IBM Software Data Sheet

IBM WebSphere DataPower Service Gateway XG45 ApplianceTake action to secure and govern web traffic while you reduce IT complexity

Highlights●● ● ●Strengthen compliance using robust

data protection, policy enforcement and auditing capabilities.

●● ● ●Gain “front-line defense” for inbound and outbound traffic; this appliance acts as a web 2.0 gateway.

●● ● ●Separate security concerns from applica-tion code with an optional hardware secu-rity module (HSM) that is certified for FIPS 140-2 Level 3.

●● ● ●Integrate applications for improved application and database connectivity.

●● ● ●Support centralized policy management with an appliance that helps you to centrally govern data traffic and helps you to strengthen the security of your applications.

For business and IT leaders in a wide range of industries, service-oriented architecture (SOA) and web services offer tremendous business value—but security remains a persistent challenge. You must help your teams bring new services to the market in a rapid and secure manner. You seek a pragmatic approach that is cost-effective. You need the ability to adopt new and emerging industry standards and then enforce those standards. Your business requires an approach that enhances the value of your existing infrastructure and application investments while improving performance, reducing security risks and simplifying operation.

The IBM® WebSphere® DataPower® Service Gateway XG45 Appliance is purpose-built to help you secure and govern web traffic more effectively. The resulting reduction in IT complexity reduces cost within your organization. This is business agility at its most powerful, because it helps you create new revenues. You gain the ability to deploy new applications rapidly. Experience an advanced data-threat-reduction and security-enforcement layer for your web applications and for your on-premises applications.

Employ this IBM appliance to improve your business in a number of ways:

●● ● Simplicity of Web service deployment.●● ● Light-weight application and database connectivity for easy

connectivity.●● ● Web service proxy for a more efficient gateway approach.●● ● Centralized policy and service-level management for

compliance and for meeting service levels.●● ● Data validation for web 2.0 and for existing applications

that are web-facing.●● ● Fine-grained authorization, more-secure web application connectivity

and superior cryptography (the optional Hardware Security Module (HSM) helps you improve security).

2

Data SheetIBM Software

At organizations of every size around the globe, IT teams are taking action to secure their organization’s web services, applications and data. It is a dynamic environment in which to manage security and governance. Yet even as your team applies much effort to gain “front line” defense for inbound and out-bound traffic, another trend is in play: Today’s regulations require security to be built into your infrastructure, instead of “bolting it on” as an afterthought.

Security has become a “board room” discussion. Threats are launched constantly against web sites. Policy makers, thought leaders, business leaders and customers consider the security of their web interactions and associated data as critical. They demand that this information be properly protected. Additional pressure is being placed on corporations by regulatory agencies, which continue to require increasing levels of consumer protec-tion from data breaches. Corporate leaders must find ways to rapidly and cost-effectively meet business security requirements. You must take action to ensure that your business-critical appli-cations and the associated data are properly protected. And to ensure that your business maintains a competitive position in the marketplace, you must accomplish this in a way that does not slow the deployment of new applications and services.

New regulations demand response by business leadersThe State of Nevada in the U.S. recently amended a law that applies

to any sales transaction in which a business accepts a payment

card. S.B. 227 requires businesses to comply with the payment card

industry’s Data Security Standards and to encrypt any personal-

information business transfers. This broadens considerably the

information security obligations of all companies “doing business”

within the state’s borders. Be aware that regulations such as these

act as a precursor to legislation that could mandate higher standards

for privacy and data security.

PCI security standards are technical and operational requirements

set by the PCI Security Standards Council (PCI SSC) to protect

cardholder data. The standards apply to all organizations that store,

process or transmit cardholder data and the standards provide

guidance for software developers and manufacturers of the

applications and devices used in those transactions.

A pragmatic approach to changeToday’s environment also presents positive opportunities for business and IT leaders who seek effective change—for leaders who are willing to utilize the latest technology to address these critical business requirements. The pace of technological change at IBM serves to help you focus on staying ahead of the marketplace. Take advantage of robust solutions that help you achieve your corporate goals.

Take a cost-effective, pragmatic approach to the security involved with web-enabling your applications. Your service-gateway strategy must include the ability to enforce industry standards, and must include the ability to more easily adapt to new standards as they are defined. You want an approach that enhances the value of existing infrastructure investments and organizational structures, while you optimize application performance.

