Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise Service Bus Advisory Board Mtg #2 To the service bus and beyond... Administrative Technology Services: Enterprise Applications.

Published byChristopher Griffin Modified over 8 years ago

Similar presentations

Presentation on theme: "Enterprise Service Bus Advisory Board Mtg #2 To the service bus and beyond... Administrative Technology Services: Enterprise Applications."— Presentation transcript:

1 Enterprise Service Bus Advisory Board Mtg #2 To the service bus and beyond... Administrative Technology Services: Enterprise Applications

2 ATS ESB Advisory Board Meeting #2, Friday, 2/6/2015 2 Advisory Board Scott Bradner Jon Saperia Jefferson Burson Ventz Petkov Bill Knox Alex Manoogian Presenting Lisa Justiniano Karen Stelle Brian Sullivan Mike Thomas

3 Current Infrastructure Choices Amazon Linux 64-bit ESB software: abandoned Fabric8 for ServiceMix. Version 2.0 of Fabric8 (November 2014) is now a Kubernetes + Docker application. Messaging: Stand-alone ActiveMQ instances. The ServiceMix-embedded ActiveMQ could not handle fail-over correctly. Database: RDS Oracle Ent 11 with TDE (transparent data encryption) option. Single encrypted tablespace. 3

4 Architecture 2 AZs, single region 2 ELBs to support direct JMS AMQ configured for shared database 4

5 Network Simple but provide: DR and fail-over Security: separate subnet for persistence. 2 VPCs, one for TEST one for PROD Each VPC gets a /24 network from UNSG. Break the /24 network into four /26 networks (58 IP addresses): two for application two for DB The elastic load balancers get public IP addresses outside of our subnets. 5

6 Network 6

7 Integrations 7 Proof of Concept Integration web services and web service clients local file system reads and writes SFTP reads and writes message producers and consumers (Active MQ) Pilot Integration HCI / HRCI DB Connections ACLs COA ValidatorNo Future (if servlet is retired) public -> ServiceMix Eureka to Peoplesoft HUID, no names No ServiceMix -> CWDWAAPS2919000.university.harvard.edu ServiceMix -> hrdev1.cadm.harvard.edu: 9108 FRAP feed HCI, PI salaries Yes FRAP CIFS -> ServiceMix ServiceMix -> GMAS DB and JackRabbit Staff Terminations HUID, no names DWHRDEVServiceMix -> crew01.cadm.harvard.edu:8103 ServiceMix -> consumers of this service 7

8 Technical Challenges Connection to Non-Publicly-Routable IPs. 2 choices: VPN (Jefferson Burson discourages VPN use) Direct Connect Encryption: Direct Connect is not secure Must encrypt individual connections (JDBC example) Monitoring of wire to catch misconfigurations? Synchronizing Deployments Hoping to use ZooKeeper Shell-Scripted Deployment 8

9 Technical Challenges (continued) Routing issue with Direct Connect and internet facing load balancers: proxy provides incorrect source IP address request takes one route, response takes another 9

10 Deliverables Review 1 of 3 (items still to do are highlighted in red) Instance build-out: build a high availability stack scripted creation of infrastructure deliver both TEST and PROD stacks Amazon auto-scaling? Four or five integrations developed and in production A code deployment mechanism Operational support in place: ITO and TWS/Maestro, logging, regular backups 10

11 Deliverables Review 2 of 3 Developer documentation. We will have written the following documentation: developer on-boarding documentation library of commented example integrations Wiki section documenting best practices A Security Guide will be available for developers Testing Prove that guaranteed message delivery is working by simulating outages Perform security testing, maybe through Hailstorm or Veracode dynamic scans. load testing? 11

12 Deliverables Review 3 of 3 Determine if all data can be encrypted in flight and at rest without developer explicitly encrypting Research granularity of authorization available for: direct JMS connection to ActiveMQ read / write message queues connection to web services consumption of OSGI services (DB connection pools) access to system properties access to file system Implement the above authorizations as needed for Pilot 12

13 How You Can Help: We've been discussing penetration testing with Ventz. Should we do all of the following? A manual overview of the architecture A vulnerability scan of the network and operating system layer A dynamic application scan of the application layer: How will Harvard Operations fit in? Will we install TWS/Maestro and ITO? Any ideas for securing data other than to secure individual connections? Will any form of monitoring the wire be available? 13

14 Wiki: https://wiki.harvard.edu/confluence/display/ATSESB/Welcome 14

Download ppt "Enterprise Service Bus Advisory Board Mtg #2 To the service bus and beyond... Administrative Technology Services: Enterprise Applications."

Similar presentations

Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication.

Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication.
Take your CMS to the cloud to lighten the load Brett Pollak Campus Web Office UC San Diego.

Take your CMS to the cloud to lighten the load Brett Pollak Campus Web Office UC San Diego.
Administrative Technology Services: Enterprise Applications

Administrative Technology Services: Enterprise Applications
Approaches to EJB Replication. Overview J2EE architecture –EJB, components, services Replication –Clustering, container, application Conclusions –Advantages.

Approaches to EJB Replication. Overview J2EE architecture –EJB, components, services Replication –Clustering, container, application Conclusions –Advantages.
6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.

6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.
INNOV-5: Web Services Management and Monitoring Daniel M. Foody Chief Technology Officer, Sonic.

INNOV-5: Web Services Management and Monitoring Daniel M. Foody Chief Technology Officer, Sonic.
The Architecture of Transaction Processing Systems

The Architecture of Transaction Processing Systems
Mobile Agents for Integrating Cloud-Based Business Processes with On-Premises Systems and Devices Janis Grundspenkis Antons Mislēvičs Department of Systems.

Mobile Agents for Integrating Cloud-Based Business Processes with On-Premises Systems and Devices Janis Grundspenkis Antons Mislēvičs Department of Systems.
Customer Forum OTech’s New Web Publishing Service Web Services Section – April 29, 2015.

Customer Forum OTech’s New Web Publishing Service Web Services Section – April 29, 2015.
© 2006 IBM Corporation SOA on your terms and our expertise Software Overview IBM WebSphere Message Broker Extender for TIBCO RV.

© 2006 IBM Corporation SOA on your terms and our expertise Software Overview IBM WebSphere Message Broker Extender for TIBCO RV.
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.

LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
A Brief Overview by Aditya Dutt March 18 th ’ 2014 1Aditya Inc.

A Brief Overview by Aditya Dutt March 18 th ’ Aditya Inc.
Cloud Computing for the Enterprise November 18th, 2011. This work is licensed under a Creative Commons.

Cloud Computing for the Enterprise November 18th, This work is licensed under a Creative Commons.
FIORANO SERVICE BUS The Cloud Enablement Platform

FIORANO SERVICE BUS The Cloud Enablement Platform
EJB Overview Celsina Bignoli Distributed Business Applications Server DB Client DB Server DB.

EJB Overview Celsina Bignoli Distributed Business Applications Server DB Client DB Server DB.
Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over the Internet. Cloud is the metaphor for.

Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over the Internet. Cloud is the metaphor for.
Oracle Application Server 10g (9.0.4) Recommended Topologies Pavana Jain.

Oracle Application Server 10g (9.0.4) Recommended Topologies Pavana Jain.
DONE-10: Adminserver Survival Tips Brian Bowman Product Manager, Data Management Group.

DONE-10: Adminserver Survival Tips Brian Bowman Product Manager, Data Management Group.
Riding the Enterprise Service Bus Jim Choate University of Pennsylvania Winter 2015 CSG.

Riding the Enterprise Service Bus Jim Choate University of Pennsylvania Winter 2015 CSG.
11 Copyright © 2005, Oracle. All rights reserved. Configuring the Oracle Network Environment.

11 Copyright © 2005, Oracle. All rights reserved. Configuring the Oracle Network Environment.

Similar presentations

Ads by Google