SMS aggregation service provider - sms

Can someone please tell me what are the pre-requisites for establishing an SMS Aggregation service (as a business), I am after the technology and implementation, a rough overview of what is involved (what components, ex. Gateway, carrier, etc) will be great help.
Regards

Find partner(s) with the right infrastructure that offer you connection to the mobile world. You will have difficulty dealing with carriers directly, but there are some "super-aggregators" that are connected to several carriers and offer you their services. This partner deals for you with the low level stuff (routing & delivery on SS7 layer). Get connected to the partner, probably via SMPP, the de facto standard protocol for SMS over IP.
Find many good customers. Offer them a broad range of interfaces like SMPP, HTTP, SOAP, ..., you name it.
...?
Profit!
If you keep it like that you have an IP only infrastructure and you won't have to deal with the nasty parts of the SMS world (at least not technically).

Related

How to request user location from HLR

I'm a software developer with very little knowledge on telco, recently my boss asked me to find a way to request user location with their imsi from the HLR. I have never done such thing before, i work mostly on high end applications. I've done some research, read some articles, like on dialogic.com, but until now i haven't found clear instructions on have to make it.
So can someone explain me what are all the steps i should take in order to make it? I'm working on windows but a linux based solution will be good to. Please consider I'm a newbie.
There is a way to do it, of course, but all depends on the core network. If it is up to 3g, you could (depending on the operator) either do ATI against HLR based on IMSI, or send an SRI-SM query to the HLR and in response get the VLR id.
then send PSI (Provide subscriber info) query with Location Information tag to the VLR which you got from HLR.
In response of PSI the VLR/MSC will respond back with LAC and Cellid of
subscriber. For newer (4-5G) mobile networks, there is an explanation here http://4g5gworld.com/blog/lcs-architecture-lte-eps
The interface to the HLR is usually not an open interface - it is an SS7 based interface on what is a closed network for operators.
The information in the HLR and VLR (Visitor Location Register - a local copy of the HLR on visited switches) and the VLR is not usually available externally. Some of the information would never be shared, but there are some services which will allow you query some HLR info - for example (I have not used these and cannot vouch for them):
https://www.hlr-lookups.com
http://www.vianett.com/en/products/overview/hlr-number-lookup
If you wanted to implement a service like this yourself, you would need a gateway between the IP and SS7 networks.
The HLR lookup service provides information for IMSI and roaming MSC. A MSC have country code and network code. If this is the only information which serves the purpose the , you can get lookup services from any service provider , just by checking the coverage. If you are telecom company and have SS7/Sigtran level access to the mobile operators then can develop your own lookup gateway.
https://www.cspsprotocol.com/what-is-hlr-lookup/
I found what i needed with Telestax Restcomm GMLC server. It's available here
https://github.com/RestComm/gmlc
But be aware that the solution only works on Linux server, because windows does not implement the SCTP Stack.
I know it's an old post, but if it's any help to others, I use a company called Data Soap for HLR lookups and they provide information about phone network, along with the originating country.
https://www.datasoap.co.uk/data-quality-services/hlr-lookup

Existing Event Driven Network Protocols

I am building a set of programs that consist of multiple clients and a single server.
The clients are frequently pushing small packets of data to the server, which will validate the information (returning an error if the data is invalid), and process the received information. The information may then incur the firing of events, which clients will be subscribed to, allowing for clients to be instantly (or as close as possible) notified (along with a small amount of data).
I have some ideas about how to do this, but I am trying to avoid creating a protocol of my own, mainly as I'm sure it would take forever and I would probably make a few errors. So I was wondering if there are any existing protocols that I could implement into my system that would provide such functionality.
The number of clients will initially be quite small, but will be growing over time to potentially include 1000's of clients (with their own subscriptions), and several front end servers (each one handling a subset of subscriptions) parsing the information back and forth with back end servers for improved capability.
So, if anyone knows of any existing protocols that implement these requirements and functionality, that would be fantastic.
EDIT
I am currently looking at the XMPP protocol, and the JXTA protocol suite (for reference, and implement with another language). Both seem quite good and provide the necessary connectivity, but I have not had the opportunity to test each of them out in my environment, or if they are even suitable for what I am attempting.
Additionally, some of the network clients will be outside of the local network and operating over WAN. Security is not so much of an issue, but I need to take into account the increase latency of this, and firewall rules (local to the connection that is hosting the application and ISP firewalls) that could be blocking certain ports or transport protocols (I have read some text that said that some ISPs where blocking UDP packets, but not sure of how wide this goes. I can do it at home, the office, mobile, friends houses, etc and have yet to experience it myself).
I'm sorry if the following is not exactly what you're after but I am slightly confused by your use of the word 'protocol'. I understand a protocol to be a 'communication specification' only, where the implementation is left entirely to you. If that is the case I always find the the following graphic usefull, link.
If on the other hand you are looking for a solution which allows you to easily implement the networking side of your application, helping save time, then checkout the following network libraries, which implement their own custom protocol:
NetworkComms.Net
Lidgren
ZeroMQ
Disclaimer: I'm a developer for NetworkComms.Net

