T E C H N O L O G Y W H I T E P A P E R
Accelerating Information System Interoperability
for Secured Business Processes Automation
Faced with increased information privacy legislation, organizations
must secure their online, automated business processes with partners
to meet corporate governance obligations. They are challenged to
achieve these goals because their information systems, such as HR,
ERP, CRM, finance, and sales were not designed to provide the
secure interoperability required for automating business processes. An
emerging alternative model for services-oriented architecture (SOA)
deployment includes a network-embedded SOA backbone that pro-
vides IT system interoperability for corporate-wide security and regula-
tory compliance. This network-based approach provides significant
advantages because it is application–independent, needing no
modification to web services-aware applications, and reduces the
TCO for IT systems.
Table of Contents
1 Executive Summary
3 IT System Interoperability — The Promise and Challenge
3 Example: The problem with IT system silos
4 Web Services and SOA to the Rescue?
4 SOA: The vision
5 Technical background
5 Example: Application integration with web services
6 Web Services — The Reality
6 Challenges deploying a traditional SOA infrastructure
8 Web services using a network-embedded SOA backbone
9 Alcatel-Lucent Web Services Portfolio
10 Key functionality
10 Unique value proposition
2 Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation
In today’s increasingly competitive and fast-moving business environment, migrating business processes
online and automating business process with partners while upholding proper corporate governance
are top issues for business executives. Responding quickly to the changing needs of customers and
automating workﬂow with business partners are vital for growth.
While many businesses recognize these needs, increased automation, good corporate governance and
agility are challenging because their information systems for human resources (HR), enterprise resource
management (ERP), customer relationship management (CRM), ﬁnance, and sales do not interoperate
— each IT system has its own built-in security perimeter. Automating business processes with partner
organizations is also a priority and presents additional interoperability difﬁculties due to the explicit
security perimeter between partner organizations. In effect, corporate information systems fall short
of their interoperability requirements.
Web services technologies offer a new application architecture for enterprises struggling to automate
business processes — a services-oriented architecture (SOA). It includes a services layer that provides
the IT system interoperability required to place human workﬂow online, and automate business
processes with partners.
Even though these web services deliver efﬁcient automated workﬂows, governance is lost. The exposure
of a services layer defeats the built-in security of each IT system and there is no standardized method
that replaces this security function to ensure compliance with information privacy regulations. Thus
web service deployments to date encounter high custom software development costs to provide the
required governance and maintain compliance.
An alternative model for SOA deployment is emerging that includes a network-embedded SOA backbone
and provides a corporate-wide compliance infrastructure. This model provides the required information
security and reduces custom development and required implementation resources. The advantageous
network-based approach is application-independent and needs no modiﬁcation to web services-aware
applications. It drives efﬁciencies and reduces the total cost of ownership (TCO) for IT systems.
The Alcatel-Lucent Web Services portfolio offers unique product options for the data center and the
DMZ for organizations striving to increase business process automation while ensuring proper corporate
governance. The Alcatel-Lucent portfolio creates a corporate-wide network-embedded SOA backbone
that provides IT system interoperability for the corporate-wide security and regulatory compliance
required for effective and secure automation.
Now is the time to deploy an SOA infrastructure in support of business process automation projects.
Recent surveys reveal that more than 70 percent of large North American corporations are already
using SOAs. Over one billion web services based interfaces are estimated to be in use. There are many
documented cases where legacy systems and new applications were successfully interoperated using
a web services model with significant cost savings. Industry standards have reached the maturity
level needed to support wide adoption.
Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation 1
Faced with increased information privacy legislation, organizations must secure their online, automated
business processes with partners to meet corporate governance obligations. They are challenged to
achieve these goals because their information systems such as HR, ERP, CRM, ﬁnance, and sales do
not interoperate. IT must provide greater support for secure online workﬂow. New technologies are
emerging that “have the potential to revolutionize the way companies do business: faster service
deployment, increased automation, shorter time-to-revenue and lower TCO.”1 Across all IT projects,
information system integration for interoperability typically accounts for 35 percent to 40 percent of
the total cost of custom software development and maintenance.2
Information system integration requirements, and difficulties, also arise from the need to increase
automation of business-to-business (B2B) processes: 66 percent of enterprises report an urgent need to
improve electronic communication with partners. “Enterprises need to extend and improve partner access
and offer anytime, anywhere access [to applications] securely and cost effectively to stay competitive.”3
SOAs based on XML and web services technologies offer a compelling option for enterprises struggling
to integrate information systems to automate workﬂow. “Web services are redeﬁning and transforming
the way every company thinks about its IT systems and business.”4 Web services technologies deﬁne
a new application architecture that includes a services layer and standardized interfaces for IT systems,
which provide the cost-effective IT system interoperability required to place human workﬂow online,
and to automate business processes with partners.
The current method for deploying an SOA infrastructure delivers efﬁcient automated workﬂows, but
requires signiﬁcant custom development to ensure proper governance and compliance with information
privacy regulation. Unfortunately, the exposure of the services layer defeats the built-in security of
each IT system and there is no standardized and corporate-wide method for replacing this security
function. Thus web service deployments have encountered high custom software development costs
to maintain compliance and provide the required governance.
An important ﬁrst step in enabling information systems to interoperate is the addition of standardized
interfaces, because IT systems use many different messages and document formats. Supporting all
necessary transformations on all IT systems adds complexity and costs to IT system interoperability projects.
Until now, the security concerns and scaling complexity has left the promise of web services unrealized.
The component assembly and management needed to overcome these issues require a large investment
of resources, very specialized skills, and can entail a lengthy process. Fortunately, an emerging alternative
model for deployment of an SOA provides the required security and ensures application-level compliance.
This new model delivers SOA through a network-embedded backbone that provides a corporate-wide
compliance infrastructure. This advantageous, network-embedded approach is application-independent,
requiring no modiﬁcation to web services-aware IT systems, and minimal modiﬁcation to legacy systems.
This paper presents:
• The beneﬁts of application interoperability for enterprises
• The difﬁculty with web services as an answer to the IT system interoperability problem
• The beneﬁts of web services deployed using a network-embedded SOA backbone
• The Alcatel-Lucent Web Services portfolio, including its unique functionality
“Despite Technology Challenges, Service-Oriented Architecture Has the Potential to Transform How Companies Do Business,” Yankee Group, November 2005
“Harnessing the Power of Web Services and Middleware,” Gartner, June 2003
“B2B Gateways Are Securing the Edge of the Enterprise,” Yankee Group, October 2004
“Web Services Markets: Market Strategies, Opportunities and Forecasts 2002-2007,” Wintergreen Research, 2002
4 Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation
IT System Interoperability — The Promise and Challenge
Organizations need increased IT system interoperability to obtain the agility and security required to
automate and remain competitive in today’s business environment. Poor information system agility
due to a lack of interoperability often means a sluggish response to market forces with lost revenue
opportunities as a consequence.
For example, delays in integrating new suppliers into existing systems lower production capacity while
billing problems from a new product or service can quickly lead to lost customers. Integrating IT
systems with customer and partner B2B extranets drives efficiencies in the supply chain, expands
e-commerce and creates opportunities for outsourcing non-core business processes — providing
signiﬁcant advantages over competitors.
IT system interoperability also impacts the assurance of proper corporate governance because with
isolated IT systems it is difficult to provide sufficient monitoring and control points. Demonstrating
conformance to regulations is costly or even impossible with legacy applications. Quarterly reporting
can require multiple person-months of effort simply to gather the required data from all necessary
systems. Improving governance and transparency of corporate processes requires integrating IT systems
into common control and reporting systems.
Isolated corporate information systems hinder automation efforts. For example, improving automation
between departments or with business partners frequently involves interoperability between internal
and external IT systems, which may require a long and costly IT project. The need to integrate data from
numerous sources is increasingly common, yet current IT systems often inhibit progress in making
business processes more efficient. The cost of inefficiency starts with reduced earnings and, if not
corrected, leads to an inability to compete with more economical competitors.
