vordel Vordel XML Gateway



Similar documents
Core Feature Comparison between. XML / SOA Gateways. and. Web Application Firewalls. Jason Macy jmacy@forumsys.com CTO, Forum Systems

Securing SOA and Web Services with Oracle Enterprise Gateway

Securely Managing and Exposing Web Services & Applications

The bridge to delivering digital applications across cloud, mobile and partner channels

Managing SOA Security and Operations with SecureSpan

Apigee Gateway Specifications

An Oracle White Paper Dec Oracle Access Management Security Token Service

Jitterbit Technical Overview : Microsoft Dynamics AX

Creating a Strong Security Infrastructure for Exposing JBoss Services

Centralized Orchestration and Performance Monitoring

Mobile Identity and Edge Security Forum Sentry Security Gateway. Jason Macy CTO, Forum Systems

IronPort C10 for Small and Medium Businesses

WebSphere Integration Solutions. IBM Day Minsk Anton Litvinov WebSphere Connectivity Professional Central Eastern Europe

Requirement Priority Name Requirement Text Response Comment

ACE Management Server Deployment Guide VMware ACE 2.0

IBM Tivoli Federated Identity Manager

Securing Web Services From Encryption to a Web Service Security Infrastructure

Federated Identity and Single Sign-On using CA API Gateway

Jitterbit Technical Overview : Microsoft Dynamics CRM

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

IBM Tivoli Directory Integrator

Introduction to WebSphere Process Server and WebSphere Enterprise Service Bus

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

APIs The Next Hacker Target Or a Business and Security Opportunity?

Symantec Endpoint Protection

Increasing IT flexibility with IBM WebSphere ESB software.

Mail Services. Easy-to-manage Internet mail solutions featuring best-in-class open source technologies. Features

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

IronPort X1000 Security System

Cisco IronPort C670 for Large Enterprises and ISPs

Oracle SOA Suite: The Evaluation from 10g to 11g

Redbook Overview Patterns: SOA Design with WebSphere Message Broker and WebSphere ESB

Jitterbit Technical Overview : Salesforce

Deep-Secure Mail Guard Feature Guide

The syslog-ng Store Box 3 F2

Symantec Client Management Suite 8.0

Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper

IBM WebSphere DataPower Integration Appliance XI52

HP Intelligent Management Center Enterprise Software. Platform. Key features. Data sheet

IronPort C300 for Medium-Sized Enterprises and Satellite Offices

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

API Management: Powered by SOA Software Dedicated Cloud

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Symantec Messaging Gateway 10.5

AGILE API SECURITY API SECURITY GATEWAY

AquaLogic Service Bus

IBM WebSphere Enterprise Service Bus, Version 6.0.1

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Symantec NetBackup 5000 Appliance Series

NIST s Guide to Secure Web Services

DEPLOYMENT GUIDE. Websense Enterprise Websense Web Security Suite TM. v6.3.3

bbc Overview Adobe Flash Media Rights Management Server September 2008 Version 1.5

Symantec Brightmail Gateway Real-time protection backed by the largest investment in security infrastructure

IBM WebSphere DataPower

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

Oracle SOA Suite Then and Now:

Firewall Testing Methodology W H I T E P A P E R

Onegini Token server / Web API Platform

The syslog-ng Store Box 3 LTS

Cyberoam Perspective BFSI Security Guidelines. Overview

Advanced Administration for Citrix NetScaler 9.0 Platinum Edition

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

CA SOA Security Manager

Denodo Data Virtualization Security Architecture & Protocols

How To Reduce Pci Dss Scope

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

Vidder PrecisionAccess

Virtualization Journey Stages

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide

Security Information & Event Manager (SIEM)

Increasing IT flexibility with IBM WebSphere ESB software.

VMware Identity Manager Administration

ORACLE MOBILE SUITE. Complete Mobile Development Solution. Cross Device Solution. Shared Services Infrastructure for Mobility

Sentinet for BizTalk Server SENTINET

CA Federation Manager

Axway Validation Authority Suite

Using Layer 7 s API Gateway for vcloud Architectures How to achieve abstraction, security and management of vcloud APIs.

How To Achieve Pca Compliance With Redhat Enterprise Linux

EMC DATA DOMAIN DEDUPLICATION STORAGE SYSTEMS

<Insert Picture Here> Oracle Web Services Manager (WSM)

syslog-ng Store Box PRODUCT DESCRIPTION Copyright BalaBit IT Security All rights reserved.

Fundamentals of SOA Security Testing

EMC DATA DOMAIN DEDUPLICATION STORAGE SYSTEMS

Security and Billing for Azure Pack. Presented by 5nine Software and Cloud Cruiser

Novell Access Manager SSL Virtual Private Network

Using EMC Documentum with Adobe LiveCycle ES

WEB APPLICATION FIREWALLS: DO WE NEED THEM?

