SlideShare ist ein Scribd-Unternehmen logo

Innovative Marriage of Security and Performance in SOA Based Dynamic Enterprises

Dr. Mehmet Yildiz
Dr. Mehmet Yildiz

This presentation is about performance and security aspect of SOA (Service Oriented Architecture) in developing an end to end EA (Enterprise Architecture) for large organisations.

TechnologieNews & Politik
1 von 30
Downloaden Sie, um offline zu lesen
SOLEA Service-Oriented Locally adapted Enterprise Architecture Innovative Marriage of Security and Performance in SOA Based Dynamic Enterprises Sponsors: Presented by: -Helsinki University of Technology Dr. Mehmet Yildiz -University of Kuopio IBM Certified Executive IT Architect myildizmel@gmail.com Abridged version Proposed Abstract: “All enterprise systems have two key concerns: security and performance. All CIO / CTOs have these two in their daily agenda through the life cycle of their mission critical business systems. These two aspects hardly go along well unless specialised design considerations, innovative techniques and methodical practices are applied. Finding the right balance for security and performance marriage is a significant challenge for dynamic enterprises especially when the Service Oriented Architecture (SOA) is the key enabler of it. This paper aims at identifying key security and performance factors for SOA projects in dynamic enterprises and how they can be efficiently architected for desired business outcomes. In this paper, the experience based claims are substantiated with industry based literature review and a sample case study from the field.” 1
SOLEA Agenda -Introduction -Theme 1: EA and SOA in Dynamic Enterprise -Theme 2: SOA Performance Research -Theme 3: SOA Security Focus SOA Reference Architecture QoS -Conclusion Layer 7 Perf/Sec 2
SOLEA Introduction and Methodology • Purpose –Share experience –SOA and EA are important • Data collection, analysis and validation of results –Lessons learnt out of over 50 projects –Interaction (surveys and interviews) with over 100 architects –Industry literature –Academic research papers –Invention disclosures –Experience from 3 full cycle SOA and 10 EA engagements –Leader of Architecture Lessons Learnt CoP harvesting IP from field –Validation of findings with selected top 10 SOA practitioners from diverse organisations and industries • Still so much to learn! 3
SOLEA Theme 1: EA and SOA in Dynamic Enterprise S A O EA ESB 4
SOLEA Evaluation of Current Architecture Frameworks CS1 None of the assessed frameworks fully meets the major criteria in the Regensburg study. Hence use of combination of frameworks is suggested. 5 Ref: Susanne Leist and Gregor Zellner University of Regensburg, Institute of Information Management, Germany
SOLEA SOA Vendors for New Systematic Applications Gartner’s Magic Quadrant for Application Infrastructure for New Systematic SOA Application Projects There are many vendors investing on SOA Application Projects. Leveraging their experience is important 6 Ref: Gartner’s Magic Quadrant for New Systematic Applications
SOLEA Key SOA Concepts … a service? … service orientation? A way of integrating your A repeatable business business as linked Composable services task – e.g., check customer credit; open and the outcomes that new account they bring Interoperable SOA SOA Re-Usable Re- Loosely … service oriented Coupled … a composite architecture (SOA)? application? An IT architectural style A set of related & that supports integrated services that service orientation support a business process built on an SOA 7
SOLEA Definition of Service and System - Technically Extract from Webster Service A service is a program we interact with via message exchanges System A system is a set of deployed services cooperating in a given task Services Science An interdisciplinary approach to the study, design, and implementation of services systems – complex systems in which specific arrangements of people and technologies take actions that provide value for others. 8 Ref: Webster Dictionary
SOLEA Service Integration Maturity Model (SIMM ) Typical SOA Projects SOA Maturity Assessment Dynamically Composite Virtualized Re-Configurable Silo Integrated Componentized Services Services Services Services Componentized Processes Provided Mix & match Outsourced Isolated Business Business Process Componentized Business Provides & Consumed via business capabilities Business services; BPM Line Driven Integration Business & Consumes Composite Business via context-aware and BAM Services services services SOA and IT Governance Ad hoc LOB IT Ad hoc Enterprise Common SOA and IT Organization Emerging SOA Infrastructure Implemented Strategy & IT Strategy & Governance Governance Governance Governance using automated Governance Governance processes Alignment Alignment Policies Service Structured Object Component Service Service Grammar Oriented Methods Analysis & Oriented Based Oriented Oriented Oriented Modeling for Design Modeling Development Modeling Modeling Modeling infrastructure Dynamic Applications Application Applications composed of Virtualized Modules Objects Components Services Assembly; Composite Services context-aware Services invocation Dynamically Re- Architecture Monolithic Layered Component Emerging Grid Enabled SOA Configurable Architecture Architecture Architecture SOA SOA Architecture Enterprise Virtualized Application LOB or Enterprise Information as a Business Data Semantic Data Information Canonical Models Information Specific Specific Service Dictionary & Vocabularies Services Repository Context-aware Common Project-based SOA Infrastructure LOB Platform Platform Common SOA Event-based Reusable SOA Environment; Specific Specific Environment Sense & Infrastructure Environment Sense & Respond Respond 9 http://www.opengroup.org/projects/osimm/ 3 Level 1 Level 2 Level Level 4 Level 5 Level 6 Level 7
SOLEA Why SOA – An executive view The paradigm shift of using services instead of APIs Composable means simplified interaction, less communication, rs artne and reduced complexity le p ultip Interoperable SOA SOA Re-Usable Re- to m “SOA necti ng Loosely con Resource Coupled Train”* erfa c e e int Reuse Business es ingl ur gh sec Application Agility Throu Integration Infrastructure Flexibility Business Application Resources Standards-based approach Infrastructure Processes speeds business process Architecture automation SOI 10 *Concept created by Mehmet Yildiz, 2007, IBM
SOLEA A SOA Reference Architecture Sample CS1 Enterprise Architecture Ref Architecture for Ref Architecture for a Service Areas Ref Architecture for a Program Single Project 11Ref: IBM and Open Group
SOLEA 7 Concerns at Layer 7 - QoS CS1 1.Increased virtualization 2.Loose coupling Layer 7 3.Widespread use of XML 4.The composition of federated services 5.Heterogeneous computing infrastructures 6.Decentralized SLAs 7.The need to aggregate IT QoS metrics to produce business metrics 12Ref: IBM and Open Group SOA Reference Architecture
SOLEA Security and Performance Relationship Performance Belief: The harder the security the lower the performance in any SOA project Security 13
SOLEA Security vs Performance in Dynamic Enterprises CS1 Balance of Dynamic Enterprise Dynamic SOA* Supports Dynamic Applications Supports Dynamic Infrastructure Security Security Performance Supports Dynamic Operations Availability and Satisfaction Dynamic Dynamic Security Performance 14Concept introduced by Mehmet Yildiz, 2007, IBM
SOLEA Theme 2: SOA Performance heterogeneous abstraction infrastructures Performance federated open service standards ecosystem Compliance Internal Governance distributed Open computing protocols 15
SOLEA Major Source of Performance & Scalability Issues CS1 Architecture 19% Development 56% Production 25% 16 Ref: Optimizing Service-Level Performance, Jean-Pierre Garbani Forrester Research
SOLEA [An Observed] SOA Perf/Sec Effort Indication* CS P-H =Case Studies P-H S-H 1, 2, 3 S-H Operational Services Support Integration S-M P-M =Complexity Indicators P-M S-M Extreme Infrastructure P-M Build S-M High Application n Packaging esig P-M P-L e &D S-M Code Data Migrationtur S-L tec l Ar chi Medium t ua Ac d ne Plan Low 17Ref: SOA performance assessement research results by Mehmet Yildiz, 2008, IBM
