The XACML Enabled Gateway The Entrance to a New SOA Ecosystem
|
|
- Carol Davidson
- 8 years ago
- Views:
Transcription
1 The XACML Enabled Gateway The Entrance to a New SOA Ecosystem White Paper Intel SOA Expressway and Axiomatics Policy Server Solution Intel SOA Expressway and Axiomatics Policy Server combined provide a reference perimeter security, governance, and XACML policy enforcement model for new applications with an ability to retrofit existing infrastructure without intrusion Introduction to the Problem From top of the hype to utter despair SOA has in a few years evolved from representing what was a solution to seemingly every business problem to instead being itself a main business concern. The notion of service orientation most certainly is here to stay but many great expectations have turned into disappointments and sometimes lead to a frustrated prediction that SOA is dead. The primary strength of SOA becomes a weakness if not handled with care: fast, flexible and agile alignment of IT with changing business requirements a promise on which SOA has delivered enables swift realization of new information flows and empowers business process owners and users to leverage new investments for faster ROI. However, poorly managed SOA initiatives create uncoordinated or even incompatible information models for data in transfer and at rest.
2 Table of Contents Introduction Background on the Gateway Externalizing Authorization The ABAC Approach XACML - a Policy Language and a Generic Architecture Intel SOA Expressway with APS Federation and Cross-domain Data Exchange Benefits of Combined Solution Summary
3 Introduction to the Problem (con t) Part of the reason SOA promises could not be realized earlier had to do with overuse of complex multi-layered SOA infrastructure based on Enterprise Service Busses, or ESBs. For example, most of these SOA architectures, required separate components for Identity related functions such as Authentication & Federation, separate one for Workflow processing, another for runtime security enforcement such as encryption, and yet another for handling common Service invocation patterns. It is not that this multi-layered SOA architecture is not required, it is in fact, absolutely essential for business unit level or micro-domain level Service orientation, but overkill and hindrance to agility for Enterprise-wide SOA. So while ESBs are great at core integration and service sharing efforts within sub-domains, there is a need for a more specialized and highly scalable infrastructure to drive SOA at the enterprise levels. The concept of Enterprise Service Router and its realization as Intel SOA Expressway is the essence of the approach: it provides a a layer of technology underneath these micro-domains that provides for scalable and secure access to both services and information by any number of consumers. In other words, a technology that functions like a network router, making sure that the services are available to those who need them, just like packets routed by a switch within a network. In this new SOA re-born era, services can be REST or SOAP based, and they could be in-house, mashed-up, or on a public cloud making Enterprise perimeter somewhat moot. Services typically land on public or private clouds that can be managed as set of infrastructure services themselves. In order to govern, secure, accelerate and route services, an Enterprise Service Router can enforce Service AAA (Authentication, Authorization, Auditing), enable message exchange patterns and related dataflow, and enforce XML Firewall and Quality of Service policies. Policies remain dynamic, based on standards such as WS-Security Policy & WS-Policy, and are executed with minimal latency overhead. The common notion in policies is of Externalization, that is, externalizing attributes that are required to be made available at the Enterprise or Cloud level in order for Service to be truly useful by any consumer. The focus of this paper, of course, is externalization of one of those key attributes for Services, namely, Authorization. White Paper: Intel SOA Expressway and Axiomatics Policy Server Combined SOA has made apparent that the established approach to Identity and Access Management (IAM) fails as infrastructures become increasingly capable of dynamic adaption to changing needs. Who is actually able to gain access to which data, where, when and why? From a Governance, Risk and Compliance Management (GRC) perspective these questions are becoming increasingly important as SOA helps tear down the barriers of old security domains. Whether in egovernment, online banking, B2B services, cloud computing or elaborate sourcing, SOA plays an important part in our move towards global cross-domain connectivity in which fine-grained and contextaware access control has become more important than ever. Established IAM concepts based on centralized identity management with user privileges being provisioned to a presumably fairly static set of applications is simply inadequate in environments where data is streaming to users in mash-ups blending output from multiple services. It is no longer possible from the perspective of a single application or service to foresee in which context data will be presented. As a result, authorization of users cannot be dealt with from within this narrow scope. Instead, authorization decisions need to be based on policies that are derived from and adequately express business rules themselves being subject to constant change rather than the relations of intricate but static business objects within a single application. Rather than provisioning user account data to applications we need to provide applications with real-time services intelligently ruling whether a user s access to specific information in a given context complies with current overall business rules or not. It follows that IT organizations with a portfolio of business-critical service oriented architectures need to enforce policies for SOA governance in general and for authorization in particular.. Combined, Intel SOA Expressway, the best-of-breed XML Security Gateway on the market, and Axiomatics Policy Server, the world s leading XACML implementation, address these new challenges. 3