Increasing business process automation with partner organizations presents additional IT system
interoperability difficulties. Common problems include bridging independent IT domains that have
different security and identity management policies, protecting the privacy of data belonging to each
organization, and providing sufﬁcient control and monitoring to ensure and demonstrate that each
organization remains compliant with applicable regulations.
For many businesses, the challenge of providing a corporate-wide compliance infrastructure for IT
system interoperability is expensive and can take years to complete. The increasing costs of enterprise
application integration (EAI) are largely due to multi-vendor application environments with different
message and data formats. Also, corporations who grew through merger or acquisition typically have
widely distributed data centers and many IT system incompatibilities.
Example: The problem with IT system silos
The CEO of Average Business Corporation (ABC) knows that ABC must automate their business processes
with their suppliers to drive efﬁciency and increase visibility into their supply chain. It won’t be easy
or cheap. ABC’s top suppliers use different IT systems, so each partner integration effort is a separate
project, requiring custom software. In addition, the CEO’s efforts to improve automation have shown
disappointing results. Although ABC is committed to continuous corporate improvement, previous
application integration projects have been costly and required a lengthy implementation.
The CIO is concerned with their ability to meet corporate governance requirements and demonstrate
compliance with government regulations, especially once more of their workﬂow is online. Ideally he
wants to track all potential process issues through their IT systems (ERP, CRM and ﬁnancial) daily, but
it can’t be done economically. The multi-week data gathering process for quarterly reports is already
expensive, so reacting to issues every few months is the most they can afford with the systems they have.
Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation 3
Figure 1 Illustrates ABC’s problems in their data center
Web Services and SOA to the Rescue?
Web services can help organizations struggling to automate their business processes. Web services
technologies deﬁne a new application architecture — a services-oriented architecture — including a
services layer that provides the IT system interoperability required to automate, or place human workﬂow
online, within an organization or among business partners. The potential beneﬁts of web services in
business information systems do not stop at the enterprise edge. Web services can extend the reach
of IT systems beyond the enterprise boundaries to customers and business partners.
SOA: The vision
Figure 2 shows the traditional corporate-wide IT system architecture for a web services and SOA
architecture model. Today, corporate applications and databases are viewed as a single service layer
from which a set of services are exposed. Each service supports a portion of human workflow and
services are defined as needed. Services are combined to match the human or machine workflow
required in a process called orchestration. As human workﬂow needs change, new services are deﬁned
and combined in different ways. This creates new online human workﬂows that efﬁciently automate
Figure 2 Traditional Web Services Deployment Model
6 Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation
As in the World Wide Web (Web) world, “web services” refers to a set of technologies that allow
seamless communication between IT systems. Where standardized web browsers and web servers
facilitate person-to-machine communication, web services extend the idea of “standardized middleware”
to all machine-to-machine communications. “Loose coupling” of IT systems means applications on
different servers can be made to interoperate without requiring a static, inﬂexible interface between
them. IT systems using different technologies interoperate using standard web services protocols:
WSDL for interface description and SOAP for message transport.
An SOA enables a set of loosely coupled applications to interoperate using a web services publish,
ﬁnd, bind model. In an SOA, integrating IT systems is a standardized procedure that reduces the need
for customized software and drastically decreases integration time. Services are updated independently,
effectively reducing life cycle costs. SOAs simultaneously provide ﬂexible and efﬁcient business systems
that can better support human workﬂow because new services with multiple back-end services are
possible. You can expect rapid and cost-effective interoperability of IT systems with business partners.
And business processes become more automated as inefﬁciencies are removed from internal systems
and throughout the supply chain.
