Oracle and F5 Reference Architecture for SOA

Oracle and F5 Reference Architecture for SOA
Oracle and F5 Reference
Architecture for SOA
Background
Contents
Background
1
How to Use this Blueprint
1
Oracle and F5 Solution Blueprint
2
SOA Component Mapping to Product
3
This document details a joint solution
blueprint developed by F5 and Oracle.
The purpose of this document is to show
how F5 and Oracle components work
together to deliver a highly reliable and
scalable platform for deploying Oracle
Service Oriented Applications.
This Solution Blueprint shows logical
components organised into categories that
relate to the Oracle’s Fusion Architecture.
Oracle Fusion
Architecure
Activity
Business
(OFA)
Monitoring
Intelligence
✓ Model Driven
Business Processing Orchestration
✓ Service and
Process Models
BPEL Engine
Event Enabled
Fusion Service Bus
✓ StandardsMulti-protocol routing
based
Message transformation
✓ Information
Services and Event Mediation
Centric
Fusion Service Registry
✓ Grid Ready
Oracle Fusion Architecture is a standardsbased technology blueprint that details
the linkage between all of the Oracle
products. Oracle Fusion Architecture
is based on three emerging trends in
Information Technology:
n
n
n
Unified Portal
Application Integration Services
Process Integration Services
Data and Metadata Services
Oracle
Apps
Custom
Apps
ISV
Apps
Grid Computing
Clustering
Provisioning
Data Management
Identity Management
Security
Configuration
Directories
Web Cache
S
ervice Oriented Applications: An application development and deployment strategy that
enables effective, predictable business process changes through standards-based integration of
applications developed as web services.
Enterprise Information Management: The systematic management of the complete life cycle
of information of all types.
Grid Computing Infrastructure: Predictable, low cost operations of all key infrastructure
components that power business applications, such as databases, middleware, and storage.
How to Use this Blueprint
Solution and Technical Architects can use this document in a number of ways:
Document Control
Authors:Christopher Clewes
(Oracle, EMEA Technology Solutions)
David Roberts
(F5, Business Development EMEA)
n
To promote awareness and education. This document contains a product-mapping table that
will enable Solution/Technical Architects better understand the relationship between F5 and
Oracle components. In this table each component is described and mapped to the appropriate
F5 or Oracle product. In some cases there are hyperlinks that will direct the user to further
information.
n
With customers to illustrate the components needed to implement an Oracle Service Oriented
Application platform.
n
A s a building block for other solution blueprints aligned by industry or solution area.
Document
Reference: F5-Blueprint 01
Document
Version:
Draft 0.1
Effective
Date:
22nd June, 2007
1
Oracle and F5 Reference Architecture for SOA
Oracle and F5 Solution Blueprint
Development
Portal
Component
Dev (ADF)
Rich Client
Development
Access
Desktop
Applications
B2B
Interface
Portals
Security and
Management
Mobile UI
Web
Clients
End Point
Security
Customer Specific
Infrastructure
Portlet
Factories
SLA Input
Portal
Framework
Tunnelling
Web
Application
Acceleration
Firewall
Profiling
Multi- B2B Transaction Presentation
Channel
Mgt
Services
Business
Intelligence
Alert
Definitions
Wireless
Access
Rate
Shaping
SSL Offload & HTTP/HTTPS
Acceleration compression
B2B
Protocols
WSRP
Web 2.0
Framework
Content
Caching
Virualization
SSL VPN
Identity & Access
Management
SSO, OID
interface
Partner
Management
Report
Formats
Dashboards
Customer Specific
Dashboard
Configuration
Reports Dev
& Configuration
F5 iRules and iControl Development
Business
Process Design
Business Process
Simulator
Business Process
Publishing
Business
Process Analysis
Infrastructure
Activity
Monitoring
Business Data
Monitoring
Real-time
Monitoring
Dedicated
Sensors
Enterprise Mgr Performance
Statistics
Integration
iControl Events
to Dashboard
iControl
Full Statistics
on SNMP
Business Process
Management
Custom
Statistics
Process
Definitions
Customer Specific
Infrastructure
Application
Adapters
BPEL Engine
Technology Pre-defined
iControl with
Web
Adapters Process Flows BPEL Config Mgt Acceleration
iRule
Business
Process Library
Integration
Services
.NET
Integration
Metadata
Message
Templates
Customer Specific
Infrastructure
XSLT
Service
Registration Transformation
Transport
Protocols
Business
Applications
Secure Service
Deployment
Transformation
Rules
Messages
JBI & JSR 208
Application
Development
Env.
