Header Image

SOA Gateway

Policy Based Service Mediation and Message Routing

Policy-Based SOA Security, Management & Integration Mediation

Attempting to control, monitor and adapt SOA-based application services by imposing general IT rules can only get you so far. As applications delivered as programmatic services proliferate driven by SOA, API and cloud-based integrations, implementing policies that control, track and mediate how services interact is only way to ensure consistent security, adherence to corporate business rules, and compliance with regulatory requirements.

The SecureSpan SOA Gateway combines data translation, routing, transport switching and service composition with runtime security, federation and SLA policy enforcement, delivering an effective governance and lightweight Enterprise Service Bus (ESB) model for distributed SOAs. By implementing the SecureSpan SOA Gateway as a central mediation and Policy Enforcement Point (PEP) between applications exposed as programmatic services and their consumers in the enterprise, cloud or mobile platform, organizations can simplify security, management and integration for their SOA.

 

XML Networking Gateway - Layer 7 Technologies

 

The SecureSpan SOA Gateway offers all the security features of the SecureSpan XML Firewall and API Proxy plus the following ESB like features for simplified mediation and integration:

  • Data mapping from legacy, B2B and industry specific formats including EDI, COBOL Copybook, HL7, and more
  • Message Oriented Middleware support including native IBM MQ Series, Tibco EMS, JMS
  • Raw Sockets support for legacy applications
  • Policy based service composition and orchestration
  • SDK for extending the Gateway with custom controls, transport protocols and data types

The SecureSpan SOA Gateway is available as hardware accelerated appliance, software, virtual appliance and cloud gateway for Amazon EC2, VMware vCloud, CA 3Tera and Citrix C3. It can be paired with Layer 7’s Custom Policy Assertion SDK to extend its message processing and policy capabilities. Security, SLA and integration policy for the SOA Gateway is defined inside the SecureSpan Policy Manager. Deployments of the SOA Gateway that span multiple geographic datacenters, DR sites, development and test environments can also be managed centrally through the integrated SecureSpan Enterprise Service Manager.

The SecureSpan SOA Gateway is FIPS compliant in both hardware and software, and has been audited for PCI DSS compliance. It has passed rigourous DoD STIG vulnerability testing, can be configured with an onboard  or external Hardware Security Module (HSM), supports the latest in encryption standards including Elliptic Curve Cryptography and is available in a Common Criteria EAL 4+ version. Like all SecureSpan XML Gateways, the SecureSpan SOA Gateway is automatically clustered for simplified cluster management and high availability performance.

 

Notable News

ESB-like Web Service Mediation - lightweight, easy to scale message routing, caching and service mediation.

A Turnkey Governance Solution – Centrally enforce policies that ensure security, compliance, reliability, and quality of service for all application services no matter where they reside – in the enterprise or in the cloud.

Extensible Policies – The SecureSpan Custom Assertion SDK allows Java programmers to create new policy assertions to address unique requirements.

Centralized SLA Enforcement – Throttling/rate limiting controls provide the ability to support service over-subscription with per-service throttling of excess messages

Fine Grained Access Control – Featuring support for SAML authentication, authorization and attribute based policies, as well as XACML, organizations can leverage the SOA Gateway to enforce fine-grained entitlement decisions.

Security Standards Compliance – Layer 7 has long been a leader in drafting and implementing leading OASIS WS*, WS-I WS Basic Security Profile and W3C WS-Policy standards including WS-Security, WS-SecureConversation, WS-Trust, WS-Federation, WS-Policy to name some. Implementing the various standards outside code in the SecureSpan XML Firewall helps insure architects consistent implementation of the standards and protection from standards versioning issues.

API Virtualization and Management – Layer 7's SecureSpan XML Firewall can be deployed as a proxy to both POX, WSDL and REST based service interfaces. Using the native SecureSpan policy language, architects can create virtual service views specific to client identities, secure versions of specific application interfaces and they can manage versions of APIs across the development lifecycle without breaking client appplications.

Security Certification – Layer 7's SecureSpan XML is the first XML Gateway to support FIPS compliance in both hardware and software, provide support for the latest encryption cyphers including Elliptic Curve, meet DoD STIG vulnerability standards, provide versions that satisfy EAL 4+ common criteria and offer the latest in onboard or offboard hardware key store.

XACML Support – The SecureSpan XML Firewall can be implemented as both an XACML Policy Decision Point and Policy Enforcement Point for existing XACML Decision Points.

VMware Ready – The SecureSpan XML Firewall is the only XML Firewall certified by VMware for their hypervisor and cloud platforms. 

