Upload
layer7tech
View
63
Download
0
Embed Size (px)
DESCRIPTION
Adopt “application networking” functionality to complete critical SOA tasks without programmingXML gateways manage message-level security, SLAs and performance for SOA. In contrast to conventional networking devices, XML gateways specialize in the application-level protocols rendered within XML or Web services messages.
Citation preview
W h i t e P a p e r
The Role of XML Gateways in SOAOptimizing Performance, Security and Policy Operations
L a y e r 7 T e c h n o l o g i e s
W h i t e P a p e r
The Role of XML Gateways in SOA Optimizing Performance, Security and Policy Operations
L a y e r 7 T e c h n o l o g i e s
W h i t e P a p e r
The Role of XML Gateways in SOA
Copyright © 2011 Layer 7 Technologies Inc. All rights reserved.
trademarks of Layer 7 Technologies Inc.
Contents
SOA and the XML Gateway ................................
Centralized Enforcement of Message Level Security
Policy Governance ................................
SLA Enforcement ................................
Protocol Switching and Reliable Messaging
Data Translation ................................
Service Virtualization ................................
Acceleration of XML Processing ................................
Deployment Patterns for XML Gateways
DMZ: Hardened Appliances ................................
Data Center: High Performance, Easily Manageable Blades
Application Server: Software-based Solution
Conclusions ................................................................
About Layer 7 Technologies ................................
Contact Layer 7 Technologies ................................
Legal Information ................................
ogies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
Technologies Inc. All other trademarks and copyrights are the property of their respective
................................................................................................
Centralized Enforcement of Message Level Security ................................................................
................................................................................................................................
................................................................................................................................
Protocol Switching and Reliable Messaging ................................................................................................
................................................................................................................................
................................................................................................................................
................................................................................................
Patterns for XML Gateways ................................................................................................
................................................................................................
Data Center: High Performance, Easily Manageable Blades ................................................................
based Solution ................................................................
................................................................................................
................................................................................................
................................................................................................
................................................................................................................................
SecureSpan and the Layer 7 Technologies design mark are
All other trademarks and copyrights are the property of their respective owners. 2
........................................................... 3
................................................ 3
.................................... 3
....................................... 4
................................. 4
........................................ 4
................................ 4
................................................ 5
..................................... 5
...................................................... 5
.................................... 6
........................................................... 6
................................................... 6
.......................................................... 7
....................................................... 7
.......................................... 7
The Role of XML Gateways in SOA
Copyright © 2011 Layer 7 Technologies Inc. All rights reserved.
trademarks of Layer 7 Technologies Inc.
SOA and the XML GatewayAn XML gateway is a new class of networking device that manages message level security, Ser
Agreements (SLAs) and performance in a Service
networking device, which operates on message streams based on network
as TCP or UDP ports, or simple byte patterns in message content), an XML gateway (also referred to as a Web
services gateway) specializes in the application
itself. With the ability to rapidly inspect an
transformation, routing and SLA operations at wirespeed.
An XML gateway can therefore act as an application
policy operations from service endpoints. These operations include content routing, protocol switching, data
transformation, identity authentication and
offloading these policy operations to a purpose
ment security, optimize performance and enable advanced policy operations like SLAs without programming. In a
loosely-coupled, distributed SOA this is critical, since progr
service endpoint introduces security, performance, scalability and flexibility issues.
Centralized Enforcement of Message Level Security
An XML/Web services gateway provides a means for consistent enforcement of policy in a distributed SOA at a
granular XML or Simple Object Access Protocol (SOAP) (XML m
to Web services standards) message level. For example, gateways can inspect XML
message streams for anomalies or known attacks using specialized silicon. It can
accelerate XML cryptographic operations, manage access requests, encrypt and
decrypt, validate message schemas and signatures. The gateway can affect
credential transforms, act as a Public Key Infrastructure (PKI) Cer
(CA) or Registration Authority (RA),
more—
compliance with Web Services (WS
interoperability by automatically ap
XML messages.
specialized gateway hardware, architects can expand their security control and flexibility while freeing processor
cycles on service endpoints to execute business logic.
