CA Extends Security Tools to Red Hat's JBoss Enterprise Middleware

CA says it has extended two of its web access security products to include support for JBoss Enterprise Middleware deployments. CA SiteMinder and CA SOA Security Manager now offer secure access management for Web applications and services deployed on JBoss Enterprise Middleware, including JBoss Enterprise Application Platform, JBoss Enterprise Portal Platform, and JBoss Enterprise SOA Platform.

Matthew Gardiner, director of CA's security and compliance business unit, tells 5 Minute Briefing that the Siteminder and SOA Security Manager offerings for JBoss employ the same technology offered for more proprietary platforms such as IBM Websphere and Oracle WebLogic. This is a necessity in today's highly heterogeneous environments, he adds. "Enterprises typically use many application delivery platforms and also acquire web applications from third-party software vendors," he points out. "This creates a great diversity and number of web technologies for which they need to provide both effective security as well as a good user experience. This is best done is via a centralized security system combined with highly distributed enforcement, which CA SiteMinder and CA SOA Security Manager deliver."

CA SiteMinder and CA SOA Security Manager are part of CA's Secure Web Business Enablement portfolio. CA SiteMinder enables a web access management system providing web single sign-on, authentication management, policy-based authorization, identity federation and audit services. CA SOA Security Manager uses centralized security policies linked to user identities to provide XML threat prevention, authentication, authorization, federation, session management and security auditing services capabilities.

If a customer is already employing CA SiteMinder or CA SOA Security Manager for existing Java EE-compliant platforms such as WebLogic, the current version of these tools can be extended to other Java EE-compliant web servers such as JBoss, Gardiner points out. "The architecture of the CA solution is distributed via what we call web agents and policy servers. The web agents are used to instrument the application platform-providing security enforcement points-and the policy servers manage the security policies so that security decisions are made in real-time."

Organizations typically have a relatively small number of policy servers and a relatively large number of web agents, Gardiner explains. "Adding more agents-the latest being for the JBoss platform-means that our customers can incrementally xtend the reach of their centralized security system."

For more information, visit the CA website.