IceCoreSoft is a Nordic software development company focusing on business integration. We are well versed in communication protocols and EDI standards. Our main focus is AS/2, a standard for secure business-to-business communication with guaranteed exactly-once delivery. Our AS/2 server (Core Connect) has been built from the ground up for the cloud and offers extraordinary scalability and reliability. It comes with a full-fledged REST API that supports single sign-on and fits well into a modern micro-service landscape. Alternatively, it can be configured for ground operations on premises. It is certified by Drummond Group.
Products Services AS/2 Packages Company

Core Connect

Core Connect is an AS/2 server built from the ground up for the cloud and for ease of initial setup and later maintenance. It takes advantage of modern cloud capabilities and web technology to provide a cost effective, fast, and easy to use experience.

Why Core Connect

  • Built from the ground up to support the actual daily needs of a GDSN data pool and their partners, with the GS1 operators who know the business as key players.
  • Highly scalable, meaning the platform uses more resources when it needs them and releases them again when done. That means it can handle peaks without overprovisioning, keeping costs down.
  • Highly available, using Kubernetes and cloud technology to minimize downtime.
  • Easy to work with; this is not a full-fledged integration platform that can do "anything", and that means it is better at doing AS/2. The user interface is tailored for the task at hand.
  • Extremely good support for diagnostics when there are problems; the system can literally provide a network trace of the traffic if needed, providing insight into what goes wrong when there are problems, for example when onboarding a new partner.
  • Task-driven; the system creates tasks for problems and future challenges (such as certificates about to expire), helping the administrator to see what needs to be done with a glance.
  • Programmable and easy to integrate with internal applications using a modern REST API. Everything that can be done from the user interface is also supported by the API.
  • Cloud native, taking advantage of cloud technology everywhere (as opposed to some other, older systems ported to the cloud). We can also support ground operations on physical machines, but the main target platform is Azure.
  • Certified by Drummond Group, full-featured and compliant.

Technology

Core Connect can run on premises, but was designed from the ground up for the cloud. Specifically, it targets Kubernetes, which provides many of the killer features.

The application consist of three main components: receiver, rest server and sender. They all scale individually. The receiver and rest server scale based on load. If there are many inbound AS/2 messages, the receiver will scale out and add additional instances to keep up. If there are many concurrent REST requests, the rest server will scale out in the same way. Finally, the sender scales back based on the backlog of outbound messages. It can scale to zero when there is no traffic and scales up to the configured limit when needed. In essence the system has a very low standby cost and spins up automatically when needed in response to inbound or outbound traffic.

Core Connect uses Quarkus and compiles to native code. That means it starts in a flash, so Kubernetes can scale out and add new instances at warp speed. They spin up and start working in seconds. Furthermore, Core Connect has a very low memory footprint compared to a regular Java application. It typically needs a tenth of what a comparable regular Java application would use. That means higher density and lower cost, as well as better performance.

Kubernetes (and the underlying cloud) provides load balancers that route traffic to healthy instances. Connect has health probes for readiness and liveness. Kubernetes will automatically restart broken instances and will spin up new, healthy ones when needed. This provides very high uptime. In fact, the system is usually up and responsive even when a new version is deployed.

Core Connect has a custom HTTP layer, which means it has control over the low-level network traffic. That allows it to safely record network traces from the application in production. Having the network traffic is a real killer for diagnosing problems with a new partner.

Core Connect stores all meta-data in a searchable relational database, but the messages (original business messages, wire messages and network traces) are stored in efficient cost-effective blob storage. This provides the best of both worlds.

The user interface is developed in Angular and is designed specifically for AS/2. Connect proactively creates administrative tasks when it finds something that needs to be fixed, for example a partner certificate about to expire. Connect can also auto-connect to another Connect instance, exchanging certificates and configuration safely and without human mistakes.

Connect supports on-line certificate replacement – simply add new partner certificates and/or local party keystores. Connect will start using them and will phase out the old certificates automatically.

Everything that can be done from the user interface is also supported by the REST API. This allows close integration with backend systems. Connect supports push and pull for message delivery and notifications. The REST API and the user interface support single sign-on with OpenID/OAuth. Use your own corporate login.

We know we have a winner. Want to know more? Please let us know.

Credits

Core Connect includes software developed by The Apache Software Foundation. Specifically, the AS/2 engine is rooted in Apache Camel and Apache James. On top of that, there are many open-source components used as part of the product, most prominently Quarkus as the core backend framework and Angular for the frontend.

