Gain control and use all your data security with data virtualization

Come join us for this webinar on Data Virtualization and Data Security.  The webinar also includes a live demo!

Gain control and use all your data security with data virtualization

Data is the life blood of the enterprise. Do you feel comfortable with the amount of control you have over all of your data? Do you know who’s accessing it and when? Can you centrally set and control a consistent level of access across all data sources? If not, data virtualization can help.

New data sources are constantly being added, and the volume of data keeps increasing. Data virtualization lets you easily create departmental or audience-specific data marts so that applications have access to only the data they absolutely need. Because there's no moving or copying of the data required with data virtualization, there's only 1 source of the data to monitor and manage.

In this webinar, you’ll learn:

• How data virtualization helps you implement a data firewall for secure data access.
• How to implement centrally manageable data access policies regardless of data source type.
• Role-based security, row/column masking, and extensive auditing capabilities.

Join Kimberly Palko, Red Hat JBoss product manager, and Blaine Mincey, Red Hat solution architect, to discuss how Red Hat® JBoss® Data Virtualization can provide consistent, secure data access for analytics across multiple, diverse data sources. This webinar includes real-world examples and a live demo.

Register at https://vts.inxpo.com/scripts/Server.nxp?LASCmd=AI:4;F:QS!10100&ShowKey=20059&AffiliateData=rhweb&Referrer=http%3A%2F%2Fwww.redhat.com%2Fabout%2Fevents-webinars%2Fwebinars%2F20140611-gain-control-and-use-all-your-date-security-with-data-virtualization

What is the difference between Picketlink and Keycloak?

Picketlink and Keycloak are both JBoss Projects.  The Picketlink Project is at http://picketlink.org/ and the Keycloak project is at http://keycloak.org.  In our blog today we will highlight some differences between the projects.

 What is Picketlink?  PicketLink is an umbrella project for security and identity management for Java Applications. PicketLink is an important project under the security offerings from JBoss.

Highlights of Picketlink:

• Security Framework for JavaEE Applications (Apache v2 License)
• First Class support for CDI
• Secures your beans, view layer, bean methods, REST endpoints, Servlets etc
• Simple API for managing Users, Roles, Groups
• Authenticate any way you want
• Permissions API for fine grained authorization
• Federation – SAML, WS-Trust, OpenID, OAuth
• Social Login with Facebook, Twitter and Google+

What is Keycloak?  An Out of the box solution for security and a project included in the Picketlink umbrella.  An Integrated SSO solution  for browser apps and RESTful web services that is built on top of the OAuth 2.0 and JSON Web Token (JWT) specifications.

Highlights of Keycloak:

• KeyCloak is an SSO server for web, mobile and rest applications
• KeyCloak is an OOTB server for :
• Authentication
• Authorization
• Centrally managing Application Users, Roles and Roles Mapping
• Social Login
• KeyCloak is deployable as a war, appliance or on OpenShift  
• KeyCloak project is part of the PicketLink family

So what is the problem space and what is the solution?

The problem space revolves around:

1. Applications need to be secure.
2. Applications need the following security features:

• Authentication
• Authorization
• Management of Users, Roles and Groups
• Audit
• Social Login
• Single Sign On

The solution is one of two options provided by the JBoss Products:

Option 1: Roll your own security. PicketLink is the choice and has a ton of quickstarts.

Option 2: Out of the box solution with a User Interface.  Keycloak is the choice.

Building Blocks

Out of the Box with User Interface

 I will start blogging examples soon with the Middleware Products but take a look at the Project pages for more information:

• http://www.picketlink.org
• http://www.keycloak.org

Docker and Red Hat JBoss Data Virtualization

I will be starting a Data Virtualization workshop blog series next week with a financials demo.  Part of the setup and introduction involves using Data Virtualization, mySQL and Postgres.  Instead of going through all the different install/configuration steps in all the different Platforms we decided to us a docker image to get started quickly with running all the products (DV, MySQL, Postgres, JDK).