4 Background on the Gateway Intel SOA Expressway is an efficient service router that combines the capabilities of a service bus with those of a security gateway and an XML acceleration engine. It provides universal SOAP or REST message level security, service virtualization, delegated AAA functions and threat prevention to ensure runtime governance and web services security. For more information about these general capabilities of the Intel SOA Expressway, refer to documentation available on the Intel SOA Soft- Appliance website - The focus of this paper is on the potential offered by the AAA functions of Intel SOA Expressway and specifically the ability to translate an incoming call to an XACML based authorization request. The Intel SOA Expressway can be configured to enforce any necessary authentication and authorization requirements as defined by applicable policies via calls to relevant authentication and authorization services respectively within the domain. SOA Expressway can verify the identity of a user from an incoming request by means of routing the call to the appropriate authentication service as mandated by applicable policies. It can then automate the creation of a SAML ticket and the generation of an XACML authorization request. This request can be configured to include not only relevant user attributes retrieved from authentication or user session parameters but also the necessary attributes of the resource to which access is requested. In other words, the Intel SOA Expressway can be used to implement a versatile XACML Policy Enforcement Point (PEP) placed in front of a domain, thus enforcing fine-grained and context-aware access controls to protect information sources even for already deployed services which natively did not have these capabilities. 4
5 Externalizing Authorization the ABAC Approach With XACML a new generation of authorization architectures is introduced. Attribute-Based Access Control (ABAC) goes beyond Role-Based Access Control (RBAC), the model which in recent years has been the most common approach. RBAC is used to define a relation between a set of users on the one hand and a set of permissions on the other hand. The overall objective has been to simplify user administration by means of categorizing and grouping individuals with similar profiles. Adding permissions to a role implicitly means granting these permissions to all users assigned to that role. Adding users to a role means granting all role permissions to these users. This concept is well aligned with needs emerging out of conventional IAM solutions. Once user administration has been centralized, the administrative burden of mapping many privileges to many users becomes quite overwhelming and the role concept then appears as an attractive simplification. ABAC, in contrast, does not focus on the grouping of users but goes beyond. It is based on the conclusion that any semantically meaningful and syntactically correct statement about an access request includes four essential building blocks: a subject or user, an action, a resource and the environment in which access is requested as illustrated by the table below: White Paper: Intel SOA Expressway and Axiomatics Policy Server Combined Each of these four parts can be described using attributes derived from business processes which in turn establish the context of business rules governing access. Let us for instance think of how access control may have to be enforced in an R&D environment in a project oriented organization. Essential documentation relates to a specific Project ID and Product ID respectively and the group of authorized users must be limited to those with a relation to the project/product. In heavily regulated industries, access control may have to take more or less elaborate data classification schemes into consideration as well as mandated by applicable external compliance regimes. Change management processes set gates with clearly defined conditions for read and/or read-write access to specifications and development plans once frozen a specification or plan can no longer be altered. Business rules may thus establish that only the project lead or program manager can update specifications whereas all project members should be granted read access. If information about the product due to external regulations is classified, further restrictions may need to be imposed as well; the nationality, certification, competence or clearance level of the user may have to be considered. Furthermore, access should perhaps be restricted to normal working hours and the physical premises of the plant. Access rule can thus be expressed using a number of attributes derived from a related business process: 5
6 if the user s project membership is the same as the project ID of the information object requested then permit else deny if the product classification is less than 3 and the user s clearance level is 2 or higher then permit else deny if the action is check-in and the data type is specification or project plan and the user role is project lead or program manager then permit else deny if the action is check-in and the data type is specification or project plan and the project state is not frozen then permit else deny If the user s location can be verified as within premises based on IP-address or perhaps based on a time stamp from a physical card entrance system then permit else deny Etc. An attempt to handle access rules of this type using an RBAC model typically leads to role explosion, especially when dynamically changing conditions need to be considered such as project state, time of day or location. XACML - a Policy Language and a Generic Architecture The extendable Access Control Markup Language, XACML, defines a formal syntax for the definition of access policies and a format for a request/response protocol for access requests. It is a well-defined standard with broad recognition in the industry, authored and maintained by the OASIS XACML Technical Committee. It is therefore the obvious choice for an implementation of Attribute-Based Access Control (ABAC). But XACML is not only a standard for access control based on policies. It also implicitly suggests a generic architecture as illustrated below: 6
7 The Policy Decision Point (PDP) is a centralized instance that takes on the crucial task of comparing an XACML access request with existing XACML policy definitions to resolve the request with a permit or deny answer. The PDP and the related Policy Administration Point (PAP) are components used to implement centralized authorization management. The PEP, in contrast, enforces authorization decisions made by the PDP locally within or in front of the application or service which it protects. The Axiomatic Policy Server is a pure XACML 2.0 and 3.0 implementation for complete policy life-cycle management. It comes with a patent pending technique for policy synchronization in multi-pdp deployments and a PAP with advanced policy modeling and debugging features. These are the components combined with the PEP of the Intel SOA Expressway in the conceptual solution presented here. Intel SOA Expressway with APS The strength of XACML is fairly obvious and the need for externalization is becoming broadly recognized. However, while it may be an obvious choice for new service deployments, incorporating existing infrastructures into the domain of an XACML PDP may be more of a challenge. This is where the combination of the Axiomatics Policy Server with the Intel SOA Expressway offers a strong value proposition. With the SOA Expressway, already deployed SOA domains can be incorporated into a domain of XACML controlled policy based access