New Release of AmberPoint SOA Management System Seamlessly Provisions Security Policies to BEA WebLogic

NASHVILLE, Tenn.--(BUSINESS WIRE)--AmberPoint today announced that it has extended the agentless policy enforcement capabilities of its SOA Management System to include delegation of security policies. AmberPoint enables administrators to seamlessly provision security to not only AmberPoint components but also security-capable infrastructure such as the BEA WebLogic 9.2 platform, where those policies are natively enforced. In such a setting, no agent or other code is required for endpoint enforcement of security policy.

With SOA implementations it is often necessary to keep the various interacting services on a “need-to-know” basis in order to prevent theft or leakage of sensitive data. This mandates securing the service endpoint, while also maintaining a flexible approach that decouples the definition and management of security policies from enforcement of those policies.

“Endpoint enforcement prevents the types of end-run attacks common in ad hoc environments, where the pressures of production deployment and maintenance can preclude a broker-based approach to security,” said Jorge Mercado, Lead Architect at MedicAlert. “With AmberPoint’s approach to security, it’s easy to manage and there’s just no way to take a shortcut around the security mechanism. If I’m not authenticated, I can’t see the data—end of story. Not only do I get endpoint enforcement, but also the ease of use necessary to successfully secure SOA.”

AmberPoint is the industry’s first and only SOA runtime governance software to decouple the enforcement of SOA runtime governance policies from the execution of those policies. In addition to leveraging its existing agent-based mechanisms, AmberPoint delegates runtime policy execution to the SOA infrastructure whenever policy-capable infrastructure is in place, leveraging as much of the native policy execution capabilities of the runtime infrastructure as possible.

AmberPoint automatically adjusts for the platform-specific requirements and differences when provisioning policies for execution. This allows a set of policies to run consistently across a variety of platforms despite small or, potentially, large differences in their implementations. Using its agentless technology, AmberPoint ensures that the correct set of policies is provisioned and active with results that are compared against the original policy decisions.

As a result, enterprises realize greater returns on their investments in SOA platforms and runtime frameworks, while fully utilizing their SOA infrastructure.

“As processing is increasingly externalized from applications and enforced by supporting cast members, our agentless approach will mean greater agility for enterprises deploying federated SOA ecosystems,” said Gene Thurston, AmberPoint Security Architect at AmberPoint. “Our ability to take an agentless approach complements our existing agent technologies in order to provide the maximum flexibility and coverage for policy management and enforcement in an SOA.”

Policy-level Integration

AmberPoint’s industry leading architecture provides for agentless, policy-level integration with intermediaries of all types – app servers, enterprise service buses, appliances, etc:

• Unified SOA Management: Companies can manage their SOA environments with a single set of consistent governance policies, rather than using individualized policies for each component type (application server, router, enterprise service bus, etc.).
• Delegated Policy Enforcement: AmberPoint can assign and provision policies to the most optimal point for execution.
• Policy Discovery and Visibility: AmberPoint auto-discovers and provides visibility into policies that may already be resident on the intermediary.
• Bidirectional Policy Exchange: AmberPoint allows updates and changes to policies to flow in both directions – from AmberPoint into the intermediary and from the intermediary to AmberPoint. This ensures that these major SOA components are kept in sync.

Benefits

• Streamlined management of distributed, heterogeneous SOA systems
• Greater business agility as a result of creating and maintaining a single set of governance policies
• Faster time to ROI for SOA deployments

Previous versions of AmberPoint offered agentless policy enforcement for such critical capabilities as application traffic control. For example, AmberPoint’s agentless capabilities with the BIG-IP^® Application Delivery Networking solutions from F5 Networks brought new efficiencies to enforcement of policies for load balancing, routing and failover.

“Services-based networks must meet defined business objectives while dealing with real-time conditions,” said Calvin Rowland, Director of Business Development at F5 Networks. “The policy-level integration of AmberPoint and F5 products underscores the power of F5. BIG-IP and its TMOS architecture delivers real value in SOA environments through its ability to quickly process any application or Web service, ensuring quick response times, reliable sessions, easy scalability, and application-level security.”

About AmberPoint

AmberPoint is the industry's leading provider of SOA runtime governance solutions. More than 100 customers, including Best Buy, H&R Block, MedicAlert Foundation, Motorola and the U.S. Department of Defense, have chosen AmberPoint for its comprehensive capabilities, its non-invasive approach and its native support for Java and .NET. For more information, contact AmberPoint at 510.663.6300 or info@amberpoint.com, or visit www.amberpoint.com for a complimentary developer's edition of AmberPoint software.