SOLEA Performance Complexity Indication CS1, 2, 3 Code Application Operations / Infrastructure Production Services Integration 18Ref: Concept and research results by Mehmet Yildiz, 2008, IBM
SOLEA Performance with FastSOA SS FastSOA is an architecture and software coding practice that addresses 3 key problems: 1 Solves the SOAP binding 1 Solves the SOAP binding 2. Uses native XML 2. Uses native XML 3. Introduces a 3. Introduces a (proxy) performance problem (proxy) performance problem persistence to avoid persistence to avoid mid-tier service mid-tier service by reducing the need for Java by reducing the need for Java XML-to-relational cache to provide XML-to-relational cache to provide objects and increasing the use objects and increasing the use transformation transformation SOA service SOA service of native XML environments to of native XML environments to provide SOAP bindings. performance problems. performance problems. acceleration. acceleration. provide SOAP bindings. 19 Ref: http://www.ibm.com/developerworks/xml/library/x-accsoa/
SOLEA Benefits of SOA Appliances SS Hardened & specialized Meet Higher levels of hardware for helping to security assurance integrate, secure certifications (government Many functions FIPS Level 3 HSM) and accelerate SOA integrated into a single device Higher performance Simplified deployment with hardware and acceleration ongoing management (more security checks without slow downs) 20 Ref: Extracted from IBM Websphere Datapower White Paper
SOLEA Simplification with SOA Appliances SS CS1 21 Ref: Extracted from IBM Websphere Datapower White Paper
SOLEA Popular SOA Management Tools SS CS1 The complexity of SOA environments and applications demands management tools from inception to deployment to operations and beyond. Tools (Alphabetically) Summary of Key Functions AmberPoint's A policy-based run-time governance software suite, SOA performance in production. Includes a run- time repository, service network monitoring, SOA security, service-level monitoring. SOA Management System: BMC Software's AppSight: Performs automated problem resolution in SOA implementations to alleviate and eliminate application problems. CA's Wily SOA Solution: Monitors the performance and availability of Web services, application performance on client machines and other components in the SOA environment. HP's SOA Manager: The software can define and maintain a dynamic model of services, including software assets and virtual servers; and manage application and Web services performance within that SOA model. IBM's Tivoli Composite Application Monitors, manages and controls the Web-services layer of IT architectures, and identifies the source of bottlenecks or failures. Manager (ITCAM) for SOA: iTKO's LISA Enterprise SOA Focuses on the software performs unit, regression, functional and load testing, as well as post deployment monitoring tasks. Testing platform: Mindreef's SOAPscope Server: Enables task-oriented collaboration regardless of role, skill set or development environment -- which makes it possible to find quickly and address any performance problems that arise, the company says. OpTier's CoreFirst Monitors the performance of services, components and transactions. Progress Software's Actional for Uses agent technology that watches messages entering and exiting XML appliances and application servers to build a map of what happens in an SOA infrastructure. Helps with performance alerting, SOA Operations dependency analysis, problem detection and resolution. Tidal Software's Intersperse Enables the proactive detection of problems, problem localization and root-cause analysis. http://www.javaworld.com/javaworld/jw-10-2007/jw-10-soa-management-tools.html?page=11 22
SOLEA Theme 3: SOA Security heterogeneous abstraction infrastructures federated open service standards ecosystem Compliance internal Governance Security distributed Open computing protocols 23
SOLEA Typical Security Architecture for an Enterprise CS1 Externally Highly Controlled Secure Zone External Business Zone External Internal Zone Uncontrolled Demilitarized Zone Special Domain 24
SOLEA Typical SOA Security Architecture CS1 25 Ref: IBM SOA Security Red Book, Dr. Paul Ashley et al
SOLEA SOA Security Reference Model by IBM CS1 26 Ref: IBM SOA Security Red Book, Dr. Paul Ashley et al
SOLEA Top 10 Security Principles for Dynamic Enterprises From National Institute of Standards and Technology Key Points Descriptions CS1 Only grant access to what is required. 1. Least Privilege Relying on more than one component or mechanism to be secure, failure of a 2. Defense in Depth single security solution may compromise the entire security. Forces attackers to use a narrow channel of access where actions can be 3. Choke Point monitored and controlled. Security is only as strong as the weakest link. Smart attackers will seek the 4. Weakest Link weakest point to attack. Systems should fail in such a way that it denies access to an attacker rather than 5. Fail-Safe Stance grants access. Everyone needs to be concerned with security. Failure from one person or or area 6. Universal Participation can be dramatic! Do not rely on only one (type of) system or application for security, no matter how 7. Diversity of Defense strong or comprehensive it may be. (e.g. one firewall). The more complex the security environment, the riskier it is for security. 8. Simplicity To minimize the amount of damage that can be done to an environment (or 9. Compartmentalization system), break the environment up (or system) into isolated units. Historically, insiders account for 65% of all attacks. Protections should make little 10 Inside/outside threats difference for an inside or outside attack. http://csrc.nist.gov/publications/nistpubs/800-27/sp800-27.pdf 27 There are 33 important principles by NIST!
SOLEA Granular Security Assessment feeding SM CS1 Subsystem Components and Elements for Each Subsystems and Functions Impact Likelihood Credential Subsystem Insignificant Minor Moderate Major Catastrophic Almost Certain Information Flow Control Subsystem Likely Access Control Subsystem Moderate Security Audit Unlikely Subsystem Integrity Rare Subsystem 28 Adapted from IBM’s Systems Engineering Method
SOLEA SOA Security Architectural Decisions Samples Documenting and obtaining sign Decision 2: off for the architectural decisions Provide authorization at every layer at the very beginning of the SOA in the architecture Course grained project is essential at the point of contact servers Increasing more fine grained towards the back-end systems Decision 1: Use SAML 2.0 Browser Artifact Profile for Federated web single sign-on Decision 4: Use only standards based interconnections Decision 3: WS-Security Use point of contact servers in a DMZ environment for all in-coming and out- WS-Trust going transactions. Use hardware SAML appliances for dealing with web services messages WS-I Basic Security Profile 29
SOLEA Conclusion Messages PERFORMANCE & SECURITY IS (E2E) LONG TERM JOURNEY. Map PM to SM! A tight relationship for desired results! Target is SIMM Level 7! Security and performance EA is important SOA also helps EA to are like Ying & Yang, hence for successful be more efficient for require balance all the time SOA projects & an organisation provides a map Every marriage require Every marriage require Performance & Standards, policies, commitment. & lifetime commitment. & lifetime security work MUST models, compliance, agility and architecture support so does SOA marriage support so does SOA marriage start from inception! of security & performance of security & performance Any delay is a critical are very important factors factor for SOA QoS Beware, SOA projects require different Use of methodical and approach than traditional SOA projects are systematic approach projects and may take full of unknowns produce better results longer and may cost depending on for SOA more; it is not number of necessarily easiest! services. 30 Ref: Extracted from M. Yildiz’ SOA Performance and Security Paper, 2008

