Download presentation
Presentation is loading. Please wait.
1
Automated Policy Enforcement Adam Vincent, Layer 7 Federal Technical Director avincent@gov.layer7tech.com
2
Automated Policy Enforcement Overview A service is not actually a reusable service until it has completed governance processes and is ready to meet run-time governance requirements. – The challenges of run-time SOA governance – Critical elements for a run-time governance framework – The path from automated policy enforcement to governance Automation
3
SOA Implementation Challenges Delivering on the promise of SOA – How to implement business process – How to avoid “broken” integrations Maintaining Security – Where to enforce security – Ensuring end to end security Ensuring Compliance – Instrumentation of the path and ensuring integrity – Providing validation and alerting mechanisms Automation – Providing the tools to manage the system – Fitting into existing internal processes
4
Run-Time SOA Governance: Requirements and Product Mappings Requirements: – Identity and Trust Control Process Authenticating and certifying identities – Policy Definition Environment Tailor security (and other) policies to each service consumer and provider relationship – Automated Policy Provisioning and Coordination Establish policies that can be distributed, verified and managed – Compliance Verification Framework Enforce, audit, alert and report compliance to policies Product Mappings: – Identity and Trust Control Framework Directories, Single Sign-On, Federation, PKI – Policy Definition Environment Integrated Development Environments, Identity and Access Management Systems, Web Services Policy Editors – Automated Policy Provisioning and Coordination Registries, Repositories, Policy Management Systems – Compliance Verification Framework Policy Application Points, Policy Enforcement Points, Management Systems, Reporting Tools, Alerting and Correlation Systems
5
With all these products what's missing? We can not support RAPID service design, delivery and change in accordance with the governance requirements in a manual fashion. Service lifecycle and governance must be automated wherever possible! Identity and Trust Control Process Policy Definition Environment Automated Policy Provisioning and Coordination Compliance Verification Framework Manual Governance Processes (Design-Time Governance) Technical Governance Tools (Design-Time/Run-Time Governance)
6
Corporate And Architecture Drivers: “Runtime Policy” Framework Corporate Policy Drivers (Inputs) -Manual Governance -Compliance -Security -Classification Levels Security -WS-Security -X509TokenProfile -SAMLTokenProfile -XML Encryption -XML Signatures Runtime Policy Corporate Architectural Drivers (Inputs) -Flexibility and Reuse -Platform Independence -Integration with existing infrastructure -Security, Scalability, Availability, Performance Transport -HTTP -TLS -JMS SLA -Response Time -Availability -IP Range, ToD -Throughput Limits -Non-repudiation Message X-Form -Versioning -Localization -Data Structures Reliability -WS-RM Threat Protection -Schema Validation -Virus Scanning -Attachments Platform -Load Balancing -WS-Addressing
7
Run-Time Policy Enforcement QA/Test Run-Time The Evolution of a Service (not automated) Design QA/Test Deploy Security Monitoring Compliance Test/QA weather Test/QA weather Deploy Run-Time Security Monitoring Compliance Deploy weather Deploy weather Business Service Design Policy Design Run-Time Governance Configuration WSD L Run-Time Governance Configuration White- Paper
8
QA/Test Run-Time Policy Enforcement Automation Security Monitoring Compliance Test/QA weather Test/QA weather Deploy Run-Time Security Monitoring Compliance Deploy weather Deploy weather Business Service Design Policy Design WS- Policy Automation Approved!
9
Future Vision of Service Deployment Automation QA/Test Run-Time Test/QA weather Test/QA weather Deploy Run-Time Security Monitoring Compliance Production Weather Production Weather Run-Time Governance Layer USE QA/Test Deploy QA/TEST or Production QA/TEST or Production
10
Summary Run-Time Governance Builds On Existing Infrastructure – Identity, security, provisioning, management … Run-Time Governance Starts With Policies – Must be be concise and enforceable – Must fit into overall business process Run-Time Governance Requires Enforcement and Reporting – Enforcement is critical first step in implementation – continuous reporting on compliance is important – Needs to be consistent and manageable SOA Governance Is a Goal, Not a Product – No single solution, but many products can help – Good choices can meet immediate and long-term needs
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.