 

 

Hardware
Chassis 1RU standard rack mount: 1.71 x 16.75 x 27.0 in. (43.43 x 425.5 x 658.8 mm)
Processor Dual Six-Core Intel Xeon L5640 2.26 GHz CPU
Hardware Acceleration Offload XML processing operations to optional acceleration card
Cryptography
  • Optional onboard HSM and support for external HSMs (i.e., nCipher, Luna, etc)
  • FIPS 140-2 support in both hardware (Level 3) and software (Level 1)
Ports 4 x Gigabit Network Cards
Memory 12GB RAM (maximum memory of 72GB)
Storage Mirrored, hot-swappable 146GB RAID 1 SAS HDD
Power Dual redundant, hot-swappable; 760 watts (W)
Performance Able to handle more than 10,000 requests/sec
Software
Operating Systems
  • Solaris 10 for x86 and Niagara
  • SUSE Linux
  • Red Hat Linux 4.0/5.0
Virtual Appliance
Desktop VMware (VMware Ready certified)
Server ESX (VMware Ready certified)
Cloud Amazon EC2 AMI
  • XML
  • SOAP
  • AJAX
  • XPath
  • XSLT
  • WSDL
  • XML Schema
  • LDAP
  • SAML
  • PKCS
  • X.509 Certificates
  • FIPS 140
  • Kerberos
  • W3C XML Signature
  • W3C XML Encryption
  • SSL/TLS
  • SNMP
  • SMTP
  • POP3
  • IMAP4
  • HTTP/HTTPS
  • WCF
  • IPv6
  • PCI-DSS
  • JSON
  • JMS
  • MQ Series
  • REST
  • Tibco EMS
  • FTP
  • OAuth
  • WS-Security
  • WS-Trust
  • WS-Federation
  • WS-Addressing
  • WSSecureConversation
  • WS-MetadataExchange
  • WS-Policy
  • WS-SecurityPolicy
  • WS-PolicyAttachment
  • WS-SecureExchange
  • WSIL
  • WS-I
  • WS-I BSP
  • UDDI
  • WSRR
  • XACML
  • MTOM

 

SOA Policy Lifecycle Management
WS-Policy-based graphical policy editor & composer
  • Compose inheritable policy statements from 70+ pre-made policy assertions
  • Branch policy execution based on logical conditions, message content, externally retrieved data or transaction specific environment variables
  • Publish policies to popular registries for lifecycle management
  • Service & operation level policies with inheritance for simplified administration
  • Policy lifecycle and migration management across development, test, staging and production, as well as geographically distributed data centers
  • API-level access to administration
  • SDK-level policy creation for simplified policy customization
On-the-fly policy changes
  • Polices can be updated live across clusters with no downtime required
Global policy migration
  • Streamline policy migration across development, test, staging, and production environments, as well as mirror sites using the Enterprise Service Manager
Create custom policies
  • Policy SDK allows for custom policy assertion creation using Java
API Management
API Publication
  • Secure, manage, monitor and control access to APIs exposed to third parties
  • API usage can be throttled to ensure backend services are not overwhelmed; limited by user, time of day, location, etc; and quota managed (i.e., # of uses per user per day)
API Metrics and Reporting
  • Configurable, out-of-the-box reports provide insight into API performance: measure throughput, routing failures, utilization and availability rates, etc
  • Failed authentications and/or policy violations can be tracked to identify patterns and potential threats
API Security
  • Support for all major WS* and WS-I security protocols
  • Support for all major authentication and authorization standards, including SAML, Kerberos, digital signatures, X.509 certificates, LDAP, XACML, etc
Enterprise-scale Management
Operations Console
  • A single, real time view of all Gateways across the enterprise and cloud showing audits, events and key metrics
Policy Migration
  • Centrally move policies between environments (development, testing, staging, production, etc), settings (enterprise, cloud, etc) or geographies, automatically resolving discrepancies such as SSG licenses, IP addresses, IT resources (i.e., LDAPs may be named differently), etc
Services Reporting
  • Configurable, out-of-the-box reports provide insight into SSG operations, service-level performance, and service user experience
Remote Patching
  • Selectively update any software installed on Gateways, including system files and operating system
Disaster Recovery
  • Centrally back up SSG config files and policies from one or more Gateways/clusters, and remotely restore, enabling full disaster recovery
Management API
  • Remote management APIs allow customers to hook their existing, third-party management tools into the SSG, simplifying asset management
XML Gateway Form Factors
Hardware
  • Active-active clusterable, dual power supply, mirrored hot-swappable drives, multi-core, 64-bit 1U server
Software
  • Solaris 10 for x86 and Niagara, SUSE Linux, Red Hat Linux 4.0/5.0
Virtual Appliance
  • VMware/ESX (VMware Ready certified)
  • Cloud – Amazon EC2 AMI