Java ee 7 platform developing for the cloud kshitiz saxenaIndicThreads
The document discusses the Java EE 7 platform and its focus on cloud computing. Key points include:
- Java EE 7 aims to make the platform a service to better support deployment on public, private and hybrid clouds.
- This involves defining new roles, adding metadata for service provisioning and configuration, and extending APIs to support multi-tenancy and cloud environments.
- The document provides an example scenario of an application being developed, submitted to a PaaS provider, and then deployed and accessed by multiple tenants.
- Java EE 7 will focus on making application services automatically provisioned based on application dependencies to simplify deployment in the cloud.
S-CUBE LP: Service Level Agreement based Service infrastructures in the conte...virtual-campus
This document discusses service level agreements (SLAs) in the context of multi-layered adaptation of service-based applications. It describes 3 main problem areas: 1) diversity of service infrastructure models, 2) lack of cross-layer monitoring and adaptation, and 3) rigidness of infrastructure. The objectives are to 1) hide infrastructure differences, 2) support higher layers of service-based applications, and 3) enable SLA-oriented self-adaptation. It proposes a SLA-aware service infrastructure architecture using a meta-negotiator, meta-broker, brokers, and automatic service deployers to achieve autonomous behavior while respecting SLAs.
SOA Summer School: Best of SOA Summer School – Encore Session WSO2
This wrap-up session of WSO2's SOA Summer School brings you the best of all sessions conducted over the past 8 weeks. Enterprise architects, developers, consultants and business analysts can now gain an overall understanding of SOA concepts and implementations of end-to-end SOA solutions.
Deja-Vu Solutions Limited has expertise in providing variety of services and solutions which includes web development, content development, data entry, and IT consulting under one roof.
Our vision focuses on customer satisfaction and provides our clients the competitive advantage through innovative use of technology and employee expertise. We thrive to achieve long-term relations with clients through success. We have time and again anticipated and exceeded customer expectations.
http://prolifics.com/
This presentation takes a deep dive into the latest features of IBM WebSphere MQ and Message Broker to see how these new capabilities are changing the world. It examines how MQ and Message Broker can connect anything, anywhere and achieve universal connectivity with:
- Enhanced file and messaging capabilities of IBM WebSphere Message Broker 8.0 and WebSphere MQ 7.5, including the ability to handle many formats (i.e. XML, CSV, etc.)
- The ability of WebSphere MQ Telemetry Transport (MQTT) to connect through the web or through devices
- An extended reach of WebSphere MQ via the new HTTP and FTP bridges
- High Availability that makes the system more reliable than ever and allows WebSphere MQ clients to automatically reconnect
The document proposes an effective resource management method for virtualized systems under dynamic workloads. It describes a resource manager that uses fuzzy control theory to model the relationship between performance and allocated resources for each application domain. The resource manager aims to maintain acceptable performance for each domain while balancing performance between domains. An experiment shows the proposed method improved performance over the default scheduler in one workload scenario but showed worse performance in another scenario. Further work is needed to improve adaptation speed and ensure fair allocation.
Java ee 7 platform developing for the cloud kshitiz saxenaIndicThreads
The document discusses the Java EE 7 platform and its focus on cloud computing. Key points include:
- Java EE 7 aims to make the platform a service to better support deployment on public, private and hybrid clouds.
- This involves defining new roles, adding metadata for service provisioning and configuration, and extending APIs to support multi-tenancy and cloud environments.
- The document provides an example scenario of an application being developed, submitted to a PaaS provider, and then deployed and accessed by multiple tenants.
- Java EE 7 will focus on making application services automatically provisioned based on application dependencies to simplify deployment in the cloud.
S-CUBE LP: Service Level Agreement based Service infrastructures in the conte...virtual-campus
This document discusses service level agreements (SLAs) in the context of multi-layered adaptation of service-based applications. It describes 3 main problem areas: 1) diversity of service infrastructure models, 2) lack of cross-layer monitoring and adaptation, and 3) rigidness of infrastructure. The objectives are to 1) hide infrastructure differences, 2) support higher layers of service-based applications, and 3) enable SLA-oriented self-adaptation. It proposes a SLA-aware service infrastructure architecture using a meta-negotiator, meta-broker, brokers, and automatic service deployers to achieve autonomous behavior while respecting SLAs.
SOA Summer School: Best of SOA Summer School – Encore Session WSO2
This wrap-up session of WSO2's SOA Summer School brings you the best of all sessions conducted over the past 8 weeks. Enterprise architects, developers, consultants and business analysts can now gain an overall understanding of SOA concepts and implementations of end-to-end SOA solutions.
Deja-Vu Solutions Limited has expertise in providing variety of services and solutions which includes web development, content development, data entry, and IT consulting under one roof.
Our vision focuses on customer satisfaction and provides our clients the competitive advantage through innovative use of technology and employee expertise. We thrive to achieve long-term relations with clients through success. We have time and again anticipated and exceeded customer expectations.
http://prolifics.com/
This presentation takes a deep dive into the latest features of IBM WebSphere MQ and Message Broker to see how these new capabilities are changing the world. It examines how MQ and Message Broker can connect anything, anywhere and achieve universal connectivity with:
- Enhanced file and messaging capabilities of IBM WebSphere Message Broker 8.0 and WebSphere MQ 7.5, including the ability to handle many formats (i.e. XML, CSV, etc.)
