Security, Governance, & Integration in a Cloud- Connected World Jaime Ryan Partner Solutions Architect [email protected] July 19, 2011 Pierre Fricke Director, SOA Products, Red Hat [email protected]
Aug 20, 2015
Security, Governance, & Integration in a Cloud-
Connected World Jaime Ryan
Partner Solutions Architect
July 19, 2011
Pierre FrickeDirector, SOA Products, Red Hat
2
Questions
- Chat any questions you have and we’ll answer them at the end of this call
- Today’s event hashtag:
- #L7Webinar
- Follow us on Twitter as well:
- @JryanL7
- @pfrickerht
- @layer7
- @RedHatNews
Agenda
�Challenges faced by businesses and
governments
�SOA and Cloud as Solutions
�Integration to the Cloud is Evolutionary
�Challenges around Security and Governance
3
�Challenges around Security and Governance
�Specific needs for Partner, SaaS, and IaaS/PaaS
deployments
�SOA Platform + SOA Gateway for End-to-End
Integration, Security, and Governance
10
Integration in the cloud is evolutionary Services for Business Logic and Data
Logic Data Logic DataLogic Data
HR LOBCRM
ServiceData
ServiceService
DataService
Service Service
Service
11
Integration in the cloud is evolutionary Services Enable Business Processes
Logic Data Logic DataLogic Data
HR LOBCRM
ServiceData
ServiceService
DataService
Service Service
Service
Business Processes
12
Integration in the cloud is evolutionaryIntelligent Services via Rules
Logic Data Logic DataLogic Data
HR LOBCRM
ServiceData
ServiceService
DataService
Service Service
Service
Business Processes
BusinessRules
ServiceRulesService
13
JBoss Enterprise SOA Platform
A flexible, standards-based platform to integrate applications, SOA services,
business events and automate business processes.
Use Cases: Finance – Integrate back and front Office apps
Healthcare – Eliminate unnecessary paper
Government – Citizen self-service
Intelligent, Active Messaging Infrastructure
Generally: Eliminate manual pain points across applications
Enable the agile enterprise; integrate cloud into your business
� Open Choice Integration
Application, Rules (and Data)
EAI, Services, Intelligent EDA
Messaging� Workflow and Service Orchestration� Registry� Rock solid enterprise-tested
foundation
JBoss Enterprise SOA Platform
Workflow Rules
JBoss ESBTransformation, Routing, Event Management
JBoss Enterprise Application PlatformContainer services, Hibernate, Web Services stack, Seam, Clustering,
Cache, Messaging, Transactions
Red Hat Enterprise LinuxWindows, UNIX, other Linux
Registry
14
Turns the data you have into the information you need
Augments and extends SOA Platform to address data access, integration and abstraction.
• SOA Patterns, best practices
• Reporting/Analytics enablement
• Master Data Services
• Data Governance, Compliance
Real-time read/write access to heterogeneous data stores
Speeds application development by simplifying access to distributed data
Centralized access control, auditing
JBoss Enterprise Data Services PlatformReal Time Data Services to Accelerate Superior Business Execution
JDBC/ODBC
Data VirtualizationData Access, Federation
JBoss Enterprise Data Services
Metadata Repository
Repository Services
Workflow Rules
JBoss ESBTransformation, Routing, Event Management
JBoss Enterprise Application PlatformContainer services, Hibernate, Web Services stack, Seam, Clustering,
Cache, Messaging, Transactions
Red Hat Enterprise LinuxWindows, UNIX, other Linux
Registry
15
Integration in the cloud is evolutionaryIntegration Fabric with JBoss Enterprise Middleware
JBoss SOA Middleware
ODBC SOAP .NETHTTP/POX
JMS RESTHTTP/POX
JDBCFile FTPAMQP
4
Enterprise integration challenges regarding SOA and
Cloud Computing
IT assets distributed in various zones
Increasing demand for cloud/partner/customer integration
Internal
Cloud Deployments
Cross-Department
Standards-based Custom/Legacy
External
Packaged Apps
Legacy Apps
On-Premise SOA
Partner Apps
Third-Party SaaS
Security?
