How Cisco IT Improves Commerce User Experience by Securely Sharing Internal Business Services with Partners

Similar documents
Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway

CISCO IT DEPARTMENT DEPLOYS INNOVATIVE CISCO APPLICATION- ORIENTED NETWORKING SOLUTION

How Cisco ASR 1000 Enables Cisco Business Strategies by Providing Capacity and Resiliency for Collaborative Applications

IBM WebSphere Message Broker for z/os V6.1 delivers the enterprise service bus built for connectivity and transformation

How Cisco IT Deployed Enterprise Messaging on Cisco UCS

Sentinet for BizTalk Server SENTINET

Sentinet for BizTalk Server VERSION 2.2

Microsoft Architecting Microsoft Azure Solutions.

Accelerate Your Enterprise Private Cloud Initiative

SoftLayer Security and Compliance:

Migration and Building of Data Centers in IBM SoftLayer

Cisco Virtual Experience Infrastructure for Government. Virtualize Your Desktop and Increase Agency Efficiency

Forum XWall and Oracle Application Server 10g

Cloud Access Manager Overview

How Cisco IT Is Accelerating Adoption of IPv6

Dynamic Network Segmentation

OpenIAM Identity and Access Manager Technical Architecture Overview

Grow Your Services Business

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

WEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices

Overview SENTINET 3.1

White paper. Keys to Oracle application acceleration: advances in delivery systems.

Dell One Identity Cloud Access Manager 8.0. Overview

PCI DSS Compliance. White Paper Parallels Remote Application Server

Cisco Service-Oriented Network Architecture: Support and Optimize SOA and Web 2.0 Applications

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

Cisco Preparing Its Datacenters for the Next Generation of Virtualization and Hybrid Cloud with Its Application Centric Infrastructure

WHITE PAPER. ENSURING SECURITY WITH OPEN APIs. Scott Biesterveld, Lead Solution Architect Senthil Senthil, Development Manager IBS Open APIs

Solace JMS Broker Delivers Highest Throughput for Persistent and Non-Persistent Delivery

NORTH CAROLINA NC MRITE. Nominating Category: Enterprise IT Management Initiatives

Cisco Access Policy Server

Using IBM DataPower as the ESB appliance, this provides the following benefits:

WEB-APIs DRIVING DIGITAL INNOVATION

THE JOURNEY OVERVIEW THREE PHASES TO A SUCCESSFUL MIGRATION ADOPTION ACCENTURE IS 80% IN THE CLOUD

AKAMAI CLOUD SECURITY SOLUTIONS

Implementing a Ground Service- Oriented Architecture (SOA) March 28, 2006

Data Security at Smart Assessor

IBM API Connect: Introduction to APIs, Microservices and IBM API Connect

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM

IBM Europe Announcement ZP , dated November 6, 2007

Exam Name: IBM WebSphere Datapower SOA. Appliances Firmware V3.8.1, Solution Implementation

Security Statement Revision Date: 23 April 2009

IBM Tivoli Directory Server

Snort: The World s Most Widely Deployed IPS Technology

Orange Smart Cities. Smart Metering and Smart Grid : how can a telecom operator contribute? November

Cloud Services. Infrastructure-as-a-Service

How Microsoft IT Reduced Operating Expenses Using Virtualization

Busting the top 5 myths of cloud-based authentication

Seven Criteria for a Sound Investment in WAN Optimization

Beyond Your Device. Control, Connect, Experience. BT GS Analyst and consultant call 2 July 2013

Build application-centric data centers to meet modern business user needs

Microsoft IT deploys Work Folders as an enterprise client data management solution

Sentinet for Windows Azure VERSION 2.2

Intelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales

Prommis. Challenge: Centralizing applications. Other providers told us they could accelerate ICA traffic, but only Riverbed actually could.

TN3270 AND TN5250 INTERNET STANDARDS

E-Commerce Networking

IBM Corporation. Global Energy Management System Implementation: Case Study. Global

VimpelCom s Beeline Machine-to-Machine (M2M) Services

Oracle and Tangosol Acquisition Announcement

Testpassport.

IBM SmartCloud Engage Security

Lessons Learned from SD-WAN Deployments on Six Continents. 21 September 2016 Tim Sullivan Co-founder & CEO

THE API DEVELOPER EXPERIENCE ENABLING RAPID INTEGRATION

How Cisco Employees Communicate Visually with Anyone, Anywhere

The Case for Virtualizing Your Oracle Database Deployment

Cisco EnergyWise Optimize and Cost Saving. Traditional IT Power Management

MigrationWiz Security Overview

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

ITdumpsFree. Get free valid exam dumps and pass your exam test with confidence

Certeon s acelera Virtual Appliance for Acceleration

Flex Tenancy :48:27 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

Sentinet for Microsoft Azure SENTINET

Cisco License Manager 3.1

Best Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

Never Drop a Call With TecInfo SIP Proxy White Paper

Cisco Connected Factory Accelerator Bundles

Resort and Casino Takes its Gaming Floor to the Next Level

WHITEPAPER. Security overview. podio.com

HARDWARE SECURITY MODULES DEPLOYMENT STRATEGIES FOR ENTERPRISE SECURITY

IBM CICS Transaction Gateway for Multiplatforms V7.1 delivers access to CICS containers and extended systems monitoring capabilities

