlook. Windows NT multitasking allows additional application business logic to run on the Exchange servers, reducing the total number of servers required. There are two servers at this level providing redundancy.

The data tier, comprised of a Microsoft SQL Server 7.0 database, stores the certified emails. This allows CertifiedMail to provide the maximum response time to users, serving as a high- performance queue and message store. For failover support, there are two servers at the database layer.

Janacek says, "SQL Server 7.0 gives us the performance and stability we needed to produce a fast, reliable database solution. When compared to other database solutions, its ease of administration and automated maintenance features have resulted in a very high-quality, self-maintaining solution." CertifiedMail's SQL Server databases are configured to handle 750,000 messages per day with a current 40 percent utilization.

One of the scenarios in which CertifiedMail envisions its technology being used is secure online stock trades. When a stock trade is executed, the trading application would communicate with the CertifiedMail Server™ via XML. The CertifiedMail Server processes the XML message and emails a "document waiting" notice to the recipient. The recipient can then click on an embedded SSL Web link from their Outlook email client, connect to the CertifiedMail server's IIS process, and access their secure trade confirmation.

Flexible Deployment
CertifiedMail.com today runs on seven IBM Netfinity servers. However, the company is soon moving to more space-efficient, rack-mounted servers with even more processing power and expansion room.

Some large customers want the security of having their email servers located on their premises. For these customers, CertifiedMail.com installs servers at the customer site. Because it runs on standard Intel-based servers, the cost to deploy and maintain a CertifiedMail server is significantly lower than Unix-based solutions.

Plus, CertifiedMail has designed its application to be self-maintaining, creating user accounts on the fly, managing inactive accounts, cleaning out old messages, and otherwise providing a virtual database administrator in a box. "Using Enterprise Manager to manage the SQL Server database and various components of Windows 2000 such as Performance Monitor, we have scripted many of the routine maintenance tasks, including database backup and performance threshold alerting," Janacek explains. "This significantly reduces the time required to maintain the CertifiedMail solution and saves us and our customers a lot of money."

In addition to Microsoft-based shops, some customers use mainframes, Lotus Notes, and Unix-based systems, all of which can operate with the Windows-based CertifiedMail servers placed at the customer site. For integration with these various backend application servers, such as those that send stock trades or other business data, the CertifiedMail data collection server runs a high-performance, multithreaded decryption engine and XML parser, quickly pulling messages into the database. "Because Microsoft has embraced open standards like XML with its Windows DNA platform, it makes it easy for our product to talk to a wide range of systems," Janacek says.

Ready for the Wireless Frontier
The flexibility of the Windows DNA platform has also allowed CertifiedMail.com to tap into an enormous nascent market: wireless devices. Researchers project that within three years, there will be more handheld wireless devices accessing the Internet than there will be PCs accessing the Internet. CertifiedMail moved its product into the wireless world by incorporating the Wireless Application Protocol (WAP), Wireless Markup Language (WML) and Handheld Device Markup Language (HDML) protocols. As a result, users can retrieve and send CertifiedMail messages from their Web-enabled cell phones and PDAs. "Microsoft had the foresight to know there might be new types of pages to deliver," Janacek says. "The flexibility of the DNA platform is allowing us to tap into what will soon be a billion-device market - all integrated within our Windows DNA environment." CertifiedMail.com is busy forging alliances with cellular companies to make CertifiedMail a built-in service provided to cell phone users.

Benefits
Windows DNA, A Familiar Face
Safetynet, CertifiedMail's parent company, started with Microsoft products. "Our developers were already very familiar with Microsoft languages and platforms, so developing with Windows DNA was a natural extension of our existing skills," Janacek says. "Once we confirmed that the platform could scale to the needs of our customers, it was a natural selection."

CertifiedMail.com wanted to be able to deliver secure messages worldwide across diverse email systems and provide ironclad proof of delivery. The Windows DNA platform provided the integrated range of tools needed to solve this challenge. Not only was company's existing staff familiar with Microsoft Windows DNA, but the outside talent pool, familiar with the Windows DNA tools and technologies, was also broader and deeper than for any other platform.

"As our company grows, it will be important to be able to bring new developers online as quickly as possible," Janacek says. "Since Windows DNA developers are very productive, we find that we can get our business goals accomplished in a very tight labor market. Additionally, by developing the CertifiedMail technology using Windows DNA instead of Unix technologies, we have calculated that we saved four man-years, worth more than $300,000."

