Oracle and F5 Reference Architecture for SOA Background Contents Background 1 How to Use this Blueprint 1 Oracle and F5 Solution Blueprint 2 SOA Component Mapping to Product 3 This document details a joint solution blueprint developed by F5 and Oracle. The purpose of this document is to show how F5 and Oracle components work together to deliver a highly reliable and scalable platform for deploying Oracle Service Oriented Applications. This Solution Blueprint shows logical components organised into categories that relate to the Oracle’s Fusion Architecture. Oracle Fusion Architecure Activity Business (OFA) Monitoring Intelligence ✓ Model Driven Business Processing Orchestration ✓ Service and Process Models BPEL Engine Event Enabled Fusion Service Bus ✓ StandardsMulti-protocol routing based Message transformation ✓ Information Services and Event Mediation Centric Fusion Service Registry ✓ Grid Ready Oracle Fusion Architecture is a standardsbased technology blueprint that details the linkage between all of the Oracle products. Oracle Fusion Architecture is based on three emerging trends in Information Technology: n n n Unified Portal Application Integration Services Process Integration Services Data and Metadata Services Oracle Apps Custom Apps ISV Apps Grid Computing Clustering Provisioning Data Management Identity Management Security Configuration Directories Web Cache S ervice Oriented Applications: An application development and deployment strategy that enables effective, predictable business process changes through standards-based integration of applications developed as web services. Enterprise Information Management: The systematic management of the complete life cycle of information of all types. Grid Computing Infrastructure: Predictable, low cost operations of all key infrastructure components that power business applications, such as databases, middleware, and storage. How to Use this Blueprint Solution and Technical Architects can use this document in a number of ways: Document Control Authors:Christopher Clewes (Oracle, EMEA Technology Solutions) David Roberts (F5, Business Development EMEA) n To promote awareness and education. This document contains a product-mapping table that will enable Solution/Technical Architects better understand the relationship between F5 and Oracle components. In this table each component is described and mapped to the appropriate F5 or Oracle product. In some cases there are hyperlinks that will direct the user to further information. n With customers to illustrate the components needed to implement an Oracle Service Oriented Application platform. n A s a building block for other solution blueprints aligned by industry or solution area. Document Reference: F5-Blueprint 01 Document Version: Draft 0.1 Effective Date: 22nd June, 2007 1 Oracle and F5 Reference Architecture for SOA Oracle and F5 Solution Blueprint Development Portal Component Dev (ADF) Rich Client Development Access Desktop Applications B2B Interface Portals Security and Management Mobile UI Web Clients End Point Security Customer Specific Infrastructure Portlet Factories SLA Input Portal Framework Tunnelling Web Application Acceleration Firewall Profiling Multi- B2B Transaction Presentation Channel Mgt Services Business Intelligence Alert Definitions Wireless Access Rate Shaping SSL Offload & HTTP/HTTPS Acceleration compression B2B Protocols WSRP Web 2.0 Framework Content Caching Virualization SSL VPN Identity & Access Management SSO, OID interface Partner Management Report Formats Dashboards Customer Specific Dashboard Configuration Reports Dev & Configuration F5 iRules and iControl Development Business Process Design Business Process Simulator Business Process Publishing Business Process Analysis Infrastructure Activity Monitoring Business Data Monitoring Real-time Monitoring Dedicated Sensors Enterprise Mgr Performance Statistics Integration iControl Events to Dashboard iControl Full Statistics on SNMP Business Process Management Custom Statistics Process Definitions Customer Specific Infrastructure Application Adapters BPEL Engine Technology Pre-defined iControl with Web Adapters Process Flows BPEL Config Mgt Acceleration iRule Business Process Library Integration Services .NET Integration Metadata Message Templates Customer Specific Infrastructure XSLT Service Registration Transformation Transport Protocols Business Applications Secure Service Deployment Transformation Rules Messages JBI & JSR 208 Application Development Env. Business Rules Events Routing Application Adapters Business Event Service Integration Mediation Technology Adapters Application A B2B Adapters Business Rules Message Meta-Data Application B Services High Speed Messaging Data Transfer Publish & Subscribe Service Meta-Data Packet Routing Sensor Event Virualization Publishing Application C Customer Specific Infrastructure Application Health Checking Load Balancing Reporting Legacy Service Composition Application Virtualization Specific Guides Layer 7 Rate Shaping IPv6 