Business
Rules
Events
Routing
Application
Adapters
Business Event
Service
Integration
Mediation
Technology
Adapters
Application
A
B2B
Adapters
Business
Rules
Message
Meta-Data
Application
B
Services
High Speed
Messaging Data
Transfer
Publish &
Subscribe
Service
Meta-Data
Packet
Routing
Sensor Event Virualization
Publishing
Application
C
Customer Specific
Infrastructure
Application
Health Checking
Load
Balancing
Reporting
Legacy Service
Composition
Application
Virtualization Specific
Guides
Layer 7
Rate Shaping
IPv6
Gateway
Event based
Notification
Replication
Technology
Availability
TCP
Optimization
DoS Address
Rejection
Messaging Mgt Web Services
& Monitoring
Security
iRules
Management
Transformation
Interface
Service
Portfolio Mgt
Service
Provisioning
Enterprise
Manager
Integration
Advanced Client
Authentication
SSL Offload
Cookie
Encryption
Application
Security Mgr
Full Proxy
One Connect
Network Level
Security
Security
Information Management
Grid Infrastructure
Data Centre Support
Data Centre
Load Balancing
ISP Access
Control
Multiple Data Centre
Synchronisation
n F5 Product/Feature
2
n Oracle Product/Feature
2
Oracle and F5 Reference Architecture for SOA
SOA Component Mapping to Product
This table maps each detailed component of the Fusion Architecture Blueprint to either an Oracle
product, custom development, or indicates that it needs to be obtained from a third party.
The yellow components represent F5 technology, describing where they fit and which products
to choose for the solution. These functions work between layers 4-7 of the ISO stack.
The F5 BIG-IP® system is an Application Delivery Network (ADN) platform that provides security,
performance optimisation, and availability to enterprise applications. F5’s revolutionary TMOS™
architecture is at the heart of all BIG-IP platforms, efficiently isolating clients from the serverside flows to increase application performance and allow custom payload inspection and
transformation capabilities with iRules™.
F5 BIG-IP Local Traffic Manager (LTM) is a local data centre solution and is aware of everything
contained in the traffic going to and coming from the applications, enabling it to guarantee
availability and accelerate application performance. BIG-IP LTM functionality can be enhanced
through the licensing of additional modules to add value to the base product.
F5 BIG-IP Global Traffic Manager (GTM) provides multi-data centre availability with immediate
re-routing based on current data centre performance or availability. This capability can provide
active/active data centre utilisation or as a disaster recovery solution.
F5 BIG-IP Link Controller™ is a solution that manages multiple ISP links, providing a highly
available consolidated view of these links to meet business demands.
F5 FirePass® SSL VPN appliance provides secure access to corporate applications and data using a
standard web browser. FirePass helps increase the productivity of those working from home or
on the road while keeping corporate data secure.
Please refer to http://www.f5.com/products/ for more in-depth information.
3
3
Oracle and F5 Reference Architecture for SOA
Access­— Infrastructure
Component Narrative
F5 Product/
Feature
SLA input
Through the ISP load balancing capability and logging, SLA information
can be obtained to prove-up time statistics.
F5 BIG-IP system
and Enterprise
Manager
Tunnelling
F5’s layer 3 tunnel enables both split- and full-tunnelling and includes
built-in VLAN support.
FirePass (also available
on the F5 BIG-IP
system Q4 2007)
Profiling
A profile is an object that contains user-configurable settings, with default
values, for controlling the behaviour of a particular type of network traffic,
such as HTTP connections. Using profiles enhances your control over
managing network traffic, and makes traffic management tasks easier
and more efficient. A dynamic policy engine—a rules-based engine that
authenticates users, authorizes access, and applies client security policies
based on the user and device being used for remote access.
