Cloud security is not an insurmountable challenge if you start with the premise that no cloud providers are to be trusted, even internally, and then take the next step to take full responsibility to build out the security infrastructure required to support your business requirements and to comply with regulatory constraints. Let's start by considering the concept of a Policy Enforcement Cloud (PEC) that is elastic in nature and while loosely coupled from the application code is still able to deeply enforce fine-grained authorization decisions at both the edge and inside the containers across the distributed hybrid heterogeneous clouds where the data and business logic exist.
As you can see in the article on Cloud Computing Best Practices http://soa.sys-con.com/node/1103814 ...when the discussion of secure cloud integration comes up the risk seems to exceed the rewards because the conversation often stalls after realizing that a VPN is only one small part of the integration problem. We all need to look deeper into cloud security.
Saturday, September 19, 2009
Thursday, January 15, 2009
MITRE.org Publishes the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors
This post is to acknowledge the good work that the MITRE.org team of contributors have done to publish the 2009 list of common programming weaknesses. If you are not familiar with this list, below is a short summary from the version 1.0 document published on 1-12-2009 that is available at http://cwe.mitre.org/top25/index.html
The Top 25 is organized into three high-level categories: Insecure Interaction Between Components, Risky Resource Management, and Porous Defenses. Kudos to the CWE project coordinators Bob Martin from MITRE, and Mason Brown & Alan Paller from the SANS (SysAdmin, Audit, Network, Security) Institute, as well as the group of contributors.
CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.
Insecure Interaction Between Components
These weaknesses are related to insecure ways in which data is sent and received between separate components, modules, programs, processes, threads, or systems.
CWE-20: Improper Input Validation
CWE-116: Improper Encoding or Escaping of Output
CWE-89: Failure to Preserve SQL Query Structure (aka 'SQL Injection')
CWE-79: Failure to Preserve Web Page Structure (aka 'Cross-site Scripting')
CWE-78: Failure to Preserve OS Command Structure (aka 'OS Command Injection')
CWE-319: Cleartext Transmission of Sensitive Information
CWE-352: Cross-Site Request Forgery (CSRF)
CWE-362: Race Condition
CWE-209: Error Message Information Leak
Risky Resource Management
The weaknesses in this category are related to ways in which software does not properly manage the creation, usage, transfer, or destruction of important system resources.
CWE-119: Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-642: External Control of Critical State Data
CWE-73: External Control of File Name or Path
CWE-426: Untrusted Search Path
CWE-94: Failure to Control Generation of Code (aka 'Code Injection')
CWE-494: Download of Code Without Integrity Check
CWE-404: Improper Resource Shutdown or Release
CWE-665: Improper Initialization
CWE-682: Incorrect Calculation
Porous Defenses
The weaknesses in this category are related to defensive techniques that are often misused, abused, or just plain ignored.
CWE-285: Improper Access Control (Authorization)
CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CWE-259: Hard-Coded Password
CWE-732: Insecure Permission Assignment for Critical Resource
CWE-330: Use of Insufficiently Random Values
CWE-250: Execution with Unnecessary Privileges
CWE-602: Client-Side Enforcement of Server-Side Security
Note: There are a total of 755 weaknesses listed in the full view of the CWE dictionary at http://cwe.mitre.org/data/slices/2000.html
The Top 25 is organized into three high-level categories: Insecure Interaction Between Components, Risky Resource Management, and Porous Defenses. Kudos to the CWE project coordinators Bob Martin from MITRE, and Mason Brown & Alan Paller from the SANS (SysAdmin, Audit, Network, Security) Institute, as well as the group of contributors.
CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.
Insecure Interaction Between Components
These weaknesses are related to insecure ways in which data is sent and received between separate components, modules, programs, processes, threads, or systems.