Services solutions for Managed Service Providers (MSPs)

Unleash the Power of Secure, Real-Time Collaboration

Remodel. New server deployment time is reduced from weeks to minutes

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec

Cisco Quantum Policy Suite for Mobile

The F5 Application Services Reference Architecture

The Now Platform Reference Guide

DATA CENTRE SOLUTIONS

Apigee Edge Developer Training

Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002

How to Leverage Containers to Bolster Security and Performance While Moving to Google Cloud

Pulse Secure Application Delivery

Microservices with Red Hat. JBoss Fuse

BPEL Research. Tuomas Piispanen Comarch

Cisco ACE30 Application Control Engine Module

Integrated DHCP, DNS & IP Address Management

The Cisco WebEx Node for the Cisco ASR 1000 Series Delivers the Best Aspects of On-Premises and On-Demand Web Conferencing

Multi-Tenancy Designs for the F5 High-Performance Services Fabric

Transcription:

How Cisco IT Improves Commerce User Experience by Securely Sharing Internal Business Services with Partners Offloading XML processing to the ACE XML Gateway improves service performance and simplifies application development. Business Opportunity Cisco s Commerce Transformation initiative is redefining the company s processes and systems to make it easier for customers and partners to conduct business with Cisco. By adopting a Services Oriented Architecture approach, we are creating a solid architectural and technology foundation that will deliver scalable solutions, enhance the customer experience, and provide our entire ecosystem with secure access to the services they need, says Guillermo Diaz Jr., vice president of commerce IT. To support the cross-company Commerce Transformation initiative, Cisco IT needed a secure way to share certain internal business services with partners and customers. Examples include pricing promotions and configuration for Cisco network devices, services, software, and solutions. These business services reside within Cisco s network, where partners cannot access them. Therefore, partners have no option other than calling Cisco employees, which creates additional work and prolongs deal cycle times. We realized that we could save time for customers, partners, and Cisco by developing a set of reusable network services with appropriate controls, says Harvinder Kalsi, IT architect, Cisco. Examples of network services, which are common to multiple Cisco business services, include security and XML processing. We would also need a secure, scalable, and manageable way to expose business services, says Steve Adachi, IT manager, Cisco. Reusability was very important because customizing and maintaining the same business services for different partner and application requirements would take too much time to be practical. Cisco IT Program Planning Cisco IT first identified common network services in the business services that the company wants to expose to customers and partners. Examples include security, XML processing, virtualizing the physical service endpoints so that they are not visible to partners, and monitoring message traffic. It s much more efficient to manage network services like these independent of the business service logic, says Kalsi. This is easy to do when you place the services in the network and use the network as a platform for delivery. Platform Selection Next came selecting a platform to manage the network services. Cisco IT tried out third-party SOA management solutions, but these software-based solutions failed to meet the business requirements. They did not provide the flexibility to work with the different middleware used within Cisco, so Cisco IT would need to write separate code for each type of middleware. The solutions lacked support for IBM WebSphere and Java Message Services (JMS), Cisco s biggest development environments. And, like all software solutions, they imposed overhead that detracted from overall service performance. Cisco IT decided to use a network-based web services platform. The team selected Cisco s own Application Content Engine (ACE) XML Gateway, a web services gateway designed specifically to manage web services security, XML processing, and encryption. The provides a robust SOA platform that provides essential All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 6

functions common to many of our business services, says Ravi Akireddy, IT architect, Cisco. Offloading XML processing to the network improves service performance and simplifies application development. The application delivery services that the provides are a core network service as part of the Service Oriented Network Architecture framework. With support for industry standards, the integrates with third-partinfrastructure, including middleware. It maps partner requests to the appropriate middleware, such as Tibco products in Cisco s BusinessWorks or IBM WebSphere, over JMS or HTTP transports that the application developer has exposed. The gateway does not host application-specific code. Instead, Cisco application developers use an intuitive web-based administrative interface to configure policies that provide services for their business applications. Proof of Concept and Pilot Beginning in July 2007, Cisco IT conducted a proof of concept using the to expose current promotions to partners so that they can find the discounts for which they qualify (Figure 1). The gateway delivers the following services: Authenticates users with username and password, tokens, or certificates Offloads XML processing to improve application performance - Performs schema validation - Encrypts and decrypting messages - Performs fast XML transformations - Signs XML payload Performs protocol translations, such as HTTP to JMS Enforces web services policies such as service versioning Performs XML firewall screening Prevents denial-of-service (DoS) attacks against application servers by throttling XML traffic Virtualizes the physical service endpoints and provides content-based routing All contents are Copyright 1992 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 6