- The ability of WebSphere MQ Telemetry Transport (MQTT) to connect through the web or through devices
- An extended reach of WebSphere MQ via the new HTTP and FTP bridges
- High Availability that makes the system more reliable than ever and allows WebSphere MQ clients to automatically reconnect
The document proposes an effective resource management method for virtualized systems under dynamic workloads. It describes a resource manager that uses fuzzy control theory to model the relationship between performance and allocated resources for each application domain. The resource manager aims to maintain acceptable performance for each domain while balancing performance between domains. An experiment shows the proposed method improved performance over the default scheduler in one workload scenario but showed worse performance in another scenario. Further work is needed to improve adaptation speed and ensure fair allocation.
Services Oriented Infrastructure in a Web2.0 WorldLexumo
Tom Maguire discusses applying SOA Web 2.0 technologies, and open standards to the problems faced by IT in an ever changing world.
This session was recorded at EMC World 2007 in Orlando Florida
The document discusses cyber defense for service-oriented architecture (SOA) and representational state transfer (REST) using the Oracle Service Bus Appliance (OSBA). It provides an overview of OSBA, including its easy deployment and configuration, DMZ-class security features, and performance benefits. Examples of OSBA use cases for security, performance, customization, and monitoring of SOA and REST applications are also presented.
The document discusses new features in Exchange 2013 that improve client access through a redesigned client access architecture using load balancing at the network layer, role evolution through consolidation of server roles, and cross-version interoperability principles. It also outlines changes to the Exchange architecture that improve hardware efficiency and simplify deployments through the use of database availability groups and a single master model for public folders.
Implementing Process Controls and Risk Management with Novell Compliance Mana...Novell
The document discusses Novell's Compliance Management Platform and its extension for SAP environments. The platform provides integrated identity and security management through components like Identity Vault, Identity Manager, Sentinel, and Access Manager. The extension for SAP includes tools like a Role Mapping Administrator and enhanced SAP drivers. It aims to develop synergies between Identity Manager and SAP BusinessObjects Access Control for improved provisioning, access control, risk analysis, and monitoring capabilities. Three scenarios are presented showing how provisioning and access control can be integrated between the solutions.
This presentation will help you better understand:
- The Oracle Embedded Value Proposition
- The Oracle Service Bus (OSB) Value Proposition
- The Challenge Of The Extended Enterprise
- Introducing the OSB Appliance (OSBA)
03.egovFrame Runtime Environment Training BookChuong Nguyen
The document summarizes the eGovFrame runtime environment. It consists of 6 service groups and 38 services that support patterns like MVC, DI, and AOP based on the Spring framework. The runtime environment provides the basic functionality required to run enterprise applications and consists of open source software like Spring, Log4j, and Apache projects. It aims to improve development productivity and the reusability of e-government systems.
This document provides an overview and agenda for a presentation on the FUSE family of products including ActiveMQ, ServiceMix, CXF, and Camel. The presentation covers the conceptual architecture and standards used, deployment strategies, and best practices. It also discusses how to successfully use FUSE for integration and SOA projects as architects, developers, and project managers.
The document outlines a presentation by Paul Bertucci on high availability options for SQL Server databases. It provides an agenda that will discuss what high availability is, how to assess requirements, review Microsoft SQL Server high availability options like clustering, database mirroring and log shipping, and how each option provides high availability. It also includes example slides on topics like availability assessment, configuration examples, and a decision tree approach for choosing an option.
Not all SOA Gateways are created equal. Each one behaves differently, which can affect your total cost of ownership, and more importantly, the success of your project.
Dave Carroll Application Services Salesforcedeimos
The document discusses enterprise grade business application services provided through the Force.com platform as a service (PaaS). It provides an overview of Force.com's capabilities including building any type of business application, flexibility to integrate with other systems, security, and trust due to many customers and developers using the platform. Key aspects of Force.com covered include the multi-tenant architecture, APIs for development, and security options like single sign-on and two-factor authentication.
Application Grid: Platform for Virtualization and Consolidation of your Java ...Bob Rhubart
This document discusses how organizations can consolidate and virtualize their Java applications. It notes trends toward consolidation, standardization, security compliance and doing more with less. It states that 8 out of 10 IT dollars are "dead money" spent on maintenance. Shared services can help businesses reduce costs and complexity while improving productivity and customer service levels agreements. The document outlines different levels of consolidation and how companies have achieved significant cost savings through consolidation. It introduces the Oracle Application Grid as a way to provision and monitor shared application infrastructure using technologies like Oracle Coherence, WebLogic Server and Oracle Fusion Middleware to improve efficiency, competitiveness and simplify IT environments.
Momentum Infocare Pvt. Ltd. is a leading provider of IT solutions focusing on the corporate market. It has been providing IT infrastructure services since 1993 and is ISO 9001:2000 certified. It offers a range of data center, storage, security and infrastructure management solutions and has over 100 satisfied customers, with 70% being repeat clients. It has technology alliances with leading providers and case studies depicting successful projects for customers across industries.
The document discusses database mirroring in SQL Server 2008. It provides an overview of database mirroring, including key terms like principal server, mirror server, and witness server. It describes the different mirroring modes and how failover works. It also discusses performance improvements in SQL Server 2008 database mirroring, such as compression and asynchronous log shipping. Benchmarks are presented comparing performance in 2005 versus 2008.
This presentation gives an overview about WSO2's technology platform as of Q2 2009. It gives an update about the ESB, the Web Services Application Server, Business Process Server as well as the re-branded Governance Registry and Identity Server.
This document discusses Oracle Exalogic Elastic Cloud, a preconfigured system for running Java workloads. It provides extreme Java performance through integration of hardware and software. It offers standardized platforms for consolidation that reduce costs through improved utilization and efficiency. As an engineered system, it simplifies deployment and management for building private and public clouds.
Java EE Technical Keynote at JavaOne Latin America 2011Arun Gupta
This document discusses Java EE 7 and its focus on providing the Java EE platform as a service (PaaS). Key points include:
- Java EE 7 aims to make the Java EE platform itself a service that can be leveraged on public, private, and hybrid clouds.
