Cyber defense for soa & rest oracle
-
Upload
igsc -
Category
Technology
-
view
493 -
download
3
Transcript of Cyber defense for soa & rest oracle
![Page 1: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/1.jpg)
<Insert Picture Here>
Cyber Defense for SOA & RESTBob Glass, Oracle - Principal Middleware Solution ArchitectAdam Vincent, Layer 7 Technologies - CTO Public Sector
![Page 2: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/2.jpg)
Agenda• OSBA Overview• SOA & REST Security 101• OSBA Use-Cases
• Security• Performance• Customization• Monitoring
• Conclusions
![Page 3: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/3.jpg)
The “Extended” Enterprise
Distributed Applications and Shared Services
Cloud Computing (SaaS, PaaS, IaaS)
Indu
stry
Tre
nds
SOA & REST – Inside the Organization
SOA & REST - Across Enterprise Boundaries
Customization, Security, Performance, Availability, Regulatory
Customization, Security, Performance, Availability, Regulatory
![Page 4: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/4.jpg)
Introducing the Oracle Service Bus Appliance
+
1. Easy Deployment
2. Simple Configuration
3. DMZ-class Security
4. Extreme XML Performance
Best of breed XML Gateway
for XML security and acceleration
Best of breed ESB
for mediation and adaptive connectivity
![Page 5: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/5.jpg)
Easy Deployment & Simple Configuration• With OSB Appliances the Customer can
• Remove the appliance from the shipping carton, install it in the rack, • Connect power and network cable(s), assign an IP address, and turn the appliance on. • At that point it configures itself to run on the network.
Concluding initial XML firewalling policy configurationyour Service Bus Appliance is ready to use
The entire process takes less than an hour versus loading and configuring conventional software.
![Page 6: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/6.jpg)
DMZ-Class Security
• Perimeter Security and Defense in Depth• Threat Protection• Access Control through integration with Oracle IDM Suite• Federated Identity across disparate security realms (SAML)• Support for WS* Security and messaging standards and products• FIPS 140-2 Level 3 with Elliptic Curve/B Suite Support
Intercept problematic messages at the enterprise perimeter before they reach your services
XXX
Oracle Access
Manager
Oracle Entitlements
Server
Perform Identity-based access to services and operations in the DMZ
![Page 7: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/7.jpg)
Performance Challenges
• Threat Protection (Costly for Performance)• Fast XML Processing (XPATH, XSLT, XSD)• Crypto Operations as Required (message/transport)• Large Message Processing
Delegate common or expensive XML-related tasks from your services to your infrastructure
![Page 8: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/8.jpg)
OSBA for Cross Boundary Info Sharing
![Page 9: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/9.jpg)
What’s in the BoxXML Accelerator
Cryptographic Accelerator & Hardware Security Module
144.30% to 16,564.97% ImprovementOver Server Install of OSB
SSL Acceleration &FIPS 140.2 Level 3
Protect & Secure
Integrate & Customize
![Page 10: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/10.jpg)
SOA & REST Overview
• SOA & REST utilize Standards• XML, WS*, SOAP, HTTP(S), Etc.
Traditional SOA & REST
Services all have customways of communicating.
Services all have standardway of communicating.
![Page 11: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/11.jpg)
SOA & REST Security 101
PresentationXML, AJAX, Portal, Etc.
SecuritySSL, WS-Security, Etc.
DiscoveryUDDI, WSDL, Etc.
AccessSOAP, REST Etc.
TransportHTTP, HTTPS, JMS, Etc.
BusinessBusiness Logic, Code, Etc.
Threats
Transport
Parsing
Deployment
Service Code
![Page 12: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/12.jpg)
Transport Threats
Sniffing and Snooping• Message confidentiality concerns
WS-Routing • SOAP messages can contain verbose instructions on their desired
routing. If a single node in this routing path is compromised multiple threats can be realized.
Replay Attacks• Message integrity concerns and potential Denial of Service by taking a
correct message with valid credential and sending it 1000+ times
Denial of Service• Same old threat in regard to network Denial of Service
![Page 13: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/13.jpg)
Parsing Threats
Most products employ the same parsers, therefore if a vulnerability exists in a single product leveraging MS Parser then all others have the same threat.
The XML specification itself does not put any restrictions on the structure itself and rather is open to interpretation by the creator of the parser. Example: Some parsers will stop reading an XML Attribute value once they reach some number of characters and others will continue.
<Name Organization=“I’m a parser attack, …………………….>
![Page 14: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/14.jpg)
Buffer, Heap, or Integer Overflow Threats
Warning: Through a successful buffer overflow a malicious command may be executed on your system.
