This Webinar given by Layer 7 Technologies and Red Hat explores the combination of a SOA Gateway and an Enterprise Service Bus (ESB) to provide a comprehensive, standards-based, secure approach to governing integration across the enterprise and into the cloud.
Security, Governance & Integration in a Cloud Connected World
1. Security, Governance, & Integration in a Cloud-
Connected World
Jaime Ryan Pierre Fricke
Partner Solutions Architect Director, SOA Products, Red Hat
pierre.fricke@redhat.com
jryan@layer7tech.com
July 19, 2011
2. Questions
- Chat any questions you have and we’ll answer them at the end of this call
Twitter
- Today’s event hashtag:
- #L7Webinar
- Follow us on Twitter as well:
- @JryanL7
- @pfrickerht
- @layer7
- @RedHatNews
2
3. Agenda
Challenges faced by businesses and
governments
SOA and Cloud as Solutions
Integration to the Cloud is Evolutionary
Challenges around Security and Governance
Specific needs for Partner, SaaS, and IaaS/PaaS
deployments
SOA Platform + SOA Gateway for End-to-End
Integration, Security, and Governance
3
13. Integration in the cloud is evolutionary
Services for Business Logic and Data
Service Service
Data Data
Service Service
Service Service Service
Logic Data Logic Data Logic Data
HR CRM LOB
10
14. Integration in the cloud is evolutionary
Services Enable Business Processes
Business
Processes
Service Service
Data Data
Service Service
Service Service Service
Logic Data Logic Data Logic Data
HR CRM LOB
11
15. Integration in the cloud is evolutionary
Intelligent Services via Rules
Business
Processes
Rules Service Service Business
Service
Service Rules
Data Data
Service Service
Service Service Service
Logic Data Logic Data Logic Data
HR CRM LOB
12
16. JBoss Enterprise SOA Platform
A flexible, standards-based platform
to integrate applications, SOA services, JBoss Enterprise SOA Platform
business events and
automate business processes. Registry Workflow Rules
JBoss ESB
Transformation, Routing, Event Management
Open Choice Integration
Application, Rules (and Data)
JBoss Enterprise Application Platform
EAI, Services, Intelligent EDA Container services, Hibernate, Web Services stack, Seam, Clustering,
Cache, Messaging, Transactions
Messaging
Workflow and Service Orchestration
Registry
Rock solid enterprise-tested Red Hat Enterprise Linux
Windows, UNIX, other Linux
foundation
Use Cases: Finance – Integrate back and front Office apps
Healthcare – Eliminate unnecessary paper
Government – Citizen self-service
Intelligent, Active Messaging Infrastructure
Generally: Eliminate manual pain points across applications
Enable the agile enterprise; integrate cloud into your business
13
17. JBoss Enterprise Data Services Platform
Real Time Data Services to Accelerate Superior Business Execution
Turns the data you have into the JBoss Enterprise Data Services
information you need
JDBC/ODBC
Augments and extends SOA Platform to Metadata
address data access, integration and Data Virtualization
Repository
abstraction. Data Access, Federation Repository Services
• SOA Patterns, best practices
• Reporting/Analytics enablement
Registry Workflow Rules
• Master Data Services
• Data Governance, Compliance JBoss ESB
Transformation, Routing, Event Management
Real-time read/write access to
heterogeneous data stores JBoss Enterprise Application Platform
Container services, Hibernate, Web Services stack, Seam, Clustering,
Cache, Messaging, Transactions
Speeds application development by
simplifying access to distributed data
Centralized access control, auditing
Red Hat Enterprise Linux
Windows, UNIX, other Linux
14
18. Integration in the cloud is evolutionary
Integration Fabric with JBoss Enterprise Middleware
JMS AMQP HTTP/ REST File FTP ODBC JDBC SOAP .NET
POX
JBoss SOA Middleware
15
19. Enterprise integration challenges regarding SOA and
Cloud Computing
IT assets distributed in various zones
Increasing demand for cloud/partner/customer integration
Cloud Deployments Partner Apps
External
Cross-Department Third-Party SaaS
Integration?
