SlideShare a Scribd company logo
1 of 53
Download to read offline
<Insert Picture Here>




Cyber Defense for SOA & REST
Bob Glass, Oracle - Principal Middleware Solution Architect
Adam Vincent, Layer 7 Technologies - CTO Public Sector
Agenda
• OSBA Overview
• SOA & REST Security 101
• OSBA Use-Cases
  •   Security
  •   Performance
  •   Customization
  •   Monitoring
• Conclusions
The “Extended” Enterprise

                                        Cloud Computing (SaaS, PaaS, IaaS)
Industry Trends




                              Customization, Security, Performance, Availability, Regulatory



                           SOA & REST - Across Enterprise Boundaries


                      Customization, Security, Performance, Availability, Regulatory



                  SOA & REST – Inside the Organization

                    Distributed Applications and Shared Services
Introducing the Oracle Service Bus Appliance



  Best of breed XML Gateway
                                    +         Best of breed ESB
for XML security and acceleration   for mediation and adaptive connectivity




                                           1. Easy Deployment
                                        2. Simple Configuration
                                          3. DMZ-class Security
                                    4. Extreme XML Performance
Easy Deployment & Simple Configuration
• With OSB Appliances the Customer can
  • Remove the appliance from the shipping carton, install it in the rack,
  • Connect power and network cable(s), assign an IP address, and turn the appliance on.
  • At that point it configures itself to run on the network.


           Concluding initial XML firewalling policy configuration
                your Service Bus Appliance is ready to use




                 The entire process takes less than an hour
         versus loading and configuring conventional software.
DMZ-Class Security

• Perimeter Security and Defense in Depth
    •   Threat Protection
    •   Access Control through integration with Oracle IDM Suite
    •   Federated Identity across disparate security realms (SAML)
    •   Support for WS* Security and messaging standards and products
    •   FIPS 140-2 Level 3 with Elliptic Curve/B Suite Support

Intercept problematic messages at the enterprise
    perimeter before they reach your services
                                                                          Oracle        Oracle
                                                                        Entitlements   Access
                                                                         Server       Manager
                                       X
                                   X
                               X



                                                                 Perform Identity-based
                                                                 access to services and
                                                                 operations in the DMZ
Performance Challenges
•   Threat Protection (Costly for Performance)
•   Fast XML Processing (XPATH, XSLT, XSD)
•   Crypto Operations as Required (message/transport)
•   Large Message Processing




      Delegate common or expensive XML-related
     tasks from your services to your infrastructure
OSBA for Cross Boundary Info Sharing
What’s in the Box
                                            144.30% to 16,564.97% Improvement
                              XML Accelerator
                                                Over Server Install of OSB
Cryptographic Accelerator &
 Hardware Security Module

   SSL Acceleration &
    FIPS 140.2 Level 3



                                                              Integrate & Customize

             Protect & Secure
SOA & REST Overview
           Traditional                    SOA & REST




     Services all have custom       Services all have standard
     ways of communicating.          way of communicating.


• SOA & REST utilize Standards
  • XML, WS*, SOAP, HTTP(S), Etc.
SOA & REST Security 101
                                  Security
                           SSL, WS-Security, Etc.
                                Presentation
  Transport
                           XML, AJAX, Portal, Etc.
                                 Discovery



                Threats
   Parsing
                              UDDI, WSDL, Etc.
                                  Access
 Deployment
                              SOAP, REST Etc.
                                 Transport
 Service Code             HTTP, HTTPS, JMS, Etc.
                                  Business
                          Business Logic, Code, Etc.
Transport Threats

Sniffing and Snooping
  • Message confidentiality concerns
WS-Routing
  • SOAP messages can contain verbose instructions on their desired
    routing. If a single node in this routing path is compromised multiple
    threats can be realized.
Replay Attacks
  • Message integrity concerns and potential Denial of Service by taking a
    correct message with valid credential and sending it 1000+ times
Denial of Service
  • Same old threat in regard to network Denial of Service
Parsing Threats

Most products employ the same parsers, therefore if a
vulnerability exists in a single product leveraging MS Parser
then all others have the same threat.

The XML specification itself does not put any restrictions on the
structure itself and rather is open to interpretation by the creator
of the parser. Example: Some parsers will stop reading an
XML Attribute value once they reach some number of
characters and others will continue.

<Name Organization=“I’m a parser attack, …………………….>
Buffer, Heap, or Integer Overflow Threats

Warning: Through a successful buffer overflow a malicious
command may be executed on your system.

We see these all the time! Through passing a malicious buffer to a Web
Server or Application server the attacker can create an overflow condition
where a segmentation fault occurs.
 • This oversized/malicious buffer can be sent as part of the transport
 header OR as part of the message.
 • An expected integer value can be overflowed by exceeding the value
 allowed causing a segmentation fault.

Once an attacker knows that a overflow is possible they can then use this
to potentially execute malicious code on the system. Commonly called a
buffer overflow attack.
XML Parser Attack Threats

The following threats can result in a denial of service commonly referred to as XML
Denial of Service (XDOS) by consuming 100% of processing power on the system
doing the parsing.

Complex or Recursive Payload
  • Again, the XML specification and structure has no limits!
  • Automated applications are available which create Fuzzed data for XDOS
    attacks.

Oversized Payload
  • Many parsing technologies load entire documents into memory
  • Web Services were generally NOT designed around large message sizes.

Other
   • Unique attacks will be found where underlying parsers have vulnerabilities
Deployment Threats
               Web Service Automation is Our Friend…..Or Is It?

UDDI, WSDL, SOAP Faults (errors), Descriptions….OH BOY!

UDDI
  • UDDI contains asset information
  • Automated War-Dialers (scanners) can search for UDDI’s for services (i.e. Bank
     service found here)

WSDL
  • Contains adequate information to attack service (i.e Here is how the bank
    service works)
  • Automated programs consume WSDL and commence scanning the service (i.e.
    Automatically issue scanning/attack messages)

SOAP Faults
  • SOAP Faults return information about the service (i.e Bank service is running on
    IIS version ?? and uses .Net parser)
  • SOAP Faults returns errors from the backend resources such as the SQL DB,
    or Mainframe (i.e Bank service is using Oracle DB version ??)
Service Code Threats
                  Good development practices can alleviate this threat.
                How many programs or programmers are perfect though?

Parameter Tampering
   • Parameters are changed
      • <file_location>C:/INET/file.txt</file_location> changed to
      • <file_location>C:/*</file_location>

Code Injection
   • Code is injected within an XML element
       • <SQL>SELECT name FROM DB1 WHERE name = ‘Adam’</SQL> changed to
       • <SQL>SELECT * From DB1 WHERE name = *</SQL

Virus/Spyware/Malware Injections
    • XML Attachments (MTOM, DIME, MIME) are used as a delivery mechanism for virus

Session Tampering and Identity Hijacking
   • Some Web Services keep track of session with a Unique ID. Attackers can use that ID to
      become part of the transaction taking place.
SOA & REST Security 101 Conclusion

                 Attackers See Opportunities!

Web Services offer a entirely new dimension to the traditional
security stack. This new layer is a business layer and current
    security practices DO NOT offer sufficient protection.

