Blake Dournaee – Intel SOA Products Group Product Manager Currently the product manager responsible for Intel SOA products. As a product manager at Sarvega, he was deeply involved in the development of their flagship XML security, routing and acceleration appliance products. Blake was a specialist in applied cryptography applications at RSA Security and was a frequent speaker at many RSA conferences throughout the US and Europe. Blake is an established author who wrote the first book on XML Security and co-authored SOA Demystified from Intel press. The Evolving SOA Appliance - 3 Game Changing Innovations Webinar Presented by: Practical Approaches to Service Delivery Webinar Series May 21, 2009

Topic Agenda SOA Appliance Defined Market Evolution Recent Market Changes XML Security Threats Cloud Gateway Security Moore’s Law for SOA Policy Driven SOA Intel SOA Expressway Innovations Intel® Multi-Core Tie-In Secure, Virtual Cloud Mediation Governance Pluggability Use Models TCO Comparisons Free SOA Benchmark Tool and Book

SOA Appliance Defined

Market Evolution

Recent Market Changes

XML Security Threats

Cloud Gateway Security

Moore’s Law for SOA

Policy Driven SOA

Intel SOA Expressway Innovations

Intel® Multi-Core Tie-In

Secure, Virtual Cloud Mediation

Governance Pluggability

Use Models

TCO Comparisons

Free SOA Benchmark Tool and Book

SOA Appliance Defined: Security & Mediation Policy Repositories Metadata Repositories System of record Service container Service container Service Service mediation Service administration Service Middleware Acceleration Routing Transform Security Other Service monitoring An Essential Aspect of Your Services Infrastructure -2009 Burton Group

SOA Appliance Defined: Security & Mediation Policy Repositories Metadata Repositories System of record Service container Service container Service Service mediation Service administration Service Middleware Acceleration Routing Transform Security Other Service monitoring An Essential Aspect of Your Services Infrastructure -2009 Burton Group SOA Appliance

“ XML parsing and transformation is too slow to be useful for web sites; I need to process XML at wire speed.” “ I need to provide scalable XML security for my Web Services. I need validation and message level security for my XML.” “ All of my new applications require workflows that deal in XML processing or legacy integration . How did we arrive here? SOA Appliance Evolution Static XML Latency, Throughput XML Web Services Performance, Security Power Service Oriented Architecture Performance, Power, Security, Space Date Paradigm Problem Architecture/ Form Factor 2000 Data 2002-2006 Data 2008+ Data XML Proxy XML/HTTP XML HTML WS Proxy .NET AXIS IBM AAA SOA Proxy SOAP,XML/JMS,FTP,MLLP,HTTP SOAP,XML/JMS,FTP,MLLP,HTTP JVM DB AAA .NET AXIS IBM XML Accelerator Security Gateway Hardware Appliance SOA Soft-Appliance

XML Security Threats XML threats specific to b-to-b (services & APIs) XML upstream (browser to services) - Web 2.0 components and protocol attacks XML downstream (services to browser) - browsers and client attacks Must Now Recognize Security In Outbound Direction Application Environment & XML Streams XML Threat Dimensions Security Change:

XML threats specific to b-to-b (services & APIs)

XML upstream (browser to services) - Web 2.0 components and protocol attacks

XML downstream (services to browser) - browsers and client attacks

Cloud Gateway Security Trends and Characteristics Cloud services offer improved flexibility and choice Lower cost and time to market Build using low-cost commodity server platforms Infrastructure Change: Dept Domain 2 Corporate Data Center Dept Domain 1 SaaS Provider SaaS Integration On-Demand Internal Web Services Partner Web Services Challenges New threat vectors, trust and authentication requirements Usage, metering and billing Audit and archive for regulatory compliance Efficient mediation between services

