Header Image

Mobile Access Gateway

Mobile Security & Management for the Enterprise

 

Enterprises are facing a growing range of opportunities and challenges related to the ubiquity of smartphones and tablets. Increasingly, enterprises are finding that, to maximize competitiveness and efficiency, they need to support BYOD, workforce mobility and customer preferences by opening backend data and application functionality to mobile devices.

Layer 7’s Mobile Access Gateway simplifies the process of adapting internal data, application and security infrastructure for mobile use. The Mobile Access Gateway provides a centralized way to control security and management policies for information assets exposed, via APIs, to mobile developers and apps. 

 

Adapt, Optimize & Integrate with Ease

 

The Mobile Access Gateway is lightweight, low-latency mobile middleware with integrated security and management controls designed to help enterprises safely and reliably expose internal assets to developers and remote apps, as mobile APIs. The Gateway solves critical, mobile-specific challenges around:

  • Identity
  • Security
  • Adaptation
  • Optimization 
  • Integration
 

Secure Backend Systems & Ensure Seamless Access for Authorized Users

 

The Gateway comes with a Mobile SDK for enterprise app developers, which enables:

  • Secure consumption of backend APIs through configuration of mutual SSL between the Gateway and the mobile device
  • Single Sign-On (SSO) to mobile apps via enterprise IAM systems or social login, to maintain a seamless end user experience

The Mobile SDK implements key standards like OAuth, OpenID Connect and PKI and leverages the underlying security in mobile operating systems, making it simple for developers to add SSO to their apps. The SDK offers client-side libraries for iOS 6 and Android 4, plus sample code and documentation.

 

Relevant Resources

Layer 7 Mobile Access Gateway
data sheet

Read the Data Sheet >>

5 Essentials for BYOD & Mobile Enablement eBook

Read the eBook  >>

 
Secure Mobile Access for Enterprise Employees white paper

Read the white paper  >>

Mobile Security That Helps Enable the Business eBook

Read the eBook  >>

Faster App Development

 
  • Adapt backend services into mobile-ready APIs while externalizing to developer communities

 

End-to-End Security

 
  • Protect mobile apps through transmission to the backend

 

Convenient Access

 
  • Authenticate once and gain access to multiple apps with Single Sign-On (SSO) and social login

 

Backend Protection

 

  • Apply granular, risk-based user, app and device polices with API threat protection
 

Optimized Performance

 
  • Maximize performance and scale with app caching, cloud integration and notification services
 

Hardware

 

 Chassis

 1U standard rack mount

 Processor

 Dual Intel Xeon E5-2640 2.5GHz CPU

 Cryptography

 - Optional onboard HSM and support for external HSMs

 - FIPS 140-2 support in both hardware and software

 Ports

 4 x Gigabit Network Cards

 Memory

 32GB RAM

 Storage

 Mirrored, hot-swappable 300GB drives

 Power

 Dual redundant, hot-swappable; 600 watts

 Performance

 Able to handle more than 10,000 requests per second

 

Software

 

 Operating Systems

 - Solaris 10

 - SUSE Linux

 - Red Hat Linux 5.0

 

Virtual Appliance

 

 Server

 ESX (VMware Ready certified)

The Mobile Access Gateway supports:

  • REST
  • JSON
  • XML
  • OAuth 1.0a and 2.0
  • OpenID Connect
  • JSON Web Token (JWT)
  • XMPP
  • WebSocket
  • Apple Push Notification Service
  • Android C2MD Framework
  • OData
  • PCI-DSS
  • AJAX
  • LDAP
  • SAML
  • JDBC
  • PKCS
  • X.509 Certificates
  • FIPS 140-2
  • Kerberos
  • SSL/TLS
  • SNMP
  • SMTP
  • POP3
  • IMAP4
  • HTTP/HTTPS
  • JMS
  • MQ Series
  • Tibco EMS
  • FTP/FTPS
  • IPv6

 

Identity

Mobile SDK
  • Client-side libraries, code examples and documentation help developers simplify implementation of SSO
  • Ability to leverage device OS security to create a secure SSO container
  • Standards-based security flows based on OAuth 2.0, OpenID Connect and PKI
  • Single API call to leverage cryptographic security (mutual SSL)
  • Secure transfer, storage and pinning of certificates, adding additional trust to authentication
  • PKI provisioning
  • Geolocation access control applies GPS, geolocation aggregators and carrier coordinates to context variables
  • Mobile social login enables users to gain access to mobile apps through social credentials from Facebook, LinkedIn, Salesforce, Google etc.
Access Control
  • Support for OAuth, OpenID Connect, SAML, X.509 certificates, LDAP etc.
  • Support for HTTP basic, digest, SSL client-side certificate authorization etc.
Identity Integration
  • Integration with enterprise identity, access, SSO and federation systems including CA SiteMinder and SOA Security Manager, LDAP, Microsoft Active Directory/Federated Services, Oracle Access Manager, IBM Tivoli (TAM and TFIM), RSA ClearTrust, Sun Java Access Manager and Novell Access Manager
  • Mapping between Web Access Tokens and mobile token exchange mechanisms
  • SAML-to-OAuth enablement

Mobile Application Data Security

Threat Protection
  • Validate HTTP parameters, REST query/POST parameters, JSON data structures, XML schemas etc.
  • Protect against cross-site scripting (XSS), SQL injection and DoS attacks
  • Track failed authentications and/or policy violations to identify patterns and potential threats
Data Streaming Proxy
  • Proxy mobile streaming protocols like WebSockets and XMPP
Privacy & Digital Certificates
  • Onboard PKI and certificate management with optional hardware security module (HSM)
  • Fast elliptic curve cryptography (conforms to NSA's Suite B algorithms)
  • FIPS 140-2 support in both hardware and software

Adaptation & Orchestration

API Orchestration
  • Compose and orchestrate REST and OData APIs from any legacy backend API
SLA Controls
  • Control API usage: throttle to ensure backend services are not overwhelmed; limit by user, time of day, location etc.; quota manage (e.g. number of uses/user per day)
JSON Conversion
  • Map enterprise data sources to JSON (e.g. EDI standard formats, flat files, Oracle, IBM DB2, Microsoft SQL Server)

Optimization

Compression
  • JSON conversion and dynamic message compression
Message Caching
  • Cache responses to common API requests, decreasing backend service load
  • Pre-fetch hypermedia API content
Request Aggregation
  • Aggregate responses to mobile devices to save on-device processing and latency

Integration

Cloud Services SSO
  • Enable and manage SSO from enterprise identities to cloud services, such as Salesforce
Social Networks
  • Proxy and manage mobile application access to social networks and services including Facebook, Twitter, LinkedIn and many more
  • Detect and filter for sensitive or confidential content with subsequent scrubbing, rejection or redaction of messages
Notification Services
  • Send messages across multiple mobile platforms (iOS, Android, Windows Mobile)
Databases
  • Connect to, query and retrieve results from a wide variety of external databases including MySQL, IBM DB2, Microsoft SQL Server and Oracle Database, via a range of methods, including JDBC