ster_Marcom_Collateral_Template

282 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
282
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

ster_Marcom_Collateral_Template

  1. 1. T E C H N O L O G Y W H I T E P A P E R Accelerating Information System Interoperability for Secured Business Processes Automation Faced with increased information privacy legislation, organizations must secure their online, automated business processes with partners to meet corporate governance obligations. They are challenged to achieve these goals because their information systems, such as HR, ERP, CRM, finance, and sales were not designed to provide the secure interoperability required for automating business processes. An emerging alternative model for services-oriented architecture (SOA) deployment includes a network-embedded SOA backbone that pro- vides IT system interoperability for corporate-wide security and regula- tory compliance. This network-based approach provides significant advantages because it is application–independent, needing no modification to web services-aware applications, and reduces the TCO for IT systems.
  2. 2. Table of Contents 1 Executive Summary 2 Introduction 3 IT System Interoperability — The Promise and Challenge 3 Example: The problem with IT system silos 4 Web Services and SOA to the Rescue? 4 SOA: The vision 5 Technical background 5 Example: Application integration with web services 6 Web Services — The Reality 6 Challenges deploying a traditional SOA infrastructure 8 Web services using a network-embedded SOA backbone 9 Alcatel-Lucent Web Services Portfolio 10 Key functionality 10 Unique value proposition 13 Conclusion 2 Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation
  3. 3. Executive Summary In today’s increasingly competitive and fast-moving business environment, migrating business processes online and automating business process with partners while upholding proper corporate governance are top issues for business executives. Responding quickly to the changing needs of customers and automating workflow with business partners are vital for growth. While many businesses recognize these needs, increased automation, good corporate governance and agility are challenging because their information systems for human resources (HR), enterprise resource management (ERP), customer relationship management (CRM), finance, and sales do not interoperate — each IT system has its own built-in security perimeter. Automating business processes with partner organizations is also a priority and presents additional interoperability difficulties due to the explicit security perimeter between partner organizations. In effect, corporate information systems fall short of their interoperability requirements. Web services technologies offer a new application architecture for enterprises struggling to automate business processes — a services-oriented architecture (SOA). It includes a services layer that provides the IT system interoperability required to place human workflow online, and automate business processes with partners. Even though these web services deliver efficient automated workflows, governance is lost. The exposure of a services layer defeats the built-in security of each IT system and there is no standardized method that replaces this security function to ensure compliance with information privacy regulations. Thus web service deployments to date encounter high custom software development costs to provide the required governance and maintain compliance. An alternative model for SOA deployment is emerging that includes a network-embedded SOA backbone and provides a corporate-wide compliance infrastructure. This model provides the required information security and reduces custom development and required implementation resources. The advantageous network-based approach is application-independent and needs no modification to web services-aware applications. It drives efficiencies and reduces the total cost of ownership (TCO) for IT systems. The Alcatel-Lucent Web Services portfolio offers unique product options for the data center and the DMZ for organizations striving to increase business process automation while ensuring proper corporate governance. The Alcatel-Lucent portfolio creates a corporate-wide network-embedded SOA backbone that provides IT system interoperability for the corporate-wide security and regulatory compliance required for effective and secure automation. Now is the time to deploy an SOA infrastructure in support of business process automation projects. Recent surveys reveal that more than 70 percent of large North American corporations are already using SOAs. Over one billion web services based interfaces are estimated to be in use. There are many documented cases where legacy systems and new applications were successfully interoperated using a web services model with significant cost savings. Industry standards have reached the maturity level needed to support wide adoption. Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation 1 3
