"Case Study: Sun Microsystems - SOA Governance for Oracle"
Sun Microsystems Case Study Creating Agile, Secure SOA through Governance Sun Microsystems is a Fortune 500 vendor of software, systems, services, and Sun Microsystems by the #’s microelectronics that power everything from consumer electronics, to developer tools to the world's most powerful datacenters. Sun is perhaps most Founded: 1982 famous for their network servers that form the core of Internet backbones, Fiscal Year 2008 Revenues: $13.880 provided the raw iron for much of the .com boom, and are used today by billion nearly every sector of society and industry. Ranking: #184 on the Fortune 500 (2008) Employees: 33,556 worldwide Sun runs their business on Oracle, whose ERP, CRM, Financials and eBusiness Locations: Sun conducts business in suite form the IT backbone for Sun’s hardware, software and services divisions. more than 100 countries around the While such an enterprise-strength system has long given Sun the edge they globe needed to effectively compete with the biggest names in the marketplace, Sun’s strengths have always lain in being the smaller, more agile player. The Opportunity Up until now, Oracle Financials, Siebel CRM, Oracle Manufacturing and Oracle eBusiness Suite were using a proprietary messaging system which, while handling more than $9B in revenue, was proving more and more difficult to change. After upgrading to Oracle 11, the functional modules which supported Sun’s online Web store were exposed as Web Services presenting Sun with an opportunity to incorporate them into a flexible, loosely coupled Service Oriented Architecture (SOA). While rivals touted their SOA initiatives, experimenting with Web Services (technology for technology’s sake) or creating catalogs of orphaned Web Services (commonly referred to as JABOWS or “Just A Bunch Of Web Services”), Sun had the foresight to realize that without an effective governance layer in place SOA’s promised business agility would likely remain just that – nothing more than a promise. Enter Layer 7 Sun had done the initial work to identify seventeen key functions within their Oracle suite of applications that would provide the greatest degree of reuse, and had “At Sun our IT philosophy is exposed them as Web services. Because the project was slated to become core to leverage the power of infrastructure that would evolve with their SOA environment, Sun required a way to Java, Web services, and the Internet to enable enterprise ensure these core services could be properly governed – controlled, monitored and computing in the open adapted – over time. network. Layer 7 allows us to After evaluating a number of different vendors for a variety of criteria, including cost-effectively implement capabilities related to security, message validation, message enrichment, protocol SOA governance and Web services security that translation, versioning, monitoring and interoperation with their new common advance that vision while services framework (based on JCAPS), Sun settled on Layer 7. maintaining the flexibility and They were initially drawn to Layer 7’s performance and scalability – the ability to business responsiveness handle high volumes of payloads, and efficiently scale as load and message size was that SOA-based solutions can deliver.” ramped up – and then saw the value in Layer 7’s runtime governance framework, which would provide policy enforcement for security, reliability and compliance Robert Worrall, CIO, Sun requirements, as well as visibility into performance, quality of service and SLA Microsystems conformance for their SOA implementation. © Copyright 2010 by Layer 7 Technologies, Inc. (www.layer7tech.com). All other trademarks are the property of their respective owners. Layer 7 Internal Use Only Sun Microsystems Case Study The Solution Sun’s online Web store is primarily used by certified partners, VARs and resellers to order systems and parts. Hosted at an offsite datacenter, the Web store originally connected across the Internet via a secure VPN system to network-level integration. With Sun’s move to Web services, Sun’s Oracle-based ERP system via a tightly coupled, network the Sun Web store Common Web Platform could now be loosely coupled to the ERP Web services, offering a more flexible solution. Security posed a significant challenge. Sun’s corporate framework encompasses a number of semi semi-autonomous, dispersed geographically-dispersed business units and partner companies, in addition to the many remote consultants, contractors and distinguished engineers – all of whom may require access to the new ne By centralizing AAA SOA infrastructure at one point. Additionally, because the solution would span so many security using Layer 7, different users and security domains, any security solution must be reasonably easy to Sun was able to speed users. use and transparent to legitimate users deployment, decrease maintenance costs and Layer 7 provided the ability to govern cross-domain interactions by enforcing client improve business agility. fine-grained, service level authorization for third parties, as well as authentication and fine generating log files for all interactions within and between organizations to facilitate nforcing compliance and content reporting. Enforc SLAs by rerouting and throttling when threshold throughput values were exceeded was key to ensuring quality of service was not impacted. The Results By using Layer 7 to abstract out AAA security (Authentication, Authorization and Auditing) from the Web services and instantiate them as centrally administered enforceable policy, Sun can accommodate changes in corporate requirements, industry/ government regulations, and Web services standards without needing to code, test and dividual redeploy each individual service. The result is a dramatic decrease in maintenance costs with a corresponding improvement in business agility. Additionally, by centralizing security, Sun was able to speed deployment while standard security architecture. improving overall security by implementing a stand companies Following business acquisitions, compan typically face a difficult challenge integrating their disparate systems. But with robust SOA governance in place, both companies can reduce integration costs and realize efficiencies requirements faster by providing the ability to control, monitor and adapt a solution to fit both party’s requirements. 2010 © Copyright 20 by Layer 7 Technologies, Inc. (www.layer7tech.com). owners. All other trademarks are the property of their respective owners Layer 7 Internal Use Only