Creating a Strong Security Infrastructure for Exposing JBoss Services



Similar documents
Meet the Cloud API The New Enterprise Control Point

JBOSS ENTERPRISE SOA PLATFORM AND JBOSS ENTERPRISE DATA SERVICES PLATFORM VALUE PROPOSITION AND DIFFERENTIATION

Core Feature Comparison between. XML / SOA Gateways. and. Web Application Firewalls. Jason Macy jmacy@forumsys.com CTO, Forum Systems

An Open Policy Framework for Cross-vendor Integrated Governance

How To Reduce Pci Dss Scope

An Oracle White Paper Dec Oracle Access Management Security Token Service

2013 AWS Worldwide Public Sector Summit Washington, D.C.

JBoss Enterprise SOA Platform Simple. Open. Affordable. Pierre Fricke, Director Product Line Mgmt. February 14, 2008

Ensuring the Security of Your Company s Data & Identities. a best practices guide

Using Layer 7 s API Gateway for vcloud Architectures How to achieve abstraction, security and management of vcloud APIs.

IBM API Management Overview IBM Corporation

AquaLogic Service Bus

WebSphere Integration Solutions. IBM Day Minsk Anton Litvinov WebSphere Connectivity Professional Central Eastern Europe

Secure Cloud Computing

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access

Cisco AON Secure File Transfer Extension Module

Managed File Transfer

Integration in Action using JBoss Middleware. Ashokraj Natarajan - Cognizant

APIs The Next Hacker Target Or a Business and Security Opportunity?

Sentinet for BizTalk Server SENTINET

API Management: Powered by SOA Software Dedicated Cloud

The bridge to delivering digital applications across cloud, mobile and partner channels

<Insert Picture Here> Oracle Web Services Manager (WSM)

Managing SOA Security and Operations with SecureSpan

An Enterprise Architect s Guide to API Integration for ESB and SOA

Sentinet for Windows Azure SENTINET

Enterprise Access Control Patterns For REST and Web APIs

Apigee Gateway Specifications

Sentinet for BizTalk Server SENTINET 3.1

Redbook Overview Patterns: SOA Design with WebSphere Message Broker and WebSphere ESB

WELCOME TO Open Source Enterprise Architecture

DISA Cloud: RACE (IaaS) and Platform as a Service (PaaS)

The XACML Enabled Gateway The Entrance to a New SOA Ecosystem

API Architecture. for the Data Interoperability at OSU initiative

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper

API-Security Gateway Dirk Krafzig

CA SOA Security Manager

Contents. Overview 1 SENTINET

Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact

Basic & Advanced Administration for Citrix NetScaler 9.2

A Comprehensive Solution for API Management

Presented by Philippe Bogaerts Senior Field Systems Engineer Securing application delivery in the cloud

An Architecture to Deliver a Healthcare Dial-tone

Mobile Identity and Edge Security Forum Sentry Security Gateway. Jason Macy CTO, Forum Systems

Oracle Reference Architecture and Oracle Cloud

Red Hat JBoss Overview Intelligent Integrated Enterprise!!!! Blaine Mincey Sr. Middleware Solutions Architect

ORACLE MOBILE SUITE. Complete Mobile Development Solution. Cross Device Solution. Shared Services Infrastructure for Mobility

Join the Lean Wave. Asanka Abeysinghe Director, Solutions Architecture. WSO2, Inc. Friday, July 22, 11

Table of Contents. 1 Executive Summary SOA Overview Technology Processes and Governance... 8

JBoss enterprise soa platform

New Features in Neuron ESB 2.6

Jitterbit Technical Overview : Microsoft Dynamics CRM

Address Interoperability Challenges in Healthcare with Dell Boomi

DataPower SOA Appliances Simplify, Secure, and Accelerate SOA

Integrated Systems & Solutions. Some Performance and Security Findings Relative to a SOA Ground Implementation. March 28, John Hohwald.

Cloud Service Brokerage Case Study. Health Insurance Association Launches a Security and Integration Cloud Service Brokerage

WEB APPLICATION FIREWALLS: DO WE NEED THEM?

