Solution Brief: SOA Policy Governance with SecureSpanTM XML Networking Gateway

SecureSpan Manager

SecureSpan Gateway and Bridge deployed in tandem as runtime policy enforcement and
WS-Policy

application points for federated

Registry / Repository
WS-Policy

WS-Policy

environments.

Service Consumer with hard coded policy

WS-Policy

WS-Policy WS-Metadata Exchange WS-Policy

SecureSpan Gateway Cluster Web Services

Service Consumer with SecureSpan Bridge

The Problem:
SOA is predicated on an ability to integrate loosely coupled services together on-demand. This creates new kinds of challenges for governing how service assets get developed, provisioned and invoked. Defining, enforcing and coordinating policy on and between services therefore become essential for proper service governance and accounting. This requires policy governance infrastructure that can control the creation, change, provisioning and reconciliation of policies across loosely-coupled services and their client applications. Managing the policy lifecycle from creation to reconciliation is only complicated in real-world environments by the decentralized nature of development and operating environments inside and across enterprises.

The Layer 7 Solution:

SOA Governance requires process and product for controlling service assets at both design time and runtime. While several tools exist for regimenting the developer centric process of governing a service asset at design time, the runtime problem is complicated by the distributed and federated nature of SOA. For that reason Layer 7 has introduced the SecureSpan XML networking Gateway for providing both policy integration with leading registries from Systinet, Infravio and Fujitsu and runtime enforcement of those policies. The result is a complete environment for defining, enforcing and validating runtime SOA Governance policy.

SOA Policy Governance with SecureSpanTMXML Networking Gateway

Innovations and Solution Features:

Policy level integration with leading SOA registries from Infravio and Systinet First XML Gateway product to demonstrate WS-Policy interoperability WS*-Policy compliant, assertion based, policy editor Ability to export policy definitions in XML or WS-Policy First policy application point for client-side policy provisioning (SecureSpan XML VPN Client) First policy synchronization technology between application clients and services Drag and drop policy editing environment One-click policy provisioning and change to end-points or SOA registry Automatic policy validation checker in SecureSpan Policy Manager Assertion based policy composition editor supporting branching and conditional statements Native integration with leading access and management Policy Decision Points

Supported Standards and Specifications:

XML 1.0, SOAP 1.1, REST, AJAX, XPath 1.0, XSLT 1.0, WSDL 1.1, XML Schema & DTD, LDAP 3.0, SAML 1.1/2.0, PKCS #10, X.509 v3 Certificates, W3C XML Signature 1.0, W3C XML Encryption 1.0, FIPS 140.2, SSL/TLS 2.0 / 3.0, SNMP, SMTP, FTP, HTTP/HTTPS, JMS 1.0, MQ Series, Tibco EMS 4.0, WS-Security 1.0, WS-Trust 1.0, WS-SecureConversation, WS-MetadataExchange, WS-Policy, WS-Security Policy, WS-Policy, WS-Secure Exchange, WSIL, WS-I, WS-I BSP, UDDI 3.0

Key Features
Service Level Agreement (SLA)
- Throttling control provides ability to support service over subscription with per-service throttling of excess messages, Service availability features includes support for strict failover, round robin, best effort and latency-based routing, Full support for Class of Service based message processing and routing based on identity, message content, time of day, etc.

Policy Flexibility
- Support for XML, SOAP, POX, AJAX, REST and other XML-based services, Configuration wizards simplify policy creation and activation, Support for policy branching based on any message content or logic operation, Single policy can support both in-line and co-processor deployments, Policies can be applied to request-only, response-only or both request and response messages, Policy level integration with leading SOA Governance registries, Custom Policy SDK

Form Factors
- 1U rack mount appliance, 64-bit multiprocessor platform with XML acceleration ASIC, SSL accelerator and dual GE/FE NICS, Gateway software for Linux and Windows Server 2003 platforms* *Note: Some features available in appliance version only

Administration Options
- GUI-based SecureSpan Manager deployed as either stand alone application (Windows / Linux) or browser-based (Internet Explorer / Firefox), Centralized cluster management and configuration with delegated administratio, Drag and drop policy-based policy configuration, Intelligent, real-time validation and testing of policies, Logging and audit trapping of violations and system/user defined events via SNMP and SMTP, Dashboard for graphical, real-time monitoring of traffic profiles and security violations

Service Mediation and Virtualization Features

- Transport mediation between HTTP, HTTPS, MQS, JMS, FTP Smart WSDL generation for non-SOAP services WSDL remapping and virtualization based on requestor identities, Authorization controls for access to specific operations

Web Site: www.layer7tech.com Email: info@layer7tech.com Phone: 800.681.9377