The IBM® SOA
Policy Gateway Pattern is
set of virtual system patterns providing a policy enforcement point
and a policy administration point. The policy administration point
is provided by virtual system patterns that provision WSRR in a multi-tier
architecture, delivering a production and staging environment. The
policy enforcement point is provided by the WebSphere® DataPower® appliance in which a domain is
created during virtual system pattern deployment.
There are examples of policy in many, if not all Service Orientated
Architecture (SOA) environments. Service producers and consumers agree
the capabilities, performance, and characteristics of the service
during the design phase. To do this, you can use Service Level Definitions
(SLDs) and Service Level Agreements (SLAs). This pattern allows you
to define policies for SLDs and SLAs in an efficiently administered,
defined, governed, and utilized way. Policy types used in this pattern
include the following:
- Mediation Policies -
- Rejection - Reject or throttle requests that arrive at a rate
greater than defined.
- Logging - Create a log message with the policy enforcement point
when a service is called.
- Transformation.
- Validation - Validate the service call against the service definition.
- Routing - Based on the message, route to a specific endpoint.
- Security Policies: In the sample we demonstrate the means
to enforce XACML access control security policies. These are not governed
within the policy administration point at this time.
The
IBM SOA
Policy Gateway Pattern pattern
contains the following virtual system patterns:
- SOA Policy Gateway Basic Runtime
Sample
- SOA Policy Gateway Governance
Master
- SOA Policy Gateway Basic Runtime
- SOA Policy Gateway Advanced Runtime
The four virtual system patterns work together to provide a multi-stage
services governance environment. The
IBM SOA
Policy Gateway Pattern also
provides the capability to provision multiple DataPower domains configured to the governance
environment during the pattern deployment. Combined, the following
deployment topologies are provided:
- Standalone deployment
- Pilot deployment
- Full production deployment
For more information about SOA Policy, see SOA Policy overview.
It is possible to manually configure the deployed virtual system
pattern to include monitoring with ITCAM for SOA Version 7. This provides
the basic monitoring of events and expands policy support to include
monitoring policies. Monitoring policies allow event situations to
be defined within the Policy Authoring Point (PAP) and be attached
to a service definition, allowing the monitor to act when the event
situation occurs.