F5 BIG-IP system
and FirePass for
policy creation
Web
Acceleration
An advanced web application delivery solution that provides a series of
intelligent technologies designed to overcome problems with browsers,
web application platforms, and WAN latency issues which impact user
performance.
F5 BIG-IP LTM or
WebAccelerator
(stand alone)
Oracle Product/
Feature
By leveraging F5’s Intelligent Browser Referencing (IBR) features, BIG-IP
WebAccelerator can increase interactive user performance up to 10x for
web applications, portal, CRM, and collaboration software such as Oracle
Portal, Siebel, Hyperion, PeopleSoft, and other custom and home-grown
web applications.
Virtualisation
F5 BIG-IP LTM
Virtualisation is performed to reduce the complexity of user session
connection to specific servers. It also prevents access to specific servers by
hackers as only the BIG-IP LTM is visible.
Portal
Framework
Definition of Portal User interface.
Oracle Portal
Wireless Access
Provides wireless access capability.
Oracle Application
Server–Wireless
Multi-Channel
Frameworks that provide integration between applications and various
non-Web/HTML-based channels.
Oracle Service
Delivery Platform
• Communication
& Mobility Server
(HotSIP)
Oracle Service
Delivery Platform
• Oracle Virtual PBX
B2B Protocols
4
Multiple B2B protocol support.
Oracle B2B
B2B Transaction B2B transaction management. Complex protocols such as RosettaNet
Management imply a complex dialog which is handled by this component.
Oracle B2B
WSRP
JSR 168 is the Web Services Remote Portal standard for Java Portlet
specification to aggregate portlets and access data sources.
Oracle Portal
Presentation
Services
Helps structure the data in the target device format.
Oracle Portal
Web 2.0
Framework
Component-based framework for building single web interfaces to
access business applications, enterprise content, business intelligence,
enterprise search, communication and collaboration services, and
web 2.0-centric applications.
Oracle Web Center
4
Oracle and F5 Reference Architecture for SOA
Access­— Development
Component Narrative
Portal
Component
development
F5 Product/
Feature
Oracle Product/
Feature
Set of tools to develop portlets, build the UI, and connect to back-end
services.
Portlet factories Portlet factory for SOA-based portlet development.
ADF
Rich Client
Development
Oracle Portal Factory
V5.1
User development environment, based on standards, allowing contextual
access to data and applications, and providing web 2.0 technologies.
Access­—Security
Component Narrative
F5 Product/
Feature
End-Point
Security
F5 FirePass SSL VPN
(enforces end-point
security model)
End-point security verifies that desktop antivirus and firewall software is
in place, systems are patched, keyloggers or other dangerous processes
are not running, and sensitive data is not left behind in web caches and
other vulnerable locations.
Oracle Product/
Feature
End-point security is an essential function of an SSL VPN. The F5 FirePass
SSL VPN appliance enforces an especially robust end-point security model.
Access­—Security & Management
Component Narrative
F5 Product/
Feature
SSL VPN
SSL VPN connections are the preferred and most secure way of
connecting users to the application and ultimately the data. It needs to
be easy to configure and ensure a robust connection between the user
and the application.
F5 FirePass SSL VPN
SSO, OID
interface
F5’s universal access approach provides user authentication and resourcelevel authorization prior to the user accessing network resources,
web and application servers, and legacy applications without making
any modifications to existing applications. Through this process user
credentials are verified and passed to the back-end resource. F5
interfaces with the Oracle ID Manager to use the security profiles for user
authentication.
Authentication
offload is a standard
feature on F5 BIG-IP
LTM (authentication
offload); OID
interface is an
optional module on
F5 BIG-IP LTM
Identity
& Access
Management
Connection at technology level.
Oracle Product/
Feature
Oracle Application
Server Identity
Management or
Oracle Access
Manager
Partner
Management
5
5
Oracle and F5 Reference Architecture for SOA
Business Intelligence—Activity Monitoring
Component Narrative
F5 Product/
Feature
Oracle Product/
Feature
Real Time Event Event monitoring and capture using sensors.
