API Management for VMware vCloud
Layer 7’s CloudSpan CloudControl
Gateways offer:
Abstraction & Management
Policy-driven management
streamlines API versioning,
composition and orchestration,
while ensuring conformance to
SLA and quality of service goals
through throttling/rate limiting.
Metering & Reporting
Granular logging, monitoring and
auditing capabilities, coupled with
performance metrics allow you to
understand, track and meter API
usage.
Protection & Control
Implement fine-grained access
control and comprehensive threat
protection for all API calls.
To learn more about Layer 7’s latest
release, call 1-800-681-9377 (toll
free within North America) or
+1.604.681.9377. You can also email
us at [email protected]; friend us on
facebook.com/layer7; visit us at
layer7.com, or follow-us on twitter
@layer7.
Protect, Abstract, and Meter vCloud APIs
Layer 7 CloudSpan CloudControl abstracts vCloud APIs, giving organizations
enhanced control and management capabilities
vCloud API Abstraction Provides Greater Control
VMware’s vCloud initiative represents virtualization 2.0, avoiding the classic virtualization
metaphors rooted in the physical world—hosts, SANs, and networks—and instead
promoting a multi-tenanted, resource-centric view of the virtual datacenter. With vCloud,
enterprises and service providers can create the basis of a public or private cloud that
features simplified service provisioning and chargeback by programmatically controlling
their virtualized assets via the vCloud APIs. Adding a layer of abstraction on top of the
vCloud APIs allows organizations to simplify the way in which service providers can manage
and control vCloud Director, streamlining automation.
The Layer 7 CloudSpan CloudControl gateway delivers key protection, abstraction and
metering capabilities for vCloud APIs by implementing a configurable policy creation and
enforcement point at the API level. CloudControl’s intuitive drag-and-drop policy builder lets
you create and enforce API policies that provide for:
• Abstraction and masking of APIs
• Composition/orchestration to create new APIs
• Live dashboard monitoring of API usage
• Versioning of REST and SOAP APIs (beyond vCloud basic versioning)
• Mapping between SOAP and REST
• Transformation of any GET, POST, DELETE, and PUT content
• Authentication (HTTP basic, digest, SSL, but also SAML, Kerberos, X.509 certs, OAuth, etc)
• Cloud single sign-on (SSO)
• Fine grained authorization to individual APIs
• Validation of XML structures (such as OVF containers)
• Threat detection, including threats embedded in XML OVF files
• Automatic fail-over between hosts
• JSON Schema validation
• Management of federated relationships
• Fully customizable audit
Secure Hybrid Cloud – The Future of Enterprise IT
The CloudControl gateway is the basis of an enterprise-class cloud governance solution. In
contrast to other solutions that run as third party services or attempt to broker security
from a remote datacenter, CloudControl runs as an integral part of the vCloud Director
environment. The CloudControl VMware virtual machine is easily incorporated into any
VMware infrastructure. In this way, the security, management and metering solution for
your cloud APIs resides within the cloud they are protecting—not off at some other location
where proxyed transactions can be subjected to attack while traversing the open Internet.
Locally integrating a security solution as an integral part of your cloud infrastructure allows
you to properly secure your cloud APIs, ensuring sophisticated access control and protection
against denial-of-service (DoS) attacks.
Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.
Key Features
vCloud API Protection & Control
Threat Protection • Protect against Cross-Site Scripting (XSS), SQL Injection, XML content/structural threats, viruses, etc
• Create custom threat profiles to extend built-in filters for message structure & XML-specific threats
• Track failed authentications and/or policy violations to identify patterns and potential threats
• Validate HTTP parameters, REST query/POST parameters, JSON data structures, XML schemas, etc
Access Control • Support for HTTP basic, digest, SSL client-side certificate authorization, Microsoft SPNEGO, etc
• Support for all major authentication and authorization standards, including SAML, Kerberos, digital
signatures, X.509 certificates, LDAP, OAuth, etc, and leading identity and access management systems
Privacy • Powerful message content filtering and transformation tools help identify and surpass leakage of sensitive
information (i.e. SSNs, credit card numbers, etc.)
• Support for multiple types of element or message level XML signing and encryption
vCloud API Abstraction & Management
API Lifecycle • APIs can be smoothly migrated between environments (i.e. from Dev to Test, East to West, etc.) with full
dependency resolution and re-mapping
• Supports automatic API versioning including rollback to any previous version
• Global security settings, threat detection profiles, etc. can be reused across multiple APIs to save time and
ensure consistency
API Composition • Point and click API composer supports quickly building composite virtual APIs from any combination and/or
subset of existing APIs
Orchestration • Policy-driven API request sequencing based on administrator-defined conditions and logic
• Routing based on message content or service availability
• Run multiple back-end service calls concurrently, thereby reducing overall latency
Multiple Protocols • Supports any combination of XML/REST/SOAP APIs and enables translation between protocols to simplify
customer adoption
• Filter/customize back-end error messages to better fit customers deployment patterns
SLA/Performance
Control
• Enforce availability through throttling and/or rate limiting to ensure SLAs and QoS priorities
• Advanced, carrier-grade traffic shaping to manage bandwidth to API servers
• Access to API methods can be filtered/restricted based on user, time of day, service level, etc.
• Route traffic based on geography, IP address, back-end response times, etc for optimum performance
• Integrated clustering provides scalability and automatic failover between multiple instances of APIs/services
Management API • Remote management APIs allow customers to hook their existing, third-party management tools into
CloudSpan, simplifying asset management
vCloud API Metering & Reporting
Metrics and Reporting • Configurable, out-of-the-box reports provide insight into API performance: meter and track API/method
usage for per-user billing, capacity planning, SLA compliance etc.
• Real time monitoring dashboard provides fine-grained insight into API & network level performance
Customer Mapping • Report on service performance, policy violations and SLA conformance based on specific customers,
composites (i.e., processes and transactions using a service) or clients to build a profile of user experience
Audit transactions • Log files provide a granular audit trail of all API connections mediated by CloudControl
Supported Standards
XML, JSON, SOAP, REST, PCI-DSS, AJAX, XPath, XSLT, WSDL, XML Schema, LDAP, SAML, XACML, OAuth, PKCS, X.509 Certificates, JMS,
FIPS 140-2, Kerberos, XML Signature, XML Encryption, SSL/TLS, SNMP, SMTP, POP3, IMAP4, HTTP/HTTPS, MQ Series, Tibco EMS,
FTP, WS-Security, WS-Trust, WS-Federation, WS-SecureExchange, WS-Addressing, WS-SecureConversation, WS-MetadataExchange,
WS-Policy, WS-SecurityPolicy, WS-PolicyAttachment, WSIL, WS-I, WS-I BSP, UDDI, WSRR, MTOM, IPv6, WCF
To learn more about Layer 7 call us today at +1 800.681.9377 (toll free within North America) or +1.604.681.9377. You
can also email us at [email protected]; friend us on facebook.com/layer7; visit us at layer7.com, or follow-us on twitter
@layer7