SOA Software’s “Service Virtualization”

A service-oriented architecture (SOA) takes the discrete business functions in enterprise applications and organizes them into interoperable services—which is one of the most effective ways to share and consume information with partners. But managing and exposing these services creates some big security risks; keeping the bad guys from connecting to those services is tricky.

One approach getting serious attention involves what SOA Software calls an XML virtual private network, which the company developed to enable partners to securely connect to an enterprise's Web services. An XML VPN is an edge proxy that intercepts incoming service packages, verifies the source of origin, decrypts the packages, and signs the message using its own public key infrastructure, explains Ian Goldsmith, the company's VP of marketing.

"Essentially, what the product does is to build a virtual service inside the partner’s firewall," Goldsmith tells SOATrends. "Partners communicate with that virtual service, which handles the passing of messages back and forth between the virtual service and the real service. So, what we talk about is ‘service virtualization.’”

SOA Software's recently released XML VPN version 4.3 is available both as software and an appliance. It is designed to act as a proxy for any external Web services, whether provided by another XML VPN device or not. A company can use the XML VPN to provide its developers with internal versions of important third-party services, and ensure the security and reliability of those services.

The focus of this release is the product's new last-mile security capabilities. With version 4.3, the XML VPN proxy can digitally sign messages destined for internal services to prevent end-run attacks by external applications that could otherwise directly contact internal services protected by the XML VPN. "[This capability] ensures the security of internal services and provides an end-to-end audit trail for all partner transactions," Goldsmith says.

XML VPN version 4.3 is also the first B2B Web services security solution to support the emerging WS-Policy standard, Goldsmith says. Support for WS-Policy ensures that third-party providers can discover the policies they must implement before attempting to communicate with a service.

"SOA Software's notion of an XML VPN is catching on with customers,” says Jason Bloomberg, senior analyst at ZapThink. "Unlike a traditional VPN, the XML VPN is content- and application-aware. SOA Software can therefore connect companies to their business partners and customers in a secure, flexible, intelligent manner, leveraging the power of Web services and SOA for business-to-business interactions."

About the Author

John K. Waters is a freelance writer based in Silicon Valley. He can be reached at [email protected].