- It proposes automatically provisioning and deploying application resources like databases and JMS from metadata in the application.
- Service metadata would simplify using resources in the cloud.
- Elasticity is a focus area, moving from single node systems to dynamic, self-adjusting clusters that scale on demand based on service level agreements.
- There is a demonstration of deploying a sample Java EE conference planning application to the cloud as a P
Enterprise Use Case - Selecting an Enterprise Service Bus WSO2
The document discusses selecting an enterprise service bus (ESB) and provides the following information:
1. It outlines an ESB evaluation framework that examines common and advanced ESB features.
2. It describes using the framework to understand how to implement common use cases and demonstrate ease of development with graphical tools and connectors.
3. It evaluates the composable architecture and enterprise fit by examining cross-component use cases, governance practices, security, and performance validation.
The document discusses the architecture of Microsoft Exchange 2013. Exchange 2013 uses a building block approach to facilitate deployments at any scale. It utilizes server role evolution, network layer improvements, and versioning/interoperability principles. The architecture features load balancing at the network and client access layers. Exchange 2013 also includes a new managed store that reduces database IOPS and supports larger mailboxes and modern public folders with improved search capabilities.
The document discusses Spring Framework updates including versions 3.1, 3.2, and 3.3. Key features of Spring 3.1 include environment profiles for activating bean definitions in different environments, Java-based application configuration, and declarative caching. Spring 3.2 will include a Gradle build system and GitHub contributions. Spring 3.3 will add support for Java SE 8 features like lambda expressions and the Java EE 7 API. The document provides code examples of using these new Spring features.
Services Oriented Infrastructure in a Web2.0 WorldLexumo
Tom Maguire discusses applying SOA Web 2.0 technologies, and open standards to the problems faced by IT in an ever changing world.
This session was recorded at EMC World 2007 in Orlando Florida
The document discusses cyber defense for service-oriented architecture (SOA) and representational state transfer (REST) using the Oracle Service Bus Appliance (OSBA). It provides an overview of OSBA, including its easy deployment and configuration, DMZ-class security features, and performance benefits. Examples of OSBA use cases for security, performance, customization, and monitoring of SOA and REST applications are also presented.
The document discusses new features in Exchange 2013 that improve client access through a redesigned client access architecture using load balancing at the network layer, role evolution through consolidation of server roles, and cross-version interoperability principles. It also outlines changes to the Exchange architecture that improve hardware efficiency and simplify deployments through the use of database availability groups and a single master model for public folders.
Implementing Process Controls and Risk Management with Novell Compliance Mana...Novell
The document discusses Novell's Compliance Management Platform and its extension for SAP environments. The platform provides integrated identity and security management through components like Identity Vault, Identity Manager, Sentinel, and Access Manager. The extension for SAP includes tools like a Role Mapping Administrator and enhanced SAP drivers. It aims to develop synergies between Identity Manager and SAP BusinessObjects Access Control for improved provisioning, access control, risk analysis, and monitoring capabilities. Three scenarios are presented showing how provisioning and access control can be integrated between the solutions.
This presentation will help you better understand:
- The Oracle Embedded Value Proposition
- The Oracle Service Bus (OSB) Value Proposition
- The Challenge Of The Extended Enterprise
- Introducing the OSB Appliance (OSBA)
03.egovFrame Runtime Environment Training BookChuong Nguyen
The document summarizes the eGovFrame runtime environment. It consists of 6 service groups and 38 services that support patterns like MVC, DI, and AOP based on the Spring framework. The runtime environment provides the basic functionality required to run enterprise applications and consists of open source software like Spring, Log4j, and Apache projects. It aims to improve development productivity and the reusability of e-government systems.
This document provides an overview and agenda for a presentation on the FUSE family of products including ActiveMQ, ServiceMix, CXF, and Camel. The presentation covers the conceptual architecture and standards used, deployment strategies, and best practices. It also discusses how to successfully use FUSE for integration and SOA projects as architects, developers, and project managers.
The document outlines a presentation by Paul Bertucci on high availability options for SQL Server databases. It provides an agenda that will discuss what high availability is, how to assess requirements, review Microsoft SQL Server high availability options like clustering, database mirroring and log shipping, and how each option provides high availability. It also includes example slides on topics like availability assessment, configuration examples, and a decision tree approach for choosing an option.
Not all SOA Gateways are created equal. Each one behaves differently, which can affect your total cost of ownership, and more importantly, the success of your project.
Dave Carroll Application Services Salesforcedeimos
The document discusses enterprise grade business application services provided through the Force.com platform as a service (PaaS). It provides an overview of Force.com's capabilities including building any type of business application, flexibility to integrate with other systems, security, and trust due to many customers and developers using the platform. Key aspects of Force.com covered include the multi-tenant architecture, APIs for development, and security options like single sign-on and two-factor authentication.
Application Grid: Platform for Virtualization and Consolidation of your Java ...Bob Rhubart
This document discusses how organizations can consolidate and virtualize their Java applications. It notes trends toward consolidation, standardization, security compliance and doing more with less. It states that 8 out of 10 IT dollars are "dead money" spent on maintenance. Shared services can help businesses reduce costs and complexity while improving productivity and customer service levels agreements. The document outlines different levels of consolidation and how companies have achieved significant cost savings through consolidation. It introduces the Oracle Application Grid as a way to provision and monitor shared application infrastructure using technologies like Oracle Coherence, WebLogic Server and Oracle Fusion Middleware to improve efficiency, competitiveness and simplify IT environments.