Figure 1 Architecture for Secure Delivery of Web Services to Partners Using ACE XML Gateway Cisco IT established a secure channel between the internal gateway and the gateway between the Internet and firewall using HTTP with bidirectional Secure Sockets Layer (SSL) encryption (Figure 2). We were able to segregate internal and external traffic and provide a secure communications channel between them, says Kalsi. Figure 2 Service Oriented Architecture Implementation All contents are Copyright 1992 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 6

After the successful proof of concept, in September 2007, the IT team began the pilot, which included load testing. Cisco IT deployed 24 ACE XML Gateways in the San Jose, California data center as well as the Research Triangle Park, North Carolina data center used for disaster recovery. Each gateway occupies only one rack unit, which reduces data center space, energy, and cooling requirements. The manager gateway collects metrics and produces reports that summarize performance, number of hits, and errors. In March 2008, Cisco IT rolled out the web services to all worldwide Cisco partners as part of the Partner Deal Registration application. Results to Date Deal Acceleration and Increased Profitability As of June 26, 2008, 13,074 Cisco partners had signed up for the Partner Deal Registration application, demonstrating strong interest and acceptance. These partners have used the web service for more than 58,000 deals, with benefits that include: 7500 hours saved for Cisco sales teams because of partner self-service Reduction in average deal cycle time from 10.5 days to 6 days Reduction in discounts and nonstandard pricing, for estimated savings of US$17 million to date Scalability The Partner Deal Registration application uses only a small fraction of the gateway s capacity of 30,000 XML transactions per second. This level of scalability would be difficult to achieve with a software-based solution, Kalsi says. As we expose more and more services, the scalability and load-balancing capabilities in the Cisco ACE XML Gateway will become more critical. We might receive hundreds of thousands of hits daily. Fast Application Performance The ACE XML Gateway offloads XML processing from the application, accelerating application performance. Average response time for the Get Price feature is 500 milliseconds, which seems almost immediate to the consumer. The response time includes back-end business logic. Faster Application Development Traditionally, schema validation and other XML processing are performed in software, which degrades application performance and scalability. Offloading schema validation to the gateway not only improves performance, it also frees up application development teams to focus on core business logic, which increases their productivity, says Amit Srivastava, IT program manager. Cisco IT can expose the business services rapidly, as well. In just two months in mid-2008, the team securely exposed the following internal business services to partners: Pricing Next-generation configuration Cisco Service Contract Center install-base search Order orchestration Better XML Application Security The lets the IT team add capabilities that were not possible previously. One is to perform deep packet inspection of any XML traffic entering the network, an important capability because the XML payload can carry different types of attacks. Stopping bad requests at the gateway offloads the application from having to perform packet inspection, which improves performance, says Srivastava. All contents are Copyright 1992 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 6

Next Steps New Services Cisco IT plans to use the for the following business services by March 2009: Opportunity collaboration and integration with salesforce.com Customer Registry Address Services Customer Service Address Services Human Resources IT Champion program, which recognizes and rewards Cisco employee behaviors that foster success Partner Deal Promotion, which provides information about incentive programs, promotions, and offerings Manufacturing IT Arvato Integration Integrated Commerce Workspace, which provides information about sales, orders, and pricing Integration with Scientific Atlanta Customer Services: Worldwide Reverse Logistics, responsible for redeploying returned products to bring the best value to Cisco Cisco Capital Finance Manufacturing IT Real estate leasing HireRight Integration Delegated Policy Control Cisco IT plans to let individual project teams make their own policy changes, including specifying the partners authorized to use the services and the dates they can use them. The goal is to maintain centralized control of web services while delegating policy configuration management, says Kalsi. Shared Gateway for Multiple Programs Cisco IT plans to use the in conjunction with the Cisco ACE module to simplify the delivery of web services. The Cisco ACE module will provide the same functions as the Cisco Content Switching Module and also support multiple virtual gateways, each mapped to a distinct set of web services. The ACE XML Gateway will segregate services to particular gateways based on payload and protocol. Using the ACE XML Gateway as a shared platform rather than dedicating a separate physical gateway to each set of web services will increase return on investment and reduce our support cost, says Srivastava. Automated Policy Deployment As the deployment expands, Cisco IT will automate the process of deploying new policies to the gateways. When this occurs, application teams will be able to use the as a service for the applications they develop. The Cisco Application Networking Services business unit is aware of the need for management APIs and is committed to providing them in upcoming releases. All contents are Copyright 1992 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 6

Last-Mile Security An end-to-end security solution requires securing messages to the final endpoint. Cisco IT is currently using HTTP over SSL for last-mile security. Later it might use Security Assertion Markup Language (SAML)/federation and a secure transport layer. Printed in USA C00-000000-00 08/07 All contents are Copyright 1992 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 6 of 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback