Your SlideShare is downloading. ×
Layer 7 SecureSpan <ul><li>Francois Lascelles, P. Eng. </li></ul><ul><li>Technical Director, EMEA </li></ul><ul><li>http:/...
Agenda Enterprise Service Governance with SecureSpan PEPPOL with SecureSpan SecureSpan Gateway Product demo
Enterprise Service Governance with SecureSpan
Application Level Broker Administrator defines policies that apply to traffic between requesters and services Message leve...
Business Logic Delegation Cut development costs and increase governance by delegating business logic to the infrastructure...
How to implement security in the Enterprise SOA? <ul><li>Authentication </li></ul><ul><li>Authorization </li></ul><ul><li>...
Delegating Endpoint Security XML Gateway enforces security for incoming traffic on behalf of protected services. XML Gatew...
Problematic Enterprise SOA Approach <ul><li>“ We have been deploying  for the last two years… we’re just about to present ...
Appliance Form Factor <ul><li>Hardware Appliance </li></ul><ul><li>Military grade security device </li></ul><ul><li>High p...
Administrative approach to service governance No code, No scripts, No framework Policies are created by organizing asserti...
Gradual integration of components Identity Access Management Systems ESB <ul><li>Registry </li></ul><ul><li>Repository </l...
PEPPOL with SecureSpan
PEPPOL Architecture Concepts <ul><li>1. Access point authenticates </li></ul><ul><li>'local' requesters </li></ul><ul><li>...
PEPPOL Transaction Elements <ul><li>Dynamic registry discovery </li></ul><ul><li>Dynamic service discovery </li></ul><ul><...
SecureSpan Gateway as a PEPPOL Access Point <ul><ul><ul><li>PEPPOL at the edge (security, threat protection) </li></ul></u...
PEPPOL Discovery Module <ul><li>Automated two-step PEPPOL Access Point discovery transaction </li></ul><ul><li>Cached disc...
PEPPOL Decoration Module <ul><li>Adds XML digital signatures, SAML assertion to outgoing message </li></ul><ul><li>Follow ...
For more information: http://www.layer7tech.com [email_address]
Upcoming SlideShare
Loading in...5
×

Layer 7: Enterprise Service Governance with SecureSpan

729

Published on

Layer 7 CTO Eurpoe Francois Lascelles presents SOA enterprise service governance with Layer 7's SecureSpan product and PEPPOL with SecureSpan

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
729
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Transcript of "Layer 7: Enterprise Service Governance with SecureSpan"