Empfohlen

Service Oriented Enterprise Architecture and Service Oriented Enterprise
Service Oriented Enterprise Architecture and Service Oriented EnterpriseService Oriented Enterprise Architecture and Service Oriented Enterprise
Service Oriented Enterprise Architecture and Service Oriented EnterpriseYan Zhao
 
Andre Tost E S B Ref Arch
Andre Tost E S B Ref ArchAndre Tost E S B Ref Arch
Andre Tost E S B Ref ArchSOA Symposium
 
ESB Usage Scenarios and Patterns
ESB Usage Scenarios and PatternsESB Usage Scenarios and Patterns
ESB Usage Scenarios and PatternsIBM Sverige
 
SOA for Enterprise Architecture
SOA for Enterprise ArchitectureSOA for Enterprise Architecture
SOA for Enterprise ArchitectureYan Zhao
 
Enhancing The Role Of A Large Us Federal Agency As An Intermediary In The Fed...
Enhancing The Role Of A Large Us Federal Agency As An Intermediary In The Fed...Enhancing The Role Of A Large Us Federal Agency As An Intermediary In The Fed...
Enhancing The Role Of A Large Us Federal Agency As An Intermediary In The Fed...Wen Zhu
 
Anthony Carrato S O A Business Architecture
Anthony Carrato S O A Business ArchitectureAnthony Carrato S O A Business Architecture
Anthony Carrato S O A Business ArchitectureSOA Symposium
 
SOA - Enabling Interoperability And Business Agility March 2009
SOA - Enabling Interoperability And Business Agility March 2009SOA - Enabling Interoperability And Business Agility March 2009
SOA - Enabling Interoperability And Business Agility March 2009Mike Wons
 
Radovan Janecek Avoiding S O A Pitfalls
Radovan Janecek Avoiding S O A PitfallsRadovan Janecek Avoiding S O A Pitfalls
Radovan Janecek Avoiding S O A PitfallsSOA Symposium
 

Empfohlen

Service Oriented Enterprise Architecture and Service Oriented Enterprise
Service Oriented Enterprise Architecture and Service Oriented EnterpriseService Oriented Enterprise Architecture and Service Oriented Enterprise
Service Oriented Enterprise Architecture and Service Oriented EnterpriseYan Zhao
 
Andre Tost E S B Ref Arch
Andre Tost E S B Ref ArchAndre Tost E S B Ref Arch
Andre Tost E S B Ref ArchSOA Symposium
 
ESB Usage Scenarios and Patterns
ESB Usage Scenarios and PatternsESB Usage Scenarios and Patterns
ESB Usage Scenarios and PatternsIBM Sverige
 
SOA for Enterprise Architecture
SOA for Enterprise ArchitectureSOA for Enterprise Architecture
SOA for Enterprise ArchitectureYan Zhao
 
Enhancing The Role Of A Large Us Federal Agency As An Intermediary In The Fed...
Enhancing The Role Of A Large Us Federal Agency As An Intermediary In The Fed...Enhancing The Role Of A Large Us Federal Agency As An Intermediary In The Fed...
Enhancing The Role Of A Large Us Federal Agency As An Intermediary In The Fed...Wen Zhu
 
Anthony Carrato S O A Business Architecture
Anthony Carrato S O A Business ArchitectureAnthony Carrato S O A Business Architecture
Anthony Carrato S O A Business ArchitectureSOA Symposium
 
SOA - Enabling Interoperability And Business Agility March 2009
SOA - Enabling Interoperability And Business Agility March 2009SOA - Enabling Interoperability And Business Agility March 2009
SOA - Enabling Interoperability And Business Agility March 2009Mike Wons
 
Radovan Janecek Avoiding S O A Pitfalls
Radovan Janecek Avoiding S O A PitfallsRadovan Janecek Avoiding S O A Pitfalls
Radovan Janecek Avoiding S O A PitfallsSOA Symposium
 
Moving Beyond Project Level SOA
Moving Beyond Project Level SOAMoving Beyond Project Level SOA
Moving Beyond Project Level SOAguest0d8992
 
Developing An SOA Strategy V1
Developing An SOA Strategy V1Developing An SOA Strategy V1
Developing An SOA Strategy V1Salim Sheikh
 
Thomas Erl Introducing S O A Design Patterns
Thomas Erl Introducing S O A Design PatternsThomas Erl Introducing S O A Design Patterns
Thomas Erl Introducing S O A Design PatternsSOA Symposium
 
Concepts integrationandbiztalksoa andbpm
Concepts integrationandbiztalksoa andbpm Concepts integrationandbiztalksoa andbpm
Concepts integrationandbiztalksoa andbpm Sandro Pereira
 
Industrialised Service Delivery
Industrialised Service DeliveryIndustrialised Service Delivery
Industrialised Service DeliveryIan Thomas
 
Mohamad Afshar Moving Beyond Project Level S O A
Mohamad Afshar Moving Beyond Project Level S O AMohamad Afshar Moving Beyond Project Level S O A
Mohamad Afshar Moving Beyond Project Level S O ASOA Symposium
 
Refactoring J2EE Application for a JBI-based ESB
Refactoring J2EE Application for a JBI-based ESBRefactoring J2EE Application for a JBI-based ESB
Refactoring J2EE Application for a JBI-based ESBWen Zhu
 
ESB Overview
ESB OverviewESB Overview
ESB OverviewBahaa Farouk
 
Oracle Realizing the Potential of SOA
Oracle Realizing the Potential of SOAOracle Realizing the Potential of SOA
Oracle Realizing the Potential of SOASylvio Silveira Santos
 
Final Academic Project
Final Academic ProjectFinal Academic Project
Final Academic ProjectSyed Hassan Abbas
 
Mohamad Afshar Moving Beyond Project Level S O A V1
Mohamad Afshar Moving Beyond Project Level S O A V1Mohamad Afshar Moving Beyond Project Level S O A V1
Mohamad Afshar Moving Beyond Project Level S O A V1SOA Symposium
 
