Here an article covering SOAPSonar 6.0, the leading SOA Testing product. The latest version provide a number of capabilities including testing cloud providers as well as testing using clouds.
For detailed article, see: SOAPSonar 6.0 from Crosscheck Networks Capable of Testing Unlimited Users in Cloud
Tuesday, December 21, 2010
Here an article covering SOAPSonar 6.0, the leading SOA Testing product. The latest version provide a number of capabilities including testing cloud providers as well as testing using clouds.
Thursday, December 16, 2010
Jack Vaughn, Editor-in-Chief of SearchSOA published this article on real life scenarios in SOA Testing and general SOA adoptions trends. Article highlights are as follows:
- a well built re-usable service will have high demand and a high number of transactions and consumers
- through automated SOA Testing products such as SOAPSonar, 100% scenario coverage is possible
- endurance and performance testing are also a core part of SOA Testing.
- Service traffic includes traffic from RESTful services and has resulted in portals driving overall JSON, XML and SOAP message structures. It's not just about A2A communication driving this traffic anymore.
Tuesday, November 30, 2010
Jim Duffy's Network World Blog -- the Cisco Connection -- highlights the Cisco ACE XML Gateway replacement offered by Forum Systems, a wholly owned subsidiary of Crosscheck Networks. Forum Systems is the only patented XML Gateway in the industry. Migrating to non-patented products from other XML vendors exposes corporations to excessive liability and non compliance. Furthermore, "me too" technologies that copy leading patented products eventually fade away much like the Cisco ACE XML Gateway.
For the complete article, see: http://www.networkworld.com/community/blog/third-option-cisco-ace-xml-gateway
Forum Systems Cisco Replacement Program:
- Program Details: http://www.forumsys.com/products/cisco_ace_replacement.php
- Best Practices: http://www.forumsys.com/resources/cisco-ace-replacement-program.php
Forum Systems Other Gateway Replacement Programs:
- IBM DataPower: http://www.forumsys.com/products/datapower_replacement_eol.php
- Other NON-PATENTED Gateways: http://www.forumsys.com/products/xml_gateway_replacement.php
Monday, November 08, 2010
XML Gateways are a core component of SOA deployments. SOA testers, developers, architect are intimately familiar with XML Gateways as a central component for enabling XML Security, Integration, Identity and Management.
Recently, Cisco published End-of-Life (EOL) and End-of-Sale (EOS) notices to its customer base for the Cisco ACE XML Gateway.
Forum Systems pioneered the XML Gateway Appliance space in 2001 with the launch of its product Forum Sentry. A number of vendors followed this path by morphing their existing technologies to the XML Gateway Appliance space. Reactivity, the company Cisco acquired for a $135M in 2007 was one such company that changed direction to enter this space.
In 2003, Network Computing published a bake-off between vendors in XML Gateway space. Reactivity (acquired by Cisco), DataPower (acquired by IBM) and a number of other vendors including Forum Systems, Westbridge, Verisgn were also a part of the assessment. Looking back at this vendor assessment, one can see a clear trend: companies that changed their directions to come after the pioneer (Forum Systems) eventually gave up on the space.
Although the strategy of a company changing direction to follow a viable market seems like a good idea at that time, it has profound implications in the future. When a product is not built ground-up to address a specific market, architectural comprises ensue that result in the demise of such products in the future. The key factor in picking any technology solution is to identify the leaders and the followers.
New vendors continue to follow the leader in the XML Gateway space, by changing their ESB products to look like XML Gateways, however, they lack the innovation and intellectual property established by the leader. See fore example, Forum System Issued Patent 7,516,333 for XML Security Gateway.
As corporations replace their XML Gateway from Cisco ACE or any other non-patented product, they should consider the following points:
- Select a patented product or face replacement issues as the patents are enforced.
- Pick an XML Gateway and not a product that is like an ESB/Application server.
- Demand an Independent Security Assessment on the ENTIRE XML Gateway.
- Validate feature/function availability and innovation leadership.
- Demand flexible replacement costs and options.
Thursday, August 05, 2010
MIT System Design and Management Program Hosts Experts on Cloud Computing, Entrepreneurship, Leadership
The MIT System Design and Management (SDM) summer 2010 business trip kicked off at the Faculty Club with a keynote address on entrepreneurship and leadership by Mamoon Yunus (MIT Mechanical Engineering, 1993 and 1995), President and CEO of Crosscheck Networks.
Yunus, who was introduced by Unatek CTO Charles Iheagwara (SDM 2010) after an opening statement by SDM director Pat Hale, saw a "gap" in the cloud computing movement and in 2004 founded Crosscheck to build technology that would scrub XML traffic in the cloud. Seeing gaps, said Yunus, is key to success.