Gateway Event based Notification Replication Technology Availability TCP Optimization DoS Address Rejection Messaging Mgt Web Services & Monitoring Security iRules Management Transformation Interface Service Portfolio Mgt Service Provisioning Enterprise Manager Integration Advanced Client Authentication SSL Offload Cookie Encryption Application Security Mgr Full Proxy One Connect Network Level Security Security Information Management Grid Infrastructure Data Centre Support Data Centre Load Balancing ISP Access Control Multiple Data Centre Synchronisation n F5 Product/Feature 2 n Oracle Product/Feature 2 Oracle and F5 Reference Architecture for SOA SOA Component Mapping to Product This table maps each detailed component of the Fusion Architecture Blueprint to either an Oracle product, custom development, or indicates that it needs to be obtained from a third party. The yellow components represent F5 technology, describing where they fit and which products to choose for the solution. These functions work between layers 4-7 of the ISO stack. The F5 BIG-IP® system is an Application Delivery Network (ADN) platform that provides security, performance optimisation, and availability to enterprise applications. F5’s revolutionary TMOS™ architecture is at the heart of all BIG-IP platforms, efficiently isolating clients from the serverside flows to increase application performance and allow custom payload inspection and transformation capabilities with iRules™. F5 BIG-IP Local Traffic Manager (LTM) is a local data centre solution and is aware of everything contained in the traffic going to and coming from the applications, enabling it to guarantee availability and accelerate application performance. BIG-IP LTM functionality can be enhanced through the licensing of additional modules to add value to the base product. F5 BIG-IP Global Traffic Manager (GTM) provides multi-data centre availability with immediate re-routing based on current data centre performance or availability. This capability can provide active/active data centre utilisation or as a disaster recovery solution. F5 BIG-IP Link Controller™ is a solution that manages multiple ISP links, providing a highly available consolidated view of these links to meet business demands. F5 FirePass® SSL VPN appliance provides secure access to corporate applications and data using a standard web browser. FirePass helps increase the productivity of those working from home or on the road while keeping corporate data secure. Please refer to http://www.f5.com/products/ for more in-depth information. 3 3 Oracle and F5 Reference Architecture for SOA Access— Infrastructure Component Narrative F5 Product/ Feature SLA input Through the ISP load balancing capability and logging, SLA information can be obtained to prove-up time statistics. F5 BIG-IP system and Enterprise Manager Tunnelling F5’s layer 3 tunnel enables both split- and full-tunnelling and includes built-in VLAN support. FirePass (also available on the F5 BIG-IP system Q4 2007) Profiling A profile is an object that contains user-configurable settings, with default values, for controlling the behaviour of a particular type of network traffic, such as HTTP connections. Using profiles enhances your control over managing network traffic, and makes traffic management tasks easier and more efficient. A dynamic policy engine—a rules-based engine that authenticates users, authorizes access, and applies client security policies based on the user and device being used for remote access. F5 BIG-IP system and FirePass for policy creation Web Acceleration An advanced web application delivery solution that provides a series of intelligent technologies designed to overcome problems with browsers, web application platforms, and WAN latency issues which impact user performance. F5 BIG-IP LTM or WebAccelerator (stand alone) Oracle Product/ Feature By leveraging F5’s Intelligent Browser Referencing (IBR) features, BIG-IP WebAccelerator can increase interactive user performance up to 10x for web applications, portal, CRM, and collaboration software such as Oracle Portal, Siebel, Hyperion, PeopleSoft, and other custom and home-grown web applications. Virtualisation F5 BIG-IP LTM Virtualisation is performed to reduce the complexity of user session connection to specific servers. It also prevents access to specific servers by hackers as only the BIG-IP LTM is visible. Portal Framework Definition of Portal User interface. Oracle Portal Wireless Access Provides wireless access capability. Oracle Application Server–Wireless Multi-Channel Frameworks that provide integration between applications and various non-Web/HTML-based channels. Oracle Service Delivery Platform • Communication & Mobility Server (HotSIP) Oracle Service Delivery Platform • Oracle Virtual PBX B2B Protocols 4 Multiple B2B protocol support. Oracle B2B B2B Transaction B2B transaction management. Complex protocols such as RosettaNet Management imply a complex dialog which is handled by this component. Oracle B2B WSRP