When XML gateways are deployed as SOA se
message-level firewalls typically provide XML threat protection at an infrastructure, applic
level, as well as extensive identity-based functions
granular access control, and full support for WS
Policy Governance
By combining policy enforcement with polic
across an SOA. Governance is a combination of consis
At runtime, this may mean that every service endpoint responds the same way to a denial
may mean that precise SLAs can be defined and enforced across a set of services with an automatic re
the event of a violation.
While not all XML gateways can enforce and manage general XML messaging policies, gate
designed specifically to handle general SOA pol
identity. In this way, a comprehensive SOA policy gover
the application network.
By centralizing policy
operations, XML
gateways eliminate the
need to code policy into
each and every Web
services application in
an organization
ogies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
Technologies Inc. All other trademarks and copyrights are the property of their respective
SOA and the XML Gateway of networking device that manages message level security, Service Level
Agreements (SLAs) and performance in a Service-Oriented Architecture (SOA). In contrast to a conventional
networking device, which operates on message streams based on network-level inspection of byte streams (such
as TCP or UDP ports, or simple byte patterns in message content), an XML gateway (also referred to as a Web
services gateway) specializes in the application-level protocols rendered within the XML or Web services message
self. With the ability to rapidly inspect and process XML messages, XML gateways can perform security,
transformation, routing and SLA operations at wirespeed.
An XML gateway can therefore act as an application-oriented networking device for offloading tr
policy operations from service endpoints. These operations include content routing, protocol switching, data
mation, identity authentication and authorization, privacy enforcement and schema validation. By
ations to a purpose-built “application networking” device, SOA architects can imple
ment security, optimize performance and enable advanced policy operations like SLAs without programming. In a
coupled, distributed SOA this is critical, since programming and processing message level policy on every
service endpoint introduces security, performance, scalability and flexibility issues.
Centralized Enforcement of Message Level Security
An XML/Web services gateway provides a means for consistent enforcement of policy in a distributed SOA at a
granular XML or Simple Object Access Protocol (SOAP) (XML message conforming
to Web services standards) message level. For example, gateways can inspect XML
message streams for anomalies or known attacks using specialized silicon. It can
accelerate XML cryptographic operations, manage access requests, encrypt and
decrypt, validate message schemas and signatures. The gateway can affect
credential transforms, act as a Public Key Infrastructure (PKI) Cer
(CA) or Registration Authority (RA), and capture message-level audit logs
— all at wirespeed. It can also assure standards conformance by enforcing
compliance with Web Services (WS-*) standards, or ensuring improved
interoperability by automatically applying WS-* standards to non
XML messages. Through the offloading of granular XML security operations to
specialized gateway hardware, architects can expand their security control and flexibility while freeing processor
cycles on service endpoints to execute business logic.
When XML gateways are deployed as SOA security devices, they are often described as “XML firewalls
typically provide XML threat protection at an infrastructure, application and transaction
based functions (including credential chaining, single sign-on and federation),
full support for WS-* standards among other functions.
By combining policy enforcement with policy management, an XML gateway can enable runtime policy governance
oss an SOA. Governance is a combination of consistent policy definition, execution and conformance validation.
this may mean that every service endpoint responds the same way to a denial-of-service attack, or it
be defined and enforced across a set of services with an automatic re
While not all XML gateways can enforce and manage general XML messaging policies, gateways have been
designed specifically to handle general SOA policy definitions, including security, SLAs, routing, transforms and
identity. In this way, a comprehensive SOA policy governance framework can be implemented at runtime inside
SecureSpan and the Layer 7 Technologies design mark are
All other trademarks and copyrights are the property of their respective owners. 3
vice Level
Oriented Architecture (SOA). In contrast to a conventional
inspection of byte streams (such
as TCP or UDP ports, or simple byte patterns in message content), an XML gateway (also referred to as a Web
level protocols rendered within the XML or Web services message
gateways can perform security,
oriented networking device for offloading traditional XML
policy operations from service endpoints. These operations include content routing, protocol switching, data
authorization, privacy enforcement and schema validation. By
built “application networking” device, SOA architects can imple-
ment security, optimize performance and enable advanced policy operations like SLAs without programming. In a
amming and processing message level policy on every
An XML/Web services gateway provides a means for consistent enforcement of policy in a distributed SOA at a
essage conforming
to Web services standards) message level. For example, gateways can inspect XML
message streams for anomalies or known attacks using specialized silicon. It can
accelerate XML cryptographic operations, manage access requests, encrypt and
decrypt, validate message schemas and signatures. The gateway can affect
credential transforms, act as a Public Key Infrastructure (PKI) Certificate Authority
level audit logs— and
dards conformance by enforcing
*) standards, or ensuring improved
* standards to non-standards-based
granular XML security operations to
specialized gateway hardware, architects can expand their security control and flexibility while freeing processor
XML firewalls.” These
ation and transaction
on and federation),
gateway can enable runtime policy governance
tent policy definition, execution and conformance validation.