  4. 4. Introduction Faced with increased information privacy legislation, organizations must secure their online, automated business processes with partners to meet corporate governance obligations. They are challenged to achieve these goals because their information systems such as HR, ERP, CRM, finance, and sales do not interoperate. IT must provide greater support for secure online workflow. New technologies are emerging that “have the potential to revolutionize the way companies do business: faster service deployment, increased automation, shorter time-to-revenue and lower TCO.”1 Across all IT projects, information system integration for interoperability typically accounts for 35 percent to 40 percent of the total cost of custom software development and maintenance.2 Information system integration requirements, and difficulties, also arise from the need to increase automation of business-to-business (B2B) processes: 66 percent of enterprises report an urgent need to improve electronic communication with partners. “Enterprises need to extend and improve partner access and offer anytime, anywhere access [to applications] securely and cost effectively to stay competitive.”3 SOAs based on XML and web services technologies offer a compelling option for enterprises struggling to integrate information systems to automate workflow. “Web services are redefining and transforming the way every company thinks about its IT systems and business.”4 Web services technologies define a new application architecture that includes a services layer and standardized interfaces for IT systems, which provide the cost-effective IT system interoperability required to place human workflow online, and to automate business processes with partners. The current method for deploying an SOA infrastructure delivers efficient automated workflows, but requires significant custom development to ensure proper governance and compliance with information privacy regulation. Unfortunately, the exposure of the services layer defeats the built-in security of each IT system and there is no standardized and corporate-wide method for replacing this security function. Thus web service deployments have encountered high custom software development costs to maintain compliance and provide the required governance. An important first step in enabling information systems to interoperate is the addition of standardized interfaces, because IT systems use many different messages and document formats. Supporting all necessary transformations on all IT systems adds complexity and costs to IT system interoperability projects. Until now, the security concerns and scaling complexity has left the promise of web services unrealized. The component assembly and management needed to overcome these issues require a large investment of resources, very specialized skills, and can entail a lengthy process. Fortunately, an emerging alternative model for deployment of an SOA provides the required security and ensures application-level compliance. This new model delivers SOA through a network-embedded backbone that provides a corporate-wide compliance infrastructure. This advantageous, network-embedded approach is application-independent, requiring no modification to web services-aware IT systems, and minimal modification to legacy systems. This paper presents: • The benefits of application interoperability for enterprises • The difficulty with web services as an answer to the IT system interoperability problem • The benefits of web services deployed using a network-embedded SOA backbone • The Alcatel-Lucent Web Services portfolio, including its unique functionality 1 “Despite Technology Challenges, Service-Oriented Architecture Has the Potential to Transform How Companies Do Business,” Yankee Group, November 2005 2 “Harnessing the Power of Web Services and Middleware,” Gartner, June 2003 3 “B2B Gateways Are Securing the Edge of the Enterprise,” Yankee Group, October 2004 4 “Web Services Markets: Market Strategies, Opportunities and Forecasts 2002-2007,” Wintergreen Research, 2002 2 4 Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation
  5. 5. IT System Interoperability — The Promise and Challenge Organizations need increased IT system interoperability to obtain the agility and security required to automate and remain competitive in today’s business environment. Poor information system agility due to a lack of interoperability often means a sluggish response to market forces with lost revenue opportunities as a consequence. For example, delays in integrating new suppliers into existing systems lower production capacity while billing problems from a new product or service can quickly lead to lost customers. Integrating IT systems with customer and partner B2B extranets drives efficiencies in the supply chain, expands e-commerce and creates opportunities for outsourcing non-core business processes — providing significant advantages over competitors. IT system interoperability also impacts the assurance of proper corporate governance because with isolated IT systems it is difficult to provide sufficient monitoring and control points. Demonstrating conformance to regulations is costly or even impossible with legacy applications. Quarterly reporting can require multiple person-months of effort simply to gather the required data from all necessary systems. Improving governance and transparency of corporate processes requires integrating IT systems into common control and reporting systems. Isolated corporate information systems hinder automation efforts. For example, improving automation between departments or with business partners frequently involves interoperability between internal and external IT systems, which may require a long and costly IT project. The need to integrate data from numerous sources is increasingly common, yet current IT systems often inhibit progress in making business processes more efficient. The cost of inefficiency starts with reduced earnings and, if not corrected, leads