Why:
 • Totally new technology, with new comes problems
 • Operates over common web transports, traditional firewalls are
   based on the concept of stopping attacks at the network level not
   at the Message Level (Layer 3-5).
 • Automation and Toolkit development (Reuse of these tools)
 • Standardization of attack vectors, you can attack .NET and Java
   business applications using the same messages.
 • Inherent Descriptions (WSDL, Tool kit web pages, etc.)
OSBA Use-Cases



Usage Themes                   OSBA Value
• Security                     • Challenges



                  To Discuss
• Performance                  • Solution(s)
• Customization                • OSBA Value
• Monitoring                   • Demonstrate
Security - Challenges
• Challenges
  •   Cyber Threats – Existing firewalls do very little
  •   Net-Centric Security Approaches and Complexities
  •   Identity and Access Control Across boundaries
  •   Audit & Certification Risks
       • Significant Time & Money
       • Government Certifications, Etc.


                          Did I mention:
  Cyber Threats – Existing firewalls do very little in
   protecting XML applications from cyber attack
Security – Solutions & Value
• Solutions
  •   Leverage XML Firewall(s) for Cyber Defense
  •   Utilize products for SOA/REST Security
  •   Federation of existing Identities across boundaries
  •   Integrate with existing enterprise monitoring and SA toolsets
  •   Certify once and reuse over and over with Policy


• OSBA Value Proposition
  • Integrated XML Firewall for Cyber Defense
  • Supportive of WS* and REST Security standards
  • Integration with IDaM and Capable of Federating identities,
    and Attributes
  • Integrated Enterprise Monitoring for Situational Awareness
Security - Demonstration
•   Threat Detection
•   Schema Validation
•   Identity Federation and Access Control
•   Access Control
•   Audit




                                        OSBA Security Console
Performance - Challenges
• Hardware
  – Latency versus throughput and power consumption requirements


• Message Size
  – Streaming techniques can help scale better with increasing size

• Functional Requirements and Design Complexity

• Underlying Transport

• Reliability Requirements
Performance is a core OSB value

• High performance and light footprint are key driving factors
  of the OSB product design.
• OSB is optimized for stateless message processing and
  routing.
• Performance and scalability requirements are important
  release criteria for each OSB version.
• OSB is designed to be at the core of an enterprise
  messaging infrastructure for SOA.
Scalability – Multiple Dimensions

• Vertical
• Horizontal                                 Scalability is like
                                                  a train!
• Number of Users
• Message Size
                                            What about speed?
• Number of Services



The goal is to scale without a significant loss to performance.
Horizontal Scalability
• Horizontal Scalability refers to the impact on performance
  when additional servers are added to the system.
• Request queues are distributed destinations.
• Clients subscribe to multiple response queues.

     Load Generator
                                   OSB       OSB Managed Server
    (Blocking Client)
                                 CLUSTER
                                              Linux / Xeon 5130

     Load Generator             Distribute
                                d Queue
   Load
   Generator Client)
     (Blocking                      Q        OSB Managed Server
   Client
                                              Linux / Xeon 5130
                                 Local
                                Respons
     Load Generator
                                   e
                                Queues
    (Blocking Client)                        OSB Managed Server
                                Q1/Q2/Q
                                   3          Linux / Xeon 5130
Scalability with Large Number of Services
                                    Scalability with Large Number of Services
                                                HTTP Pass Through
                     7000                                                   3.5

                     6000                                                   3.0




                                                                                  Response Time (ms)
                     5000                                                   2.5
        Throughput




                                                                                                       2 Service TPS
                     4000                                                   2.0                        2000 Service TPS
                                                                                                       2 Service RT
                     3000                                                   1.5
                                                                                                       2000 Service RT

                     2000                                                   1.0

                     1000                                                   0.5

                       0                                                    0.0
                            1   2          4          8      12       16
                                         Number of Clients



• Scalability with increasing number of services is an important and often ignored
  dimension of SOA architectures.
• OSB scales easily to over 2000 services even when monitoring is enabled with a
  relatively small drop (10-15% or 0.5 ms) in performance from 2 services.
• The drop in performance is negligible going from 500 to 2000 services
Scaling to Higher Message Sizes
     - Partial Parsing (20 MB SOAP Message)
• OSB includes partial parsing
  capabilities that help scale better with
  increasing message size.
                                                                    SOAP Header Based Routing - 20 MB

• Scenarios where partial parsing of the                  2.0                                      100


  payload is applied:                                                                              80




                                                                                                         Response Time (ms)
                                                          1.5
   • SOAP Header Based Routing.




                                             Throughput
                                                                                                   60                         Full Parse TPS

     Throughput gains:                                    1.0
                                                                                                                              Partial Parse TPS
                                                                                                                              Full Parse CPU
                                                                                                   40
      • ~1.5X for a 5KB message                                                                                               Partial Parse CPU

                                                          0.5

      • ~3X for a 20M message                                                                      20




   • Pass-Through with SOAP Body                          0.0
                                                                1             2            4
                                                                                                   0



     Selection                                                        Number of Clients


   • Content Based Routing with Streaming

• Partial parsing is enabled by using
  StAX to extract the required data.
Scaling to Higher Message Sizes
   - Streaming (20MB SOAP Message)
• Streaming in OSB significantly increases                                                                      Large File Transformation Benchmarks
                                                                                                                         20MB SOAP Message

  scalability with message size:                                            0.4                                                                         60000



   – Without streaming there is an OOM at 8                                                                                                             50000




                                                                                                                                                                Avg. Response Time (ms)
                                                                            0.3
     concurrent users for 20MB message.




                                                    Throughput (TPS)
                                                                                                                                                        40000                                            No Stream TPS
                                                                                                                                                                                                         Stream Mem TPS
   – With streaming OSB easily scales to 16                                 0.2                                                                         30000
                                                                                                                                                                                                         Stream File TPS
                                                                                                                                                                                                         No Stream RT
     concurrent users                                                                                                                                   20000
                                                                                                                                                                                                         Stream File RT
                                                                                                                                                                                                         DTR RT

   – Using a file based buffer introduces a small                           0.1
                                                                                                                                                        10000
     overhead
                                                                                      0                                                                 0
                                                                                              1         2               4                8       16
                                                                                                                Number of Clients
• The combination of partial parsing and
  streaming enables Content Based                                                                     Streaming File Benchmarks - 20MB SOAP Message
  Routing to perform as well as a pass                                                3.5                                                                                         40000

  through scenario                                                                        3


   – Routing field is in the first 5KB of the




                                                                                                                                                                                          Avg. Response Time (ms)
                                                                                                                                                                                  30000
                                                                                      2.5
                                                                                                                                                                                                                    PT TPS



                                                                   Throughput (TPS)
     message                                                                              2
                                                                                                                                                                                                                    CBR TPS
                                                                                                                                                                                                                    DTR TPS
                                                                                                                                                                                  20000
                                                                                                                                                                                                                    PT RT
                                                                                      1.5
                                                                                                                                                                                                                    CBR RT
• OSB has been tested to handle                                                           1
                                                                                                                                                                                  10000
                                                                                                                                                                                                                    DTR RT


  transformation and routing of 500 MB                                                0.5


  payload in the streaming mode.                                                          0
                                                                                                  1         2                4               8         16
                                                                                                                                                                                  0