We see these all the time! Through passing a malicious buffer to a Web Server or Application server the attacker can create an overflow condition where a segmentation fault occurs. • This oversized/malicious buffer can be sent as part of the transport header OR as part of the message. • An expected integer value can be overflowed by exceeding the value allowed causing a segmentation fault.
Once an attacker knows that a overflow is possible they can then use this to potentially execute malicious code on the system. Commonly called a buffer overflow attack.
![Page 15: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/15.jpg)
XML Parser Attack Threats
The following threats can result in a denial of service commonly referred to as XML Denial of Service (XDOS) by consuming 100% of processing power on the system doing the parsing.
Complex or Recursive Payload• Again, the XML specification and structure has no limits! • Automated applications are available which create Fuzzed data for XDOS
attacks.
Oversized Payload• Many parsing technologies load entire documents into memory• Web Services were generally NOT designed around large message sizes.
Other• Unique attacks will be found where underlying parsers have vulnerabilities
![Page 16: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/16.jpg)
Deployment ThreatsWeb Service Automation is Our Friend…..Or Is It?
UDDI, WSDL, SOAP Faults (errors), Descriptions….OH BOY!
UDDI• UDDI contains asset information • Automated War-Dialers (scanners) can search for UDDI’s for services (i.e. Bank
service found here)
WSDL• Contains adequate information to attack service (i.e Here is how the bank
service works)• Automated programs consume WSDL and commence scanning the service (i.e.
Automatically issue scanning/attack messages)
SOAP Faults• SOAP Faults return information about the service (i.e Bank service is running on
IIS version ?? and uses .Net parser)• SOAP Faults returns errors from the backend resources such as the SQL DB,
or Mainframe (i.e Bank service is using Oracle DB version ??)
![Page 17: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/17.jpg)
Service Code ThreatsGood development practices can alleviate this threat.
How many programs or programmers are perfect though?
Parameter Tampering• Parameters are changed
• <file_location>C:/INET/file.txt</file_location> changed to• <file_location>C:/*</file_location>
Code Injection• Code is injected within an XML element
• <SQL>SELECT name FROM DB1 WHERE name = ‘Adam’</SQL> changed to • <SQL>SELECT * From DB1 WHERE name = *</SQL
Virus/Spyware/Malware Injections • XML Attachments (MTOM, DIME, MIME) are used as a delivery mechanism for virus
Session Tampering and Identity Hijacking• Some Web Services keep track of session with a Unique ID. Attackers can use that ID to
become part of the transaction taking place.
![Page 18: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/18.jpg)
SOA & REST Security 101 Conclusion
Attackers See Opportunities!
Web Services offer a entirely new dimension to the traditional security stack. This new layer is a business layer and current
security practices DO NOT offer sufficient protection.
Why:• Totally new technology, with new comes problems• Operates over common web transports, traditional firewalls are
based on the concept of stopping attacks at the network level not at the Message Level (Layer 3-5).
• Automation and Toolkit development (Reuse of these tools)• Standardization of attack vectors, you can attack .NET and Java
business applications using the same messages.• Inherent Descriptions (WSDL, Tool kit web pages, etc.)
![Page 19: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/19.jpg)
OSBA Use-Cases
Usage Themes• Security• Performance• Customization• Monitoring
To Discuss
OSBA Value• Challenges• Solution(s)• OSBA Value• Demonstrate
![Page 20: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/20.jpg)
Security - Challenges• Challenges
• Cyber Threats – Existing firewalls do very little• Net-Centric Security Approaches and Complexities• Identity and Access Control Across boundaries• Audit & Certification Risks
• Significant Time & Money• Government Certifications, Etc.
Did I mention: Cyber Threats – Existing firewalls do very little in
protecting XML applications from cyber attack
![Page 21: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/21.jpg)
Security – Solutions & Value• Solutions
• Leverage XML Firewall(s) for Cyber Defense• Utilize products for SOA/REST Security• Federation of existing Identities across boundaries• Integrate with existing enterprise monitoring and SA toolsets• Certify once and reuse over and over with Policy
• OSBA Value Proposition• Integrated XML Firewall for Cyber Defense• Supportive of WS* and REST Security standards• Integration with IDaM and Capable of Federating identities,
and Attributes• Integrated Enterprise Monitoring for Situational Awareness
![Page 22: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/22.jpg)
Security - Demonstration• Threat Detection• Schema Validation• Identity Federation and Access Control• Access Control• Audit
OSBA Security Console
![Page 23: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/23.jpg)
Performance - Challenges
• Hardware– Latency versus throughput and power consumption requirements
• Message Size– Streaming techniques can help scale better with increasing size
• Functional Requirements and Design Complexity
• Underlying Transport
• Reliability Requirements
![Page 24: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/24.jpg)
Performance is a core OSB value
• High performance and light footprint are key driving factors of the OSB product design.