Monitoring
Oracle Business
Activity Monitoring
Dedicated
Sensors
Those sensors plug to various technologies (for example, BPEL, database).
Oracle Business
Activity Monitoring
Business Data
Monitoring
Business data are compared to KPI, or are processed and results are
displayed.
Oracle Business
Activity Monitoring
iControl
iControl is an SDK with which a developer can control the F5 managed
environment from within an application.
iControl events iControl is used to enable data to be passed to the dashboard or any
to Dashboard other system or application.
F5 BIG-IP LTM
F5 BIG-IP LTM
Business Intelligence—Development
Component Narrative
F5 Product/
Feature
Oracle Product/
Feature
Dashboard
Configuration
Configure business activity dashboards.
Oracle Business
Activity Monitoring
Reports Dev &
Development
Report development and configuration tools.
Oracle Business
Activity Monitoring
• Oracle Reports
Developer
Business Intelligence—Security & Management
6
Component Narrative
F5 Product/
Feature
Enterprise
Manager
Plug-in that enables Oracle Enterprise Manager to use the advance
monitoring and control capabilities and to optimize enterprise application
delivery performance while reducing management costs and complexity.
F5 BIG-IP LTM
Full Statistics
on SNMP
BIG-IP Global Traffic Manager (GTM) integrates its MIBs and a SNMP agent
with DNS. This enables SNMP management applications (for example, Oracle
Enterprise Manager) to read statistical data about the current performance
of BIG-IP GTM. SNMP management packages have an exact view of what
BIG-IP GTM is doing, while keeping an eye on standard DNS information.
F5 BIG-IP LTM
Custom
Statistics
Extensive logging of all aspects of packets managed between the user
and the application servers.
F5 BIG-IP LTM
(captures data for
logging)
Performance
Statistics
Extensive logging of all aspects of packets managed between the user
and the application servers.
F5 BIG-IP LTM
Oracle Product/
Feature
6
Oracle and F5 Reference Architecture for SOA
Business Process Management—Infrastructure
Component Narrative
F5 Product/
Feature
Oracle Product/
Feature
BPEL Engine
BPEL-based process orchestration engine.
Oracle BPEL Process
Manager
Technology
Adapters
Today adapters are directly connected to BPEL. The next step will be to
have BPEL using the ESB to connect to other services.
Oracle BPEL Process
Manager
Application
Adapters
Same as technology adapters.
Oracle BPEL Process
Manager
Pre-defined
Process Flows
Pre-defined integration processes (PIPs), representing best-practice
integration between applications like Siebel and Oracle applications.
These flows can be modified and customized.
Oracle Application
Integration
Architecture
iControl with
BPEL config
management
iControl is an SDK with which a developer can control the F5 managed
environment from within an application.
F5 BIG-IP LTM
Web
Acceleration
An advanced web application delivery solution that provides a series of
intelligent technologies designed to overcome problems with browser
technologies and enhance their performance, web application platforms,
and WAN latency issues which impact user performance.
Add-on to F5 BIG-IP
LTM or standalone
By leveraging F5’s Intelligent Browser Referencing (IBR) features,
WebAccelerator can often increase interactive user performance up to
10x for web applications, portal, CRM, and collaboration software such
as Oracle Portal, Siebel, Hyperion, PeopleSoft, and other custom and
home-grown web applications.
Business Process Management—Development
Component Narrative
Business
Process
Designer
Taking the output from BPA Suite and making changes before loading the
process definitions into BPEL Manager.
F5 Product/
Feature
Oracle Product/
Feature
Oracle JDeveloper
Business
Library of defined business processes described in BPEL.
Process Library
Oracle BPEL Process
Manager
Business
Process
Analysis
Tool to model the business process and to automatically generate the
BPEL code.
Oracle Business
Process Analysis
Suite
BP Publishing
To provide access to BP as design time through the web or through
Windows.
Oracle Business
Process Publisher
BP Simulator
To simulate at design time the running of a BP Integrated service
development environment.