                                                                                                                     Number of Clients
OSBA Performance Value Proposition

• The numbers speak for themselves
 • 1K
    • Schema Validation – 261.34% Faster
    • XSLT – 262.86% Faster
 • 10K
    • Schema Validation – 287.92% Faster
    • XSLT – 187.24% Faster
 • 100K
    • Schema Validation - 16564.97% Faster
    • XSLT – 144.30% Faster
Performance Demonstration
• Hardware Accelerated
  • Schema Validation
  • XSLT

                   XML Accelerator




                                     OSBA Console(s)
Customization - Challenges
• Ability to Adapt To Change
   •   Service virtualization
   •   Protocol Switching
   •   Routing and Transformation                 BPM
   •   Error Handling, Policy Enforcement               Portal         BPM            B2B


• Scaling in Multiple Dimensions
   • 1,000s of services
   • Millions of Transactions
                                                                 Oracle Service Bus
• Reduce Cost Through Re-use
   • Connect your services once
   • Easily configure services for integration                        Service         Adapters
   • Single view of assets w/ Service Lifecycle                      Repository


• Manage risk
                                                                          Integration Services
   •   Embedded service-level management
   •   Failure Isolation and auto-recovery                          Business Logic   Business Logic
   •   Application Alerts & SLAs
   •   Auditing and Reporting
OSB Service Patterns
Adaptive Messaging

• Traditional Web Services
   • Pre-negotiated Interfaces Contract (WSDL)
   • Standards in place, supported by many vendors
   • SOAP over HTTP

• Legacy Services
   • Non-XML (XML) over File, EJB, FTP, MQ, JMS, Tuxedo

• POX (Plain Old XML)
   • Structure of Payload to determines action
   • XML over HTTP

• REST (Representational State Transfer)
   • Based on Pattern of Service Invocation
   • Nouns vs. Verbs
   • URIs over HTTP
Adaptive Connectivity In a Nutshell…
  Service                         Oracle Service Bus                    Enterprise
  Clients                   Service Messaging                            Services
  Application   HTTP/SOAP                                       WS-RM
                                                                          Service
    Client                         Request / Response
                  JMS                                            TUX
  Application
                                                                          Service
    Client
                                     Synch / Asynch
                   FTP                                           MQ
  Application
                                                                          Service
    Client
                  REST
                                        Split / Join             EJB
  Application
                                                                          Service
    Client

  Application     EJB              Publish / Subscribe           JCA
    Client                                                                Service




• Any to Any Protocol                   • Multiple communications paradigms
• Any to Any Payload                         •   Request/response
  • XML                                      •   Synchronous and asynchronous
  • non-XML                                  •   One-to-many, many-to-one
  • Binary                                   •   Pub-sub
• No WSDL Required                           •   Mix-and-match (e.g. sync-to-async)
More REST…
    Adaptive Services
 • REST service each unique
   URL is a representation of
   some object or resource.

 • Expose an existing service as
   REST
 • Expose existing REST as a
   Proxy service
 • Dynamic routing to Business
   services in a REST like
   fashion.
Benefits
• Expose REST services from
  existing services quickly and
  easily
• Better re-use without
  development effort
REST Example

 http://rewards/miles/1002

                 REST URI
Get Mileage
               XML over HTTP


                  Oracle Service Bus


       XForm    Route             Reward




                                       id

                                        SOAP
                                       Service
RESTful OSB
 Overview

• RESTful Services Gateway
  • Messaging type Proxy Service that uses http transport
  • Data type for request and response can either be XML or Text
  • Contains logic for routing, but not handling a REST request
• RESTful Services Registry
  • XML document used to register RESTful services, declaratively
  • Saved as an XQuery resource
• Request Handler
  • Messaging type Proxy Service that uses the local transport
  • Data type for request and response can either be XML or Text
  • Performs any transformations required on payload
RESTful OSB
Pattern for Handling Common REST Use Cases
                                                                                 Service Invoker
                                                               Request          (Business Service, ?)
                                                              Handler(Proxy
                                                              Service, Local)

              Request
  REST API

                                                               Request
                                                              Handler(Proxy
                                                              Service, Local)
                                                                                   Message Channel
                           RESTful
                            Services
                            Registry
                                                               Request
                                          Dynamic                                   REST Service
   SOAP                                                       Handler(Proxy
                                           Routing            Service, Local)
    Web                                     Action
   Services
    Stack

                                                               Request
               Reply                                          Handler(Proxy         SOAP Service
                        RESTful Services Gateway (Proxy       Service, Local)
                                 Service, HTTP)


                                                                    …


   Service                                   OSB 10gR3 (or above)
   Consumer
Customization Solutions & Value

• Solutions
  • Ability to adapt to Changes
     • Adaptive Messaging
  • Support integration with Legacy System
  • RESTFul Services Gateway
     • REST  REST
     • REST  SOAP
     • SOAP  REST
     • SOAP  SOAP
• OSBA Value Proposition
  • OSB Service Patterns
  • Advanced Protocol Switching and Mediation Patterns
  • Support for Any-To-Any Protocol and Payload
Customization Demonstration
• OSBA
 • Protocol Switching
 • Routing Rules
 • RESTful Services       Legacy
                               SOAP

                                   REST




                            OSBA Console(s)
Monitoring Challenges
• Cyber Situational Awareness
  • Standards-based support for Cyber Situational Awareness
     • System, Organization, Enterprise, Global (USCyberCommand)
• Enterprise Monitoring for SLA, and Business Drivers
• Availability of Health and Availability across boundaries
  • Net-Centric Systems ability to react gracefully to systems outside
    of their control.
OSB Service Monitoring
     • Monitor System Operations                                                 Warnings
        • Alerting and reporting key monitoring points           17    4        40
                                                          13
        • Gauge system health, slowdown notification
                                                                           72
        • Monitoring is optional per service
                                                                                     Critical
     • Service metrics                                         Minor

        • Response times (min, max, avg)
        • Message, error, failover counts
                                                                                          Error
        • Action level metrics            New                                           Responses
     • Dashboard                                                                 • # of Generated Errors
                                                                                       • By Service
        • Show fault and performance metrics
          aggregated cluster wide or per server
     • JMX Metrics
        • Metrics available via MBean interfaces
        • Integration with Enterprise Mgr      New
     • Custom Alerts
        • SLA alerts for conditions requiring attention
        • Pipeline alerts can flag individual msgs
                                 • Service health
                               • # of Alerts by Severity
                         • Configurable Aggregation Intervals

42
OSB - BAM Integration

• OSB Proxy Service Integration
  • Custom Reporting Provider
  • Implemented using JMS
  • Define Key-Value Pairs

• BAM Enterprise Message Source
  •   Configure JMS
  •   Map To Data Object
  •   Use Keys defined in OSB
  •   Business Data in BAM
Slide 44
Management Pack Plus for SOA
Leading and only solution for Oracle SOA
                                           Management Pack Plus for
                                             SOA
                                           •   Covers BPEL, OESB, OSB
                                           •   Artifact deployment
                                           •   Configuration Management
                                           •   System and service modeling
                                           •   End-to-end dependence
                                               modeling
                                           •   BPEL functional analysis
                                           •   In-context performance
                                               monitoring
                                           •   SLA monitoring
                                           •   Service monitoring and
                                               diagnostics
Monitoring Solutions & Value

• Solutions
  • Support standards-based approaches to situational
    awareness (SNMP, Web Services, Joint DoD/IC ESM)
  • Support integration with multiple vendor ESM solutions
     • Oracle, AmberPoint (now Oracle), etc.
• OSBA Value Proposition
  • Integral support for various enterprise monitoring solutions
  • Turn-key support for SNMP, and Web Services SA tooling
  • Support for Joint DoD/IC ESM
Monitoring Demonstration

• Integrated Monitoring
• Integration with Enterprise Monitoring
• Support for health visibility outside of enterprise




                                            OSBA Console(s)
Conclusions
• Decrease time to market and cost of implementation
  by leveraging a pre-integrated, pre-configured SOA
  Appliance:
  • Initial configuration (network configuration, security lock-downs, etc.)
  • Security configuration (such as XML firewalling, access control, auditing, etc.)
  • Adapter configuration for enterprise system integration (ERP, CRM,
    databases, messaging systems, etc)

  • Thank you for joining us this morning!