can I develop a publish subscribe system without using MOM

I am trying to develop a publish/subscribe system.
To this end, I have read some papers and articles regarding it.
And they all talk about Messaging service as an integral part of publish/subscribe system.
My question is, can I develop a publish subscribe system without using MOM like JMS?
Or am I missing or oversimplifying things?
I do not think you are oversimplifying things. There are stand-alone products available that provide advanced functionality based on publish/subscribe, without being part of a larger MOM system.
One of them is a group of products implementing the Data Distribution Service (DDS) specification, as standardized by the Object Management Group (OMG). Check out this Wikipedia entry for a very brief introduction and list of references.
DDS supports many advanced data management features like a strong-typed and content aware databus, distributed state management and historical data access. Its rich set of Quality of Service settings allows to off-load a lot of the complexity from your applications to the middleware. This is all based on the publish/subscribe paradigm.
If you would tell more about your application, then I might be able to point you to similar use cases using this technology -- if you are interested.
It depends what you mean by "MOM". If you think MOM = JMS then yes, there are plenty of pub/sub applications which are not JMS servers (off the top of my head): 0MQ, TIBCO Rendezvous and the many AMQP implementations around.
I guess my definition of MOM is an infrastructure for reliably getting a message from one system to another in an asynchronous manner. Pub/sub is a feature on top of the message transport which allows a message to be distributed to multiple other systems. Once you get beyond the point of opening a socket and stuffing a bunch of bytes down it, I would argue you are in the realm of MOM.
So, no you don't need JMS to do pub/sub....there are plenty of open-source and closed-source alternatives out there. Which one depends on your requirements and skills.
You can look at multicast that provides one to many communication. Multicast does not require MOM, instead it requires multicast enabled IP network. Usually the network routers take care of creating copies of message and delivering messages to destinations.

Where would I go to learn write code that had to be very, very secure but DOES expose external services (running on a standard Windows or Linux OS)

Where would I go to learn write code that had to be very, very secure and that DOES expose external services (running on a standard Windows or Linux OS). Knowing what services can and cannot be safely exposed would be part of the issue. Note that I am not looking for a favorite choice between Linux and Windows, as the choice is not likely to be mine to make in any given case. However the level of security needs to be military grade.
I almost feel embarressed giving this as a for instance, but how would I know whether or not I could use, say, WCF, in such a setting.
High security is a difficult concept as it generally involves way more than just the code you wrote.
Basically every layer of the OSI model has to be taken into consideration. Things like, preventing capture of the data stream (or it being rerouted) between the end points (quantum cryptography).
At the higher levels, you have things like various things like
Physical security of the devices (all endpoints if possible).
Hardening the OS (e.g: closing ports, turning off unused services, using kerberos, VPN tunnels, and leveraging white lists of machines allowed to connect, etc);
Encrypting the data at rest (file encryption), in transmission (SSL), and in memory (column/table encryption).
Ensuring and enforcing proper authentication and authorization at every level (in app, in sql, etc).
Log EVERYTHING. At a minimal it should answer "who/what/when/where/how"
Along with the logging, Actively Monitor it. aka: intrusion detection.
Then we can move on to other things like looking at other attack vectors like sql injection, xss, internal / disgruntled employees, etc.
And once you've done all of that be prepared when a hacker gets away with everything they want simply by social engineering.
In short, the best tact to take in order to secure any computer related application is to listen to the ethos of Fox Mulder, and Trust No One. Another favorite of mine that applies is: It's only paranoia if they aren't after you.
You could use formal methods to (sort-of) prove the critical parts of your software. A tool like Frama-C (free, LGPL license, targetting embedded systems) could be relevant (at least if your software is critical, embedded, written in C).
But military grade don't mean much. Your client will (and should) define exactly the standards to respect. For instance, critical [civilian] aircraft software needs to follow something like DO-178C (or its predecessor, DO-178B). Different industries have different standards similar to that. (both railways and medical industries have their own standards, which might be different in North America than in Europe).
If your system (& client) is less demanding (i.e. no billion dollars or hundreds lives threatened by bugs) you could consider customizing your compiler or using some other tool. For example, GCC is customizable thru plugins or thru MELT extensions.
Don't forget that software reliability has a big price (that means a big cost for you, hence for your client).
Well, the question of where can be answered simply. Not in school. I suggest to create a learning path for yourself. Pick a technology that you like and learn it inside out. A basic book to get you started should suffice, however the rest of the stuff you learn as you go, or via the documentation of that technology.
For instance - learning under .NET (Microsoft) involves a basic A-Press text-book (i suggest Pro C# and The .NET 4.0 Platform). Thereafter searching through the .NET Framework Reference on MSDN will give you the rest.
If you are looking for WCF reference, I suggest the (MCTS Exam 70-503, Microsoft .NET Framework 3.5 Windows Communication Foundation) and MSDN.
Just keep in mind that not a single technology will achieve what you are looking for. For example: WCF co-mingles with WF (Windows Workflow Foundation), as well as SQL Data Services and Entity Framework. Being exposed to multiple technologies will definitely broaden your vision.
===============================================================================
WCF is a beast in this regard. Here are the advantages over some other means of communication:
Messages (data) passed between end points can be secured via message-level security (encryption). The transport channel chosen can also be secured at protocol level via transport layer security (encryption).
End points themselves can authorize and impersonate clients (client level security). You can implement end-to-end service tracing, health monitoring & performance counters, message logging, as well as forward and backward compatibility with newer/older clients (via graceful degradation of the message format, provided in WCF). If you chose to do so, you can even implement routing as fail-safe for your communications channel. WCF also supports transactions (ACID), concurrency, as well as a per-instance throttling, giving you the most flexibility in writing secure/robust military grade code.
In retrospect the security and flexibility of WCF are astonishing. A similiar technology (if not the same) is the WS-Security spec. It is part of the WS-* specifications for web services and deals with Xml signature and Xml encryption to provide secure communications channel between two end points.
The disadvantages of WS-* however is that it is a one-way means of communication. WCF can facilitate 2 way communication. A client can send a request to a server, but also a server can send requests to the client. WS-* dictates that a client can only send and receive responses to the server, but not vice versa.
I am not a WCF developer so i thought the highlights might provoke you into doing your own research. "There are hundreds of ways to skin an animal, neither of them is wrong..."