JSR 168 is the Web Services Remote Portal standard for Java Portlet specification to aggregate portlets and access data sources. Oracle Portal Presentation Services Helps structure the data in the target device format. Oracle Portal Web 2.0 Framework Component-based framework for building single web interfaces to access business applications, enterprise content, business intelligence, enterprise search, communication and collaboration services, and web 2.0-centric applications. Oracle Web Center 4 Oracle and F5 Reference Architecture for SOA Access— Development Component Narrative Portal Component development F5 Product/ Feature Oracle Product/ Feature Set of tools to develop portlets, build the UI, and connect to back-end services. Portlet factories Portlet factory for SOA-based portlet development. ADF Rich Client Development Oracle Portal Factory V5.1 User development environment, based on standards, allowing contextual access to data and applications, and providing web 2.0 technologies. Access—Security Component Narrative F5 Product/ Feature End-Point Security F5 FirePass SSL VPN (enforces end-point security model) End-point security verifies that desktop antivirus and firewall software is in place, systems are patched, keyloggers or other dangerous processes are not running, and sensitive data is not left behind in web caches and other vulnerable locations. Oracle Product/ Feature End-point security is an essential function of an SSL VPN. The F5 FirePass SSL VPN appliance enforces an especially robust end-point security model. Access—Security & Management Component Narrative F5 Product/ Feature SSL VPN SSL VPN connections are the preferred and most secure way of connecting users to the application and ultimately the data. It needs to be easy to configure and ensure a robust connection between the user and the application. F5 FirePass SSL VPN SSO, OID interface F5’s universal access approach provides user authentication and resourcelevel authorization prior to the user accessing network resources, web and application servers, and legacy applications without making any modifications to existing applications. Through this process user credentials are verified and passed to the back-end resource. F5 interfaces with the Oracle ID Manager to use the security profiles for user authentication. Authentication offload is a standard feature on F5 BIG-IP LTM (authentication offload); OID interface is an optional module on F5 BIG-IP LTM Identity & Access Management Connection at technology level. Oracle Product/ Feature Oracle Application Server Identity Management or Oracle Access Manager Partner Management 5 5 Oracle and F5 Reference Architecture for SOA Business Intelligence—Activity Monitoring Component Narrative F5 Product/ Feature Oracle Product/ Feature Real Time Event Event monitoring and capture using sensors. Monitoring Oracle Business Activity Monitoring Dedicated Sensors Those sensors plug to various technologies (for example, BPEL, database). Oracle Business Activity Monitoring Business Data Monitoring Business data are compared to KPI, or are processed and results are displayed. Oracle Business Activity Monitoring iControl iControl is an SDK with which a developer can control the F5 managed environment from within an application. iControl events iControl is used to enable data to be passed to the dashboard or any to Dashboard other system or application. F5 BIG-IP LTM F5 BIG-IP LTM Business Intelligence—Development Component Narrative F5 Product/ Feature Oracle Product/ Feature Dashboard Configuration Configure business activity dashboards. Oracle Business Activity Monitoring Reports Dev & Development Report development and configuration tools. Oracle Business Activity Monitoring • Oracle Reports Developer Business Intelligence—Security & Management 6 Component Narrative F5 Product/ Feature Enterprise Manager Plug-in that enables Oracle Enterprise Manager to use the advance monitoring and control capabilities and to optimize enterprise application delivery performance while reducing management costs and complexity. F5 BIG-IP LTM Full Statistics on SNMP BIG-IP Global Traffic Manager (GTM) integrates its MIBs and a SNMP agent with DNS. This enables SNMP management applications (for example, Oracle Enterprise Manager) to read statistical data about the current performance of BIG-IP GTM. SNMP management packages have an exact view of what BIG-IP GTM is doing, while keeping an eye on standard DNS information. F5 BIG-IP LTM Custom Statistics Extensive logging of all aspects of packets managed between the user and the application servers. F5 BIG-IP LTM (captures data for logging) Performance Statistics Extensive logging of all aspects of packets managed between the user and the application servers. F5 BIG-IP LTM Oracle Product/ Feature 6 Oracle and F5 Reference Architecture for SOA Business Process Management—Infrastructure Component Narrative F5 Product/ Feature Oracle Product/ Feature BPEL Engine BPEL-based process orchestration engine. Oracle