"You can’t innovate in a vacuum," Yunus said. For example, after speaking at Harvard Business School he was approached by several MBA students who asked him, "‘How does one generate ideas? We know business, but are looking for ideas where we can apply our business skills."
Read More >>
Friday, July 09, 2010
For CIOs, CTOs and business application architects, cloud computing has become inescapable aspect of their overall IT strategy. As businesses consider approaches to migrating parts of their infrastructure to the cloud, IT organizations wrestle with fundamental questions such as:
- What applications or its components should be migrated to the cloud?
- What should be the order/priority of migration?
- Which IaaS cloud provider should be selected based on application performance and reliability requirements?
- How do I mitigate enterprise-to-cloud migration risk?
Without addressing such questions, enterprises are faced with ad-hoc decisions during their cloud migration process that can add immeasurable risks to their business operations and undermine the efficiencies that they seek by migrating to the cloud.
This article, Understanding enterprise-to-Cloud Migration Costs and Risks, tackles these issues and helps companies in making informed and measured decisions regarding their cloud migration strategy.
Friday, June 25, 2010
Migrating to Infrastructure-as-a-Service (IaaS) is an attractive option for corporations that want to shift from a capital expense to a pay-as-you go model. Regardless of the business driver for cloud computing, of which there are many including reducing costs and adding nimbleness, large enterprises are now faced with re-evaluating their core IT assets with an eye towards enterprise-to-cloud migration for improving business efficiencies. However, beyond qualitatively appreciating the benefits of cloud computing, IT executives lack the ability to quantitatively assess the risk-reward structure of which application should be migrated from the enterprise to a cloud. Without having a quantifiable impact assessment of migrating enterprise resources to a cloud, enterprises are faced with ad-hoc decisions during their cloud migration process.
For all tracks and sessions presented during this event, see:
at 4:10 PM
Monday, May 24, 2010
SQL Azure provides affordable and rapid collaboration across SOA Test teams using SOAPSonar, the industry leading, comprehensive SOA and Cloud Testing product. This article provides an overview of using a shared repository: SQL Azure for collaborative SOA testing across dispersed SOA Test teams.
SQL Azure is a promising option for corporations that deploy Micrsoft technology and are interested in leveraging cloud computing to reduce IT costs and respond rapidly to business requirements. For companies that are simply looking for hosted relational databases, other options such as MySQL hosted by Amazon EC2, Rackspace, GoGrid or OpSource serve as strong alternatives.
Our impressions of SQL Azure have been positive. Through firewall rules, security provisions are adequete and not overwhelming for database and application developers. We do expect a richer web-based management interface in the future that goes beyond just creating an dropping databases. Although SQL Management Studio, installed locally on your machine, provides powerful management capabilities, it dilutes the power of installation-free, cloud-based components.
Corporations can use Quality Assurance and Testing as low-hanging use-cases for cloud computing. Companies should be less concerned about storing test data in external clouds compared to, for example, real customer data. Using SQL Azure for SOA test automation provides better collaboration for test teams, ease of database management and a cheaper alternative to procuring and maintaining on-premise test infrastructure.For complete article, see: http://soa.sys-con.com/node/1379631
Monday, May 10, 2010
Innovative vendors offering ways to make the transition to a cloud-based world less daunting.
Here are excerpts from the article published by Beth Schultz of Network World:
Why we're watching the company: Service-oriented architecture (SOA) testing companies have begun rounding out their product lines with tools aimed at giving IT organizations more confidence as they plan for application migrations to the cloud. The product can also ease the infrastructure and cost burdens of building out lab environments.
With CloudPort, developers can profile and measure the impacts of moving to cloud platforms while modeling the risk and cost benefits, the company says. From a central console, the tool provides information about cloud providers such as performance metrics, geographic latency and service initiation times; outages and application error states; and security, capacity and interoperability. Plus, it offers the ability to run what-if modeling scenarios. It leverages cloud instances from Amazon EC2, OpSource Cloud, GoGrid and Rackspace, and says its pay-as-you-go model lets enterprises realize cost savings of up to 60% when compared to reference architectures, while compressing the services life cycle and reducing time-to-market.
Who heads the company: CEO Mamoon Yunus, who founded Forum Systems, where he pioneered Web services security gateways and firewalls.
How the company got into cloud computing: Crosscheck comes from the Web services/SOA testing world. As SOA and virtualization come together in the cloud, adding cloud testing tools to its portfolio was a logical next step.
