layer 7: building multi enterprise soa
Post on 30-Jun-2015
767 Views
Preview:
DESCRIPTION
TRANSCRIPT
Building Building MultiMulti--Enterprise SOAEnterprise SOA
Philip Walston
September 2008
Philip WalstonVP Product ManagementLayer 7 Technologies
OverviewOverview
Discussion of multi-enterprise SOA implementations, the challenges involved and how SOA appliances can help buildthese architectures
• What is multi-enterprise?
• The Role of SOA
• Real World Issues
• Implementation challenges
September 2008
Building Multi-Enterprise SOA
• Implementation challenges
• Characteristics of a solution
• The role of SOA appliances
• Summary and Questions
September 2008
What Exactly is MultiWhat Exactly is Multi--Enterprise?Enterprise?
Enterprise-Centric
• Most ERP and business applications use enterprise-centric architecture
• Focus is on meeting the enterprise's objectives
Extended enterprise
• An attempt to support the needs of partners by extending and elongating the enterprise data and process model
• Enables partners to interact with each other more easily, but
September 2008
Building Multi-Enterprise SOA
• Enables partners to interact with each other more easily, but this environment is not ideal
• Each partner still has to learn how to work with each other’s business applications, each integration is point-to-point
Multi-enterprise
• A new architecture is required for more complex and interactive multi-enterprise business processes
September 2008
Adapted from: The Emergence of the Multienterpise Business Process Platform - Gartner, 11/07
MultiMulti--Enterprise ExamplesEnterprise Examples
Examples from many business verticals:
Manufacturing
� Manufacturers and suppliers
Insurance
� Insurers and brokers
Corporate
September 2008
Building Multi-Enterprise SOA
� Corporations and outsourced service providers
Telecom
� Service providers and content providers
Architectural models used in these implementations includes:
� EDI, Web, SOA, B2B, Saas, Cloud …
Where Does SOA Fit In?Where Does SOA Fit In?
Corporate NetworkUntrusted ?
Flexible integration across departments, clients and partners
Reuse of software components across business processes
Interoperability across applications
September 2008
Building Multi-Enterprise SOA
Network
PartnerBusiness Unit
Untrusted Entity
?
Web ServicesNetwork
MQSeriesNetwork
CORBANetwork
Implementation ChallengesImplementation Challenges
Corporate NetworkUntrusted ?
• Big step between point solutions and multi-enterprise services� Requires managed, standards compliant SOA framework
• Not all partners are created equal� Rationalizing differences between development skills, security and legal requirements
• The real world is messy� Making integrations work across all boundaries will be tough
September 2008
Building Multi-Enterprise SOA
Network
PartnerBusiness Unit
Untrusted Entity
?
Web ServicesNetwork
MQSeriesNetwork
CORBANetwork
The Real World …The Real World …
September 2008
Building Multi-Enterprise SOA
The Real World …The Real World …
MultipleIdentitySources
MultipleDomains
September 2008
Building Multi-Enterprise SOA
Domains
Web Applications
MultiplePlatforms
GreenScreenSystems
MultipleTransports
(Some) Real World Issues(Some) Real World Issues
Application Silos• Applications from different vendors with narrowly defined interfaces and tight coupling to other systems
Islands of Identity• Different identity repositories, schemas and provisioning systems
Mixed Transport• SSL, HTTP, JMS, MQ, etc.
September 2008
Building Multi-Enterprise SOA
Heterogeneous Platforms• Linux, UNIX, Windows, client-server, mainframe
Heterogeneous Clients• Browsers, green screen, thick clients, other applications
Web Portals• May already be default on-ramp for external partners
Moving to MultiMoving to Multi--EnterpriseEnterprise
Security
• Much more granular and much stronger
• Authentication / authorization mechanism is required
• May need to segregate data physically with separate databases
Integration
• More complex - participating applications and systems are scattered across companies
• Integration approaches will need to be simplified and rationalized to
September 2008
Building Multi-Enterprise SOA
• Integration approaches will need to be simplified and rationalized to manage the increase in complexity across multistep process integration
Data and Process Model
• Need to be designed around common keys that help link enterprises in their interactions
• Gets more complex with potential range of range of one-to-one and one-to-many (and even many-to-many) business processes over time
September 2008
Adapted from: The Emergence of the Multienterpise Business Process Platform - Gartner, 11/07
A Spectrum of Implementation ChallengesA Spectrum of Implementation Challenges
Delivering on the Promise of SOA • How to implement business process
• How to avoid “broken” integrations
Maintaining Security• Where to enforce security
• Ensuring consistent security
September 2008
Building Multi-Enterprise SOA
Meeting SLAs• Measuring and meeting both project and service SLAs
• Reporting and acting on SLA violations
Ensuring Compliance• Instrumentation of the path and ensuring integrity
• Providing validation and alerting mechanisms
Management• Providing the tools to manage the system
• Fitting into existing internal processes
The SecureSpan Product LineThe SecureSpan Product Line
First suite of security and networking products to address the full spectrum of XML deployments:
• Service Oriented Architectures (SOA)
• Web 2.0 and Web Oriented
September 2008
Building Multi-Enterprise SOA
• Web 2.0 and Web Oriented Architectures (WOA)
• AJAX, REST and non-SOAP applications
• ESB, Portal, B2B and Application Oriented Networking
A SOA Gateway’s View of the WorldA SOA Gateway’s View of the World
What roles does a SecureSpan XML Networking Gateway perform?