control. SOA governance policies of the SOA Expressway can even mandate attribute gathering beyond what is given by the initial request. If attributes of the user in addition to what is known from authentication or session parameters need to be considered the SOA Expressway can gather such information from a related LDAP source. If resource classification or other meta-data about the request must be gathered, the SOA Expressway can be configured to do separate queries to application servers within the domain. The combination of Intel SOA Expressway and Axiomatics Policy Server thereby introduces an extremely flexible protective shield with which already deployed as well as new services can be made subject to an organization s established policy governance. In the conceptual solution illustrated below, the SOA Gateway gathers user and resource attributes in accordance with the OASIS XACML.3.0 Export Compliance profile, Version 1.0, before sending an XACML request to the Axiomatics Policy Server. A use case of this type could for instance be relevant in environments similar to the R&D example discussed above. 7
8 Federation and Cross-domain Data Exchange A scenario like the one above becomes even more compelling in environments where multiple security domains may need to exchange information. Since the Axiomatics Policy Server fully implements and supports the new XACML 3.0 notion of Delegation, federation of administrative policy management privileges can be supported across security domains. A provider of services could for instance delegate administrative privileges for a defined subset of users or resources to the policy administrator of a client.. Benefits of Combined Solution The value proposition of these two products combined can thus be summarized: XML Gateway and XACML Authorization combined: SOA governance and XACML Policy enforcement for web service security provided through SOA Governance and XML firewall features of the Intel SOA Expressway are combined with the Axiomatics Policy Server s attribute-based authorization. Different types of vital security and operational / performance related policies can thus be enforced from a central point. Performance and security gains: The XML acceleration capabilities of the SOA Expressway help combine performance gains with essential information security improvement governance. Non-intrusive GRC enforcement retrofitted: Attribute-based Access Control capabilities can be retrofitted to include already deployed services in a non-intrusive way. Cost-reduction for deployments: The time and efforts needed to deploy new services can be dramatically reduced for new services deployment. 8
9 Where to find out more Intel Contact us by . About SOA Expressway SOA Expressway is a soft-appliance deployed to address common XML and SOA problem areas such as acceleration, security, service mediation and service governance. SOA Expressway is available for any organization deploying services (SOA), hosted services (SaaS) or Web 2.0 (RIA). SOA Expressway is available for standard operating systems such as Windows* and Linux* and requires no special custom hardware other than standard OEM servers. For more product information: For more comparison information and to register for Webinars: Contact us by phone Americas UK and Ireland: 44 (0) All other Geographies: White Paper: Intel SOA Expressway and Axiomatics Policy Server Combined Axiomatics Contact us by . info@axiomatics.com sales_emea@axiomatics.com sales_us@axiomatics.com About Axiomatics Policy Server Axiomatics Policy Server implements the complete XACML 2.0 and 3.0 specifications consistently which means it not only handles XACML request/response but also maintains its policy store according to the XACML specification. This way the Axiomatics Policy Server supports policy exchange through export/import for optimized interoperability. Axiomatics Policy Server comes with a versatile Policy Administration GUI with built in modeling and debugging tools in addition to a complete set of policy life-cycle management features. A patent pending technique can be used for policy distribution in multi-pdp environments allowing subsets of a policy store to be replicated in real-time to related PDPs. For more product information: For more comparison information and to register for an Evaluation Download: Contact us by phone All Geographies: +46 (0) Performance tests and ratings are measured using specifi c computer systems and/or components and refl ect the approximate performance of Intel products as measured by those tests. Any difference in system hardware or software design or confi guration may affect actual performance. Buyers should consult other sources of information to evaluate the performance of systems or components they are considering purchasing. For more information on performance tests and on the performance of Intel products, visit Dates and plans are preliminary and subject to change without notice Intel may make changes to specifi cations, release dates and product descriptions at any time, without notice. For processors with HT Technology, performance and functionality will vary depending on (i) the specifi c hardware and software you use and (ii) the feature enabling/system confi guration by your system vendor. See for information on HT Technology or consult your system vendor for more information. For more information go to: Intel Corporation. Intel, Intel logo, Intel Inside logo, and Core are trademarks or registered trademarks of Intel Corporation, or its subsidiaries in the United States and other countries. * Other names and brands may be claimed as the property of others. Printed in USA Please Recycle SOAE-XACML White Paper 9
An Open Policy Framework for Cross-vendor Integrated Governance
An Open Policy Framework for Cross-vendor Integrated Governance White Paper Intel SOA Expressway An Open Policy Framework for Cross-vendor Integrated Governance Intel SOA Expressway delivers a pluggable
More informationWhite Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution
White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution Federation and Attribute Based Access Control Page 2 Realization of the IAM (R)evolution Executive Summary Many organizations
More informationWhite Paper The Identity & Access Management (R)evolution
White Paper The Identity & Access Management (R)evolution Federation and Attribute Based Access Control Page 2 A New Perspective on Identity & Access Management Executive Summary Identity & Access Management
More informationIdentity, Privacy, and Data Protection in the Cloud XACML. David Brossard Product Manager, Axiomatics
Identity, Privacy, and Data Protection in the Cloud XACML David Brossard Product Manager, Axiomatics 1 What you will learn The issue with authorization in the cloud Quick background on XACML 3 strategies
More informationService management White paper. Manage access control effectively across the enterprise with IBM solutions.