Today I wanted to go through a quick example of getting the image from the public repository or building it locally.  Then some examples of interacting with Data Virtualization in the image.  I wanted to give a shout out to Cojan van Ballegooijen from the Netherlands for his Docker work.

I. Overview

II. Building the Image

III. Downloading the Image

IV. Interacting with the Products

Overview

Docker -

Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.

Data Virtualization -

JBoss Data Virtualization is complete data provisioning, federation, integration and management solution that enables organizations to gain actionable and unified information.  Red Hat JBoss Data Virtualization enables agile data utilization in 3 easy steps:

• Connect: Access data from multiple, heterogeneous data sources.
• Compose: Easily create reusable, business-friendly logical data models and views by combining and transforming data.
• Consume: Make unified data easily consumable through open standard interfaces.

More info for Docker: https://www.docker.io/learn_more/

More info for Data Virtualization: http://www.jboss.org/products/datavirt.html

Building the Image

Step 1: Clone the DVWorkshop Repository. The dv-docker is the main folder we will be using.
https://github.com/DataVirtualizationByExample/DVWorkshop.git

Step 2: Install Docker to your local machine or Virtual Machine according to your platform.  More detail is on the docker.io site. In my case I installed Docker on my Fedora VirtualBox Virtual Machine.

Step 3: Download the Data Virtualization product from jboss.org/products.

Step 4: Place the jboss-dv-installer-6.0.0.GA-redhat-4.jar in the dv-docker/software folder

Step 5: Start Docker from root if it isn't already running

# systemctrl start docker

Step 6: From your normal login (in my case kpeeples) check permissions of docker

docker info

If you get

2014/05/09 15:06:51 dial unix /var/run/docker.sock: permission denied

then use the following command to fix the permissions

$ sudo chmod a+rw /var/run/docker.sock

Step 7: Run the build, which runs docker build -t jbossdv600 .  NOTE: if you receive an error on mysqld start on RHEL 6 the use the --no-cache option with the docker build.  See http://docs.docker.io/reference/commandline/cli/#build

./build.sh

Step 8:  My output from the build can be seen in this text file - https://drive.google.com/folderview?id=0B5kKwcd4kOq9VUNycWtkQVZJS1U&usp=sharing

Step 9:  Look at the image list

$ docker images

Step 10: Look at the container list

$ docker ps

Step 11: Connect to the image in interactive mode

$ docker run -P -i -t jbossdv600 /bin/bash

Step 12: Start the services (DV, MySQL, Postgres, MongoDB)

 # /home/jboss/run.sh &

Downloading the Image

Note: The tar image has been removed because you must download and accept the licensing agreement for now.  A Red Hat Docker image repository is in process.

Note: I am testing the download of the image so if you have any issues then send me a message.

Note: This is only if you rather download the image instead of build it.

Step 1: Sign up for an account on docker.io

Step 2: Login into docker

$ sudo docker login

Step 3: Pull the Repository

docker pull kpeeples/jbossdv600

Step 4:  Look at the image list

$ docker images

Step 5: Look at the container list

$ docker ps

Step 6: Connect to the image in interactive mode

$ docker run -P -i -t jbossdv600 /bin/bash

Step 7: Start the services (DV, MySQL, Postgres, MongoDB)

 # /home/jboss/run.sh &

Verify Data Virtualization is running

Step 1: Get the ContainerID

docker ps

Step 2: Get the IP Address where MY_CID is the container ID

docker inspect --format '{{ .NetworkSettings.IPAddress }}' MY_CID

Step 3: Browse to Data Virtualization where MY_IP is the IP from above

http://MY_IP:8080/

Step 4: Browse to Data Virtualization Dashboard where MY_IP is the IP from above with user as user and user as password

http://MY_IP:8080/dashboard/

In the Workshop series we will  walk through connecting to the databases externally and internally.