20080422 Overview of ICT research in Software & Services
20080422 Overview of ICT research in Software & Services20080422 Overview of ICT research in Software & Services
20080422 Overview of ICT research in Software & ServicesArian Zwegers
 
Telecom Transformation Using SOA
Telecom Transformation Using SOATelecom Transformation Using SOA
Telecom Transformation Using SOAdidemtopuz
 
Service Oriented Architecture (SOA) [1/5] : Introduction to SOA
Service Oriented Architecture (SOA) [1/5] : Introduction to SOAService Oriented Architecture (SOA) [1/5] : Introduction to SOA
Service Oriented Architecture (SOA) [1/5] : Introduction to SOAIMC Institute
 
Cloud Computing - A Pragmatic Approach to Cloud Adoption
Cloud Computing - A Pragmatic Approach to Cloud AdoptionCloud Computing - A Pragmatic Approach to Cloud Adoption
Cloud Computing - A Pragmatic Approach to Cloud AdoptionBob Rhubart
 
Paul Butterworth Policy Based Approach
Paul Butterworth Policy Based ApproachPaul Butterworth Policy Based Approach
Paul Butterworth Policy Based ApproachSOA Symposium
 
Service Oriented Architecture (SOA) [2/5] : Enterprise Service Bus
Service Oriented Architecture (SOA) [2/5] : Enterprise Service BusService Oriented Architecture (SOA) [2/5] : Enterprise Service Bus
Service Oriented Architecture (SOA) [2/5] : Enterprise Service BusIMC Institute
 
Science Modernisation Strategy v1 0
Science Modernisation Strategy v1 0Science Modernisation Strategy v1 0
Science Modernisation Strategy v1 0Salim Sheikh
 
SAF 2008 - Analysis and Architecture
SAF 2008 - Analysis and ArchitectureSAF 2008 - Analysis and Architecture
SAF 2008 - Analysis and Architecturemhessinger
 
Itil 2011 Mind Maps
Itil 2011 Mind MapsItil 2011 Mind Maps
Itil 2011 Mind MapsHussein Elmenshawy
 
Top 10 Perfumes for Women for All Occasions
Top 10 Perfumes for Women for All OccasionsTop 10 Perfumes for Women for All Occasions
Top 10 Perfumes for Women for All OccasionsPerfumeCrush.com
 
Everything you need to know about choosing the right running shoes
Everything you need to know about choosing the right running shoesEverything you need to know about choosing the right running shoes
Everything you need to know about choosing the right running shoesStylight
 

Weitere ähnliche Inhalte

Was ist angesagt?

Moving Beyond Project Level SOA
Moving Beyond Project Level SOAMoving Beyond Project Level SOA
Moving Beyond Project Level SOAguest0d8992
 
Developing An SOA Strategy V1
Developing An SOA Strategy V1Developing An SOA Strategy V1
Developing An SOA Strategy V1Salim Sheikh
 
Thomas Erl Introducing S O A Design Patterns
Thomas Erl Introducing S O A Design PatternsThomas Erl Introducing S O A Design Patterns
Thomas Erl Introducing S O A Design PatternsSOA Symposium
 
Concepts integrationandbiztalksoa andbpm
Concepts integrationandbiztalksoa andbpm Concepts integrationandbiztalksoa andbpm
Concepts integrationandbiztalksoa andbpm Sandro Pereira
 
Industrialised Service Delivery
Industrialised Service DeliveryIndustrialised Service Delivery
Industrialised Service DeliveryIan Thomas
 
Mohamad Afshar Moving Beyond Project Level S O A
Mohamad Afshar Moving Beyond Project Level S O AMohamad Afshar Moving Beyond Project Level S O A
Mohamad Afshar Moving Beyond Project Level S O ASOA Symposium
 
Refactoring J2EE Application for a JBI-based ESB
Refactoring J2EE Application for a JBI-based ESBRefactoring J2EE Application for a JBI-based ESB
Refactoring J2EE Application for a JBI-based ESBWen Zhu
 
Mohamad Afshar Moving Beyond Project Level S O A V1
Mohamad Afshar Moving Beyond Project Level S O A V1Mohamad Afshar Moving Beyond Project Level S O A V1
Mohamad Afshar Moving Beyond Project Level S O A V1SOA Symposium
 
20080422 Overview of ICT research in Software & Services
20080422 Overview of ICT research in Software & Services20080422 Overview of ICT research in Software & Services
20080422 Overview of ICT research in Software & ServicesArian Zwegers
 
Telecom Transformation Using SOA
Telecom Transformation Using SOATelecom Transformation Using SOA
Telecom Transformation Using SOAdidemtopuz
 
Service Oriented Architecture (SOA) [1/5] : Introduction to SOA
Service Oriented Architecture (SOA) [1/5] : Introduction to SOAService Oriented Architecture (SOA) [1/5] : Introduction to SOA
Service Oriented Architecture (SOA) [1/5] : Introduction to SOAIMC Institute
 
Cloud Computing - A Pragmatic Approach to Cloud Adoption
Cloud Computing - A Pragmatic Approach to Cloud AdoptionCloud Computing - A Pragmatic Approach to Cloud Adoption
Cloud Computing - A Pragmatic Approach to Cloud AdoptionBob Rhubart
 
Paul Butterworth Policy Based Approach
Paul Butterworth Policy Based ApproachPaul Butterworth Policy Based Approach
Paul Butterworth Policy Based ApproachSOA Symposium
 
Service Oriented Architecture (SOA) [2/5] : Enterprise Service Bus
Service Oriented Architecture (SOA) [2/5] : Enterprise Service BusService Oriented Architecture (SOA) [2/5] : Enterprise Service Bus
Service Oriented Architecture (SOA) [2/5] : Enterprise Service BusIMC Institute
 
Science Modernisation Strategy v1 0
Science Modernisation Strategy v1 0Science Modernisation Strategy v1 0
Science Modernisation Strategy v1 0Salim Sheikh
 
SAF 2008 - Analysis and Architecture
SAF 2008 - Analysis and ArchitectureSAF 2008 - Analysis and Architecture
SAF 2008 - Analysis and Architecturemhessinger
 

Was ist angesagt? (20)

Moving Beyond Project Level SOA
Moving Beyond Project Level SOAMoving Beyond Project Level SOA
Moving Beyond Project Level SOA
 
Developing An SOA Strategy V1
Developing An SOA Strategy V1Developing An SOA Strategy V1
Developing An SOA Strategy V1
 
Thomas Erl Introducing S O A Design Patterns
Thomas Erl Introducing S O A Design PatternsThomas Erl Introducing S O A Design Patterns
Thomas Erl Introducing S O A Design Patterns
 
Concepts integrationandbiztalksoa andbpm
Concepts integrationandbiztalksoa andbpm Concepts integrationandbiztalksoa andbpm
Concepts integrationandbiztalksoa andbpm
 
