XS40 XML Security Gateway
|
From the publisher website or publicity XS40 XML Security Gateway While there is tremendous business value in XML Web services, security remains an unsolved problem and the largest single barrier to adoption. Enterprises require a new pragmatic approach to XML Web services security, one that simultaneously recognizes the uncertainty of new standards, the value of existing infrastructure investments, the organizational challenges and the performance impact of XML security. Because corporations are struggling to deal with resource constraints, diverging business goals and the requirement to assimilate new technology, the XS40 is an easy-to-install and maintain network appliance that satisfies both application and network groups and supports current and pending security standards out-of-the-box. XML Web Services Security is XML Processing All XML Web services security functions, such as XML schema validation, XML Encryption, XML Signature, WS-Security and others, require extensive XML processing. The security of the underlying XML processing engine is essential to the security of a web services security solution. Secure XML processing is also very resource-intensive. This often forces organizations to choose between performance and protection, because fully securing XML requires processing power not available in traditional XML engines. Secure Architecture Powered by robust XG3™ technology built from the ground up to be secure, the XS40 is the only available solution able to provide full XML Security with the wirespeed performance necessary for real-world applications. XS40 XML Security Gateway is more than just an XML Firewall: it is a carrier-grade XML proxy that can parse, filter, validate schema, decrypt, verify signatures, access-control, transform, sign and encrypt XML message flows as illustrated in the figure below. "DataPower has strong integration for security and management. ... All of this adds up to the strongest overall current feature set." - Forrester Research, XML Security Gateway Report With the XS40, enterprises can implement comprehensive XML security practices without the performance penalties or security weaknesses typical of other solutions. The XS40's patent-pending architecture is truly future-proof, with the agility to easily adapt to changing standards, partners and policies. Third-Party Validation of Security and Interoperability DataPower's Integration for Management strategy means that the XS40 has the strongest integration with existing enterprise infrastructure. In addition to being widely deployed at the world's largest organizations, the XS40 has been extensively validated and certified for its security, reliability, interoperability and deep integration. See DataPower Standards Interoperability and Product Integration page for a list of just some of these. Click here XS40 XML Security Gateway datasheet.
Frequently Asked Questions for the DataPower XS40 XML Security Gateway Q: What is the XS40 XML Security Gateway? The XS40 XML Security Gateway is a 1U (1.75" thick) rack-mountable network device purpose built by some of the world's top XML experts to secure XML and Web Services transactions. The XS40 delivers the most comprehensive set of functions including: XML Encryption XML/SOAP Firewall filtering
Detailed Logging Q: Why not use existing security infrastructure such as IP firewalls and SSL proxies? The existing security infrastructure is not and cannot be made XML-aware: much of it was designed and deployed before XML became the "lingua franca" it is today. Indeed, one of the original design goals for SOAP, the foundation of XML Web Services, was to be a server-to-server protocol that could "easily bypass firewalls". That means that monitoring, controlling and policing XML network traffic requires a new kind of device. Of course, the existing IP security infrastructure continues to play an essential role by providing security at the lower layers. Q: Why not just handle XML security at the application server? While application servers can be used to implement some security functions, this is not a scalable enterprise-wide answer to the wider XML Web Services security challenge. One reason is that the processing demands of advanced XML security standards make it impossible to fully secure a high-volume XML transaction environment without dedicated hardware. Another is the difficulty of keeping multiple application servers up-to-date with XML security patches and corporate policies, a task greatly eased by establishing a single gateway - an XML proxy - through which XML transactions enter and exit the corporate network. Q: Security devices must sit in-line. How can I be sure the XS40 won't introduce performance bottlenecks or a single point of failure? All functions of XML security (encryption, signatures, filtering, and validation) rely heavily on computationally intensive tasks such as XML parsing, XPath and XSLT. The XS40 uses a patent pending technology invented by DataPower to address the unique demands of secure XML processing. XML Generation Three™ or XG3™ is the core processing technology used within the field-proven XA35 XML Accelerator and all of DataPower's XML-Aware products. It enables wirespeed security functions not possible with any competing approach. From careful thermal design to absence of failure-prone hard disks, the XS40 is designed for reliability by people responsible for some of the world's most reliable products - the network equipment that runs the world's phone networks and major Internet backbones. In the unlikely event of a unit failure, the failover mechanism instantly takes over to transfer traffic to another unit and ensure that no connectivity interruption occurs. Q: How is the XS40 typically deployed? The most typical configuration involves the use of the XS40 as an XML proxy, sitting inline and scanning all incoming and outbound XML traffic. In this way it can dynamically apply all necessary encryption, filtering, digital signing and other required security functionality at the edge of the network. The approach dramatically improves performance, security and maintainability. Q: Why would a company want an XML security gateway? As enterprises deploy sophisticated XML-enabled applications, they face several security vulnerabilities: Legacy systems are not even aware of XML - Current TCP-oriented security approaches aren't XML-Aware and consequently cannot shield against malicious traffic. SSL is not the solution for web services security. Schema Validation and other XML security practices are Resource-Intensive - The performance overhead of complex XML processing leads many companies to disable Schema validation and other XML security functions for performance reasons. Like homeowners whose burglar alarm is off because it takes too long to turn on, they are vulnerable to many XML threats. XML is being used to connect the most valuable resources - The very value of XML Web Services comes from the fact that valuable back-end servers are being connected, but that is also its greatest weakness from a security standpoint. XML Web Services Access Control - In environments where authorized users and trading partners may change daily, authenticating partners' identity and authorizing actions is crucial but difficult with custom code or legacy systems. The XS40 XML Security Gateway works with existing infrastructure to create a practical solution that is: Fast - Industry leading performance means no slow-downs of critical transactions and no security compromises.
Q: Does the XS40 work with existing firewalls, routers or load balancers? Absolutely! The XS40 is designed to complement your existing network infrastructure by adding a layer of intelligent infrastructure to the enterprise network. The XS40 is an IP-addressable device designed to be deployed downstream from firewalls and alongside load balancers, and serve as a secure SOAP intermediary or XML proxy. Q: In addition to security features (XML filtering, encryption, signing and validation) what other functionality does the XS40 support? The XS40 also functions as an intelligent content switch or XML router capable of directing XML requests to the appropriate resource. This flexible XML routing can be based on the content payload or network-level criteria (such as IP address or URL). |
Keywords
Other tools that may interest you by area:-
Vendor: DataPower |
|