8/2/2019 Fortune 250 Insurer - SOA Mediation &
Governance
1/2
As one of the world's leading employee benefits providers,
thousands of businesses
count on this Fortune 250 insurance company. The insurer helps
businesses build
robust benefits packages, provide absence management services
and stay informedabout emerging trends in employee benefits.
The insurer provides disability, long term care, life and
voluntary insurance products
backed by a >10,000 strong employee workface that is
committed to meeting the
needs of their customers. A separate division also provides for
voluntary worksite
benefits.
In 2007, the insurer began an IT journey to a Service Oriented
Architecture (SOA)
based on the Microsoft .NET platform. But without a formal SOA
Governance
infrastructure in place, they soon began to experience a number
of challenges.
The ChallengeWhen making the move to SOA, the insurer wanted to
ensure they retained the same level of security and privacy
for their customers data as they had implemented with their
traditional architecture. For this reason, they
implemented their existing proprietary Secure Token Service
(STS), which leveraged attributes stored in an SQL
Server database, as the central point of authorization.
While this STS was more than adequate for a traditional
architecture, the overhead of per-request SAML security
caused slowdowns due to the high level of CPU usage for message
decryption. Switching from NetTCPBinding to
WSFederationHttpBinding and utilizing WS-SecureConversation
solved the slowdown problem, but introduced a
new issue with dropped sessions as a result of poor sticky load
balancing. As a workaround, the insurer added
code to both the client and server applications that would
generate an HTTP cookie. Now, if the load balancer
redirected a client to a new server, it could use the cookie to
rebuild the session context and avoid renegotiating
WS-SecureConversation.
At this juncture, the insurer discovered that their clients and
services were no longer loosely coupled, making it far
too easy to introduce breaking changes: any change in a service
API would break compatibility with the client. In an
environment that featured 10,000 desktops loaded with tens of
client applications interacting with multiple
backend services, tight coupling was a recipe for disaster. Even
with extensive planning, there was still an
extremely high risk of something going wrong. And any change
introduced to a service would require time
consuming, labor intensive and costly updating of the
client-side software, effectively bringing server side rollouts
to a standstill.
What the insurer required was something that could act as a
mediator in their environment in order to mitigate
the risk of API changes, negotiate the security regime, and
translate the content.
Layer 7 Provides Mediation
The Layer 7 XML Gateway is a SOA mediation device that sits
between clients and backend services, providing a
number of key, runtime SOA governance capabilities. For example,
the Layer 7 Gateway mediates security regimes,
consuming the insurers inbound NTLM and producing
WSHTTPFederationBinding for backend communication.
The Gateway also mediates transport regimes, converting inbound
HTTP to outbound MQSeries message oriented
middleware. Finally, Layer 7 is able to mediate between API
versions, transparently translating incoming queries
By the Numbers
Fortune 250 Insurer
>20M protected worldwide
>150K customers in the US & UK
Provides >30% of the Fortune
500 with benefits
Top 10 in group/individual
disability & long term care
Top 10 in voluntary insurance
Fortune 250 Insurer
Creating Comprehensive SOA Governance
8/2/2019 Fortune 250 Insurer - SOA Mediation &
Governance
2/2
Fortune 250 Insurer Case Study
Copyright 2011 Layer 7 Technologies Inc. All rights reserved.
SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and
copyrights are the property of their respective owners. 2
designed for version 1.0 of an API (for example) into API 2.0
calls, thereby ensuring existing applications wont
break.
Implemented in conjunction with HP SOA Systinet and HP Business
Availability Center (BAC), the Layer 7 Gateway
helps create a comprehensive SOA Governance solution. The
Systinet UDDI Registry acts as the SOA repository of
record, providing design-time Governance through its service
cataloguing and policy lifecycle management
capabilities. The Systinet and Layer 7 solution allows the
insurer to track the entire service lifecycle, from design
through production, enforcing Systinet policies across their
extended enterprise.
HP BAC enables trust and control of services by providing
end-to-end performance monitoring and diagnostics of
SOA services, applications and infrastructures. Deployed
together with the Layer 7 Gateway, BAC allows the
insurer to report across all their message-oriented systems;
track requests that access multiple backend services,
and report across different transport layers.
The Results
With a comprehensive SOA Governance solution in place, the
insurer will now be able to gain greater business
agility with less duplication of effort by enabling the
realization of shared services that can be consistently
discovered, understood and trusted.
Benefits include lower application maintenance costs and
improved application flexibility/adaptability gainedthrough the
introduction of a layer of abstraction the Layer 7 XML Gateways
policy layer between clients and
services. The Gateway also provides for reduced IT and business
risk by introducing a mediation layer to mitigate
changes at the client and Web service.
Finally, the insurer can expect higher-quality services and
fewer service outages by utilizing HP BACs SOA
monitoring capabilities to ensure uninterrupted performance.