to an inability to compete with more economical competitors. Increasing business process automation with partner organizations presents additional IT system interoperability difficulties. Common problems include bridging independent IT domains that have different security and identity management policies, protecting the privacy of data belonging to each organization, and providing sufficient control and monitoring to ensure and demonstrate that each organization remains compliant with applicable regulations. For many businesses, the challenge of providing a corporate-wide compliance infrastructure for IT system interoperability is expensive and can take years to complete. The increasing costs of enterprise application integration (EAI) are largely due to multi-vendor application environments with different message and data formats. Also, corporations who grew through merger or acquisition typically have widely distributed data centers and many IT system incompatibilities. Example: The problem with IT system silos The CEO of Average Business Corporation (ABC) knows that ABC must automate their business processes with their suppliers to drive efficiency and increase visibility into their supply chain. It won’t be easy or cheap. ABC’s top suppliers use different IT systems, so each partner integration effort is a separate project, requiring custom software. In addition, the CEO’s efforts to improve automation have shown disappointing results. Although ABC is committed to continuous corporate improvement, previous application integration projects have been costly and required a lengthy implementation. The CIO is concerned with their ability to meet corporate governance requirements and demonstrate compliance with government regulations, especially once more of their workflow is online. Ideally he wants to track all potential process issues through their IT systems (ERP, CRM and financial) daily, but it can’t be done economically. The multi-week data gathering process for quarterly reports is already expensive, so reacting to issues every few months is the most they can afford with the systems they have. Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation 3 5
  6. 6. Figure 1 Illustrates ABC’s problems in their data center Web Services and SOA to the Rescue? Web services can help organizations struggling to automate their business processes. Web services technologies define a new application architecture — a services-oriented architecture — including a services layer that provides the IT system interoperability required to automate, or place human workflow online, within an organization or among business partners. The potential benefits of web services in business information systems do not stop at the enterprise edge. Web services can extend the reach of IT systems beyond the enterprise boundaries to customers and business partners. SOA: The vision Figure 2 shows the traditional corporate-wide IT system architecture for a web services and SOA architecture model. Today, corporate applications and databases are viewed as a single service layer from which a set of services are exposed. Each service supports a portion of human workflow and services are defined as needed. Services are combined to match the human or machine workflow required in a process called orchestration. As human workflow needs change, new services are defined and combined in different ways. This creates new online human workflows that efficiently automate business processes. Figure 2 Traditional Web Services Deployment Model 4 6 Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation
  7. 7. Technical background As in the World Wide Web (Web) world, “web services” refers to a set of technologies that allow seamless communication between IT systems. Where standardized web browsers and web servers facilitate person-to-machine communication, web services extend the idea of “standardized middleware” to all machine-to-machine communications. “Loose coupling” of IT systems means applications on different servers can be made to interoperate without requiring a static, inflexible interface between them. IT systems using different technologies interoperate using standard web services protocols: WSDL for interface description and SOAP for message transport. An SOA enables a set of loosely coupled applications to interoperate using a web services publish, find, bind model. In an SOA, integrating IT systems is a standardized procedure that reduces the need for customized software and drastically decreases integration time. Services are updated independently, effectively reducing life cycle costs. SOAs simultaneously provide flexible and efficient business systems that can better support human workflow because new services with multiple back-end services are possible. You can expect rapid and cost-effective interoperability of IT systems with business partners. And business processes become more automated as inefficiencies are removed from internal systems and throughout the supply chain. From a technical standpoint, IT systems providing web service interfaces are “evolution-friendly” because they are self-describing. Changes in a service do not require all client applications to support the new functionality — only the service descriptions need be updated. This loose coupling of applications based on service definitions allows sharing and reuse of common services, avoiding duplication of data and software. Forrester forewarns enterprises that “whether or not you have a strategy for service