service attack, or it
be defined and enforced across a set of services with an automatic response in
ways have been
curity, SLAs, routing, transforms and
nance framework can be implemented at runtime inside
The Role of XML Gateways in SOA
Copyright © 2011 Layer 7 Technologies Inc. All rights reserved.
trademarks of Layer 7 Technologies Inc.
SLA Enforcement
SLAs address situations when, due to contractual or other reasons, compliance
level benchmarks needs to be verified. Although v
increasing frequency in general eBusiness, outsourcing and B2B deployments. Metrics, such as process
messages per hour, rejected transac
exampl
by an intermediary like an XML firewall or gateway. These measurements are then
typically compared by an en
with the result dr
and reporting results, identifying and forwarding SLA violations, or changing service
behavior based on current SLA conformance.
XML gateways can perform a critical role in enforcing SOA SLA
are designed to inspect and pr
violations at an XML message level in real
processing, initiate a new policy process or generate an alarm event. Best
detailed information about any message flowing through it to produce metrics based on virtually any content
including identity, XML payload and/or policy violation.
Protocol Switching and Reliable MessagingIncreasingly, XML and SOAP messages are transported over protocols other than HTTP. Between companies this
may mean legacy transports like EDI and FTP. Inside companies this often means reliable messaging protocols like
JMS, MQSeries and Rendezvous. Mediating XML mess
a function that can be handled by many XML gateways using specialized software that allows them to switch mes
sages between transport and middleware protocols. In the future
context (Layer 7 is a co-author to the Organization for the Advancement of Structured Information Standards Web
Services Reliable Exchange or “OASIS” WS
Data Translation
One of the most critical functions of an XML gateway in a SOA environment is the transformation and
normalization of data formats. This plays two vital roles: it simplifies interoperation between applications using
distinct XML data formats; and secondly it allows for
platform authentication and authorization possible. In some XML gateways, this function is accelerated by virtue of
specialized silicon and XML processing software.
Service Virtualization
Service virtualization is another benefit realized by managing acce
an XML g
services presented to requesters based on their identity and capabilities without
custom coding or service duplication. For example, using the policy au
capabilities of the gate
views based on the identity and associated role of the requesting client application.
These identity
standards support, or SLA f
delivery and assuring service reuse.
Using the service virtualization feature of
new virtual services based on multiple existing services or discrete operations o
single service. Similarly non
or TIBCO Rendezvous message queue can be rendered as spec
external departments and partners without the need for
XML gateways perform
a critical role in
enforcing SOA security,
SLAs, routing, access
control, and
data/protocol
transformation
By virtualizing
services at runtime,
organizations can
create new virtual
services based on
multiple existing
services, or discrete
operations of a single
service
ogies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
Technologies Inc. All other trademarks and copyrights are the property of their respective
SLAs address situations when, due to contractual or other reasons, compliance with one or more defined service
level benchmarks needs to be verified. Although very common in telecom environments, SLAs are being used with
increasing frequency in general eBusiness, outsourcing and B2B deployments. Metrics, such as process
messages per hour, rejected transaction counts and queries per day
examples of defined service levels which may be measured either at endpoints, or
by an intermediary like an XML firewall or gateway. These measurements are then
typically compared by an enforcement process or application to the desired
the result driving some form of action. Typical actions can include
and reporting results, identifying and forwarding SLA violations, or changing service
behavior based on current SLA conformance.
XML gateways can perform a critical role in enforcing SOA SLA policies. Gateways
signed to inspect and process XML messages at wirespeed;
violations at an XML message level in real-time, and act to deny normal message
processing, initiate a new policy process or generate an alarm event. Best of breed gateways can also capture
detailed information about any message flowing through it to produce metrics based on virtually any content
including identity, XML payload and/or policy violation.
