Download - Bullet Proof Your Cloud Slide
-
7/30/2019 Bullet Proof Your Cloud Slide
1/19
Bullet-proof your Cloud
Jyothi Swaroop, Product Director. Oracle Fusion Middleware
-
7/30/2019 Bullet Proof Your Cloud Slide
2/19
Top of Mind for Cloud / Inter-EnterpriseOracle SOA Governance Customer Advisory Board 2011-12 Su
2
Managing the integrity of transactions across organizational boundaries
Meeting service levels for clients
Managing security across organizational boundaries
Controlling access to and utilization of external resources
Please characterize your interest in Governance for cloud or B2B computing
-
7/30/2019 Bullet Proof Your Cloud Slide
3/19
Common Hybrid InfrastructureBlend of Private and Shared, Public Data Centers
ERP PLM SCM HCM CRM
DATA
SYNC
Hybrid IT Infrastructure
Separate, Shared DaPrivate Data Center
3
End-to-End Security Control over Access and Utilization
Service Level Management
Transaction Integrity
On-premise Public Cloud
-
7/30/2019 Bullet Proof Your Cloud Slide
4/19
SOA & Cloud Security StrategyAcross Security Layers
Enterprise
Gateway
DMZ
HTTP GET/POST
REST
XML
SOAP
JMS
Extranet
First Line Of Defense Service
Virtualization
En
Se
Intranet
Web Client
(Browser)
Web Service Client
Web Service Client
Web Service Client
Web Service Client
Service BusOWSMAgent
OWSM
OWSM
Common Security Pol
-
7/30/2019 Bullet Proof Your Cloud Slide
5/19
First Line of DefenseXML Firewalling Against Attacks
XML content attacks
Checking for XML well-formedness; XMLdocument size; XPath and XQuery injection;
SQL injection; XML encapsulation; XML viruses
Scanning outgoing messages for sensitive
content based on metadata or regular
expression patterns
Detecting XML bombs and XML clogging
Scanning WSDL files
XML schema and DTD attacks
Checking for schema and DTD valid
Cryptographic attacks
Public Keys
Replay
SOAP attacks
SOAP operation filtering
Checking for rogue SOAP attachm
viruses)
Communication attacks HTTP header and query string ana
IP address filtering
Traffic throttling
5
-
7/30/2019 Bullet Proof Your Cloud Slide
6/19
Description
Intrusion detection of cryptographic, XML
and SOAP attachments Real-time monitoring
Policy management
Benefits
Ensures reliability of hybrid infrastructure
Improves performance through policy
conformance
Solution: Web Service Security in the DMZOracle Enterprise Gateway
-
7/30/2019 Bullet Proof Your Cloud Slide
7/19
XML Acceleration
- Fast processing of XM- Fast XML validation
- Patented acceleration
DMZ Security
- Fine grained authoriz
- Authentication
- Identity propagation
Oracle Enterprise GatewayXML Acceleration and Web Service Security in the DMZ
Passed XMLMessages
Blocked XMLMessages
XML LoadSpeed
-
7/30/2019 Bullet Proof Your Cloud Slide
8/19
End-to-End SecurityAuthentication Across Enterprise Boundaries
SaaS
Employee
Integrator
App
Providers offer Cloud
Gateway provides inb
security for providers
Customers use Cloud services
Gateway applies outbound security
required to access services
If request must be signed,
Gateway does the signing
EnterpriseGateway
Enterprise
Gateway
Customer loads API Key into
Gateway
Provider issues API Key to
customer
8
Gateway submits authentication
credentials including API Key
On-premise Public Clo
-
7/30/2019 Bullet Proof Your Cloud Slide
9/19
Access to Cloud ServicesEnterprise Gateway Connectors
Configure Enterprise Gateway to connect to Cloud services
Salesforce.com using a combination of a password and pre-shared key foauthentication
Amazon Web Services via HMAC signature over the request
Providers like Terremark using the vCloud API (through HTTP Authenticat
9
-
7/30/2019 Bullet Proof Your Cloud Slide
10/19
End-to-End SecurityIdentity Management and Propagation
10
Web Application
Web Service
Web Client(Browser)
Web Service Client
Web Client(Browser)
Web Service Client
Web Service Client
Web Service Client
Web Application
Web Service
Web Access Control Identity & Role Mgt
Identity Management
EnterpriseGateway
Firewall
DMZ
User Provisioning
Governance
User Identities
RBAC, Fine-
GrainedAuthorization
AuthZ AuthN
HTTP GET/POST
REST
XML
SOAP
JMS
HTTP GET/POST
-
7/30/2019 Bullet Proof Your Cloud Slide
11/19
Control Access and UtilizationApply Policy for Security & Service Levels
11
We
Web Service Client
Web Client(Browser)
Web Service Client
Web Service Client
Web Service Client
HTTP GET/POST
REST
XML
SOAP
JMS
PolicyAgents
J
A
SO
.NET WPL/SQL WS T
JMS
Identity
Management
SOA Management
EnterpriseGateway**
Policy Manager
Web Client(Browser)
REST
Service
Bus*
