Service Governance 2.0

Governance in the age of cloud, mobile

Peter Gibbels

HP Software Product Management ALM/SOA

Francois Lascelles

Layer 7 Director of Solutions Engineering

Housekeeping

Questions

- Chat any questions you have and we’ll answer them at the end of this call

Twitter

- Today’s event hashtag:

- #l7hpwebinar

- Follow us on Twitter as well:

- @flascelles

- @layer7

- @HPSoftwareALM

Today’s enterprise SOA landscape

IT assets distributed in various zones

Increasing demand for cloud/partner/customer integration

Security first

enterprise boundary

distributed enterprise SOA

• Sensitive data, apps

• Mission critical

• ID authority

• Legacy

partner

partner

SAAS

mobile

IAAS/PAAS

Integrated governance requirements

Centralized governance for services distributed across various zones

Automated provisioning of runtime contract enforcement

Cross-domain security enablement and identity federation

Decoupling of security and application logic

QoS monitoring across service zones

SLA enforcement

Design vs. runtime governance

• Solve gap between operation and design

• Losing information from design – centralized repository including history

• Lots of operation information are defined during design but missing during

operation

• Policy enforcement

• SLA/SLO Monitoring

• Rogue artifacts discovery

Design time governance Runtime governance

• Policy definition

• Design time enforcement

• SLO planning

HP Systinet 4.0

Governance across service zones

Central control of PEPs across service zones

Centralized design time governance authority

defines access control rules, contracts

Policies programmatically pushed to relevant

service zone PEP

Layer 7 Gateway PEP deployed on public

cloud, private cloud, on-premise

Cross-domain trust handled at perimeter

HP SOA SystinetAchieve the promise of SOA with Governance

Supporting key stakeholders from across IT & the business

Business Analysts

VP AppsEnterprise Architects

Allows organizations to lower costsby agreeing on policies for servicedevelopment in advance andbuilding re-usable services andcomponents

Facilitates distributed collaborationand communication betweenapplication development teamsusing shared services

Enables organizations to isolatesensitive information in partitioneddomains, alleviating securityconcerns of a shared repository

Enterprise SOA requires governance to see cost savings :

• Ease of use with new Interface

• Visual Lifecycle Designer tool

• Flexible modeling of services & their dependencies

• Partitioned Domains

• Collaboration and distributed development support

Layer 7 Gateway

Runtime policy enforcement

ATHN/ATHZ capabilities

- X.509, SAML, OAuth

SLA enforcement & reporting

QoS monitoring, alerting

Classification, threat protection

Caching, acceleration

Hardware appliance or virtual appliancePolicy Enforcement Point (PEP)

Gateway Appliance

HP Business Service Management with BAC

End-to-End Performance Monitoring

?

?

? ?

?

Universal

CMDB

360-degree Dashboard

Internet/

FirewallWeb Servers Middleware

and Backend

Data

CICS MQ

TIBCO Sonic

Real Users DiagnosticsBusiness

Transactions

Infrastructure

Monitoring

Deep diagnostics of applications Align performance mgmt

and business requirements

App Servers

on-premise BAC Deployment

HP BAC

Anywhere

Proactive end-user

over-the-firewall

monitoring

Layer 7 – Systinet Integration

Service endpoint

Service client

Layer 7 Gateway

SystinetRepository /

Registry (GIF)

Compliance Feedback

HP BTO BSM (BAC+)

Policies created in Layer 7 Policy Manager

Policies stored and referenced in Systinet

Layer 7 PEP Gateway enforces policies, reports

on compliance

Layer 7

Policy Manager

Systinet 4.0 Functional Components and integration with

Layer 7 PEP

Metadata

Repository

RegistryLifecycle

Management

Contracts

& SLO’sCatalog

Policy

FrameworkVisual

Navigator

IDE Plug-ins

Workbench

Systinet Platform Components

STM BAC

GIF based integration

HP SOA Systinet 4 Lifecycle Management (1)

HP SOA Systinet 4 Lifecycle Management (2)

Visualizing applications

Alerts showing up in SideScope monitor

Example Layer 7 alerting to BAC using SNMP

Example Layer 7 to BAC performance metrics

SiteScope Sript monitor

Cross domain identity federation with Layer 7

STS issues token on behalf of in-

zone requester

Incoming tokens are validated

against federated trust policies

HP + Layer 7 : comprehensive governance solution

for more information

http://www.layer7tech.com

http://www.hp.com/go/soa