• OSB is optimized for stateless message processing and routing.
• Performance and scalability requirements are important release criteria for each OSB version.
• OSB is designed to be at the core of an enterprise messaging infrastructure for SOA.
![Page 25: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/25.jpg)
Scalability – Multiple Dimensions
• Vertical
• Horizontal
• Number of Users
• Message Size
• Number of Services
Scalability is like a train!
The goal is to scale without a significant loss to performance.
What about speed?
![Page 26: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/26.jpg)
Horizontal Scalability
• Horizontal Scalability refers to the impact on performance when additional servers are added to the system.
• Request queues are distributed destinations.• Clients subscribe to multiple response queues.
Load GeneratorClient
Load Generator
(Blocking Client)
Local Respons
e Queues
Q1/Q2/Q3
OSB Managed Server
Linux / Xeon 5130
OSB Managed Server
Linux / Xeon 5130
OSB Managed Server
Linux / Xeon 5130
OSB CLUSTER
Distributed Queue
Q
Load Generator
(Blocking Client)
Load Generator
(Blocking Client)
![Page 27: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/27.jpg)
Scalability with Large Number of Services
• Scalability with increasing number of services is an important and often ignored dimension of SOA architectures.
• OSB scales easily to over 2000 services even when monitoring is enabled with a relatively small drop (10-15% or 0.5 ms) in performance from 2 services.
• The drop in performance is negligible going from 500 to 2000 services
Scalability with Large Number of Services HTTP Pass Through
0
1000
2000
3000
4000
5000
6000
7000
1 2 4 8 12 16Number of Clients
Thro
ughp
ut
0.0
0.5
1.0
1.5
2.0
2.5
3.0
3.5
Res
pons
e Ti
me
(ms)
2 Service TPS2000 Service TPS2 Service RT2000 Service RT
![Page 28: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/28.jpg)
Scaling to Higher Message Sizes - Partial Parsing (20 MB SOAP Message)
SOAP Header Based Routing - 20 MB
0.0
0.5
1.0
1.5
2.0
1 2 4
Number of ClientsTh
roug
hput
0
20
40
60
80
100
Res
pons
e Ti
me
(ms)
Full Parse TPSPartial Parse TPSFull Parse CPUPartial Parse CPU
• OSB includes partial parsing capabilities that help scale better with increasing message size.
• Scenarios where partial parsing of the payload is applied:• SOAP Header Based Routing.
Throughput gains: • ~1.5X for a 5KB message• ~3X for a 20M message
• Pass-Through with SOAP Body Selection
• Content Based Routing with Streaming
• Partial parsing is enabled by using StAX to extract the required data.
![Page 29: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/29.jpg)
Scaling to Higher Message Sizes- Streaming (20MB SOAP Message)
• Streaming in OSB significantly increases scalability with message size:
– Without streaming there is an OOM at 8 concurrent users for 20MB message.
– With streaming OSB easily scales to 16 concurrent users
– Using a file based buffer introduces a small overhead
• The combination of partial parsing and streaming enables Content Based Routing to perform as well as a pass through scenario
– Routing field is in the first 5KB of the message
• OSB has been tested to handle transformation and routing of 500 MB payload in the streaming mode.
Streaming File Benchmarks - 20MB SOAP Message
0
0.5
1
1.5
2
2.5
3
3.5
1 2 4 8 16
Number of Clients
Thro
ughp
ut (T
PS)
0
10000
20000
30000
40000
Avg.