APAC Red Hat Tech Exchange

Come join us at APAC Red Hat Tech Exchange this year June 9-13 in Bangkok, Thailand to achieve Confidence, Connection and Inspiration.  Register at

https://www.ekkko.com/smart/hello/LoadRegPage?EventID=e131cxab&Pg=regpublic_step1

View the agenda and detail at http://apactechexchange.com/

I am exciting to give my sessions which are below:

Wednesday 1100-1300 JBoss Data Virtualization Workshop
Wednesday 1500-1600 Big Data and Data Virtualization
Thursday 1100-1300 Fuse Service Works Workshop
Thursday 1445-1530 Fuse on OpenShift

This year’s Red Hat Tech Exchange will be building on a successful event last year in Bangkok. It will continue to evolve and address market trends and needs, while driving the corporate strategic direction.

In the era of the cloud or *aaS, we need to grow the open source mindshare as well as the solution portfolio that changes the industry. IT has grown more complex through different abstraction layers and requires besides technical skills also architecture, whiteboarding, solution matching.

At this year’s Red Hat Tech Exchange, you will achieve the following:

CONFIDENCE

In positioning, suggesting and implementing solutions or partial solutions. Not only to technical profiles but also business stakeholders.

CONNECTION

Building personal networks with Red Hat Business Units and other Red Hat Associates throughout the region and the world, and a sense of connection to Red Hat.

INSPIRATION

To apply the tools, products and skill that were acquired, in various customer situations.

With the increase in complexity and breadth of the Red Hat portfolio, we need to make our customer's choices more sustainable, open and secure for a better IT future. It begins with education of their trusted advisors – YOU!

Management and security for your enterprise applications: Your questions answered

I wanted to highlight a blog post on the Enterprise Application Platform (EAP) this week.  Christina Wong, Principal Product Marketing Manager, talks about a EAP Webinar lead by John Doyle.

On March 20^th, Red Hat JBoss Enterprise Application Platform product manager, John Doyle lead a webinar that discussed management and security in enterprise applications. Specifically, John dived into some of the management and security enhancements to JBoss EAP 6.2. Including:

• Role-based access control for control of management operations.
• Configuration options for auditing and logging administrative actions.
• Management operations to install patches, roll back patches, and report patch states.
• The Common Criteria Certification and its significance to organizations

Missed it? Watch the webinar by registering here!

We had several great questions from the audience, but ran out of time to answer all of them. I've posted the questions (with minor edits) and our best attempts to answer them here:

What is the functionality difference between different versions of JBoss EAP 6?

You can learn about the new features included with each release by reading each version's Release Notes. This can be found with version-specific JBoss EAP documentation in the Red Hat Customer Portal.


Does 6.2 comply to Java EE 7 specs? If yes, why not call it JBoss EAP 7.0?


Major versions of JBoss EAP (like 5 or 6) remain certified with a specific version of Java EE. Therefore, JBoss EAP 6 is Java EE 6 certified, and JBoss EAP 7 will be Java EE 7 certified.


Do the role-based access control enhancements include the application user security, roles and permissions that a developer would typically design into an application? Do you have examples of application security in JBoss EAP?


The access control enhancements discussed in this webinar was about administrative access to the management interfaces of JBoss EAP. It was not about the application user roles that a developer considers when designing application security. Information about application-level security can be found in JBoss EAP's Security Guide, Section III, Securing Applications.


Are passwords stored as plain text on disk? Could a hacker with root access see passwords?


While a user could have plain text passwords stored in the configuration files on disk, this approach would clearly be a security risk. Typically, best practice dictates use of a password vault and associated keys for each piece of sensitive information. The vault is used to store passwords and other sensitive strings. The key is placed in the configuration file and used to retrieve the information from the vault. Visit the Red Hat Customer Portal and read the Security Guide, Section 3.8, Password Vaults for Sensitive Strings and the Administration and Configuration Guide, Section 10.11, SSL Encryption to learn more.