Trends and Characteristics

Cloud services offer improved flexibility and choice

Lower cost and time to market

Build using low-cost commodity server platforms

Challenges

New threat vectors, trust and authentication requirements

Usage, metering and billing

Audit and archive for regulatory compliance

Efficient mediation between services

Continuous Platform Improvements Movement towards multi-core computing lowers costs and increases efficiency Commodity hardware and virtualization continue to proliferate New Challenges SOA applications need immediate multi-core enablement SOA needs an efficient virtualization tie-in Mission critical SOA requires efficient, continuously scalable XML processing SOA applications need all the help they can get from the platform! Moore’s Law for SOA Infrastructure Change: Lower Cost Commodity Hardware Upgrade Compute Intensive SOA/XML Servers Software’s Flexibility Multi-core Optimization CoreTM i7 processor features Streaming SIMD Extensions 4.2 Upgrade Software to take Advantage of Moore’s Law Optimizations Can Deliver 20X Performance Over Hardware Appliances

Continuous Platform Improvements

Movement towards multi-core computing lowers costs and increases efficiency

Commodity hardware and virtualization continue to proliferate

New Challenges

SOA applications need immediate multi-core enablement

SOA needs an efficient virtualization tie-in

Mission critical SOA requires efficient, continuously scalable XML processing

SOA applications need all the help they can get from the platform!

Upgrade Compute Intensive SOA/XML Servers

Multi-core Optimization

CoreTM i7 processor features

Streaming SIMD Extensions 4.2

Policy Governance: Current State Standards Vendor A App Server, Registry, or Repository Vendor Policy Vendor A SOA Appliance Vendor A Access/AAA Manager ENTERPRISE DOMAIN 1 PAP: Admin PDP: Decision PEP: Enforce Vendor B App Server, Registry, or Repository Vendor Policy Vendor B SOA Appliance Vendor B Access/AAA Manager ENTERPRISE DOMAIN 2 Current State Vendor specific policy One-off integration to use policy with other vendor’s PEP Forced to stack vendor suite approach vs best of breed runtime & design time policy framework Governance managed at domain level by vendor x Change: Web Service Client Web Service Client PAP: Admin PDP: Decision PEP: Enforce

Current State

Vendor specific policy

One-off integration to use policy with other vendor’s PEP

Forced to stack vendor suite approach vs best of breed runtime & design time policy framework

Governance managed at domain level by vendor

Vendor A App Server, Registry, or Repository Standard Policy ANY VENDOR SOA Appliance Vendor A Access/AAA Manager ENTERPRISE DOMAIN 1 PAP: Admin PDP: Decision PEP: Enforce Vendor B App Server, Registry, or Repository Standard Policy ANY VENDOR SOA Appliance Vendor B Access/AAA Manager ENTERPRISE DOMAIN 2 PAP: Admin PDP: Decision PEP: Enforce Requirements Standard Schemas (XACML,WS-Policy, WS-Mex) Seamless integration between cross-vendor PEPs & PDPs SOA Appliance integration with any IdM or PDP source. Enable True Federated Governance Model Policy Driven SOA Evolution Standards Change: Cross Domain Federated Governance Web Service Client Web Service Client

Requirements

Standard Schemas (XACML,WS-Policy, WS-Mex)

Seamless integration between cross-vendor PEPs & PDPs

SOA Appliance integration with any IdM or PDP source.

Enable True Federated Governance Model

10/08/09 Introducing Intel SOA Expressway Software Service Router – Security, Governance and Mediation Standard Operating System Support – Linux, Windows Optimized for Intel® Multi-Core – Scales directly on standard Intel-based servers Key Capabilities Performance – Best-in-class wire speed XML acceleration & core XML IP Service Mediation – Sophisticated service mediation with non-XML data handling Service Governance – Runtime governance for enforcing service policies & reporting Security Features – Security proxy, services firewall, AAA, TLS, trust mediation & Software Appliance – Appliance manageability with software extensibility Extensibility – Custom business rules, service hosting, data and messaging adapters Open Architecture Fits cleanly into Existing Investments

Software Service Router – Security, Governance and Mediation

Standard Operating System Support – Linux, Windows

Optimized for Intel® Multi-Core – Scales directly on standard Intel-based servers

Key Capabilities

Performance – Best-in-class wire speed XML acceleration & core XML IP

Service Mediation – Sophisticated service mediation with non-XML data handling

Service Governance – Runtime governance for enforcing service policies & reporting

Security Features – Security proxy, services firewall, AAA, TLS, trust mediation &

Software Appliance – Appliance manageability with software extensibility

Extensibility – Custom business rules, service hosting, data and messaging adapters

