Daily Archives: September 4, 2009

SecureSpan Product Line Certified Against Red Hat’s JBoss Enterprise SOA Platform

We were at this week’s RedHat Summit/JBoss World show in Chicago to announce that the SecureSpan line is now fully certified against the JBoss Enterprise SOA Platform. We’ve seen increasing use of JBoss in our engagements, so this endorsement is important for both Layer 7 and RedHat. We’re huge fans of open source technologies here at Layer 7, and it’s great to be more closely aligned with JBoss.

How Does it Work?

Here’s a very common deployment scenario, showing a SecureSpan Gateway in the DMZ, providing edge-of-the-network governance for JBoss Enterprise SOA platforms:

jboss

Of course, this isn’t restricted to hardware appliances. Every product in the SecureSpan line can be deployed as:

  • Hardware
  • Software on various OS platforms
  • Virtual Appliances for VMWare, Xen, or cloud providers like Amazon.

These options offer architects a lot of flexibility in how they deploy JBoss servers in combination with SecureSpan. It’s not uncommon for developers to run virtual images of both JBoss and SecureSpan on their laptops. The policies they develop in this environment can be transferred to production systems regardless of the target form factor.

Policy migration is made easy using regular import functions built into SecureSpan, or–if the application network is more complex–using our Enterprise Manager product. The later has advanced mapping features for automagically correcting policy attributes like IP address, or switching over to production LDAP systems instead of development. This is something that’s often overlooked (and I can tell you from experience that it’s a very difficult problem to solve well); but it’s an essential part of SOA policy management.

For more information:

Advertisements

Integrating SecureSpan Gateways and Sun’s OpenSSO

François Lascelles, who is Technical Director for Europe here at Layer 7, has just published an excellent article on Sun’s Developer Network site titled Delegating XML Gateway Runtime Authorization to OpenSSO. It goes into detail about how entitlements in Sun’s OpenSSO can be enforced for Web services, XML, and REST transactions using a SecureSpan Gateway and OpenSSO server.

This combination of Policy Decision Point (PDP)–in this case, OpenSSO–and Policy Enforcement Point (PEP)– the Layer 7 SecureSpan Gateway–is a common deployment pattern for us. Most organizations have already made PEP PDPan investment in Identity and Access Management (IAM) infrastructure; however, this is not sufficient on its own for SOA access control. That’s where Layer 7 can help. Deployed in combination with an IAM system like OpenSSO, SecureSpan does the heavy lifting of XML processing and enforcement, but delegates the access control decision process (and often identity token validation) to the existing, familiar IAM infrastructure. It’s a powerful combination, and one that extends existing investment in IAM into the SOA world.

Over the past seven years, we’ve built connectors into virtually all of the IAM systems out there. When we built SecureSpan, we were careful to build an effective framework for authentication and authorization so that it’s easy to build connectors into different systems. This is important, because unfortunately the IAM marketplace evolved rapidly and without a lot of standardization.

Have a look at François’ article. He’s been with the company since it’s beginning, and has as broad a perspective on this area as you will find.