Security? Security?
Governance? Governance?
Packaged Apps
Internal On-Premise SOA Integration?
Legacy Apps
Standards-based Custom/Legacy 4
20. The New Enterprise Landscape
distributed enterprise SOA
partner
Next-Gen ESB SAAS
Next Generation ESB CRM ERP
5
21. Extending ESB Integration to the Cloud
Layer 7 SOA and Cloud Gateways
Policy Enforcement Point (PEP) for Runtime
Security and Governance
Integration with ESB infrastructure
- Registry/Repository
- Protocol Mediation
- Message Transformation
- Monitoring Tools
- Reporting Tools
Common industries
- Government
- Financial Services
- Telecommunications
- Energy & Utilities
- Retail
6
22. Deployment Scenarios
Scenarios depend on control partner
Deployment 1 – Partner Applications
- Only control one end of the transaction
- Custom integrations
- Protect both incoming and outgoing
- Manage service interfaces and SLAs
Deployment 2 – Cloud Integration (SaaS)
- Only control one end
- Templated integrations
- Identity propagation is key SaaS
- Monitor and monetize external usage
Deployment 3 – Cloud Deployments (IaaS/PaaS)
- Control both ends
- Standard integrations
- Extend the enterprise to the cloud
7
23. Deployment 1 – Partner Applications
Security
• Access Control
• Integration with identity infrastructure
• Authentication/Authorization partner
• Complete WS-Security, WS-Policy support
• Data Security
• Threat Protection
• Security Certifications
External Systems
On-premise Apps and Data
JBoss Enterprise SOA Platform
Registry Workflow Rules
Governance
• Service abstraction
JBoss ESB • Service versioning
JBoss Enterprise • Service lifecycle
Application Platform • High Availability
• Rate Limiting
• SLA Enforcement
8
24. Deployment 2 – Cloud Integration (SaaS)
Security
• Single Sign-on
• Full WS-Trust STS
• OAuth tools
• Data validation
• SOAP, XML, REST, JSON
• SaaS templates
• Caching infrastructure
SaaS
On-premise Apps and Data
JBoss Enterprise SOA Platform
Governance
Registry Workflow Rules
• QoS Monitoring
JBoss ESB • Reporting
• Monetization
JBoss Enterprise
Application Platform
9
25. Deployment 3 – Cloud Integration (PaaS/IaaS)
Security
• End-to-End Secure Channel Cloud-Resident Apps and Data
• Automated security decoration
JBoss Enterprise SOA Platform
• Transport- and message-layer
• Identity Propagation Registry Workflow Rules
• Routing/Orchestration JBoss ESB
• Real-time Policy Enforcement
JBoss Enterprise
Application Platform
On-premise Apps and Data
JBoss Enterprise SOA Platform Governance
Registry Workflow Rules • Gateway monitoring
• Migration across
JBoss ESB
environments
JBoss Enterprise • Cluster management
Application Platform • Standards-based
integration
10
26. SOA Gateway Form Factors
Hardware and Virtual Appliance options allow deployment on-
premise or in the cloud. Each enables ‘drop-in’ solution with
minimal deployment time and instant value. No agents to deploy, no
dependencies.
Hardware Appliance Virtual Appliance
• Military grade security device • Pre-installed, hardened image
• Common criteria EAL 4+ • VMWare ESX, Xen, Amazon EC2
• FIPS 140-2 level 3 certified HSM • FIPS certified software crypto mode
• 5G hardware XML acceleration • XML acceleration software mode
…also available as software for Linux and Solaris
11
27. SOA Platform + SOA Gateway
SOA Platform
JBoss Enterprise SOA Platform
- Integration (EAI, SOA, event-driven)
Registry Workflow Rules
- Unified data views
JBoss ESB
- Workflow and service orchestration
JBoss Enterprise
- Business rules execution Application Platform
- Flexible and extensible
SOA Gateway
- Secure perimeter
- On- and off-ramp to the ESB
- Bridge to external connections
- Participant in federated ESB deployments
- Application-aware externalization of policy
- Data collection for API management
12