Service Router Deployment Enterprise Perimeter (DMZ) Enterprise Applications & Services SOA Expressway is tied to Intel’s world-class Multi-Core architecture Partner Service or Client Cloud service or Application Perimeter Defense Runtime Governance Cloud Governance XML threat defense Security Gateway DoS Protection AAA Tamper Evident Runtime governance Virtual Appliance/OSGi/Server Software Interoperable with any policy manager Partner service mediation Service Throttling Capacity Tuning Full Virtualization Multi-Tenancy SLA enforcement & Audit

XML threat defense

Security Gateway

DoS Protection

AAA

Tamper Evident

Runtime governance

Virtual Appliance/OSGi/Server Software

Interoperable with any policy manager

Partner service mediation

Service Throttling

Capacity Tuning

Full Virtualization

Multi-Tenancy

SLA enforcement & Audit

8 Core Usage Models www.comparedatapower.com 2 Minute Video Tutorials Simple Proxy Multi-Purpose or Custom Offload XSL, XML/WS Security Acceleration, Multi-format acceleration WS-Security Proxy Edge security with threat and trust functions including credential mediation Web 2.0 Security Proxy RIA Security for SaaS, Web 2.0 and Cloud applications Multi-Service Mediation SaaS Enablement Multi-tenant hosted services with RIA security High Performance Messaging On-Ramp Service mediation with messaging and database connectivity Real-time Business Integration Business content conversion with data integration Legacy Enablement Mainframe service enablement Mashup/Multi-Repository Integration Cross-repository service mediation

Intel SOA Expressway – Continues to deliver leapfrog performance Performance Core Now: Up to 8x custom appliances Next: SOA Expressway will continue its leadership in performance with full optimization based on Intel multi-core, unique utilization of instruction sets and architectural roadmap On Nehalem SOA Expressway uses Intel® SSE4.2 XML/SOAP processing XML Threat detection On Westmere SOA Expressway will use Crypto Acceleration using AESNI Higher WS-Security, SSL performance Sandy Bridge SOA Expressway will use AVX optimized XML/SOAP processing ESIII Architecture ^ AESNI - Advanced Encryption Standard New Instruction AVX – Advanced Vector Extensions

On Nehalem

SOA Expressway uses

Intel® SSE4.2

XML/SOAP processing

XML Threat detection

On Westmere

SOA Expressway will use

Crypto Acceleration using AESNI

Higher WS-Security, SSL performance

Sandy Bridge

SOA Expressway will use

AVX optimized XML/SOAP processing

ESIII Architecture

Web 2.0 Security Gateway -Combat XML Threats

Web 2.0 Security Gateway -Combat XML Threats THREAT PROTECTION Multi-stage Denial of Service (DoS) Protection - escalation levels for rate-shaping, blocking and alerting, XML Limit Checking, SQL Injection, DTD Checking, XPath Injection, Malformed XML Attack, XML Bomb Attack, Schema Poisoning Attack, XSS, Data Clogging Attacks, Service Scanning, SOAP operation filtering, Query string analysis Regular Expression Scanning - for forbidden and required expressions, configurable ‘dirty word’ filtering, Hitless Policy Updates – Real-time updating of content attack prevention policies. Unidirectional protection - for inbound and outbound messages ideal for Web 2.0 and REST based security TRUST ENABLEMENT SSL/TLS Acceleration WS-Security 1.0 and 1.1 Raw XML Security Username, X.509, SAML Tokens Credential Mediation Attachment Security (SwA) HTTP Basic Auth

THREAT PROTECTION

Multi-stage Denial of Service (DoS) Protection - escalation levels for rate-shaping, blocking and alerting, XML Limit Checking, SQL Injection, DTD Checking, XPath Injection, Malformed XML Attack, XML Bomb Attack, Schema Poisoning Attack, XSS, Data Clogging Attacks, Service Scanning, SOAP operation filtering, Query string analysis

Regular Expression Scanning - for forbidden and required expressions, configurable ‘dirty word’ filtering,

Hitless Policy Updates – Real-time updating of content attack prevention policies.