  1. 1. Layer 7 SecureSpan <ul><li>Francois Lascelles, P. Eng. </li></ul><ul><li>Technical Director, EMEA </li></ul><ul><li>http://www.layer7tech.com </li></ul>
  2. 2. Agenda Enterprise Service Governance with SecureSpan PEPPOL with SecureSpan SecureSpan Gateway Product demo
  3. 3. Enterprise Service Governance with SecureSpan
  4. 4. Application Level Broker Administrator defines policies that apply to traffic between requesters and services Message level aware intermediary used as an entry point to the services, enforces rules defined by administrators service endpoints service requesters Policy Enforcement Point
  5. 5. Business Logic Delegation Cut development costs and increase governance by delegating business logic to the infrastructure PEP handles <ul><li>Authorization </li></ul><ul><li>Data screening </li></ul><ul><li>Trust management </li></ul><ul><li>Virtualization </li></ul><ul><li>Auditing </li></ul><ul><li>Service level agreement </li></ul><ul><li>Monitoring </li></ul><ul><li>Firewalling </li></ul>
  6. 6. How to implement security in the Enterprise SOA? <ul><li>Authentication </li></ul><ul><li>Authorization </li></ul><ul><li>Integrity </li></ul><ul><li>Confidentiality </li></ul><ul><li>Key management </li></ul><ul><li>Threat protection </li></ul><ul><li>Non-repudiation </li></ul><ul><li>Audit </li></ul>Security implemented in the service endpoints? Web services Requesting processes Corporate identity management system <ul><li>Expensive development task </li></ul><ul><li>An obstacle to loose coupling </li></ul><ul><li>No governance </li></ul><ul><li>Resources not used effectively </li></ul><ul><li>ESB and service stacks don’t belong in the DMZ </li></ul>
  7. 7. Delegating Endpoint Security XML Gateway enforces security for incoming traffic on behalf of protected services. XML Gateway secures outgoing traffic on behalf of protected services. protected services
  8. 8. Problematic Enterprise SOA Approach <ul><li>“ We have been deploying for the last two years… we’re just about to present our first 4 services” </li></ul><ul><li>- Senior Enterprise Architect for a major European bank </li></ul><ul><li>March 2009 </li></ul><ul><li>The Enterprise SOA should be operational as it evolves </li></ul><ul><li>Deployment should be agile </li></ul>
  9. 9. Appliance Form Factor <ul><li>Hardware Appliance </li></ul><ul><li>Military grade security device </li></ul><ul><li>High performance 64bit server </li></ul><ul><li>HSM, SSL accelerator </li></ul><ul><li>XML accelerator </li></ul><ul><li>Virtual Appliance </li></ul><ul><li>VMWare image, ESX certified </li></ul><ul><li>Equal functionality </li></ul><ul><li>Equal OS level hardening </li></ul><ul><li>Cost effective </li></ul>COTS appliance model enables ‘drop-in’ solution with minimal deployment time and instant value. No agents to deploy or any other external dependencies.
  10. 10. Administrative approach to service governance No code, No scripts, No framework Policies are created by organizing assertions in tree structures. Policies are changed on the fly, without service interruptions. Rich and extensible palette Design, implementation and deployment in hours, not months or years.
  11. 11. Gradual integration of components Identity Access Management Systems ESB <ul><li>Registry </li></ul><ul><li>Repository </li></ul><ul><li>Databases </li></ul><ul><li>LDAP </li></ul><ul><li>... </li></ul>Components are integrated as they become available. No 'period of darkness' <ul><li>SUN </li></ul><ul><li>Novell </li></ul><ul><li>Oracle </li></ul><ul><li>LDAP </li></ul><ul><li>MS Active Directory </li></ul><ul><li>Netegrity </li></ul><ul><li>Tivoli </li></ul><ul><li>… </li></ul><ul><li>PKI </li></ul><ul><li>Security Token Service </li></ul><ul><li>PDP </li></ul>
  12. 12. PEPPOL with SecureSpan
  13. 13. PEPPOL Architecture Concepts <ul><li>1. Access point authenticates </li></ul><ul><li>'local' requesters </li></ul><ul><li>2. Access point discovers </li></ul><ul><li>and forwards request </li></ul><ul><li>to 'remote' access point </li></ul>
  14. 14. PEPPOL Transaction Elements <ul><li>Dynamic registry discovery </li></ul><ul><li>Dynamic service discovery </li></ul><ul><li>PEPPOL transport profile </li></ul><ul><ul><ul><li>WS-Reliable Messaging Sessions </li></ul></ul></ul><ul><ul><ul><li>WS-Transfer </li></ul></ul></ul><ul><ul><ul><li>SAML Attribute and Authentication Statements </li></ul></ul></ul><ul><ul><ul><li>XML dsig </li></ul></ul></ul><ul><ul><ul><li>XML Encryption </li></ul></ul></ul>
  15. 15. SecureSpan Gateway as a PEPPOL Access Point <ul><ul><ul><li>PEPPOL at the edge (security, threat protection) </li></ul></ul></ul><ul><ul><ul><li>Fast time to market regardless of service implementation </li></ul></ul></ul><ul><ul><ul><li>Full enterprise integration (ESBs, IAMs, DIRs, DBs, …) </li></ul></ul></ul><ul><ul><ul><li>PEPPOL in the cloud </li></ul></ul></ul><ul><ul><ul><li>Monitor health, quality of service (in and out) </li></ul></ul></ul><ul><ul><ul><li>Logging, auditing and troubleshooting </li></ul></ul></ul>protected services zone PEPPOL Access Point Appliance locator, registries other PAPs provider portal
  16. 16. PEPPOL Discovery Module <ul><li>Automated two-step PEPPOL Access Point discovery transaction </li></ul><ul><li>Cached discovery results </li></ul>
  17. 17. PEPPOL Decoration Module <ul><li>Adds XML digital signatures, SAML assertion to outgoing message </li></ul><ul><li>Follow PEPPOL full profile guidelines </li></ul><ul><li>(soon) Handles XML encryption between PAPs </li></ul>
  18. 18. For more information: http://www.layer7tech.com [email_address]

×