Momentum Infocare Pvt. Ltd. is a leading provider of IT solutions focusing on the corporate market. It has been providing IT infrastructure services since 1993 and is ISO 9001:2000 certified. It offers a range of data center, storage, security and infrastructure management solutions and has over 100 satisfied customers, with 70% being repeat clients. It has technology alliances with leading providers and case studies depicting successful projects for customers across industries.
The document discusses database mirroring in SQL Server 2008. It provides an overview of database mirroring, including key terms like principal server, mirror server, and witness server. It describes the different mirroring modes and how failover works. It also discusses performance improvements in SQL Server 2008 database mirroring, such as compression and asynchronous log shipping. Benchmarks are presented comparing performance in 2005 versus 2008.
This presentation gives an overview about WSO2's technology platform as of Q2 2009. It gives an update about the ESB, the Web Services Application Server, Business Process Server as well as the re-branded Governance Registry and Identity Server.
This document discusses Oracle Exalogic Elastic Cloud, a preconfigured system for running Java workloads. It provides extreme Java performance through integration of hardware and software. It offers standardized platforms for consolidation that reduce costs through improved utilization and efficiency. As an engineered system, it simplifies deployment and management for building private and public clouds.
Java EE Technical Keynote at JavaOne Latin America 2011Arun Gupta
This document discusses Java EE 7 and its focus on providing the Java EE platform as a service (PaaS). Key points include:
- Java EE 7 aims to make the Java EE platform itself a service that can be leveraged on public, private, and hybrid clouds.
- It proposes automatically provisioning and deploying application resources like databases and JMS from metadata in the application.
- Service metadata would simplify using resources in the cloud.
- Elasticity is a focus area, moving from single node systems to dynamic, self-adjusting clusters that scale on demand based on service level agreements.
- There is a demonstration of deploying a sample Java EE conference planning application to the cloud as a P
Enterprise Use Case - Selecting an Enterprise Service Bus WSO2
The document discusses selecting an enterprise service bus (ESB) and provides the following information:
1. It outlines an ESB evaluation framework that examines common and advanced ESB features.
2. It describes using the framework to understand how to implement common use cases and demonstrate ease of development with graphical tools and connectors.
3. It evaluates the composable architecture and enterprise fit by examining cross-component use cases, governance practices, security, and performance validation.
The document discusses the architecture of Microsoft Exchange 2013. Exchange 2013 uses a building block approach to facilitate deployments at any scale. It utilizes server role evolution, network layer improvements, and versioning/interoperability principles. The architecture features load balancing at the network and client access layers. Exchange 2013 also includes a new managed store that reduces database IOPS and supports larger mailboxes and modern public folders with improved search capabilities.
The document discusses Spring Framework updates including versions 3.1, 3.2, and 3.3. Key features of Spring 3.1 include environment profiles for activating bean definitions in different environments, Java-based application configuration, and declarative caching. Spring 3.2 will include a Gradle build system and GitHub contributions. Spring 3.3 will add support for Java SE 8 features like lambda expressions and the Java EE 7 API. The document provides code examples of using these new Spring features.
The wrap-up session agenda covered several SOA patterns and use cases:
1. It discussed service broker pattern, pipes and filters, trusted subsystems, and functional decomposition for connecting a service client to backend services while allowing changes.
2. It explored aggregating data from multiple time tracking applications into a single report view using aggregated data and logical flows patterns.
3. BPM and SOA integration was examined to coordinate long-running processes across services.
4. Metadata management patterns like shared repository and version identification were presented for governance.
5. High performance and C++ integration into SOA was listed as a use case.
Here are the key steps to migrate from Exchange 2010 to Exchange 2013:
1. Prepare - Install Exchange 2010 SP3 across the organization, prepare Active Directory with Exchange schema extensions, validate Exchange 2010 Client Access connectivity
2. Deploy Exchange 2013 servers - Install new Exchange 2013 Mailbox and Client Access servers
3. Obtain and deploy certificates - Obtain and deploy SSL certificates on the Exchange 2013 Client Access servers
4. Cutover mailboxes - Use cutover or staged migration to move mailboxes from Exchange 2010 to Exchange 2013 servers
5. Redirect clients to Exchange 2013 - Update autodiscover and DNS records to redirect clients to the new Exchange 2013 Client Access servers
Cloud architecture and deployment: The Kognitio checklist, Nigel Sanctuary, K...CloudOps Summit
CloudOps Summit 2012, Frankfurt, 20.9.2012 Track 2 - Build and Run
by Nigel Sanctuary, VP Propositions at Kognitio (www.kognitio.com)
http://cloudops.de/sprecher/#nigelsanctuary
Find the video of this talk at http://youtu.be/wQrHQNOMlKc
This document proposes a solution for testing the security aspects of SOA-based applications. The solution involves three phases: 1) Creating a test assertion document (TAD) that identifies the security specifications implemented, 2) Using a SOAP monitor tool to capture request and response messages, and 3) Developing code to compare the SOAP messages to the TAD and generate a test result report. The proposed approach streamlines testing, increases agility, and reduces IT investment while maximizing return on investment. Reusable artifacts are created to provide better system understanding throughout the testing lifecycle.
This document discusses securing web applications in the Web 2.0 era. It begins by explaining what Web 2.0 and AJAX are and how they have introduced new threats compared to traditional web applications. It then outlines various threat vectors against clients, servers, and aggregated content. Tactical security measures are proposed for clients, servers, and aggregation servers. Finally, the document introduces the SecureSpan Data Screen appliance as a specialized infrastructure solution for applying tunable security policies to address the evolving threats of Web 2.0.
Come learn about our new cloud-based storage service and how it addresses a number of business scenarios. This session introduces the new Microsoft SQL Server Data Services, as well as outlines business models and terms.