  • Contact info:
     • Bob Glass, robert.glass@oracle.com, 703-364-2466
     • Adam Vincent, avincent@gov.layer7tech.com, 703-965-1771
Your Oracle Middleware Solutions
 Team
• Business (Contracts, Licensing, Pricing)
  • Emily Vickers, emily.vickers@oracle.com, 703-395-2874


• Product Guidance (Product Capabilities, Architecture)
  • Bob Glass, robert.glass@oracle.com, 703-364-2466
  • Roy Gingher, roy.gingher@oracle.com, 443-622-6423
  • Monica Mosser, monica.motley@oracle.com, 443-742-9613




               We are your advocate &
                reachback to Oracle!
Your Layer 7 Federal Team
• Business (Contracts, Licensing, Pricing)
  • Jim Rice, jrice@gov.layer7tech.com, 301-325-1005


• Product Guidance (Product Capabilities, Architecture)
  • Adam Vincent, avincent@gov.layer7tech.com, 703-965-1771
  • Jason Spies, jspies@gov.layer7tech.com, 571-247-6854
WebCenter Sneak Preview
What Does It Mean to WebLogic Portal & ALUI Customers

• When: 8:00 am, Tues, March 16th
• Where: Fort Meade Courtyard Marriot
• What…

 Learn how you can leverage WebCenter’s next
 generation services (Enterprise 2.0, Social
 Services, Online Communities, etc.) to enhance
 information sharing in your environment.

  Please e-mail cathy.ryan@oracle.com if you can
                       attend!
It’s a Wrap!
Presentation   cyber defense for soa & rest

More Related Content

What's hot

Using Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLoginUsing Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLoginNovell
 
Consolidation Planning: Getting the Most from Your Virtualization Initiative
Consolidation Planning: Getting the Most from Your Virtualization InitiativeConsolidation Planning: Getting the Most from Your Virtualization Initiative
Consolidation Planning: Getting the Most from Your Virtualization InitiativeNovell
 
Windows Azure Platform
Windows Azure PlatformWindows Azure Platform
Windows Azure PlatformAsmTrash
 
Applying Novell Identity Manager to Your Everyday Problems
Applying Novell Identity Manager to Your Everyday ProblemsApplying Novell Identity Manager to Your Everyday Problems
Applying Novell Identity Manager to Your Everyday ProblemsNovell
 
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...Novell
 
Securing Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSecSecuring Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSecCloudPassage
 
Gartner Catalyst Savvis Cloud API Case Study
Gartner Catalyst   Savvis Cloud API Case StudyGartner Catalyst   Savvis Cloud API Case Study
Gartner Catalyst Savvis Cloud API Case StudyCA API Management
 
Cloud Computing - Making IT Simple
 Cloud Computing - Making IT Simple Cloud Computing - Making IT Simple
Cloud Computing - Making IT SimpleBob Rhubart
 
Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...Novell
 
DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises...
DEVNET-1009	Cisco Intercloud Fabric for Business (ICFB),  Helping Enterprises...DEVNET-1009	Cisco Intercloud Fabric for Business (ICFB),  Helping Enterprises...
DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises...Cisco DevNet
 
OpSource cloud hosting
OpSource cloud hostingOpSource cloud hosting
OpSource cloud hostingOpSource
 
Modulus Datasheets
Modulus DatasheetsModulus Datasheets
Modulus DatasheetsIdeba
 
Connectivity for a Smarter Planet
Connectivity for a Smarter PlanetConnectivity for a Smarter Planet
Connectivity for a Smarter PlanetProlifics
 
comparative study of Cloud computing tools
comparative study of Cloud computing tools comparative study of Cloud computing tools
comparative study of Cloud computing tools Aditya Trivedi
 
Integrating Apple Macs Using Novell Technologies
Integrating Apple Macs Using Novell TechnologiesIntegrating Apple Macs Using Novell Technologies
Integrating Apple Macs Using Novell TechnologiesNovell
 
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidForecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidOpen Data Center Alliance
 
Patterns of Data Distribution
Patterns of Data DistributionPatterns of Data Distribution
Patterns of Data DistributionRick Warren
 
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudBob Rhubart
 

What's hot (19)

Using Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLoginUsing Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLogin
 
Consolidation Planning: Getting the Most from Your Virtualization Initiative
Consolidation Planning: Getting the Most from Your Virtualization InitiativeConsolidation Planning: Getting the Most from Your Virtualization Initiative
Consolidation Planning: Getting the Most from Your Virtualization Initiative
 
Security in the Cloud
Security in the CloudSecurity in the Cloud
Security in the Cloud
 
Windows Azure Platform
Windows Azure PlatformWindows Azure Platform
Windows Azure Platform
 
Applying Novell Identity Manager to Your Everyday Problems
Applying Novell Identity Manager to Your Everyday ProblemsApplying Novell Identity Manager to Your Everyday Problems
Applying Novell Identity Manager to Your Everyday Problems
 
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
 
Securing Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSecSecuring Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSec
 
Gartner Catalyst Savvis Cloud API Case Study
Gartner Catalyst   Savvis Cloud API Case StudyGartner Catalyst   Savvis Cloud API Case Study
Gartner Catalyst Savvis Cloud API Case Study
 
Cloud Computing - Making IT Simple
 Cloud Computing - Making IT Simple Cloud Computing - Making IT Simple
Cloud Computing - Making IT Simple
 
Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...
 
DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises...
DEVNET-1009	Cisco Intercloud Fabric for Business (ICFB),  Helping Enterprises...DEVNET-1009	Cisco Intercloud Fabric for Business (ICFB),  Helping Enterprises...
DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises...
 