Protocol Switching and Reliable Messaging , XML and SOAP messages are transported over protocols other than HTTP. Between companies this
may mean legacy transports like EDI and FTP. Inside companies this often means reliable messaging protocols like
JMS, MQSeries and Rendezvous. Mediating XML messages between these transports and middleware protocols is
a function that can be handled by many XML gateways using specialized software that allows them to switch mes
sages between transport and middleware protocols. In the future, it will also be possible to preserve reliability
author to the Organization for the Advancement of Structured Information Standards Web
WS-RX standard that will help make this possible).
ost critical functions of an XML gateway in a SOA environment is the transformation and
normalization of data formats. This plays two vital roles: it simplifies interoperation between applications using
distinct XML data formats; and secondly it allows for credentials to be transformed and remapped to make cross
platform authentication and authorization possible. In some XML gateways, this function is accelerated by virtue of
ized silicon and XML processing software.
Service virtualization is another benefit realized by managing acce
gateway. Technical architects can fine-tune and personalize the view of
services presented to requesters based on their identity and capabilities without
custom coding or service duplication. For example, using the policy au
capabilities of the gateway, a policy can be defined to generate separate service
views based on the identity and associated role of the requesting client application.
These identity-tailored service views can proscribe different security expectations,
standards support, or SLA for each requester, simplifying the process of service
delivery and assuring service reuse.
Using the service virtualization feature of an XML gateway, architects can compose
new virtual services based on multiple existing services or discrete operations o
single service. Similarly non-spec-compliant services coming over an IBM MQSeries
or TIBCO Rendezvous message queue can be rendered as spec-compliant, WSDL-based services for sharing with
partments and partners without the need for recoding.
SecureSpan and the Layer 7 Technologies design mark are
All other trademarks and copyrights are the property of their respective owners. 4
one or more defined service
ery common in telecom environments, SLAs are being used with
increasing frequency in general eBusiness, outsourcing and B2B deployments. Metrics, such as processing time,
tion counts and queries per day are common
es of defined service levels which may be measured either at endpoints, or
by an intermediary like an XML firewall or gateway. These measurements are then
forcement process or application to the desired level,
can include gathering
and reporting results, identifying and forwarding SLA violations, or changing service
policies. Gateways
ocess XML messages at wirespeed; detect SLA policy
and act to deny normal message
breed gateways can also capture
detailed information about any message flowing through it to produce metrics based on virtually any content,
, XML and SOAP messages are transported over protocols other than HTTP. Between companies this
may mean legacy transports like EDI and FTP. Inside companies this often means reliable messaging protocols like
ages between these transports and middleware protocols is
a function that can be handled by many XML gateways using specialized software that allows them to switch mes-
e to preserve reliability
author to the Organization for the Advancement of Structured Information Standards Web
ost critical functions of an XML gateway in a SOA environment is the transformation and
normalization of data formats. This plays two vital roles: it simplifies interoperation between applications using
credentials to be transformed and remapped to make cross-
platform authentication and authorization possible. In some XML gateways, this function is accelerated by virtue of
Service virtualization is another benefit realized by managing access to services using
tune and personalize the view of
services presented to requesters based on their identity and capabilities without
custom coding or service duplication. For example, using the policy authoring
way, a policy can be defined to generate separate service
views based on the identity and associated role of the requesting client application.
tailored service views can proscribe different security expectations,
or each requester, simplifying the process of service
XML gateway, architects can compose
new virtual services based on multiple existing services or discrete operations of a
compliant services coming over an IBM MQSeries
based services for sharing with
The Role of XML Gateways in SOA
Copyright © 2011 Layer 7 Technologies Inc. All rights reserved.
trademarks of Layer 7 Technologies Inc.
The ability to virtualize services at runtime also simplifies service lifecycle management. In prac
definitions evolve based on changing business demands, usage policies or stan
client applications from service changes by ensuring that multiple views of the same underlying service can be
maintained simultaneously. This ensures that client access isn’t broken
guarantees services can be staged before deployment
Acceleration of XML Processing
XML processing is extremely resource intensive. The parsing, querying and transformation of messages is
computationally expensive, and can greatly drive up application server costs. Some XML gateways can accelerate
performance through specialized parsing software and silicon. For example, the Layer 7 SecureSpan™ Gateway
accelerates complex XML operations like XPATH, XSLT and schema v
streaming technology) or hardware (via specialized
linearly with the addition of each gateway to a SecureSpan cluster. This combination of performance technologies
allows SecureSpan to handle policy operations on
dependent on DOM-based parsing.
