2. Overview
Discussion of multi-enterprise SOA implementations, the
challenges involved and how SOA appliances can help build
these architectures
• What is multi-enterprise?
• The Role of SOA
• Real World Issues
• Implementation challenges
• Characteristics of a solution
• The role of SOA appliances
• Summary and Questions
September 2008
Building Multi-Enterprise SOA
3. What Exactly is Multi-Enterprise?
Multi-
Enterprise-Centric
• Most ERP and business applications use enterprise-centric
architecture
• Focus is on meeting the enterprise's objectives
Extended enterprise
• An attempt to support the needs of partners by extending and
elongating the enterprise data and process model
• Enables partners to interact with each other more easily, but
this environment is not ideal
• Each partner still has to learn how to work with each other’s
business applications, each integration is point-to-point
Multi-enterprise
• A new architecture is required for more complex and
interactive multi-enterprise business processes
Adapted from: The Emergence of the Multienterpise Business Process Platform - Gartner, 11/07
September 2008
Building Multi-Enterprise SOA
4. Multi-
Multi-Enterprise Examples
Examples from many business verticals:
Manufacturing
Manufacturers and suppliers
Insurance
Insurers and brokers
Corporate
Corporations and outsourced service providers
Telecom
Service providers and content providers
Architectural models used in these implementations includes:
EDI, Web, SOA, B2B, Saas, Cloud …
September 2008
Building Multi-Enterprise SOA
5. Where Does SOA Fit In?
Flexible integration across departments, clients and partners
Reuse of software components across business processes
Interoperability across applications
Corporate
Untrusted ? Network
Entity MQSeries
Network
Business
Partner
Unit
CORBA
Web Services Network
Network
September 2008
Building Multi-Enterprise SOA
6. Implementation Challenges
• Big step between point solutions and multi-enterprise services
Requires managed, standards compliant SOA framework
• Not all partners are created equal
Rationalizing differences between development skills, security and legal requirements
• The real world is messy
Making integrations work across all boundaries will be tough
Corporate
Untrusted ? Network
Entity MQSeries
Network
Business
Partner
Unit
CORBA
Web Services Network
Network
September 2008
Building Multi-Enterprise SOA
7. The Real World …
September 2008
Building Multi-Enterprise SOA
8. The Real World …
Multiple
Identity
Sources
Multiple
Domains
Multiple
Platforms
Web
Applications
Green
Screen
Systems
Multiple
Transports September 2008
Building Multi-Enterprise SOA
9. (Some) Real World Issues
Application Silos
• Applications from different vendors with narrowly defined interfaces
and tight coupling to other systems
Islands of Identity
• Different identity repositories, schemas and provisioning systems
Mixed Transport
• SSL, HTTP, JMS, MQ, etc.
Heterogeneous Platforms
• Linux, UNIX, Windows, client-server, mainframe
Heterogeneous Clients
• Browsers, green screen, thick clients, other applications
Web Portals
• May already be default on-ramp for external partners
September 2008
Building Multi-Enterprise SOA
10. Moving to Multi-Enterprise
Multi-
Security
• Much more granular and much stronger
• Authentication / authorization mechanism is required
• May need to segregate data physically with separate databases
Integration
• More complex - participating applications and systems are scattered
across companies
• Integration approaches will need to be simplified and rationalized to
manage the increase in complexity across multistep process integration
Data and Process Model
• Need to be designed around common keys that help link enterprises in
their interactions
• Gets more complex with potential range of range of one-to-one and
one-to-many (and even many-to-many) business processes over time
Adapted from: The Emergence of the Multienterpise Business Process Platform - Gartner, 11/07
September 2008
Building Multi-Enterprise SOA
11. A Spectrum of Implementation Challenges
Delivering on the Promise of SOA
• How to implement business process
• How to avoid “broken” integrations
Maintaining Security
• Where to enforce security
• Ensuring consistent security
Meeting SLAs
• Measuring and meeting both project and service SLAs
• Reporting and acting on SLA violations
Ensuring Compliance
• Instrumentation of the path and ensuring integrity
• Providing validation and alerting mechanisms
Management
• Providing the tools to manage the system
• Fitting into existing internal processes September 2008
Building Multi-Enterprise SOA
12. The SecureSpan Product Line
First suite of security and networking
products to address the full spectrum
of XML deployments:
• Service Oriented Architectures (SOA)
• Web 2.0 and Web Oriented
Architectures (WOA)
• AJAX, REST and non-SOAP
applications
• ESB, Portal, B2B and Application
Oriented Networking
September 2008
Building Multi-Enterprise SOA
13. A SOA Gateway’s View of the World
What roles does a SecureSpan
XML Networking Gateway perform?