Service management White paper Manage access control effectively across the enterprise with IBM solutions. July 2008 2 Contents 2 Overview 2 Understand today s requirements for developing effective access
More informationXACML and Access Management. A Business Case for Fine-Grained Authorization and Centralized Policy Management
A Business Case for Fine-Grained Authorization and Centralized Policy Management Dissolving Infrastructures A recent Roundtable with CIOs from a dozen multinational companies concurred that Identity &
More informationOPENIAM ACCESS MANAGER. Web Access Management made Easy
OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access
More informationCreating a Strong Security Infrastructure for Exposing JBoss Services
Creating a Strong Security Infrastructure for Exposing JBoss Services JBoss Enterprise SOA Platform Service Clients Service Gateway Enterprise Services Blake Dournaee, Product Management, Intel SOA Products
More informationEntitlements Access Management for Software Developers
Entitlements Access Management for Software Developers Market Environment The use of fine grained entitlements and obligations control for access to sensitive information and services in software applications
More informationCHAPTER - 3 WEB APPLICATION AND SECURITY
CHAPTER - 3 WEB APPLICATION AND SECURITY 3.1 Introduction Web application or Wepapp is the general term that is normally used to refer to all distributed web-based applications. According to the more technical
More informationProvide access control with innovative solutions from IBM.
Security solutions To support your IT objectives Provide access control with innovative solutions from IBM. Highlights Help protect assets and information from unauthorized access and improve business
More informationAn Enterprise Architect s Guide to API Integration for ESB and SOA
An Enterprise Architect s Guide to API Integration for ESB and SOA The New Digital Imperative While some are still adjusting to the idea, you re well aware that we re living in an application economy.
More informationHow can Identity and Access Management help me to improve compliance and drive business performance?
SOLUTION BRIEF: IDENTITY AND ACCESS MANAGEMENT (IAM) How can Identity and Access Management help me to improve compliance and drive business performance? CA Identity and Access Management automates the
More informationObserveIT User Activity Monitoring
KuppingerCole Report EXECUTIVE VIEW by Martin Kuppinger April 2015 ObserveIT provides a comprehensive solution for monitoring user activity across the enterprise. The product operates primarily based on
More informationConsiderations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.
Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet
More informationSentinet for BizTalk Server SENTINET
Sentinet for BizTalk Server SENTINET Sentinet for BizTalk Server 1 Contents Introduction... 2 Sentinet Benefits... 3 SOA and APIs Repository... 4 Security... 4 Mediation and Virtualization... 5 Authentication
More informationRealizing business flexibility through integrated SOA policy management.