Securing Web Services From Encryption to a Web Service Security Infrastructure

Infrastructure for more security and flexibility to deliver the Next-Generation Data Center

Securely Managing and Exposing Web Services & Applications

Qualogy M. Schildmeijer. Whitepaper Oracle Exalogic FMW Optimization

Apigee Edge API Services Manage, scale, secure, and build APIs and apps

RED HAT JBOSS FUSE. An open source enterprise service bus

CS 356 Lecture 28 Internet Authentication. Spring 2013

Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant

How To Protect A Web Application From Attack From A Trusted Environment

managing SSO with shared credentials

STRATEGIES FOR SUCCESS IN THE CLOUD THE FIVE KEYS TO EXCEPTIONAL BUISINESS IMPACT

Imperva s Response to Information Supplement to PCI DSS Requirement Section 6.6

DMZ Network Visibility with Wireshark June 15, 2010

Tivoli Access Manager for e-business FP4 with Tivoli Federated Identity Manager FP2 Security Target

This presentation covers virtual application shared services supplied with IBM Workload Deployer version 3.1.

Remote Voting Conference

IBM EXAM QUESTIONS & ANSWERS

IBM WebSphere application integration software: A faster way to respond to new business-driven opportunities.

Cloud Deployment Models

Build A private PaaS.

Effective End-to-End Cloud Security

Advanced Administration for Citrix NetScaler 9.0 Platinum Edition

> > Building Mobile Ready Back- ends & Secure APIs. Blake Dournaee, Product Manager, Intel Data Center So6ware Division API. Service/API Gateway

Mitra Innovation Leverages WSO2's Open Source Middleware to Build BIM Exchange Platform

T-SYSTEMS Cloud STORY

the smarter way to manage enterprise APIs for SYSPRO ebook

IBM WebSphere DataPower

More than just Layer 2-7 Load Balancing Citrix NetScaler & CloudGateway

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

Reaching Customers Across Multiple Channels

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

Transcription:

Creating a Strong Security Infrastructure for Exposing JBoss Services JBoss Enterprise SOA Platform Service Clients Service Gateway Enterprise Services Blake Dournaee, Product Management, Intel SOA Products Group 1

Enterprise Services Today Real World IT Assets are Mixed-environment Acquisitions New business initiatives Cloud initiatives EDI Partner A SOAP Partner B Enterprise Service Requirements Cross-Domain Services Platform agnostic - multiple vendors Interaction agnostic multiple interfaces Ecosystem breadth wide and varied Elastic shrink and grow due to business needs REST Department C 2 A platform, interface and ecosystem agnostic service gateway is used to create scalable business services that cross domains

Dynamic Perimeter What does Platform Choice Mean? How do I deploy consistent, secure, reliable services to my customers and partners Hybrid Cloud Infrastructure Service Gateway Customer and Partners Service Gateway Enterprise Middleware Enterprise Security (IdM, AAA)..and do it across different vendor products and different datacenter models? 3 Service gateways provide a scalable, cross-vendor control point On-Premise Infrastructure

Example: JBoss Enterprise SOA Platform Light weight, next generation ESB to enterprise integration and process automation JBoss Enterprise SOA Platform 4 Light weight footprint EAI, SOA, EDA, workflow, CEP (future) Wide range of deployment scenarios up to large scale integration platform Red Hat Enterprise Linux Windows, UNIX, other Linux

Extending SOA for Business Growth App Types egov Supply Chain Customers, Partners, Agencies, Employees Authentication and Perimeter Security Concerns Scalability and Performance Concerns? Web 2.0 Audit, Privacy and Data Protection Concerns Mediation of technology across Enterprise silos JBoss Enterprise SOA Platform Dynamic Enterprise Perimeter IaaS/PaaS Cloud 5 Enterprise SOA Must Be Securely Extended Outside the Enterprise

Regain Control.Go Stack Neutral Why a Service Gateway? Flexibility SOA,WOA, Legacy, Devices Security URL, Service, Function, AAA Tokens Proxy Service Clients Service Gateway PEP Control Audit, Logging, Metering Performance TPS, Latency, Throughput Manageability Software, Hardware or Virtual Machine.. 6 Low overhead. Simplified SOA Infrastructure to deploy & secure purpose built services

