• Share
  • Email
  • Embed
  • Like
  • Private Content
Coordinating Design Time and Runtime Service Governance
 

Coordinating Design Time and Runtime Service Governance

on

  • 1,417 views

Layer 7 and HP presentation from HP Pavilion: Coordinating SOA designtime and runtime service governance. ...

Layer 7 and HP presentation from HP Pavilion: Coordinating SOA designtime and runtime service governance.
Learn More from Layer 7:http://www.layer7tech.com/tutorials/uddi-integration-using-hp-systinet

www.facebook/layer7

Statistics

Views

Total Views
1,417
Views on SlideShare
1,316
Embed Views
101

Actions

Likes
0
Downloads
19
Comments
0

3 Embeds 101

http://www.layer7tech.com 95
http://www.linkedin.com 5
http://translate.googleusercontent.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • There is a lot of overlap between service governance and security governanceOur Enterprise it assets, services are increasingly distributed over various deployment zones, as a result, security is at the forefront of the architects’ area of concernService governance and security governance are related in ways that are no always obviousFor example [read slide]

Coordinating Design Time and Runtime Service Governance Coordinating Design Time and Runtime Service Governance Presentation Transcript

  • Coordinating design time and runtime service governance
    Victoria Voinigescu
    HP Software Product Management SLM/SOA
    Francois Lascelles
    Layer 7 Director of Solutions Engineering
  • 2
    Will the use of SOA increase?
    • 75% of med/large enterprises invest in SOA projects today
    85% plan to expand SOA development (source: Gartner Research)
    • Modernization of key legacy applications is the #1 IT software priority for 2011 (71% surveyed identified as critical or high priority)
    • 43% of companies surveyed spend 25% of the IT budget on App Mod
    Source: Forrester Software Survey Q4 2010
    • Global survey of 318 companies, shows plans to spend15% of IT budgets on cloud computing by 2013
    Source: Gartner, Sept ’10
  • 3
    Unplanned Downtime Trends
    Non-SOA
    SOA
    Environment
    (20%)
    Environment
    (20%)
    Application
    Failure
    (40%)
    Application
    Failure
    (60%)
    Operator
    (20%)
    Operator
    (40%)
    Beware Application Support: You will take the blame
  • HP SOA Systinet – Functional Overview
    Information Access & Reporting
    Lifecycle
    Management
    Service
    Registry
    Dependency
    Management
    Design Time
    Policies
    Contracts
    & SLO’s
    WebDav
    Remote Query
    API Access
    Service
    Catalog
    IDE
    Plug-ins
    REST
    & ATOM
    Workbench
    (Customizations)
    Dev Best
    Practices
    Activities &
    Approvals
    Service
    Consumption
    Endpoint
    Binding
    Service
    Modeling
    WSDL, XSD, XPDL, BPEL, SCA, SLO, XSLT, Endpoints, Policies, Docs
  • Integrated Governance is the Answer
    • Close the gap between operation and design
    Account for runtime requirements during service development
    Use centralized repository to store design-time AND runtime policies
    Open framework for integration with runtime policy enforcement tools
    Design time governance
    Runtime governance
    • Run-time policy enforcement
    • SLA/SLO monitoring
    • Rogue artifacts discovery
    • Store run-time policy definition
    • Design-time policy enforcement
    • SLO planning
    HP Systinet 4.0
  • SVC
    “A”
    SVC
    “A”
    PEP
    PEP
    Design & Runtime Policy Integration
    Layer 7
    (Production)
    SVC
    “A”
    PEP
    Security
    Run
    Time
    Policies
    SLA’s
    Systinet
    (Development)
    SVC
    “B”
    PEP
    Payload Mgt
    Monitoring
    SVC
    “C”
    PEP
    SVC
    “C”
    PEP
    IT Practices
    Systinet
    Policy Integration
    Framework
    Security
    Design
    Time
    Policies
    Endpoint Mapping / Synching
    Std’s, API’s
    Compliance
    Service
    Implementations
    SVC
    “A”
    SVC
    “B”
    SVC
    “C”
    Endpoints
    SVC
    “A”
    SVC
    “B”
    SVC
    “C”
    SVC
    “A”
    SVC
    “C”
    SVC
    “A”
  • From Design time toruntimegovernance
  • 8
    HP DISCOVER 2011, © Copyright 2011 Hewlett-Packard Development Company, L.P.
    Access Management
    Metadata
    Service Level Agreement