Services

Consulting

IceCoreSoft offers consulting services related to business integration with Core Connect or with AS/2 or GDSN in general. Having built our own server, we are very familiar with the technology. Please contact sales for a discussion and quote.

Custom adapters

Core Connect is great when it comes to AS/2, but it needs to connect to the internal business systems as well. There is a full-fledged REST API, but perhaps the internal system cannot easily be extended to use it? If the internal system has a suitable API of its own, we can provide a custom adapter. We know our API inside out, so we are well positioned to help with the wiring. Please contact sales for a quote.

Additional support

All editions include basic support. For additional support, please contact sales for a quote.

AS/2

AS/2 is an open standard for secure and reliable B2B communication specified by RFC 4130. Over the years there have been several improvements and optional features. The latest version is 1.2, which is supported by Core Connect.

Basic problem

In essence, AS/2 exists to help Bob send messages securely to Alice with proof of delivery in spite of anything Eve tries to do to get in the way. Bob and Alice are probably large corporations, while Eve could be a criminal or state actor.

  • Bob sends an encrypted and signed message to Alice. Eve cannot read the message as it is encrypted.
  • Eve cannot forge or alter the message as it is signed.
  • Alice can verify that the message is from Bob as it is signed.
  • Alice generates a receipt that includes a signed hash of the message contents and sends it back to Bob.
  • Eve can read the receipt (which is not encrypted), but she cannot forge it or alter it as it is signed.
  • Bob can verify that the receipt comes from Alice as it is signed, and that Alice provably received the message as the receipt contains a valid message hash. Bob can even go to court and prove that Alice received the message, should that be needed.
  • Eve feels sorry for herself and longs for the old days when everyone used FTP.

Background

AS/2 was created in 2002 to replace AS/1. The standard was adopted by Walmart, which made it mandatory. Other retailers followed suit. Today, AS/2 is used by the Global Data Synchronization Network (GDSN) for trade item information and similar data world-wide.

While AS/2 is strong in retail, it is not industry specific. It is frequently encountered in finance, utilities, and any industry where security and guaranteed peer-to-peer delivery is important.

Over the years, many additions and optional features have been added.

  • The original standard did not support compression. It was added in AS/2 1.1.
  • The original standard used signature algorithms that are now obsolete (MD5, SHA-1). Most products including Connect support stronger algorithms, but there are notable exceptions.
  • The original standard used encryption algorithms that are obsolete or on their way out. Again, most products including Connect support AES, but not all.
  • The optional feature AS/2 Reliability added support for exactly-once delivery by standardizing retries and resends (Connect has it).
  • The optional features FN and FN-MDN added support for file name based duplicate checks (Connect has it).
  • The optional feature MA makes it possible to send multiple files in a single message (Connect has it).
There are several less important optional features as well. The current version of the standard is 1.2.

Drummond Group certifies AS/2 products. This is valuable as there are many vague areas in the standard. Two certified servers should be able to communicate without problems.

Technology

AS/2 uses HTTP (with or without TLS/SSL) as transport. That means that it is firewall-friendly and works everywhere. It supports binary data efficiently and is easy to work with. AS/2 also builds on MIME, which is used for e-mail attachments, and CMS, which provides encryption and signatures to form S/MIME. This makes it possible to send messages as-is or encrypted and/or signed and/or compressed. In general, messages should always be signed. It can also be a good idea to encrypt them, as message security is stronger than transport security.

Transport security does not always protect a message from end to end. Message security does.

When a message has been received, a receipt called MDN is typically returned, either on the same network connection or as a separate asynchronous HTTP request in the other direction. The MDN should ideally be signed. It includes a cryptographic hash of the original message contents, which can be used to prove that the message was received successfully. This is called non-repudiation of receipt.

Signatures and encryption use public key encryption. It works exactly as with TLS/SSL. The public keys are given to other parties and are not sensitive. The private keys are retained and are very secret. To sign a message, a signature is computed with the private key that can be verified by the public key. Anyone can use the public key to prove that the message was signed by the private key and hence by the signing party. To encrypt a message, an efficient symmetric session key is created, encrypted with the other party’s public key, and used to encrypt the data. They can then decrypt the session key with their private key and use it to decrypt the actual message.