Come learn about our new cloud-based storage service and how it addresses a number of business scenarios. This session introduces the new Microsoft SQL Server Data Services, as well as outlines business models and terms
The document discusses cyber defense for service-oriented architecture (SOA) and representational state transfer (REST) using the Oracle Service Bus Appliance (OSBA). It provides an overview of OSBA, including its easy deployment and configuration, DMZ-class security features, and performance benefits. Examples of OSBA use cases for security, performance, customization, and monitoring of SOA and REST applications are also presented.
The document discusses cyber defense for service-oriented architecture (SOA) and representational state transfer (REST) using the Oracle Service Bus Appliance (OSBA). It provides an overview of OSBA, including its easy deployment and configuration, DMZ-class security features, and performance benefits. Examples of OSBA use cases for security, performance, customization, and monitoring of SOA and REST applications are also presented.
CumuLogic provides a private Java Platform-as-a-Service (PaaS) that was launched in June 2012. It was founded by Sun alumni and is funded by Citrix. CumuLogic is launching new Cloud Services in January 2013 that will integrate with CloudStack and support additional programming languages beyond Java. The services will provide capabilities like logging, messaging, storage, compute, monitoring, backup/restore and more to avoid "empty cloud syndrome." CumuLogic 2.0 screenshots show the services and dashboard capabilities. CumuLogic aims to provide a suite of fully managed cloud services above the IaaS APIs in an on-demand, pay-as-you-go model.
This document provides an overview of Oracle SOA Suite 11g and its key features and benefits. It discusses how SOA Suite 11g enables simplified and productive development with features like the SOA composite editor. It also describes how SOA Suite 11g provides a unified platform for integrating services, events, and processes. Additionally, it outlines how SOA Suite 11g offers unified management and monitoring capabilities as well as extreme performance and scalability through technologies like Oracle WebLogic Server, Oracle Coherence, and Oracle JRockit. The document provides examples of how specific 11g features address challenges in areas like end-to-end visibility, security, and infrastructure optimization.
This document discusses a seminar on cloud computing security and forensics. It covers topics like cloud security risks, risk assessment, and cloud forensics. The seminar aims to help people understand security issues in cloud computing and how to address them.
Building and Managing Cloud Applications and InfrastructureDarren Cunningham
While service-based infrastructure can improve TCO and streamline IT management, it also presents some challenges that need to be met head-on. How do you ensure your data is secure in transit and available when you need it? How do you manage and communicate with your infrastructure? How do you enable service quality metrics and disaster recovery? And, how do you integrate data from legacy systems with data from web-based systems? Join AT&T and Informatica as they share their experience in building and managing cloud applications and infrastructure.
Presentation of Vincent Desveronnieres, Oracle at the TMT.CloudComputing'11 Warsaw conference organized in Warsaw, Poland on February 10th, 2011 by New Europe Events
Here are the key steps to configure Spring MVC in the lab:
1. Configure the ContextLoaderListener in web.xml to initialize the root application context. This loads the common beans.
2. Define the contextConfigLocation parameter pointing to the common spring configuration files.
3. Configure the DispatcherServlet in web.xml. This is the front controller that handles all web requests.
4. Give the DispatcherServlet a unique name and set its contextConfigLocation to load web-specific beans, separate from the root context.
5. Add spring-mvc configuration files defining the component-scan, view resolver, etc.
6. Add Controllers and Views (JSP
Cloud Foundry is an open platform as a service (PaaS) that supports building, deploying, and scaling applications. It uses a loosely coupled, distributed architecture with no single point of failure. The core components include cloud controllers, stagers, routers, execution agents, and services that communicate asynchronously through messaging. This allows the components to be scaled independently and provides a self-healing system.
The document discusses using a service-oriented architecture and RESTful web services to build scalable systems. It describes a case study of a telecommunications company that needed to scale from handling 1 million to 1 billion messages per month. The initial enterprise architecture resulted in bottlenecks and reliability issues. By taking inspiration from web-scale companies and focusing on delivery of individual services, a new storage manager service and compute grid were implemented. This improved scalability, reduced costs, and delivered business value by keeping customers happy with a more reliable system.
Similar to Layer 7: Understanding XML & Web Services Performance (20)
Extend your legacy SOA/ESB infrastructure to Mobile & IoT
This webinar recording provides a use-case driven discussion around appropriate use of existing middleware infrastructure as well as its shortcomings. It dives deep into how APIs can not only complement an ESB or SOA infrastructure but also fill existing gaps.
Watch this webinar recording to learn about:
- Strengths and weaknesses of your existing ESB/SOA infrastructure
- Architecture strategy: extend and add value to legacy middleware with APIs
- Integration / API use cases in Retail, Manufacturing and Telecom
- The API360 approach to digital strategy
The document discusses a presentation about mastering digital channels through APIs. It begins with an agenda that covers the digital world of CMOs/CDOs, companies that are doing it well using APIs, what to do next, and Q&A. It then provides details on the evolution of the digital world from the first generation web to today's SMAC stack challenges. It also discusses how Amazon has mastered digital channels through vision, focus on data and APIs, agility, and persistence in broadening their offerings.
Examining today's biggest API breaches to mitigate API security vulnerabilities
Data breaches have become the top news story. And APIs are quickly becoming the hacker's new favorite attack vector. They offer a direct path to critical information and business services that can be easily stolen or disrupted. And your private APIs can be exploited just as easily as a public API. So what measures can you take to strengthen your security position?
This webinar explores recent API data breaches, the top API security vulnerabilities that are most impactful to today's enterprise and the protective measures that need to be taken to mitigate API and business exposure.
