Académique Documents
Professionnel Documents
Culture Documents
DeeDee Kato
Senior Product Manager, TIBCO
Chris Martha
Senior Product Manager, TIBCO
Agenda
Q&A
Simply Put
Manufacture
Your IT Infrastructure
Is varied - third party apps, trading commerce, legacy apps, web commerce infrastructure.. Grows organically over time Is heterogeneous Java, .net, Perl/Ruby, Has complex dependencies Is ever changing
Challenges in IT
Enterprise Architect IT Developer How do I promote reuse through Where does all of the service visibility and trust reference information reside? Are there rules to change / How is this information validate / approve services? searched and accessed? How can I make sure the How is access to the services comply to design time information controlled? policies such as WS-I basic How can I be notified of any profile? changes? How do I implement heterogeneous Enterprise Level Governance?
Challenges in SOA
Operations & Administration Which services are available? Are all required services up and running? Are the right consumers accessing the right services? Are my services secured from unauthorized access? If a service is changed who and which other services will be affected? How can things be fixed when something goes wrong? Is the required Quality of Service (QoS) provided? Overall Business No SLA Violations Ensure security and auditing requirements are met Regulatory compliance requirements (e.g.. HIPAA, SOX) Ensure time to market Cut costs
What is SOA Governance? SOA Governance is about Accountability (clear roles and responsibilities), Visibility (of assets and their access control, and Auditability (who did what) through the entire lifecycle.
1. 2. 3. 4. 5. Decide what services to expose Register the services Monitor environment Secure services Manage Service Level Agreements for operational assurance 6. Virtualize the services for location transparency and high availability 7. Integrate/Mediate Services
Ensuring and validating that assets and artifacts within the architecture are acting as expected and maintaining a certain level of quality. Gartner, Magic Quadrant for SOA Governance, 2007
Service Consumers
Deploy
Deploy
Deploy
Deploy
Deploy
Policy
Policy
Policy
Policy
Policy
Policy
TIBCO
Ecosystem
C/C++
Ecosystem
COBOL
Ecosystem
Java EE
Ecosystem
.NET
Ecosystem
???
Ecosystem
Integration
Warehouse
Accounting
Sales
Supplier
Distributor
Core Business Process SOA Governance (Service Registry, Integrated Services View, Policy Management, Service Performance Mmgt) Deploy Administrators Developers/ Producers
SLA Commitments
Deploy
Deploy
Deploy
Security Policy
Governance Rules
Composite Mappings
Operational Dashboard
Orchestrations
TIBCO
Ecosystem
C/C++
Ecosystem
COBOL
Ecosystem
Java EE
Ecosystem
.NET
Ecosystem
???
Ecosystem
Integration
Warehouse
Accounting
Sales
Supplier
Distributor
Common logging environment Hot deployment of additional instances to dynamically adjust to spikes or outages in environment Configure and apply policies Automatic corrective actions with predictive service management
Hot deployment of additional instances Add more nodes and Redeploy with zero downtime
ActiveMatrix Administrator integration Leverages ActiveMatrix facilities such as the Common Logging Framework
Agenda
Q&A
Service 2
returns NonNon-Sensitive Subset of data Process returns subset of data
When the developer implements security Developers MUST understand security standards and how to implement them across all technologies and packages: .NET, J2EE Policies definitions are not globally defined, applied, and managed Policies are atomically applied to services by the developer Policy changes typically require the developer to modify all the affected projects Changes require re-deployment of the application code
Se rv ic e
Im pl e
es
Business Analyst
Developer
Developer
Deploy
Manage
St a
Admin Ops
ge
Auditor
on Po fig lic ur y at io n
ig n
Se rv ic e
on Po fig lic ur y at io n
Advantages of declarative, run -time defined policies over hard run-time hardcoding policies into functional components:
Business Analyst
m en tS er vi St ce ag e
Im pl e
es
on, Division Division of of Effort, Effort, Leverage, Leverage, Concise Concise Specification, Specification, Comprehensi Comprehension, Flexibility Flexibility
Developer
Auditor
Admin
Deploy
Deploy
Line Manager
Manage
Ops
Enforce
Service Lifecycle
Policy Lifecycle
D Po ef li in cy iti on
Security Officer
ig n
Agent
User specified settings
Policy assertions
Agent
Warehouse Service
User specified settings User specified settings Policy assertions Policy assertions
Types of Policies
Authentication Add a digital signature to outbound messages. Validate the digital signature on inbound messages. Authorization Check that the requestor has valid credentials and appropriate access permissions Encryption / Decryption Encrypt messages as they exit an endpoint Decrypt messages as they enter an endpoint. Credential Mapping Automatically attach appropriate credentials to request messages before they arrive at services. Censor Mapping To modify response messages to censor sensitive information based on the role of the requestor. Log Faults When a request results in a fault message, log the details for later analysis by an administrator.