CWE-20: Improper Input Validation
CWE-116: Improper Encoding or Escaping of Output
CWE-89: Failure to Preserve SQL Query Structure (aka 'SQL Injection')
CWE-79: Failure to Preserve Web Page Structure (aka 'Cross-site Scripting')
CWE-78: Failure to Preserve OS Command Structure (aka 'OS Command Injection')
CWE-319: Cleartext Transmission of Sensitive Information
CWE-352: Cross-Site Request Forgery (CSRF)
CWE-362: Race Condition
CWE-209: Error Message Information Leak
Risky Resource Management
The weaknesses in this category are related to ways in which software does not properly manage the creation, usage, transfer, or destruction of important system resources.
CWE-119: Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-642: External Control of Critical State Data
CWE-73: External Control of File Name or Path
CWE-426: Untrusted Search Path
CWE-94: Failure to Control Generation of Code (aka 'Code Injection')
CWE-494: Download of Code Without Integrity Check
CWE-404: Improper Resource Shutdown or Release
CWE-665: Improper Initialization
CWE-682: Incorrect Calculation
Porous Defenses
The weaknesses in this category are related to defensive techniques that are often misused, abused, or just plain ignored.
CWE-285: Improper Access Control (Authorization)
CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CWE-259: Hard-Coded Password
CWE-732: Insecure Permission Assignment for Critical Resource
CWE-330: Use of Insufficiently Random Values
CWE-250: Execution with Unnecessary Privileges
CWE-602: Client-Side Enforcement of Server-Side Security
Note: There are a total of 755 weaknesses listed in the full view of the CWE dictionary at http://cwe.mitre.org/data/slices/2000.html
Tuesday, January 6, 2009
My Slides from SIFMA & CITY#GRID London, December 2 - 4, 2008
Last month I had the pleasure of participating in panel discussions at SIFMA, and at CITY#GRID. Naturally much of the conversation was on using High Performance Computing technology alongside Smart Order Routers to beef up the algo engines used for MiFID "Best Price Execution" across the EU pools of lit and dark liquidity. This is an important and complicated topic that requires a deep understanding of the market data speeds and network latency issues that must first be solved, otherwise the grid will simply go wasted as per Amdahl's law of parallelization efficiency. Which in short states that your speed up is directly related to how much work can be done in parallel. The issue with best price execution is that the data is changing at microsecond speeds. Having said that, we discussed the trend to integrate compute grids, data grids and messaging systems. Many now refer to these types of HPC systems as cloud computing infrastructures.
To view the slides that I presented during the topic entitled "Another Paradigm Shift: How SOA and Extreme Processing Technologies Can Open Up the Grid to More than Analytics & Risk" visit: http://events.sifma.org/2008/273/event.aspx?id=4566
To view the slides that I presented during the topic entitled "Another Paradigm Shift: How SOA and Extreme Processing Technologies Can Open Up the Grid to More than Analytics & Risk" visit: http://events.sifma.org/2008/273/event.aspx?id=4566
Friday, October 17, 2008
SIFMA European Tech Event - Dec 2 - 3, 2008
This December I'll be in London and hope to see you at SIFMA too. If you've not yet registered to attend, and would like a discounted rate, then simply drop me an e-mail and I'll send you a guest form.
SIFMA 2008 Speakers:
www.sifma.org/technology
On the morning of Wednesday 3 December 2008 at 10.15 - 11.00 AM GMT I'll be moderating a panel session related to the evolution of grid computing from a batch and risk analysis utility of compute resource, to an integral SOA platform that business developers will tap into with business logic surrounding security policies and complex event processing listeners and triggers in order to visualize and automate trading while attempting to visualize and estimate the size of known dark pools of liquidity. During arid market conditions, this business intelligence is a key factor in managing risk to recover, rebuild, and to grow.
Another paradigm shift: How SOA and extreme processing technologies can open up the grid to more than analytics & risk
This session will address how Service oriented architectures (SOA), complex event processing (CEP) and data fabrics are all being used to support a new generation of data and model driven architectures (MDA). Questions that will be answered include:
* How do these technologies integrate to enable IT alignment with the new business realities?
* Do we need to re-engineer our OMS/EMS and ticker plant systems to survive the exponential growth in volumes and complexity of the markets
* Can they facilitate agile e-outsourcing, and if so, how?
