This chapter will demonstrate how to implement basic Runtime Governance using the standard tools that are shipped with the Oracle SOA and Governance products. The chapter will describe how to use Oracle Web Services manager to implement security policies for running services, how to monitor services and policy compliance using Oracle Enterprise Manager Fusion Middleware Control, and also how to harvest runtime metrics into OER therefore achieving close-loop governance.
This use case extends Chapter 8, Design-time Service Promotion and Discovery and details on how to implement Runtime Governance for the deployed services. These services enable Weir & Bell to enhance its supply chain process by exposing key business services for consumption by the third parties.
Exposing services into untrusted networks for the third parties to use implies that extra security measures have to be taken into consideration, to protect Weir and Bell core systems from unauthorized access and other external threads such as:
In order to enforce security and protect internal systems from such threats, Weir and Bell decided to implement three lines of defense:
This book does not cover the implementation of OAG. We recommend referring to the Oracle API Gateway site for further information on this product: http://www.oracle.com/us/products/middleware/identity-management/api-gateway/overview/index.html
Furthermore, Weir and Bell recognized that the lifetime of a service does not end once it is deployed into production. By continuously monitoring the performance of a service and capturing meaningful runtime metrics in OER, it is possible to determine whether a service is delivering its desired value, and whether it requires either improvement or retirement.
Subsequent chapters will describe how to:
Harvesting of runtime metrics into OER will be covered in the next chapter.