Deployment Patterns for XML GatewaysUnlike conventional firewalls or gateways, which typically define the edge of a corporate network, XML gateways
can be located anywhere within a network where
network architectures can vary so significantly in different organizations, flexibility in deployment is an important
characteristic to consider in evaluating any gateway.
Best-of-breed XML gateways are available in three different physical form factors to support
scenarios, including hardened appliances for the DMZ and network edge, blade
datacenter, and as software that can integrate
DMZ: Hardened Appliances
A common deployment pattern for XML gateways is at the edge of the network, in a DMZ
firewall and router infrastructure. In this role, the XML gateway serves as the entry point for all XML/Web services
traffic into an organization, providing both pro
security policy before routing messages into mission
Hardware
they cluster easily to provide unparalleled scalability and fault tolerance. They are
also self-cont
into the organization.
DMZ deployments often require secure connections between the gateway and the
internal network. This is known as the “last mile”, a term borrowed from telephone
distribution, where it describes the path from the switching station into the
residence. There are a number of approaches to securing the last mile in Web
services. An encrypted tunnel, using Secure Sockets Layer (SSL) or Virtual Pri
solution because of its ease of setup. Alternatively, the gateway can validate, but not decrypt cryptographi
secured message elements. It then relays the still
ultimately decrypted. This solution is only practical if that server has the capability of pro
message-based encryption from the OASIS WS Security specification. Technologies like the OASIS Security
Assertion Markup Language (SAML) or IBM’s Lightweigh
to transfer any authentication context established by a gateway to a downstream application server. Best
gateways can also support a code-free model that requires no se
but rather relies on the deployment of last
Best-of-breed
gateways should be
available in a number
of form factors to
meet performance,
manageability and
budgetary needs
ogies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
Technologies Inc. All other trademarks and copyrights are the property of their respective
The ability to virtualize services at runtime also simplifies service lifecycle management. In prac
definitions evolve based on changing business demands, usage policies or standards. XML gateways can insulate
from service changes by ensuring that multiple views of the same underlying service can be
maintained simultaneously. This ensures that client access isn’t broken when service definitions change
vices can be staged before deployment.
Acceleration of XML Processing
XML processing is extremely resource intensive. The parsing, querying and transformation of messages is
computationally expensive, and can greatly drive up application server costs. Some XML gateways can accelerate
nce through specialized parsing software and silicon. For example, the Layer 7 SecureSpan™ Gateway
perations like XPATH, XSLT and schema validation in software (using
via specialized semiconductor technology). The performance benefits scale
linearly with the addition of each gateway to a SecureSpan cluster. This combination of performance technologies
allows SecureSpan to handle policy operations on the kind of large messages that would tax application servers
Deployment Patterns for XML Gateways Unlike conventional firewalls or gateways, which typically define the edge of a corporate network, XML gateways
can be located anywhere within a network where there are XML applications to protect and accelerate. Because
network architectures can vary so significantly in different organizations, flexibility in deployment is an important
characteristic to consider in evaluating any gateway.
eways are available in three different physical form factors to support different deployment
hardened appliances for the DMZ and network edge, blade-based deployment for the
that can integrate with application servers.
A common deployment pattern for XML gateways is at the edge of the network, in a DMZ defined by conventional
firewall and router infrastructure. In this role, the XML gateway serves as the entry point for all XML/Web services
traffic into an organization, providing both protection against threats and high-performance enforcement of
ty policy before routing messages into mission-critical internal servers.
Hardware-based, rack-mount appliances are an ideal solution in this deployment as
hey cluster easily to provide unparalleled scalability and fault tolerance. They are
contained in a hardened package that provides the most secure entry point
into the organization.