Moderator:
Ryan Bagnulo, Founder and Innovation Architect, ASPECT - i, Formerly Wachovia CIB Head of Architecture & Innovation
Panellists:
Dipen Mehta, Chief Architect, Financial Markets, STANDARD CHARTERED BANK
John Froud, Director Information Technology & Head of Technical Architecture, CREDIT SUISSE
Yomi Abatan, Enterprise Architect, DEUTSCHE BANK
SIFMA 2008 Speakers:
www.sifma.org/technology
On the morning of Wednesday 3 December 2008 at 10.15 - 11.00 AM GMT I'll be moderating a panel session related to the evolution of grid computing from a batch and risk analysis utility of compute resource, to an integral SOA platform that business developers will tap into with business logic surrounding security policies and complex event processing listeners and triggers in order to visualize and automate trading while attempting to visualize and estimate the size of known dark pools of liquidity. During arid market conditions, this business intelligence is a key factor in managing risk to recover, rebuild, and to grow.
Another paradigm shift: How SOA and extreme processing technologies can open up the grid to more than analytics & risk
This session will address how Service oriented architectures (SOA), complex event processing (CEP) and data fabrics are all being used to support a new generation of data and model driven architectures (MDA). Questions that will be answered include:
* How do these technologies integrate to enable IT alignment with the new business realities?
* Do we need to re-engineer our OMS/EMS and ticker plant systems to survive the exponential growth in volumes and complexity of the markets
* Can they facilitate agile e-outsourcing, and if so, how?
Moderator:
Ryan Bagnulo, Founder and Innovation Architect, ASPECT - i, Formerly Wachovia CIB Head of Architecture & Innovation
Panellists:
Dipen Mehta, Chief Architect, Financial Markets, STANDARD CHARTERED BANK
John Froud, Director Information Technology & Head of Technical Architecture, CREDIT SUISSE
Yomi Abatan, Enterprise Architect, DEUTSCHE BANK
Monday, October 6, 2008
Invest for longevity with as many quick wins as possible!
Services = Speed.
Especially when they are turnkey.
Storage is top on my list as an IT expense line item that is costing more in power, cooling, and labor costs than the actual cost of the storage. ISCSI prolonged the problem, by introducing an Ethernet ready plug and play disk on the wire solution for those who are drastically in need of more disk now!
But there's a new storage trend emerging as SOA and the concept of a business support IT service evolves and matures. And that trend is Storage, Archival, Recovery, and Data Analysis services.
If you are being pressured to de-dup your SAN, and to consolidate the SRDF/A traffic across fewer and smaller telco pipes for latency and bandwidth expense reasons, then consider migrating the SAN to the WAN, and moving most of the mission critical data that is used by employees during normal working hours to a high speed tier 1 federated data grid that is loosely coupled from the HPC compute grid technology of your choice.
For a proof of concept or a quote, ASPECT-i has partnered with Seagate i365 as a premier service provider. To initiate a proof of concept / quote, simply fill out this form:
Data Recovery Form
And remember in banking, reference data lives for 24 hours, everything else is either history or it's making history right now.
Especially when they are turnkey.
Storage is top on my list as an IT expense line item that is costing more in power, cooling, and labor costs than the actual cost of the storage. ISCSI prolonged the problem, by introducing an Ethernet ready plug and play disk on the wire solution for those who are drastically in need of more disk now!
But there's a new storage trend emerging as SOA and the concept of a business support IT service evolves and matures. And that trend is Storage, Archival, Recovery, and Data Analysis services.
If you are being pressured to de-dup your SAN, and to consolidate the SRDF/A traffic across fewer and smaller telco pipes for latency and bandwidth expense reasons, then consider migrating the SAN to the WAN, and moving most of the mission critical data that is used by employees during normal working hours to a high speed tier 1 federated data grid that is loosely coupled from the HPC compute grid technology of your choice.
For a proof of concept or a quote, ASPECT-i has partnered with Seagate i365 as a premier service provider. To initiate a proof of concept / quote, simply fill out this form:
Data Recovery Form
And remember in banking, reference data lives for 24 hours, everything else is either history or it's making history right now.