OpSource cloud hosting
OpSource cloud hostingOpSource cloud hosting
OpSource cloud hosting
 
Modulus Datasheets
Modulus DatasheetsModulus Datasheets
Modulus Datasheets
 
Connectivity for a Smarter Planet
Connectivity for a Smarter PlanetConnectivity for a Smarter Planet
Connectivity for a Smarter Planet
 
comparative study of Cloud computing tools
comparative study of Cloud computing tools comparative study of Cloud computing tools
comparative study of Cloud computing tools
 
Integrating Apple Macs Using Novell Technologies
Integrating Apple Macs Using Novell TechnologiesIntegrating Apple Macs Using Novell Technologies
Integrating Apple Macs Using Novell Technologies
 
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidForecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
 
Patterns of Data Distribution
Patterns of Data DistributionPatterns of Data Distribution
Patterns of Data Distribution
 
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
 

Similar to Presentation cyber defense for soa & rest

FS_Usage_Scenarios
FS_Usage_ScenariosFS_Usage_Scenarios
FS_Usage_ScenariosKevin Kao
 
Web Api services using IBM Datapower
Web Api services using IBM DatapowerWeb Api services using IBM Datapower
Web Api services using IBM DatapowerSigortam.net
 
Layer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfLayer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfdistortdistort
 
Common DataPower use cases, incl Caching with XC-10 appliance.
Common DataPower use cases, incl Caching with XC-10 appliance.Common DataPower use cases, incl Caching with XC-10 appliance.
Common DataPower use cases, incl Caching with XC-10 appliance.sflynn073
 
Layer 7: Managing SOA Security and Operations with SecureSpan
Layer 7: Managing SOA Security and Operations with SecureSpanLayer 7: Managing SOA Security and Operations with SecureSpan
Layer 7: Managing SOA Security and Operations with SecureSpanCA API Management
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
 
Making Sense Of Web Services
Making Sense Of Web ServicesMaking Sense Of Web Services
Making Sense Of Web ServicesJorgen Thelin
 
Web Services and Devices Profile for Web Services (DPWS)
Web Services and Devices Profile for Web Services (DPWS)Web Services and Devices Profile for Web Services (DPWS)
Web Services and Devices Profile for Web Services (DPWS)Jorgen Thelin
 
Layer 7: Getting Your SOA to Production Without Cost and Complexity
Layer 7: Getting Your SOA to Production Without Cost and ComplexityLayer 7: Getting Your SOA to Production Without Cost and Complexity
Layer 7: Getting Your SOA to Production Without Cost and ComplexityCA API Management
 
Enterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-upEnterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-upDileep Kalidindi
 
Web Services Hacking and Security
Web Services Hacking and SecurityWeb Services Hacking and Security
Web Services Hacking and SecurityBlueinfy Solutions
 
Data power use cases
Data power use casesData power use cases
Data power use casessflynn073
 
Designing A Logical Security Framework for E-Commerce System Based on SOA
Designing A Logical Security Framework for E-Commerce System Based on SOA  Designing A Logical Security Framework for E-Commerce System Based on SOA
Designing A Logical Security Framework for E-Commerce System Based on SOA ijsc
 
Designing a logical security framework
Designing a logical security frameworkDesigning a logical security framework
Designing a logical security frameworkijsc
 
Layer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And HardeningLayer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And HardeningCA API Management
 

Similar to Presentation cyber defense for soa & rest (20)

Intorduction to Datapower
Intorduction to DatapowerIntorduction to Datapower
Intorduction to Datapower
 
FS_Usage_Scenarios
FS_Usage_ScenariosFS_Usage_Scenarios
FS_Usage_Scenarios
 
Web Api services using IBM Datapower
Web Api services using IBM DatapowerWeb Api services using IBM Datapower
Web Api services using IBM Datapower
 
Datapower Steven Cawn
Datapower Steven CawnDatapower Steven Cawn
Datapower Steven Cawn
 
Layer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfLayer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdf
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security Engineering
 
Common DataPower use cases, incl Caching with XC-10 appliance.
Common DataPower use cases, incl Caching with XC-10 appliance.Common DataPower use cases, incl Caching with XC-10 appliance.
Common DataPower use cases, incl Caching with XC-10 appliance.
 
Layer 7: Managing SOA Security and Operations with SecureSpan
Layer 7: Managing SOA Security and Operations with SecureSpanLayer 7: Managing SOA Security and Operations with SecureSpan
Layer 7: Managing SOA Security and Operations with SecureSpan
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
 
Making Sense Of Web Services
Making Sense Of Web ServicesMaking Sense Of Web Services
Making Sense Of Web Services
 
Web Services and Devices Profile for Web Services (DPWS)
Web Services and Devices Profile for Web Services (DPWS)Web Services and Devices Profile for Web Services (DPWS)
Web Services and Devices Profile for Web Services (DPWS)
 
Layer 7: Getting Your SOA to Production Without Cost and Complexity
Layer 7: Getting Your SOA to Production Without Cost and ComplexityLayer 7: Getting Your SOA to Production Without Cost and Complexity
Layer 7: Getting Your SOA to Production Without Cost and Complexity
 
DEfcon15 XXE XXS
DEfcon15 XXE XXSDEfcon15 XXE XXS
DEfcon15 XXE XXS
 
Private cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud securityPrivate cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud security
 
Enterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-upEnterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-up
 
Web Services Hacking and Security
Web Services Hacking and SecurityWeb Services Hacking and Security
Web Services Hacking and Security
 
Data power use cases
Data power use casesData power use cases
Data power use cases
 
Designing A Logical Security Framework for E-Commerce System Based on SOA
Designing A Logical Security Framework for E-Commerce System Based on SOA  Designing A Logical Security Framework for E-Commerce System Based on SOA
Designing A Logical Security Framework for E-Commerce System Based on SOA
 
Designing a logical security framework
Designing a logical security frameworkDesigning a logical security framework
Designing a logical security framework
 
Layer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And HardeningLayer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And Hardening
 

More from xKinAnx

Engage for success ibm spectrum accelerate 2
Engage for success   ibm spectrum accelerate 2Engage for success   ibm spectrum accelerate 2
Engage for success ibm spectrum accelerate 2xKinAnx
 
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
Accelerate with ibm storage  ibm spectrum virtualize hyper swap deep diveAccelerate with ibm storage  ibm spectrum virtualize hyper swap deep dive
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep divexKinAnx
 
Software defined storage provisioning using ibm smart cloud
Software defined storage provisioning using ibm smart cloudSoftware defined storage provisioning using ibm smart cloud
Software defined storage provisioning using ibm smart cloudxKinAnx
 
Ibm spectrum virtualize 101
Ibm spectrum virtualize 101 Ibm spectrum virtualize 101
Ibm spectrum virtualize 101 xKinAnx
 
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
Accelerate with ibm storage  ibm spectrum virtualize hyper swap deep dive dee...Accelerate with ibm storage  ibm spectrum virtualize hyper swap deep dive dee...
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...xKinAnx
 
04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directions04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directionsxKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...xKinAnx
 
Presentation disaster recovery in virtualization and cloud
Presentation   disaster recovery in virtualization and cloudPresentation   disaster recovery in virtualization and cloud
Presentation disaster recovery in virtualization and cloudxKinAnx
 
Presentation disaster recovery for oracle fusion middleware with the zfs st...
Presentation   disaster recovery for oracle fusion middleware with the zfs st...Presentation   disaster recovery for oracle fusion middleware with the zfs st...
Presentation disaster recovery for oracle fusion middleware with the zfs st...xKinAnx
 
Presentation differentiated virtualization for enterprise clouds, large and...
Presentation   differentiated virtualization for enterprise clouds, large and...Presentation   differentiated virtualization for enterprise clouds, large and...
Presentation differentiated virtualization for enterprise clouds, large and...xKinAnx
 
Presentation desktops for the cloud the view rollout
Presentation   desktops for the cloud the view rolloutPresentation   desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutxKinAnx
 

More from xKinAnx (20)

Engage for success ibm spectrum accelerate 2
Engage for success   ibm spectrum accelerate 2Engage for success   ibm spectrum accelerate 2
Engage for success ibm spectrum accelerate 2
 