Oracle Business
Process Simulator
(Oracle Business
Process Analysis
Suite)
7
7
Oracle and F5 Reference Architecture for SOA
Business Process Management—Security & Management
Component Narrative
F5 Product/
Feature
iRules™
F5 BIG-IP LTM
iRules™ is a scripting language that enables the enforcement and
change of specific types of behaviour around application delivery. F5
has developed an iRules On-Demand service to complement existing
resources available to customers and partners using F5’s powerful iRules
scripting language.
Oracle Product/
Feature
Integration Services—Infrastructure
Component Narrative
F5 Product/
Feature
Oracle Product/
Feature
Service Registry Standards-based registry/directory of services.
Oracle Service
Registry (Sysintnet)
XSLT
Transformation of massage data format.
Transformation
Oracle Enterprise
Service Bus
Messaging
Oracle Enterprise
Service Bus
Robust messaging infrastructure.
Oracle Advanced
Queueing
Enterprise
Messaging Service
Transport
Protocols
Multi-protocol support.
Oracle Enterprise
Service Bus
Routing
Routing rules and implementation. Routing capabilities based on message
format, not on content.
Oracle Enterprise
Service Bus
Service
Mediation
Capability to loosely couple service interactions.
Oracle Enterprise
Service Bus
Business Event
Integration
Entity that processes events, gathers them, applies rules, and publishes
them.
Oracle Enterprise
Service Bus
Business Rules
Rules engine for business users to create/update policies.
Oracle Business
Rules
Application
adapters
Oracle Fusion adapters and others.
Oracle Integration
Adapters
Technology
adapters
File, FTP, AQ, database, and JMS adapters.
Oracle Enterprise
Service Bus
Message Meta- Library of pre-defined message formats (for example, OAG) and
data
associated mappings.
Presently in iStudio
and will be in Oracle
Enterprise Service Bus
B2B adapters
To provide EDI, RosettaNet, and ebXML protocols.
Oracle B2B
Publish &
Subscribe
The means for applications to subscribe to events.
Oracle Enterprise
Service Bus
Sensor Event
Publishing
Common way for all sensor apps to integrate with other applications is by
publishing events in the ESB.
Oracle Enterprise
Service Bus
Service Registry Standards-based registry/directory of services.
8
Oracle Service
Registry (Sysintnet)
8
Oracle and F5 Reference Architecture for SOA
Integration Services—Infrastructure
(continued)
Component Narrative
F5 Product/
Feature
Packet routing
As each packet of content is inspected, it can be routed to the most
suitable server pool for processing.
F5 BIG-IP LTM
(configurable option)
Virtualisation
Virtualisation is performed to reduce the complexity of a user session
F5 BIG-IP LTM
connection to specific servers. It also prevents access to specific servers by
hackers as only BIG-IP LTM is visible.
Oracle Product/
Feature
Integration Services—Development
Component Narrative
F5 Product/
Feature
Oracle Product/
Feature
Metadata
Message
Templates
A long list of predefined, standard message formats, such as OAG, which
are already stored.
Currently in iStudio
and will be in Oracle
Enterprise Service
Bus
JBI & JSR 208
Java Business Integration, including WSIF for WSDL bindings.
Oracle JDeveloper
.NET
Integration
Ability to connect the Java world and the Microsoft .NET world.
Oracle Developer
Tools for .NET
Oracle DB
Extensions for .NET
Integration Services—Security & Management
Component Narrative
Oracle Product/
Feature
Web Services
Security
Provide tools to manage a web service-centric security model controlling
and defining access policy.
Oracle Identity
Manager
Messaging
Management
& Monitoring
Managing messaging infrastructure.
Oracle Enterprise
Service Bus
iRules
iRules is a scripting language that enables the enforcement and change of
transformation specific types of behaviour around application delivery. F5 has developed
an iRules On-Demand service to complement existing resources available to
customers and partners using F5’s powerful iRules scripting language. iRules
are used to transform data within packets to conform to business rules.
SSO, OID
Interface
F5 Product/
Feature
This is standard on F5’s BIG-IP LTM. Interconnection to Oracle EM is an
optional extra.
F5 BIG-IP LTM
Standard
management
support interface is
web browser based.
