VIEWS: 7 PAGES: 2 POSTED ON: 4/4/2012
Create a seamless path from SOA design to composition to secure management When platform-independent Web services traverse multiple systems, providing reliable security and maintaining performance can be an enormous challenge. Sun and Layer 7 Technologies address this challenge by combining Layer 7 SecureSpan SOA Gateways with the Sun Java Composite Application Platform Suite (Java CAPS) and Java Identity Management Suite.
Sun and Layer 7 Identity-Driven SOA Governance < Platform-independent XML/Web services are often the cornerstone of business application integration and Service Oriented Architecture (SOA) development. When these services and business processes traverse multiple, heterogeneous back-end systems and infra- structure, providing reliable security while maintaining performance is an enormous challenge. Sun and Layer 7 Technologies remove this obstacle by combining Layer 7 SecureSpan SOA appliances (delivered on Sun Fire X4100 servers) with the Sun Java Composite Application Platform Suite (Java CAPS) and Java Identity Management Suite, to create a seamless path from SOA design to composition to secure management. SOA identity and security challenges • Implement and intermediate various XML, Identity is at the heart of SOA security, driving WS*, W3C SAML, and WS-I security standards. authentication and authorization decisions for • Filter, extract or redact confidential infor- all client-service interactions. The ability to mation entering or leaving an organization. validate identity is also central to enforcing • Assure endpoint availability and perform- Highlights transactional integrity, message privacy and ance through effective communication accountability policies. However, defining and optimization, cluster management and • SOA security appliance providing Black Pantone 431 Pantone 1797 enforcing identity-based security policies in an SLA enforcement. centralized policy enforcement for SOA is complicated. Machine identities for identity-driven SOA operations, client applications must be reposited within High-performance SOA identity, and protection against malicious a centrally accessible directory. security solutions or accidental attack. The SecureSpan XML Networking Gateway is • Facilitates client authentication, Services must be able to: a SOA security hardware or virtual software service-level authorization, message • Extract identity information from credentials appliance that provides SOA architects a privacy and transaction integrity passed to them inside a Web service’s centralized policy enforcement point for validation. SOAP message identity-driven SOA security operations, • Offers hardware acceleration of • Validate those credentials against a including client authentication, service level XML parsing, validation and trans- authorization, message privacy and transaction centralized identity directory formation for fast policy execution. • Enforce an identity-centric security policy integrity validation. The SecureSpan XML • Assures high service availability like authentication. Networking Gateway integrates with Sun Java and reliability through clustering, System Access Manager such that an existing Web service virtualization and SLA In many instances, there is also a requirement access policy can be reused for SOA. It can also enforcement features. to transpose messages or generate new security be deployed as a proxy to Java CAPS to ensure • Easy-to-configure administrator tokens (e.g. SAML) for secure, interoperable centralized policy enforcement for all commu- options for encryption/decryption, communication with back-end services. nication entering or leaving a Java CAPS-enabled signature and WS* security policies. SOA environment. • Integration with Sun Java Identity In addition to identity-based access, privacy, Management Suite and Composite integrity and accounting policies, SOA security The hardware version of the Layer 7 XML Application Platform Suite solutions must also: Networking Gateway offers hardware accelera- (Java CAPS). • Protect back-end Web services against tion of XML parsing, validation and transfor- attack and exploit, either malicious (DoS, mation for fast message processing of identity replay, parser exploit, ..) or accidental and content. It also comes with optional FIPS- (malformed XML, invalid data, …). compliant crypto acceleration for accelerated SSL, WS-Security and signing operations for XML or SAML. 2 Sun and Layer 7 sun.com For identity-centric privacy and integrity opera- federation. Layer 7’s SecureSpan XML VPN tion, the SecureSpan XML Networking Gateway client is a software or hardware proxy that can For a free trial of the Layer 7 XML provides administrators an array of easy-to- be deployed on or in front of SOA clients to Networking Gateway configure options for defining channel, message request, cache and embed tokens into a client- http://www.layer7tech.com/products/ and element encryption/decryption and signing/ side SOAP call without any client-side coding. signature validation policy. The XML Networking The SecureSpan XML VPN client also ensures page.html?id=82 Gateway can also be configured to delegate that all outbound SOAP messages automati- authentication and authorization decisions to cally conform to policy settings defined on a For more information visit sun.com/layer7 Sun Java Access manager. All operations are Web service, as well as the latest WS* and WS-I http://www.layer7tech.com, or contact available for both inbound and outbound traffic. standards. The SecureSpan XML VPN client your local Sun representative. Public Key Interface (PKI) for the cryptographic automatically embeds sequence numbers and operations can be implemented using the optionally time stamps to ensure any message 1-800-681-9377 SecureSpan XML Networking Gateway’s on- transmitted from the client to a Web service is email@example.com board Certificate Authority or a third-party non-reputable. certificate authority. For implementations using the hardware XML Networking Gateway with For B2B and Extranet applications, the XML VPN Sun and Layer 7 on-board crypto acceleration, a centralized client can also be deployed alongside Java CAPS Layer 7 Technologies markets a family of hardware HSM key store is also included. to deliver simple partner on-boarding. Services XML appliances (delivered on Sun x64 systems) exposed through Java CAPS can be extended to and software to secure, simplify and scale Web In addition to securing identity-based SOA external business units and companies without services and SOA. Modern service-oriented operations, the SecureSpan XML Networking complex coding and testing. application integration models and Web- Gateway offers extensive threat, WS* and oriented application delivery models depend service assurance features including: Security as SOA governance foundation on effectively addressing the performance, • Configurable protections against service All production Web services require policies to security, complexity, reliability and availability communication, API and application attacks, define security expectations and preferences. issues inherent in sharing Web services with including integration with leading virus These security settings can be hard-coded into a other applications. Layer 7 Technologies there- scanners service’s business logic, but at a significant cost fore aims to provide the essential application- • Extensive support for key Web service in programming, testing, change management oriented security and networking infrastructure security standards, including WS-Security, and flexibility. For services provisioned and to enable Service-oriented and Web-oriented WS-SecureConversation, WS-Trust, WS- composed using Java CAPS, the Layer 7 XML architectures (i.e. SOA and Web 2.0) that are SecurityPolicy, WS-Policy, WS-I and SAML Networking Gateway offers a flexible, scalable central to the next wave of Internet and soft- • Broad content filtering and processing options and consistent way to implement, change and ware innovation. for XML, SOAP, RSS and REST- based messaging audit security policies without coding. • Advanced service virtualization, QoS and Layer 7 Technologies interacts with Sun Java SLA operations for assuring maximal service However, the Layer 7 XML Networking Gateway Composite Application Platform Suite and Java availability and responsiveness can also be used to define and enforce any Identity Management Suite to add a layer of WS-Policy- compliant SOA governance policy SOA governance controls without compromising SOA single sign-on and federation including preferences for routing, SLA and QoS. performance or flexibility. Unlike the Web, SOA has no client-side browser The XML Networking Gateway can therefore be analogue to cache session or federation tokens used as a general platform for centrally config- generated by products like Java System Access uring and enforcing SOA policies. Manager or Java System Federation Manager, complicating Single Sign-on (SSO) and identity Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA 95054 USA Phone 1-650-960-1300 or 1-800-555-9SUN Web sun.com © 2008 Sun Microsystems, Inc. All rights reserved. Sun, Sun Microsystems, the Sun Logo and Java are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. SunWIN#: 528778 Lit.#: SWDS14071-0 03/08
Pages to are hidden for
"Identity-Driven SOA Governance with Layer 7 & Sun Microsystems"Please download to view full document