Res
pons
e Ti
me
(ms)
PT TPSCBR TPSDTR TPSPT RTCBR RTDTR RT
Large File Transformation Benchmarks 20MB SOAP Message
0
0.1
0.2
0.3
0.4
1 2 4 8 16
Number of Clients
Thro
ughp
ut (T
PS
)
0
10000
20000
30000
40000
50000
60000
Avg
. Res
pons
e Ti
me
(ms)
No Stream TPSStream Mem TPSStream File TPSNo Stream RTStream File RTDTR RT
![Page 30: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/30.jpg)
OSBA Performance Value Proposition
• The numbers speak for themselves• 1K
• Schema Validation – 261.34% Faster• XSLT – 262.86% Faster
• 10K• Schema Validation – 287.92% Faster• XSLT – 187.24% Faster
• 100K• Schema Validation - 16564.97% Faster• XSLT – 144.30% Faster
![Page 31: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/31.jpg)
Performance Demonstration
• Hardware Accelerated • Schema Validation• XSLT
XML Accelerator
OSBA Console(s)
![Page 32: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/32.jpg)
Customization - Challenges• Ability to Adapt To Change
• Service virtualization• Protocol Switching • Routing and Transformation• Error Handling, Policy Enforcement
• Scaling in Multiple Dimensions• 1,000s of services• Millions of Transactions
• Reduce Cost Through Re-use• Connect your services once• Easily configure services for integration• Single view of assets w/ Service Lifecycle
• Manage risk• Embedded service-level management• Failure Isolation and auto-recovery• Application Alerts & SLAs• Auditing and Reporting
Oracle Service Bus
AdaptersServiceRepository
Integration ServicesBusiness Logic
BPMB2BBPMPortal
Business Logic
![Page 33: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/33.jpg)
OSB Service PatternsAdaptive Messaging
• Traditional Web Services• Pre-negotiated Interfaces Contract (WSDL) • Standards in place, supported by many vendors• SOAP over HTTP
• Legacy Services• Non-XML (XML) over File, EJB, FTP, MQ, JMS, Tuxedo
• POX (Plain Old XML)• Structure of Payload to determines action• XML over HTTP
• REST (Representational State Transfer)• Based on Pattern of Service Invocation• Nouns vs. Verbs• URIs over HTTP
![Page 34: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/34.jpg)
ApplicationClient
ServiceClients
Oracle Service Bus Enterprise Services
Service
ApplicationClient
ApplicationClient
ApplicationClient
HTTP/SOAP
JMS
FTP
REST
EJBApplicationClient
WS-RM
TUX
MQ
EJB
JCA
Service
Service
Service
Service
Request / Response
Service Messaging
• Multiple communications paradigms• Request/response• Synchronous and asynchronous• One-to-many, many-to-one• Pub-sub• Mix-and-match (e.g. sync-to-async)
Synch / Asynch
Split / Join
Publish / Subscribe
Adaptive Connectivity In a Nutshell…
• Any to Any Protocol• Any to Any Payload
• XML• non-XML• Binary
• No WSDL Required
![Page 35: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/35.jpg)
More REST…Adaptive Services
• REST service each unique URL is a representation of some object or resource.
• Expose an existing service as REST
• Expose existing REST as a Proxy service
• Dynamic routing to Business services in a REST like fashion.
Benefits• Expose REST services from
existing services quickly and easily
• Better re-use without development effort
![Page 36: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/36.jpg)
REST Example
Get Mileage
SOAPService
XForm Route Reward
Oracle Service Bus
REST URIXML over HTTP
id
http://rewards/miles/1002
![Page 37: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/37.jpg)
RESTful OSBOverview
• RESTful Services Gateway• Messaging type Proxy Service that uses http transport• Data type for request and response can either be XML or Text• Contains logic for routing, but not handling a REST request
• RESTful Services Registry• XML document used to register RESTful services, declaratively• Saved as an XQuery resource
• Request Handler• Messaging type Proxy Service that uses the local transport• Data type for request and response can either be XML or Text• Performs any transformations required on payload
![Page 38: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/38.jpg)
RESTful OSBPattern for Handling Common REST Use Cases
Service Consumer
OSB 10gR3 (or above)
Request
ReplyRESTful Services Gateway (Proxy
Service, HTTP)
Request Handler(Proxy Service, Local)
REST Service
SOAP Service
Message Channel
RESTful Services Registry
Dynamic Routing Action
Request Handler(Proxy Service, Local)
Request Handler(Proxy Service, Local)
Request Handler(Proxy Service, Local)
Service Invoker (Business Service, ?)
…
SOAP Web
Services Stack
REST API
![Page 39: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/39.jpg)
Customization Solutions & Value
• Solutions• Ability to adapt to Changes
• Adaptive Messaging• Support integration with Legacy System• RESTFul Services Gateway
• REST REST• REST SOAP• SOAP REST• SOAP SOAP
• OSBA Value Proposition• OSB Service Patterns• Advanced Protocol Switching and Mediation Patterns• Support for Any-To-Any Protocol and Payload
![Page 40: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/40.jpg)
Customization Demonstration
• OSBA• Protocol Switching• Routing Rules• RESTful Services
OSBA Console(s)
LegacySOAP
REST
![Page 41: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/41.jpg)
Monitoring Challenges
• Cyber Situational Awareness• Standards-based support for Cyber Situational Awareness
• System, Organization, Enterprise, Global (USCyberCommand)
• Enterprise Monitoring for SLA, and Business Drivers• Availability of Health and Availability across boundaries
• Net-Centric Systems ability to react gracefully to systems outside of their control.