X A C M L Request X A C M L R esponse Secure the Perimeter Edge What is a Service Gateway? Single entry point for all application traffic Identity Management Systems Application Servers Legacy Applications Databases Separation of concerns Edge security provides earlier threat detection Proxy JMS FTP TCP FILE Custom SOAP HTTP(s) JDBC Service Clients HTTP(s) Service Gateway PEP SNMP JMX JMS Consistent security policy enforcement High performance security offload Easier to manage & audit YES NO AuthZ Policy Decision Point Business Service Repository 7 Externally facing security layer and central proxy that connects domains, middleware & identity infrastructure

Secure the Perimeter Edge Service Gateway From the Data Center to the Cloud Blue = Virtualized Internal Data Center Grey = External/Cloud 8 Point of Entry for Private, Public, Hybrid Environments

Usage Model #1: Inter-domain or Edge Gateway Domain 1 - Enterprise Domain 2 Partner Dept Service Gateway XML Firewall JBoss Enterprise SOA Platform Quality of Service REST to SOAP Mediation WS-Security Speed! 9 Enables build out of dynamic apps with abstracted delivery to consumers, partners, employees

SOA Platform Demonstration Overview jbpm Admin Console Approve Reject Order Processing JMS File SOAP BRMS AtomPub Feed for New Orders Rule Repository 10 VB.NET Priority Discount Rules

SOA Expressway and JBoss Enterprise SOA Platform Trusted Partner Partner Portal Portal Partner Web Service REST Request over SSL LDAP JBoss Enterprise SOA Platform Signed SOAP SOAP Firewalling DoS Protection Runtime Policy Enforcement REST to SOAP Mediation Authentication Throttling, Auditing and Logging Separation of Concerns Massive Scalability Dynamic Enterprise Perimeter 11 SOA Expressway securely exposes JBoss SOA 5 to business partners of all types

Usage Model #2: Runtime Governance Enterprise Service Infrastructure Security Policy Client Service Gateway UDDI/WSDL JBoss Service Registry or other BSR Runtime Policy Enforcement Fine-grain Authorization Transport Security Token brokering 12 Simplified service lifecycle management and complex policy enforcement

Usage Model #3: Cloud Gateway Security Token Service Cloud API Security & Brokering Enforce Distributed Authorization Governance, Metering, Compliance Enterprise Cloud IdM and App Infrastructure Service Gateway STS Private, Public, Hybrid Session Cookie SAML Token 13 Identity based cloud security for externalization of ids and a controlled dynamic perimeter

Case Study Security and Mediation Goal: Public network integration using web services Problem: Rising costs and inefficient secure updates of patient data Solution: High performance, low cost, extensible security gateway XA Transaction Mgr Denial of Service Protection XML Firewall Custom AES Decryption HTTP Request Patient Info JMS Queue Application Infrastructure Encrypted Payload Decrypted HTTP Response Application Server 14 Intel was chosen over the homegrown solution which required 32 servers to scale to the required 160,000 messages per day

Regain Control Go Stack Neutral Intel SOA Expressway or or SOA Soft-Appliance Virtualized Appliance Tamper Resistant Hardware Appliance 15 Available on all major operating systems

Regain Control Go Stack Neutral Intel SOA Expressway or or SOA Soft-Appliance Virtualized Appliance Tamper Resistant Hardware Appliance CODING Protocol Agnostic REST.,SOAP XML, Non-XML HTTP, FTP, TCP Performance 2x hard appliances Tie-in to chip roadmap Efficient XML parsing at machine level Secure Tamper proof appliance Common Criteria XML Firewall AAA integration No Programming Simple visual environment Flexible Routing Transform Validation Service Call-outs Firewall Rules 16 Available on Red Hat Linux & other OSs

Hardware Appliance Form-Factor Tamper resistant appliance form factor features: Physical Tripwire Secure Boot and BIOS Snooping protection Data Confidentiality Tamper Resistant Federal Market Certifications FIPS 140-2 Level 3 Cryptographic Hardware Common Criteria EAL4+ DoD STIG Ready Network shareable HSM Intel manufactures & supports 17 Ready for secure High-Assurance verticals

JBoss Enterprise SOA Platform www.jboss.com/resources/soa/ www.dynamicperimeter.com Enterprise SOA Platform Data Sheet Joint JBoss/Intel White Paper Enterprise SOA Platform White Paper New Cloud Security White Paper JBoss Community Pierre s Blog Truth in SOA Blake s Blog 18 http://community.jboss.org/people/pfricke/blog/ http://soatruth.blogspot.com/

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information