For complete article, see:
at 8:34 AM
Monday, April 26, 2010
"One of the biggest problems with cloud computing is that IT organizations are hesitant to move an application into the cloud when they don’t know what to expect in terms of performance. Crosscheck Networks intends to help IT organizations overcome that uncertainty with a new modeling tool for cloud computing called CloudPort. " Mike Vizard, CTOEdge
For complete article, see: http://www.ctoedge.com/content/crosscheck-models-cloud-computing-performance
Monday, April 12, 2010
In the absence of quantifiable data, enterprises are challenged to make well-informed choices when it comes to migrating to the cloud. Instead, they often find themselves forced to make these strategic decisions based on ad-hoc or partial information. This is a risky and unproductive approach, especially when typical migration process requires moving numerous components -- including databases, application servers, ESBs, identity stores, and BEPL orchestration engines -- to the cloud. Once a full reference system is deployed, the behavior of the enterprise applications interacting with the cloud-based components must be tested -- using customized production code. This is an expensive, time-consuming and potentially error-prone proposition.
With CloudPort, enterprises benefit by never having to touch production code -- while eliminating the substantial time, capital and IT staff resource expenses related to building a distinct cloud test environment.
For further information, see SD Times article:
For details on CloudPort, see:
Monday, March 29, 2010
XML appliances, a core component of IT deployments, process XML-based information including SOAP and REST messages. In the early 2000s, the first phase of XML appliances focused on providing security at the enterprise edge where traditional firewalls could not prevent against XML-based threats. As XML adoption increased, accelerating XML traffic that is typically bloated and verbose became a requirement. This is where companies such as Forum Systems pioneered the first XML appliance with acceleration, security, and threat mitigation functionality. Forum Systems was granted a patent for XML Appliances in 2009 for its visionary work in XML security, acceleration and threat mitigation.
The second stage of XML Appliance evolution was to add significant support for the enterprise ecosystem; including transport protocol support - required for moving messages around; identity management support - required for interact with existing identity management solutions for authentication and authorization decisions; and monitoring and governance support - for enterprise-level management and monitoring of appliances and transaction flow.
Almost a decade later, XML appliances are now in the eye-of-the-storm again. As enterprise build private clouds and off-load commodity functions to public clouds, XML appliance are serving a critical part in acting as an enterprise-to-cloud gateway. Since its inception, XML appliances have been used for controlling and securing enterprise-to-SaaS interaction. This XML Appliance function has now evolved to controlling enterprise-to-IaaS (Infrastructure as a Service) interaction. For more about XML appliances see:
Monday, February 22, 2010
Insightful podcast by Jessica Ann Mola, Managing Editor at eBizQ with John Woolbrigth, CIO of Omega Financials and former CTO of Synovus Financial and Mamoon Yunus, CEO of Crosscheck Networks that explores the following items:
- Defining cloud computing. Are SOA and cloud synonymous?
- Pre-requisites and barriers to enabling cloud computing in an enterprise IT infrastructure.
- Impact of current economic climate as hurting or helping cloud/SOA adoption.
- Architectural moving parts necessary for building SOA.
- Real-life, high-scale SOA and cloud-based deployments.
"There are three or four things that can get you to a place to take advantage of cloud computing..." - John Woolbright
eBizQ: SOA and Cloud in 2010: Talking with Crosscheck and Omega Financial
Monday, February 01, 2010
Here's an interesting article on XML Gateways, their use in SOA deployments, and a comparison between hardware, software and cloud-based form factors. SOA Tester have to be cognizant of identity, encryption, and signature artifacts that are consumed and generated by XML Gateways so as to build proper test cases for comprehensive end-to-end SOA testing.
Tale of Two XML Gateways
— These days XML Gateways are a core infrastructure component of any enterprise SOA deployment. XML Gateways provide the ability to integrate services securely with granular access control, data-level encryption, integrity through signatures and XML threat mitigation. XML Gateways can be deployed as a hardware appliance or as a software gateway. Both these form factors have their advantages and disadvantages. This article provides readers a quick synopsis of the advantages and disadvantages of each form factor.
Monday, January 25, 2010
Understanding XML Threat and Trust models enables SOA testing and QA professionals to build robust test suites that verify functional, performance, interoperability and security profiles of Web services. SOA testing has to cover a XML identity tokens, XML signature generation and verification, and XML encryption-decryption to establish trust. The test suites have to ensure that trust-based artifacts are scalable and interoperable. In addition to testing such trust-based artifacts, SOA testers have to ensure that the web services have threat mitigation in place against threats such as SQL Injection, Denial of Service attacks and Malware threats over SOAP and XML traffic.