The IBM WebSphere DataPower Service Gateway XG45 appliance is purpose-built to help you build a stronger application-security foundation. The WebSphere DataPower Service XG45 helps you bring new services to the market more securely and more rapidly. You can take action to manage business-application risk, increase staff productivity and reduce maintenance costs. And with the DataPower Service Gateway XG45 appliance, you can prepare for the future while you make the most of your existing IT assets.

Many organizations see results within weeks with this pragmatic approach from IBM.

The WebSphere DataPower Service Gateway XG45 is a high-performance hardware appliance that is purpose-built to provide specialized functions that are simpler to integrate. The DataPower Service Gateway XG45 provides:

●● ● Light-weight connectivity, mediation and stronger security processing to your application infrastructure.

●● ● The ability to streamline complex but valuable SOA, XML and web 2.0 applications.

●● ● The ability to shorten deployment times.●● ● Acceleration of XML and web-services processing.●● ● Strengthened governance of your valuable application

infrastructure●● ● The ability to “offload” application encryption and

decryption

3

Data SheetIBM Software

An appliance for service visibility, integration, governance and securityThe award-winning DataPower Service Gateway XG45 is a purpose-built hardware platform that delivers highly manage-able, more-secure and scalable SOA solutions. A “hardened” SOA appliance, the DataPower Service Gateway XG45 appli-ance offers an advanced approach to threat-reduction and secu-rity for web transactions. Process your data using a consumable appliance that transforms back-end disparate message formats to XML while its performance applies message-level security and service policies.

The DataPower Service Gateway XG45 supports multiple application and web 2.0 protocols such as HTTP(s), FTP(s), WAS JMS, SOAP, and MQ and MQ FTE. Use this appliance right away to bridge disparate messaging and secured file- transfer capabilities. The IBM DataPower Service Gateway XG45 can exchange messages with IBM WebSphere MQSeries® systems by connecting as a WebSphere MQ client. Use the DataPower appliance to bridge disparate messaging and transport protocols, such as HTTP or TIBCO EMS, to WebSphere MQ. Messages that originate within a WebSphere MQ system or outside of a WebSphere MQ system can flow easily to and from another WebSphere MQ system, or to and from other messaging systems such as HTTP or TIBCO EMS.

To bridge the disparate messaging and transport protocols, this DataPower appliance uses a service such as the Multi-Protocol Gateway service. The performance of the IBM DataPower Service Gateway XG45 supports right away multiple data formats such as non-XML, XML, JSON, and make possible “any-to-any” data transformation using a data integration module (DIM). This data integration module is available from IBM as an option. And to help ensure that only valid authorized user access is provided to your corporate application infrastructure, the DataPower Service Gateway XG45 inte-grates with security and identity management software such as IBM Tivoli® software and several LDAP directories including Microsoft AD.

Data integration module lets you add binary data formats, PKCS7 and ODBCOne of first steps for leaders who want to try newer technolo-gies such as service-oriented architecture (SOA) is to ensure they have in place a robust Enterprise Service Bus (ESB) or application connectivity. With DataPower Service Gateway

XG45, you can opt for a data integration module. This module serves as a field-upgradeable option that provides simpler web application integration and or database connectivity. With this data integration module from IBM, “any-to-any” data transformation becomes possible. The performance of this module provides you with the ability to parse and transform arbitrary binary, flat text and XML messages—including EDI, COBOL Copybook, ISO 8583, CSV, ASN.1 and ebXML. This data-transformation capability helps you to enhance application data sharing. You can support modernization of your existing systems. Expect connectivity of external web 2.0 application and portal applications to internal applications. The optional data integration module available with the DataPower Service Gateway XG45 also provides PKCS7 for digital signatures and message encryption, which help to strengthen message protection.

The IBM WebSphere DataPower Service Gateway XG45 Appliance

The business value of fine-grained authorizationThere is a difference between URL-based or connection-level access

control and an approach called fine-grained authorization. Fine-

grained authorization makes it possible for you to interrogate individ-

ual SOAP or XML transactions. This action automatically determines

whether a specific transaction should be allowed through, based

upon payload contents, security policy and identity information.

For example, a purchase order has certain requirements: (1) Greater

than a specified amount of money, (2) Digitally signed by a CFO

certificate, (3) Targeted for vendor X and (4) Sent before 5:00 p.m.

