policy enforcement

Given today’s heavily regulated corporate climate, it’s critical that all applications comply with an organization’s business policies. Distributed development can lead to inconsistent implementation of key management concerns, often resulting in non-compliance. The challenge for IT is to centralize management concerns in policies, while consistently enforcing those policies across distributed applications that might be running on different platforms.

AmberPoint Management System helps organizations to achieve end-to-end control of composite applications by enforcing policy consistently across the runtime environment, without requiring applications to be recoded and deployed. Thanks to its comprehensive policy-templating mechanism and an automatic policy-provisioning system, AmberPoint reduces costs by minimizing the time and skills required to define and provision policies.

AmberPoint Management System’s unique policy-based approach provides:

• Customizable Policy Library: Enables out-of-the-box support for common policy-driven features, such as logging, QoS, authentication, access control and more. Application- and industry-specific policy packs reduce the costs associated with creating and maintaining management policies while preventing the creation of untested, unapproved polices
• Automatic Policy Provisioning: Overcoming the risks and overhead of one-to-one policy-to-service management, AmberPoint provides a unique mechanism for applying policies based on descriptive aspects of services. Once criteria for policy provisioning are established, policies are automatically applied to services based on a range of metadata, such as lifecycle phase, operating system, application container, category, or customized enterprise-specific metadata. This ensures that services never go without the policies necessary to make them available and secure.
• Adapts to Change: Dynamic evaluation of the system definition and automatic re-provisioning of policies when the service profile changes
• Comprehensive Policy Viewer: Enables users to see which services have which policies, which policies are in use with which services and the status of each policy
• Synchronization with Registries and Repositories: Bidirectional integration enables AmberPoint to ensure that runtime policy provisioning matches the design-time intention of your system.
• Secure: Built-in roles for controlling or limiting access to sensitive data

Easily manage and monitor a comprehensive set of policies

AmberPoint capabilities

Policy Manager and Services Console

• Easy-to-use graphical configuration of security policies for authentication (leveraging third-party products), authorization, encryption/decryption, signature/validation, credential mapping and censorship
• Policy creation, mediation across endpoints, administration and storage
• Applicable for input, output or fault processing and for AmberPoint management tasks
• Automatic, metadata-driven policy provisioning means services always get the policies they need
• Role-based policies

Extensible Policy Library

• Policy library provides out-of-the-box management features
• Custom policy tools, that utilize powerful capabilities (indexed instruments, contextual documents, drag-and-drop XPATH editor, custom actions, etc.) meet the specific needs of your organization

Automatic Policy Provisioning
Continuous, automated policy provisioning based on service attributes and metadata:

• Auto-enforces policies on service components as they are deployed
• Auto-provisions policies based service profiles
• Automatically adapts client applications to conform to service policy requirements

Policy-based Management Capabilities

Endpoint Management
Enables fine-grained control of services deployed on each container. Using AmberPoint, users can:

• Create and publish one or more managed endpoints for each service
• Create special-purpose endpoints for each type of usage (e.g. secured and unsecured)
• Load-balance across endpoints to ensure high availability
• Failover across endpoints to ensure fault-tolerance
• Monitor each endpoint for instantaneous health and availability

Version Management
Facilitates non-intrusive evolution of production systems by allowing:

• Publication of multiple versions of the same service simultaneously
• Transparent rolling upgrades to published services
• Ensuring backward compatibility for new versions
• Version-based routing of requests to services
• Manual or scheduled version deprecation

Service Virtualization
Provides sophisticated capabilities for building task-specific "virtual" services from existing services:

• Consolidate one or more operations from different services into a single virtual service
• Hide selected operations of an existing service
• Create a new skeleton service from a specific WSDL
• Automatically generate WSDL for a virtual service

Message Brokering
Routes and transforms requests or responses to optimize service delivery based on business or operational criteria:

• Control routing of messages based on content (message header or body) or context (user credentials, transport headers, properties, etc.)
• Transform inbound requests as well as out-bound responses using XSLT
• Mediate across different transport protocols (HTTP-to-JMS, JMS-to-HTTP or custom)
• Manipulate message headers to facilitate various standards-based routing schemes

Custom Policies
Template-based approach to policies enables specialty requirements:

• Create custom policy libraries to meet specific management needs
• Use message content, context or custom instrumentation to create any domain or application-specific policy
• Reuse custom policies across multiple applications or SOA projects