From a technical standpoint, IT systems providing web service interfaces are “evolution-friendly”
because they are self-describing. Changes in a service do not require all client applications to support
the new functionality — only the service descriptions need be updated. This loose coupling of applications
based on service definitions allows sharing and reuse of common services, avoiding duplication of
data and software. Forrester forewarns enterprises that “whether or not you have a strategy for service
oriented architecture, SOA is inevitable.”5
Example: Application integration with web services
Average Business Corporation (ABC) decided to implement an SOA to improve automation, ensure
proper corporate governance, and drive efﬁciencies. From a functionality perspective, the project was
successful, making the CEO happy. Web services interfaces to ERP and CRM applications increased
interoperability and enabled powerful composite services for online processes, for customer-facing
services and for process automation with business partners. IT systems now interoperate with supplier
systems, creating a partner extranet that increased ABC’s corporate agility. Automation efforts have
been more successful. Responses to supplier shortages and quality issues have dramatically improved
and have positively affected corporate earning opportunities.
Unfortunately, ABC’s CIO is not as pleased as the CEO. Several required components that supported
the SOA architecture increased information system complexity and corporate governance required
integrating several IT systems into a common control and reporting system. IT system interaction is
depicted in Figure 3.
“The Enterprise Architecture of SOA,” Forrester Research, February 2006
Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation 5
Figure 3 Application Integration with Web
The additional complexity in ABC’s data center challenged staff, because the new interconnections
make monitoring application performance and troubleshooting more difficult. Also, the company’s
security compliance ofﬁce asked for a review of all IT systems runtime security mechanisms, because
there is concern that the partner extranet will open security holes and make it difficult to show
compliance with new regulations.
Web Services — The Reality
Unfortunately, the interoperability promise of web services is largely unrealized because while they
deliver efﬁcient automated workﬂows, governance is lost. Exposing a services layer defeats the built-in
security of each IT system and there is no standardized security replacement method. Fortunately, an
emerging alternative model of an SOA infrastructure delivers web services using a network-embedded
SOA backbone. This approach is unique, with application-independent advantages. Minimal modiﬁcations
are required to legacy applications and there is no need to modify web services-aware applications
— providing a corporate-wide compliance infrastructure and driving significant cost reductions for
Challenges deploying a traditional SOA infrastructure
Typically, web service deployments encounter high custom software development costs to provide
the required governance and maintain application-level compliance. In effect, there is a compliance gap
in the traditional SOA model shown in Figure 4. The current method for deploying an SOA infrastructure
that closes the compliance gap involves installing selected SOA components on application servers
in the data center along with existing information systems. The component assembly and management
needed to close the compliance gap can be a lengthy process that requires a large investment
of resources and very specialized skills.
6 Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation
Figure 4 Governance Is Lost Due to the Compliance Gap
Today, the vendor market for SOA components is fragmented, so corporations must independently
source the SOA infrastructure components required to deploy web services. Thus, corporations are
challenged with integrating the components for web services registry, identity management, policy
management and security as an internal development project. Modifying legacy IT systems to be fully
web services-compliant can add signiﬁcant cost and take considerable time.
Information system vendors are adding web services interfaces to new versions of their applications,
but many interoperability issues remain. Web services interfaces are an important ﬁrst step that allows
previously disconnected systems to interoperate. However, applications still use many different message
and document formats and, although transformations are standardized, supporting all security and
data transformations adds complexity to application deployment.
When extending web services to partners, more challenges exist for an SOA infrastructure deployed
on application servers. IT systems deployed on partner sites use diverse security mechanisms and cannot
share user identity information freely, requiring translation of security tokens for users. Placing the
burden of security token translation on each IT system is costly and inefﬁcient. Data privacy is difﬁcult
or even impossible to enforce because each information system may not know whether the user is
external to the corporation. Web services are open to XML-specific denial of service (XDoS) attacks
and protecting IT systems at each application server is an ineffective strategy. Gartner estimates that
“Web services will reopen 70 percent of the attack paths against Internet-connected applications, which
were closed by network ﬁrewalls in the 1990s.”6
When SOA infrastructure components are deployed on application servers, additional resource challenges
arise. The migration to a web services model to achieve application interoperability by loosely coupling
IT systems necessitates additional messaging in the form of SOAP headers and XML messages, and
additional processing for managing these messages. This additional overhead consumes network
bandwidth and can result in signiﬁcant new requirements for application server hardware.
