Layer7's picture
From Layer7 rss RSS  subscribe Subscribe

Managing SOA Security and Operations with SecureSpan 

Presented at JBoss World 2009, this presentation looks at how you can manage SOA security using Layer 7's SecureSpan XML Gateway.

 
 
 
Tags:  SOA  Cloud  Standards  Governance  Security  XML  Gateway  Layer 7 Technologies 
Views:  368
Downloads:  2
Published:  November 17, 2010
 
0
download

Share plick with friends Share
save to favorite
Report Abuse Report Abuse
 
Related Plicks
Layer 7: The Importance Of Standards For Enterprise SOA and Cloud Security

Layer 7: The Importance Of Standards For Enterprise SOA and Cloud Security

From: Layer7
Views: 301 Comments: 0
The The importance of standards for Enterprise SOA and Cloud security looks at SOA and cloud; Loose coupling and security; Agility and security; Vendor neutrality and security; Enterprise cloud and identity. With real-world examples.
 
Automated SOA Policy Enforcement

Automated SOA Policy Enforcement

From: Layer7
Views: 372 Comments: 0
A service is not actually a reusable service until it has completed governance processes and is ready to meet run-time governance requirements. This presentation looks at the challenges of run-time SOA governance, critical elements for a run-time go (more)

 
Enabling Hybrid Enterprise Cloud and SOA

Enabling Hybrid Enterprise Cloud and SOA

From: Layer7
Views: 523 Comments: 0
Enterprises that already started adopting SOA internally are in a better position to leverage cloud computing, but the precieved security risks and identity challenges have slowed adoption. This presentation looks at several of these issues, and way (more)

 
Introducing Layer 7's Oracle Service Bus Appliance

Introducing Layer 7's Oracle Service Bus Appliance

From: Layer7
Views: 604 Comments: 0
Presented at Oracle Open World 2009, this presentation is an overview of Layer 7's Oracle Service Bus Appliance.
 
Why and How to Replace Your Cisco ACE XML Gateway

Why and How to Replace Your Cisco ACE XML Gateway

From: Layer7
Views: 700 Comments: 0
Cisco's ACE XML Gateway is sunsetting in 2011. This presentation looks at why and how you need to go about migrating to a new XML Gateway.
 
Enterprise SOA with SecureSpan and JavaCaps

Enterprise SOA with SecureSpan and JavaCaps

From: Layer7
Views: 226 Comments: 0
SecureSpan XML Gateway and JavaCaps complement themselves to provide the foundation of Enterprise SOA. Each products’ strengths rely on standards based integration mechanisms. This presentation looks at using both for your SOA projects.
 
Get You SOA to Production Without Cost Complexity

Get You SOA to Production Without Cost Complexity

From: Layer7
Views: 195 Comments: 0
Presented at JBoss World 2009, this is a look at using Red Hat's JBoss Enterprise SOA Platform with Layer 7's SecureSpan XML Gateway.
 
See all 
 
More from this user
Introducing Layer 7's Oracle Service Bus Appliance

Introducing Layer 7's Oracle Service Bus Appliance

From: Layer7
Views: 604
Comments: 0
Fine-Grained Authorization for Web Services

Fine-Grained Authorization for Web Services

From: Layer7
Views: 850
Comments: 0
Get You SOA to Production Without Cost Complexity

Get You SOA to Production Without Cost Complexity

From: Layer7
Views: 195
Comments: 0
Why and How to Replace Your Cisco ACE XML Gateway

Why and How to Replace Your Cisco ACE XML Gateway

From: Layer7
Views: 700
Comments: 0
Automated SOA Policy Enforcement

Automated SOA Policy Enforcement

From: Layer7
Views: 372
Comments: 0
Enabling Hybrid Enterprise Cloud and SOA

Enabling Hybrid Enterprise Cloud and SOA

From: Layer7
Views: 523
Comments: 0
See all 
 
 
 URL:          AddThis Social Bookmark Button
Embed Thin Player: (fits in most blogs)
Embed Full Player :
 
 

Name

Email (will NOT be shown to other users)

 
 
 
Comments: (watch)
 
 
Notes:
 