Discovering the value of IBM WebSphere DataPower SOA Appliances

Cisco IronPort X1070 Security System

Adobe ColdFusion (2016 release) Enterprise Edition

DEPLOYMENT GUIDE. Websense Enterprise Websense Web Security Suite TM. v6.3.1

Release Notes for Version

WHITE PAPER. Domo Advanced Architecture

Cisco Integration Platform

Heroix Longitude Quick Start Guide V7.1

Security in integration and Enterprise Service Bus(ESB) Anton Panhelainen Principal Technology Consultant Tieto Oy

Transcription:

vordel Vordel XML Gateway Apply control to Web and SOA applications Vordel XML Gateway applies control to Web and SOA applications by enforcing policies over traffic on the network. It also protects applications from malicious attack, allowing them to be deployed in safety and confidence. XML validation and threat-scanning is performed at wire-speed by the Vordel XML Gateway, allowing applications to run safer and faster. Vordel XML Gateway forms an integral component of any enterprise SOA infrastructure and can be deployed as part of a strategic architecture of Enterprise Service Buses, Enterprise Management, Identity Management and runtime Governance products. Page 1

Distributed Policy Enforcement with Centralized Management Vordel XML Gateway performs the runtime enforcement of policies defined in Governance products such as Oracle WSM (Web Services Manager) and Oracle Enterprise Manager. The WS-Policy standard is used to allow policies to be centrally defined in Oracle infrastructure and then enforced at multiple points on the network by Vordel XML Gateway infrastructure. Powerful rules engine Powerful rules engine An intuitive policy management console enables administrators to add security and management policies to multiple gateway devices. Rules may include significant complexity such as branching ( if the message is from this particular sender, then validate it against this particular schema ). Rules are defined to be independent of the resources which are being protected by the Vordel XML Gateway. Enforce Triple-A (Authentication, Authorization, Accounting) rules Vordel XML Gateway can apply identity policies defined in Identity Management products and apply them to Web and SOA traffic. These rules include authentication, authorization and Single Sign-On. Vordel currently supports Oracle Access Manager, Oracle Internet Directory, LDAP, Microsoft Active Directory, CA SiteMinder, Entrust GetAccess, IBM Tivoli Access Manager, and RSA Access Manager, as well as other IM products. Security for all flavors of XML applications Vordel XML Gateway provides protection for all three classes of XML applications: SOAP-based Web Services, plain XML applications which do not use SOAP, and REST style applications which are invoked using HTTP GET. This protection includes Web 2.0 applications which make use of the XHR (XMLHttpRequest) object. Comprehensive XML Firewalling Vordel XML Gateway provides full threat protection against XML attacks and sends email alerts to security administrators. Untrusted service invocations are denied by default. XML applications are protected using a comprehensive set of pre-built content-?ltering and traffic-analysis rules. Some of the common attacks it protects against include: Clogging attacks Service Scanning Covert channel attacks XML Denial of Service Data-harvesting attacks XML threats such as SQL Injection and XML Denial of Service Protect against vulnerabilities associated with XML parsers, including under both.net and Java frameworks Blacklisting with Network Firewalls Data Integrity control checks Validate incoming XML and SOAP messages for conformance with XML Schemas, WS-I Basic Profile data integrity. Client Authentication Perform authentication on clients using industry standard HTTP Authentication and X.509 Certificates with SSL. This is in compliance with the WS-I Basic Security Profile. Vordel also supports Kerberos, SAML and WS-Security to authenticate users and applications. Page 2