“Harnessing the Power of Web Services and Middleware,” Gartner, June 2003
Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation 7
Web services using a network-embedded SOA backbone
An alternative model for SOA deployment that includes a network-embedded SOA backbone is now
emerging. It provides the required security and ensures application-level compliance, as shown in
Figure 5. When the SOA infrastructure is deployed using a network-embedded SOA backbone, enter-
prises beneﬁt because the backbone provides a corporate-wide compliance infrastructure. The value
proposition of an SOA backbone includes:
Regulatory compliance – An SOA backbone provides a single monitoring, control and consolidated
reporting point. This is central to business process automation, and the ability to enforce conformance
and demonstrate data privacy and network security regulation compliance.
Application independence – Network-embedded SOA deployment provides service mediation,
or the message translations required for IT systems to interoperate, to be performed according to
policies set within the network, not by the IT systems themselves. This application-independent
deﬁnition of translations removes the reliance on application vendor implementations.
Minimal IT system modification – The business logic required to adapt message format and
content is provided by the network, not the application. Web services messages can be adapted
within the network to achieve application interoperability. As new interoperability requirements
arise, such as those of a merger, acquisition, or new partner integration, there is no modiﬁcation
required to IT systems, only the deﬁnition of new policies for message translation.
Extension of web services to partners – An SOA backbone provides many advantages. Security
token translation at the demarcation point between the partners’ networks provides a single
enforcement point for security policy, and enforces data privacy where data leaves the security
domain. This drives efﬁciencies and can reduce costs. In addition, denial of service attacks targeted
at corporate web services are defended at the network edge, the only secure place to deal with
Figure 5 Network Embedded SOA Backbone
8 Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation
Alcatel-Lucent Web Services Portfolio
Deployment of the Alcatel-Lucent Web Services portfolio enables security (runtime policy enforcement
and audit trail) that meets corporate governance obligations in support of effective business process
automation. The Alcatel-Lucent Web Services portfolio protects sensitive corporate data, such as patient
or financial records, from misuse. This includes runtime control of who can see the data, who can
change it, and provides a compliance audit trail of who has seen or changed the data. With the Web
Services product portfolio, sensitive data is secure from misuse and is always available when and where
it is needed within an organization or when the data is being shared externally.
The Web Services product portfolio is a critical component for any organization needing to secure
existing online processes or migrating additional business process online using web services deployed
on an SOA.
The Alcatel-Lucent Web Services portfolio employs unique session-based runtime message inspection
technology to provide proper corporate governance. Consolidated audit trails demonstrate regulatory
compliance and runtime policy enforcement ensures conformance. The portfolio enables highly automated
partner ecosystems while ensuring corporate data privacy. It also is highly effective for creating managed
partner extranets, without compromising traceability because of its unique identity interoperability
technology that enables runtime user authentication among partners. The patent-pending runtime
message inspection technology provides a network-embedded SOA backbone that provides IT system
interoperability for corporate-wide security and regulatory compliance.
The key product in the Web Services portfolio is the Alcatel-Lucent 8550 Web Services Gateway. The
Web Services portfolio and SOA backbone are shown in Figure 6.
Figure 6 Alcatel-Lucent’s Web Service Portfolio
Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation 9
The Web Services portfolio uses an open standards approach to provide complete functionality of a
full-service SOA backbone, ensuring application-level compliance and enabling scalable business
process automation as follows:
Security and Governance
• Ensures compliance with corporate governance policy and government information privacy legislation
• Key features: Stateful run time policy enforcement and user centric audit trails
Secure Online B2B
• Enhanced security through single point of control to enable secure automated workﬂow among
• Key features: Service virtualization, data protection (encryption and digital signatures), and user mobility
Identity Translation and Federation
• Consistent enterprise wide enforcement of policy per credentialed user
• Key features: Single digital Identity, and identity interoperability
• Enables scalable and reliable e-use of existing IT systems
• Key features: Application interoperability, reliable messaging
Threat Protection and XML Firewall
• Protects from deliberate attacks and malicious XML messages
• Key features: XML message validation and control, and DoS
• Easily managed appliance integrating with existing management platforms
• Key features: Fault, conﬁguration and change management.
