Your SlideShare is downloading. ×

Layer 7: Building Multi Enterprise SOA

750
views

Published on

Discussion of multi-enterprise SOA implementations, the challenges involved and how SOA appliances can help build these architectures

Discussion of multi-enterprise SOA implementations, the challenges involved and how SOA appliances can help build these architectures

Published in: Technology, Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
750
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
20
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Building Multi- Multi-Enterprise SOA Philip Walston VP Product Management Layer 7 Technologies September 2008
  • 2. Overview Discussion of multi-enterprise SOA implementations, the challenges involved and how SOA appliances can help build these architectures • What is multi-enterprise? • The Role of SOA • Real World Issues • Implementation challenges • Characteristics of a solution • The role of SOA appliances • Summary and Questions September 2008 Building Multi-Enterprise SOA
  • 3. What Exactly is Multi-Enterprise? Multi- Enterprise-Centric • Most ERP and business applications use enterprise-centric architecture • Focus is on meeting the enterprise's objectives Extended enterprise • An attempt to support the needs of partners by extending and elongating the enterprise data and process model • Enables partners to interact with each other more easily, but this environment is not ideal • Each partner still has to learn how to work with each other’s business applications, each integration is point-to-point Multi-enterprise • A new architecture is required for more complex and interactive multi-enterprise business processes Adapted from: The Emergence of the Multienterpise Business Process Platform - Gartner, 11/07 September 2008 Building Multi-Enterprise SOA
  • 4. Multi- Multi-Enterprise Examples Examples from many business verticals: Manufacturing Manufacturers and suppliers Insurance Insurers and brokers Corporate Corporations and outsourced service providers Telecom Service providers and content providers Architectural models used in these implementations includes: EDI, Web, SOA, B2B, Saas, Cloud … September 2008 Building Multi-Enterprise SOA
  • 5. Where Does SOA Fit In? Flexible integration across departments, clients and partners Reuse of software components across business processes Interoperability across applications Corporate Untrusted ? Network Entity MQSeries Network Business Partner Unit CORBA Web Services Network Network September 2008 Building Multi-Enterprise SOA
  • 6. Implementation Challenges • Big step between point solutions and multi-enterprise services Requires managed, standards compliant SOA framework • Not all partners are created equal Rationalizing differences between development skills, security and legal requirements • The real world is messy Making integrations work across all boundaries will be tough Corporate Untrusted ? Network Entity MQSeries Network Business Partner Unit CORBA Web Services Network Network September 2008 Building Multi-Enterprise SOA
  • 7. The Real World … September 2008 Building Multi-Enterprise SOA
  • 8. The Real World … Multiple Identity Sources Multiple Domains Multiple Platforms Web Applications Green Screen Systems Multiple Transports September 2008 Building Multi-Enterprise SOA
  • 9. (Some) Real World Issues Application Silos • Applications from different vendors with narrowly defined interfaces and tight coupling to other systems Islands of Identity • Different identity repositories, schemas and provisioning systems Mixed Transport • SSL, HTTP, JMS, MQ, etc. Heterogeneous Platforms • Linux, UNIX, Windows, client-server, mainframe Heterogeneous Clients • Browsers, green screen, thick clients, other applications Web Portals • May already be default on-ramp for external partners September 2008 Building Multi-Enterprise SOA
  • 10. Moving to Multi-Enterprise Multi- Security • Much more granular and much stronger • Authentication / authorization mechanism is required • May need to segregate data physically with separate databases Integration • More complex - participating applications and systems are scattered across companies • Integration approaches will need to be simplified and rationalized to manage the increase in complexity across multistep process integration Data and Process Model • Need to be designed around common keys that help link enterprises in their interactions • Gets more complex with potential range of range of one-to-one and one-to-many (and even many-to-many) business processes over time Adapted from: The Emergence of the Multienterpise Business Process Platform - Gartner, 11/07 September 2008 Building Multi-Enterprise SOA
  • 11. A Spectrum of Implementation Challenges Delivering on the Promise of SOA • How to implement business process • How to avoid “broken” integrations Maintaining Security • Where to enforce security • Ensuring consistent security Meeting SLAs • Measuring and meeting both project and service SLAs • Reporting and acting on SLA violations Ensuring Compliance • Instrumentation of the path and ensuring integrity • Providing validation and alerting mechanisms Management • Providing the tools to manage the system • Fitting into existing internal processes September 2008 Building Multi-Enterprise SOA