Windows DNA 2000 Means Reliability
Reliability was a critical requirement. Some at CertifiedMail wondered if the company should move to Unix, based on the perception that it would provide 24x7 uptime and reliability. CertifiedMail.com ran a battery of tests that demonstrated the Windows NT Server was up to the task. "We were pleasantly surprised at both the speed and reliability of Windows NT Server 4.0 with Service Pack 6," Janacek says. "We haven't had to reboot a server in months." Reliability got even better when Windows 2000 arrived. "From both a performance and reliability point of view, we're very pleased with Windows 2000. It's like a rock."

One Integrated Development Environment
CertifiedMail developers needed minimal ramp-up time to become proficient with the Windows DNA development environment. It was so easy to understand and use that they were able to concentrate on creating the solution rather than struggling with the development environment. From Visual Studio 6.0, CertifiedMail uses the Visual Basic® 6.0 development system, Visual C++ 6.0, and the Visual InterDev® 6.0 Web development system.

• Visual Basic is used to provide database polling processes for message delivery and expiration, providing easy customization for different customer requirements.
  
• Visual C++ was used to develop the "Send Certified" button for Microsoft Outlook and for XML parsing and various encryption processes. Its speed and tight integration with the Windows API make it an ideal tool for maximizing system capacity and performance.
  
• Visual Basic, Scripting Edition (VBScript) is used by the IIS Web server and Active Server Pages to provide the "glue" between the HTML Web user interface and the database that contains the content.
  
• SQL Server 7.0 is used to maintain and manage the various CertifiedMail databases. Using stored procedures, the database developers have provides a consistent programming interface for the Visual Basic- and Visual C++-based programs. CertifiedMail developers have also created Transact-SQL triggers to expire old messages, manage inactive accounts and provide consistency between tables.
  
• Visual InterDev with the Visual SourceSafe® version control system is used to check in and out code modules for version control.

Janacek says that Visual Studio is a productive, unified environment for integrating Visual Basic and Visual C++. His team used Visual Studio to design HTML pages, presentation layer, business logic, and calls to the SQL Server database. "We can work end to end without switching environments," he says. "The breadth of features covered in one integrated environment is very nice and a huge time saver for us."

Microsoft COM objects are used for database access, encryption, browser capability detection, and to add capabilities such as spell-checking and thesaurus. CertifiedMail.com has found it most effective to use third-party COM objects to reduce development time. They use an MD5 COM object for fingerprinting documents, indicating that the message opened was in fact the message sent. They use a Blowfish encryption object to provide 448-bit encryption. And a spell-checking/thesaurus object adds to the feature set of creating messages via a Web browser. "Being able to drop in entire components saved us hundreds of hours of development time," Janacek says. "Because Windows DNA is based on widely supported technology, we can utilize the contributions of leading component developers to integrate the latest specialized technologies."

The most compelling component was developed in-house using the Microsoft Outlook development kit. It's called "Send Certified", and it appears as a new button in the user's Outlook client right next to the normal Send button. To send certified email, the user simply clicks the button, and the message is sent securely and tracked.

Future
Scalability Unlimited
By upgrading to Windows 2000 Advanced Server, IIS 5.0, and SQL Server 7.0, the current CertifiedMail configuration can handle over 1.2 million messages per day. "Considering that we're using standard, off-the-shelf Intel-based hardware, this is pretty amazing. It's great justification for developing on Windows instead of Unix," Janacek says.

CertifiedMail is evaluating the Network Load Balancing and Cluster Service features of Windows 2000 Advanced Server to determine how the system can be further scaled, and using SQL Server in a cluster to improve availability. "Some insurance companies have millions of customers," Janacek explains. "We can save them tons of money by converting their U.S. mail to electronic certified mail. Jobs like sending out quarterly statements to millions of customers is a perfect application for CertifiedMail-and for Windows DNA products."

The company is also looking forward to Microsoft's new Application Center 2000, which will make it easy to configure and mange high-availability server arrays. The product will also help CertifiedMail.com manage remote servers at customer sites.

CertifiedMail.com, a New Jersey company, recently walked away with the New Jersey Technology Council's annual Venture Fair Award for "Best Internet Technology Company." Janacek explains, "We've created a system that can save companies millions of dollars, make them more competitive, and strengthen their relationships with customers. Our award should also be viewed as an award won by Windows DNA, because our technology is pure DNA. The award will be a big plus in going forward into our next round of venture financing."

For More Information
For more information about Microsoft products or services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada information Centre at (800) 563-9048. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information via the World Wide Web, go to:
http://www.microsoft.com/
http://www.certifiedmail.com/