Where is the audit log location?


The location of the audit log is configurable, but audit logging is pre-configured to output to the file EAP_HOME/standalone/data/audit-log.log. Audit logging must be enabled with the Command Line Interface (CLI) before the audit log is produced. See the Administration and Configuration Guide, Section 3.8, Management Interface Audit Logging to learn more.


Will JBoss Operations Network be able to use these new JBoss roles? Can I define the users in JBoss Operations Network who will have access to the JBoss EAP role? For example: Operator, Monitor, etc... ?


We are looking to link the access control that you can define in JBoss Operations Network with the access control roles defined in JBoss EAP, but that change will arrive in a future version of JBoss Operations Network. We do not synchronize the releases of the products in the portfolio, so new features in the server products typically arrive before they are reflected in JBoss Operations Network.


Should I use the new patching feature for servers in my production environment? I am concerned about the fact that it replaces modules while JBoss EAP is running. Is this feature in technology preview or fully supported?


The new patching feature is a fully supported new feature and therefore, ready for use with your production systems. It is, in fact, the only supported way to patch. Pushing patches without validating them in a test environment is never a recommended practice! So, we expect that you would validate any patches in your test environment before you patch your production systems. The patch system does replace modules in your JBoss EAP server, but in order to apply the fixes staged by the patch command, you will be required to reload the server.


Can I patch JBoss EAP through JBoss Operations Network?


The patch command is a standard CLI command, so JBoss Operations Network can call that command just like any other management command.


Can I patch an JBoss EAP RPM installation via the Red Hat Network?


Yes, this new patching system allows you to use standard yum updates for patching.


Do the management and security features shown also apply for Red Hat JBoss Fuse Service Works?


JBoss Fuse Service Works is currently supported on a base of JBoss EAP 6.1.1. The access control, auditing, and patch capabilities described in our webinar are features of EAP 6.2. Once JBoss Fuse Service Works supports EAP 6.2 these features will be supported and exposed in the same way as shown during our webinar.

Red Hat JBoss Fuse Service Works Workshop - Part 2 Lab Introduction

Our Fuse Service Works workshop continues this week.  The workshop is designed to get you started quickly and easily on a project with Fuse Service Works.  We will go through the concepts and components of Service Component Architecture, Service Lifecycle Management and Business Transaction Monitoring.

Today we will go through an introduction of the labs that are in the series.

The workshop series will be split into five postings and will concentrate on creating the switchyard application, moving the deployment through Service Lifecycle Management from development through production and monitoring the services through the Business Activity Monitoring.   The Home Loan Application will be our application that we will use during the series.  Now onto Part 2 of the Fuse Service Works Workshop.

Overview of the workshop

• Part 1 - Environment Setup 
• http://planet.jboss.org/post/red_hat_jboss_fuse_service_works_workshop_part_1_environment_setup
• Part 2 - Lab Introduction (This week)
• http://planet.jboss.org/post/red_hat_jboss_fuse_service_works_workshop_part_2_lab_introduction
• Part 3 - Lab 1 Switchyard
• Get familiar with the development environment
• Application design and implementation
• Hands on experience with important SwitchYard principles
• Part 4 - Lab 2 Service Lifecycle Management
• Gain experience with service governance workflows in Fuse Service Works
• Become familiar with the Design-Time Governance and S-RAMP consoles
• Manage a service through the dev, qa, stage, and production tasks
• Learn Service Lifecycle Management principles
• Part 5 - Lab 3 Business Activity Monitoring
• Gain experience with Runtime Governance capabilities in Fuse Service Works
• Become familiar with Service Activity Monitoring and reporting
• Become familiar with Policy Enforcement

Lab Keys

During the lab we will use some guides to help move you through the labs.

 First the TODO guide will give you a task list for  you to follow during the lab series.  When you see  one of these make sure to follow the steps in order  to complete the lab with success.