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
Accelerate with ibm storage  ibm spectrum virtualize hyper swap deep diveAccelerate with ibm storage  ibm spectrum virtualize hyper swap deep dive
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
 
Software defined storage provisioning using ibm smart cloud
Software defined storage provisioning using ibm smart cloudSoftware defined storage provisioning using ibm smart cloud
Software defined storage provisioning using ibm smart cloud
 
Ibm spectrum virtualize 101
Ibm spectrum virtualize 101 Ibm spectrum virtualize 101
Ibm spectrum virtualize 101
 
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
Accelerate with ibm storage  ibm spectrum virtualize hyper swap deep dive dee...Accelerate with ibm storage  ibm spectrum virtualize hyper swap deep dive dee...
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
 
04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directions04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directions
 
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
 
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
 
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
 
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
 
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
 
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
 
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
 
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
 
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
 
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
 
Presentation disaster recovery in virtualization and cloud
Presentation   disaster recovery in virtualization and cloudPresentation   disaster recovery in virtualization and cloud
Presentation disaster recovery in virtualization and cloud
 
Presentation disaster recovery for oracle fusion middleware with the zfs st...
Presentation   disaster recovery for oracle fusion middleware with the zfs st...Presentation   disaster recovery for oracle fusion middleware with the zfs st...
Presentation disaster recovery for oracle fusion middleware with the zfs st...
 
Presentation differentiated virtualization for enterprise clouds, large and...
Presentation   differentiated virtualization for enterprise clouds, large and...Presentation   differentiated virtualization for enterprise clouds, large and...
Presentation differentiated virtualization for enterprise clouds, large and...
 
Presentation desktops for the cloud the view rollout
Presentation   desktops for the cloud the view rolloutPresentation   desktops for the cloud the view rollout
Presentation desktops for the cloud the view rollout
 

Recently uploaded

COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 

Recently uploaded (20)

COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 

Presentation cyber defense for soa & rest

  • 1. <Insert Picture Here> Cyber Defense for SOA & REST Bob Glass, Oracle - Principal Middleware Solution Architect Adam Vincent, Layer 7 Technologies - CTO Public Sector
  • 2. Agenda • OSBA Overview • SOA & REST Security 101 • OSBA Use-Cases • Security • Performance • Customization • Monitoring • Conclusions
  • 3. The “Extended” Enterprise Cloud Computing (SaaS, PaaS, IaaS) Industry Trends Customization, Security, Performance, Availability, Regulatory SOA & REST - Across Enterprise Boundaries Customization, Security, Performance, Availability, Regulatory SOA & REST – Inside the Organization Distributed Applications and Shared Services
  • 4. Introducing the Oracle Service Bus Appliance Best of breed XML Gateway + Best of breed ESB for XML security and acceleration for mediation and adaptive connectivity 1. Easy Deployment 2. Simple Configuration 3. DMZ-class Security 4. Extreme XML Performance
  • 5. Easy Deployment & Simple Configuration • With OSB Appliances the Customer can • Remove the appliance from the shipping carton, install it in the rack, • Connect power and network cable(s), assign an IP address, and turn the appliance on. • At that point it configures itself to run on the network. Concluding initial XML firewalling policy configuration your Service Bus Appliance is ready to use The entire process takes less than an hour versus loading and configuring conventional software.
  • 6. DMZ-Class Security • Perimeter Security and Defense in Depth • Threat Protection • Access Control through integration with Oracle IDM Suite • Federated Identity across disparate security realms (SAML) • Support for WS* Security and messaging standards and products • FIPS 140-2 Level 3 with Elliptic Curve/B Suite Support Intercept problematic messages at the enterprise perimeter before they reach your services Oracle Oracle Entitlements Access  Server Manager X X X Perform Identity-based access to services and operations in the DMZ
  • 7. Performance Challenges • Threat Protection (Costly for Performance) • Fast XML Processing (XPATH, XSLT, XSD) • Crypto Operations as Required (message/transport) • Large Message Processing Delegate common or expensive XML-related tasks from your services to your infrastructure
  • 8. OSBA for Cross Boundary Info Sharing
  • 9. What’s in the Box 144.30% to 16,564.97% Improvement XML Accelerator Over Server Install of OSB Cryptographic Accelerator & Hardware Security Module SSL Acceleration & FIPS 140.2 Level 3 Integrate & Customize Protect & Secure
  • 10. SOA & REST Overview Traditional SOA & REST Services all have custom Services all have standard ways of communicating. way of communicating. • SOA & REST utilize Standards • XML, WS*, SOAP, HTTP(S), Etc.
  • 11. SOA & REST Security 101 Security SSL, WS-Security, Etc. Presentation Transport XML, AJAX, Portal, Etc. Discovery Threats Parsing UDDI, WSDL, Etc. Access Deployment SOAP, REST Etc. Transport Service Code HTTP, HTTPS, JMS, Etc. Business Business Logic, Code, Etc.
  • 12. Transport Threats Sniffing and Snooping • Message confidentiality concerns WS-Routing • SOAP messages can contain verbose instructions on their desired routing. If a single node in this routing path is compromised multiple threats can be realized. Replay Attacks • Message integrity concerns and potential Denial of Service by taking a correct message with valid credential and sending it 1000+ times Denial of Service • Same old threat in regard to network Denial of Service
  • 13. Parsing Threats Most products employ the same parsers, therefore if a vulnerability exists in a single product leveraging MS Parser then all others have the same threat. The XML specification itself does not put any restrictions on the structure itself and rather is open to interpretation by the creator of the parser. Example: Some parsers will stop reading an XML Attribute value once they reach some number of characters and others will continue. <Name Organization=“I’m a parser attack, …………………….>
  • 14. Buffer, Heap, or Integer Overflow Threats Warning: Through a successful buffer overflow a malicious command may be executed on your system. We see these all the time! Through passing a malicious buffer to a Web Server or Application server the attacker can create an overflow condition where a segmentation fault occurs. • This oversized/malicious buffer can be sent as part of the transport header OR as part of the message. • An expected integer value can be overflowed by exceeding the value allowed causing a segmentation fault. Once an attacker knows that a overflow is possible they can then use this to potentially execute malicious code on the system. Commonly called a buffer overflow attack.
  • 15. XML Parser Attack Threats The following threats can result in a denial of service commonly referred to as XML Denial of Service (XDOS) by consuming 100% of processing power on the system doing the parsing. Complex or Recursive Payload • Again, the XML specification and structure has no limits! • Automated applications are available which create Fuzzed data for XDOS attacks. Oversized Payload • Many parsing technologies load entire documents into memory • Web Services were generally NOT designed around large message sizes. Other • Unique attacks will be found where underlying parsers have vulnerabilities
  • 16. Deployment Threats Web Service Automation is Our Friend…..Or Is It? UDDI, WSDL, SOAP Faults (errors), Descriptions….OH BOY! UDDI • UDDI contains asset information • Automated War-Dialers (scanners) can search for UDDI’s for services (i.e. Bank service found here) WSDL • Contains adequate information to attack service (i.e Here is how the bank service works) • Automated programs consume WSDL and commence scanning the service (i.e. Automatically issue scanning/attack messages) SOAP Faults • SOAP Faults return information about the service (i.e Bank service is running on IIS version ?? and uses .Net parser) • SOAP Faults returns errors from the backend resources such as the SQL DB, or Mainframe (i.e Bank service is using Oracle DB version ??)
  • 17. Service Code Threats Good development practices can alleviate this threat. How many programs or programmers are perfect though? Parameter Tampering • Parameters are changed • <file_location>C:/INET/file.txt</file_location> changed to • <file_location>C:/*</file_location> Code Injection • Code is injected within an XML element • <SQL>SELECT name FROM DB1 WHERE name = ‘Adam’</SQL> changed to • <SQL>SELECT * From DB1 WHERE name = *</SQL Virus/Spyware/Malware Injections • XML Attachments (MTOM, DIME, MIME) are used as a delivery mechanism for virus Session Tampering and Identity Hijacking • Some Web Services keep track of session with a Unique ID. Attackers can use that ID to become part of the transaction taking place.
  • 18. SOA & REST Security 101 Conclusion Attackers See Opportunities! Web Services offer a entirely new dimension to the traditional security stack. This new layer is a business layer and current security practices DO NOT offer sufficient protection. Why: • Totally new technology, with new comes problems • Operates over common web transports, traditional firewalls are based on the concept of stopping attacks at the network level not at the Message Level (Layer 3-5). • Automation and Toolkit development (Reuse of these tools) • Standardization of attack vectors, you can attack .NET and Java business applications using the same messages. • Inherent Descriptions (WSDL, Tool kit web pages, etc.)
  • 19. OSBA Use-Cases Usage Themes OSBA Value • Security • Challenges To Discuss • Performance • Solution(s) • Customization • OSBA Value • Monitoring • Demonstrate
  • 20. Security - Challenges • Challenges • Cyber Threats – Existing firewalls do very little • Net-Centric Security Approaches and Complexities • Identity and Access Control Across boundaries • Audit & Certification Risks • Significant Time & Money • Government Certifications, Etc. Did I mention: Cyber Threats – Existing firewalls do very little in protecting XML applications from cyber attack
  • 21. Security – Solutions & Value • Solutions • Leverage XML Firewall(s) for Cyber Defense • Utilize products for SOA/REST Security • Federation of existing Identities across boundaries • Integrate with existing enterprise monitoring and SA toolsets • Certify once and reuse over and over with Policy • OSBA Value Proposition • Integrated XML Firewall for Cyber Defense • Supportive of WS* and REST Security standards • Integration with IDaM and Capable of Federating identities, and Attributes • Integrated Enterprise Monitoring for Situational Awareness
  • 22. Security - Demonstration • Threat Detection • Schema Validation • Identity Federation and Access Control • Access Control • Audit OSBA Security Console
  • 23. Performance - Challenges • Hardware – Latency versus throughput and power consumption requirements • Message Size – Streaming techniques can help scale better with increasing size • Functional Requirements and Design Complexity • Underlying Transport • Reliability Requirements
  • 24. Performance is a core OSB value • High performance and light footprint are key driving factors of the OSB product design. • OSB is optimized for stateless message processing and routing. • Performance and scalability requirements are important release criteria for each OSB version. • OSB is designed to be at the core of an enterprise messaging infrastructure for SOA.
  • 25. Scalability – Multiple Dimensions • Vertical • Horizontal Scalability is like a train! • Number of Users • Message Size What about speed? • Number of Services The goal is to scale without a significant loss to performance.
  • 26. Horizontal Scalability • Horizontal Scalability refers to the impact on performance when additional servers are added to the system. • Request queues are distributed destinations. • Clients subscribe to multiple response queues. Load Generator OSB OSB Managed Server (Blocking Client) CLUSTER Linux / Xeon 5130 Load Generator Distribute d Queue Load Generator Client) (Blocking Q OSB Managed Server Client Linux / Xeon 5130 Local Respons Load Generator e Queues (Blocking Client) OSB Managed Server Q1/Q2/Q 3 Linux / Xeon 5130