Traffic throttling Vordel XML Gateway protects Web Services from unanticipated traffic spikes, by smoothing out the traffic. It also limits clients to agreed Web Service consumption levels in accordance with service usage agreements. This allows Vordel s customers to charge their clients for different levels of Web Services usage. Service Virtualization Vordel XML Gateway serves as an important control point for XML traffic on the network. By shielding end point Web Services from direct access, the gateway allows for the virtualization of these services, and clients access the XML Gateway as if it was the Web Service itself. This allows different views of Web Services to be presented to different clients. Cloud Ready Vordel XML Gateway can be deployed in the cloud or can mediate between externally and internally hosted applications. Use Vordel XML Gateway to: Control the use of the cloud Monitor cloud service availability and responsiveness using Service Level Agreements Safeguard and classify confidential data Conserve network bandwidth and increase performance and decrease costs Control access between the organization and the services hosted in the cloud Audit and archive interactions with the cloud services Secure data transfer between onsite and offsite application environments Rapid Deployment Vordel provides pre-built policies which allow Vordel s customers to get up-and-running quickly. The gateway includes many features which speed up deployment. For example, certificates and private keys, necessary for many XML security functions, may be issued on-board. The device has a Deny by Default defense posture, in order to detect and block any unauthorized deployments of Web Services. Policies can be re-applied across multiple application endpoints using simple drop-down menus. Audit trail Maintain an audit trail of all internal and external XML-based communications in a tamper-proof store. Facilitate privacy compliance support by allowing de-identification: that is, allowing sensitive information, such as customer names, to be encrypted or stripped out of XML traffic. Real Time Monitoring Vordel XML Gateway ships with a real-time Monitoring Console that provides color-coded message filtering status on message throughput. Administrators can search events on a per message or event type (e.g. Schema validation). Processing Offload for Application Acceleration Offload the heavy-lifting of XML from application servers and onto the network. XML operations such as XML Schema Validation and XSLT are notoriously slow. The gateway uses patented, wirespeed, acceleration to speed these tasks. This frees up resources on application servers and allows applications to run faster. XML Data Enrichment Automatically populate content in XML documents from sources such as databases. By putting this functionality onto XML Networking infrastructure, the information is automatically populated into the XML messages before they reach the consuming Web Services. This simplifies and accelerates applications in ESBs or Application Servers. Supported platform Vordel XML Gateway is available as a hardware appliance; as software for Windows, Linux, and Solaris; as a VMWare appliance and as an Amazon EC2 Cloud AMI. Page 3

Deployment The following diagram shows the Vordel XML Gateway deployed to manage traffic from Web applications, XML, and SOAP. The Vordel Gateway comes with an onboard identity store, but may also be used with an external identity store such as the Oracle Internet Directory shown in the diagram below. Deployment with Oracle Infrastructure The following diagram shows the Vordel XML Gateway performing authentication and authorization on the network, through its built-in connector to Oracle Access Manager. Additionally, at the Web Service endpoint, an Oracle WSM Agent may be used to perform fine-grained authorization, based on a security token placed into the message by the Vordel XML Gateway. Oracle Enterprise Manager may be used to monitor and control the Vordel XML Gateway, as shown in the following diagram. The metrics on Web Services usage which is gathered from the Vordel XML Gateway are displayed by the Oracle Enterprise manager. Page 4