Here is an article published on XML Threat and Trust Models:
XML Security Trust and Threat Models for DummiesFull Article: XML Security Trust and Threat Models for Dummies
— It is very rare today to find a business application that has not exposed its interface via SOAP/XML. XML is the building block that enables business or consumer applications to exchange data in a standard structured format. The exchange of XML data typically takes place through an SOAP/XML interface based on the Web Services standard or through the REST-based standard. These flexible standards that richly describe interface functions of an application also introduce a host of XML and Web Services security vulnerabilities. This article is a quick start guide to most common XML and Web Services security vulnerabilities and the two basic security models they follow.
Tuesday, January 19, 2010
BOSTON--Forum Systems, a wholly owned subsidiary of Crosscheck Networks, Inc., today announced that it has joined the Cloud Security Alliance to help further the organization’s efforts in the areas of data security, privacy and integrity best practices. An early sponsor of the Cloud Security Alliance, Forum Systems recognized the fundamental need in providing security assurance within cloud computing environments. As a Cloud Security Alliance Corporate Member, Forum Systems advocates that enterprises must first establish secure XML, SOAP and REST-based transactions before implementing their cloud-based initiatives.
Read Full Description >>
Friday, January 15, 2010
Extending corporate boundaries to cloud infrastructure providers requires focused review of security practises used to integrate from the enterprise DMZ to external trading partners. Here is an article that covers Enterprise-to-Cloud communications issues and how best to prepare from them. SOA Testing and XML Gateway play an intergral part in ensuring that the security provisions are well tested and strictly enfored while interacting with cloud providers.
Strategies for Securing Enterprise-to-Cloud Communication
— The Cloud Security Alliance (CSA) published Version 2.1 of its Guidance for Critical Areas of Focus in Cloud Computing with a significant and comprehensive set of recommendations that enterprises should incorporate within their security best practices if they are to use cloud computing in a meaningful way. The Guidance provides broad recommendations on operational security concerns including application security, encryption & key management, and identity & access management. In this article, we will consider security implications of REST- and SOAP-based communication between consumers and specifically, Infrastructure as a Service (IaaS) providers.
Thursday, January 07, 2010
Comprehensive SOA testing, using commercial and mature products such as SOAPSonar from Crosscheck Networks, is critical for companies as they expand beyond their localized SOA domains and integrate with SaaS, PaaS, and IaaS providers to build a Federated SOA. Here's an article that highlights the relationship between Federated SOA and Cloud Computing.
Federated SOA: A Pre-requisite for Enterprise Cloud Computing
— Successful enterprise SOA implementations build on a set of localized, project-level efforts with services that have clearly identified and accountable business and technology owners. Ownerships defines a SOA Domain. SOA domains may exist within corporate boundaries or may be provided as services by third parties. Deciding what services are core to a business owner and should be implemented within her/his domain versus consumed from another SOA domain becomes a critical part of building Federated SOA. Understanding core capabilities provided by SOA domains is a crucial task at the enterprise-level for encouraging efficiency through re-use and for keeping focus on core business services.
As SOA domains mature, key issues arise in enabling "SOA Domain Jumping," -- easily and rapidly integrating with other SOA domains. Here are the top three Federated SOA requirements that corporations must first address before embarking on a meaningful and sustained cloud computing deployment.
Monday, January 04, 2010
Here is an interesting article that appeared on sys-con regarding the hidden costs associated with using open source frameworks for SOA Testing. Corporate business process security, interoperability and scalability may depend on the kind of tools one chooses for testing services and may significantly contribute to the overall success a company's ability to safely add a growing number of business partners to its ecosystem.
Hidden Cost of Open Source SOA Testing
— Adopting an open source tool for SOA testing seems the simplest, most cost effective choice for developers and testers early on. However, you should plan and consider the implications of a longer term strategy with an open source testing tool. There are many aspects of service testing that contribute to a comprehensive solution across the SOA life cycle. Adopting a specialized tool for service testing is essential and will provide value, but may prove limiting if the adoption of the testing tool becomes something that can not grow with the business and maturity of your SOA strategy. This article will discuss some topics to consider before jumping headlong into an open source free testing solution for your production services.
Friday, January 01, 2010
The is article discusses the advantages of using service virtualization whereby, in the simplest case, you may import a number of WSDLs, aggregate them and then expose them via and XML Gateway, such as Forum Sentry, based on the credential presented. The impact of service virtualization on SOA testing is significant:
- Remote services have to be tested independently.
- Aggregated WSDL need to be tested.
- User specific WSDLs generated by the Cloud/XML gateway have to tested.
- The difference between gateway-generated services has to be reconciled with the remote services.
- Identity tokens have to be generated for both remote services as well as the gateway to ensuring that the right authentication and authorization decisions are being enforced on the gateway.