BPEL Process Manager Technology Adapters Today adapters are directly connected to BPEL. The next step will be to have BPEL using the ESB to connect to other services. Oracle BPEL Process Manager Application Adapters Same as technology adapters. Oracle BPEL Process Manager Pre-defined Process Flows Pre-defined integration processes (PIPs), representing best-practice integration between applications like Siebel and Oracle applications. These flows can be modified and customized. Oracle Application Integration Architecture iControl with BPEL config management iControl is an SDK with which a developer can control the F5 managed environment from within an application. F5 BIG-IP LTM Web Acceleration An advanced web application delivery solution that provides a series of intelligent technologies designed to overcome problems with browser technologies and enhance their performance, web application platforms, and WAN latency issues which impact user performance. Add-on to F5 BIG-IP LTM or standalone By leveraging F5’s Intelligent Browser Referencing (IBR) features, WebAccelerator can often increase interactive user performance up to 10x for web applications, portal, CRM, and collaboration software such as Oracle Portal, Siebel, Hyperion, PeopleSoft, and other custom and home-grown web applications. Business Process Management—Development Component Narrative Business Process Designer Taking the output from BPA Suite and making changes before loading the process definitions into BPEL Manager. F5 Product/ Feature Oracle Product/ Feature Oracle JDeveloper Business Library of defined business processes described in BPEL. Process Library Oracle BPEL Process Manager Business Process Analysis Tool to model the business process and to automatically generate the BPEL code. Oracle Business Process Analysis Suite BP Publishing To provide access to BP as design time through the web or through Windows. Oracle Business Process Publisher BP Simulator To simulate at design time the running of a BP Integrated service development environment. Oracle Business Process Simulator (Oracle Business Process Analysis Suite) 7 7 Oracle and F5 Reference Architecture for SOA Business Process Management—Security & Management Component Narrative F5 Product/ Feature iRules™ F5 BIG-IP LTM iRules™ is a scripting language that enables the enforcement and change of specific types of behaviour around application delivery. F5 has developed an iRules On-Demand service to complement existing resources available to customers and partners using F5’s powerful iRules scripting language. Oracle Product/ Feature Integration Services—Infrastructure Component Narrative F5 Product/ Feature Oracle Product/ Feature Service Registry Standards-based registry/directory of services. Oracle Service Registry (Sysintnet) XSLT Transformation of massage data format. Transformation Oracle Enterprise Service Bus Messaging Oracle Enterprise Service Bus Robust messaging infrastructure. Oracle Advanced Queueing Enterprise Messaging Service Transport Protocols Multi-protocol support. Oracle Enterprise Service Bus Routing Routing rules and implementation. Routing capabilities based on message format, not on content. Oracle Enterprise Service Bus Service Mediation Capability to loosely couple service interactions. Oracle Enterprise Service Bus Business Event Integration Entity that processes events, gathers them, applies rules, and publishes them. Oracle Enterprise Service Bus Business Rules Rules engine for business users to create/update policies. Oracle Business Rules Application adapters Oracle Fusion adapters and others. Oracle Integration Adapters Technology adapters File, FTP, AQ, database, and JMS adapters. Oracle Enterprise Service Bus Message Meta- Library of pre-defined message formats (for example, OAG) and data associated mappings. Presently in iStudio and will be in Oracle Enterprise Service Bus B2B adapters To provide EDI, RosettaNet, and ebXML protocols. Oracle B2B Publish & Subscribe The means for applications to subscribe to events. Oracle Enterprise Service Bus Sensor Event Publishing Common way for all sensor apps to integrate with other applications is by publishing events in the ESB. Oracle Enterprise Service Bus Service Registry Standards-based registry/directory of services. 