You Will Learn
-Recent breaches in the news involving APIs
-Top attacks that compromise your business
-Mitigating steps to protect your business from attacks and unauthorized access
-API Management solutions that both enable and protect your business
Learn about API Security at http://www.ca.com/api
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...CA API Management
At some point, we all need to design and implement APIs for the Web. What makes Web APIs different than typical component APIs? How can you leverage the power of the Internet when creating your Web API? What characteristics to many "great" Web APIs share? Is there a consistent process you can use to make sure you design a Web API that best fits your needs both now and in the future?
In this session Mike Amundsen describes a clear methodology for designing Web APIs (based on the book "RESTful Web APIs" by Richardson and Amundsen) that allows you to map key aspects of your business into a usable, scalable, and flexible interface that will reach your goals while creating a compelling API for both server and client developers. Whether you are looking to implement a private, partner, or public API, these principles will help you focus on the right metrics and design goals to create a successful API.
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...CA API Management
The document discusses scale-free networks and their application to APIs and the API economy. It notes that while many networks follow a power law distribution, centralized hubs create vulnerabilities. It suggests that API providers adopt a node-based model rather than a centralized hub model to avoid these vulnerabilities and empower users. Both providers and consumers are advised to explore node-based and client-based aggregator models.
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...CA API Management
APIs are everywhere: powering mobile apps, enabling cloud computing, connecting people through social networks and helping to create the Internet of Things. Organizations of every kind are evaluating how they can leverage APIs and replicate the success of companies like Amazon, Google and Salesforce.
Join this webinar to learn about the #API360 model for enterprise API success. This model covers the full spectrum of considerations for companies looking to succeed with APIs for the long haul. You will also hear more about the upcoming #API360 Summit that will take place in Dallas on February 26.
You Will Learn
• How leading Web companies have used APIs to boost revenues and market share
• How to create an enterprise API strategy that will yield real business results
• How to institutionalize best practices that will allow your APIs to evolve and grow
This document discusses opportunities for companies to monetize their application programming interfaces (APIs) and data. It outlines how exposing data through APIs can extend a company's brand and reach while also generating revenue. The document recommends practices for unlocking the value of enterprise data, such as by creating targeted products and services. It also provides tips on best practices for monetizing data APIs, including modeling revenue and simplifying API discovery for developers.
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...CA API Management
The Information Age, 100 years on
The rise of the computer and the digital revolution is responsible for an explosion of devices, data, and connectedness. These are all enabling what is called the dawning of the Information Age. And software designers, developers, and architects all share an important responsibility for shaping and guiding the world’s progress through this axial age into the future.
However, more than 100 years ago, the work of organizing the world’s information into a single all-encompassing taxonomy had already begun. Partially influenced by the positivist doctrine of Auguste Comte, leading thinkers of the early 20th century such as the librarian Paul Otlet in Belgium, museum curator Patrick Geddes in Scotland, and educator Melvil Dewey in the US were each working to design universal classification systems that would encompass and coordinate the explosion of information appearing in libraries, museums, newspapers, magazines, and eventually even radio, movies, and television.
What did we learn in the last century? What have we forgotten? How does their work affect our current trajectory in transforming the work of software and systems design and development? What can we take from Dewey, Otlet, and Geddes with us in to the next 100 years of the Information Age.
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...CA API Management
Identity on the Internet is changing. Social networking has kicked off a massive change in how we integrate identity across applications. This is much more than a simple redesign of security tokens and protocols; instead it is a radical redistribution of power and control over entitlements, shifting it away from the centralized control of a cabal of directory engineers and out to the users themselves.
There are compelling reasons for this shift: it enables scaling of identity administration, and it promotes rapid and agile integration of applications. These are goals shared by the enterprise, but this change has significant implications on infrastructure, people and process. Join us to learn how you can bring modern identity management into the enterprise.
Moving beyond conventional single sign-on to seamless cross-device access with APIs
People are carrying more devices every day – with the average being 2.9 per person. Meanwhile, multitasking has gone into overdrive, as users quickly move from laptop to phone to tablet, expecting a seamless experience when accessing their favorite apps. And this expectation is not just limited to leisure and personal use – it extends to business applications.
Security has broken this seamless workflow and inhibited the mobile “stickiness” businesses are striving to achieve. This webinar with Scott Morrison and Leif Bildoy of CA Technologies will demonstrate how the right combination of identity functionality and secure APIs can help your organization to overcome these challenges and enable the multi-device universe.
You Will Learn
• What challenges must be overcome when supporting multiple mobile app types
• How SSO is evolving past mobile app access to device access
• Why the right implementation of identity and APIs will create consumer stickiness
• How the Internet of Things (IoT) is creating new business opportunities
Adapting to Digital Change: Use APIs to Delight Customers & WinCA API Management
This document discusses how financial institutions can use APIs to improve the customer experience, drive innovation, and generate new revenue opportunities. It provides examples of how APIs have helped organizations like a utility company improve payment processing, a retail bank ensure system availability for trading, and a healthcare provider enhance field work efficiency. The document advocates that API management platforms can help organizations securely expose APIs, accelerate app development, integrate systems, and monitor API usage to support monetization strategies. Overall, the document argues that APIs allow financial firms to enhance customer loyalty, expand into new business areas, and maintain operational resilience in the digital economy.
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...CA API Management
Today’s enterprise mobility solutions emphasize heavy-handed IT governance of devices and applications that impose a burden on developers and/or users. However, managing data and applications using high performance mobile-optimized infrastructure can enable secure, scalable apps while minimizing the effort required by developers and allowing them to focus on their strengths. Come learn how to facilitate the best of both worlds – multi-layer mobile security using modern standards and a fantastic user experience.