SOA policy management White paper April 2009 Realizing business flexibility through integrated How integrated management supports business flexibility, consistency and accountability John Falkl, distinguished
More informationService Virtualization: Managing Change in a Service-Oriented Architecture
Service Virtualization: Managing Change in a Service-Oriented Architecture Abstract Load balancers, name servers (for example, Domain Name System [DNS]), and stock brokerage services are examples of virtual
More informationIBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems
IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems Proactively address regulatory compliance requirements and protect sensitive data in real time Highlights Monitor and audit data activity
More informationAccelerate your SOA Projects through Service Simulation
Accelerate your SOA Projects through Service Simulation Overview Modern web services-based Service Oriented Architecture (SOA) enables service consumers and producers to exchange messages over ubiquitous
More informationTECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management
TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management Table of Contents Executive Summary 1 SECTION 1: CHALLENGE 2 The Need for
More informationSentinet for BizTalk Server SENTINET 3.1
for BizTalk Server SENTINET 3.1 for BizTalk Server 1 Contents Introduction... 2 SOA and APIs Repository... 3 Security... 3 Mediation and Virtualization... 3 Authentication and Authorization... 4 Monitoring,
More informationWhite Paper: Security and Agility in the API Economy. Optimizing and securing your APIs with ViewDS Identity Solutions and Layer 7
White Paper: Security and Agility in the API Economy Optimizing and securing your APIs with ViewDS Identity Solutions and Layer 7 Security and Agility in the API Economy The API Economy is more than the
More informationThe Top 5 Federated Single Sign-On Scenarios
The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3
More informationTHE QUEST FOR A CLOUD INTEGRATION STRATEGY
THE QUEST FOR A CLOUD INTEGRATION STRATEGY ENTERPRISE INTEGRATION Historically, enterprise-wide integration and its countless business benefits have only been available to large companies due to the high
More informationPolicy Management: The Avenda Approach To An Essential Network Service
End-to-End Trust and Identity Platform White Paper Policy Management: The Avenda Approach To An Essential Network Service http://www.avendasys.com email: info@avendasys.com email: sales@avendasys.com Avenda
More informationData as a Service Virtualization with Enzo Unified
Data as a Service Virtualization with Enzo Unified White Paper by Blue Syntax Abstract: This white paper explains how companies can benefit from a Data as a Service virtualization layer and build a data
More informationAPI Management: Powered by SOA Software Dedicated Cloud
Software Dedicated Cloud The Challenge Smartphones, mobility and the IoT are changing the way users consume digital information. They re changing the expectations and experience of customers interacting
More informationChoose an IBM WebSphere Application Server configuration to suit your business needs
IBM is the industry s market leading foundation for building, deploying, reusing, integrating and managing applications and services Choose an IBM configuration to suit your business needs Highlights Unparalleled
More informationWindows Least Privilege Management and Beyond
CENTRIFY WHITE PAPER Windows Least Privilege Management and Beyond Abstract Devising an enterprise-wide privilege access scheme for Windows systems is complex (for example, each Window system object has
More informationAn Oracle White Paper October 2013. Maximize the Benefits of Oracle SOA Suite 11g with Oracle Service Bus
An Oracle White Paper October 2013 Maximize the Benefits of Oracle SOA Suite 11g with Oracle Service Bus Maximize the Benefits of Oracle SOA Suite 11g with Oracle Service Bus Table of Contents Introduction...
More informationDevelopers Integration Lab (DIL) System Architecture, Version 1.0
Developers Integration Lab (DIL) System Architecture, Version 1.0 11/13/2012 Document Change History Version Date Items Changed Since Previous Version Changed By 0.1 10/01/2011 Outline Laura Edens 0.2
More informationSOA and API Management
SOA and API Management Leveraging Your Investment in Service Orientation Version 1.0 December 2013 John Falkl General Manager, Technology, Strategy & Integration Haddon Hill Group, Inc. Contents Introduction...
More informationSoLuTIoN guide. CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork
SoLuTIoN guide CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork Contents BENEfITS of ThE CLoud-rEAdy data CENTEr NETWork............................3 getting ready......................................................................3
More informationJBoss enterprise soa platform
JBoss enterprise soa platform What is it? The JBoss Enterprise SOA Platform includes serviceoriented architecture (SOA) open source middleware such as JBoss Enterprise Service Bus (ESB), JBoss jbpm, JBoss
More informationEnhance visibility into and control over software projects IBM Rational change and release management software
Enhance visibility into and control over software projects IBM Rational change and release management software Accelerating the software delivery lifecycle Faster delivery of high-quality software Software
More informationA Quick Introduction to SOA
Software Engineering Competence Center TUTORIAL A Quick Introduction to SOA Mahmoud Mohamed AbdAllah Senior R&D Engineer-SECC mmabdallah@itida.gov.eg Waseim Hashem Mahjoub Senior R&D Engineer-SECC Copyright
More informationTesting Challenges for Modern Networks Built Using SDN and OpenFlow
Using SDN and OpenFlow July 2013 Rev. A 07/13 SPIRENT 1325 Borregas Avenue Sunnyvale, CA 94089 USA Email: Web: sales@spirent.com www.spirent.com AMERICAS 1-800-SPIRENT +1-818-676-2683 sales@spirent.com
More informationwhitepaper The Evolutionary Steps to Master Data Management
The Evolutionary Steps to Master Data Management Table of Contents 3 Introduction 4 Step 1: Implement a Foundational Service Layer 6 Step 2: Choose a style 11 Summary The Evolutionary Steps to Master Data