Industrialised Service Delivery
Industrialised Service DeliveryIndustrialised Service Delivery
Industrialised Service Delivery
 
Mohamad Afshar Moving Beyond Project Level S O A
Mohamad Afshar Moving Beyond Project Level S O AMohamad Afshar Moving Beyond Project Level S O A
Mohamad Afshar Moving Beyond Project Level S O A
 
Refactoring J2EE Application for a JBI-based ESB
Refactoring J2EE Application for a JBI-based ESBRefactoring J2EE Application for a JBI-based ESB
Refactoring J2EE Application for a JBI-based ESB
 
ESB Overview
ESB OverviewESB Overview
ESB Overview
 
Oracle Realizing the Potential of SOA
Oracle Realizing the Potential of SOAOracle Realizing the Potential of SOA
Oracle Realizing the Potential of SOA
 
Final Academic Project
Final Academic ProjectFinal Academic Project
Final Academic Project
 
Mohamad Afshar Moving Beyond Project Level S O A V1
Mohamad Afshar Moving Beyond Project Level S O A V1Mohamad Afshar Moving Beyond Project Level S O A V1
Mohamad Afshar Moving Beyond Project Level S O A V1
 
20080422 Overview of ICT research in Software & Services
20080422 Overview of ICT research in Software & Services20080422 Overview of ICT research in Software & Services
20080422 Overview of ICT research in Software & Services
 
Telecom Transformation Using SOA
Telecom Transformation Using SOATelecom Transformation Using SOA
Telecom Transformation Using SOA
 
Service Oriented Architecture (SOA) [1/5] : Introduction to SOA
Service Oriented Architecture (SOA) [1/5] : Introduction to SOAService Oriented Architecture (SOA) [1/5] : Introduction to SOA
Service Oriented Architecture (SOA) [1/5] : Introduction to SOA
 
Cloud Computing - A Pragmatic Approach to Cloud Adoption
Cloud Computing - A Pragmatic Approach to Cloud AdoptionCloud Computing - A Pragmatic Approach to Cloud Adoption
Cloud Computing - A Pragmatic Approach to Cloud Adoption
 
Paul Butterworth Policy Based Approach
Paul Butterworth Policy Based ApproachPaul Butterworth Policy Based Approach
Paul Butterworth Policy Based Approach
 
Service Oriented Architecture (SOA) [2/5] : Enterprise Service Bus
Service Oriented Architecture (SOA) [2/5] : Enterprise Service BusService Oriented Architecture (SOA) [2/5] : Enterprise Service Bus
Service Oriented Architecture (SOA) [2/5] : Enterprise Service Bus
 
Science Modernisation Strategy v1 0
Science Modernisation Strategy v1 0Science Modernisation Strategy v1 0
Science Modernisation Strategy v1 0
 
SAF 2008 - Analysis and Architecture
SAF 2008 - Analysis and ArchitectureSAF 2008 - Analysis and Architecture
SAF 2008 - Analysis and Architecture
 
Itil 2011 Mind Maps
Itil 2011 Mind MapsItil 2011 Mind Maps
Itil 2011 Mind Maps
 

Andere mochten auch

Top 10 Perfumes for Women for All Occasions
Top 10 Perfumes for Women for All OccasionsTop 10 Perfumes for Women for All Occasions
Top 10 Perfumes for Women for All OccasionsPerfumeCrush.com
 
Everything you need to know about choosing the right running shoes
Everything you need to know about choosing the right running shoesEverything you need to know about choosing the right running shoes
Everything you need to know about choosing the right running shoesStylight
 
Analysis on Footwear industry
Analysis on Footwear industryAnalysis on Footwear industry
Analysis on Footwear industrydjsam13
 

Andere mochten auch (6)

Top 10 Perfumes for Women for All Occasions
Top 10 Perfumes for Women for All OccasionsTop 10 Perfumes for Women for All Occasions
Top 10 Perfumes for Women for All Occasions
 
Everything you need to know about choosing the right running shoes
Everything you need to know about choosing the right running shoesEverything you need to know about choosing the right running shoes
Everything you need to know about choosing the right running shoes
 
Coffee king b plan
Coffee king b planCoffee king b plan
Coffee king b plan
 
Nike Ppt
Nike PptNike Ppt
Nike Ppt
 
Analysis on Footwear industry
Analysis on Footwear industryAnalysis on Footwear industry
Analysis on Footwear industry
 
Business Plan For Adidas
Business Plan For AdidasBusiness Plan For Adidas
Business Plan For Adidas
 

Ähnlich wie Innovative Marriage of Security and Performance in SOA Based Dynamic Enterprises

Cloud Computing and SOA from Enterprise Perspective
Cloud Computing and SOA from Enterprise PerspectiveCloud Computing and SOA from Enterprise Perspective
Cloud Computing and SOA from Enterprise PerspectiveYan Zhao
 
Soa Governance And Security V1.1
Soa Governance And Security V1.1Soa Governance And Security V1.1
Soa Governance And Security V1.1Dr. Mehmet Yildiz
 
Oracle: Como apalancar los nuevos modelos de negocios con tecnología Oracle d...
Oracle: Como apalancar los nuevos modelos de negocios con tecnología Oracle d...Oracle: Como apalancar los nuevos modelos de negocios con tecnología Oracle d...
Oracle: Como apalancar los nuevos modelos de negocios con tecnología Oracle d...Entel
 
Implementing Applications with SOA and Application Integration Architecture
Implementing Applications with SOA and Application Integration ArchitectureImplementing Applications with SOA and Application Integration Architecture
Implementing Applications with SOA and Application Integration ArchitectureBob Rhubart
 
Executive Overview Using Soa To Improve Operational Efficiency
Executive Overview Using Soa To Improve Operational EfficiencyExecutive Overview Using Soa To Improve Operational Efficiency
Executive Overview Using Soa To Improve Operational Efficiencysean.mcclowry
 
'A View-Based Approach to Quality of Service Modelling in Service-Oriented En...
'A View-Based Approach to Quality of Service Modelling in Service-Oriented En...'A View-Based Approach to Quality of Service Modelling in Service-Oriented En...
'A View-Based Approach to Quality of Service Modelling in Service-Oriented En...IIBA_Latvia_Chapter
 
Service Oriented Approach to Application Modernization sept 2010
Service Oriented Approach to Application Modernization sept 2010Service Oriented Approach to Application Modernization sept 2010
Service Oriented Approach to Application Modernization sept 2010davemayo
 
S Ven Hakan Olsson Compos Index
S Ven Hakan Olsson Compos IndexS Ven Hakan Olsson Compos Index
S Ven Hakan Olsson Compos IndexSOA Symposium
 