Friday, August 8, 2008
Amanda Acquires Then Mandi Merges.
The Merger & Integration (M&I) Deal.
Open Standards Based Integration for Mergers & Acquisitions.
Who is Mandi, and what does she have to do with the price of rice in China?
The price of rice in China is going to change, because every Mandi changes the company that you keep. The interesting thing about Mandi however is not the fact that she is both a Six Sigma black belt and that she practices Jun Fan Jeet Kune Do style open capitalistic free market economics.
What makes Mandi tick is the fact that she started transforming your company the moment that the board of directors seriously entertained the idea to acquire another company -- for whatever sound business reason or irrational hopeful expectation ;/.
It's as if your company is in the 2008 Summer Olympics in Beijing, and your final relay track and field star is Mandi, and she is eagerly waiting to take the baton from Amanda now that the M&A deal is done.
Mandi was selected very carefully by the team as being the best resource for the final lap in the race, and Amanda's team spirit and endurance have gotten the team into the lead so far. Amanda got your company through the regulatory anti-trust SEC processes, and the baton in her hand has rolled up inside it every signed and notarized legal contract and document of understanding related to all financial negotiations.
Amanda now rounds the bend ahead of the competition and she's is reaching to hand the baton to Mandi. And everyone on the team is excited about the last lap in the race. But instead of grabbing the baton and winning, Mandi estimates that it will take over a year to run the final lap...
Because a there aren't supposed to be any hurdles on the track in a relay race, and the height of each hurdle is so high that Lolo Jones would look like she was pole vaulting if she tried to run the final lap after Amanda.
That can't be right... Mandi wouldn't drop the baton now. Who setup the path ahead of Mandi like this? Amanda, why is the merger stalled? Why is the final phase of the merger and acquisition deal to form a single holistic operating company so complicated if all of the paperwork has been finalized and the deal is done?
The issue is that if the technology doesn't integrate, then the business processes don't integrate, which means that the people aren't exchanging information across business lines. Hence from the customer's perspective, the two companies are still operating as independent entities from one another. And they are simply now owned by a single parent company who operates them as business lines.
After all, most companies use a lot more than an e-mail system for collaboration, and in banking there are customer privacy regulations that prevent the communication of a client's portfolio across business lines without direct written authorization from the client.
In short, the M&A deal is only the beginning -- the real deal happens when Mandi is ready to integrate the business systems of both companies using open standards integration technologies in order to avoid future integration challenges with a closed middleware infrastructure that has gone end of life with no option to renew maintenance. So before you decide that all asynchronous messaging is created equally, consider every ASPECT of the innovation that you are building your future company on.
Stay tuned... more detail on the ASPECT-i methodology coming soon at http://aspect-i.com
Glossary:
AMANDA: A Merger AND Acquisition. Abbreviated (M&A).
MANDI: Merger AND Integration. Abbreviated (M&I).
Open Standards Based Integration for Mergers & Acquisitions.
Who is Mandi, and what does she have to do with the price of rice in China?
The price of rice in China is going to change, because every Mandi changes the company that you keep. The interesting thing about Mandi however is not the fact that she is both a Six Sigma black belt and that she practices Jun Fan Jeet Kune Do style open capitalistic free market economics.
What makes Mandi tick is the fact that she started transforming your company the moment that the board of directors seriously entertained the idea to acquire another company -- for whatever sound business reason or irrational hopeful expectation ;/.
It's as if your company is in the 2008 Summer Olympics in Beijing, and your final relay track and field star is Mandi, and she is eagerly waiting to take the baton from Amanda now that the M&A deal is done.
Mandi was selected very carefully by the team as being the best resource for the final lap in the race, and Amanda's team spirit and endurance have gotten the team into the lead so far. Amanda got your company through the regulatory anti-trust SEC processes, and the baton in her hand has rolled up inside it every signed and notarized legal contract and document of understanding related to all financial negotiations.
Amanda now rounds the bend ahead of the competition and she's is reaching to hand the baton to Mandi. And everyone on the team is excited about the last lap in the race. But instead of grabbing the baton and winning, Mandi estimates that it will take over a year to run the final lap...
