Oracle SOA Cloud Integration Project

Slides:



Advertisements
Similar presentations
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Advertisements

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
Module 5: Configuring Access for Remote Clients and Networks.
Firewall Configuration Strategies
Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System architectures Updated: November 2014.
Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.
1 Enabling Secure Internet Access with ISA Server.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Course 201 – Administration, Content Inspection and SSL VPN
Understanding VPN Concepts Virtual Private Network (VPN) enables computers to –Communicate securely over insecure channels –Exchange private encrypted.
LB VIP:Input Endpoint Internal Endpoint foo.cloudapp.net  VIP.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Cloud Computing. What is Cloud Computing? Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Module 7: Firewalls and Port Forwarding 1. Overview Firewall configuration for Web Application Hosting Forwarding necessary ports for Web Application.
Presented by Xiaoyu Qin Virtualized Access Control & Firewall Virtualization.
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Karlstad University Firewall Ge Zhang. Karlstad University A typical network topology Threats example –Back door –Port scanning –…–…
Unleashing the Power of IP Communications™ Calling Across The Boundaries Mike Burkett, VP Products September 2002.
Security fundamentals Topic 10 Securing the network perimeter.
Marin Franković MVP: SCCDM Algebra visoko učilište What’s new in Azure for IT Pro.
Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.
Defining Network Infrastructure and Network Security Lesson 8.
Firewalls Definition: Device that interconnects two or more networks and manages the network traffic between those interfaces. Maybe used to: Protect a.
Security fundamentals
Virtual Private Network Access for Remote Networks
MTA Network Fundamental Cram Sesion
Unit 3 Virtualization.
Virtual Private Networks and IPSec
CompTIA Security+ Study Guide (SY0-401)
Contents Software components All users in one location:
Virtual Private Networks
PCNSE7 Palo Alto Networks Certified Network Security Engineer
Understand Wide Area Networks (WANs)
Affinity Depending on the application and client requirements of your Network Load Balancing cluster, you can be required to select an Affinity setting.
Virtual Private Networks
Network Address Translation
IT443 – Network Security Administration Instructor: Bo Sheng
Planning and Troubleshooting Routing and Switching
Logo here Module 8 Implementing and managing Azure networking 1.
Providing Teleworker Services
IPSec VPN Chapter 13 of Malik.
Introducing To Networking
Introduction to Networking
Introduction to Networking
CompTIA Security+ Study Guide (SY0-401)
6.6 Firewalls Packet Filter (=filtering router)
Unit 27: Network Operating Systems
Azure AD Application Proxy
Microsoft Virtual Academy
Goals Introduce the Windows Server 2003 family of operating systems
Firewalls Routers, Switches, Hubs VPNs
Providing Teleworker Services
Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
Contact Center Security Strategies
Providing Teleworker Services
Firewalls Chapter 8.
AbbottLink™ - IP Address Overview
Introduction to Network Security
Cloud Security AWS as an example.
Cloud Security AWS as an example.
L3-L7 Connectivity Policies
Site-to-site (S2S) VPN Gateway between Azure and On-Premises
AT&T Firewall Battlecard
OCI – VPN Connect Internet Customer Premises
ONAP-to-Edge Secure site reachability
Keeping Data Secure In Azure
Presentation transcript:

Oracle SOA Cloud Integration Project Author: Gopinath Soundarrajan Oracle Infrastructure Cloud Architect Date: 03/Dec/2016

Oracle SOA Cloud Integration Project

Integration Scenario (Dev, SIT(Single Node) Pre-prod, Prod (Cluster Instances) DMZ Inbound/Outbound web service HTTP/HTTPS Remedy Application Inbound/Outbound web service DMZ HTTP/HTTPS Amdocs Application

Connectivity Patterns : Cloud to On-Premise (1/2) Pull from Cloud Pattern: Open Firewall Ports (Inbound) DMZ DMZ The on-premise system polls from the SaaS apps and picks up the message instead of having it delivered. Particularly suited for certain integration approaches wherein messages are trickling in, can be centralized and batched The on-premise system exposes the web services that needs to be invoked by the cloud application. This requires opening up firewall ports, routing calls to the appropriate internal services behind the firewall Pattern: Reverse Proxy (Inbound) & Proxy (Outbound) The on-premise system uses a reverse proxy software on the DMZ to receive messages. The on-premise system uses a proxy software on the DMZ to send messages Reverse Proxy DMZ

Connectivity Patterns : Cloud to On-Premise (2/2) Pattern: On-Premise Agent (Tunneling) Pattern: VPN Tunnel Agent DMZ DMZ The on-premise network is "extended" to the cloud using Virtual Private Networking (VPN) so that messages are delivered to the on-premise system in a trusted channel A light weight "agent" software sits behind the firewall and initiates the communication with the cloud, thereby avoiding firewall issues. It then maintains a bi-directional connection either with pull or push based approaches using the HTTP protocol. HTTP SSH Tunneling is one possible implementation option

Connectivity Patterns : Comparative Study No. Connectivity Patterns Pros & Cons Comment 1. Pull from Cloud Pros: On-premise assets not exposed to the Internet, firewall issues avoided by only initiating outbound connections Cons: Polling mechanisms may affect performance, may not satisfy near real-time requirements 2. Pattern: Open Firewall Ports (Inbound) Pros: Optimal pattern for near real-time needs. Cons: Needs firewall ports to be opened up, may not suffice for batch integration requiring direct database access 3. Pattern: Reverse Proxy (Inbound) & Proxy (Outbound) Pros: Very secure, very flexible Cons: Introduces a new software component, needs DMZ deployment and management 4. Pattern: On-Premise Agent (Tunneling) Pros: Light weight software, IT doesn't need to setup anything Cons: May bypass critical firewall checks e.g. virus scans 5. Pattern: VPN Pros: Individual firewall ports don't need to be opened, more suited for high scalability needs, can support large volume data integration, easier management of one connection vs. a multitude of open ports Cons: VPN setup, specific hardware support, requires cloud provider to support virtual private computing Preferred Option considering current and future use cases  

Connecting to Instances in a Dedicated Site Using VPN Oracle Network Cloud Service – VPN for Dedicated Compute service to establish a secure communication channel between Vodafone data center and the instances in Oracle Compute Cloud Service site a) Request the Oracle Network Cloud Service – VPN for Dedicated Compute service by raising a Service Request (SR) b) Provide a preshared key (PSK) in the 128-bit/SHA1 format. A range of private IP addresses is assigned from the 100.64/10 address range. check - private IP addresses of existing Oracle Compute Cloud Service instances do not conflict with private IP addresses used by on-premises devices Configure VPN gateway device to connect to the Oracle Cloud VPN gateway a) Configure Internet Key Exchange (IKE), Configure IPSec b) Configure a tunnel interface, Configure a static route Start a VPN connection. Up to 20 VPN tunnels between data center and  Oracle Compute Cloud Service site can be created a) Sign in to the Oracle Cloud My Services application, Create a VPN Tunnel by configuring VPN Gateway IP, Pre-shared Key & Reachable Routes b) VPN Gateway IP (IP address of the VPN gateway in data center). Reachable Routes (List of routes (network prefixes in CIDR notation) reachable). Gateway device must support route-based VPN and IKE (Internet Key Exchange) configuration using pre-shared keys  

Oracle SOA Cloud Production Environment

Contact US Website: www.ebizoncloud.com Aus Tel: +61 415 989 008 UK Tel: +44 7405811458

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.