DMZ deployments often require secure connections between the gateway and the
internal network. This is known as the “last mile”, a term borrowed from telephone
stribution, where it describes the path from the switching station into the
residence. There are a number of approaches to securing the last mile in Web
services. An encrypted tunnel, using Secure Sockets Layer (SSL) or Virtual Private Network (VPN), is a
solution because of its ease of setup. Alternatively, the gateway can validate, but not decrypt cryptographi
secured message elements. It then relays the still-secure message to the destination application server where it is
pted. This solution is only practical if that server has the capability of processing the complex,
based encryption from the OASIS WS Security specification. Technologies like the OASIS Security
Assertion Markup Language (SAML) or IBM’s Lightweight Third-Party Authentication (LTPA) also provide a means
to transfer any authentication context established by a gateway to a downstream application server. Best
free model that requires no security programming at all on service endpoints,
but rather relies on the deployment of last-mile agents for consuming and enforcing security at the endpoint.
SecureSpan and the Layer 7 Technologies design mark are
All other trademarks and copyrights are the property of their respective owners. 5
The ability to virtualize services at runtime also simplifies service lifecycle management. In practice, service
ards. XML gateways can insulate
from service changes by ensuring that multiple views of the same underlying service can be
when service definitions change. It also
XML processing is extremely resource intensive. The parsing, querying and transformation of messages is
computationally expensive, and can greatly drive up application server costs. Some XML gateways can accelerate
nce through specialized parsing software and silicon. For example, the Layer 7 SecureSpan™ Gateway
in software (using FastPath™ XML
. The performance benefits scale
linearly with the addition of each gateway to a SecureSpan cluster. This combination of performance technologies
tax application servers
Unlike conventional firewalls or gateways, which typically define the edge of a corporate network, XML gateways
there are XML applications to protect and accelerate. Because
network architectures can vary so significantly in different organizations, flexibility in deployment is an important
different deployment
based deployment for the
defined by conventional
firewall and router infrastructure. In this role, the XML gateway serves as the entry point for all XML/Web services
performance enforcement of
critical internal servers.
eal solution in this deployment as
hey cluster easily to provide unparalleled scalability and fault tolerance. They are
ained in a hardened package that provides the most secure entry point
DMZ deployments often require secure connections between the gateway and the
internal network. This is known as the “last mile”, a term borrowed from telephone
stribution, where it describes the path from the switching station into the
residence. There are a number of approaches to securing the last mile in Web
vate Network (VPN), is a popular
solution because of its ease of setup. Alternatively, the gateway can validate, but not decrypt cryptographically-
secure message to the destination application server where it is
cessing the complex,
based encryption from the OASIS WS Security specification. Technologies like the OASIS Security
tion (LTPA) also provide a means
to transfer any authentication context established by a gateway to a downstream application server. Best-of-breed
t all on service endpoints,
mile agents for consuming and enforcing security at the endpoint.
The Role of XML Gateways in SOA
Copyright © 2011 Layer 7 Technologies Inc. All rights reserved.
trademarks of Layer 7 Technologies Inc.
Data Center: High Performance, Easily Manageable Blades
The datacenter has different capacity and management expectati
blade-based solutions. Blade-based XML gateways afford the perfect balance between a cost
ease of management, and raw performance
Application Server: Software
Finally, there are deployments in which endpoint
security or SLA enforcement is the primary concern. In these situations, integrating gateway securit
the application server environment as a software solution is the only way to ensure that there is no possible point
of attack between applications.
Conclusions XML gateways are a new class of network device that can play a key role in any
architects concerned about throughput, security, governance, SLA enforcement or service virtualization may be
able to solve these problems more easily or more cost
managing performance and policy opera
greater scalability, flexibility and security.
ogies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
Technologies Inc. All other trademarks and copyrights are the property of their respective
Data Center: High Performance, Easily Manageable Blades
The datacenter has different capacity and management expectations than the DMZ, providing an excellent fit for
based XML gateways afford the perfect balance between a cost-effective solution,
ease of management, and raw performance-oriented scalability without sacrificing functionality.
pplication Server: Software-based Solution
Finally, there are deployments in which endpoint-to-endpoint (i.e., from client to service without intermediary)
security or SLA enforcement is the primary concern. In these situations, integrating gateway securit
the application server environment as a software solution is the only way to ensure that there is no possible point
XML gateways are a new class of network device that can play a key role in any SOA framework. Technical
architects concerned about throughput, security, governance, SLA enforcement or service virtualization may be
able to solve these problems more easily or more cost-effectively using an XML gateway. Over time, the benefit of
ng performance and policy operations in a central location will lower the TCO of any SOA, while providing
greater scalability, flexibility and security.
