Service Manager provides a powerful policy enforcement environment to enforce defined in . Service Manager provides a comprehensive set of high-performance, enterprise-class intermediaries that deploy either standalone or in the service container for first-mile, network, and last-mile policy implementation and enforcement.
One of Service Manager’s unique features is its client-side delegate. The delegate deploys into consumer applications to fully abstract the developer or deployment platform from the complexities of policy implementation. It allows developers to focus on the business logic of their application leaving infrastructure and policy concerns to the underlying governance infrastructure where it belongs.
Service Manager Network Director is a high-performance service virtualization engine. Service Virtualization is the creation and hosting of a new service, exposed through an SOA Intermediary. This service has its own WSDL, interfaces, endpoints and policies, but rather than executing its own business logic, it invokes another service (the virtualized service). In many ways a virtual service is a proxy for a physical service, but with a wide range of routing, mediation, security, and other governance capabilities added.
Network Director and Policy Manager offer a simple virtualization capability allowing users to rapidly create and host virtual services without having to write code, or create process descriptions. The virtual service enforces its own policies and declaratively mediates between inbound messages, and the requirements of the virtualized physical service.
For more information on Service Virtualization, click here.
Trust and Management Mediation ensures interoperability across disparate partners and platforms, trust enablement and trust mediation complementing threat prevention systems. It provides provide last-mile security, metric collection and reporting, SLA monitoring and management, to ensure that services are governed, managed, and secured, and policy implementation and mediation to allow consumers to communicate with a wide range of mission critical business services exposed from any platform.
Network Director mediates between a wide range of standards, message styles (SOAP, POX, etc), MEPs (REST, SOAP, MOM, etc), transports (http, https, JMS), reliability models (WS-RM, WS-RX, MOM, etc), security tokens (SAML, Kerberos, X.509, session cookies, etc). Mediation is enabled declaratively through Network Director based on impedances between inbound messages and the requirements, capabilities, and policies of the destination service.
The distributed nature of service-oriented applications makes it difficult to identify and diagnose problems. For example, an unacceptable delay when a customer clicks a button on a commerce site might be caused by a connection timeout in an unrelated database that provides a logging function to a Web service that is indirectly invoked by another application called by the portal.
Application support and operations teams must be alerted to these issues and must be able to identify their root cause, debug, and fix them in near real-time. These teams are often measured against Mean-Time-To-Repair, so seeing problems before they occur, and quickly finding the cause is a critical goal.
SOA Software provides an industry leading Operational Governance solution for monitoring, transaction tracking, SLA management, Quality of Service, Event management, and root case analysis.
- Monitoring – Last mile, first-mile and network monitoring of messages to collect real-time performance, usage, fault and message data for any service deployed on any platform. SOA Software’s Service Manager monitors services from the perspective of the consumer to ensure that consumer specific SLA’s and usage criteria are not polluted by traffic from other consumers.
- Transaction tracking – Using standards like WS-Addressing, Service Manager can track the path of a transaction across multiple messages between different consumers, services, applications, and platforms. This allows customers to identify root cause for individual transactions as well as to build a map of a whole application and all the consumers and services it is made up of.
- Service Level Agreement Management – Service Manager provides comprehensive SLA capabilities with the ability to manage and monitor SLAs for consumer contracts. This unique ability ensures accurate monitoring of services from the perspective of their different consumers – one application might make more complex and larger requests that take an average of 200ms to process, where the average response time for the whole service is only 50ms. In this case, it is essential that the application is monitored from the perspective of the consumer, in order to provide an accurate assessment of service level.
- Dynamic Management – Service Manager implements a comprehensive dynamic management model that can automatically adjust the infrastructure to address exceptions and service-level issues. Using the monitoring and SLA management capabilities described above, Service Manager can identify potential problems and can reroute traffic, throttle low-priority requests, or even deploy new service instances to ensure continuous operation of service-oriented applications.
SOA Software’s Service Manager provides a platform-independent, policy-driven SOA security solution to ensure that all service providers enforce uniform, appropriate policies, that are implemented by all service consumers across all distributed and mainframe platforms throughout the enterprise. It provides fully featured agents to ensure last-mile security, a standalone intermediary for network-based policy enforcement and virtualization, and a client-side delegate for first-mile policy implementation.
- Authentication – Service Manager provides comprehensive message, consumer and end user authentication with support for all common token types including Basic Auth, SAML, X.509, Kerberos, XML-Signature, and HTTPS. It provides a security token server for Identity Federation and token exchange, offering a SAML authority as part of this capability.
- Authorization – Service Manager offers powerful service authorization capabilities support XACML as well as native integrations with most common enterprise security policy management solutions.
- Privacy – Service Manager has full support for XML-Encryption in both raw XML and WS-Security forms supporting both encryption and decryption to ensure the privacy of messages.
- Non-repudiation – Service Manager offers full support for raw XML and WS-Security compliance XML-Signature and signature verification to ensure message authenticity and non-repudiation.
- PKI – Policy Manager provides comprehensive public and private key pair management, CRL checking, and certificate management.
SOA Software’s products implement all of the latest standards including comprehensive support for WS-Security, XML-Signature, XML-Encryption, SAML, XACML, and many others. For a list of supported standards please click here.
Service Manager integrates seamlessly with most common enterprise security solutions to maximize investment in existing systems and ensure consistent application of existing enterprise security policies. It supports:
- Identity and Access Management Systems – Service Manager integrates with most common IDM solutions to federate their authentication and authorization policies and processes throughout an SOA.
- Enterprise Directories – Service Manager integrates with common enterprise directories including Microsoft Active Directory and other LDAPv3 compliant solutions. It acts as a security token and policy server, delegating authentication decisions to the directories and using existing group memberships to drive role-based authorization decisions.
- Security Appliances – Service Manager can provide policies for services security by common appliances (such as IBM DataPower) and monitor service usage and performance for these services.
- PKI – Service Manager provides its own built-in PKI solution with a fully featured Certificate Authority. It also integrates with existing PKI solutions providing key distribution and verification.