Header Image

Mobile Access Gateway

Mobile Security & Management for the Enterprise

 

Layer 7’s Mobile Access Gateway simplifies the process of adapting internal data, application and security infrastructure for mobile use. The Mobile Access Gateway provides a centralized way to control security and management policies for information assets exposed, via APIs, to mobile developers and apps.

 

Secure, Adapt, Optimize & Integrate with Ease

 

The Mobile Access Gateway is lightweight, low-latency mobile middleware with integrated security and management controls designed to help enterprises safely and reliably expose internal assets to developers and remote apps, as mobile APIs. The Gateway solves critical, mobile-specific challenges around:

  • Identity
  • Security
  • Adaptation
  • Optimization
  • Integration
 

Relevant Resources
451 Research: Layer 7 Targets
Enterprises with Mobile API Gateway

Read the report  >>
Enterprise on the Go: 5 Essentials for BYOD & Mobile Enablement eBook

Read the eBook  >>
 
Secure Mobile Access for Enterprise Employees white paper

Read the white paper  >>
Layer 7 for Mobile Access
solution brief

Read the solution brief  >>

Identity: Extend Enterprise Identity to Mobile

 
  • Map Web SSO and SAML to mobile-friendly OAuth, OpenID Connect and JSON Web Tokens
  • Create granular access policies at the user, app and device levels
  • Build composite access policies combining geolocation, message content etc.
  • Simplify PKI-based certificate delivery and provisioning
 

Security: Firewall Mobile Applications

 
  • Protect REST, SOAP and OData APIs against DoS and API attacks
  • Proxy API streaming protocols like HTML5 WebSockets and XMPP messaging
  • Enforce FIPS 140-2 grade data privacy and integrity
  • Validate data exchanges, including all JSON, XML, header and parameter content
 

Adaptation: Translate & Orchestrate Data & APIs

 
  • Surface any legacy application or database as REST APIs
  • Quickly map between data formats such as XML and JSON
  • Recompose and virtualize APIs to specific mobile identities, apps and devices
  • Orchestrate API mashups with configurable workflow 
 

Optimization: Handle Scale

 
  • Cache calls to backend applications
  • Recompose small backend calls into efficiently aggregated mobile requests
  • Compress traffic to minimize bandwidth costs and improve user experience
  • Pre-fetch content for hypermedia-based API calls
 

Integration: Centralize Cloud Connectivity

 
  • Proxy and manage app interactions with social networks
  • Broker call-outs to cloud services like Salesforce.com
  • Bridge connectivity to iPhone, Windows and Android notification services
  • Integrate with legacy applications using ESB capabilities

Hardware Appliance

 
  • Available as a 1RU standard rack mount with Dual Six-Core Intel Xeon L5640 2.26 GHz CPU and 12 GB of RAM (maximum memory of 72GB)
  • Available for the following operating systems: Solaris 10 for x86 and Niagara; SUSE Linux; Red Hat Linux 4.0/5.0
 

Virtual Appliance

 
  • Available as 32- and 64-bit VMware/ESX-based appliances (VMware Ready certified)
  • Packaged with the virtual disk converted and ready for use on VMware/ESX
  • Supports VMware Server and VMware Infrastructure

The Mobile Access Gateway supports:

  • REST
  • JSON
  • XML
  • OAuth 1.0a and 2.0
  • OpenID Connect
  • JSON Web Token (JWT)
  • XMPP
  • WebSocket
  • Apple Push Notification Service
  • Android C2MD Framework
  • OData
  • PCI-DSS
  • AJAX
  • LDAP
  • SAML
  • JDBC
  • PKCS
  • X.509 Certificates
  • FIPS 140-2
  • Kerberos
  • SSL/TLS
  • SNMP
  • SMTP
  • POP3
  • IMAP4
  • HTTP/HTTPS
  • JMS
  • MQ Series
  • Tibco EMS
  • FTP/FTPS
  • IPv6

 

Identity
Access Control
  • Support for OAuth, OpenID Connect, SAML, X.509 certificates, LDAP etc.
  • Support for HTTP basic, digest, SSL client-side certificate authorization etc.
Identity Integration
  • Integration with enterprise identity, access, SSO and federation systems including LDAP, Microsoft Active Directory/Federated Services, Oracle Access Manager, IBM Tivoli (TAM and TFIM), CA SiteMinder and SOA Security Manager, RSA ClearTrust, Sun Java Access Manager and Novell Access Manager
  • Mapping between Web Access Tokens and mobile token exchange mechanisms
  • SAML to OAuth enablement

Mobile Application Firewalling & Data Security
Threat Protection
  • Validate HTTP parameters, REST query/POST parameters, JSON data structures, XML schemas etc.
  • Protect against cross-site scripting (XSS), SQL injection and DoS attacks
  • Track failed authentications and/or policy violations to identify patterns and potential threats
Data Streaming Proxy
  • Proxy mobile streaming protocols like WebSockets and XMPP
Privacy & Digital Certificates
  • On-board PKI and cert management with optional HSM
  • Fast elliptic curve cryptography (conforms to NSA's Suite B algorithms)
  • FIPS 140-2 support in both hardware and software

Adaptation & Orchestration
API Orchestration
  • Compose and orchestrate REST and OData APIs from any legacy backend API
SLA Controls
  • Control API usage: throttle to ensure backend services are not overwhelmed; limit by user, time of day, location etc.; quota manage (e.g. number of uses/user per day)
JSON Conversion
  • Map enterprise data sources to JSON (e.g. EDI standard formats, flat files, Oracle, IBM DB2, Microsoft SQL Server)

Optimization
Compression
  • Dynamic message compression
  • JSON conversion
Message Caching
  • Cache responses to common API requests, decreasing backend service load
  • Pre-fetch hypermedia API content
Request Aggregation
  • Aggregate responses to mobile devices to save on-device processing and latency

Integration
Cloud Services SSO
  • Enable and manage Single Sign-On (SSO) from enterprise identities to cloud services, such as Salesforce.com
 
Social Networks
  • Proxy and manage mobile application access to social networks and services including Facebook, Twitter, LinkedIn and many more
  • Detect and filter for sensitive or confidential content with subsequent scrubbing, rejection or redaction of messages
Notification Services
  • Send messages across multiple mobile platforms (iOS, Android, Windows Mobile)
Databases
  • Connect to, query and retrieve results from a wide variety of external databases including MySQL, IBM DB2, Microsoft SQL Server and Oracle Database, via a range of methods, including JDBC