Because a there aren't supposed to be any hurdles on the track in a relay race, and the height of each hurdle is so high that Lolo Jones would look like she was pole vaulting if she tried to run the final lap after Amanda.
That can't be right... Mandi wouldn't drop the baton now. Who setup the path ahead of Mandi like this? Amanda, why is the merger stalled? Why is the final phase of the merger and acquisition deal to form a single holistic operating company so complicated if all of the paperwork has been finalized and the deal is done?
The issue is that if the technology doesn't integrate, then the business processes don't integrate, which means that the people aren't exchanging information across business lines. Hence from the customer's perspective, the two companies are still operating as independent entities from one another. And they are simply now owned by a single parent company who operates them as business lines.
After all, most companies use a lot more than an e-mail system for collaboration, and in banking there are customer privacy regulations that prevent the communication of a client's portfolio across business lines without direct written authorization from the client.
In short, the M&A deal is only the beginning -- the real deal happens when Mandi is ready to integrate the business systems of both companies using open standards integration technologies in order to avoid future integration challenges with a closed middleware infrastructure that has gone end of life with no option to renew maintenance. So before you decide that all asynchronous messaging is created equally, consider every ASPECT of the innovation that you are building your future company on.
Stay tuned... more detail on the ASPECT-i methodology coming soon at http://aspect-i.com
Glossary:
AMANDA: A Merger AND Acquisition. Abbreviated (M&A).
MANDI: Merger AND Integration. Abbreviated (M&I).
Thursday, November 1, 2007
The Security Policy is the Business Rule.
Entitlement management for fine-grained application security
source link: http://searchsoftwarequality.techtarget.com/originalContent/0,289142,sid92_gci1276131,00.html
Business rules are application security policies, and in the big picture he sees, security lies at the heart of governance for both applications and IT systems.
Bagnulo, who is head of architecture and innovation for Wachovia Corp.'s Corporate Investment Bank Technology (CIBT) area in the CTO Group, has taken some first steps toward that vision with the deployment of an Entitlement Management Solution (EMS) from Securent Inc. for enforcing fine-grained application security.
source link: http://searchsoftwarequality.techtarget.com/originalContent/0,289142,sid92_gci1276131,00.html
| The ability to write a single security policy that goes across heterogeneous platforms saves time and complexity. Ryan Bagnulo Head of architecture and innovation, Wachovia Corp. |
Business rules are application security policies, and in the big picture he sees, security lies at the heart of governance for both applications and IT systems.
Bagnulo, who is head of architecture and innovation for Wachovia Corp.'s Corporate Investment Bank Technology (CIBT) area in the CTO Group, has taken some first steps toward that vision with the deployment of an Entitlement Management Solution (EMS) from Securent Inc. for enforcing fine-grained application security.
"Authentication, who you are, is coarse-grained -- what role or group are you, or what application are you allowed to use. The tricky part is fine-grained -- when you're in the application, what are you allowed to do?" explained Bagnulo.
For example, he said, in a trading application, there maybe be certain traders who are authorized to execute particular types of trades, say oil and gas, but no others. "If he tries another type of trade, it should be denied. That's what I mean when I say fine-grained authorization for the execution of transactions."
To get that kind of fine-grained security, developers have been developing and deploying custom code for individual applications, and as a result, access polices have been managed in silos.
"The problem with that model is it's very costly, and it leads to inconsistency in the application of security policy," said Howard Ting, senior director of product management and marketing at Securent in
Ting added, "It's also time consuming. The way most applications have access control policy enforced today is to write it into the code, so developers are writing thousands of lines of codes. That leads to a lot of potential problems. By externalizing the security policies from the application and managing them centrally, ROI becomes a strong message," he said.
"The issue isn't that we haven't done this in the past," Bagnulo said. "Every application has a fine-grained authorization system in it, but it's custom coded. That's why Securent is attractive. We looked at BEA [AquaLogic Enterprise Security, a fine-grained entitlements solution] and it works great for WebLogic, but we've also got JBoss and a lot of SharePoint servers, WebSphere, Documentum, Oracle database. Securent has plug-ins for all those application environments."