This purchase order is allowed through, but the transaction immedi-

ately following it is rejected. SAML, WS-Security and XACML are

emerging as core standards for those who wish to implement this

fine-grained access control—which is especially helpful in an open,

cross-platform environment that joins a variety of policy enforcement

points (such as the DataPower Service Gateway XG45 appliance)

with central policy repositories. The business value of this approach

is clear: You can save time and reduce cost. Business agility

becomes reality.

4

Data SheetIBM Software

Support compliance with robust data-protection and auditing capabilitiesA powerful Authentication, Authorization and Auditing (AAA) framework makes it possible for the DataPower Service Gateway XG45 appliance to use a broad variety of methods for extracting data from incoming requests along with identity information such as user passwords and security tokens. Authentication and authorization steps are also modular; these steps can be based upon on-board or off-board repositories. Audit-and-accounting processing is fully extensible. This unique framework enables the appliance to integrate with a wide variety of identity management solutions. You can inte-grate proprietary, in-house Single Sign On (SSO) systems with your web services security architecture. The device selectively shares information through encryption-and-decryption and signing-and-verification of entire messages or of individual XML fields.

These granular and conditional security policies can be based on nearly any variable, including content, IP address, host name and other user-defined filters. Robust data protection, policy enforcement and auditing capabilities help organizations around the world achieve and maintain compliance with industry and regulatory requirements such as Sarbanes-Oxley, the Payment Card Industry Data Security Standard (PCI-DSS) and the Health Insurance Portability and Accountability Act (HIPAA).

Mitigate risks with “DMZ-grade” security for mission-critical applicationsDiscover a hardware device that delivers advanced XML and web services access controls without complex configuration or custom code. The WebSphere DataPower Service Gateway XG45 appliance offers the higher levels of security-assurance certification that are required by such enterprises as financial services and government agencies, including Public Key Infrastructure (PKI), Federal Information Processing Standard (FIPS), 140-2 Hardware Security Module (HSM), General Services Administration (GSA) eAuthentication, Homeland Security Presidential Directive (HSPD)-12 .The combination of high-performance of hardware acceleration with simplified deployment and ongoing management represents a powerful combination for your organization. You can expect to reduce complexity. You can expect to reduce the costs of securing mission-critical services, applications and data. Your reduced need for SOA programming skills can result in faster time-to-market for SOA benefits, without sacrificing strong support for security.

Increase trust in existing services with run-time policy enforcementThe performance of the DataPower Service Gateway XG45 appliance enables enterprises to centralize security and gover-nance functions in a single “drop-in” device that reduces ongoing maintenance costs. You can configure simpler firewall and web services proxy functions using a web GUI, and have it operational in minutes. Or, you can create custom security and routing rules using Extensible Stylesheet Language Transformation (XSLT), if that is a requirement. The WebSphere DataPower Service Gateway XG45 appliance is designed to be an excellent policy-enforcement and execution engine for those who wish to better secure “next generation” applications, which makes it easier for you to control access to applications, services and data using customizable roles and rights.

This purpose-built appliance integrates with leading policy managers and service registries, such as IBM WebSphere Service Registry and Repository. Support for standards such as WSSecurity, WS-SecurityPolicy, WS-Reliable Messaging and WS-Policy are standard capabilities provided by WebSphere DataPower Service Gateway XG45. The DataPower Service Gateway XG45 supports Simple Network Management Protocol (SNMP), script-based configuration and remote log-ging to integrate seamlessly with leading management software.

“Drop-in,” standards-based security and governance for web 2.0 applicationsModern web applications are evolving from static pages and forms into interactions that rival native desktop programs such as email clients, street-mapping software and customer relation-ship management (CRM) systems. Your customers, colleagues

The vast number of different protocols that it could handle … made the DataPower Appliance appealing as a leader in that market segment.

—Bank IT Director

5

Data SheetIBM Software

and partners have come to demand the same level of interactiv-ity and data access for their information. Unfortunately, critical business data can be locked away in your existing system applications—applications that were not designed for this type of use.

The DataPower Service Gateway XG45 appliance bridges web 2.0 applications to more formal enterprise standards such as JavaScript Object Notation (JSON). The DataPower Service Gateway XG45 appliance offers native support for JSON and for Representational State Transfer (REST), which helps your team more easily support new devices (smartphones, tablets, netbooks, and other devices), social networking, cloud computing and Software as a Service (SaaS) applications.

Powerful enhancements help your organization thriveThe newest addition to the WebSphere DataPower appliance family, the WebSphere DataPower Service Gateway XG45 appliance helps you to take full advantage of your existing

IBM has developed a solid business approach to the appliance marketplace, taking into account the challenges of adding new members to the range, maintaining a consistent focus and ensuring clients continue to get ongoing value.