• Read policies
• Create / store policies
• Enforce policies
• Identify exceptions
September 2008
Building Multi-Enterprise SOA
• Identify exceptions
• Act on exceptions
• Report exceptions
• Capture audit trail
*Enforcement points enforce policies within a specific context
Run-Time
Design-Time
A SOA Gateway’s View of the WorldA SOA Gateway’s View of the World
What roles does a SecureSpan XML Networking Gateway perform?
• Read policies
• Create / store policies
• Enforce policies
• Identify exceptions
September 2008
Building Multi-Enterprise SOA
Diagnostic
Run-Time• Identify exceptions
• Act on exceptions
• Report exceptions
• Capture audit trail
*Enforcement points enforce policies within a specific context
A Few Policy Examples A Few Policy Examples
Threat Protection
• Screen messages for specific / general threats
Identity Based Access Control
• Grant access to specific users or groups
Content-Based Processing
• Perform different processing based on specific content
September 2008
Building Multi-Enterprise SOA
• Perform different processing based on specific content
Selective Version Control
• Transform to mediate client / service versioning issues
Service-Level Agreement
• Process based on measured quota or class of service
Common MultiCommon Multi--Enterprise SOA RequirementsEnterprise SOA Requirements
• Identity and Trust Control Process
� Authenticating and certifying identities
• Policy Definition Environment
� Tailor security (and other) policies to each service consumer and provider relationship
September 2008
Building Multi-Enterprise SOA
• Automated Policy Provisioning and Coordination
� Establish policies that can be distributed, verified and managed
• Compliance Verification Framework
� Enforce, audit, alert and report compliance to policies and SLAs
SOA Appliances and MultiSOA Appliances and Multi--Enterprise SOAEnterprise SOA
Service Endpoints
(Secure Zone)
Internal Firewall
• Security policy composed in policy editor
• Enforcement point acts on policy
• Client software conforms to policy
• Enforcement point reports on compliance
September 2008
Building Multi-Enterprise SOA
SOA Gateway
Corporate Identity Server
Policy Editor
Business Partners
External Firewall
DMZ
SecureSpan and MultiSecureSpan and Multi--Enterprise SOAEnterprise SOA
Service Consumer with Hard-Coded
Policy
Service Endpoints
(Secure Zone)
• Security policy composed in SecureSpan Manager
• XML Networking Gateway acts on policy
• Client software conforms to policy OR
• XML VPN Client conforms to policy
• Enforcement point reports on compliance
September 2008
Building Multi-Enterprise SOA
Service Consumer with SecureSpan XML
VPN Client
Policy
WS-Policy
WS-Policy
SecureSpan XML Networking Gateway
Corporate Identity Server
SecureSpan Manager
(Some) Real World Issues(Some) Real World Issues
Application Silos• Applications from different vendors with narrowly defined interfaces and tight coupling to other systems
Islands of Identity• Different identity repositories, schemas and provisioning systems
Mixed Transport• SSL, HTTP, JMS, MQ, etc.
September 2008
Building Multi-Enterprise SOA
Heterogeneous Platforms• Linux, UNIX, Windows, client-server, mainframe
Heterogeneous Clients• Browsers, green screen, thick clients, other applications
Web Portals• May already be default on-ramp for external partners
How SecureSpan Addresses Real World IssuesHow SecureSpan Addresses Real World Issues
Application Silos• Almost all major commercial applications are SOA-enabled
Islands of Identity• SecureSpan can leverage LDAP, SSO and federation systems
Mixed Transport• SecureSpan supports a mix of transports including HTTP, FTP, JMS
September 2008
Building Multi-Enterprise SOA
Heterogeneous Platforms• SecureSpan is standards-based and application platform independent
Heterogeneous Clients• SecureSpan has solutions to help fill the gap between clients and apps
Web Portals• SecureSpan works in conjunction with both portals and SSO systems
MultiMulti--Enterprise WideEnterprise Wide--Area Routing FabricArea Routing Fabric
Business Partner With SecureSpan Appliances
Business Partner With SecureSpan Appliances
September 2008
Building Multi-Enterprise SOA
Business Partner With SecureSpan Appliances
SecureSpan XML Networking Gateway Cluster
SummarySummary
SOA Can Be Extended Outside of the Enterprise
• Identity, security, provisioning, management …
SOA Appliances Can Help
• Can provide fine-grained personalization of policies
• Robust, high-performance enough for the DMZ
Be Aware of Potential Blockers
September 2008
Building Multi-Enterprise SOA
Be Aware of Potential Blockers
• Establishing meaningful authentication, negotiating portals …
• Coordinating policies with partners
Multi-Enterprise SOA is Not a Product
• No single solution, but lots of products can help
• Good choices can meet immediate and long-term needs
September 2008
top related