Secure Hardware Accelerated Appliance
• Hardened appliance for scalability, reliability and compliance with security standards
• Key features: High availability, hardware accelerated XML and SSL.
Unique value proposition
Alcatel-Lucent Web Services provide a unique ability to install a single corporate-wide, network-embedded
SOA backbone that provides the interoperability between business-critical corporate information systems
required for effective automation. This application-independent infrastructure ensures proper corporate
governance and signiﬁcantly reduces the TCO of IT systems. The Web Services portfolio controls and
monitors all activity initiated by validated users, allowing consolidated audit trails, translation for
message and document formats, web services life cycle management, including the staged rollout of
web services and rollback to previous versions in the event of unexpected behavior, and web services
performance monitoring to ensure corporate requirements are met. End users have seamless access
to web services from any partner site, partner institutions are securely identiﬁed and user identities
are accepted between different partners.
10 Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation
The Alcatel-Lucent Web Services portfolio provides unique value:
• Enables proper corporate governance
¬ Protects online corporate information from misuse
¬ Ensures corporate-wide conformance to policy enforced at run time
¬ Enables cost-effective demonstration of compliance via consolidated audit trail
¬ Enhances security with consolidated and consistent policy per user
• Enables managed partner extranet
¬ Improves security through single point of control and audit for partner access
¬ Protects privacy of digital identities and corporate information
¬ Enhances productivity with seamless access to applications among partner sites
• Enables information system interoperability
¬ Increases level of corporate business process automation
¬ Reduces TCO for corporate information systems
Example – Alcatel-Lucent Web Services portfolio deployment
With the deployment of the Alcatel-Lucent Web Services portfolio in the data center and in the DMZ,
as shown in Figure 7, ABC’s CIO is now pleased with the added functionality and cost reductions in
operational overhead. With a single, integrated, network-embedded SOA backbone providing monitoring,
control and consolidated reporting, many staff-hours are saved every week. In addition, partner
security issues are solved. This network-based solution offloads application server processing and
resolves network congestion problems, resulting in greatly improved application response times.
Figure 7 Alcatel-Lucent Network-Embedded SOA Backbone
Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation 11
Alcatel-Lucent’s Web Services portfolio allows controlled access to sensitive information across multiple
applications and implementation of stateful runtime access policies organization-wide. The portfolio
supports and secures automated business processes while ensuring regulatory compliance, protecting
sensitive corporate data from misuse and ensuring data is available when and where it is needed. It
enables corporate-wide interoperability among business-critical internal information systems and external
partner networks providing a corporate wide compliance infrastructure reducing costs and risk.
Speciﬁcally, the portfolio provides the following beneﬁts:
• Provides a highly ﬂexible corporate wide compliance infrastructure to manage and secure on line
business transactions and automate processes between companies
• Provides secure access to sensitive information for suppliers, customers, healthcare practitioners,
ﬁrst responders, and others
• Ensures compliant access to personal information and demonstrate compliance with consolidated
audit trails to meet a range of information privacy legislation.
• Provides a new network architecture which enables the business value of service oriented architecture
with reduced risk and cost
• Enables a single identity for organization wide consistent compliance
• Secures business transformation to participate in new virtual markets
The Alcatel-Lucent Web Services product portfolio is ideal for industries with an immediate business-critical
need to protect end user privacy.
Now is the time to deploy a network-embedded SOA infrastructure to support your business process
automation projects. Contact your Alcatel-Lucent sales representative to find out more about the
OmniAccess 8550 Web Services Gateway and our comprehensive enterprise network solutions for
voice and data applications. With operations in more than 130 countries, Alcatel-Lucent is your local
partner with a global reach. Or visit our website at: www.alcatel-lucent.com
13 Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation
Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation 15