simple, secure soa for hp nonstop applications
TRANSCRIPT
Simple, Secure SOA for HP NonStop Applications
M A Y 2 0 0 6
Agenda
• What is Service Oriented Architecture
• ACI’s Secure SOA Enabler– ACI Web Access Services– ACI Enterprise Security Services– ACI WorkPoint
What is Service Oriented Architecture?
• An architectural style whose goal is to achieve loose coupling among interacting software agents– The communication can involve either simple data passing
or it could involve two or more services coordinating some activity. Some means of connecting services to each other is needed.
• The technology of Web services is the most likely connection technology of service-oriented architectures. Web services essentially use XML to create a robust connection.
Benefits of SOA
• Application and infrastructure reuse
• Improved business agility / flexibility
• Decrease in development time and cost• SOA more closely aligns business
and IT and in so doing, makes organizations themselves more agile, flexible and thus more competitive
Industry Technologies
• XML
• SOAP
• WSDL
• WS-Security
• WS-Addressing
What is ACI’s Secure SOA Enabler?
• A bundle of ACI products providing NonStop users with the ability to expose their Pathway and BASE24 applications as SOA Web Services• ACI Web Access Services (nee WebGate)
• ACI Enterprise Security Services (nee SafeTGate)
• ACI WorkPoint (nee WorkPoint)
What does Secure SOA Enabler do?
• Creates XML Schemas from application message DDLs
• Creates Industry Standard SOAP WSDL• “Self-Describing” message services
• Secures Web Services• Allows services to be used as building blocks for
more complex transactions• Orchestration of Web Services
• Supports BASE24, Pathway applications and homegrown
You areHere
Using ACI Web Access Servicesto Create a Web Service
ACI Web Services Tool Kit
• PC based utility application which generates industry standard WSDL from NonStop application message DDLs
• Also creates proprietary ACI server-side files– SOAP Configuration files
– Data Service Repository (DSR) files
WAS Pathway and XPNET SOA Services
• A Guardian NonStop process with interfaces to – WAS HTTP Server (synchronous services)– WebSphere MQ (asynchronous services)
• Industry standard SOAP header processing– WS-Addressing– WS-Security
• XML message transformation – Pathsend message structures– ISO 8583 message structures
ACI WASACI WAS
HTTP Server
ACI Web Services Tool KitFTP to PC
ACI WASSOAPCONF
ACI WASDSR
WSDL
WSDL
BA
SE
24P
ath
way
S
erve
r
RQ/SV COBOLPathsend DDL
DDLGISOHISO/RBSI
SC
OB
OL
req
ues
ter
BA
SE
24
Pathway XPNET
Step 1- Convert Message structures to XML
ACI WASSOA Services
ACI WASACI WAS
HTTP ServerACI WAS
SOA Services
ACI Web Services Tool KitFTP to PC
ACI WASSOAPCONF
ACI WASDSR
BA
SE
24P
ath
way
S
erve
r
RQ/SV COBOLPathsend DDL
DDLGISOHISO/RBSI
BA
SE
24
Pathway XPNET
Step 2- Distribute the generated files
WSDL
WSDL
WSDL
WSDL
Step 3- Build a client using Industry IDEs
WSDL
WSDL
ACI WASACI WAS
HTTP ServerACI WAS
SOA Services
BA
SE
24P
ath
way
S
erve
r
BA
SE
24
Pathway XPNET
HTTP(SOAP(XML))
TCP/IP
ACI WASSOAPCONF
ACI WASDSR
Step 3- Build a client using Industry IDEs
WSDL is supported by numerous IDE vendors
ACI WASACI WAS
HTTP ServerACI WAS
SOAP
ACI WASSOAPCONF
ACI WASDSR
ACI Web Services Tool Kit
Using Enterprise Security Servicesto Secure a Web Service
1. No Security
Methods of Securing Web Services
2. SSL only, with no user details
3. HTTP Basic Authentication without SSL
4. HTTP Basic Authentication over SSL
5. SOAP WS-Security Username profile without SSL
6. SOAP WS-Security Username profile over SSL
• Application Firewall– SSL– HTTP Basic Authentication– WS-Security
ACI Enterprise Security Services
43
ACI ESSApplication
Firewall
Credentials Database
HTTPSACI WASHTTP/S
1
SOAP Request (Web Service +
Operation) + Username and
Password
7
Result of Web service returned to User
ACI WASSOA Services
Web serviceProtected,
User authenticated/
authorized?
2
6
Pathwayor
BASE245
Enterprise Security Services – Application Firewall
Using ACI WorkPointto Orchestrate Web Services
ACI WorkPoint
• ACI WorkPoint is a comprehensive Business Process Management solution which enables design, execution, monitoring, and management of enterprise business processes and Web services
• Now available on NonStop!
Orchestration with ACI WorkPoint
Pathway
BASE24
IDF
PR
DF
PT
DF
ACI WorkPointBusiness Process Management
ACI Enterprise Security ServicesAuthentication, Authorization, Auditing
ACI Web Access ServicesSOA Pathway Services
Add/Update terminals (PTDF)
Validate Retailer ID (PRDF)
Validate FIID (IDF)
Logon
IDF: Institution
PRDF:
Retaile
rPTDF:
Terminal
LogonIDF: Institution
PRDF: Retailer
PTDF:Terminal
Questions?
or….
Come by the ACI stand for a demo