  • 27. Scalability with Large Number of Services Scalability with Large Number of Services HTTP Pass Through 7000 3.5 6000 3.0 Response Time (ms) 5000 2.5 Throughput 2 Service TPS 4000 2.0 2000 Service TPS 2 Service RT 3000 1.5 2000 Service RT 2000 1.0 1000 0.5 0 0.0 1 2 4 8 12 16 Number of Clients • Scalability with increasing number of services is an important and often ignored dimension of SOA architectures. • OSB scales easily to over 2000 services even when monitoring is enabled with a relatively small drop (10-15% or 0.5 ms) in performance from 2 services. • The drop in performance is negligible going from 500 to 2000 services
  • 28. Scaling to Higher Message Sizes - Partial Parsing (20 MB SOAP Message) • OSB includes partial parsing capabilities that help scale better with increasing message size. SOAP Header Based Routing - 20 MB • Scenarios where partial parsing of the 2.0 100 payload is applied: 80 Response Time (ms) 1.5 • SOAP Header Based Routing. Throughput 60 Full Parse TPS Throughput gains: 1.0 Partial Parse TPS Full Parse CPU 40 • ~1.5X for a 5KB message Partial Parse CPU 0.5 • ~3X for a 20M message 20 • Pass-Through with SOAP Body 0.0 1 2 4 0 Selection Number of Clients • Content Based Routing with Streaming • Partial parsing is enabled by using StAX to extract the required data.
  • 29. Scaling to Higher Message Sizes - Streaming (20MB SOAP Message) • Streaming in OSB significantly increases Large File Transformation Benchmarks 20MB SOAP Message scalability with message size: 0.4 60000 – Without streaming there is an OOM at 8 50000 Avg. Response Time (ms) 0.3 concurrent users for 20MB message. Throughput (TPS) 40000 No Stream TPS Stream Mem TPS – With streaming OSB easily scales to 16 0.2 30000 Stream File TPS No Stream RT concurrent users 20000 Stream File RT DTR RT – Using a file based buffer introduces a small 0.1 10000 overhead 0 0 1 2 4 8 16 Number of Clients • The combination of partial parsing and streaming enables Content Based Streaming File Benchmarks - 20MB SOAP Message Routing to perform as well as a pass 3.5 40000 through scenario 3 – Routing field is in the first 5KB of the Avg. Response Time (ms) 30000 2.5 PT TPS Throughput (TPS) message 2 CBR TPS DTR TPS 20000 PT RT 1.5 CBR RT • OSB has been tested to handle 1 10000 DTR RT transformation and routing of 500 MB 0.5 payload in the streaming mode. 0 1 2 4 8 16 0 Number of Clients
  • 30. OSBA Performance Value Proposition • The numbers speak for themselves • 1K • Schema Validation – 261.34% Faster • XSLT – 262.86% Faster • 10K • Schema Validation – 287.92% Faster • XSLT – 187.24% Faster • 100K • Schema Validation - 16564.97% Faster • XSLT – 144.30% Faster
  • 31. Performance Demonstration • Hardware Accelerated • Schema Validation • XSLT XML Accelerator OSBA Console(s)
  • 32. Customization - Challenges • Ability to Adapt To Change • Service virtualization • Protocol Switching • Routing and Transformation BPM • Error Handling, Policy Enforcement Portal BPM B2B • Scaling in Multiple Dimensions • 1,000s of services • Millions of Transactions Oracle Service Bus • Reduce Cost Through Re-use • Connect your services once • Easily configure services for integration Service Adapters • Single view of assets w/ Service Lifecycle Repository • Manage risk Integration Services • Embedded service-level management • Failure Isolation and auto-recovery Business Logic Business Logic • Application Alerts & SLAs • Auditing and Reporting
  • 33. OSB Service Patterns Adaptive Messaging • Traditional Web Services • Pre-negotiated Interfaces Contract (WSDL) • Standards in place, supported by many vendors • SOAP over HTTP • Legacy Services • Non-XML (XML) over File, EJB, FTP, MQ, JMS, Tuxedo • POX (Plain Old XML) • Structure of Payload to determines action • XML over HTTP • REST (Representational State Transfer) • Based on Pattern of Service Invocation • Nouns vs. Verbs • URIs over HTTP
  • 34. Adaptive Connectivity In a Nutshell… Service Oracle Service Bus Enterprise Clients Service Messaging Services Application HTTP/SOAP WS-RM Service Client Request / Response JMS TUX Application Service Client Synch / Asynch FTP MQ Application Service Client REST Split / Join EJB Application Service Client Application EJB Publish / Subscribe JCA Client Service • Any to Any Protocol • Multiple communications paradigms • Any to Any Payload • Request/response • XML • Synchronous and asynchronous • non-XML • One-to-many, many-to-one • Binary • Pub-sub • No WSDL Required • Mix-and-match (e.g. sync-to-async)
  • 35. More REST… Adaptive Services • REST service each unique URL is a representation of some object or resource. • Expose an existing service as REST • Expose existing REST as a Proxy service • Dynamic routing to Business services in a REST like fashion. Benefits • Expose REST services from existing services quickly and easily • Better re-use without development effort
  • 36. REST Example http://rewards/miles/1002 REST URI Get Mileage XML over HTTP Oracle Service Bus XForm Route Reward id SOAP Service
  • 37. RESTful OSB Overview • RESTful Services Gateway • Messaging type Proxy Service that uses http transport • Data type for request and response can either be XML or Text • Contains logic for routing, but not handling a REST request • RESTful Services Registry • XML document used to register RESTful services, declaratively • Saved as an XQuery resource • Request Handler • Messaging type Proxy Service that uses the local transport • Data type for request and response can either be XML or Text • Performs any transformations required on payload
  • 38. RESTful OSB Pattern for Handling Common REST Use Cases Service Invoker Request (Business Service, ?) Handler(Proxy Service, Local) Request REST API Request Handler(Proxy Service, Local) Message Channel RESTful Services Registry Request Dynamic REST Service SOAP Handler(Proxy Routing Service, Local) Web Action Services Stack Request Reply Handler(Proxy SOAP Service RESTful Services Gateway (Proxy Service, Local) Service, HTTP) … Service OSB 10gR3 (or above) Consumer
  • 39. Customization Solutions & Value • Solutions • Ability to adapt to Changes • Adaptive Messaging • Support integration with Legacy System • RESTFul Services Gateway • REST  REST • REST  SOAP • SOAP  REST • SOAP  SOAP • OSBA Value Proposition • OSB Service Patterns • Advanced Protocol Switching and Mediation Patterns • Support for Any-To-Any Protocol and Payload
  • 40. Customization Demonstration • OSBA • Protocol Switching • Routing Rules • RESTful Services Legacy SOAP REST OSBA Console(s)
  • 41. Monitoring Challenges • Cyber Situational Awareness • Standards-based support for Cyber Situational Awareness • System, Organization, Enterprise, Global (USCyberCommand) • Enterprise Monitoring for SLA, and Business Drivers • Availability of Health and Availability across boundaries • Net-Centric Systems ability to react gracefully to systems outside of their control.
  • 42. OSB Service Monitoring • Monitor System Operations Warnings • Alerting and reporting key monitoring points 17 4 40 13 • Gauge system health, slowdown notification 72 • Monitoring is optional per service Critical • Service metrics Minor • Response times (min, max, avg) • Message, error, failover counts Error • Action level metrics New Responses • Dashboard • # of Generated Errors • By Service • Show fault and performance metrics aggregated cluster wide or per server • JMX Metrics • Metrics available via MBean interfaces • Integration with Enterprise Mgr New • Custom Alerts • SLA alerts for conditions requiring attention • Pipeline alerts can flag individual msgs • Service health • # of Alerts by Severity • Configurable Aggregation Intervals 42
  • 43. OSB - BAM Integration • OSB Proxy Service Integration • Custom Reporting Provider • Implemented using JMS • Define Key-Value Pairs • BAM Enterprise Message Source • Configure JMS • Map To Data Object • Use Keys defined in OSB • Business Data in BAM
  • 45. Management Pack Plus for SOA Leading and only solution for Oracle SOA Management Pack Plus for SOA • Covers BPEL, OESB, OSB • Artifact deployment • Configuration Management • System and service modeling • End-to-end dependence modeling • BPEL functional analysis • In-context performance monitoring • SLA monitoring • Service monitoring and diagnostics
  • 46. Monitoring Solutions & Value • Solutions • Support standards-based approaches to situational awareness (SNMP, Web Services, Joint DoD/IC ESM) • Support integration with multiple vendor ESM solutions • Oracle, AmberPoint (now Oracle), etc. • OSBA Value Proposition • Integral support for various enterprise monitoring solutions • Turn-key support for SNMP, and Web Services SA tooling • Support for Joint DoD/IC ESM
  • 47. Monitoring Demonstration • Integrated Monitoring • Integration with Enterprise Monitoring • Support for health visibility outside of enterprise OSBA Console(s)
  • 48. Conclusions • Decrease time to market and cost of implementation by leveraging a pre-integrated, pre-configured SOA Appliance: • Initial configuration (network configuration, security lock-downs, etc.) • Security configuration (such as XML firewalling, access control, auditing, etc.) • Adapter configuration for enterprise system integration (ERP, CRM, databases, messaging systems, etc) • Thank you for joining us this morning! • Contact info: • Bob Glass, robert.glass@oracle.com, 703-364-2466 • Adam Vincent, avincent@gov.layer7tech.com, 703-965-1771
  • 49. Your Oracle Middleware Solutions Team • Business (Contracts, Licensing, Pricing) • Emily Vickers, emily.vickers@oracle.com, 703-395-2874 • Product Guidance (Product Capabilities, Architecture) • Bob Glass, robert.glass@oracle.com, 703-364-2466 • Roy Gingher, roy.gingher@oracle.com, 443-622-6423 • Monica Mosser, monica.motley@oracle.com, 443-742-9613 We are your advocate & reachback to Oracle!
  • 50. Your Layer 7 Federal Team • Business (Contracts, Licensing, Pricing) • Jim Rice, jrice@gov.layer7tech.com, 301-325-1005 • Product Guidance (Product Capabilities, Architecture) • Adam Vincent, avincent@gov.layer7tech.com, 703-965-1771 • Jason Spies, jspies@gov.layer7tech.com, 571-247-6854
  • 51. WebCenter Sneak Preview What Does It Mean to WebLogic Portal & ALUI Customers • When: 8:00 am, Tues, March 16th • Where: Fort Meade Courtyard Marriot • What… Learn how you can leverage WebCenter’s next generation services (Enterprise 2.0, Social Services, Online Communities, etc.) to enhance information sharing in your environment. Please e-mail cathy.ryan@oracle.com if you can attend!