Next is the FYI Guide which will provide you more background on a given step in the lab, a certain configuration, concept or code snippets.  These will help give you more information and detail about what is happening while moving through the labs.

Below is an example of what you will see during the series.  

Gotchas during the lab series

First Gotcha -

You will see errors/warnings when you open up the lab1 project.  FEAR NOT!!!  These errors exist because the project is not complete.  When you follow the lab steps the errors will be resolved and worls domination is within your grasp!

Second Gotcha - 

Browsing for an interface will have a slight lag as the editor searches the maven repository.  This will happen once at the beginning of the lab and you shouldn't see it again the rest of the lab.  When this is done you will be able to search for interfaces by entering text.

Third Gotcha - 

Fourth Gotcha -

When deploying the application to the design-time repository you will see an exception in the server log related to SMTP.  This can be safely ignored as SMTP and a email account are not configured during the lab.

It's GO Time!!

Now on to Lab 1 Switchyard 

for Part 3 of our series

Red Hat JBoss Fuse Service Works Workshop - Part 1 Environment Setup

I am starting a Fuse Service Works Workshop series this week.  The workshop is designed to get you started quickly and easily on a project with Fuse Service Works.  We will go through the concepts and components of Service Component Architecture, Service Lifecycle Management and Business Transaction Monitoring.

Today we will go through an introduction of the series to get you started with the workshop.

The workshop series will be split into five postings and will concentrate on creating the switchyard application, moving the deployment through Service Lifecycle Management from development through production and monitoring the services through the Business Activity Monitoring.   The Home Loan Application will be our application that we will use during the series.  Now onto Part 1 of the Fuse Service Works Workshop.

Overview of the workshop

• Part 1 - Environment Setup
• http://planet.jboss.org/post/red_hat_jboss_fuse_service_works_workshop_part_1_environment_setup
• Part 2 - Introduction
• http://planet.jboss.org/post/red_hat_jboss_fuse_service_works_workshop_part_2_lab_introduction
• Part 3 - Lab 1 Switchyard
• Get familiar with the development environment
• Application design and implementation
• Hands on experience with important SwitchYard principles
• Part 4 - Lab 2 Service Lifecycle Management
• Gain experience with service governance workflows in Fuse Service Works
• Become familiar with the Design-Time Governance and S-RAMP consoles
• Manage a service through the dev, qa, stage, and production tasks
• Learn Service Lifecycle Management principles
• Part 5 - Lab 3 Business Activity Monitoring
• Gain experience with Runtime Governance capabilities in Fuse Service Works
• Become familiar with Service Activity Monitoring and reporting
• Become familiar with Policy Enforcement

Home Loan Application

We will use a the Home Loan application which will be built in Part 2.  Some of the application is already built for you.  The application includes a BPMN2 Process, a Camel Route, a Rules Component, a REST service, a JMS service, SOAP service and multiple unit test.

The code for each blog will be updated on github each week.  We will update each folder as we progress: Guides, which contains the individual guides, Support, which will contain supporting files such as an example standalone.xml and h2 file, Lab 1, which will contain lab 1 for Switchyard, Lab 2 which will contain the Service Lifecycle Management, and Lab 3 which will contain Business Activity Monitoring.  The repository is located at https://github.com/FuseServiceWorksByExample/FSWWorkshop.

The application will be described in more detail in Lab 1.

Environment Setup

Step 1. Download Fuse Service Works (FSW) from http://www.jboss.org/products/fsw.html
Step 2. Install FSW according to the instructions at http://www.jboss.org/products/fsw.html
Step 3. Setup the Database

Launch the H2 db and console via the h2 jar in your FSW install

java -jar modules/system/layers/base/com/h2database/h2/main/h2-1.3.168-redhat-2.jar  

At the login screen for the H2 console, use the following values. $FSW_HOME is where you have installed FSW; be sure to replace this with the actual directory for your installation.

