governance 2.0: a new look at soa governance in the age of cloud and mobile
TRANSCRIPT
Service Governance 2.0
Governance in the age of cloud, mobile
Peter Gibbels
HP Software Product Management ALM/SOA
Francois Lascelles
Layer 7 Director of Solutions Engineering
Housekeeping
Questions
- Chat any questions you have and we’ll answer them at the end of this call
- Today’s event hashtag:
- #l7hpwebinar
- Follow us on Twitter as well:
- @flascelles
- @layer7
- @HPSoftwareALM
Today’s enterprise SOA landscape
IT assets distributed in various zones
Increasing demand for cloud/partner/customer integration
Security first
enterprise boundary
distributed enterprise SOA
• Sensitive data, apps
• Mission critical
• ID authority
• Legacy
partner
partner
SAAS
mobile
IAAS/PAAS
Integrated governance requirements
Centralized governance for services distributed across various zones
Automated provisioning of runtime contract enforcement
Cross-domain security enablement and identity federation
Decoupling of security and application logic
QoS monitoring across service zones
SLA enforcement
Design vs. runtime governance
• Solve gap between operation and design
• Losing information from design – centralized repository including history
• Lots of operation information are defined during design but missing during
operation
• Policy enforcement
• SLA/SLO Monitoring
• Rogue artifacts discovery
Design time governance Runtime governance
• Policy definition
• Design time enforcement
• SLO planning
HP Systinet 4.0
Governance across service zones
Central control of PEPs across service zones
Centralized design time governance authority
defines access control rules, contracts
Policies programmatically pushed to relevant
service zone PEP
Layer 7 Gateway PEP deployed on public
cloud, private cloud, on-premise
Cross-domain trust handled at perimeter
HP SOA SystinetAchieve the promise of SOA with Governance
Supporting key stakeholders from across IT & the business
Business Analysts
VP AppsEnterprise Architects
Allows organizations to lower costsby agreeing on policies for servicedevelopment in advance andbuilding re-usable services andcomponents
Facilitates distributed collaborationand communication betweenapplication development teamsusing shared services
Enables organizations to isolatesensitive information in partitioneddomains, alleviating securityconcerns of a shared repository
Enterprise SOA requires governance to see cost savings :
• Ease of use with new Interface
• Visual Lifecycle Designer tool
• Flexible modeling of services & their dependencies
• Partitioned Domains
• Collaboration and distributed development support
Layer 7 Gateway
Runtime policy enforcement
ATHN/ATHZ capabilities
- X.509, SAML, OAuth
SLA enforcement & reporting
QoS monitoring, alerting
Classification, threat protection
Caching, acceleration
Hardware appliance or virtual appliancePolicy Enforcement Point (PEP)
Gateway Appliance
HP Business Service Management with BAC
End-to-End Performance Monitoring
?
?
? ?
?
Universal
CMDB
360-degree Dashboard
Internet/
FirewallWeb Servers Middleware
and Backend
Data
CICS MQ
TIBCO Sonic
Real Users DiagnosticsBusiness
Transactions
Infrastructure
Monitoring
Deep diagnostics of applications Align performance mgmt
and business requirements
App Servers
on-premise BAC Deployment
HP BAC
Anywhere
Proactive end-user
over-the-firewall
monitoring
Layer 7 – Systinet Integration
Service endpoint
Service client
Layer 7 Gateway
SystinetRepository /
Registry (GIF)
Compliance Feedback
HP BTO BSM (BAC+)
Policies created in Layer 7 Policy Manager
Policies stored and referenced in Systinet
Layer 7 PEP Gateway enforces policies, reports
on compliance
Layer 7
Policy Manager
Systinet 4.0 Functional Components and integration with
Layer 7 PEP
Metadata
Repository
RegistryLifecycle
Management
Contracts
& SLO’sCatalog
Policy
FrameworkVisual
Navigator
IDE Plug-ins
Workbench
Systinet Platform Components
STM BAC
GIF based integration
Cross domain identity federation with Layer 7
STS issues token on behalf of in-
zone requester
Incoming tokens are validated
against federated trust policies