1.
BW Consumer
BW Provider
2.
Client-side proxy
BW Consumer
AMX
3.
Client-side proxy
BW Consumer
J2EE Provider
Proxy Proxy Agent Agent Approach Approach Embedded Embedded Agent Agent Approach Approach deployed deployed natively natively in in ActiveMatrix(comes ActiveMatrix(comes free free with with ActiveMatrix ActiveMatrix Service Service Grid, Grid, ActiveMatrix ActiveMatrix BusinessWorks , BusinessWorks, ActiveMatrix ActiveMatrix Service Service Bus) Bus) NEW! NEW! Embedded Embedded Agent Agent for -RPC and -WS for JAX JAX-RPC and JAX JAX-WS services services hosted hosted in in J2EE J2EE Solves -mile security Solves last last-mile security issues issues extending extending out out to to heterogeneous heterogeneous environments! environments!
Agenda
Q&A
Discover Services
Individual & Grouped
Measure Observables
Throughput & Latency Availablility Client Usage Faults Custom Metrics in the Business Payload
SPM is an enterprise software platform that monitors and proactively manages the health and performance of both IT and Business services based on Service Level Agreements (SLAs) SPM predicts and solves customer issues before customers become aware of them. It enables your organization to meet Quality of Service objectives SPM provides Autonomic Computing (Self-Healing) for your SOA environment SPM - Managing your SLAs for your SOA.
In Summary
Governance spans across heterogeneous environments and should not be integrated into any one vendor integration stack Governance starts with defining the Business issues and the Organizational and Roles participating to address these issues Lifecycle Governance is about reuse, dependency and impact analysis, and governance processes to provide consistency Operational Governance is critical to ensure service level agreements are met through security policies and enforcement, audit and logging requirements, performance, and high availability of the environment You Should be Implementing Governance Now!
Questions
SOA Resource Center http://soa.tibco.com Whitepapers Whiteboards Webinars Podcasts Case studies Articles Reports
Thank You!
Introduction to TIBCO ActiveMatrix Governance
April 29, 2008 soa@TIBCO.com
HP-UX 11.31 (IA-64) Linux 2.6 kernel (x86, 32-bit) with glibc 2.3 Solaris 10 (SPARC 32-bit and 64-bit) Solaris 9 (SPARC) Database Oracle 9i Release 2 (9.2) Oracle 10g Release 1 (10.1) Oracle 10g Release 2 (10.2) Microsoft SQL Server 2005 Identity Management Systems Microsoft Active Directory Server Open LDAP LDAP SSL support Sun Java System Directory CA Siteminder
WS-Standards
WS-Security 1.0
SAML 1.0 with 1.1 Assertions Username Token Profile 1.0 X.509 Token Profioe 1.0 No Kerberos support
SOAP 1.1 and SOAP 1.2 with Attachments XML-Digital Signature XML-Encryption HTTP, HTTPS JMS - 2 way UDDI 3.0 - Universal Description, Discovery, and Integration WSDL 1.1 XSLT, XPATH
Credential Mapping
Basic By Role SAML
Logging
Full message, including SOAP requests, responses and faults Faults only Messages that Satisfy XPath Query All Operations Selected Operations
Authorization
Authenticated users Classification by role Operations by role
Crypto
Forwarding by classification Forwarding by operation Receiving by classification Receiving by operation Encrypt Request Element
Routing
Failover Only Load Balancing with Failover Smart Routing Versioning
1. Crypto Forwarding by Operation/Classification (Client side agent enforces this policy) 2. Routing 3. Credential Mapping 4. Encrypt Request Element 5. SAML based Authentication is only supported at the external endpoint of the service (SOAP endpoint)
Differentiators
TIBCO provides BOTH Lifecycle Governance and Operational Governance All integrated into one User Interface for end-to-end visibility Policy Manager is fully certified with both BusinessWorks and ActiveMatrix Superior SOAP/JMS/EMS performance One-stop shop for Governance and Integration offering for both Sales and Support