When you're a defense contractor like Rockwell Collins, security is an overarching theme. So when this global manufacturer...
of aviation electronics for commercial and government customers set out to speed its business-to-business communications by utilizing XML Web services, it chose an XML security appliance from Reactivity Inc., Belmont, Calif., as the foundation of its services deployment.
"The general mentality of our security organization is that a software-based stack is inherently more vulnerable," said Shawn Furgason, manager of information delivery for the e-business organization of Rockwell Collins Inc., Cedar Rapids, Iowa.
The problem Rockwell Collins faced was a request by some of its suppliers and customers to exchange information in a more real-time, system-to-system fashion, rather than through the company's portal. But a traditional approach to Web services wasn't going to work, Furgason said, because "our security needs are such that we won't allow inbound HTTP traffic through the firewall."
Furgason's organization began "to look for a product to inspect message traffic going back and forth, to authorize the user or system making the call, to inspect the payload for any vulnerabilities like viruses through attachments or SQL injection attacks," and so on. "That led us to start looking at vendors in the XML router/security gateway space."
To the company's surprise, he said, it found the market at the time consisted of small, young companies -- Cisco Systems Inc. had not yet entered the arena with its application-oriented networking products. The size of the vendors initially "was a stumbling block; our leadership was saying, 'Who are these guys?'"
Rockwell Collins narrowed its short list to Forums Systems Inc., Salt Lake City; DataPower Technology Inc., Cambridge, Mass.; and Reactivity. While Furgason said the offerings were comparable in functionality, the company went with Reactivity because it could meet the project's aggressive time frame and the two companies quickly established a good relationship. Further differentiators were Rockwell Collins' confidence in the products' scalability and Reactivity's viability and policy workflow feature.
"We're trying to become an ITIL-based [IT Infrastructure Library] shop," Furgason said. ITIL is a widely accepted approach to IT service management, developed by the Office of Government Commerce in the United Kingdom. Reactivity's policy workflow, he said, would be helpful in implementing ITIL best practices.
The first service Rockwell Collins deployed was for real-time repair request and status. The service was developed on the Microsoft .NET platform, and core components include a Microsoft UDDI directory and the Reactivity gateways. "At this point we didn't see a need to put in a management solution, although it's likely that if we embrace services we will have to look at a SOA [service-oriented architecture] management layer."
Customers and suppliers that are not set up to do Web services can still utilize the company's Plumtree-based portal, with all traffic routed through the Reactivity gateway transparently to the user.
Reactivity's Adaptive Message Architecture enables any-to-any interoperability across transports and platforms, both XML and non-XML, according to the company. "Rockwell recognized their customers are in various stages of adoption; those same Web services connect to a human-accessible extranet portal, so you can access those same services even if the customer doesn't have XML Web services capabilities," said Joelle Gropper Kaufman, Reactivity vice president of marketing.
Like many organizations, Rockwell Collins did not start with a strategic plan to build an SOA, but rather looked to XML Web services as a way to solve an immediate business problem. And Furgason said the first partner to make the request did not care how Rockwell Collins approached the problem.
However, he said, his organization knew that it had to "get in front of this before it starts dictating to us. We quickly got our heads around building an SOA. To be honest, we're still struggling. We've got a strong back end in SAP, and we still have some educating to do in the organization about the value of an SOA. From their perspective, integration put everything into SAP, which works great until you get a non-SAP partner. So we're going through the education process of an SOA as an integration platform. We're at the beginning of that, but it's not a roadmap."
Over the course of the next year, Furgason's group has requirements to build another seven services, including enhancement to the repair status service, and several services around inventory management.
"We've already made Reactivity a foundational piece for everything we do; we use it for internal and external services. We want to start with everything being managed, everything secure, everything inspected, and if we need to expose that service to a supplier it's ready to go. I think that tool will be fundamental part of our infrastructure going forward."
Dig Deeper on Securing services