layer 7 and oracle - extending the osb into the dmz and beyond
DESCRIPTION
This presentation will help you better understand: - The Oracle Embedded Value Proposition- The Oracle Service Bus (OSB) Value Proposition- The Challenge Of The Extended Enterprise- Introducing the OSB Appliance (OSBA)TRANSCRIPT
<Insert Picture Here>
Andy Rothfield, Oracle - North America Marketing and Strategy Manager, Oracle Embedded Global Business Unit
Demed L’Her, Oracle - Director of Product Management, Oracle SOA SuiteK Scott Morrison, Layer 7 Technologies - CTO & Chief Architect
Extending the Oracle Service Bus into the DMZ and Beyond
Agenda
• The Oracle Embedded Value Proposition• The Oracle Service Bus (OSB) Value Proposition• The Challenge Of The Extended Enterprise• Introducing the OSB Appliance (OSBA)
• Simple Deployment• DMZ-class Security• DMZ-class Security• Extreme Performance• Clear Visibility
• Conclusions
Why Embed Oracle?
• Transparent building blocks that:• Create end-user trust• Improve time to market• Ensure reliability
The OSB Value Proposition
• Ability to Adapt To Change• Service virtualization• Protocol Switching • Routing and Transformation• Error Handling, Policy Enforcement
• Scaling in Multiple Dimensions• 1,000s of services• Millions of Transactions
Oracle Service Bus
BPMB2BBPMPortal
• Reduce Cost Through Re-use• Connect your services once• Easily configure services for integration• Single view of assets w/ Service Lifecycle
• Manage risk• Embedded service-level management• Failure Isolation and auto-recovery• Application Alerts & SLAs• Auditing and Reporting
Oracle Service Bus
AdaptersServiceRepository
Integration Services
Business Logic Business Logic
ApplicationClient
ServiceClients
Oracle Service Bus Enterprise Services
Service
ApplicationClient
ApplicationClient
ApplicationClient
HTTP/SOAP
JMS
FTP
REST
EJBApplication
WS-RM
TUX
MQ
EJB
JCA
Service
Service
Service
Service
Request / Response
Service Messaging
Synch / Asynch
Split / Join
Publish / Subscribe
Adaptive Connectivity In a Nutshell…
EJBApplicationClient Service
• Multiple communications paradigms• Request/response• Synchronous and asynchronous• One-to-many, many-to-one• Pub-sub• Mix-and-match (e.g. sync-to-async)
• Any to Any Protocol• Any to Any Payload
• XML• non-XML• Binary
• No WSDL Required
New Challenges in the Extended Enterprise
Cloud Computing (SaaS, PaaS, IaaS)
Indu
stry
Tre
nds
SOA & REST - Across Enterprise Boundaries
Customization, Security, Performance, Availability, Regulatory
Distributed Applications and Shared Services
Indu
stry
Tre
nds
SOA & REST – Inside the Organization
Customization, Security, Performance, Availability, Regulatory
Introducing the Oracle Service Bus Appliance
+
1. Easy Deployment
Best of breed XML Gateway
for XML security and acceleration
Best of breed ESB
for mediation and adaptive connectivity
2. DMZ-class Security
3. Extreme XML Performance
4. High Degree of Visibility
Easy Deployment & Simple Configuration
• With OSB Appliances the Customer can • Remove the appliance from the shipping carton, install it in the rack, • Connect power and network cable(s), assign an IP address, and turn the appliance on. • At that point it configures itself to run on the network.
Concluding initial XML firewalling policy configura tionyour Service Bus Appliance is ready to use
The entire process takes less than an hour
versus loading and configuring conventional softwar e.
