The document outlines the advantages of the Oracle Service Bus (OSB) and its appliance (OSBA) for extending services into the DMZ, emphasizing easy deployment, security, and high performance. It addresses challenges in the extended enterprise, particularly related to cloud computing and security, and highlights the OSBA's capabilities for rapid configuration and adaptive connectivity. Key benefits include improved time to market, reduced costs, and enhanced monitoring and error handling across diverse applications.

1. <Insert Picture Here>
Extending the Oracle Service Bus into the DMZ and
Beyond
Andy Rothfield, Oracle - North America Marketing and Strategy Manager,
Oracle Embedded Global Business Unit
Demed L’Her, Oracle - Director of Product Management, Oracle SOA Suite
K Scott Morrison, Layer 7 Technologies - CTO & Chief Architect

2. Agenda
• The Oracle Embedded Value Proposition
• The Oracle Service Bus (OSB) Value Proposition
• The Challenge Of The Extended Enterprise
• Introducing the OSB Appliance (OSBA)
• Simple Deployment
• DMZ-class Security
• Extreme Performance
• Clear Visibility
• Conclusions

3. Why Embed Oracle?
• Transparent building
blocks that:
• Create end-user trust
• Improve time to market
• Ensure reliability

4. The OSB Value Proposition
• Ability to Adapt To Change
• Service virtualization
• Protocol Switching
• Routing and Transformation BPM
• Error Handling, Policy Enforcement Portal BPM B2B
• Scaling in Multiple Dimensions
• 1,000s of services
• Millions of Transactions
Oracle Service Bus
• Reduce Cost Through Re-use
• Connect your services once
• Easily configure services for integration Service Adapters
• Single view of assets w/ Service Lifecycle Repository
• Manage risk
Integration Services
• Embedded service-level management
• Failure Isolation and auto-recovery Business Logic Business Logic
• Application Alerts & SLAs
• Auditing and Reporting

5. Adaptive Connectivity In a Nutshell…
Service Oracle Service Bus Enterprise
Clients Service Messaging Services
Application HTTP/SOAP WS-RM
Service
Client Request / Response
JMS TUX
Application
Service
Client
Synch / Asynch
FTP MQ
Application
Service
Client
REST
Split / Join EJB
Application
Service
Client
Application EJB Publish / Subscribe JCA
Client Service
• Any to Any Protocol • Multiple communications paradigms
• Any to Any Payload • Request/response
• XML • Synchronous and asynchronous
• non-XML • One-to-many, many-to-one
• Binary • Pub-sub
• No WSDL Required • Mix-and-match (e.g. sync-to-async)

6. New Challenges in the Extended Enterprise
Cloud Computing (SaaS, PaaS, IaaS)
Industry Trends
Customization, Security, Performance, Availability, Regulatory
SOA & REST - Across Enterprise Boundaries
Customization, Security, Performance, Availability, Regulatory
SOA & REST – Inside the Organization
Distributed Applications and Shared Services

7. Introducing the Oracle Service Bus Appliance
Best of breed XML Gateway
+ Best of breed ESB
for XML security and acceleration for mediation and adaptive connectivity
1. Easy Deployment
2. DMZ-class Security
3. Extreme XML Performance
4. High Degree of Visibility

8. Easy Deployment & Simple Configuration
• With OSB Appliances the Customer can
• Remove the appliance from the shipping carton, install it in the rack,
• Connect power and network cable(s), assign an IP address, and turn the appliance on.
• At that point it configures itself to run on the network.
Concluding initial XML firewalling policy configuration
your Service Bus Appliance is ready to use
The entire process takes less than an hour
versus loading and configuring conventional software.