Mohan k. bavirisetty introduction to semantic soa & bpm sept 14 2010 v 1.0
Mohan k. bavirisetty introduction to semantic soa & bpm sept 14 2010 v 1.0Mohan k. bavirisetty introduction to semantic soa & bpm sept 14 2010 v 1.0
Mohan k. bavirisetty introduction to semantic soa & bpm sept 14 2010 v 1.0Dr. Mohan K. Bavirisetty
 
CMAD Group Workbook 6 SOA
CMAD Group Workbook 6 SOACMAD Group Workbook 6 SOA
CMAD Group Workbook 6 SOAAlexander Doré
 
Enterprise Architecture as a Competitive Advantage in the MarkITS
Enterprise Architecture as a Competitive Advantage in the MarkITSEnterprise Architecture as a Competitive Advantage in the MarkITS
Enterprise Architecture as a Competitive Advantage in the MarkITSmarkits
 
Websphere Business Integration
Websphere Business IntegrationWebsphere Business Integration
Websphere Business IntegrationSchubert Gomes
 
SOA architecture patterns, Matjaž Jurič (FRI/Univerza v Ljubljani)
SOA architecture patterns, Matjaž Jurič (FRI/Univerza v Ljubljani)SOA architecture patterns, Matjaž Jurič (FRI/Univerza v Ljubljani)
SOA architecture patterns, Matjaž Jurič (FRI/Univerza v Ljubljani)OpenBlend society
 
service orentation documentation
service orentation documentationservice orentation documentation
service orentation documentationpavan nani
 

Ähnlich wie Innovative Marriage of Security and Performance in SOA Based Dynamic Enterprises (20)

Cloud Computing and SOA from Enterprise Perspective
Cloud Computing and SOA from Enterprise PerspectiveCloud Computing and SOA from Enterprise Perspective
Cloud Computing and SOA from Enterprise Perspective
 
Soa Governance And Security V1.1
Soa Governance And Security V1.1Soa Governance And Security V1.1
Soa Governance And Security V1.1
 
Oracle: Como apalancar los nuevos modelos de negocios con tecnología Oracle d...
Oracle: Como apalancar los nuevos modelos de negocios con tecnología Oracle d...Oracle: Como apalancar los nuevos modelos de negocios con tecnología Oracle d...
Oracle: Como apalancar los nuevos modelos de negocios con tecnología Oracle d...
 
Implementing Applications with SOA and Application Integration Architecture
Implementing Applications with SOA and Application Integration ArchitectureImplementing Applications with SOA and Application Integration Architecture
Implementing Applications with SOA and Application Integration Architecture
 
soa ppt v7.ppt
soa ppt v7.pptsoa ppt v7.ppt
soa ppt v7.ppt
 
Executive Overview Using Soa To Improve Operational Efficiency
Executive Overview Using Soa To Improve Operational EfficiencyExecutive Overview Using Soa To Improve Operational Efficiency
Executive Overview Using Soa To Improve Operational Efficiency
 
TOGAF 9 Soa Governance Ver1 0
TOGAF 9 Soa Governance Ver1 0TOGAF 9 Soa Governance Ver1 0
TOGAF 9 Soa Governance Ver1 0
 
'A View-Based Approach to Quality of Service Modelling in Service-Oriented En...
'A View-Based Approach to Quality of Service Modelling in Service-Oriented En...'A View-Based Approach to Quality of Service Modelling in Service-Oriented En...
'A View-Based Approach to Quality of Service Modelling in Service-Oriented En...
 
Service Oriented Approach to Application Modernization sept 2010
Service Oriented Approach to Application Modernization sept 2010Service Oriented Approach to Application Modernization sept 2010
Service Oriented Approach to Application Modernization sept 2010
 
S Ven Hakan Olsson Compos Index
S Ven Hakan Olsson Compos IndexS Ven Hakan Olsson Compos Index
S Ven Hakan Olsson Compos Index
 
Mohan k. bavirisetty introduction to semantic soa & bpm sept 14 2010 v 1.0
Mohan k. bavirisetty introduction to semantic soa & bpm sept 14 2010 v 1.0Mohan k. bavirisetty introduction to semantic soa & bpm sept 14 2010 v 1.0
Mohan k. bavirisetty introduction to semantic soa & bpm sept 14 2010 v 1.0
 
CMAD Group Workbook 6 SOA
CMAD Group Workbook 6 SOACMAD Group Workbook 6 SOA
CMAD Group Workbook 6 SOA
 
SOA helps in building Interoperability, Agility, and Flexibility
SOA helps in building Interoperability, Agility, and FlexibilitySOA helps in building Interoperability, Agility, and Flexibility
SOA helps in building Interoperability, Agility, and Flexibility
 
SOA Course - Next Generation
SOA Course - Next GenerationSOA Course - Next Generation
SOA Course - Next Generation
 
Enterprise Architecture as a Competitive Advantage in the MarkITS
Enterprise Architecture as a Competitive Advantage in the MarkITSEnterprise Architecture as a Competitive Advantage in the MarkITS
Enterprise Architecture as a Competitive Advantage in the MarkITS
 
Websphere Business Integration
Websphere Business IntegrationWebsphere Business Integration
Websphere Business Integration
 
SOA architecture patterns, Matjaž Jurič (FRI/Univerza v Ljubljani)
SOA architecture patterns, Matjaž Jurič (FRI/Univerza v Ljubljani)SOA architecture patterns, Matjaž Jurič (FRI/Univerza v Ljubljani)
SOA architecture patterns, Matjaž Jurič (FRI/Univerza v Ljubljani)
 
service orentation documentation
service orentation documentationservice orentation documentation
service orentation documentation
 
Soa & Bpel With Web Sphere
Soa & Bpel With Web SphereSoa & Bpel With Web Sphere
Soa & Bpel With Web Sphere
 
Soa & Bpel With Web Sphere
Soa & Bpel With Web SphereSoa & Bpel With Web Sphere
Soa & Bpel With Web Sphere
 

Kürzlich hochgeladen

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 

Kürzlich hochgeladen (20)