  • 12. The SecureSpan Product Line First suite of security and networking products to address the full spectrum of XML deployments: • Service Oriented Architectures (SOA) • Web 2.0 and Web Oriented Architectures (WOA) • AJAX, REST and non-SOAP applications • ESB, Portal, B2B and Application Oriented Networking September 2008 Building Multi-Enterprise SOA
  • 13. A SOA Gateway’s View of the World What roles does a SecureSpan XML Networking Gateway perform? • Read policies • Create / store policies • Enforce policies • Identify exceptions • Act on exceptions • Report exceptions • Capture audit trail *Enforcement points enforce policies within a specific context September 2008 Building Multi-Enterprise SOA
  • 14. A SOA Gateway’s View of the World What roles does a SecureSpan XML Networking Gateway perform? • Read policies Design-Time • Create / store policies • Enforce policies • Identify exceptions Run-Time • Act on exceptions • Report exceptions Diagnostic • Capture audit trail *Enforcement points enforce policies within a specific context September 2008 Building Multi-Enterprise SOA
  • 15. A Few Policy Examples Threat Protection • Screen messages for specific / general threats Identity Based Access Control • Grant access to specific users or groups Content-Based Processing • Perform different processing based on specific content Selective Version Control • Transform to mediate client / service versioning issues Service-Level Agreement • Process based on measured quota or class of service September 2008 Building Multi-Enterprise SOA
  • 16. Common Multi-Enterprise SOA Requirements Multi- • Identity and Trust Control Process Authenticating and certifying identities • Policy Definition Environment Tailor security (and other) policies to each service consumer and provider relationship • Automated Policy Provisioning and Coordination Establish policies that can be distributed, verified and managed • Compliance Verification Framework Enforce, audit, alert and report compliance to policies and SLAs September 2008 Building Multi-Enterprise SOA
  • 17. SOA Appliances and Multi-Enterprise SOA Multi- • Security policy composed in policy editor • Enforcement point acts on policy Service Endpoints • Client software conforms to policy (Secure Zone) • Enforcement point reports on compliance Internal Firewall External Firewall Corporate Identity Server Business Partners SOA Gateway Policy Editor DMZ September 2008 Building Multi-Enterprise SOA
  • 18. SecureSpan and Multi-Enterprise SOA Multi- • Security policy composed in SecureSpan Manager • XML Networking Gateway acts on policy • Client software conforms to policy OR Service • XML VPN Client conforms to policy Endpoints (Secure Zone) • Enforcement point reports on compliance Service Consumer with Hard-Coded Policy Corporate Identity Server SecureSpan XML Service Consumer WS-Policy Networking Gateway with SecureSpan XML VPN Client WS-Policy SecureSpan Manager September 2008 Building Multi-Enterprise SOA
  • 19. (Some) Real World Issues Application Silos • Applications from different vendors with narrowly defined interfaces and tight coupling to other systems Islands of Identity • Different identity repositories, schemas and provisioning systems Mixed Transport • SSL, HTTP, JMS, MQ, etc. Heterogeneous Platforms • Linux, UNIX, Windows, client-server, mainframe Heterogeneous Clients • Browsers, green screen, thick clients, other applications Web Portals • May already be default on-ramp for external partners September 2008 Building Multi-Enterprise SOA
  • 20. How SecureSpan Addresses Real World Issues Application Silos • Almost all major commercial applications are SOA-enabled Islands of Identity • SecureSpan can leverage LDAP, SSO and federation systems Mixed Transport • SecureSpan supports a mix of transports including HTTP, FTP, JMS Heterogeneous Platforms • SecureSpan is standards-based and application platform independent Heterogeneous Clients • SecureSpan has solutions to help fill the gap between clients and apps Web Portals • SecureSpan works in conjunction with both portals and SSO systems September 2008 Building Multi-Enterprise SOA
  • 21. Multi- Multi-Enterprise Wide-Area Routing Fabric Wide- Business Partner Business Partner With SecureSpan With SecureSpan Appliances Appliances Business Partner SecureSpan With SecureSpan XML Networking Appliances Gateway Cluster September 2008 Building Multi-Enterprise SOA
  • 22. Summary SOA Can Be Extended Outside of the Enterprise • Identity, security, provisioning, management … SOA Appliances Can Help • Can provide fine-grained personalization of policies • Robust, high-performance enough for the DMZ Be Aware of Potential Blockers • Establishing meaningful authentication, negotiating portals … • Coordinating policies with partners Multi-Enterprise SOA is Not a Product • No single solution, but lots of products can help • Good choices can meet immediate and long-term needs September 2008 Building Multi-Enterprise SOA
  • 23. September 2008