What’s in the BoxXML Accelerator
Cryptographic Accelerator &
Hardware Security Module
144.30% to 16,564.97% Improvement
Over Server Install of OSB
SSL Acceleration &
FIPS 140.2 Level 3
Protect & Secure
Integrate & Customize
Typical Deployment
Security - Challenges
• Challenges• Cyber Threats
• Existing firewalls & IDS/IPS do very little to find application protocol threats
• Identity and Access Control Across Boundaries• Privacy and Integrity• Audit & Compliance Risks• Audit & Compliance Risks
• Significant time & money• Different expectations across verticals• HIPPA, PCI, etc
DMZ-Class Security
• Perimeter Security and Defense in Depth• Threat Protection• Access Control through integration with Oracle IDM Suite• Federated Identity across disparate security realms (SAML)• Support for WS* Security and messaging standards and products• FIPS 140-2 Level 3 with Elliptic Curve/B Suite Support
Intercept problematic messages at the enterprise perimeter before they reach your servicesperimeter before they reach your services
����XXXXXXXXXXXX
Oracle Access
Manager
Oracle Entitlements
Server
Perform Identity-based access to services and operations in the DMZ
Performance Challenges
• Application Layer Protocols are expensive to process• Often XML-based
• Threat Detection Requires• Very Fast Message Processing• Schema Validation• Structure Inspection
• Growing Need for Adaptation on-the-fly• Growing Need for Adaptation on-the-fly• Cryptographic Processing is Becoming Expensive Because of Move to
Large Keys• Key Protection is Essential for Many Secure Environments
• But external HSM processing can incur high latency
Acceleration of XML and Cryptography
• Hardware-based XML Processing (XPATH, XSLT, XSD)• Hardware-based, FIPS 140-2 Cryptographic Processing (RSA, ECC,
3DES, AES, etc)• On-board Hardware Security Module (HSM) for key protection• Large Message Processing
Delegate common or expensive XML-related tasks from your services to your infrastructure
OSBA Performance Value Proposition
• The numbers speak for themselves• 1K
• Schema Validation – 261.34% Faster• XSLT – 262.86% Faster
• 10K• Schema Validation – 287.92% Faster• Schema Validation – 287.92% Faster• XSLT – 187.24% Faster
• 100K• Schema Validation - 16564.97% Faster• XSLT – 144.30% Faster
Visibility Challenges
• Two demands:• Instantaneous state across the extended enterprise• Forensic usage data
• Need to know status of infrastructure and applications• Need instant notification of problems
• Integration into existing monitoring and management infrastructure• Integration into existing monitoring and management infrastructure
• Business needs customized counters• Every application is different
• Data must be available• As report• As raw data for metrics, billing etc.
Monitoring Capability
• Integrated Monitoring and Management• Graphical display• Raw data available through APIs
OSBA Console(s)
OSBA Service Monitoring• Monitor System Operations
• Alerting and reporting key monitoring points• Gauge system health, slowdown notification• Monitoring is optional per service
• Service metrics• Response times (min, max, avg)• Message, error, failover counts • Action level metrics
• Dashboard• Show fault and performance metrics
Warnings
1317 4
40
72
CriticalMinor
Error Responses
• # of Generated Errors• By Service
18
• Show fault and performance metrics aggregated cluster wide or per server
• JMX Metrics• Metrics available via MBean interfaces• Integration with Enterprise Mgr
• Custom Alerts• SLA alerts for conditions requiring attention• Pipeline alerts can flag individual msgs
• Service health• # of Alerts by Severity
• Configurable Aggregation Intervals
Conclusions
• Decrease time to market and cost of implementation by leveraging a pre-integrated, pre-configured SOA Appliance:
• Initial configuration (network configuration, security lock-downs, etc.)• Security configuration (such as XML firewalling, access control, auditing, etc.)• Adapter configuration for enterprise system integration (ERP, CRM,
databases, messaging systems, etc)• Monitoring configuration for integration with existing management • Monitoring configuration for integration with existing management
infrastructure
• Thank you for joining us this morning!
• Contact info:• Andy Rothfield, [email protected]• Demed L’Her, [email protected], 650-506-1128• Scott Morrison, [email protected], 778-329-9982
Questions?