Slide 1: Managing SOA Security and Operations with SecureSpan Francois Lascelles Technical Director, Layer 7 Technologies 1 JBoss World 2009 | Francois Lascelles
Slide 2: About Layer 7 Layer 7 is the leading vendor of security and governance for: Cloud Customers XML 2003 2 2006 JBoss World 2009 | Francois Lascelles 2009 Revenue SOA
Slide 3: Why Layer 7 SecureSpan? • Faster time to market • Reduce development, deployment and management efforts • JBossESB infrastructure service, delegate business logic • Faster additions, changes • Governance • Enterprise-wide view of services • Real time monitoring, reporting • Agility • Service virtualization • Decoupled policy enforcement • Security • Threat protection, access control, trust management, … 3 JBoss World 2009 | Francois Lascelles
Slide 4: SecureSpan XML Gateway  secure ws transit point  ws-security implementation  trust management  mediation, integration  threat protection  auditing, sla  monitoring, reporting 4 JBoss World 2009 | Francois Lascelles
Slide 5: Hardware or software appliance form factor COTS appliance form factor enables ‘drop-in’ solution with minimal deployment time and instant value. No agents to deploy, no dependencies. Hardware Appliance • • • • Military grade, hardened device Telecom grade performance FIPS 140-2 certified crypto Hard and soft XML acceleration Virtual Appliance • • • • Pre-installed, hardened RHEL image ESX certified, Amazon, private clouds FIPS 140-2 certified crypto (soft mode) Soft (native) XML acceleration 5 JBoss World 2009 | Francois Lascelles
Slide 6: Policy Studio Policies are created by organizing assertions in logical tree structures. Policies are changed on the fly, without service interruptions. Rich palette, extensible through JAVA API. Design, implementation and deployment in hours, not months or years. Automated, scripted provisioning and management through API. 6 JBoss World 2009 | Francois Lascelles
Slide 7: Message level aware intermediary Delegate common or expensive XML related tasks from your endpoints to your infrastructure. Cut development costs and increase governance by implementing more business logic at infrastructure level. Web Services 7 JBoss World 2009 | Francois Lascelles
Slide 8: How to implement security in the Enterprise SOA? IAM Security implemented in the service endpoints? • Authentication • Authorization • Integrity • Confidentiality • Key management • Threat protection • Non-repudiation • Audit • Less governance • Expensive development task • An obstacle to loose coupling • Resources not used effectively • ESB and WS stacks not appropriate for edge security applications 8 endpoints JBoss World 2009 | Francois Lascelles
Slide 9: Delegating endpoint security XML Gateway enforces security for incoming traffic on behalf of protected services. XML Gateway secures outgoing traffic on behalf of protected services. protected services 9 JBoss World 2009 | Francois Lascelles
Slide 10: Identity Federation, Trust Management • Identity and Access Management interfacing • Runtime access control rules enforcement • LDAP, SUN OpenSSO, Novell AM, Oracle AM, Netegrity, Tivoli, MSAD • STS, SSO • SAML issuing, validation • WS-Trust, SAML-P • WS-SecureConversation • WS Federation • Fined grain trust management 10 JBoss World 2009 | Francois Lascelles
Slide 11: Threat Protection • Network/OS level threats • Message level threats • Consistent security policies for heterogeneous environment Schema poisoning Recursive entity attacks Code injections WSDL fishing Parser attacks … 11 JBoss World 2009 | Francois Lascelles
Slide 12: Service level monitoring, enforcement • Real time contract lookup and enforcement (SLA) • Throughput quotas • Per identity, per operation • Throttling • Protect service endpoints • Monitoring of response times • Custom alert triggers • Custom reporting • Priority routing rules 12 JBoss World 2009 | Francois Lascelles
Slide 13: Loose coupling, late binding Routing based on • remote IP • content • identity, identity attribute • pattern New type of request Last minute binding involving consultation of resource • LDAP • UDDI • database • external WS Who does that? Route message to appropriate endpoint 13 JBoss World 2009 | Francois Lascelles
Slide 14: ESB co-processing JBossESB SecureSpan Infrastructure Service • Accelerated XSLT • Accelerated XSD • Accelerated pattern detection • • 14 WSS Processing SLA Enforcement JBoss World 2009 | Francois Lascelles
Slide 15: Enterprise Service Manager Agent-less WS Management  Enterprise wide view of services  Performance and usage reports  Service and policy migration  Remote gateway start/stop  Custom reports  Remote gateway upgrade, upload modules* 15 JBoss World 2009 | Francois Lascelles
Slide 16: Assisted migration across environments 16 JBoss World 2009 | Francois Lascelles
Slide 17: Enterprise services in the cloud Enterprise subscriber Enterprise deploys own services on cloud provider Monitoring? Msg level security? Quality of service? Reports? Lack of in-house service governance is a barrier to adoption 17 JBoss World 2009 | Francois Lascelles
Slide 18: SecureSpan on public/enterprise cloud 18 JBoss World 2009 | Francois Lascelles
Slide 19: Customer case: air traffic scheduling service provider Runway information fed from airports LHR AMS FRA YYZ Swiss airline Fixed file length proprietary format Hosted service Data agglomeration Repurposed data sent to airlines and outsourced systems EDS flight planner Lufthansa systems •Edge security, threat protection •Trust management •Transformation •Service virtualization 19 JBoss World 2009 | Francois Lascelles
Slide 20: Customer case: insurance cross platform integration Distributed transaction platform JBoss - consumers - providers Centralized transaction platform Mainframe - consumers - providers Office Automation .NET, Office - consumers - providers Enterprise resource planning SAP (XI/PI) - consumers - providers •Central access point to all services •Transport mediation (e.g. http to mq) •WS mediation (e.g. addressing, security) •Identity mapping 20 JBoss World 2009 | Francois Lascelles
Slide 21: Customer case: healthcare electronic exchange … National PKI infrastructure - Health records - Prescriptions - Provider services Hospital and emergency applications 21 • Service virtualization for simulation projects • Complex security validation • SHA256 based signatures • Custom token extensions • Full PKI integration, revocation checking • Sophisticated validation (XSD, Schematron) JBoss World 2009 | Francois Lascelles
Slide 22: Customer case: military CDS NAVY ARMY AIR FORCE Others •Guard pattern •Federation/Trust Management/SAML •Data screening •FIPS 140-2 level 3 compliancy •Common criteria EAL4+ 22 JBoss World 2009 | Francois Lascelles
Slide 23: For more information about SecureSpan: http://www.layer7tech.com 23 JBoss World 2009 | Francois Lascelles

   
Time on Slide Time on Plick
Slides per Visit Slide Views Views by Location