SecureSpan and the Layer 7 Technologies design mark are
All other trademarks and copyrights are the property of their respective owners. 6
ons than the DMZ, providing an excellent fit for
effective solution,
oriented scalability without sacrificing functionality.
endpoint (i.e., from client to service without intermediary)
security or SLA enforcement is the primary concern. In these situations, integrating gateway security functions into
the application server environment as a software solution is the only way to ensure that there is no possible point
SOA framework. Technical
architects concerned about throughput, security, governance, SLA enforcement or service virtualization may be
effectively using an XML gateway. Over time, the benefit of
tions in a central location will lower the TCO of any SOA, while providing
The Role of XML Gateways in SOA
Copyright © 2011 Layer 7 Technologies Inc. All rights reserved.
trademarks of Layer 7 Technologies Inc.
About Layer 7 TechnologiesWith more than 150 customers across 6 continents, and successful partnershi
resellers in the industry, Layer 7 Technologies is the leader in SOA and cloud security and governance. Our award
winning SecureSpan™ family of XML Gateways feature sophisticated runtime governance, enterprise
management and industry-leading XML security. Our CloudSpan™ family enables enterprises and service providers
to securely consume cloud services, as well as protect and control their own applications deployed in public and
private clouds. Founded in 2002, Layer 7 has a history of helping organizations address their security, visibility and
governance issues by enabling them to control, manage and adapt their Web services, no matter the deployment
model – in the enterprise or in the cloud
Contact Layer 7 TechnologiesLayer 7 Technologies welcomes your questions, comments, and general feedback.
Email:
Web Site:
www.layer7tech.com
Phone:
604-681-9377
1-800-681-9377 (toll free)
Fax:
604-681-9387
Address:
US Office
1200 G Street, NW, Suite 800
Washington, DC 20005
Canada Office
Suite 405-1100 Melville Street
Vancouver, BC
V6E 4A6 Canada
Legal Information Copyright © 2011 by Layer 7 Technologies, Inc. (www.layer7tech.com). Contents confidential. All rights reserved.
SecureSpan™ is a registered trademark of Layer 7 Technologies, Inc. All other mentioned trade na
trademarks are the property of their respective owners.
ogies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
Technologies Inc. All other trademarks and copyrights are the property of their respective
About Layer 7 Technologies With more than 150 customers across 6 continents, and successful partnerships with some of the largest ISVs and
resellers in the industry, Layer 7 Technologies is the leader in SOA and cloud security and governance. Our award
winning SecureSpan™ family of XML Gateways feature sophisticated runtime governance, enterprise
leading XML security. Our CloudSpan™ family enables enterprises and service providers
to securely consume cloud services, as well as protect and control their own applications deployed in public and
er 7 has a history of helping organizations address their security, visibility and
governance issues by enabling them to control, manage and adapt their Web services, no matter the deployment
in the enterprise or in the cloud.
Contact Layer 7 Technologies Layer 7 Technologies welcomes your questions, comments, and general feedback.
by Layer 7 Technologies, Inc. (www.layer7tech.com). Contents confidential. All rights reserved.
SecureSpan™ is a registered trademark of Layer 7 Technologies, Inc. All other mentioned trade na
trademarks are the property of their respective owners.
SecureSpan and the Layer 7 Technologies design mark are
All other trademarks and copyrights are the property of their respective owners. 7
ps with some of the largest ISVs and
resellers in the industry, Layer 7 Technologies is the leader in SOA and cloud security and governance. Our award-
winning SecureSpan™ family of XML Gateways feature sophisticated runtime governance, enterprise-scale
leading XML security. Our CloudSpan™ family enables enterprises and service providers
to securely consume cloud services, as well as protect and control their own applications deployed in public and
er 7 has a history of helping organizations address their security, visibility and
governance issues by enabling them to control, manage and adapt their Web services, no matter the deployment
by Layer 7 Technologies, Inc. (www.layer7tech.com). Contents confidential. All rights reserved.
SecureSpan™ is a registered trademark of Layer 7 Technologies, Inc. All other mentioned trade names and/or