This document discusses 5 steps for achieving end-to-end security for consumer mobile apps. It outlines identifying the risk level of apps, understanding where mobile device management and mobile application management fit, securing APIs, implementing secure app development practices, and using authentication, authorization, and access control to balance security and user experience. The document is presented by CA Technologies and promotes their mobile security products and solutions.
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...CA API Management
The document discusses best practices for securing APIs and identifies three key areas: parameterization, identity, and cryptography. It notes that APIs have a larger attack surface than traditional web apps due to more direct parameterization. It recommends rigorous input and output validation, schema validation, and constraining HTTP methods and URIs. For identity, it advises using real security tokens like OAuth instead of API keys alone. It also stresses the importance of proper cryptography, like using SSL everywhere and following best practices for key management and PKI. The overall message is that APIs require different security practices than traditional web apps.
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...CA API Management
The Internet of Things (IoT) promises to improve our productivity and day-to-day lives by connecting a vast range of devices – from cell phones, to cars, to domestic appliances and even to drones. APIs represent the key technology that will make it possible to integrate and leverage information from all these “things”.
There are obvious security and privacy concerns associated with using APIs to expose data and functionality from one device to many others. So, how can we make sure hackers cannot exploit the unprecedented connectivity created by IoT? This webinar will explore key IoT use cases and explain how to address the API security requirements for these use cases.
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...CA API Management
The VIP networking lunch will feature a presentation by Keith Junius, Solution Architect, from Veda on ‘Implementing an API Management Platform’. Attendees will hear about how Veda has modernized their B2B API platform by deploying SOA Gateways. Join Layer 7 at this lunch to learn about:
• Design considerations for API management platforms
• Technical and business challenges faced across the whole system lifecycle
• The soft skills required to achieve a successful outcome
• Lessons learned during and after the project
• Benefits realized by the new platform
Using APIs to Create an Omni-Channel Retail ExperienceCA API Management
Today, tech-savvy consumers are always connected, using their mobile devices to compare prices, read user-generated reviews and pay for products - and many leading e-tailers already connect their customers to this information. The any time, any place connectivity enabled by mobile devices empowers all retailers to offer the kinds of enhanced shopping experiences modern consumers are becoming accustomed to.
To truly satisfy the needs of these well-informed, mobile consumers, retail organizations will need ways to create unified shopping experiences across all channels – from brick-and-mortar stores to the Web to mobile. Increasingly, offering a compelling mobile experience will become the cornerstone upon which these omni-channel shopping experiences are built.
In this webinar, you will learn how APIs can:
• Help deliver a consistent retail experience across multiple channels
• Connect retailers with social data
• Extend legacy systems to mobile apps
• Enable organizations to make real-time use of contextual data and buying patterns
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
Essentials of Automations: Exploring Attributes & Automation ParametersSafe Software
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
Essentials of Automations: Exploring Attributes & Automation Parameters
Layer 7: Understanding XML & Web Services Performance
1. Understanding XML and Web
Services Performance
K. Scott Morrison
Director, Architecture
January 2005
2. Bio – K. Scott Morrison
Director, Architecture at Layer 7 Technologies
• http://www.layer7tech.com
• Layer 7 is based in Vancouver BC, Canada
Co-author of Sams’ Java Web Services Unleashed & Wrox’s
Professional JMS
• Over 40 other publications in academic journals and trade magazines
Co-editor WS-I Basic Security Profile
Frequent speaker on Web services, XML, mobile/wireless
computing systems, distributed systems architecture, and Java
design issues
Jan 2005
SecureSpan™ Solution Overview 2
3. Agenda and Theme
Performance and Web services
WS-Paradigm Shift: Why Web services perform so
poorly
And why security will exacerbate the problem…
Designing for performance
Transaction tuning: a new approach to dealing
with Web services performance issues
Theme: Security will be the major cause of Web services performance problems in the
future. What’s needed is a new approach to managing this.
Jan 2005
SecureSpan™ Solution Overview 3
4. What Does Performance Mean for Web Services?
The Typical Web Services Firewall
Use Case Provider
(Web Services Server)
SOAP
Request
SOAP
Msg
Response
Msg
Requestor Provider
(Web Services Client) Network
Identity
Requestor
Network
Jan 2005
SecureSpan™ Solution Overview 4
5. Performance is Measurable
Performance requirements may be
articulated through QoS:
• Availability/Accessibility
• Reliability
• Throughput Audit
• Response time/Latency
• Regulatory (Sarbanes-Oxley, etc)
• Security Policy
Throughput
Resource
Response Utilization
Time
Identity
Real goals are critical
Jan 2005
SecureSpan™ Solution Overview 5
6. Haven’t We Been Dealing With This For Years?
Yes; however, XML is particularly problematic…
“Traditional” Process Data…
Distributed Computing
(CORBA, COM+, etc) Clean separation
between content
and transport
Serialize Data Unserialize
Data
Tight, fast protocols (fixed Security, routing,
Transport Transport reliability, etc
binary, name/value pairs, etc)
Network
The Web Services
Process Data…
Approach
XML-based, contained Process Msg Security, routing,
Protocol reliability, etc
in SOAP header
Serialize Data Unserialize
Data
Pushed up the
Transport Transport stack into the
message itself
Jan 2005
SecureSpan™ Solution Overview 6
7. Consider WS-Addressing:
<S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
<S:Header>
<wsa:MessageID>
uuid:6B29FC40-CA47-1067-B31D-00DD010662DA
</wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>http://business456.example/client1</wsa:Address>
</wsa:ReplyTo>
<wsa:To>http://fabrikam123.example/Purchasing</wsa:To>
<wsa:Action>http://fabrikam123.example/SubmitPO</wsa:Action>
</S:Header>
<S:Body>
...