JDBC URL: jdbc:h2:file:$FSW_HOME/jboss-eap-6.1/standalone/data/h2/customer;mvcc=true  
User Name : sa  
Password : sa  

In the console, create a table:

CREATE TABLE CUSTOMER(  
    SSN VARCHAR(11) PRIMARY KEY,  
    FIRSTNAME VARCHAR(50),  
    LASTNAME VARCHAR(50),  
    STREETADDRESS VARCHAR(255),  
    CITY VARCHAR(60),  
    STATE VARCHAR(2),  
    POSTALCODE VARCHAR(60),  
    DOB DATE,  
    CHECKINGBALANCE DECIMAL(14,2),  
    SAVINGSBALANCE DECIMAL(14,2));  

And insert some test data:

INSERT INTO CUSTOMER VALUES   
    ('800559876', 'Joe', 'Deeppockets-existing', '345 Pine Ave', 'Springfield', 'MO', '65810', '1966-07-04', 14000.40, 22000.99);  
INSERT INTO CUSTOMER VALUES   
    ('610761010', 'Sally', 'Shortchange-existing', '456 Larch Lane', 'Springfield', 'MA', '99999', '1966-08-05', 9100.10, 2750.75);  
INSERT INTO CUSTOMER VALUES   
    ('680777098', 'Barbara', 'Borderline-existing', '567 Poplar Pkwy', 'Worcester', 'MA', '01604', '1976-09-06', 300.41, 11.01);  

Add the following datasource definition to standalone-full.xml:

<datasource jndi-name="java:jboss/datasources/CustomerDS" pool-name="CustomerDS" enabled="true" use-java-context="true">  
    <connection-url>jdbc:h2:file:${jboss.server.data.dir}/h2/customer;mvcc=true</connection-url>    
    <driver>h2</driver>  
    <security>  
        <user-name>sa</user-name>  
        <password>sa</password>  
    </security>  
</datasource>  

Step 4. Setup JMS

Add the JMS user

${FSW_HOME}/bin/add-user.sh  
Application User  
Application Realm  
Username : guest  
Password : guestp.1  
Roles : guest  

Start the server:

bin/standalone.sh -c standalone-full.xml  

In a separate terminal window, add a JMS queue:

bin/jboss-cli.sh --connect --command="jms-queue add --queue-address=LoanIntake --entries=LoanIntake"  

Step 5. Download JBoss Developer Studio (JBDS) 7.1 from https://www.jboss.org/products/devstudio.html
Step 6. Install JBDS according to the instructions at https://www.jboss.org/products/devstudio.html
Step 7. Download JBoss Integration Stack (JBIS) 4.1.4 from http://tools.jboss.org/downloads/jbosstools_is/kepler/4.1.4.Final.html
Step 8. Install JBIS according to the instructions at http://tools.jboss.org/downloads/jbosstools_is/kepler/4.1.4.Final.html

Now your environment is ready for the next blog.

Components within JBoss Fuse

With the acqusition of Fusesource, the Fusesource products (ESB and MQ Enterprise) were rolled into the JBoss Middleware portfolio.  JBoss Fuse and A-MQ were then released as version 6 and recently version 6.1.  I am asked about the component versions for the products a good bit so thought I would blog those out.

Component	FuseSource 7.1	JBoss Fuse 6.0	JBoss Fuse 6.1
Apache Camel	2.10.0	2.10.2	2.12.0
Apache ActiveMQ	5.7.0	5.8.0	5.9.0
Apache CXF	2.6.0	2.6.0	2.7.0
Apache Karaf	2.3.0	2.3.0	2.3.0
Fuse Fabric	7.1.0	7.2.0
Fabric8			1.0.0
Spring Framework	3.0.7	3.1.3	3.2.4
Fuse IDE	7.1.60	6.0 with latest updates
JBDS			7.1.1

Download the latest products at jboss.org/products.