Sun Microsystems Case Study

Creating Agile, Secure SOA through Governance

Sun Microsystems is a Fortune 500 vendor of software, systems, services, and microelectronics that power everything from consumer electronics, to developer tools to the world's most powerful datacenters. Sun is perhaps most famous for their network servers that form the core of Internet backbones, provided the raw iron for much of the .com boom, and are used today by nearly every sector of society and industry. Sun runs their business on Oracle, whose ERP, CRM, Financials and eBusiness suite form the IT backbone for Suns hardware, software and services divisions. While such an enterprise-strength system has long given Sun the edge they needed to effectively compete with the biggest names in the marketplace, Suns strengths have always lain in being the smaller, more agile player.

Sun Microsystems by the #s

Founded: 1982 Fiscal Year 2008 Revenues: $13.880 billion Ranking: #184 on the Fortune 500 (2008) Employees: 33,556 worldwide Locations: Sun conducts business in more than 100 countries around the globe

The Opportunity
Up until now, Oracle Financials, Siebel CRM, Oracle Manufacturing and Oracle eBusiness Suite were using a proprietary messaging system which, while handling more than $9B in revenue, was proving more and more difficult to change. After upgrading to Oracle 11, the functional modules which supported Suns online Web store were exposed as Web Services presenting Sun with an opportunity to incorporate them into a flexible, loosely coupled Service Oriented Architecture (SOA). While rivals touted their SOA initiatives, experimenting with Web Services (technology for technologys sake) or creating catalogs of orphaned Web Services (commonly referred to as JABOWS or Just A Bunch Of Web Services), Sun had the foresight to realize that without an effective governance layer in place SOAs promised business agility would likely remain just that nothing more than a promise.

Enter Layer 7
Sun had done the initial work to identify seventeen key functions within their Oracle suite of applications that would provide the greatest degree of reuse, and had exposed them as Web services. Because the project was slated to become core infrastructure that would evolve with their SOA environment, Sun required a way to ensure these core services could be properly governed controlled, monitored and adapted over time. After evaluating a number of different vendors for a variety of criteria, including capabilities related to security, message validation, message enrichment, protocol translation, versioning, monitoring and interoperation with their new common services framework (based on JCAPS), Sun settled on Layer 7. They were initially drawn to Layer 7s performance and scalability the ability to handle high volumes of payloads, and efficiently scale as load and message size was ramped up and then saw the value in Layer 7s runtime governance framework, which would provide policy enforcement for security, reliability and compliance requirements, as well as visibility into performance, quality of service and SLA conformance for their SOA implementation. At Sun our IT philosophy is to leverage the power of Java, Web services, and the Internet to enable enterprise computing in the open network. Layer 7 allows us to cost-effectively implement SOA governance and Web services security that advance that vision while maintaining the flexibility and business responsiveness that SOA-based solutions can deliver. Robert Worrall, CIO, Sun Microsystems

Copyright 2010 by Layer 7 Technologies, Inc. (www.layer7tech.com). All other trademarks are the property of their respective owners. Layer 7 Internal Use Only

Sun Microsystems Case Study

The Solution
Suns online Web store is primarily used by certified partners, VARs and resellers to order systems and parts. Hosted at an offsite datacenter, the Web store originally connected across the Internet via a secure VPN system to Suns Oracle-based ERP system via a tightly coupled, network network-level integration. With Suns move to Web services, the Sun Web store Common Web Platform could now be loosely coupled to the ERP Web services, offering a more flexible solution. Security posed a significant challenge. Suns corporate framework encompasses a number of semi semi-autonomous, geographically-dispersed business units and partner companies, in addition to the many remote consultants, dispersed contractors and distinguished engineers all of whom may require access to the new ne SOA infrastructure at one point. Additionally, because the solution would span so many By centralizing AAA different users and security domains, any security solution must be reasonably easy to security using Layer 7, use and transparent to legitimate users users. Sun was able to speed deployment, decrease Layer 7 provided the ability to govern cross-domain interactions by enforcing client maintenance costs and authentication and fine fine-grained, service level authorization for third parties, as well as improve business agility. generating log files for all interactions within and between organizations to facilitate compliance and content reporting. Enforc SLAs by rerouting and throttling when threshold throughput values nforcing were exceeded was key to ensuring quality of service was not impacted.

The Results
By using Layer 7 to abstract out AAA security (Authentication, Authorization and Auditing) from the Web services and instantiate them as centrally administered enforceable policy, Sun can accommodate changes in corporate requirements, industry/ government regulations, and Web services standards without needing to code, test and redeploy each individual service. The result is a dramatic decrease in maintenance costs with a corresponding dividual improvement in business agility. Additionally, by centralizing security, Sun was able to speed deployment while improving overall security by implementing a stand standard security architecture. Following business acquisitions, compan typically face a difficult challenge integrating their disparate systems. companies But with robust SOA governance in place, both companies can reduce integration costs and realize efficiencies faster by providing the ability to control, monitor and adapt a solution to fit both partys requirements. requirements
Copyright 20 by Layer 7 Technologies, Inc. (www.layer7tech.com). 2010 All other trademarks are the property of their respective owners Layer 7 Internal Use Only owners.