oriented architecture, SOA is inevitable.”5 Example: Application integration with web services Average Business Corporation (ABC) decided to implement an SOA to improve automation, ensure proper corporate governance, and drive efficiencies. From a functionality perspective, the project was successful, making the CEO happy. Web services interfaces to ERP and CRM applications increased interoperability and enabled powerful composite services for online processes, for customer-facing services and for process automation with business partners. IT systems now interoperate with supplier systems, creating a partner extranet that increased ABC’s corporate agility. Automation efforts have been more successful. Responses to supplier shortages and quality issues have dramatically improved and have positively affected corporate earning opportunities. Unfortunately, ABC’s CIO is not as pleased as the CEO. Several required components that supported the SOA architecture increased information system complexity and corporate governance required integrating several IT systems into a common control and reporting system. IT system interaction is depicted in Figure 3. 5 “The Enterprise Architecture of SOA,” Forrester Research, February 2006 Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation 5
  8. 8. Figure 3 Application Integration with Web The additional complexity in ABC’s data center challenged staff, because the new interconnections make monitoring application performance and troubleshooting more difficult. Also, the company’s security compliance office asked for a review of all IT systems runtime security mechanisms, because there is concern that the partner extranet will open security holes and make it difficult to show compliance with new regulations. Web Services — The Reality Unfortunately, the interoperability promise of web services is largely unrealized because while they deliver efficient automated workflows, governance is lost. Exposing a services layer defeats the built-in security of each IT system and there is no standardized security replacement method. Fortunately, an emerging alternative model of an SOA infrastructure delivers web services using a network-embedded SOA backbone. This approach is unique, with application-independent advantages. Minimal modifications are required to legacy applications and there is no need to modify web services-aware applications — providing a corporate-wide compliance infrastructure and driving significant cost reductions for SOA projects. Challenges deploying a traditional SOA infrastructure Typically, web service deployments encounter high custom software development costs to provide the required governance and maintain application-level compliance. In effect, there is a compliance gap in the traditional SOA model shown in Figure 4. The current method for deploying an SOA infrastructure that closes the compliance gap involves installing selected SOA components on application servers in the data center along with existing information systems. The component assembly and management needed to close the compliance gap can be a lengthy process that requires a large investment of resources and very specialized skills. 6 Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation
  9. 9. Figure 4 Governance Is Lost Due to the Compliance Gap Today, the vendor market for SOA components is fragmented, so corporations must independently source the SOA infrastructure components required to deploy web services. Thus, corporations are challenged with integrating the components for web services registry, identity management, policy management and security as an internal development project. Modifying legacy IT systems to be fully web services-compliant can add significant cost and take considerable time. Information system vendors are adding web services interfaces to new versions of their applications, but many interoperability issues remain. Web services interfaces are an important first step that allows previously disconnected systems to interoperate. However, applications still use many different message and document formats and, although transformations are standardized, supporting all security and data transformations adds complexity to application deployment. When extending web services to partners, more challenges exist for an SOA infrastructure deployed on application servers. IT systems deployed on partner sites use diverse security mechanisms and cannot share user identity information freely, requiring translation of security tokens for users. Placing the burden of security token translation on each IT system is costly and inefficient. Data privacy is difficult or even impossible to enforce because each information system may not know whether the user is external to the corporation. Web services are open to XML-specific denial of service (XDoS) attacks and protecting IT systems at each application server is an ineffective strategy. Gartner estimates that “Web services will reopen 70 percent of the attack paths against Internet-connected applications, which were closed by network firewalls in the 1990s.”6 When SOA infrastructure components are deployed on application servers, additional resource challenges arise. The migration to a web services model to achieve application interoperability by loosely coupling IT systems necessitates additional messaging in the form of SOAP headers and XML messages, and additional processing for managing these messages. This additional overhead consumes network bandwidth and can result in significant new requirements for application server hardware. 6 “Harnessing the Power of Web Services and Middleware,” Gartner, June 2003 Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation 7
  10. 10. Web services using a network-embedded SOA backbone An alternative model for SOA deployment that includes a network-embedded SOA backbone is now emerging. It provides the required security and ensures application-level compliance, as shown in Figure 5. When the SOA infrastructure is deployed using a network-embedded SOA backbone, enter- prises benefit because the backbone provides a corporate-wide compliance infrastructure. The value proposition of an SOA backbone includes: Regulatory compliance – An SOA backbone provides a single monitoring, control and consolidated reporting point. This is central to business process automation, and the ability to enforce conformance and demonstrate data privacy and network security regulation compliance. Application independence – Network-embedded SOA deployment provides service mediation, or the message translations required for IT systems to interoperate, to be performed according to policies set within the network, not by the IT systems themselves. This application-independent definition of translations removes the reliance on application vendor implementations. Minimal IT system modification – The business logic required to adapt message format and content is provided by the network, not the application. Web services messages can be adapted within the network to achieve application interoperability. As new interoperability requirements arise, such as those of a merger, acquisition, or new partner integration, there is no modification required to IT systems, only the definition of new policies for message translation. Extension of web services to partners – An SOA backbone provides many advantages. Security token translation at the demarcation point between the partners’ networks provides a single enforcement point for security policy, and enforces data privacy where data leaves the security domain. This drives efficiencies and can reduce costs. In addition, denial of service attacks targeted at corporate web services are defended at the network edge, the only secure place to deal with this issue. Figure 5 Network Embedded SOA Backbone 8 Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation
  11. 11. Alcatel-Lucent Web Services Portfolio Deployment of the Alcatel-Lucent Web Services portfolio enables security (runtime policy enforcement and audit trail) that meets corporate governance obligations in support of effective business process automation. The Alcatel-Lucent Web Services portfolio protects sensitive corporate data, such as patient or financial records, from misuse. This includes runtime control of who can see the data, who can change it, and provides a compliance audit trail of who has seen or changed the data. With the Web Services product portfolio, sensitive data is secure from misuse and is always available when and where it is needed within an organization or when the data is being shared externally. The Web Services product portfolio is a critical component for any organization needing to secure existing online processes or migrating additional business process online using web services deployed on an SOA. The Alcatel-Lucent Web Services portfolio employs unique session-based runtime message inspection technology to provide proper corporate governance. Consolidated audit trails demonstrate regulatory compliance and runtime policy enforcement ensures conformance. The portfolio enables highly automated partner ecosystems while ensuring corporate data privacy. It also is highly effective for creating managed partner extranets, without compromising traceability because of its unique identity interoperability technology that enables runtime user authentication among partners. The patent-pending runtime message inspection technology provides a network-embedded SOA backbone that provides IT system interoperability for corporate-wide security and regulatory compliance. The key product in the Web Services portfolio is the Alcatel-Lucent 8550 Web Services Gateway. The Web Services portfolio and SOA backbone are shown in Figure 6. Figure 6 Alcatel-Lucent’s Web Service Portfolio Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation 9
  12. 12. Key functionality The Web Services portfolio uses an open standards approach to provide complete functionality of a full-service SOA backbone, ensuring application-level compliance and enabling scalable business process automation as follows: Security and Governance • Ensures compliance with corporate governance policy and government information privacy legislation • Key features: Stateful run time policy enforcement and user centric audit trails Secure Online B2B • Enhanced security through single point of control to enable secure automated workflow among business partners • Key features: Service virtualization, data protection (encryption and digital signatures), and user mobility Identity Translation and Federation • Consistent enterprise wide enforcement of policy per credentialed user • Key features: Single digital Identity, and identity interoperability Corporate Agility • Enables scalable and reliable e-use of existing IT systems • Key features: Application interoperability, reliable messaging Threat Protection and XML Firewall • Protects from deliberate attacks and malicious XML messages • Key features: XML message validation and control, and DoS