Can also feed into
Oracle Enterprise
Manager
9
9
Oracle and F5 Reference Architecture for SOA
Business Applications—Infrastructure
Component Narrative
F5 Product/
Feature
App. health
checking
Application response is monitored for changes in performance and health.
F5 BIG-IP LTM
Load balancing Load balancing is part of a larger capability that comes under the
heading of global and local traffic management. Load balancing refers to
distributing incoming HTTP requests across web servers in a server farm,
to avoid overloading any one server. Because load balancing distributes
the requests based on the actual load at each server, it is excellent for
ensuring availability and defending against denial of service attacks.
F5 BIG-IP LTM
Virtualisation
Virtualisation is performed to reduce the complexity of user session
connection to detailed servers. It also prevents access to specific servers
by hackers as only BIG-IP LTM is visible (this allows for scaling of the
application environment without major reconfiguration).
F5 BIG-IP LTM
Applicationspecific guides
This provides specific support for specific applications such as Siebel
and Oracle Application Server. Application deployment guides and tools
provide step-by-step instructions for application-specific implementation.
F5 Solution Center
Event-based
notification
Specified events that require notification can be set to do so through
the use of iRules or iControl to other third-party applications, either as
standard or as a bespoke function.
F5 BIG-IP LTM
Replication
technology
Enables data to be quickly distributed between data centres in order to
ensure that little data is at risk of loss due to system failure. This works
with Data Guard.
Use F5 WANJet®
Reporting
There is significant scope for reporting. This can be achieved through
bespoke settings or standard mechanisms.
Layer 7 Rate
Shaping
Contention for shared bandwidth often degrades application
performance, and organizations have little control in guaranteeing that
high priority traffic is passed ahead of non-priority traffic. BIG-IP L7 Rate
Shaping Module adds fine-grained bandwidth control to better manage
application bandwidth usage and traffic spikes.
• Ensures application performance and availability
Oracle Product/
Feature
Oracle Enterprise
Manager plugin available from
Oracle that
interoperates with
BIG-IP LTM
F5 BIG-IP LTM
with Rate Shaping
Module
• Reduces device costs
• Sophisticated bandwidth control
• Granular traffic classification L2 through L7
• Rate limiting (security function that ensures specific types of application
traffic stay within authorized boundaries)
IPv6 Gateway
10
This enables the environment to support both IPv4 and IPv6 protocols,
enabling the company to gradually move from one to the other without
the need to worry about application dependencies while doing so.
F5 BIG-IP LTM with
IPv6 Module
10
Oracle and F5 Reference Architecture for SOA
Business Applications—Infrastructure
(continued)
Component Narrative
F5 Product/
Feature
DoS, IP Address DoS and DDoS (known as SYN flood) attacks can be prevented using
Rejection
the SYN Check facility. The BIG-IP SYN CHECK feature works to alleviate
SYN floods by sending cookies to the requesting client on the server’s
behalf, and by not recording state information for connections that have
not completed the initial TCP handshake. This unique feature ensures that
servers only process legitimate connections and the BIG-IP SYN queue is
not exhausted, enabling normal TCP communications to continue. The SYN
CHECK feature complements the BIG-IP Dynamic Reaping feature that
handles established connection flooding. SYN CHECK addresses embryonic
connection flooding to prevent the SYN queue from becoming exhausted.
Working in conjunction with a high-performance SYN cache, SYN CHECK
enables you to use SYN cookies without the loss of TCP options.
F5 BIG-IP LTM
using iRules
Availability
Availability of data centres, applications, and servers is maintained
through the use of BIG-IP LTM. This is a function of all capabilities
mentioned in this section.
F5 BIG-IP LTM
and BIG-IP GTM
Acceleration
(TCP
Optimisation)
TCP/IP inefficiencies, coupled the effects of WAN latency and packet loss,
all conspire to adversely affect application performance. F5 BIG-IP LTM
provides a state-of-the-art TCP/IP stack that delivers dramatic WAN and
LAN application performance improvements for real-world networks.