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 

Innovative Marriage of Security and Performance in SOA Based Dynamic Enterprises

  • 1. SOLEA Service-Oriented Locally adapted Enterprise Architecture Innovative Marriage of Security and Performance in SOA Based Dynamic Enterprises Sponsors: Presented by: -Helsinki University of Technology Dr. Mehmet Yildiz -University of Kuopio IBM Certified Executive IT Architect myildizmel@gmail.com Abridged version Proposed Abstract: “All enterprise systems have two key concerns: security and performance. All CIO / CTOs have these two in their daily agenda through the life cycle of their mission critical business systems. These two aspects hardly go along well unless specialised design considerations, innovative techniques and methodical practices are applied. Finding the right balance for security and performance marriage is a significant challenge for dynamic enterprises especially when the Service Oriented Architecture (SOA) is the key enabler of it. This paper aims at identifying key security and performance factors for SOA projects in dynamic enterprises and how they can be efficiently architected for desired business outcomes. In this paper, the experience based claims are substantiated with industry based literature review and a sample case study from the field.” 1
  • 2. SOLEA Agenda -Introduction -Theme 1: EA and SOA in Dynamic Enterprise -Theme 2: SOA Performance Research -Theme 3: SOA Security Focus SOA Reference Architecture QoS -Conclusion Layer 7 Perf/Sec 2
  • 3. SOLEA Introduction and Methodology • Purpose –Share experience –SOA and EA are important • Data collection, analysis and validation of results –Lessons learnt out of over 50 projects –Interaction (surveys and interviews) with over 100 architects –Industry literature –Academic research papers –Invention disclosures –Experience from 3 full cycle SOA and 10 EA engagements –Leader of Architecture Lessons Learnt CoP harvesting IP from field –Validation of findings with selected top 10 SOA practitioners from diverse organisations and industries • Still so much to learn! 3
  • 4. SOLEA Theme 1: EA and SOA in Dynamic Enterprise S A O EA ESB 4
  • 5. SOLEA Evaluation of Current Architecture Frameworks CS1 None of the assessed frameworks fully meets the major criteria in the Regensburg study. Hence use of combination of frameworks is suggested. 5 Ref: Susanne Leist and Gregor Zellner University of Regensburg, Institute of Information Management, Germany
  • 6. SOLEA SOA Vendors for New Systematic Applications Gartner’s Magic Quadrant for Application Infrastructure for New Systematic SOA Application Projects There are many vendors investing on SOA Application Projects. Leveraging their experience is important 6 Ref: Gartner’s Magic Quadrant for New Systematic Applications
  • 7. SOLEA Key SOA Concepts … a service? … service orientation? A way of integrating your A repeatable business business as linked Composable services task – e.g., check customer credit; open and the outcomes that new account they bring Interoperable SOA SOA Re-Usable Re- Loosely … service oriented Coupled … a composite architecture (SOA)? application? An IT architectural style A set of related & that supports integrated services that service orientation support a business process built on an SOA 7
  • 8. SOLEA Definition of Service and System - Technically Extract from Webster Service A service is a program we interact with via message exchanges System A system is a set of deployed services cooperating in a given task Services Science An interdisciplinary approach to the study, design, and implementation of services systems – complex systems in which specific arrangements of people and technologies take actions that provide value for others. 8 Ref: Webster Dictionary
  • 9. SOLEA Service Integration Maturity Model (SIMM ) Typical SOA Projects SOA Maturity Assessment Dynamically Composite Virtualized Re-Configurable Silo Integrated Componentized Services Services Services Services Componentized Processes Provided Mix & match Outsourced Isolated Business Business Process Componentized Business Provides & Consumed via business capabilities Business services; BPM Line Driven Integration Business & Consumes Composite Business via context-aware and BAM Services services services SOA and IT Governance Ad hoc LOB IT Ad hoc Enterprise Common SOA and IT Organization Emerging SOA Infrastructure Implemented Strategy & IT Strategy & Governance Governance Governance Governance using automated Governance Governance processes Alignment Alignment Policies Service Structured Object Component Service Service Grammar Oriented Methods Analysis & Oriented Based Oriented Oriented Oriented Modeling for Design Modeling Development Modeling Modeling Modeling infrastructure Dynamic Applications Application Applications composed of Virtualized Modules Objects Components Services Assembly; Composite Services context-aware Services invocation Dynamically Re- Architecture Monolithic Layered Component Emerging Grid Enabled SOA Configurable Architecture Architecture Architecture SOA SOA Architecture Enterprise Virtualized Application LOB or Enterprise Information as a Business Data Semantic Data Information Canonical Models Information Specific Specific Service Dictionary & Vocabularies Services Repository Context-aware Common Project-based SOA Infrastructure LOB Platform Platform Common SOA Event-based Reusable SOA Environment; Specific Specific Environment Sense & Infrastructure Environment Sense & Respond Respond 9 http://www.opengroup.org/projects/osimm/ 3 Level 1 Level 2 Level Level 4 Level 5 Level 6 Level 7
  • 10. SOLEA Why SOA – An executive view The paradigm shift of using services instead of APIs Composable means simplified interaction, less communication, rs artne and reduced complexity le p ultip Interoperable SOA SOA Re-Usable Re- to m “SOA necti ng Loosely con Resource Coupled Train”* erfa c e e int Reuse Business es ingl ur gh sec Application Agility Throu Integration Infrastructure Flexibility Business Application Resources Standards-based approach Infrastructure Processes speeds business process Architecture automation SOI 10 *Concept created by Mehmet Yildiz, 2007, IBM
  • 11. SOLEA A SOA Reference Architecture Sample CS1 Enterprise Architecture Ref Architecture for Ref Architecture for a Service Areas Ref Architecture for a Program Single Project 11Ref: IBM and Open Group
  • 12. SOLEA 7 Concerns at Layer 7 - QoS CS1 1.Increased virtualization 2.Loose coupling Layer 7 3.Widespread use of XML 4.The composition of federated services 5.Heterogeneous computing infrastructures 6.Decentralized SLAs 7.The need to aggregate IT QoS metrics to produce business metrics 12Ref: IBM and Open Group SOA Reference Architecture
  • 13. SOLEA Security and Performance Relationship Performance Belief: The harder the security the lower the performance in any SOA project Security 13
  • 14. SOLEA Security vs Performance in Dynamic Enterprises CS1 Balance of Dynamic Enterprise Dynamic SOA* Supports Dynamic Applications Supports Dynamic Infrastructure Security Security Performance Supports Dynamic Operations Availability and Satisfaction Dynamic Dynamic Security Performance 14Concept introduced by Mehmet Yildiz, 2007, IBM
  • 15. SOLEA Theme 2: SOA Performance heterogeneous abstraction infrastructures Performance federated open service standards ecosystem Compliance Internal Governance distributed Open computing protocols 15
  • 16. SOLEA Major Source of Performance & Scalability Issues CS1 Architecture 19% Development 56% Production 25% 16 Ref: Optimizing Service-Level Performance, Jean-Pierre Garbani Forrester Research
  • 17. SOLEA [An Observed] SOA Perf/Sec Effort Indication* CS P-H =Case Studies P-H S-H 1, 2, 3 S-H Operational Services Support Integration S-M P-M =Complexity Indicators P-M S-M Extreme Infrastructure P-M Build S-M High Application n Packaging esig P-M P-L e &D S-M Code Data Migrationtur S-L tec l Ar chi Medium t ua Ac d ne Plan Low 17Ref: SOA performance assessement research results by Mehmet Yildiz, 2008, IBM