Unidirectional protection - for inbound and outbound messages ideal for Web 2.0 and REST based security

TRUST ENABLEMENT

SSL/TLS Acceleration

WS-Security 1.0 and 1.1

Raw XML Security

Username, X.509, SAML Tokens

Credential Mediation

Attachment Security (SwA)

HTTP Basic Auth

Cloud Gateway Security Performance: Scales on low-cost Intel ® Multi-Core servers typically used in cloud applications Cloud Service Mediation: Supports local, cloud and partner integration SLA enforcement: Supports global capacity tuning and per service message throttling Metering & Usage: Comprehensive statistics reports Perimeter Defense: Protects against new and emerging content threats Security Gateway: Controls secure access including Authentication and Authorization Secure Audit: Full audit & archive in a portable Flexible deployment: Run on-premise or virtualized in the cloud

Performance: Scales on low-cost Intel ® Multi-Core servers typically used in cloud applications

Cloud Service Mediation: Supports local, cloud and partner integration

SLA enforcement: Supports global capacity tuning and per service message throttling

Metering & Usage: Comprehensive statistics reports

Perimeter Defense: Protects against new and emerging content threats

Security Gateway: Controls secure access including Authentication and Authorization

Secure Audit: Full audit & archive in a portable

Flexible deployment: Run on-premise or virtualized in the cloud

Policy Driven SOA Policy Standards SOA Governance Policies (Registry/Repository) SOA Infrastructure Policies Open architecture supports diverse policy integration XML policies and logs for open integration Pluggable governance framework Monitoring & Management Systems WS-Policy WS-Mex

XML policies and logs for open integration

Pluggable governance framework

Hardware Appliances They lose all of their capital value over a five-year period At capital replacement time, the appliance must be upgraded or retired Retained Value: 0% SOA Expressway Software Appliance Only the server hardware depreciates, software holds value At capital replacement time, general purpose servers can be repurposed Retained Value: 92% (or more) Benefits of Moore’s Law for SOA & Virtualization

Hardware Appliances

They lose all of their capital value over a five-year period

At capital replacement time, the appliance must be upgraded or retired

Retained Value: 0%

SOA Expressway Software Appliance

Only the server hardware depreciates, software holds value

At capital replacement time, general purpose servers can be repurposed

Retained Value: 92% (or more)

Industry Best Price for Performance Economies of Scale Flexible upgrades Run on commodity hardware Intel Multi-core Optimized Patented algorithms Optimized memory 10/08/09 App Servers ESBs Hardware Appliance Software Appliance Intel SOA Expressway MPS 10x-100x Improvement for XML Rich Apps 3 rd Party Validated Large production installations exceed SLAs

Economies of Scale

Flexible upgrades

Run on commodity hardware

Intel Multi-core Optimized

Patented algorithms

Optimized memory

3 rd Party Validated

Large production installations exceed SLAs

Intel Website Intel.com/software/soae Information Library Customer quotes Video Tutorials/demos Online Resources On-Demand Analyst Webinars Intel.com/software/soae/webinars Security Gateway Federated Governance Cross-Domain SOA (SR) SOA Appliance Comparison Site comparedatapower.com Comparison charts White papers SOA Benchmark Tool Tutorials

Intel Website

Intel.com/software/soae

Information Library

Customer quotes

Video Tutorials/demos

On-Demand Analyst Webinars

Intel.com/software/soae/webinars

Security Gateway

Federated Governance

Cross-Domain SOA (SR)

SOA Appliance Comparison Site

comparedatapower.com

Comparison charts

White papers

SOA Benchmark Tool

Tutorials

FREE SOA Benchmark Tool Scenarios HelloWorld SOAP Request/Response WS-Security Signature Content Attack Prevention WS-Security Encryption AAA SAML Scenario The SOA Benchmark Kit can be used to test any vendor's SOA platform www.comparedatapower.com

Scenarios

HelloWorld SOAP Request/Response

WS-Security Signature

Content Attack Prevention

WS-Security Encryption

AAA SAML Scenario

Set up a Discovery Call to Receive Free Book Outlines technical and organizational impacts Real life case studies Adoption of SOA success factors Retails for $40 on Amazon [email_address]

Outlines technical and organizational impacts

Real life case studies

Adoption of SOA success factors

Retails for $40 on Amazon