The ability to write a single security policy that goes across heterogeneous platforms saves time and complexity, Bagnulo said.
Ting said that while the function of entitlement management, or access entitlement, is not new, the term itself is. Entitlement management is one of several new categories, including identity audit and regulatory compliance tools, user-centric identity applications, consumer authentication products, role discovery tools, enterprise application controls management, and identity-aware appliances, that have emerged under the identity management umbrella over the past few years, according to the Burton Group report, The Identity Management Market 2007: An Expanding Universe.
Open standards important
Securent's
"I've been following XACML for a while, which is what drew me to Securent," Bagnulo said. "I want open standards so other technologies can plug in. For example, I use DataPower [the XML appliance] from IBM because it natively speaks XACML. I didn't have to do custom development to get my security infrastructure powered by Securent to integrate. And if Securent goes out of business, I can find a replacement that speaks XACML; it's a way of hedging. The point is you have to think about the long term and not lock in."
Bagnulo said his group is just getting started with Securent for its business applications. "If we're building a new application, the application team shouldn't take on the work to build in entitlement management, they'll plug into Securent," he said. An example of a new rich Internet application that Bagnulo's group is building with Adobe Flex and that will utilize the
"As legacy applications change, we'll refresh the security infrastructure," Bagnulo added. "Say with WebLogic, as we upgrade from 8.1 to 9.2, that's where we're inserting Securent. We don't do broad rip and replace."
Using an entitlement management solution takes a lot of work off the plates of application developers, Bagnulo said, and we "have less risk that someone did something that was not a best practice."
Entitlement management throughout the enterprise
Bagnulo's broader vision for entitlement management is that it's just as applicable for technology systems as it is for business systems. For example, he said, an entitlement policy could be that an IT administrator is not allowed to execute a change to a mission-critical system during working hours.
While an organization may have a policy in place, "in data centers today it's mostly an honor system," he said. "The only way to enforce policy is with security; you need something in the middle governing what the user is trying to do. Unapproved changes happen, in reality, because something like this isn't in place."
"Long term, customers want to use [
For now, though, Wachovia's CIBT group is in the process of testing applications utilizing Securent that run on SharePoint and JBoss.
But Bagnulo is excited about the possibilities. "In conversations I've had with Securent, I tell them they're missing an opportunity. I tell them to market that the business rule is security policy. I think you will see a sea change -- that XACML will emerge as an alternative to ILOG and Drools [business rules management systems]." For example, he said, a business rule says a trader can execute only so many transactions per day above a certain value.
"The only way to enforce that is through security policy," he said. "Otherwise it's wishful thinking, and good luck."
Sunday, June 10, 2007
The evolution of distributed computing is cloudy computing.
While VMWare is great at carving up a computer into smaller partitions of a computer, VMWare falls short when you want to create a large virtual computer out of many smaller computers.
We all know and love the concept of reuse when it comes to SOA in the application development space. Now let's consider the power of reuse in the infrastructure layer.
The concept is called Services Oriented Infrastructure (SOI), and Grid Computing is alive and well in the SOI. Whereby many low-cost, low-heat, low-power blades are being pooled together on an as-needed basis to run high performance computing analytics and data aggregation functions to create a large virtual super computer with hundreds of processors and gigabytes of storage as a distributed level 2 cache.
Before you say that you've figured out virtualization because you are using LPAR technology from IBM on an AIX p-series or you've figured out how to get Linux running on an i-series OS/400 system or on a z-series mainframe, you must first answer this question... What am I doing to leverage the huge amounts of underutilized Intel and AMD win/lin resources in the datacenter?
Microsoft is not ignoring grid computing, and they've rebranded the Windows 2003 64bit Compute Cluster Edition (CCE) as simply HPC server. Other ISVs such as Platform Computing have been selling products like LSF and the new Enterprise Grid Orchestrator (EGO, and DataSynapse recently launched GridServer 5.0 with improved performance in a feature called "SpeedLink", as well as Fabric Server to automate the configuration and provisioning of J2EE container based applications. And the open source grid community has evolved since the creation of the Globus toolkit, and the GridGain folks have focused on cloud services integration with providers such as Google AppEngine and Amazon EC2.