![Page 42: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/42.jpg)
42
OSB Service Monitoring• Monitor System Operations
• Alerting and reporting key monitoring points• Gauge system health, slowdown notification• Monitoring is optional per service
• Service metrics• Response times (min, max, avg)• Message, error, failover counts • Action level metrics
• Dashboard• Show fault and performance metrics
aggregated cluster wide or per server• JMX Metrics
• Metrics available via MBean interfaces• Integration with Enterprise Mgr
• Custom Alerts• SLA alerts for conditions requiring attention• Pipeline alerts can flag individual msgs
Warnings
1317 4 40
72
CriticalMinor
Error Responses
• # of Generated Errors• By Service
• Service health• # of Alerts by Severity
• Configurable Aggregation Intervals
New
New
![Page 43: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/43.jpg)
OSB - BAM Integration
• OSB Proxy Service Integration• Custom Reporting Provider• Implemented using JMS • Define Key-Value Pairs
• BAM Enterprise Message Source• Configure JMS• Map To Data Object • Use Keys defined in OSB• Business Data in BAM
![Page 44: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/44.jpg)
Slide 44
![Page 45: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/45.jpg)
Management Pack Plus for SOALeading and only solution for Oracle SOA
Management Pack Plus for SOA
• Covers BPEL, OESB, OSB• Artifact deployment• Configuration Management• System and service modeling • End-to-end dependence
modeling• BPEL functional analysis• In-context performance
monitoring• SLA monitoring• Service monitoring and
diagnostics
![Page 46: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/46.jpg)
Monitoring Solutions & Value
• Solutions• Support standards-based approaches to situational
awareness (SNMP, Web Services, Joint DoD/IC ESM)• Support integration with multiple vendor ESM solutions
• Oracle, AmberPoint (now Oracle), etc.
• OSBA Value Proposition• Integral support for various enterprise monitoring solutions• Turn-key support for SNMP, and Web Services SA tooling• Support for Joint DoD/IC ESM
![Page 47: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/47.jpg)
Monitoring Demonstration
• Integrated Monitoring• Integration with Enterprise Monitoring• Support for health visibility outside of enterprise
OSBA Console(s)
![Page 48: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/48.jpg)
Conclusions
• Decrease time to market and cost of implementation by leveraging a pre-integrated, pre-configured SOA Appliance:
• Initial configuration (network configuration, security lock-downs, etc.)• Security configuration (such as XML firewalling, access control, auditing, etc.)• Adapter configuration for enterprise system integration (ERP, CRM,
databases, messaging systems, etc)
• Thank you for joining us this morning!
• Contact info:• Bob Glass, [email protected], 703-364-2466• Adam Vincent, [email protected], 703-965-1771
![Page 49: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/49.jpg)
Your Oracle Middleware Solutions Team
• Business (Contracts, Licensing, Pricing)• Emily Vickers, [email protected], 703-395-2874
• Product Guidance (Product Capabilities, Architecture)• Bob Glass, [email protected], 703-364-2466• Roy Gingher, [email protected], 443-622-6423• Monica Mosser, [email protected], 443-742-9613
We are your advocate & reachback to Oracle!
![Page 50: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/50.jpg)
Your Layer 7 Federal Team
• Business (Contracts, Licensing, Pricing)• Jim Rice, [email protected], 301-325-1005
• Product Guidance (Product Capabilities, Architecture)• Adam Vincent, [email protected], 703-965-1771• Jason Spies, [email protected], 571-247-6854
![Page 51: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/51.jpg)
WebCenter Sneak PreviewWhat Does It Mean to WebLogic Portal & ALUI Customers
• When: 8:00 am, Tues, March 16th
• Where: Fort Meade Courtyard Marriot • What…
Learn how you can leverage WebCenter’s next generation services (Enterprise 2.0, Social Services, Online Communities, etc.) to enhance information sharing in your environment.
Please e-mail [email protected] if you can attend!
![Page 52: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/52.jpg)
It’s a Wrap!
![Page 53: Cyber defense for soa & rest oracle](https://reader036.fdocuments.net/reader036/viewer/2022081401/5589757ad8b42a896d8b45d1/html5/thumbnails/53.jpg)