Commercial JMS/MOM implementations with non-Java client support?

So far I have seen non-Java client support only for open source message brokers like Apache ActiveMQ, JBoss HornetQ and Open Message Queue (OpenMQ).
Are there also closed-source products like WebSphere, WebLogic or Tibco which offer non-Java access to their MOM brokers, using a documented wire protocol (opposite to a closed-source binary client library) which allows to write clients in other languages?
This is getting more interesting as products (like WebLogic) are available in the (EC2) cloud so that developers can use the cloud instance to develop and test a client application without the need to purchase and install the full version.
I don't have a definitive answer because I specialize in WMQ exclusively. However, I believe the answer is "no" for the most part. (More on that in a minute.)
Regarding WMQ IBM makes available exit points to tailor the behavior of the channels, API calls and authorizations. Exits are very well documented and perform narrow functions within the scope of a particular action - i.e. receive a message, initiate a connection, etc. These are written in C and, more recently, Java. For the most part these are unused and customers I talk to generally cite complexity. They want something customizable through configuration and not through low-level code. I suspect other MOM vendors experience similar requirements from customers.
What does this have to do with your question? My take on this is that if customers are reluctant to code up exits with limited function, it seems far fetched that they would code up a full-featured and robust client that supports reliable message delivery, one- and two-phase commit, client-side exits, diagnostics, and all the other functionality that WMQ channels provide.
Assuming that this task was undertaken by an open-source team capable of that level of code, who would support it? the MOM vendors currently provide end-to-end support when using their proprietary clients. The notion of how a trouble ticket might be resolved when using a third-party client that is community-supported is a bit scary to many customer. For example, IBM supplies add-ons for WMQ called SupportPacs. Although there are SupportPacs that are fully supported and are considered product extensions, some of the SupportPacs are provided as-is. Many of my customers won't run as-is code even when it is supplied by the vendor.
Finally, there is the notion of the interface contract. WMQ supports a few verbs with a lot of options. The underlying channel protocol is MUCH more complex. When WMQ v7 came out, the channels had considerable new functionality and tuning. this was possible at this scale because the internals are not exposed to clients and so IBM was able to make massive changes without fear of negative impact to 3rd party clients. Exposing all of that would create dependencies on an order or two higher magnitude than exist with just the API's exposed.
So, according to my theory (I don't pretend to speak for the MQ development team here) the big MOM vendors have a vested interest in not exposing their channel protocols to independent developers. The new wrinkle here is AMQP which I alluded to above. It defines the wire protocol and allows each vendor to code a compliant product. Although this provides the opportunity you describe for open-source solutions, the ability of any one implementation to improve the product is limited by the fact that they don't own the protocol. For the time being though I don't expect you'll find any of the big MOM vendors exposing their wire protocols for 3rd party development. That said, this is just a guess and if I'm wrong, I'm sure someone here will jump in and provide the counter-example.

Resources