8 Oracle Service Registry (Sysintnet) 8 Oracle and F5 Reference Architecture for SOA Integration Services—Infrastructure (continued) Component Narrative F5 Product/ Feature Packet routing As each packet of content is inspected, it can be routed to the most suitable server pool for processing. F5 BIG-IP LTM (configurable option) Virtualisation Virtualisation is performed to reduce the complexity of a user session F5 BIG-IP LTM connection to specific servers. It also prevents access to specific servers by hackers as only BIG-IP LTM is visible. Oracle Product/ Feature Integration Services—Development Component Narrative F5 Product/ Feature Oracle Product/ Feature Metadata Message Templates A long list of predefined, standard message formats, such as OAG, which are already stored. Currently in iStudio and will be in Oracle Enterprise Service Bus JBI & JSR 208 Java Business Integration, including WSIF for WSDL bindings. Oracle JDeveloper .NET Integration Ability to connect the Java world and the Microsoft .NET world. Oracle Developer Tools for .NET Oracle DB Extensions for .NET Integration Services—Security & Management Component Narrative Oracle Product/ Feature Web Services Security Provide tools to manage a web service-centric security model controlling and defining access policy. Oracle Identity Manager Messaging Management & Monitoring Managing messaging infrastructure. Oracle Enterprise Service Bus iRules iRules is a scripting language that enables the enforcement and change of transformation specific types of behaviour around application delivery. F5 has developed an iRules On-Demand service to complement existing resources available to customers and partners using F5’s powerful iRules scripting language. iRules are used to transform data within packets to conform to business rules. SSO, OID Interface F5 Product/ Feature This is standard on F5’s BIG-IP LTM. Interconnection to Oracle EM is an optional extra. F5 BIG-IP LTM Standard management support interface is web browser based. Can also feed into Oracle Enterprise Manager 9 9 Oracle and F5 Reference Architecture for SOA Business Applications—Infrastructure Component Narrative F5 Product/ Feature App. health checking Application response is monitored for changes in performance and health. F5 BIG-IP LTM Load balancing Load balancing is part of a larger capability that comes under the heading of global and local traffic management. Load balancing refers to distributing incoming HTTP requests across web servers in a server farm, to avoid overloading any one server. Because load balancing distributes the requests based on the actual load at each server, it is excellent for ensuring availability and defending against denial of service attacks. F5 BIG-IP LTM Virtualisation Virtualisation is performed to reduce the complexity of user session connection to detailed servers. It also prevents access to specific servers by hackers as only BIG-IP LTM is visible (this allows for scaling of the application environment without major reconfiguration). F5 BIG-IP LTM Applicationspecific guides This provides specific support for specific applications such as Siebel and Oracle Application Server. Application deployment guides and tools provide step-by-step instructions for application-specific implementation. F5 Solution Center Event-based notification Specified events that require notification can be set to do so through the use of iRules or iControl to other third-party applications, either as standard or as a bespoke function. F5 BIG-IP LTM Replication technology Enables data to be quickly distributed between data centres in order to ensure that little data is at risk of loss due to system failure. This works with Data Guard. Use F5 WANJet® Reporting There is significant scope for reporting. This can be achieved through bespoke settings or standard mechanisms. Layer 7 Rate Shaping Contention for shared bandwidth often degrades application performance, and organizations have little control in guaranteeing that high priority traffic is passed ahead of non-priority traffic. BIG-IP L7 Rate Shaping Module adds fine-grained bandwidth control to better manage application bandwidth usage and traffic spikes. • Ensures application performance and availability Oracle Product/ Feature Oracle Enterprise Manager plugin available from Oracle that interoperates with BIG-IP LTM F5 BIG-IP LTM with Rate Shaping Module • Reduces device costs • Sophisticated bandwidth control • Granular traffic classification L2 through L7 • Rate limiting (security function that ensures specific types of application traffic stay within authorized boundaries) IPv6 Gateway 10 This enables the environment to support both IPv4 and IPv6 protocols, enabling the company to gradually move from one to the other without the need to worry about application dependencies while doing so. F5 BIG-IP LTM with IPv6 Module 10 Oracle and F5 Reference Architecture for SOA Business Applications—Infrastructure (continued) Component Narrative F5 Product/ Feature DoS, IP Address DoS and DDoS (known as SYN flood) attacks can be prevented using Rejection the SYN Check facility. The BIG-IP SYN CHECK feature works to alleviate SYN floods by sending cookies to the requesting client on the server’s behalf, and by not recording state information for connections that have not completed the initial TCP handshake. This unique feature ensures that servers only process legitimate connections and the BIG-IP SYN queue is not exhausted, enabling normal TCP communications to continue. The SYN CHECK feature complements the BIG-IP Dynamic Reaping feature that handles established connection flooding. SYN CHECK addresses embryonic connection flooding to prevent the SYN queue from becoming exhausted. Working in