We all know and love the concept of reuse when it comes to SOA in the application development space. Now let's consider the power of reuse in the infrastructure layer.
The concept is called Services Oriented Infrastructure (SOI), and Grid Computing is alive and well in the SOI. Whereby many low-cost, low-heat, low-power blades are being pooled together on an as-needed basis to run high performance computing analytics and data aggregation functions to create a large virtual super computer with hundreds of processors and gigabytes of storage as a distributed level 2 cache.
Before you say that you've figured out virtualization because you are using LPAR technology from IBM on an AIX p-series or you've figured out how to get Linux running on an i-series OS/400 system or on a z-series mainframe, you must first answer this question... What am I doing to leverage the huge amounts of underutilized Intel and AMD win/lin resources in the datacenter?
Microsoft is not ignoring grid computing, and they've rebranded the Windows 2003 64bit Compute Cluster Edition (CCE) as simply HPC server. Other ISVs such as Platform Computing have been selling products like LSF and the new Enterprise Grid Orchestrator (EGO, and DataSynapse recently launched GridServer 5.0 with improved performance in a feature called "SpeedLink", as well as Fabric Server to automate the configuration and provisioning of J2EE container based applications. And the open source grid community has evolved since the creation of the Globus toolkit, and the GridGain folks have focused on cloud services integration with providers such as Google AppEngine and Amazon EC2.
June 10, 2007
What is an ESB?
The ESB is the Trust Domain. The Trust Domain is the ESB.
Without trust there is no integration. The ESB is a bridge between systems that were never intended to communicate or integrate.
What is an Enterprise Service Bus (ESB)?
An ESB an application layer firewall. It is a protocol layer transformer. It is a message payload any-to-any and XML schema transformer. It is a passive transaction payload audit logger. The ESB is a layer of abstraction, that must be highly performant and highly available, and most of all the ESB must be heterogeneous in nature. The value that the ESB provides is directly proportionate to the number of systems that it can securely and rapidly integrate without introducing latency to the transaction.
The ESB must be secure and fast.
The ESB must scale horizontally.
The ESB must be a federated ESB, comprised of many ESBs.
We will next explore the concept of ESB support services.
ESB Support Services include:
The ESB is the Trust Domain. The Trust Domain is the ESB.
Without trust there is no integration. The ESB is a bridge between systems that were never intended to communicate or integrate.
What is an Enterprise Service Bus (ESB)?
An ESB an application layer firewall. It is a protocol layer transformer. It is a message payload any-to-any and XML schema transformer. It is a passive transaction payload audit logger. The ESB is a layer of abstraction, that must be highly performant and highly available, and most of all the ESB must be heterogeneous in nature. The value that the ESB provides is directly proportionate to the number of systems that it can securely and rapidly integrate without introducing latency to the transaction.
The ESB must be secure and fast.
The ESB must scale horizontally.
The ESB must be a federated ESB, comprised of many ESBs.
We will next explore the concept of ESB support services.
ESB Support Services include:
- A Business Rules Engine (Fine Grained XACML Security Policy Decision Points, Policy Information Points, Policy Adminstration Points, and Policy Enforcement Points, and a JSR-94 compliant RETE engine to ensure that rules are processed in the correct sequence)
- XA / ACID Transaction Processing to ensure that the business transaction is only reported complete once all of the related system level transactions have completed.
- Web Application Firewall (AAA, SSO)
- Web Services XML Firewall (AAA, Payload Inspection, XML Schema Validation)
- XSLT Acceleration (Text to XML , XML to XML, XML t0 HTML, Any to Any)
- Multi-Protocol Transformation (HTTP - TIBCO - MQ - JMS - ODBC - FTP - SMPT, etc.)
- Exemption Handling / Error Logging
- System and Event Logging
- Business Compliance Transaction Logging
Subscribe to:
Posts (Atom)