Performance Optimized VX Deployment Platform Integrated into the firewall is Vordel s patented core VXA (Vordel XML Acceleration) engine. This processing engine accelerates XML processing. The VX deployment platform also includes cryptographic acceleration hardware embedded in the device and Gigabit Ethernet cards provide wirespeed network performance. Supported Standards Oracle integrations/interoperability Oracle Access Manager, Oracle Application Server 11g, Oracle BPEL Process Manager, Oracle EDI B2B Gateway, Oracle Enterprise Manager, Oracle Internet Directory, Oracle 8,9,10,11 Database, Oracle Linux Web Services Protocols Networking Transport Protocols Service Governance Policy Control Identity Management Integration LDAP Security and Identity Mediation Encryption and Signing XML Firewalling Authentication Authorization Audit Monitoring & Alerting Extensibility Service Quality Certificate Management Data Integration Anti-Virus Appliance Specification Appliance Form Appliance Environmental Characteristics Operating System Support Matrix Extensibility STS SOAP 1.1 & 1.2, Plain XML (POX), REST, Web 2.0 (XMLHttpRequest, JSON) Service Virtualization, Content-based routing, Source-based routing, Identity-based routing, Protocol Conversion, XML Data Enrichment HTTP 1.0 & 1.1, JMS, MQ, FTP, SFTP, TIBCO Rendezvous, TIBCO EMS, SMTP, POP, TCP WSDL 1.2, WS-Policy 1.2, WS-SecurityPolicy 1.1, WS-Policy Attachment, UDDI Drag-and-drop policy creation, Conditional branching within policies, Standards-based Import/Export of policies, Policy chaining, Policy Migration, Wildcard values within policies, Distributed Policy Enforcement with Centralized Management Oracle Access Manager, Sun Access Manager, Novell Access Manager, CA SiteMinder, RSA Access Manager, Entrust GetAccess, IBM Tivoli Access Manager, XACML Oracle Internet Directory, Sun, Novell, Siemens, Microsoft Active Directory Built-in Security Token Service (STS), SAML Token Issuance and Injection, WS-Trust, Credential Mapping, Token mapping (X.509 to SAML, Kerberos, etc), SSL, XML Encryption, XML Signature, WS-Security SOAP Message Security, Threat Detection XML Entity Expansion and Recursion Attacks, XML Document Size Attacks, XML Document Width Attacks, XML Document Depth Attacks, XML Wellformedness based Parser Attacks, Jumbo Payloads, Recursive Elements, MegaTags aka Jumbo Tag Names, Public Key DoS attack, XML Flood, XML Encapsulation, XML Virus, Replay Attacks, Resource Hijack, Dictionary Attack, Message Tampering, Falsified Message, Data Tampering, Message Snooping, XPath Injection, SQL Injection, XPath Injection, Xquery Injection, WSDL Enumeration, Routing Detour, Schema Poisoning, Malicious Morphing, Malicious Include also called XML External Entity (XXE) Attack, Memory Space Breach, XML Morphing, Parameter Tampering, Coercive Parsing, Field level validation, Scanning outgoing messages for sensitive content based on metadata or Regular Expression Pattern, WSDL Scanning, XML Bomb Attacks, Rogue SOAP Attachments, Detect viruses in SOAP Attachments, Schema Validation, XML Clogging Detection, SOAP Operation Filtering, IP Address Filtering, Traffic Throttling, HTTP Header Analysis, HTTP Query String Analysis, Malicious content signature library Kerberos, HTTP Authentication (Basic/Digest), SSL Mutual Authentication, WS-Security 1.1 & 1.0, WS-Security UsernameToken, WS-Security X.509 Certificate Token, WS-Security Kerberos Profile and other types Role-based access control, Authorization based on database query, Content-based authorization, Delegation to third-party Authorization systems Traffic Logging, Log Signing Email, SNMP, Syslog, Windows Event Log, CheckPoint OPSEC, Embedded real time message monitor, Oracle Enterprise Manager, Adobe Flash Web-based monitoring JavaScript API for custom filters, Java API for custom filters, Conversion, XSLT, Custom Java Message Conversion Service outage detection, Service Level Agreement monitoring X.509 Certificate Issuance, Certificate Revocation List (CRL), OCSP, XKMS, Certificate chaining Oracle 8,9, 10 & 11 Database, Mysql, Microsoft SQL Server, JDBC Sophos, ClamAV 2 x PE1950 Quad-Core Xeon X5460 3.16GHz/2x6MB 1333FSB, 4GB FB 667MHz, 2 x 500GB SATA2 Universal (7,200 rpm) in RAID configuration, ncipher nfast 4000, 670W hot-plug redundant power supply, 2 x Broadcom NetXtreme 5721 Single Port Gigabit Ethernet NIC,Management Network Interface 1U Rack-mountable chassis 30.4 (77.2cm) D x 16.7 (42.6cm) W x 1.67 (4.26cm) H with bezel attached Rack Weight 35.8 lbs (16.3 Kg) Operating Temperature: 10º C to 35º C (50º F to 95º F) Storage Temperature: -40º C to 65º C (-40º F to 149º F) Operating Relative Humidity (non-condensing twmax=29c): 20% to 80% non-condensing Maximum humidity gradient: 10% per hour, operational and non-operational conditions Storage Relative Humidity: 5% to 95% non-condensing (twmax=38c) Operating Vibration: 0.26G at 5Hz to 350Hz for 2 minutes Storage Vibration: 1.54Grms Random Vibration at 10Hz to 250Hz for 15 minutes Operating Shock: 1 shock pulse of 41G for up to 2ms Storage Shock: 6 shock pulses of 71G for up to 2ms Operating Altitude: -16 to 3,048m (-50 ft to 10,000 ft) Storage Altitude: -16m to 10,600m (-50 ft to 35,000 ft) Windows 7, Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Red Hat Linux, Suse Linux ES, Ubuntu Linux, Debian Linux, Solaris 10 Sparc, Oracle linux Java, ECMA JavaScript, XSLT Built-in Security Token Service (STS) Ireland Vordel 30 Pembroke street upper Dublin 2 Tel: +353 1 234 2500 Washington Washington DC Metro Headquarters 13800 Coppermine Rd. #306 Herndon, VA. 20171 USA US Sales 1-(866)-460-0987 Boston 125 Metropolitan Avenue Boston, MA 02131 USA US Support 1-(866)-607-0023 UK 1st Floor Holborn Gate 330 High Holborn London WC1V 7QT United Kingdom Tel: +44 207 849 6885 Vordel White Paper, Copyright 2000 2009 Vordel Limited. All rights reserved. All content in this datasheet is for general information and promotional purposes only and neither constitutes a technical specification nor an offer to enter into contractual relations with Vordel or with any other party; and Vordel reserves the right to alter such content without notice at any time. The trademarks, logos and service marks displayed herein are registered and unregistered trademarks of Vordel and others. Page 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information