Datapower and SOA Security

Datapower and SOA Security - Overview

The first and foremost feature of an IBM DataPower is as a security device. However, most organizations turn their Datapower over to their security team and ignore it afterwards. The security team(s) generally use it as a perimeter security device – as a firewall and filter for exposing SOA services out to the Internet (or via VPN connections, as who can trust a vendor’s network anymore). It works in this capacity very well but is far more capable than just this narrow role.

With SOA breaking down the outer perimeter of our internal applications, security must now be layered and extended to EVERY exposed service or interface. There’s two general approaches to providing this: The agent based model, where an agent is installed upon every server / application / application container and controls access to each service. The other is an agentless model, where each web service is routed through a control point – in this case the Datapower, and the control point provides the agent management capabilities. The Datapower makes an excellent agentless control point due to it’s extensive security capabilities and it’s speed. Further, many SOA governance and service management applications have integrated with the Datapower as their control-agent.

As an enterprise IT shop realizes the real exposure that has occurred as they’ve moved to a full integration pattern, providing full web service security becomes imperative. On a side note, this problem is not limited to web services. It exists as well for stored procedures as well as MQ (or TIBCO) messaging. Generally the concern for those has been lower (because stored procedures have database level security by default and messaging protocols are difficulty to of use and obscure enough to avoid notice by the average attacker). The Datapower can provide security for them as well.

Therefore wrapping the Datapower in as a full internal web service control point is strongly recommended. Other alternatives (such as Amberpoint) are very viable solutions as well.

More on what Datapower security features make sense in an average IT shop in a future article.

(Why am I going into the Datapower? Because I’ve had the opportunity to do a project with one and had an incredibly hard time finding any valuable architecture information on it. Basic features are clear, how to fit it into your enterprise integration model – not so much.)

Integration Spaghetti™

I’ve been using the term Integration Spaghetti™ for the past 9 years or so to describe what happens as systems connectivity increases and increases to the point of … unmanageability, indeterminate impact, or just generally a big mess. A standard line of mine is “moving from spaghetti code to spaghetti connections is not an improvement”. (A standard “point to point connection mess” slide, by enterprise architect Jerry Foster from 2001.) In the past few days I’ve been meeting with a series of IT managers at a large customer and have come up with a revised definition for Integration Spaghetti™ : Integration Spaghetti™ is when the connectivity to/from an application is so complex that everyone is afraid of touching it. An application with such spaghetti becomes nearly impossible to replace. Estimates of change impact to the application are frequently wrong by orders of magnitude. Interruption in the integration functioning are always a major disast...

Solving Integration Chaos - Past Approaches

A U.S. Fortune 50's systems interconnect map for 1 division, "core systems only". Integration patterns began changing 15 years ago. Several early attempts were made to solve the increasing problem of the widening need for integration… Enterprise Java Beans (J2EE / EJB's) attempted to make independent callable codelets. Coupling was too tight, the technology too platform specific. Remote Method Invocation (Java / RMI) attempted to make anything independently callable, but again was too platform specific and a very tightly coupled protocol. Similarly on the Microsoft side, DCOM & COM+ attempted to make anything independently and remotely callable. However, as with RMI the approach was extremely platform and vendor specific, and very tightly coupled. MQ created a reliable independent messaging paradigm, but the cost and complexity of operation made it prohibitive for most projects and all but the largest of Enterprise IT shops which could devote a focused technology...

From Spaghetti Code to Spaghetti Connections

Twenty five years ago my boss handed me the primary billing program and described a series of new features needed. The program was about 4 years old and had been worked on by 5 different programmers. It had an original design model, but between all the modifications, bug fixes, patches and quick new features thrown in, the original design pattern was impossible to discern. Any pattern was impossible to discern. It had become, to quote what’s titled the most common architecture pattern of today, ‘a big ball of mud’. After studying the program for several days, I informed my boss the program was untouchable. The effort to make anything more than a minor adjustment carried such a risk, as the impact could only be guessed at, that it was easier and less risky to rewrite it from scratch. If they had considered the future impact, they never would have let a key program degenerate that way. They would have invested the extra effort to maintain it’s design, document it property, and consider ...

Making the Cloud, Microservices, and Enterprise IT work!

Search This Blog