• Read policies
• Create / store policies
• Enforce policies
• Identify exceptions
• Act on exceptions
• Report exceptions
• Capture audit trail
*Enforcement points enforce policies within a specific context
September 2008
Building Multi-Enterprise SOA
14. A SOA Gateway’s View of the World
What roles does a SecureSpan
XML Networking Gateway perform?
• Read policies
Design-Time
• Create / store policies
• Enforce policies
• Identify exceptions Run-Time
• Act on exceptions
• Report exceptions
Diagnostic
• Capture audit trail
*Enforcement points enforce policies within a specific context
September 2008
Building Multi-Enterprise SOA
15. A Few Policy Examples
Threat Protection
• Screen messages for specific / general threats
Identity Based Access Control
• Grant access to specific users or groups
Content-Based Processing
• Perform different processing based on specific content
Selective Version Control
• Transform to mediate client / service versioning issues
Service-Level Agreement
• Process based on measured quota or class of service
September 2008
Building Multi-Enterprise SOA
16. Common Multi-Enterprise SOA Requirements
Multi-
• Identity and Trust Control Process
Authenticating and certifying identities
• Policy Definition Environment
Tailor security (and other) policies to each service consumer and
provider relationship
• Automated Policy Provisioning and Coordination
Establish policies that can be distributed, verified and managed
• Compliance Verification Framework
Enforce, audit, alert and report compliance to policies and SLAs
September 2008
Building Multi-Enterprise SOA
17. SOA Appliances and Multi-Enterprise SOA
Multi-
• Security policy composed in policy editor
• Enforcement point acts on policy Service
Endpoints
• Client software conforms to policy (Secure Zone)
• Enforcement point reports on compliance
Internal Firewall
External Firewall
Corporate
Identity Server
Business Partners SOA Gateway
Policy Editor
DMZ
September 2008
Building Multi-Enterprise SOA
18. SecureSpan and Multi-Enterprise SOA
Multi-
• Security policy composed in SecureSpan Manager
• XML Networking Gateway acts on policy
• Client software conforms to policy OR
Service
• XML VPN Client conforms to policy Endpoints
(Secure Zone)
• Enforcement point reports on compliance
Service Consumer
with Hard-Coded
Policy
Corporate
Identity Server
SecureSpan XML
Service Consumer WS-Policy Networking Gateway
with SecureSpan XML
VPN Client
WS-Policy
SecureSpan
Manager
September 2008
Building Multi-Enterprise SOA
19. (Some) Real World Issues
Application Silos
• Applications from different vendors with narrowly defined interfaces
and tight coupling to other systems
Islands of Identity
• Different identity repositories, schemas and provisioning systems
Mixed Transport
• SSL, HTTP, JMS, MQ, etc.
Heterogeneous Platforms
• Linux, UNIX, Windows, client-server, mainframe
Heterogeneous Clients
• Browsers, green screen, thick clients, other applications
Web Portals
• May already be default on-ramp for external partners
September 2008
Building Multi-Enterprise SOA
20. How SecureSpan Addresses Real World Issues
Application Silos
• Almost all major commercial applications are SOA-enabled
Islands of Identity
• SecureSpan can leverage LDAP, SSO and federation systems
Mixed Transport
• SecureSpan supports a mix of transports including HTTP, FTP, JMS
Heterogeneous Platforms
• SecureSpan is standards-based and application platform independent
Heterogeneous Clients
• SecureSpan has solutions to help fill the gap between clients and apps
Web Portals
• SecureSpan works in conjunction with both portals and SSO systems
September 2008
Building Multi-Enterprise SOA
21. Multi-
Multi-Enterprise Wide-Area Routing Fabric
Wide-
Business Partner Business Partner
With SecureSpan With SecureSpan
Appliances Appliances
Business Partner SecureSpan
With SecureSpan XML Networking
Appliances Gateway Cluster
September 2008
Building Multi-Enterprise SOA
22. Summary
SOA Can Be Extended Outside of the Enterprise
• Identity, security, provisioning, management …
SOA Appliances Can Help
• Can provide fine-grained personalization of policies
• Robust, high-performance enough for the DMZ
Be Aware of Potential Blockers
• Establishing meaningful authentication, negotiating portals …
• Coordinating policies with partners
Multi-Enterprise SOA is Not a Product
• No single solution, but lots of products can help
• Good choices can meet immediate and long-term needs
September 2008
Building Multi-Enterprise SOA