F5 BIG-IP LTM
Oracle Product/
Feature
This highly optimized TCP/IP stack, called TCP Express, combines cuttingedge TCP/IP techniques and improvements in the latest RFCs with
numerous improvements and extensions developed by F5 to minimize the
effect of congestion and packet loss and recovery. This can deliver up to
a 2x performance gain for end users and a 4x improvement in bandwidth
efficiency with no change to servers, applications, or the client desktops.
Business Applications—Development
Component Narrative
F5 Product/
Feature
Oracle Product/
Feature
Legacy Service
Composition
Integrated Legacy Service Wrappering development.
Oracle JDeveloper
Secure Service
Deployment
Tool to ensure secure deployment of services.
Oracle Web Services
Manager
Application
Development
Environment
Tools to develop applications.
Oracle Application
Express
11
11
Oracle and F5 Reference Architecture for SOA
Business Applications—Security and Management
Component Narrative
F5 Product/
Feature
Oracle Product/
Feature
Service
Portfolio
Management
This implies classifying, versioning, defining ontology, and so on.
Oracle Repository
Service
Service
Provisioning
Provide access to services.
Oracle Repository
Service
Oracle
Enterprise
Manager
Integration
Plug-in that enables Oracle Enterprise Manager to use the advance
monitoring and control capabilities, providing visibility to optimize
enterprise application delivery performance while reducing management
costs and complexity.
F5 BIG-IP LTM
(add on)
Adv. Client
authentication
F5’s Advanced Client Authentication software module for use with the
BIG-IP LTM provides client authentication of HTTP and other traffic types
for a variety of authentication schemes, including LDAP, Radius, TACAS,
SSL, and OCSP. The Advanced Client Authentication module with BIG-IP
LTM offers the following benefits:
F5 BIG‑IP LTM (with
Advanced Client
Authentication
module)
• Provides a customizable authentication framework that gives you the
ability to choose the authentication scheme that best fits your needs, and
enables you to quickly change and deploy new authentication schemes as
required.
• Reduces your TCO by centralizing application authentication to a single
authentication cache, which reduces administrative burden, latency, and
minimizes configuration errors.
• Increases server and application capacity by offloading authentication
processing, including authentication of SSL certificates.
• Checks user credentials or SSL certificates using the authentication
scheme of your choice before granting network access, stopping
unwanted traffic before it reaches your servers and applications.
• Load balances authentication servers to continuously protect your
network and application infrastructure.
• Reduces test and development efforts for web applications because all
authentication is done at the BIG-IP device level.
SSO is managed through the creation of a pool and virtual server to which
the traffic will be applied. It pprovides client authentication of HTTP and
other traffic types for a variety of authentication schemes, including LDAP,
Radius, TACAS, SSL, and OCSP and Oracle ID Manager.
SSL Offload
If you are using SSL to protect your HTTP basic authentication traffic,
you must configure BIG-IP LTM to perform the server-side SSL handshake
that the remote server would normally do when authenticating traffic.
This offloads SSL processing from your application servers, making
your network more efficient. (How it works: It offloads the certificate
exchange and the bulk encryption to hardware providing exceptional
performance and reducing the application server load. It then centralizes
certificated management which reduces management costs and
certificated costs by not requiring certificates on each individual server.
If end-to-end SSL is required, traffic can be re-encrypted while
maintaining the benefits of centralized management.)
This F5 BIG-IP Local
Traffic Manager LTM
(configurable option)
12
Oracle and F5 Reference Architecture for SOA
Business Applications—Security and Management
(continued)
Component Narrative
F5 Product/
Feature
Cookie
Encryption
This powerful feature provides organizations the ability to encrypt and
authenticate cookies used in application traffic, which prevents hackers
from exploiting cookies to launch application attacks. With cookie
encryption and authentication enabled, hackers cannot read cookies
to access information like JSessionIDs and user IDs that can be used
later to modify a cookie and establish an illegal session. The BIG-IP
system provides superior protection for stateful applications used in the
enterprise by protecting against attacks like session hijacking and cookie
tampering that exploit critical application vulnerabilities by rewriting the
content of a cookie.
F5 BIG-IP LTM
(configurable option)
Application
Security
Manager
BIG-IP LTM performs deep packet inspection of the entire application
payload to provide powerful application-level security.