Management • Easily managed appliance integrating with existing management platforms • Key features: Fault, configuration and change management. Secure Hardware Accelerated Appliance • Hardened appliance for scalability, reliability and compliance with security standards • Key features: High availability, hardware accelerated XML and SSL. Unique value proposition Alcatel-Lucent Web Services provide a unique ability to install a single corporate-wide, network-embedded SOA backbone that provides the interoperability between business-critical corporate information systems required for effective automation. This application-independent infrastructure ensures proper corporate governance and significantly reduces the TCO of IT systems. The Web Services portfolio controls and monitors all activity initiated by validated users, allowing consolidated audit trails, translation for message and document formats, web services life cycle management, including the staged rollout of web services and rollback to previous versions in the event of unexpected behavior, and web services performance monitoring to ensure corporate requirements are met. End users have seamless access to web services from any partner site, partner institutions are securely identified and user identities are accepted between different partners. 10 Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation
  13. 13. The Alcatel-Lucent Web Services portfolio provides unique value: • Enables proper corporate governance ¬ Protects online corporate information from misuse ¬ Ensures corporate-wide conformance to policy enforced at run time ¬ Enables cost-effective demonstration of compliance via consolidated audit trail ¬ Enhances security with consolidated and consistent policy per user • Enables managed partner extranet ¬ Improves security through single point of control and audit for partner access ¬ Protects privacy of digital identities and corporate information ¬ Enhances productivity with seamless access to applications among partner sites • Enables information system interoperability ¬ Increases level of corporate business process automation ¬ Reduces TCO for corporate information systems Example – Alcatel-Lucent Web Services portfolio deployment With the deployment of the Alcatel-Lucent Web Services portfolio in the data center and in the DMZ, as shown in Figure 7, ABC’s CIO is now pleased with the added functionality and cost reductions in operational overhead. With a single, integrated, network-embedded SOA backbone providing monitoring, control and consolidated reporting, many staff-hours are saved every week. In addition, partner security issues are solved. This network-based solution offloads application server processing and resolves network congestion problems, resulting in greatly improved application response times. Figure 7 Alcatel-Lucent Network-Embedded SOA Backbone Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation 11
  14. 14. Conclusion Alcatel-Lucent’s Web Services portfolio allows controlled access to sensitive information across multiple applications and implementation of stateful runtime access policies organization-wide. The portfolio supports and secures automated business processes while ensuring regulatory compliance, protecting sensitive corporate data from misuse and ensuring data is available when and where it is needed. It enables corporate-wide interoperability among business-critical internal information systems and external partner networks providing a corporate wide compliance infrastructure reducing costs and risk. Specifically, the portfolio provides the following benefits: • Provides a highly flexible corporate wide compliance infrastructure to manage and secure on line business transactions and automate processes between companies • Provides secure access to sensitive information for suppliers, customers, healthcare practitioners, first responders, and others • Ensures compliant access to personal information and demonstrate compliance with consolidated audit trails to meet a range of information privacy legislation. • Provides a new network architecture which enables the business value of service oriented architecture with reduced risk and cost • Enables a single identity for organization wide consistent compliance • Secures business transformation to participate in new virtual markets The Alcatel-Lucent Web Services product portfolio is ideal for industries with an immediate business-critical need to protect end user privacy. Now is the time to deploy a network-embedded SOA infrastructure to support your business process automation projects. Contact your Alcatel-Lucent sales representative to find out more about the OmniAccess 8550 Web Services Gateway and our comprehensive enterprise network solutions for voice and data applications. With operations in more than 130 countries, Alcatel-Lucent is your local partner with a global reach. Or visit our website at: www.alcatel-lucent.com 13 Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation
  15. 15. Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation 15
  16. 16. www.alcatel-lucent.com Alcatel, Lucent, Alcatel-Lucent and Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners. The information presented is subject to change without notice. Alcatel-Lucent assumes no responsibility for inaccuracies contained herein. © 2008 Alcatel-Lucent. All rights reserved. 031968-00 Rev C 5/08 16 Alcatel-Lucent | Accelerating Information System Interoperability for Secured Business Processes Automation

×