conjunction with a high-performance SYN cache, SYN CHECK enables you to use SYN cookies without the loss of TCP options. F5 BIG-IP LTM using iRules Availability Availability of data centres, applications, and servers is maintained through the use of BIG-IP LTM. This is a function of all capabilities mentioned in this section. F5 BIG-IP LTM and BIG-IP GTM Acceleration (TCP Optimisation) TCP/IP inefficiencies, coupled the effects of WAN latency and packet loss, all conspire to adversely affect application performance. F5 BIG-IP LTM provides a state-of-the-art TCP/IP stack that delivers dramatic WAN and LAN application performance improvements for real-world networks. F5 BIG-IP LTM Oracle Product/ Feature This highly optimized TCP/IP stack, called TCP Express, combines cuttingedge TCP/IP techniques and improvements in the latest RFCs with numerous improvements and extensions developed by F5 to minimize the effect of congestion and packet loss and recovery. This can deliver up to a 2x performance gain for end users and a 4x improvement in bandwidth efficiency with no change to servers, applications, or the client desktops. Business Applications—Development Component Narrative F5 Product/ Feature Oracle Product/ Feature Legacy Service Composition Integrated Legacy Service Wrappering development. Oracle JDeveloper Secure Service Deployment Tool to ensure secure deployment of services. Oracle Web Services Manager Application Development Environment Tools to develop applications. Oracle Application Express 11 11 Oracle and F5 Reference Architecture for SOA Business Applications—Security and Management Component Narrative F5 Product/ Feature Oracle Product/ Feature Service Portfolio Management This implies classifying, versioning, defining ontology, and so on. Oracle Repository Service Service Provisioning Provide access to services. Oracle Repository Service Oracle Enterprise Manager Integration Plug-in that enables Oracle Enterprise Manager to use the advance monitoring and control capabilities, providing visibility to optimize enterprise application delivery performance while reducing management costs and complexity. F5 BIG-IP LTM (add on) Adv. Client authentication F5’s Advanced Client Authentication software module for use with the BIG-IP LTM provides client authentication of HTTP and other traffic types for a variety of authentication schemes, including LDAP, Radius, TACAS, SSL, and OCSP. The Advanced Client Authentication module with BIG-IP LTM offers the following benefits: F5 BIG‑IP LTM (with Advanced Client Authentication module) • Provides a customizable authentication framework that gives you the ability to choose the authentication scheme that best fits your needs, and enables you to quickly change and deploy new authentication schemes as required. • Reduces your TCO by centralizing application authentication to a single authentication cache, which reduces administrative burden, latency, and minimizes configuration errors. • Increases server and application capacity by offloading authentication processing, including authentication of SSL certificates. • Checks user credentials or SSL certificates using the authentication scheme of your choice before granting network access, stopping unwanted traffic before it reaches your servers and applications. • Load balances authentication servers to continuously protect your network and application infrastructure. • Reduces test and development efforts for web applications because all authentication is done at the BIG-IP device level. SSO is managed through the creation of a pool and virtual server to which the traffic will be applied. It pprovides client authentication of HTTP and other traffic types for a variety of authentication schemes, including LDAP, Radius, TACAS, SSL, and OCSP and Oracle ID Manager. SSL Offload If you are using SSL to protect your HTTP basic authentication traffic, you must configure BIG-IP LTM to perform the server-side SSL handshake that the remote server would normally do when authenticating traffic. This offloads SSL processing from your application servers, making your network more efficient. (How it works: It offloads the certificate exchange and the bulk encryption to hardware providing exceptional performance and reducing the application server load. It then centralizes certificated management which reduces management costs and certificated costs by not requiring certificates on each individual server. If end-to-end SSL is required, traffic can be re-encrypted while maintaining the benefits of centralized management.) This F5 BIG-IP Local Traffic Manager LTM (configurable option) 12 Oracle and F5 Reference Architecture for SOA Business Applications—Security and Management (continued) Component Narrative F5 Product/ Feature Cookie Encryption This powerful feature provides organizations the ability to encrypt and authenticate cookies used in application traffic, which prevents hackers from exploiting cookies to launch application attacks. With cookie encryption and authentication