F5 BIG-IP LTM
(with ASM)
Full proxy
Full proxy available for application servers.
F5 BIG-IP LTM
OneConnect
The OneConnect™ feature enables BIG-IP LTM to maximize HTTP session
performance and server resource utilization by aggregating multiple user
requests to use persistent, pre-tuned server sessions. By using persistent
server sessions, BIG-IP LTM eliminates the wait associated with TCP
session negotiation and tuning, which can significantly reduce session
performance for small request sizes (like many HTTP requests).
F5 BIG-IP LTM
Network Level
Security
Protection against network security attacks. Enforce, fortify, and implement F5 BIG-IP LTM
security policies for your networking infrastructure. With features like DoS
and SYN attack prevention, packet filtering, and protocol sanitization,
organizations can protect themselves against the heaviest of attacks and
control the information traversing in and out of their site.
Security
Security comes in a variety of forms, from virtualisation of applications
to prevent drill-down access to application servers, full proxy services,
(ASM offers an application firewall that fills the security gap left by web
firewalls) and encryption.
Oracle Product/
Feature
The Application Security Manager is a software add-on that extends
the BIG-IP system, turning it into an enterprise-class web application
firewall, providing comprehensive, proactive, application-layer protection
against both generalized and targeted attacks. Utilizing a positive security
model (deny all unless allowed), BIG-IP Application Security Manager
(ASM) permits only valid and authorized application transactions, while
automatically protecting critical web applications from attacks. BIG-IP ASM
protects against application, infrastructure, and network attacks, such as
cross-site scripting, SQL injection, cookie/session poisoning, parameter
tampering, forceful browsing, application platform exploits, and zero-day
attacks. ASM protects against entire classes of HTTP and HTTPS-based
threats (both known and unknown) rather than only guarding against a
limited list of known attacks. In addition, you can use iRules to examine
application traffic (HTTP, HTTPS, web services), filter applicable application
traffic through ASM, and block application-level attacks and threats.
F5 BIG-IP ASM
13
13
Oracle and F5 Reference Architecture for SOA
Data Centre Support—Infrastructure
Component Narrative
F5 Product/
Feature
Data Centre
This distributes end user application requests according to business
Load Balancing policies, data centre capabilities, and network conditions to ensure the
highest possible availability.
F5 BIG-IP GTM
ISP Access
Control
BIG-IP Link
Controller
As organizations increase their use of the Internet to deliver applications,
maintaining only one link to the public network exposes a single point
of failure and serious network vulnerability. The BIG-IP Link Controller
seamlessly monitors availability and performance of multiple WAN ISP
connections to intelligently manage bi-directional traffic flows to a site,
providing fault tolerant and optimized Internet access.
Oracle Product/
Feature
Overall—Development
Component Narrative
F5 Product/
Feature
iControl
iControl is an SDK with which a developer can control the F5 managed
environment from within an application.
F5 BIG-IP LTM
iRules
iRules is a scripting language that enables the enforcement and change of
specific types of behaviour around application delivery. F5 has developed
an iRules™ On-Demand service to complement existing resources available
to customers and partners using F5’s powerful iRules scripting language.
F5 BIG-IP LTM
F5 Networks, Inc.
Corporate Headquarters
F5 Networks
Asia-Pacific
F5 Networks Ltd.
Europe/Middle-East/Africa
F5 Networks
Japan K.K.
401 Elliott Avenue West
Seattle, WA 98119
(206) 272-5555 Voice
(888) 88BIGIP Toll-free
(206) 272-5556 Fax
www.f5.com
info@f5.com
+65-6533-6103 Voice
+65-6533-6106 Fax
info.asia@f5.com
+44 (0) 1932 582 000 Voice
+44 (0) 1932 582 001 Fax
emeainfo@f5.com
+81-3-5114-3200 Voice
+81-3-5114-3201 Fax
info@f5networks.co.jp
Oracle Product/
Feature
14
© 2007 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, BIG-IP, WANJet, WebAccelerator are trademarks or registered trademarks of F5 Networks, Inc. in the U.S. and certain other countries.
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising