<Insert Picture Here>

Andy Rothfield, Oracle - North America Marketing and Strategy Manager, Oracle Embedded Global Business Unit

Demed L’Her, Oracle - Director of Product Management, Oracle SOA SuiteK Scott Morrison, Layer 7 Technologies - CTO & Chief Architect

Extending the Oracle Service Bus into the DMZ and Beyond

Agenda

• The Oracle Embedded Value Proposition• The Oracle Service Bus (OSB) Value Proposition• The Challenge Of The Extended Enterprise• Introducing the OSB Appliance (OSBA)

• Simple Deployment• DMZ-class Security• DMZ-class Security• Extreme Performance• Clear Visibility

• Conclusions

Why Embed Oracle?

• Transparent building blocks that:• Create end-user trust• Improve time to market• Ensure reliability

The OSB Value Proposition

• Ability to Adapt To Change• Service virtualization• Protocol Switching • Routing and Transformation• Error Handling, Policy Enforcement

• Scaling in Multiple Dimensions• 1,000s of services• Millions of Transactions

Oracle Service Bus

BPMB2BBPMPortal

• Reduce Cost Through Re-use• Connect your services once• Easily configure services for integration• Single view of assets w/ Service Lifecycle

• Manage risk• Embedded service-level management• Failure Isolation and auto-recovery• Application Alerts & SLAs• Auditing and Reporting

Oracle Service Bus

AdaptersServiceRepository

Integration Services

Business Logic Business Logic

ApplicationClient

ServiceClients

Oracle Service Bus Enterprise Services

Service

ApplicationClient

ApplicationClient

ApplicationClient

HTTP/SOAP

JMS

FTP

REST

EJBApplication

WS-RM

TUX

MQ

EJB

JCA

Service

Service

Service

Service

Request / Response

Service Messaging

Synch / Asynch

Split / Join

Publish / Subscribe

Adaptive Connectivity In a Nutshell…

EJBApplicationClient Service

• Multiple communications paradigms• Request/response• Synchronous and asynchronous• One-to-many, many-to-one• Pub-sub• Mix-and-match (e.g. sync-to-async)

• Any to Any Protocol• Any to Any Payload

• XML• non-XML• Binary

• No WSDL Required

New Challenges in the Extended Enterprise

Cloud Computing (SaaS, PaaS, IaaS)

Indu

stry

Tre

nds

SOA & REST - Across Enterprise Boundaries

Customization, Security, Performance, Availability, Regulatory

Distributed Applications and Shared Services

Indu

stry

Tre

nds

SOA & REST – Inside the Organization

Customization, Security, Performance, Availability, Regulatory

Introducing the Oracle Service Bus Appliance

+

1. Easy Deployment

Best of breed XML Gateway

for XML security and acceleration

Best of breed ESB

for mediation and adaptive connectivity

2. DMZ-class Security

3. Extreme XML Performance

4. High Degree of Visibility

Easy Deployment & Simple Configuration

• With OSB Appliances the Customer can • Remove the appliance from the shipping carton, install it in the rack, • Connect power and network cable(s), assign an IP address, and turn the appliance on. • At that point it configures itself to run on the network.

Concluding initial XML firewalling policy configura tionyour Service Bus Appliance is ready to use

The entire process takes less than an hour

versus loading and configuring conventional softwar e.

What’s in the BoxXML Accelerator

Cryptographic Accelerator &

Hardware Security Module

144.30% to 16,564.97% Improvement

Over Server Install of OSB

SSL Acceleration &

FIPS 140.2 Level 3

Protect & Secure

Integrate & Customize

Typical Deployment

Security - Challenges

• Challenges• Cyber Threats

• Existing firewalls & IDS/IPS do very little to find application protocol threats

• Identity and Access Control Across Boundaries• Privacy and Integrity• Audit & Compliance Risks• Audit & Compliance Risks

• Significant time & money• Different expectations across verticals• HIPPA, PCI, etc

DMZ-Class Security

• Perimeter Security and Defense in Depth• Threat Protection• Access Control through integration with Oracle IDM Suite• Federated Identity across disparate security realms (SAML)• Support for WS* Security and messaging standards and products• FIPS 140-2 Level 3 with Elliptic Curve/B Suite Support

Intercept problematic messages at the enterprise perimeter before they reach your servicesperimeter before they reach your services

����XXXXXXXXXXXX

Oracle Access

Manager

Oracle Entitlements

Server

Perform Identity-based access to services and operations in the DMZ

Performance Challenges

• Application Layer Protocols are expensive to process• Often XML-based

• Threat Detection Requires• Very Fast Message Processing• Schema Validation• Structure Inspection

• Growing Need for Adaptation on-the-fly• Growing Need for Adaptation on-the-fly• Cryptographic Processing is Becoming Expensive Because of Move to

Large Keys• Key Protection is Essential for Many Secure Environments

• But external HSM processing can incur high latency

Acceleration of XML and Cryptography

• Hardware-based XML Processing (XPATH, XSLT, XSD)• Hardware-based, FIPS 140-2 Cryptographic Processing (RSA, ECC,

3DES, AES, etc)• On-board Hardware Security Module (HSM) for key protection• Large Message Processing

Delegate common or expensive XML-related tasks from your services to your infrastructure

OSBA Performance Value Proposition

• The numbers speak for themselves• 1K

• Schema Validation – 261.34% Faster• XSLT – 262.86% Faster

• 10K• Schema Validation – 287.92% Faster• Schema Validation – 287.92% Faster• XSLT – 187.24% Faster

• 100K• Schema Validation - 16564.97% Faster• XSLT – 144.30% Faster

Visibility Challenges

• Two demands:• Instantaneous state across the extended enterprise• Forensic usage data

• Need to know status of infrastructure and applications• Need instant notification of problems

• Integration into existing monitoring and management infrastructure• Integration into existing monitoring and management infrastructure

• Business needs customized counters• Every application is different

• Data must be available• As report• As raw data for metrics, billing etc.

Monitoring Capability

• Integrated Monitoring and Management• Graphical display• Raw data available through APIs

OSBA Console(s)

OSBA Service Monitoring• Monitor System Operations

• Alerting and reporting key monitoring points• Gauge system health, slowdown notification• Monitoring is optional per service

• Service metrics• Response times (min, max, avg)• Message, error, failover counts • Action level metrics

• Dashboard• Show fault and performance metrics

Warnings

1317 4

40

72

CriticalMinor

Error Responses

• # of Generated Errors• By Service

18

• Show fault and performance metrics aggregated cluster wide or per server

• JMX Metrics• Metrics available via MBean interfaces• Integration with Enterprise Mgr

• Custom Alerts• SLA alerts for conditions requiring attention• Pipeline alerts can flag individual msgs

• Service health• # of Alerts by Severity

• Configurable Aggregation Intervals

Conclusions

• Decrease time to market and cost of implementation by leveraging a pre-integrated, pre-configured SOA Appliance:

• Initial configuration (network configuration, security lock-downs, etc.)• Security configuration (such as XML firewalling, access control, auditing, etc.)• Adapter configuration for enterprise system integration (ERP, CRM,

databases, messaging systems, etc)• Monitoring configuration for integration with existing management • Monitoring configuration for integration with existing management

infrastructure

• Thank you for joining us this morning!

• Contact info:• Andy Rothfield, andy.rothfield@oracle.com• Demed L’Her, demed.lher@oracle.com, 650-506-1128• Scott Morrison, smorrison@gov.layer7tech.com, 778-329-9982

Questions?