9. What’s in the Box
144.30% to 16,564.97% Improvement
XML Accelerator
Over Server Install of OSB
Cryptographic Accelerator &
Hardware Security Module
SSL Acceleration &
FIPS 140.2 Level 3
Integrate & Customize
Protect & Secure

10. Typical Deployment

11. Security - Challenges
• Challenges
• Cyber Threats
• Existing firewalls & IDS/IPS do very little to find application
protocol threats
• Identity and Access Control Across Boundaries
• Privacy and Integrity
• Audit & Compliance Risks
• Significant time & money
• Different expectations across verticals
• HIPPA, PCI, etc

12. DMZ-Class Security
• Perimeter Security and Defense in Depth
• Threat Protection
• Access Control through integration with Oracle IDM Suite
• Federated Identity across disparate security realms (SAML)
• Support for WS* Security and messaging standards and products
• FIPS 140-2 Level 3 with Elliptic Curve/B Suite Support
Intercept problematic messages at the enterprise
perimeter before they reach your services
Oracle Oracle
Entitlements Access
Server Manager
X
X
X
Perform Identity-based
access to services and
operations in the DMZ

13. Performance Challenges
• Application Layer Protocols are expensive to process
• Often XML-based
• Threat Detection Requires
• Very Fast Message Processing
• Schema Validation
• Structure Inspection
• Growing Need for Adaptation on-the-fly
• Cryptographic Processing is Becoming Expensive Because of Move to
Large Keys
• Key Protection is Essential for Many Secure Environments
• But external HSM processing can incur high latency

14. Acceleration of XML and Cryptography
• Hardware-based XML Processing (XPATH, XSLT, XSD)
• Hardware-based, FIPS 140-2 Cryptographic Processing (RSA, ECC,
3DES, AES, etc)
• On-board Hardware Security Module (HSM) for key protection
• Large Message Processing
Delegate common or expensive XML-related
tasks from your services to your infrastructure

15. OSBA Performance Value Proposition
• The numbers speak for themselves
• 1K
• Schema Validation – 261.34% Faster
• XSLT – 262.86% Faster
• 10K
• Schema Validation – 287.92% Faster
• XSLT – 187.24% Faster
• 100K
• Schema Validation - 16564.97% Faster
• XSLT – 144.30% Faster

16. Visibility Challenges
• Two demands:
• Instantaneous state across the extended enterprise
• Forensic usage data
• Need to know status of infrastructure and applications
• Need instant notification of problems
• Integration into existing monitoring and management infrastructure
• Business needs customized counters
• Every application is different
• Data must be available
• As report
• As raw data for metrics, billing etc.

17. Monitoring Capability
• Integrated Monitoring and Management
• Graphical display
• Raw data available through APIs
OSBA Console(s)

18. OSBA Service Monitoring
• Monitor System Operations Warnings
• Alerting and reporting key monitoring points 17 4
40
13
• Gauge system health, slowdown notification
72
• Monitoring is optional per service
Critical
• Service metrics Minor
• Response times (min, max, avg)
• Message, error, failover counts
Error
• Action level metrics Responses
• Dashboard • # of Generated Errors
• By Service
• Show fault and performance metrics
aggregated cluster wide or per server
• JMX Metrics
• Metrics available via MBean interfaces
• Integration with Enterprise Mgr
• Custom Alerts
• SLA alerts for conditions requiring attention
• Pipeline alerts can flag individual msgs
• Service health
• # of Alerts by Severity
• Configurable Aggregation Intervals
18

19. Conclusions
• Decrease time to market and cost of implementation
by leveraging a pre-integrated, pre-configured SOA
Appliance:
• Initial configuration (network configuration, security lock-downs, etc.)
• Security configuration (such as XML firewalling, access control, auditing, etc.)
• Adapter configuration for enterprise system integration (ERP, CRM,
databases, messaging systems, etc)
• Monitoring configuration for integration with existing management
infrastructure
• Thank you for joining us this morning!
• Contact info:
• Andy Rothfield, andy.rothfield@oracle.com
• Demed L’Her, demed.lher@oracle.com, 650-506-1128
• Scott Morrison, smorrison@gov.layer7tech.com, 778-329-9982

20. Questions?