  • 18. SOLEA Performance Complexity Indication CS1, 2, 3 Code Application Operations / Infrastructure Production Services Integration 18Ref: Concept and research results by Mehmet Yildiz, 2008, IBM
  • 19. SOLEA Performance with FastSOA SS FastSOA is an architecture and software coding practice that addresses 3 key problems: 1 Solves the SOAP binding 1 Solves the SOAP binding 2. Uses native XML 2. Uses native XML 3. Introduces a 3. Introduces a (proxy) performance problem (proxy) performance problem persistence to avoid persistence to avoid mid-tier service mid-tier service by reducing the need for Java by reducing the need for Java XML-to-relational cache to provide XML-to-relational cache to provide objects and increasing the use objects and increasing the use transformation transformation SOA service SOA service of native XML environments to of native XML environments to provide SOAP bindings. performance problems. performance problems. acceleration. acceleration. provide SOAP bindings. 19 Ref: http://www.ibm.com/developerworks/xml/library/x-accsoa/
  • 20. SOLEA Benefits of SOA Appliances SS Hardened & specialized Meet Higher levels of hardware for helping to security assurance integrate, secure certifications (government Many functions FIPS Level 3 HSM) and accelerate SOA integrated into a single device Higher performance Simplified deployment with hardware and acceleration ongoing management (more security checks without slow downs) 20 Ref: Extracted from IBM Websphere Datapower White Paper
  • 21. SOLEA Simplification with SOA Appliances SS CS1 21 Ref: Extracted from IBM Websphere Datapower White Paper
  • 22. SOLEA Popular SOA Management Tools SS CS1 The complexity of SOA environments and applications demands management tools from inception to deployment to operations and beyond. Tools (Alphabetically) Summary of Key Functions AmberPoint's A policy-based run-time governance software suite, SOA performance in production. Includes a run- time repository, service network monitoring, SOA security, service-level monitoring. SOA Management System: BMC Software's AppSight: Performs automated problem resolution in SOA implementations to alleviate and eliminate application problems. CA's Wily SOA Solution: Monitors the performance and availability of Web services, application performance on client machines and other components in the SOA environment. HP's SOA Manager: The software can define and maintain a dynamic model of services, including software assets and virtual servers; and manage application and Web services performance within that SOA model. IBM's Tivoli Composite Application Monitors, manages and controls the Web-services layer of IT architectures, and identifies the source of bottlenecks or failures. Manager (ITCAM) for SOA: iTKO's LISA Enterprise SOA Focuses on the software performs unit, regression, functional and load testing, as well as post deployment monitoring tasks. Testing platform: Mindreef's SOAPscope Server: Enables task-oriented collaboration regardless of role, skill set or development environment -- which makes it possible to find quickly and address any performance problems that arise, the company says. OpTier's CoreFirst Monitors the performance of services, components and transactions. Progress Software's Actional for Uses agent technology that watches messages entering and exiting XML appliances and application servers to build a map of what happens in an SOA infrastructure. Helps with performance alerting, SOA Operations dependency analysis, problem detection and resolution. Tidal Software's Intersperse Enables the proactive detection of problems, problem localization and root-cause analysis. http://www.javaworld.com/javaworld/jw-10-2007/jw-10-soa-management-tools.html?page=11 22
  • 23. SOLEA Theme 3: SOA Security heterogeneous abstraction infrastructures federated open service standards ecosystem Compliance internal Governance Security distributed Open computing protocols 23
  • 24. SOLEA Typical Security Architecture for an Enterprise CS1 Externally Highly Controlled Secure Zone External Business Zone External Internal Zone Uncontrolled Demilitarized Zone Special Domain 24
  • 25. SOLEA Typical SOA Security Architecture CS1 25 Ref: IBM SOA Security Red Book, Dr. Paul Ashley et al
  • 26. SOLEA SOA Security Reference Model by IBM CS1 26 Ref: IBM SOA Security Red Book, Dr. Paul Ashley et al
  • 27. SOLEA Top 10 Security Principles for Dynamic Enterprises From National Institute of Standards and Technology Key Points Descriptions CS1 Only grant access to what is required. 1. Least Privilege Relying on more than one component or mechanism to be secure, failure of a 2. Defense in Depth single security solution may compromise the entire security. Forces attackers to use a narrow channel of access where actions can be 3. Choke Point monitored and controlled. Security is only as strong as the weakest link. Smart attackers will seek the 4. Weakest Link weakest point to attack. Systems should fail in such a way that it denies access to an attacker rather than 5. Fail-Safe Stance grants access. Everyone needs to be concerned with security. Failure from one person or or area 6. Universal Participation can be dramatic! Do not rely on only one (type of) system or application for security, no matter how 7. Diversity of Defense strong or comprehensive it may be. (e.g. one firewall). The more complex the security environment, the riskier it is for security. 8. Simplicity To minimize the amount of damage that can be done to an environment (or 9. Compartmentalization system), break the environment up (or system) into isolated units. Historically, insiders account for 65% of all attacks. Protections should make little 10 Inside/outside threats difference for an inside or outside attack. http://csrc.nist.gov/publications/nistpubs/800-27/sp800-27.pdf 27 There are 33 important principles by NIST!
  • 28. SOLEA Granular Security Assessment feeding SM CS1 Subsystem Components and Elements for Each Subsystems and Functions Impact Likelihood Credential Subsystem Insignificant Minor Moderate Major Catastrophic Almost Certain Information Flow Control Subsystem Likely Access Control Subsystem Moderate Security Audit Unlikely Subsystem Integrity Rare Subsystem 28 Adapted from IBM’s Systems Engineering Method
  • 29. SOLEA SOA Security Architectural Decisions Samples Documenting and obtaining sign Decision 2: off for the architectural decisions Provide authorization at every layer at the very beginning of the SOA in the architecture Course grained project is essential at the point of contact servers Increasing more fine grained towards the back-end systems Decision 1: Use SAML 2.0 Browser Artifact Profile for Federated web single sign-on Decision 4: Use only standards based interconnections Decision 3: WS-Security Use point of contact servers in a DMZ environment for all in-coming and out- WS-Trust going transactions. Use hardware SAML appliances for dealing with web services messages WS-I Basic Security Profile 29
  • 30. SOLEA Conclusion Messages PERFORMANCE & SECURITY IS (E2E) LONG TERM JOURNEY. Map PM to SM! A tight relationship for desired results! Target is SIMM Level 7! Security and performance EA is important SOA also helps EA to are like Ying & Yang, hence for successful be more efficient for require balance all the time SOA projects & an organisation provides a map Every marriage require Every marriage require Performance & Standards, policies, commitment. & lifetime commitment. & lifetime security work MUST models, compliance, agility and architecture support so does SOA marriage support so does SOA marriage start from inception! of security & performance of security & performance Any delay is a critical are very important factors factor for SOA QoS Beware, SOA projects require different Use of methodical and approach than traditional SOA projects are systematic approach projects and may take full of unknowns produce better results longer and may cost depending on for SOA more; it is not number of necessarily easiest! services. 30 Ref: Extracted from M. Yildiz’ SOA Performance and Security Paper, 2008