Upload
layer7tech
View
215
Download
0
Embed Size (px)
Citation preview
8/2/2019 Fortune 250 Insurer - SOA Mediation & Governance
1/2
As one of the world's leading employee benefits providers, thousands of businesses
count on this Fortune 250 insurance company. The insurer helps businesses build
robust benefits packages, provide absence management services and stay informedabout emerging trends in employee benefits.
The insurer provides disability, long term care, life and voluntary insurance products
backed by a >10,000 strong employee workface that is committed to meeting the
needs of their customers. A separate division also provides for voluntary worksite
benefits.
In 2007, the insurer began an IT journey to a Service Oriented Architecture (SOA)
based on the Microsoft .NET platform. But without a formal SOA Governance
infrastructure in place, they soon began to experience a number of challenges.
The ChallengeWhen making the move to SOA, the insurer wanted to ensure they retained the same level of security and privacy
for their customers data as they had implemented with their traditional architecture. For this reason, they
implemented their existing proprietary Secure Token Service (STS), which leveraged attributes stored in an SQL
Server database, as the central point of authorization.
While this STS was more than adequate for a traditional architecture, the overhead of per-request SAML security
caused slowdowns due to the high level of CPU usage for message decryption. Switching from NetTCPBinding to
WSFederationHttpBinding and utilizing WS-SecureConversation solved the slowdown problem, but introduced a
new issue with dropped sessions as a result of poor sticky load balancing. As a workaround, the insurer added
code to both the client and server applications that would generate an HTTP cookie. Now, if the load balancer
redirected a client to a new server, it could use the cookie to rebuild the session context and avoid renegotiating
WS-SecureConversation.
At this juncture, the insurer discovered that their clients and services were no longer loosely coupled, making it far
too easy to introduce breaking changes: any change in a service API would break compatibility with the client. In an
environment that featured 10,000 desktops loaded with tens of client applications interacting with multiple
backend services, tight coupling was a recipe for disaster. Even with extensive planning, there was still an
extremely high risk of something going wrong. And any change introduced to a service would require time
consuming, labor intensive and costly updating of the client-side software, effectively bringing server side rollouts
to a standstill.
What the insurer required was something that could act as a mediator in their environment in order to mitigate
the risk of API changes, negotiate the security regime, and translate the content.
Layer 7 Provides Mediation
The Layer 7 XML Gateway is a SOA mediation device that sits between clients and backend services, providing a
number of key, runtime SOA governance capabilities. For example, the Layer 7 Gateway mediates security regimes,
consuming the insurers inbound NTLM and producing WSHTTPFederationBinding for backend communication.
The Gateway also mediates transport regimes, converting inbound HTTP to outbound MQSeries message oriented
middleware. Finally, Layer 7 is able to mediate between API versions, transparently translating incoming queries
By the Numbers
Fortune 250 Insurer
>20M protected worldwide
>150K customers in the US & UK
Provides >30% of the Fortune
500 with benefits
Top 10 in group/individual
disability & long term care
Top 10 in voluntary insurance
Fortune 250 Insurer
Creating Comprehensive SOA Governance
8/2/2019 Fortune 250 Insurer - SOA Mediation & Governance
2/2
Fortune 250 Insurer Case Study
Copyright 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 2
designed for version 1.0 of an API (for example) into API 2.0 calls, thereby ensuring existing applications wont
break.
Implemented in conjunction with HP SOA Systinet and HP Business Availability Center (BAC), the Layer 7 Gateway
helps create a comprehensive SOA Governance solution. The Systinet UDDI Registry acts as the SOA repository of
record, providing design-time Governance through its service cataloguing and policy lifecycle management
capabilities. The Systinet and Layer 7 solution allows the insurer to track the entire service lifecycle, from design
through production, enforcing Systinet policies across their extended enterprise.
HP BAC enables trust and control of services by providing end-to-end performance monitoring and diagnostics of
SOA services, applications and infrastructures. Deployed together with the Layer 7 Gateway, BAC allows the
insurer to report across all their message-oriented systems; track requests that access multiple backend services,
and report across different transport layers.
The Results
With a comprehensive SOA Governance solution in place, the insurer will now be able to gain greater business
agility with less duplication of effort by enabling the realization of shared services that can be consistently
discovered, understood and trusted.
Benefits include lower application maintenance costs and improved application flexibility/adaptability gainedthrough the introduction of a layer of abstraction the Layer 7 XML Gateways policy layer between clients and
services. The Gateway also provides for reduced IT and business risk by introducing a mediation layer to mitigate
changes at the client and Web service.
Finally, the insurer can expect higher-quality services and fewer service outages by utilizing HP BACs SOA
monitoring capabilities to ensure uninterrupted performance.