enabled, hackers cannot read cookies to access information like JSessionIDs and user IDs that can be used later to modify a cookie and establish an illegal session. The BIG-IP system provides superior protection for stateful applications used in the enterprise by protecting against attacks like session hijacking and cookie tampering that exploit critical application vulnerabilities by rewriting the content of a cookie. F5 BIG-IP LTM (configurable option) Application Security Manager BIG-IP LTM performs deep packet inspection of the entire application payload to provide powerful application-level security. F5 BIG-IP LTM (with ASM) Full proxy Full proxy available for application servers. F5 BIG-IP LTM OneConnect The OneConnect™ feature enables BIG-IP LTM to maximize HTTP session performance and server resource utilization by aggregating multiple user requests to use persistent, pre-tuned server sessions. By using persistent server sessions, BIG-IP LTM eliminates the wait associated with TCP session negotiation and tuning, which can significantly reduce session performance for small request sizes (like many HTTP requests). F5 BIG-IP LTM Network Level Security Protection against network security attacks. Enforce, fortify, and implement F5 BIG-IP LTM security policies for your networking infrastructure. With features like DoS and SYN attack prevention, packet filtering, and protocol sanitization, organizations can protect themselves against the heaviest of attacks and control the information traversing in and out of their site. Security Security comes in a variety of forms, from virtualisation of applications to prevent drill-down access to application servers, full proxy services, (ASM offers an application firewall that fills the security gap left by web firewalls) and encryption. Oracle Product/ Feature The Application Security Manager is a software add-on that extends the BIG-IP system, turning it into an enterprise-class web application firewall, providing comprehensive, proactive, application-layer protection against both generalized and targeted attacks. Utilizing a positive security model (deny all unless allowed), BIG-IP Application Security Manager (ASM) permits only valid and authorized application transactions, while automatically protecting critical web applications from attacks. BIG-IP ASM protects against application, infrastructure, and network attacks, such as cross-site scripting, SQL injection, cookie/session poisoning, parameter tampering, forceful browsing, application platform exploits, and zero-day attacks. ASM protects against entire classes of HTTP and HTTPS-based threats (both known and unknown) rather than only guarding against a limited list of known attacks. In addition, you can use iRules to examine application traffic (HTTP, HTTPS, web services), filter applicable application traffic through ASM, and block application-level attacks and threats. F5 BIG-IP ASM 13 13 Oracle and F5 Reference Architecture for SOA Data Centre Support—Infrastructure Component Narrative F5 Product/ Feature Data Centre This distributes end user application requests according to business Load Balancing policies, data centre capabilities, and network conditions to ensure the highest possible availability. F5 BIG-IP GTM ISP Access Control BIG-IP Link Controller As organizations increase their use of the Internet to deliver applications, maintaining only one link to the public network exposes a single point of failure and serious network vulnerability. The BIG-IP Link Controller seamlessly monitors availability and performance of multiple WAN ISP connections to intelligently manage bi-directional traffic flows to a site, providing fault tolerant and optimized Internet access. Oracle Product/ Feature Overall—Development Component Narrative F5 Product/ Feature iControl iControl is an SDK with which a developer can control the F5 managed environment from within an application. F5 BIG-IP LTM iRules iRules is a scripting language that enables the enforcement and change of specific types of behaviour around application delivery. F5 has developed an iRules™ On-Demand service to complement existing resources available to customers and partners using F5’s powerful iRules scripting language. F5 BIG-IP LTM F5 Networks, Inc. Corporate Headquarters F5 Networks Asia-Pacific F5 Networks Ltd. Europe/Middle-East/Africa F5 Networks Japan K.K. 401 Elliott Avenue West Seattle, WA 98119 (206) 272-5555 Voice (888) 88BIGIP Toll-free (206) 272-5556 Fax www.f5.com email@example.com +65-6533-6103 Voice +65-6533-6106 Fax firstname.lastname@example.org +44 (0) 1932 582 000 Voice +44 (0) 1932 582 001 Fax email@example.com +81-3-5114-3200 Voice +81-3-5114-3201 Fax firstname.lastname@example.org Oracle Product/ Feature 14 © 2007 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, BIG-IP, WANJet, WebAccelerator are trademarks or registered trademarks of F5 Networks, Inc. in the U.S. and certain other countries.
* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project