—Lustratus Research, Inc., A Competitive Review of SOA Appliances, March 2010

IT infrastructure, Eclipse-based application development environment or XMLSpy integration. This innovative, prag-matic approach helps to reduce your total cost of ownership for security, mediation, web 2.0 and web services projects. You can re-use existing XSLT programs and deploy them on the DataPower Service Gateway XG45 appliance.

IBM WebSphere DataPower Service Gateway XG45 Appliance

Feature Business benefit

Web-application firewall and ●● Create portal connections that are more secure. Help protect your organization against XML vulnerabilities;

gateway this IBM appliance acts as the XML proxy.●● Experience strong security functions beyond those of an XML firewall. Expect web services access control

(AAA), XML Encryption and Digital Signature, WS-Security and content-based routing.

XML denial-of-service ●● Validate incoming requests and document malformed and malicious traffic; gain access to valuable post-attack

protection forensics.●● Take control over the low-byte XML messages that can bypass your traditional perimeter protection and cause

your mission-critical applications to fail instantly.

Field-level message security ●● Take action to protect the information that keeps your organization agile and competitive. This IBM service-

gateway appliance selectively shares information of entire messages—or of individual XML fields.

Access control for web ●● Gain powerful access-control functions. Enable more-secure access to web services-based applications for

services your clients, whether they are internal or external.

Light-weight application ●● You can opt for a Data Integration Module as a field- upgradeable option for any-to-any data transformation. The

connectivity module can parse and transform arbitrary binary, flat text, and XML messages, including EDI, COBOL Copybook,

ISO 8583, CSV, ASN.1, and ebXML. The optional Data Integration Module also provides database access and

PKCS7 encryption.

Fine-grained authorization ●● Gain more control over the processes that bring value to your organization. Instead of URL-based or connection-

level access control, expect fine-grained authorization that interrogates individual SOAP or XML transactions to

determine whether they should be allowed through.

Service virtualization ●● Transparently map a rich set of services to protected back-end resources—without sacrificing performance.

This IBM appliance gives you the combined power of URL rewriting, high-performance XSL transformations and

routing for XML and SOAP.

The hardware platform for the WebSphere DataPower Service Gateway XG45 appliance

●● ● 1U high-density, rack-mount design●● ● Latest-generation hardware technology that helps increase

performance and capacity●● ● Easier service; multiple field-replaceable parts●● ● Customized intrusion-detection handling●● ● Enhanced LEDs for different hardware components, which

provide user feedback●● ● Hardware diagnostic tool to help identify hardware problems●● ● Two network I/O modules for increased flexibility and

serviceability (four 1-GB ports and two 10-GB ports)

Why IBM?More than 1,700 organizations of all sizes employ IBM WebSphere DataPower SOA appliances to reduce IT complexity, lower costs, improve return-on-investment and foster new business. IBM appliances are used by companies in a wide range of industries around the globe. These IBM appli-ances are purpose built, enabling you to match a specific appliance to a specific business requirement—which provides leaders with optimal return on investment. Engage the IBM team and take advantage of our deep industry and technical knowledge combined with the robust capabilities provided by IBM appliances. Work smarter with IBM.

For more informationThe best SOA appliance is the one that helps your business aspirations become reality. To learn more about IBM WebSphere DataPower appliances, or to confirm which appliance is the best fit for your organization, contact your IBM sales representative or your IBM Business Partner, or visit the following website: ibm.com/software/integration/datapower/

Additionally, IBM Global Financing can help you acquire the IT solutions that your business needs in the most cost-effective and strategic way possible. We’ll partner with credit-qualified clients to customize an IT financing solution to suit your busi-ness goals, enable effective cash management, and improve your total cost of ownership. IBM Global Financing is your smartest choice to fund critical IT investments and propel your business forward. For more information, visit: ibm.com/financing

© Copyright IBM Corporation 2011

IBM Corporation Software Group Route 100 Somers, NY 10589 U.S.A.

Produced in the United States of America December 2011

IBM, the IBM logo, ibm.com, Tivoli, WebSphere, MQSeries and DataPower are trademarks of International Business Machines Corporation in the United States, other countries or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml

Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.

Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.

Other product, company or service names may be trademarks or service marks of others.

Please Recycle

WSD14015-USEN-02