More informationElectronic Health Network - Case Study Consent2Share Share with Confidence
Electronic Health Network - Case Study Consent2Share Share with Confidence Jan 2015 About Consent2Share Complying with privacy regulations in an electronic environment is a very complex process. The Consent2Share
More informationIntroduction to Service-Oriented Architecture for Business Analysts
Introduction to Service-Oriented Architecture for Business Analysts This course will provide each participant with a high-level comprehensive overview of the Service- Oriented Architecture (SOA), emphasizing
More informationRadware ADC-VX Solution. The Agility of Virtual; The Predictability of Physical
Radware ADC-VX Solution The Agility of Virtual; The Predictability of Physical Table of Contents General... 3 Virtualization and consolidation trends in the data centers... 3 How virtualization and consolidation
More informationCloud Service Brokerage Case Study. Health Insurance Association Launches a Security and Integration Cloud Service Brokerage
Cloud Service Brokerage Case Study Health Insurance Association Launches a Security and Integration Cloud Service Brokerage Cloud Service Brokerage Case Study Health Insurance Association Launches a Security
More informationFive best practices for deploying a successful service-oriented architecture
IBM Global Services April 2008 Five best practices for deploying a successful service-oriented architecture Leveraging lessons learned from the IBM Academy of Technology Executive Summary Today s innovative
More informationCisco and Citrix Solution
Cisco and Citrix Solution Build Application-Centric Data Centers with Application Delivery Controllers 2014 Cisco Citrix. All rights reserved. Page 1 What You Will Learn Cisco Application Centric Infrastructure
More informationHow To Build An Open Cloud
Why the future of the cloud is open Gordon Haff EXECUTIVE SUMMARY Choosing how to build a hybrid cloud is perhaps the most strategic decision IT leaders will make this decade. It s a choice that will determine
More informationConsolidated security management for mainframe clouds
Security Thought Leadership White Paper February 2012 Consolidated security management for mainframe clouds Leveraging the mainframe as a security hub for cloud-computing environments 2 Consolidated security
More informationInformation Technology Policy
Information Technology Policy Security Information and Event Management Policy ITP Number Effective Date ITP-SEC021 October 10, 2006 Category Supersedes Recommended Policy Contact Scheduled Review RA-ITCentral@pa.gov
More informationFederal Enterprise Architecture and Service-Oriented Architecture
Federal Enterprise Architecture and Service-Oriented Architecture Concepts and Synergies Melvin Greer Chief Strategist, SOA / Cloud Computing Certified Enterprise Architect Copyright August 19, 2010 2010
More informationImprove business agility with WebSphere Message Broker
Improve business agility with Message Broker Enhance flexibility and connectivity while controlling costs and increasing customer satisfaction Highlights Leverage business insight by dynamically enriching
More informationSetting Up an AS4 System
INT0697_150625 Setting up an AS4 system V1r0 1 Setting Up an AS4 System 2 Version 1r0 ENTSOG AISBL; Av. de Cortenbergh 100, 1000-Brussels; Tel: +32 2 894 5100; Fax: +32 2 894 5101; info@entsog.eu, www.entsog.eu,
More informationNetwork Services in the SDN Data Center
Network Services in the SDN Center SDN as a Network Service Enablement Platform Whitepaper SHARE THIS WHITEPAPER Executive Summary While interest about OpenFlow and SDN has increased throughout the tech
More informationA Model for Access Control Management in Distributed Networks
A Model for Access Control Management in Distributed Networks Master of Science Thesis Azadeh Bararsani Supervisor/Examiner: Dr. Johan Montelius Royal Institute of Technology (KTH), Stockholm, Sweden,
More informationWhy Choose Integrated VPN/Firewall Solutions over Stand-alone VPNs
Why Choose Integrated VPN/Firewall Solutions over Stand-alone VPNs P/N 500205 July 2000 Check Point Software Technologies Ltd. In this Document: Introduction Page 1 Integrated VPN/firewall Page 2 placed
More informationHow service-oriented architecture (SOA) impacts your IT infrastructure
IBM Global Technology Services January 2008 How service-oriented architecture (SOA) impacts your IT infrastructure Satisfying the demands of dynamic business processes Page No.2 Contents 2 Introduction
More informationIBM WebSphere application integration software: A faster way to respond to new business-driven opportunities.
Application integration solutions To support your IT objectives IBM WebSphere application integration software: A faster way to respond to new business-driven opportunities. Market conditions and business
More informationHow To Reduce Pci Dss Scope
WHITE PAPER Intel Expressway Tokenization Broker PCI DSS Reducing PCI DSS Scope: The Gateway Approach Challenge: Payment applications that handle credit card numbers pull connected systems into PCI DSS
More informationMaximize strategic flexibility by building an open hybrid cloud Gordon Haff
red hat open hybrid cloud Whitepaper Maximize strategic flexibility by building an open hybrid cloud Gordon Haff EXECUTIVE SUMMARY Choosing how to build a cloud is perhaps the biggest strategic decision
More informationOvercoming Security Challenges to Virtualize Internet-facing Applications
Intel IT IT Best Practices Cloud Security and Secure ization November 2011 Overcoming Security Challenges to ize Internet-facing Applications Executive Overview To enable virtualization of Internet-facing
More informationSecure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact
Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact Robert C. Broeckelmann Jr., Enterprise Middleware Architect Ryan Triplett, Middleware Security Architect Requirements
More informationSecuring the Intelligent Network
WHITE PAPER Securing the Intelligent Network Securing the Intelligent Network New Threats Demand New Strategies The network is the door to your organization for both legitimate users and would-be attackers.