Solving the problem

The basic goal for AS/2 is to provide secure messages between peers (without a trusted third party) delivered exactly once over the Internet.
  • The basic standard ensures that successful delivery can be proven (using a signed MDN).
  • The basic standard also provides machine-readable and human-readable explanations when delivery fails (part of the MDN standard).
  • The basic standard ensures that data is confidential and secure from eavesdropping (using encryption).
  • The basic standard ensures that data cannot be modified in transit without detection (using signatures).
  • The extensions ensure that delivery is retried in a deterministic way, ensuring that messages get delivered or eventually flagged for human attention (AS/2 Reliability).
  • The extensions protect against the same file being sent twice (if duplicate checks are enabled), often crucial in the finance industry (FN, FN-MDN).
This helps Bob to communicate with Alice and sends Eve packing.

Packages

Starter edition

Ideal for businesses with low to moderate traffic where AS/2 is important, but not business critical. Perfect for test environments.
  • Full support for AS/2.
  • Full-featured REST API.
  • Modern web interface.
  • Basic support.

The license is 1000 SEK/month (excluding VAT). On top of that, there are infrastructure costs. The starter edition comes as a Docker image and runs well on-prem. With SQL Express and file storage (for really low volumes) that keeps the costs to a minimum. It can of course also run in the cloud.

Please contact sales for discussions.

Cloud edition

The full package. Runs in Kubernetes in Azure backed by Azure SQL Database and Blob Storage. Highly available and scales up and down as needed to balance performance with costs.
  • Full support for AS/2.
  • Full-featured REST API.
  • Modern web interface.
  • High availability.
  • Full scalability within configured bounds.
  • Basic or extended support.
We recommend this option for production use for customers that can use Azure.

The license starts at 6500 SEK/month (excluding VAT). On top of that there are the infrastructure costs from Microsoft. Please contact sales for details.

Enterprise edition

For customers who need to run Connect on premises or in a cloud of their own choosing (i.e., not Azure) or who need advanced security or monitoring.
  • Full support for AS/2.
  • Full-featured REST API.
  • Modern web interface.
  • High availability.
  • Full scalability within configured bounds.
  • Single sign-on (*).
  • Help with installation and initial configuration.
  • Help with connectivity to internal systems.
  • Basic or extended support.
The license starts at 8700 SEK/month (excluding VAT). Please contact sales for discussions and a quote.

Feature comparison

Feature Starter Cloud Enterprise
AS/2 version 1.2 (the latest)
- AES encryption
- AS/2 Reliability
- AS/2 Restart
- Basic Auth (BA, AS/2 Cloud)
- Chunked transfer encoding (CTE)
- Compression (AS/2 1.1)
- Filename preservation (FN)
- Multiple attachments (MA)
- Multiple attachments filename preservation (FN-MA)
- SHA2 digests
- TLS/SSL (including TLS client auth)
- Certified by Drummond Group
Full REST API
User-friendly web interface
File transfers (local, FTP, FTPS, SFTP)
Highly available  
Scales up and down to handle peaks  
Number of containers/pods 1 Unlimited Unlimited
Single sign-on (*)    
Centralized metrics (*)    
Centralized logs (*)    
Installation and configuration support    
Help with connectivity to internal systems    
Support Basic Basic/Extended Basic/Extended
*: For single sign-on, centralized metrics and centralized logs, support varies depending on what the customer is running.

Company

About

IceCoreSoft was founded in 2022 with the specific goal of building the best possible AS/2 server. Development has proceeded well and Today we are happy to provide Core Connect to our customers.

E-mail:
info@icecoresoft.com
sales@icecoresoft.com

Peter is the CEO of IceCoreSoft. He has a long retail background, among others as Head of IT for ICA Sweden. Peter has founded several companies such as Tarento, with a growth from 1 person to 250 persons in 4 countries in 4 years. He has also founded Katmai – a leading provider of Datapool software.

Erik is the main developer and technical visionary. During his career, he started with embedded development in C and assembly, moved on to client/server, mainframes and lately Java and C# mostly targeting the cloud. He is also an Enterprise architect, a performance expert and an integration specialist. In short, he likes to do a little bit of everything. For Connect, his experience with B2B and AS/2 as an integration expert at Oracle, the many years as architect and AS/2 troubleshooter at GS1 Sweden and 25 years as a Java developer were put to good use. Erik is the founder of CodeMint.

Press