* Service Bus can be used with or without Policy Manager integration** Enterprise Gateway may optionally use same policies as Service Bus and Policy Agents
SOAP
Policy Manager
Unified policy model from the
endpoint
Policy Manager
-
7/30/2019 Bullet Proof Your Cloud Slide
12/19
Meet Service LevelsClient-Based SLA Alarms
Service Level Objective (SLO)
For Platinum customers: Ave. Response time per hour < 6 sec
Warning threshold
-
7/30/2019 Bullet Proof Your Cloud Slide
13/19
Transactions no longer vanish becauseof delays, failures, errors
- Monitoring and alerting before users
complain
- Single source for status of each transaction
Problem diagnosis and managing exceptions is less laborious, with shorter
mean-time-to-resolve
- Averts 80% of effort spent merely isolatingthe issue
- No longer a manual effort based on log mining
- Fewer developer resources diverted to IT fire-drills
Business transaction context (not just system-centric monitoring)
- Includes critical business context (Customer name, order size, part numbers)
- Captures a range ofbusiness-oriented errors & faults
Transaction IntegrityAcross Enterprise and Cloud
13
Process Engine Service Bus
Appliance Web
-
7/30/2019 Bullet Proof Your Cloud Slide
14/19
Approval Workflow
Compliance in the Cloud
14
Enterprise
Repository
Architect
Developer/ IntegratorCompliance
Reports
Design Policy
Cloud Services andContracts
Service approved for use in thisOrganization
Employee
On-Premise: Design time
Employee
On-Premise: Operations
Security and Access
Interoperability
Architecture
Standards
Corporate & Regulatory
Compliance
Service Level
Agreements
Audit
Logging &
Reporting
App
Security
Policy
SaaS
Public Clo
Secure
Access
XML Validation
Payment Card Industry Data Security Sta Statement on Auditing Standards 70: Ser
Standards Board of the AICPA. Health Insurance Portability and Account
-
7/30/2019 Bullet Proof Your Cloud Slide
15/19
API ManagementSecurity, Monitoring and Governance
API
Secure
REST APIs Threat
Protection
API GovernanceAPI Monitoring
and Management
Gaming Consoles
Mobile
-
7/30/2019 Bullet Proof Your Cloud Slide
16/19
Governing SOA in the CloudFarmers Insurance Group Challenges Similar
to Shared Services
16
Key Capabilities & Requirements Shared Services Cloud Computing
Platform Considerations
Multi-tenantarchitecture
Infrastructure Yes Yes
Middleware Yes Yes
Services Yes Yes
Processes No Yes
Abstracted / virtualized shared platform Yes Yes
Self-Service control panel No Yes
On-demand scaling No Yes
Visibility and Control Considerations
Security Yes Yes
On-demand provisioning No Yes
IT service catalog Yes YesIT service management Yes Yes
Lifecycle Management Yes Yes
Standardization Yes Yes
Governance and Compliance Yes Yes
Business Considerations
FinancialManagement
Metering Yes Yes
Billing Yes Yes
-
7/30/2019 Bullet Proof Your Cloud Slide
17/19
Oracle Fusion MiddlewareFor Policing the Cloud
17
Oracle SOA Governance
Oracle Enterprise Gateway XML Gateway for Perimeter Security; Connections to Clou
Oracle Web Services Manager Security Policy Management; Policy Agents for Endpoints
Oracle Identity Management User Provisioning; Authentication; Authorization and Fine-GRole Management
Oracle Enterprise Manager Service Level Management & Diagnostics; Business TransMonitoring & Reporting by Client
Oracle Enterprise Repository and
Service Registry
Catalog of IT Services and Contracts; Governance Workflo
Design/Architecture Compliance
-
7/30/2019 Bullet Proof Your Cloud Slide
18/19
Oracle SOA & Cloud Security Strategy
Cloud Security
Security Inside-Out
Flexible & Agi lePerimeter Security
Fusion Middleware
SecurityCons istent & Integrated
Application Security
Delivered through Oracle Enterprise
Gateway
Delivered through Oracle Web Services
Manager
DeSer
Age
N t St
-
7/30/2019 Bullet Proof Your Cloud Slide
19/19
Next Steps
Amazon EC2:
http://bit.ly/HLgyRS
2. Run Oracle SOA on the Cloud
3. Attend an Upcoming SOA Event
5. Join Oracle SOA communitie
1. Explore Oracles Web Sites
www.oracle.com/soa
http://bit.ly/soagovhttp://bit.ly/OEGateway
Oracle Event Site
www.oracle.com/events
4. Oracle SOA Governance
Resource Kit Whitepapers,
Datasheets, Demos, etc.
facebook.com/O
Oracle SOA
twitter.com/Ora
http://bit.ly/soagovkit
Blog blogs.oracle.co
http://www.oracle.com/soahttp://www.oracle.com/soahttp://www.oracle.com/soahttp://bit.ly/soagovkithttp://bit.ly/soagovkithttp://www.oracle.com/soahttp://www.oracle.com/soahttp://www.oracle.com/soahttp://www.oracle.com/soahttp://www.oracle.com/soa