More informationIntroduction to UDDI: Important Features and Functional Concepts
: October 2004 Organization for the Advancement of Structured Information Standards www.oasis-open.org TABLE OF CONTENTS OVERVIEW... 4 TYPICAL APPLICATIONS OF A UDDI REGISTRY... 4 A BRIEF HISTORY OF UDDI...
More informationTable of Contents. 1 Executive Summary... 2 2. SOA Overview... 3 2.1 Technology... 4 2.2 Processes and Governance... 8
Table of Contents 1 Executive Summary... 2 2. SOA Overview... 3 2.1 Technology... 4 2.2 Processes and Governance... 8 3 SOA in Verizon The IT Workbench Platform... 10 3.1 Technology... 10 3.2 Processes
More informationAccenture Public Service Platform Taking SOA from the Whiteboard to the Data Center and Beyond
Accenture Public Service Platform Taking SOA from the Whiteboard to the Data Center and Beyond Technology Challenges Are Daunting Today s information technology executives are tackling increasingly complex
More informationA Comprehensive Solution for API Management
An Oracle White Paper March 2015 A Comprehensive Solution for API Management Executive Summary... 3 What is API Management?... 4 Defining an API Management Strategy... 5 API Management Solutions from Oracle...
More informationHow To Build A Financial Messaging And Enterprise Service Bus (Esb)
Simplifying SWIFT Connectivity Introduction to Financial Messaging Services Bus A White Paper by Microsoft and SAGA Version 1.0 August 2009 Applies to: Financial Services Architecture BizTalk Server BizTalk
More informationFederated Identity and Single Sign-On using CA API Gateway
WHITE PAPER DECEMBER 2014 Federated Identity and Single Sign-On using Federation for websites, Web services, APIs and the Cloud K. Scott Morrison VP Engineering and Chief Architect 2 WHITE PAPER: FEDERATED
More informationCisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments
Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments What You Will Learn Deploying network services in virtual data centers is extremely challenging. Traditionally, such Layer
More informationAPI-Security Gateway Dirk Krafzig
API-Security Gateway Dirk Krafzig Intro Digital transformation accelerates application integration needs Dramatically increasing number of integration points Speed Security Industrial robustness Increasing
More informationSecuring Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption
THE DATA PROTECTIO TIO N COMPANY Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption whitepaper Executive Summary Long an important security measure, encryption has
More informationThis research note is restricted to the personal use of christine_tolman@byu.edu
Burton IT1 Research G00234483 Identity Management Published: 9 July 2012 Analyst(s): Ian Glazer, Bob Blakley Identity management (IdM) has become a distinct aggregation of functions for the maintenance
More informationWhat is it? What does it do? Benefits
JBoss Enterprise SOA Platform What is it? The JBoss Enterprise SOA Platform includes serviceoriented architecture (SOA) open source middleware such as JBoss Enterprise Service Bus (ESB), JBoss jbpm, JBoss
More informationWeb Applications Access Control Single Sign On
Web Applications Access Control Single Sign On Anitha Chepuru, Assocaite Professor IT Dept, G.Narayanamma Institute of Technology and Science (for women), Shaikpet, Hyderabad - 500008, Andhra Pradesh,
More informationAPI Architecture. for the Data Interoperability at OSU initiative
API Architecture for the Data Interoperability at OSU initiative Introduction Principles and Standards OSU s current approach to data interoperability consists of low level access and custom data models
More informationHow OpenFlow -Based SDN Transforms Private Cloud. ONF Solution Brief November 27, 2012
How OpenFlow -Based SDN Transforms Private Cloud ONF Solution Brief November 27, 2012 Table of Contents 2 Executive Summary 2 Trends in the Private Cloud 3 Network Limitations and Requirements 4 OpenFlow-Based
More informationIntel SOA Expressway Performance Comparison to IBM * DataPower XI50
Intel SOA Expressway Performance Comparison to Intel SOA Expressway easily outperforms IBM * DataPower XI50 for real-world workloads at a fraction of the cost. White Paper Intel SOA Expressway Performance
More informationIBM. How can we support the requirement of creating dynamic, flexible and cost effective solution in the IAM area?
IBM How can we support the requirement of creating dynamic, flexible and cost effective solution in the IAM area? Sven-Erik Vestergaard Nordic Security Architect IBM Software group svest@dk.ibm.com Security
More informationnwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.
CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such
More informationSecure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities
Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Sean Barnum sbarnum@mitre.org September 2011 Overview What is SCAP? Why SCAP?
