• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Layer 7: Enterprise Service Governance with SecureSpan
 

Layer 7: Enterprise Service Governance with SecureSpan

on

  • 1,073 views

Layer 7 CTO Eurpoe Francois Lascelles presents SOA enterprise service governance with Layer 7's SecureSpan product and PEPPOL with SecureSpan

Layer 7 CTO Eurpoe Francois Lascelles presents SOA enterprise service governance with Layer 7's SecureSpan product and PEPPOL with SecureSpan

Statistics

Views

Total Views
1,073
Views on SlideShare
1,070
Embed Views
3

Actions

Likes
2
Downloads
1
Comments
0

1 Embed 3

http://www.slideshare.net 3

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Layer 7: Enterprise Service Governance with SecureSpan Layer 7: Enterprise Service Governance with SecureSpan Presentation Transcript

    • Layer 7 SecureSpan
      • Francois Lascelles, P. Eng.
      • Technical Director, EMEA
      • http://www.layer7tech.com
    • Agenda Enterprise Service Governance with SecureSpan PEPPOL with SecureSpan SecureSpan Gateway Product demo
    • Enterprise Service Governance with SecureSpan
    • Application Level Broker Administrator defines policies that apply to traffic between requesters and services Message level aware intermediary used as an entry point to the services, enforces rules defined by administrators service endpoints service requesters Policy Enforcement Point
    • Business Logic Delegation Cut development costs and increase governance by delegating business logic to the infrastructure PEP handles
      • Authorization
      • Data screening
      • Trust management
      • Virtualization
      • Auditing
      • Service level agreement
      • Monitoring
      • Firewalling
    • How to implement security in the Enterprise SOA?
      • Authentication
      • Authorization
      • Integrity
      • Confidentiality
      • Key management
      • Threat protection
      • Non-repudiation
      • Audit
      Security implemented in the service endpoints? Web services Requesting processes Corporate identity management system
      • Expensive development task
      • An obstacle to loose coupling
      • No governance
      • Resources not used effectively
      • ESB and service stacks don’t belong in the DMZ
    • Delegating Endpoint Security XML Gateway enforces security for incoming traffic on behalf of protected services. XML Gateway secures outgoing traffic on behalf of protected services. protected services
    • Problematic Enterprise SOA Approach
      • “ We have been deploying for the last two years… we’re just about to present our first 4 services”
      • - Senior Enterprise Architect for a major European bank
      • March 2009
      • The Enterprise SOA should be operational as it evolves
      • Deployment should be agile
    • Appliance Form Factor
      • Hardware Appliance
      • Military grade security device
      • High performance 64bit server
      • HSM, SSL accelerator
      • XML accelerator
      • Virtual Appliance
      • VMWare image, ESX certified
      • Equal functionality
      • Equal OS level hardening
      • Cost effective
      COTS appliance model enables ‘drop-in’ solution with minimal deployment time and instant value. No agents to deploy or any other external dependencies.
    • Administrative approach to service governance No code, No scripts, No framework Policies are created by organizing assertions in tree structures. Policies are changed on the fly, without service interruptions. Rich and extensible palette Design, implementation and deployment in hours, not months or years.
    • Gradual integration of components Identity Access Management Systems ESB
      • Registry
      • Repository
      • Databases
      • LDAP
      • ...
      Components are integrated as they become available. No 'period of darkness'
      • SUN
      • Novell
      • Oracle
      • LDAP
      • MS Active Directory
      • Netegrity
      • Tivoli
      • PKI
      • Security Token Service
      • PDP
    • PEPPOL with SecureSpan
    • PEPPOL Architecture Concepts
      • 1. Access point authenticates
      • 'local' requesters
      • 2. Access point discovers
      • and forwards request
      • to 'remote' access point
    • PEPPOL Transaction Elements
      • Dynamic registry discovery
      • Dynamic service discovery
      • PEPPOL transport profile
          • WS-Reliable Messaging Sessions
          • WS-Transfer
          • SAML Attribute and Authentication Statements
          • XML dsig
          • XML Encryption
    • SecureSpan Gateway as a PEPPOL Access Point
          • PEPPOL at the edge (security, threat protection)
          • Fast time to market regardless of service implementation
          • Full enterprise integration (ESBs, IAMs, DIRs, DBs, …)
          • PEPPOL in the cloud
          • Monitor health, quality of service (in and out)
          • Logging, auditing and troubleshooting
      protected services zone PEPPOL Access Point Appliance locator, registries other PAPs provider portal
    • PEPPOL Discovery Module
      • Automated two-step PEPPOL Access Point discovery transaction
      • Cached discovery results
    • PEPPOL Decoration Module
      • Adds XML digital signatures, SAML assertion to outgoing message
      • Follow PEPPOL full profile guidelines
      • (soon) Handles XML encryption between PAPs
    • For more information: http://www.layer7tech.com [email_address]