Header Image

CloudConnect

Securely consume SaaS and Cloud Services

Simplify Single Sign-on & Integration from the Enterprise to SaaS

The CloudSpan CloudConnect Gateway allows organizations to securely consume SaaS and cloud-based services by providing not only secure single sign-on, but also secure application integration.

The CloudConnect Gateway acts as an on-premise control point for managing how internal users and application assets are exposed to outside SaaS offerings. By defining integration and security policies in the CloudConnect Gateway, enterprises can implement fine-grained access control over who and what enterprise resources/users can interact with which SaaS applications while managing the API level data and application mapping. As a result, enterprises can govern how they consume SaaS applications while making those resources feel and operate like extended parts of their internal enterprise.
 

CloudConnect - Layer 7 Technologies

 

When deployed in the DMZ, a CloudConnect Gateway allows enterprises to extend IAM investment to the cloud, utilizing existing identity infrastructure to provide authorization and authentication for users as well as applications logging into SaaS/cloud services. Now enterprises can extend business processes out to external SaaS and cloud providers, simplify logon for SaaS users, track SaaS and cloud usage, and centralize IDs for use across the extended enterprise in a single, on-premise directory.

Create Single Sign On for SaaS applications – utilizes existing enterprise directory and LDAP resources to log users and machines into SaaS applications, thereby creating a single point of maintenance for all users/machine ids across the extended enterprise, while eliminating potential security breaches that arise when employees leaving a company are removed from the enterprise IAM system but retain their SaaS login due to oversight.

Secure SaaS application integration – securely integrate enterprise applications and SaaS applications using Web services in order to ensure that internal/SaaS systems are always up to date.

Track SaaS Usage – knowing who in your organization is using SaaS applications how often can help you ensure compliance with industry and government regulations, as well as help optimize SaaS licensing.

Hardware
Chassis 1RU standard rack mount: 1.71 x 16.75 x 27.0 in. (43.43 x 425.5 x 658.8 mm)
Processor Dual Intel Xeon processor 5500 series (quad core = 8 logical cores)
Hardware Acceleration Offload SSL and XML processing operations to optional acceleration card
Cryptography
  • Optional onboard HSM, as well as support for external HSMs (i.e., SafeNet)
  • FIPS  140-2 support in both hardware (Level 3) and software (Level 1)
Ports 4 x Gigabit Network Cards
Memory 8GB RAM (maximum memory of 72GB)
Storage Mirrored, hot-swappable drives
Power Dual redundant, hot-swappable; 760 watts (W)
Performance Able to handle more than 10,000 requests/sec
Software
Operating Systems
  • Solaris 10 for x86 and Niagara
  • SUSE Linux
  • Red Hat Linux 4.0/5.0
Virtual Appliance
Desktop VMware (VMware Ready certified)
Server ESX (VMware Ready certified)
Cloud Amazon EC2 AMI
  • XML
  • SOAP
  • AJAX
  • XPath
  • XSLT
  • WSDL
  • XML Schema
  • LDAP
  • SAML
  • PKCS
  • X.509 Certificates
  • FIPS 140
  • Kerberos
  • W3C XML Signature
  • W3C XML Encryption
  • SSL/TLS
  • SNMP
  • SMTP
  • POP3
  • IMAP4
  • HTTP/HTTPS
  • WCF
  • JMS
  • MQ Series
  • REST
  • Tibco EMS
  • FTP
  • WS-Security
  • WS-Trust
  • WS-Federation
  • WS-Addressing
  • WSSecureConversation
  • WS-MetadataExchange
  • WS-Policy
  • WS-SecurityPolicy
  • WS-PolicyAttachment
  • WS-SecureExchange
  • WSIL
  • WS-I
  • WS-I BSP
  • UDDI
  • WSRR
  • MTOM
  • IPv6

 

Identity and Message Level Security
Identity-based access to services and operations
  • Integration with leading identity, access, SSO and federation systems from Oracle, Sun, Microsoft, CA, IBM Tivoli, Novell
  • Onboard identity store for administering identities and staging new services
Manage security for cross-domain and B2B relationships
  • Credential chaining, credential remapping and support for federated identity
  • Integrated SAML STS issuer featuring comprehensive support for SAML 1.1/2.0 authentication, authorization and attribute based policies
  • Integrated PKI CA for automated deployment and management of client-side certificates, and integrated RA for external CAs
Cryptography
  • Optional onboard HSM, as well as support for external HSMs (i.e., SafeNet Luna)
  • Support for elliptic curve cryptography (conforms to NSA’s Suite B algorithms)
  • FIPS 140-2 support in both hardware (Level 3) and software (Level 1)
Web SSO
  • Support for Web browser STS, facilitating single sign on for users logging into SaaS/cloud applications
XML Threat Protection
Filter XML content for SOA, Web 2.0 and Cloud
  • Configurable validation & filtering of HTTP headers, parameters and form data
  • Detection of classified or “dirty” words or arbitrary signatures with subsequent scrubbing, rejection or redaction of messages
  • Support for XML, SOAP, POX, AJAX, REST and other XML-based services
Prevent XML attack and intrusion
  • Protect against XML parsing; XDoS and OS attacks; SQL and malicious scripting language injection attacks; external entity attacks
  • Protection against XML content tampering and viruses in SOAP attachments
Logging & Reporting
Services Reporting
  • Configurable, out-of-the-box reports provide insight into SSG operations, service-level performance, and user experience
Customer Mapping
  • Report on service performance, policy violations and SLA conformance based on specific customers, composites (i.e., processes and transactions using a service) or clients to build a profile of actual enterprise/cloud user experience
Audit and Logging
  • Log message-level transaction information
  • Spool log data to off-board data stores and management systems