Governance?
Integration?
Integration?
Security?
Governance?
5
The New Enterprise Landscape
distributed enterprise SOA
SAAS
partner
Next Generation ESB
Next-Gen ESB
CRM ERP
6
Extending ESB Integration to the Cloud
Layer 7 SOA and Cloud Gateways
Policy Enforcement Point (PEP) for Runtime
Security and Governance
Integration with ESB infrastructure
- Registry/Repository
- Protocol Mediation
- Message Transformation
- Monitoring Tools
- Reporting Tools
Common industries
- Government
- Financial Services
- Telecommunications
- Energy & Utilities
- Retail
7
Deployment Scenarios
Scenarios depend on control
Deployment 1 – Partner Applications
- Only control one end of the transaction
- Custom integrations
- Protect both incoming and outgoing
- Manage service interfaces and SLAs
Deployment 2 – Cloud Integration (SaaS)
- Only control one end
- Templated integrations
- Identity propagation is key
- Monitor and monetize external usage
Deployment 3 – Cloud Deployments (IaaS/PaaS)
- Control both ends
- Standard integrations
- Extend the enterprise to the cloud
partner
SaaS
8
Deployment 1 – Partner Applications
On-premise Apps and DataExternal Systems
partner
Security
• Access Control
• Integration with identity infrastructure
• Authentication/Authorization
• Complete WS-Security, WS-Policy support
• Data Security
• Threat Protection
• Security Certifications
Governance
• Service abstraction
• Service versioning
• Service lifecycle
• High Availability
• Rate Limiting
• SLA Enforcement
JBoss Enterprise SOA Platform
Workflow Rules
JBoss ESB
JBoss Enterprise Application Platform
Registry
9
Deployment 2 – Cloud Integration (SaaS)
On-premise Apps and Data
Security
• Single Sign-on
• Full WS-Trust STS
• OAuth tools
• Data validation
• SOAP, XML, REST, JSON
• SaaS templates
• Caching infrastructure
Governance
• QoS Monitoring
• Reporting
• Monetization
SaaS
JBoss Enterprise SOA Platform
Workflow Rules
JBoss ESB
JBoss Enterprise Application Platform
Registry
10
Deployment 3 – Cloud Integration (PaaS/IaaS)
On-premise Apps and Data
Security
• End-to-End Secure Channel
• Automated security decoration
• Transport- and message-layer
• Identity Propagation
• Routing/Orchestration
• Real-time Policy Enforcement
Governance
• Gateway monitoring
• Migration across
environments
• Cluster management
• Standards-based
integration
Cloud-Resident Apps and Data
JBoss Enterprise SOA Platform
Workflow Rules
JBoss ESB
JBoss Enterprise Application Platform
Registry
JBoss Enterprise SOA Platform
Workflow Rules
JBoss ESB
JBoss Enterprise Application Platform
Registry
11
SOA Gateway Form Factors
Hardware Appliance
• Military grade security device
• Common criteria EAL 4+
• FIPS 140-2 level 3 certified HSM
• 5G hardware XML acceleration
Virtual Appliance
• Pre-installed, hardened image
• VMWare ESX, Xen, Amazon EC2
• FIPS certified software crypto mode
• XML acceleration software mode
Hardware and Virtual Appliance options allow deployment on-
premise or in the cloud. Each enables ‘drop-in’ solution with
minimal deployment time and instant value. No agents to deploy, no
dependencies.
…also available as software for Linux and Solaris
12
SOA Platform + SOA Gateway
SOA Platform
- Integration (EAI, SOA, event-driven)
- Unified data views
- Workflow and service orchestration
- Business rules execution
- Flexible and extensible
SOA Gateway
- Secure perimeter
- On- and off-ramp to the ESB
- Bridge to external connections
- Participant in federated ESB deployments
- Application-aware externalization of policy
- Data collection for API management
JBoss Enterprise SOA Platform
Workflow Rules
JBoss ESB
JBoss Enterprise Application Platform
Registry
for more information
http://www.layer7tech.com
Jaime Ryan – [email protected]
Pierre Fricke – [email protected]