    Runtime Governance
    Access Controlled
    Compliance Verified
    Quotas Enforced
    QoS Monitored
    Transactions Accounted

    ?
  • 9
    Agile Runtime Governance
    Design
    Runtime
    *click*
  • 10
    Service Governance and Security
    Service Governance
    Security Governance
    Example relationship:
    Application level awareness for better input sanitization
    threat protection
    metadata
  • Decoupled Policy Enforcement
    Service orientation is geared towards agility
    Enforcement infrastructure must enable agility
    Decouple policy enforcement from application logic
    Security
    as a Service,
    Gateways
    Security in application logic
    decoupling
    X
    X
    Agent
    solutions
    Container
    security
    agility
    X
    X
  • Delegated Policy Enforcement
    Governance authority defines contract, policies for consumption of services
    Governance
    Authority
    Policy Enforcement Point
    Runtime Policy Enforcement point enforces policies on behalf of endpoints
    endpoints
    requesters
  • Introducing the Layer 7 Gateway
    Runtime policy enforcement
    ATHN/ATHZ capabilities
    X.509, API Keys, SAML, OAuth
    SLA enforcement & reporting
    QoS monitoring, alerting
    Classification, threat protection
    Caching, acceleration
    Policy Enforcement Point (PEP)
    Gateway Appliance
  • Configure, not code
    Modeling with Policy Manager
    *click*
  • Form Factors
    COTS appliance form factor enables ‘drop-in’ solution with minimal deployment time and instant value. No agents to deploy, no dependencies.
    Hardware Appliance
    • Military grade security device
    • Common criteria EAL 4+
    • FIPS 140-2 level 3 certified HSM
    • 5G hardware XML acceleration
    Virtual Appliance
    • Pre-installed, hardened image
    • VMWare ESX, Xen, AWS
    • FIPS certified software crypto mode
    • XML acceleration software mode
  • Governance across service zones
    Central control of PEPs across service zones
    Centralized design time governance authority defines access control rules, contracts
    Policies programmatically pushed to relevant service zone PEP
    Layer 7 Gateway PEP deployed on public cloud, private cloud, on-premise
    Cross-domain trust handled at perimeter
    trust
    trust
  • PEP-PDP zone coordination
    Design time governance provisions PDP
    PEP consults PDP at runtime (e.g. XACML)
    PEPs
    PDP
    Design time
    Governance
  • Cross domain identity federation with Layer 7
    STS issues token on behalf of in-zone requester
    Incoming tokens are validated against federated trust policies
  • Layer 7 – Systinet Integration
    Policies created in Layer 7 Policy Manager
    Policies stored and referenced in Systinet
    Layer 7 PEP Gateway enforces policies, reports on compliance
    Service endpoint
    Layer 7 Gateway
    Compliance Feedback
    Systinet Repository / Registry (GIF)
    Service client
    Layer 7
    Policy Manager
    HP BTO BSM (BAC+)
  • Programmatic Provisioning
    Automatic action triggered by lifecycle change
    Call to Layer 7 Management API, publish proxy + runtime policy
  • Automated Coordination
    Programmatically discover services not already registered in Systinet
    Pull existing metadata from runtime infrastructure automatically
    Coupled Provisioning
    +
    Mutual Reconciliation
  • Example Layer 7 alerting to BAC using SNMP
    Alerts showing up in SideScope monitor
  • Example Layer 7 to BAC performance metrics
    SiteScope Sript monitor
  • HP + Layer 7 : comprehensive governance solution
  • HP Systinet integration
    HP integration framework now core functionality in Systinet
    Does not require separate instance
    Does not need separate license
    Contact Victoria for an integrated demo
  • Thank youhttp://www.layer7tech.comhttp://www.hp.com/go/soa