Whitepaper continued...

 Introduction: 

This is a continuation of the whitepaper on Host Integration Server introduced here. We elaborated on the four components of the overall design – namely, APIs, Events, Messaging, and Orchestration in our subsequent article. In this final article, we review the Azure Security integration.

Description:

There are five technology areas of integration for the Host Integration Server (HIS), and they are:

1) Network Integration that connects application infrastructure to existing IBM mainframes and midrange system network architectures. This service connects desktops, devices, and servers to existing host systems while reducing costs. For example, the print service provides server-based printer emulation.

2) Data integration component offers direct access to data stored in IBM DB2 management systems. It includes multiple data clients and one data service with support for a variety of data providers such as ADO.Net, OLEDB and ODBC.

3) Application Integration is provided by the Transaction Integrator which allows enterprise developers to call business rules in host mainframe. It comprises of a plugin designer, administration tool and runtime components. 

4) Message Integration is provided by WCF channel for IBM WebSphere MQ which allows enterprise developers to send or receive MQ messages between WCF And heterogeneous or native IBM programs.

5) Security Integration which is provided by Enterprise Single-sign on with AD integration to secure IBM host systems. It maps to their host credentials which are stored in a SQL Server. These mappings can be retrieved at runtime from both ESSO SDK and HIS features.

 When these integration areas are reimplemented on the Azure control pane, we can leverage the Azure iPaaS solution which is a set of cloud services that are essential for mission critical enterprise integration. These services provide four core technologies that are required for cloud-based integration – a way to publish and manage application programming interface, a straightforward way to create and run integration /workflow logic with the help of an orchestration, some messaging that facilitates the loose coupling between applications and a technology that supports communication via events.

There are always other services that can be combined from other cloud technologies but the above four iPaaS offerings namely API management, Logic Apps, Service Bus, and Event Grid are sufficient to perform integration for services such as HIS. There is a one-to-one correlation between the integration areas of Host Integration Server and the iPaas offerings.

The security integration is facilitated by Azure Active Directory (AAD) and Role-Based access control (RBAC). In RBAC, authorization is mapped to roles. A user can take different roles. This effectively handles changes in the organization. Since users are not assigned rights directly but only acquire it with roles, management of individual user rights becomes a matter of assigning appropriate roles to user's accounts. The roles are classified based on the set of stabilized duties and responsibilities in the management. There are three primary rules for RBAC.
Role assignment - A subject can exercise a permission only if the subject has been selected or assigned a role.
Role authorization - A subject's active role must be authorized for the subject. i.e User cannot take any or all roles.
Permission authorization - A subject can exercise a permission only if the permission is authorized for the subject's active role. i.e the user can exercise only those permissions assigned to the role.
Roles can be hierarchical in which a higher-level role assumes all that comes with the lower-level role. An Azure login context can be set to a given subscription which can then be used to find the service principal and the role that needs to be allowed access to the resource. With the help of this principal, an application can be added to its operation service role. The addition of principal to role is done with internal security context and not that of the logged-in principal. This rounds up the security integration.

Conclusion: An enterprise integration solution hosted on Azure must make use of the four components of API management, Logic Apps, Service Bus and Enterprise Grid from iPaaS. This allows the Host Integration Server to be hosted on Azure.