</S:Body>
</S:Envelope>
All intermediates need to parse XML to route, kill duplicates, etc.
There are also many additional fields in WS-A not shown here.
Source: Web Services Addressing – Core, W3C Working Draft 8 December 2004
http://www.w3.org/TR/2004/WD-ws-addr-core-20041208/ Jan 2005
SecureSpan™ Solution Overview 7
8. Security Exacerbates Performance Issues
Consider OASIS Web Services Security (WSS)
Core spec describes a mechanism for securing SOAP
messages using arbitrary security tokens under existing
W3C specs:
W3C Signing
W3C Canonicalization
W3C Encryption
These W3C approaches were designed for generalized
document security, and are certainly not optimized for
performance
For example, consider signing:
Jan 2005
SecureSpan™ Solution Overview 8
9. <SOAP-ENV:Envelope>
<SOAP-ENV:Header>
<wsse:Security>
<wsu:Timestamp wsu:Id="T0">
Subject signs
timestamp
<wsse:BinarySecurityToken wsu:Id=“x509token">
Base64 Encoded X509.v3 Certificate
<ds:Signature>
<ds:SignedInfo> Subject may sign
security token
ds:Reference Reference to
…
elements Subject’s certificate
<ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
Subject
signs body
<SOAP-ENV:BODY wsu:Id=“B0">
Jan 2005
SecureSpan™ Solution Overview 9
10. Security Exacerbates Performance Issues (cont.)
And that’s just signing!
• Canonicalization is insanely expensive
Encryption similarly complex
Considerably more complicated are mechanisms like
OASIS SAML Token Profile, under the Holder-of-key
mechanism.
How can we design for this?
Jan 2005
SecureSpan™ Solution Overview 10
11. Design Strategies
A lot of designing for performance is using common sense
Optimization is an iterative process toward a concrete goal
Key is to adopt certain principles up front, profile constantly, but don’t
optimize until it’s possible to understand where the problem is
Compartmentalize bottlenecks and optimize
− Problems distributed throughout programming logic are very difficult to
optimize
Eg: XML Security
SSL acceleration is a good example of this
eXtreme Programming (XP) codifies this process:
Test constantly
Optimize last Optimization is all
about balance between
effort and payoff
•Remember: Assumptions are the villain here. So is lore.
•BTW: We’ve found Apache Bench useful, but is only one simple piece in
a full arsenal of load testers (eg: it’s no good for SSL)
• http://httpd.apache.org/docs-2.0/programs/ab.html
So here are some general approaches:
Jan 2005
SecureSpan™ Solution Overview 11
12. API Design
Chunky vs. chatty APIs: Think coarse granularity
• Aggregate behind façade patterns
• But watch for stupidly large transfers
Favour document/literal over RPC/encoded APIs
• Be very careful of complex objects. Favour simple,
strongly typed parameters
Validate schemas early (esp. externally)
Avoids costly parsing faults in processing
Cache where appropriate
Never encapsulate large binary data sets in XML
• SwA
• XOP, MTOM, & RRSHB (New W3C recommendations
from just this last Tuesday)
Go asynchronous when possible
Jan 2005
SecureSpan™ Solution Overview 12
13. Compression and Binary XML
Usually a win only in high latency or very expensive networks
Wireless, satellite
Trans-ocean
Problem is, it destroys readability
GZIP very easy, but slow
WAP WBXML
W3C Binary Characterization WG
• Plus many others
Compressed
XML et
rn
te
In
Regular
uncompressed
Web services call
Wireless Svc
Provider
Equipment
In particular, keep an eye on XOP,
MTOM, & RRSHB from the W3C
Jan 2005
SecureSpan™ Solution Overview 13
14. Scaling Up and Scaling Out
More Powerful
Server
Scaling
up
Blade servers, of
Overloaded course, attempt to
Servers combine the best of
both worlds
Scaling Server
out Farms
Not as simple as it seems. Lots
Sprayer of general affinity issues:
• Replay defense
• Caching
• DB Cursors, transactions, locks, etc
Jan 2005
SecureSpan™ Solution Overview 14
15. Intelligent Parsing
STOP! Do you really need to write your own Web services
framework?
OK, then avoid DOM
Avoid DOM some more
Use SAX, but consider also pull parsers
• Interestingly, some standards work is helping here
Consider XPATH
• This is an area where hardware acceleration can
provide huge wins
Example is Layer 7’s partnership with Tarari
Jan 2005
SecureSpan™ Solution Overview 15
17. Offloading Processing
Delegation of
Gateway Appliance Responsible for: Responsibility
to Gateway
• Consistent application of security policy
• Validation of schemas
• Transform
• Monitoring
Web Svc
• PKI Servers
• Policy publication
Appliances offer
consistency and
performance SOAP
Request
Msg
Internal
Network
DMZ
Web Service
Client Layer 7 SecureSpan
Gateway
Jan 2005
SecureSpan™ Solution Overview 17
18. Transaction Tuning
Bridge/Gateway Combination Allows:
• Complete, end-to-end control over Web
services security
• Dynamic, run-time application of Policy
• Security model can be tuned anytime
against observed performance
• All without any code changes!
Secure SOAP Msg
(WS-Security)
Internal
Network
WS-Policy DMZ
Document
Layer 7
SecureSpan
Bridge
Jan 2005
SecureSpan™ Solution Overview 18
19. For further information:
K. Scott Morrison
Layer 7 Technologies
Suite 501 – 858 Beatty St.
Vancouver, BC V6B 1C1
Canada
(800) 681-9377
smorrison@layer7tech.com
http://www.layer7tech.com
January 2005
20. Axis
Jan 2005
SecureSpan™ Solution Overview 20