More informationJOURNAL OF OBJECT TECHNOLOGY
JOURNAL OF OBJECT TECHNOLOGY Online at www.jot.fm. Published by ETH Zurich, Chair of Software Engineering JOT, 2008 Vol. 7 No. 7, September-October 2008 Applications At Your Service Mahesh H. Dodani, IBM,
More informationJOURNAL OF OBJECT TECHNOLOGY
JOURNAL OF OBJECT TECHNOLOGY Online at www.jot.fm. Published by ETH Zurich, Chair of Software Engineering JOT, 2008 Vol. 7, No. 8, November-December 2008 What s Your Information Agenda? Mahesh H. Dodani,
More informationService-Oriented Architecture: Analysis, the Keys to Success!
Service-Oriented Architecture: Analysis, the Keys to Success! Presented by: William F. Nazzaro CTO, Inc. bill@iconatg.com www.iconatg.com Introduction Service-Oriented Architecture is hot, but we seem
More informationHubspan White Paper: Beyond Traditional EDI
March 2010 Hubspan White Paper: Why Traditional EDI no longer meets today s business or IT needs, and why companies need to look at broader business integration Table of Contents Page 2 Page 2 Page 3 Page
More informationhow can I deliver better services to my customers and grow revenue?
SOLUTION BRIEF CA Wily Application Performance Management May 2010 how can I deliver better services to my customers and grow revenue? we can With the right solution, you can be certain that you are providing
More informationVMware vcloud Networking and Security Overview
VMware vcloud Networking and Security Overview Networks and Security for Virtualized Compute Environments WHITE PAPER Overview Organizations worldwide have gained significant efficiency and flexibility
More informationA ROAD MAP FOR GEOSPATIAL INFORMATION SYSTEM APPLICATIONS ON VBLOCK INFRASTRUCTURE PLATFORMS
A ROAD MAP FOR GEOSPATIAL INFORMATION SYSTEM APPLICATIONS ON VBLOCK INFRASTRUCTURE PLATFORMS June 2011 WHITE PAPER 2011 VCE Company LLC, All rights reserved. 1 Table of Contents Executive Overview... 3
More informationMaking a Case for Including WAN Optimization in your Global SharePoint Deployment
Making a Case for Including WAN Optimization in your Global SharePoint Deployment Written by: Mauro Cardarelli Mauro Cardarelli is co-author of "Essential SharePoint 2007 -Delivering High Impact Collaboration"
More informationRemote Management Services Portfolio Overview
Enterprise environments today have various technologies and concerns in their network environment; from telephony, Internet, video, compute, and infrastructure, to regulatory and security management. On
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More informationSelect the right configuration management database to establish a platform for effective service management.
Service management solutions Buyer s guide: purchasing criteria Select the right configuration management database to establish a platform for effective service management. All business activities rely
More informationWebSphere Integration Solutions. IBM Day Minsk 2014. Anton Litvinov WebSphere Connectivity Professional Central Eastern Europe
WebSphere Integration Solutions IBM Day Minsk 2014 Ann Litvinov WebSphere Connectivity Professional Central Eastern Europe 1 Agenda 1 Understand vision for ESB capabilities 2 Understand DataPower Basics
More informationOpenHRE Security Architecture. (DRAFT v0.5)
OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2
More informationAttribute-Based Access Control Solutions: Federating Authoritative User Data to Support Relying Party Authorization Decisions and Requirements
Joint White Paper: Attribute-Based Access Control Solutions: Federating Authoritative User Data to Support Relying Party Authorization Decisions and Requirements Submitted Date: April 10, 2013 Submitted
More information<Insert Picture Here> Integrating your On-Premise Applications with Cloud Applications
Integrating your On-Premise Applications with Cloud Applications Agenda Hybrid IT Infrastructure An Emerging Trend A New Set of Challenges The Five Keys to Overcoming the Challenges
More informationTotal Protection for Compliance: Unified IT Policy Auditing
Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.
More informationEvent based Enterprise Service Bus (ESB)
Event based Enterprise Service Bus (ESB) By: Kasun Indrasiri 128213m Supervised By: Dr. Srinath Perera Dr. Sanjiva Weerawarna Abstract With the increasing adaptation of Service Oriented Architecture for
More informationIBM Tivoli Federated Identity Manager
IBM Tivoli Federated Identity Manager Employ user-centric federated access management to enable secure online business collaboration Highlights Enhance business-to-business and business-to-consumer collaborations
More informationImplementing Software- Defined Security with CloudPassage Halo
WHITE PAPER Implementing Software- Defined Security with CloudPassage Halo Introduction... 2 Implementing Software-Defined Security w/cloudpassage Halo... 3 Abstraction... 3 Automation... 4 Orchestration...
More informationsolution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?
solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service? provides identity and access management capabilities as a hosted cloud service. This allows you to quickly
More informationA Conceptual Technique for Modelling Security as a Service in Service Oriented Distributed Systems
Volume 1, Number 2, December 2014 JOURNAL OF COMPUTER SCIENCE AND SOFTWARE APPLICATION A Conceptual Technique for Modelling Security as a Service in Service Oriented Distributed Systems Satish Kumar*,
More information