TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
Enterprise Integration with WSO2 ESB
1. Enterprise
Integra:on
with
WSO2
ESB
Prabath
Siriwardena
Director,
Security
Architecture
05th,
Feb
2014
Last Updated: Jan. 2014
2. About
WSO2
๏
๏
๏
Global
enterprise,
founded
in
2005
by
acknowledged
leaders
in
XML,
web
services
technologies,
standards
and
open
source
Provides
only
open
source
plaLorm-‐as-‐a-‐service
for
private,
public
and
hybrid
cloud
deployments
๏
๏
2
All
WSO2
products
are
100%
open
source
and
released
under
the
Apache
License
Version
2.0.
Is
an
Ac:ve
Member
of
OASIS,
Cloud
Security
Alliance,
OSGi
Alliance,
AMQP
Working
Group,
OpenID
Founda:on
and
W3C.
Driven
by
Innova:on
๏
Launched
first
open
source
API
Management
solu:on
in
2012
๏
Launched
App
Factory
in
2Q
2013
๏
Launched
Enterprise
Store
and
first
open
source
Mobile
solu:on
in
4Q
2013
5. ๏
Published
by
PACKT
–
Oct
2013
๏
Covers
a
set
of
commonly
used
integra:on
paYerns.
๏
hYp://www.packtpub.com/
enterprise-‐integra:on-‐with-‐wso2-‐
esb/book
๏
www.amazon.com/Enterprise-‐
Integra:on-‐WSO2-‐Prabath-‐
Siriwardena/dp/1783280190
5
6. Service
Oriented
Architecture
• A design paradigm and discipline - used by IT to improve
its ability to quickly and efficiently meet business demands.
• A style of software architecture that is modular,
distributed and loosely coupled.
• Componentization – The main driver of SOA Business
Functionalities are implemented in different Business
• Components
• Business Components provide their functionality to its
consumers as a ‘Service’ with the well-defined service
interfaces.
7. Why
ESB
?
Modern Enterprises
Comprised of so many Systems and Services built based on
open standards, custom-built, acquired from a third party,
part of a legacy system or any such combination
Integration
Organizations move away from monolithic systems
Multiple Systems connected via SOA as the blue print
9. What
is
ESB
?
An ESB is a middleware solution that enables interoperability among
heterogeneous environments using a service-oriented model. An ESB
models an application endpoint as a service. The ESB may host the service
agent locally, or the service may execute remotely. In both cases, the ESB
provides an abstraction layer that virtualizes the service and separates it
from infrastructure concerns. The ESB makes the service accessible to other
applications via one or more middleware protocols. As a general rule, one
of the protocols that an ESB supports is Simple Object Access Protocol
(SOAP), but it doesn't require all services to communicate via SOAP. The
ESB mediates interactions between service endpoints and enables dissimilar
systems to interoperate.
10. What
ESB
does
?
Message Routing.
ESB performs message routing either based on
predefined/derived paths or based on the content of
the incoming message.
11. What
ESB
does
?
Protocol Switching.
This could be from HTTP/ HTTPS to FTP or SMTP or
any other protocol.
12. What
ESB
does
?
Message Transformations.
The backend SOAP services can be exposed to REST/
JSON clients and the ESB will take care of the
message transformation.
13. What
ESB
does
?
Expose legacy systems through a standard
interface.
We may need to develop adaptors and plug those into
the ESB while exposing legacy systems as standard
services to the outside. The adaptors will take care of
transforming the incoming messages to the message
formats expected by the legacy systems.
14. What
ESB
does
?
Expose business functionalities through
service orchestration.
ESB should be able to expose proxy services to cater
some business functionalities by wrapping some
concrete backend services.
15. What
ESB
does
?
Handling Versioning.
By decoupling the service from the client and
exposing it through an ESB allows handling versioning
at the perimeter level. When a new version of a
service been added to the system, which could
possibly break the service contract with old clients,
the EBS can still transform the requests from old
clients into the new format.
16. What
ESB
does
?
Centralized policy enforcement point for
authentication, authorization and
throttling.
Security can be enforced at the ESB while the
concrete backend services either could be secured or
non-secured.
17. What
ESB
does
?
Centralized auditing and monitoring.
As all the messages pass through the ESB, this is one
of the best places to do auditing and monitoring. In
case of WSO2 ESB, it can be easily integrated with
WSO2 BAM (Business Activity Monitor).
18. What
ESB
does
?
Message screening and schema validation.
Doing message screening and schema validation at the
perimeter level could help to drop invalid messages as
early as in the message processing flow. Hence
lowering the chances for a Denial of Service attack.
19. What
ESB
does
?
Reliable message store.
In addition to all the above functionalities, the Service
Gateway also could act as a reliable message store. It
can persist messages and deliver those to backend
services when they are available. Also, the message
store can be used to match the rate limits expected
by backend services.
20. WSO2
ESB
• A lightweight, high performance ESB
• Feature rich and standards compliant
– SOAP and WS-* standards
– REST support
– Domain specific protocol support (e.g.: FIX, HL7)
• User friendly and highly extensible
• 100% free and open source with commercial support.
• Built on top of WSO2 Carbon.
21. Content-‐Based
Router
• Content-Based Router, Enterprise Integration
Pattern explains how to handle a scenario where a single
logical function being implemented across multiple
different systems.
22. Dynamic
Router
•
•
•
The Dynamic Router, Enterprise Integration Pattern explains how to avoid
dependency of the router on all possible destinations / business services while
maintaining its efficiency.
The Dynamic router can be self-configured based on special configuration
messages from participating destinations.
Each business service has to announce their capabilities and Dynamic Router will
maintain a list of them.
23. SpliYer
• Splitter, Enterprise Integration Pattern explains how to
handle a scenario where the incoming request brings
multiple elements in it and each element needs to be
handled in a separate manner
24. Aggregator
• Aggregator EIP talks about combining the results of
individual but related messages, so the result can be
processed as a whole.
25. ScaYer
and
Gather
• Scatter and Gather Enterprise Integration Pattern
explains how to handle a scenario where the incoming
request has to be handled by multiple recipients and each
recipient will reply back to form an aggregated response.
26. Service
Chaining
• Service Chaining Enterprise Integration Pattern
explains how to handle a scenario where the incoming
request has to be orchestrated through multiple business
services in an order.
27. Publish
Subscribe
• Publish Subscribe, Enterprise Integration Pattern
explains how to handle a scenario where one needs to
publish events to all the interested parties without
maintaining any hard coupling between those.
28. Message
Store
• The Message Store Enterprise Integration Pattern
explains how to capture information about each message
in a central location. Also, the Message Store can be used
to match the rate limits expected by backend services.
29. ๏
hYp://wso2.com/products/enterprise-‐service-‐bus/
๏
eBay
case
study
:
hYp://wso2.com/casestudies/ebay-‐uses-‐100-‐open-‐
source-‐wso2-‐esb-‐to-‐process-‐more-‐than-‐1-‐billion-‐
transac:ons-‐per-‐day/
๏
hYp://wso2.com/library/on-‐demand-‐webinars/
29