Header Image

SOA Gateway for Amazon

Securely Integrate Your Enterprise and Amazon EC2-based Applications

Integrate Amazon Web Services Hosted Applications with the Enterprise

The SecureSpan family of XML Gateways has a proven track record of providing government agencies and Fortune 500 companies with enterprise-based, state-of-the-art, Web services security and governance. The Layer 7 SecureSpan Gateway AMI (Layer 7 AMI) makes this same technology available for Amazon Web Services, ensuring EC2-based applications can securely integrate with enterprise applications.

The Layer 7 AMI acts as a virtual Policy Enforcement Point (vPEP) for controlling how applications delivered as programmatic Web services get accessed and consumed. Using the Layer 7 AMI, application-level policies are enforced on a service and operation level, allowing organizations to implement fine-grained access control, data security and availability policies without code. As a result, organizations can make their Amazon EC2 applications look, feel and operate like extended parts of their secure enterprise.

Gateway AMI - Layer 7 Technologies

 

WEBINAR: How to Secure & Govern Integrations Between the Enterprise & the Cloud featuring Best Buy & Amazon Web Services

 

DEMO: Identity Federation to Amazon Web Services

Secure integration channels at the Web services application layer
  • Traditional VPNs and Amazon's Virtual Private Cloud (VPC) only secure communications at level 3/level 4 of the network stack
Leverage local authentication/authorization/single sign-on capabilities
  • Re-use existing, secure, enterprise-based IAM infrastructure rather than creating identity silos in the cloud
Monitor network, service provider and service availability over time
  • Amazon provides “snapshot” monitoring that indicates general AWS system availability – there is no tracking over time, and no way to tell whether your specific services are available
Log, track and audit all Web services-based interactions between enterprise and Amazon EC2 applications
  • EC2 is focused on providing a simple, manageable SSH session, which provides logging at the VM layer only
Ensure data-level validation for information exchanged between enterprise and Amazon EC2 applications
  • EC2 currently provides no equivalent offering
SecureSpan XML Gateway Amazon Machine Image

 

AMI ID

 ami-69b15e00
AMI Manifest /layer7technology/v52v1_32bit/image.manifest.xml
License Public
Operating System Linux/Unix
Europe AMI ID ami-1799b263

 

  • XML
  • SOAP
  • AJAX
  • XPath
  • XSLT
  • WSDL
  • XML Schema
  • LDAP
  • SAML
  • PKCS
  • X.509 Certificates
  • FIPS 140
  • Kerberos
  • W3C XML Signature
  • W3C XML Encryption
  • SSL/TLS
  • SNMP
  • SMTP
  • POP3
  • IMAP4
  • HTTP/HTTPS
  • IPv6
  • WCF
  • PCI-DSS
  • JSON
  • JMS
  • MQ Series
  • REST
  • Tibco EMS
  • FTP
  • OAuth
  • WS-Security
  • WS-Trust
  • WS-Federation
  • WS-Addressing
  • WSSecureConversation
  • WS-MetadataExchange
  • WS-Policy
  • WS-SecurityPolicy
  • WS-PolicyAttachment
  • WS-SecureExchange
  • WSIL
  • WS-I
  • WS-I BSP
  • UDDI
  • WSRR
  • XACML
  • MTOM

 

SOA Policy Lifecycle Management>
WS-Policy-based graphical policy editor & composer
  • Compose inheritable policy statements from 70+ pre-made policy assertions
  • Branch policy execution based on logical conditions, message content, externally retrieved data or transaction specific environment variables
  • Publish policies to popular registries for lifecycle management
  • Service & operation level policies with inheritance for simplified administration
  • Policy lifecycle and migration management across development, test, staging and production, as well as geographically distributed data centers
  • API-level access to administration
  • SDK-level policy creation for simplified policy customization
On-the-fly policy changes
  • Polices can be updated live across clusters with no downtime required
Global policy migration
  • Streamline policy migration across development, test, staging, and production environments, as well as mirror sites using the Enterprise Service Manager
Create custom policies
  • Policy SDK allows for custom policy assertion creation using Java
API Management
API Publication
  • Secure, manage, monitor and control access to APIs exposed to third parties
  • API usage can be throttled to ensure backend services are not overwhelmed; limited by user, time of day, location, etc; and quota managed (i.e., # of uses per user per day)
API Metrics and Reporting
  • Configurable, out-of-the-box reports provide insight into API performance: measure throughput, routing failures, utilization and availability rates, etc
  • Failed authentications and/or policy violations can be tracked to identify patterns and potential threats
API Security
  • Support for all major WS* and WS-I security protocols
  • Support for all major authentication and authorization standards, including SAML, Kerberos, digital signatures, X.509 certificates, LDAP, XACML, etc
Enterprise-scale Management
Operations Console
  • A single, real time view of all Gateways across the enterprise and cloud showing audits, events and key metrics
Policy Migration
  • Centrally move policies between environments (development, testing, staging, production, etc), settings (enterprise, cloud, etc) or geographies, automatically resolving discrepancies such as SSG licenses, IP addresses, IT resources (i.e., LDAPs may be named differently), etc
Services Reporting
  • Configurable, out-of-the-box reports provide insight into SSG operations, service-level performance, and service user experience
Remote Patching
  • Selectively update any software installed on Gateways, including system files and operating system
Disaster Recovery
  • Centrally back up SSG config files and policies from one or more Gateways/clusters, and remotely restore, enabling full disaster recovery
Management API
  • Remote management APIs allow customers to hook their existing, third-party management tools into the SSG, simplifying asset management
XML Gateway Form Factors
Hardware
  • Active-active clusterable, dual power supply, mirrored hot-swappable drives, multi-core, 64-bit 1U server
Software
  • Solaris 10 for x86 and Niagara, SUSE Linux, Red Hat Linux 4.0/5.0
Virtual Appliance
  • VMware/ESX (VMware Ready certified)
  • Cloud – Amazon EC2 AMI
Supported Standards
XML 1.0, SOAP 1.2, REST, AJAX, XPath 1.0, XSLT 1.0, WSDL 1.1, XML Schema, LDAP 3.0, SAML 1.1/2.0, PKCS #10, X.509 v3 Certificates, FIPS 140-2, Kerberos, W3C XML Signature 1.0, W3C XML Encryption 1.0, SSL/TLS 3.0/1.1, SNMP, SMTP, POP3, IMAP4, HTTP/HTTPS, JMS 1.0, MQ Series, Tibco EMS, FTP, WS-Security 1.1, WS-Trust 1.0, WS-Federation, WS-Addressing, WSSecureConversation, WS-MetadataExchange, WS-Policy, WS-SecurityPolicy, WS-PolicyAttachment, WS-SecureExchange, WSIL, WS-I, WS-I BSP, UDDI 3.0, XACML 2.0, MTOM