Luxury industry: headquarter-subsidiaries secured exchanges solution

Our client is a worldwide leader in the luxury industry.

This industrial client shares strictly confidential commercial and production information with 20+ subsidiaries all around the world.
Each day, head office exchanged unstructured information with subsidiaries mainly by email and this information was imported into local ERPs.
This manual process missed data and generated mistakes resulting in non-coherent business information inside the group.
The customer launched a project to structure and standardise information exchange between entities.

Challenges

Manage the integration of a heterogeneous application landscape.
Standardise the technical and business information across 20+ subsidiaries.
Share a large volume of information with high performance.
Comply with stringent security expectations.

Our solution
Application & Cloud Integration

This project began by analysing business information exchanges to identify a common information structure foundation for head office and all subsidiaries: the canonical data model. This provides an additional level of indirection between individual application data formats. If a new application is added to the integration solution only a transformation between the canonical data model needs to be created, retaining independence from other applications that already participate.

For this approach we used two main products: Oracle Service Bus (OSB) and Axway API Gateway (APIG). OSB was located in the head office to manage message transformation and internal application connectivity. A main instance of APIG was deployed in the head office to secure communication with subsidiaries over the Internet. Finally, lighter APIG instances were deployed at each subsidiary to manage local security and connectivity.

We used the OSB data requesting tool XQuery to transform an application’s message format to and from the canonical model, while Web Services (which are easy to configure) managed the technical communication with applications.
Axway API Gateway was responsible for transporting and securing exchanges and was configured in three layers. The external layer was a facade to secure all exchanges with encryption and authentication. A utility layer used a WebDAV framework to transport information to shared directories. The internal layer was a SOAP module for processing messages with OSB. Main APIG benefits were its out-of-the-box features to provide high availability, native connection to heterogeneous backends, message transformation and ability to manage complex security.

Benefits

STANDARDISED SUBSIDIARY COMMUNICATION

We standardised the subsidiaries' information communication using a common business language within a unique technical solution. We used each product's main strengths: Oracle Service Bus to transform and route business messages, and API Gateway to provide a secure solution to transport messages.

LIMITED MAINTENANCE COST

Each API Gateway was installed as an appliance. We were then able to clone a pre-configured virtual image and efficiently distribute each instance to all subsidiaries. The client gained a turnkey solution ready to use and easy to maintain.

ROBUST SOLUTION

We implemented error handling, error recovery and activity monitoring to provide real-time diagnostic issues. We configured API Gateway in cluster mode to provide load-balancing and high availability. We also improved connectivity testing to increase final product quality.

EASY ROLLOUT

With the subsidiaries, we industrialised deployment in two main steps. The first step was automatic deployment of integration flows in the main instance with Xebia XL Deploy. The second step was automatic deployment from the main instance to all remote subsidiaries through a dedicated administration tool.

HIGHLY SECURED SOLUTION

The solution provided a layer to guarantee sender and receiver identities, integrity and confidentiality of all exchanges. We secured communication with one-way and two-ways SSL/TLS with X509 certificates provided by the company's PKI. Moreover, to protect subsidiary information sharing, we used a unique SSL certificate to identify each entity.

Partners