• Share
  • Email
  • Embed
  • Like
  • Private Content
Not all XML Gateways are Created Equal
 

Not all XML Gateways are Created Equal

on

  • 538 views

 

Statistics

Views

Total Views
538
Views on SlideShare
538
Embed Views
0

Actions

Likes
1
Downloads
2
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Not all XML Gateways are Created Equal Not all XML Gateways are Created Equal Document Transcript

    • Not All SOA Gateways Are Created EqualConsiderations for Business Manager Managers Layer 7 Technologies White Paper
    • Not All SOA Gateways Are Created EqualContentsIntroduction ................................................................ ................................................................................................ .................................................. 3Cost of Implementation ................................ ................................................................................................................................ 3 ................................ Deployability ................................ ................................................................................................................................ ............................................. 3 Form Factor Considerations ................................ ................................................................................................ .................................................. 3 Extensibility ................................................................ ................................................................................................ ............................................... 4 SDK ................................................................ ................................................................................................ ........................................................ 4 Interoperability ................................ ................................................................................................................................ 4 ..................................... Standards Commitment ................................ ................................................................................................ ........................................................ 4Cost of Operation ................................ ................................................................................................................................ .......................................... 5 Manageability ................................ ................................................................................................................................ ........................................... 5 Scalability and Reliability ................................ ................................................................................................ .......................................................... 5 Updating................................................................ ................................................................................................ .................................................... 5Cost of Upgrade ................................ ................................................................................................................................ ............................................ 6 Repurchasing Gateways ................................ ............................................................................................................................ 6 ............................About Layer 7 Technologies ................................ ................................................................................................ .......................................................... 7Contact Layer 7 Technologies ................................ ................................................................................................ ....................................................... 7Legal Information ................................ ................................................................................................................................ .......................................... 7 Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are ogies trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 2
    • Not All SOA Gateways Are Created Equal Introduction SOA Gateways were originally introduced to address common security and performance issues arising from the use s of XML-based messaging protocols in a Service Oriented Architecture (SOA). Over this decade, Gateway capabilities based have been broadened to address runtime policy enforcement issues (such as regulatory compliance, SLA conformation, and granular privacy and access control problems), as well as integration to third party service onformation, providers, whether across organizational boundaries; across the public internet, or (increasingly) between the enterprise and the cloud. But while all Gateways provide similar features/functionality, the Total Cost of Ownership (TCO) varies widely. For le Gateways, TCO extends well beyond just the initial licensing and implementation fees to include the cost of deploying, customizing, and managing the solution on an ongoing basis. In today’s economic climate, organizations the have expanded their evaluation focus to encompass criteria that will help them avoid lock in and undue operating lock-in costs. This white paper examines those factors that will have the greatest impact on total cost of ownership, namely cost of implementation, operation and upgrade upgrade. Cost of Implementation Beyond upfront licensing, the cost of implementation for an SOA Gateway typically includes configuration and ost customization expenses (a factor of the ease of extensibility of a Gateway) as well as ease of deployment. Other Gateway), costs can also include the time and resources to certify new hardware for deployment in a corporate datacenter.Layer 7 offers hardware, Deployabilitysoftware, VMware and Deployment flexibility is key to lowering cost of implementation. Where someAmazon Machine Gateway vendors offer only hardware or software solutions, Layer 7 offers multipleImages, so customers form factors – including hardware, software, VMware and Amazon Machine Imagecan choose the most (AMI) – allowing customers to choose the most appropriate solution for their iateappropriate solution for purpose, deployment platform, budget, and/or stage of implementation.their purpose, platform, For example, some Gateway vendors leave organizations with no flexibility when itbudget, and/or stage of comes to purchasing a Gateway for the purposes of developing and testing aimplementation solution as they only offer a hardware-based solution. However, development deve organizations typically do not need the high performance of a hardware-based hardware solution. For this reason, Layer 7 makes available VMware VMware-based Gateways and even pay-as-you you-go Amazon Machine instances, which are a better fit (and more appropriately priced) for prototyping than production-ready production hardware solutions. Form Factor Considerations Hardware – Most SOA Gateway vendors offer hardware accelerated network appliances featuring dedicated chip sets to accelerate/offload common XML processes. By optimizing XML performance using a Gateway, organizations can reduce the load on their application servers, reducing the cost and frequency of server upgrades. cost Software/VMWare – While hardware-based Gateways are key in production settings, they are often an -based impractical (and costly) solution for development, testing or staging environments where software or VMware- software- based appliances are the preferred form factor. Layer 7 is one of the few vendors to offer both a VMWare and nces software Gateway at an economical price tag, while delivering identical feature/functionality as the hardware identical appliance. Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are ogies trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 3
    • Not All SOA Gateways Are Created EqualAdditionally, Layer 7’s software Gateway can be implemented on customer eway customer-defined hardware – hardware that hasalready been tested and approved for use in their datacenter – eliminating the cost of testing and implementing anew hardware platform, while significantly decreasing support and maintenance costs.Virtual – Public and private clouds are gaining acceptance in the marketplace for their ability to convert CapEx toOpEx by offering cost-effective computing resources on effective on-demand. As a result, organizations have begun redesigning ationstheir own datacenters as private clouds, and consuming public cloud resources on a utility basis. Layer 7’s virtualcloud Gateway offerings (including both our Virtual Appliance and AMI) have made it possible for theseorganizations to spin up SOA Gateway instances in a multi-tenant environment in order to guard access to their tenantcloud-based services and APIs. Hardware based vendors are unable to accommodate these changing IT based Hardware-basedrequirements.ExtensibilityAs the advent of the cloud so clearly co confirms, IT environments change. While Layer 7’s support for multiple formfactors has been one way to help insulate customers against changes in the datacenter, accommodating businesschange requires extensibility – the ability to quickly and cost-effectively customize a solution to match evolving effectivelybusiness needs based on specific industry traits, existing corporate guidelines, and the organization’s uniquebusiness processes.Layer 7’s Custom Policy SDKAssertion SDK gives Layer 7’s Custom Policy Assertion SDK gives developers the ability to extend thedevelopers the ability to Gateway’s functionality in order to accommodate their specific requirementsextend the Gateway’s using standard Java programming. Custom Assertions can be created for proprietary message processing, pattern recognition and filtering, as well asfunctionality in order to interfacing to third party products, such as identity management infrastructure, third-party infrastructureaccommodate their network monitoring applications, or anti anti-virus systems.specific requirementsusing standard Java In contrast, the extensibility of many other Gateways is limited. For example, to limitedprogramming accommodate the kinds of customization listed above would typically require either the skills of an XSLT programmer (expensive compared to the ubiquity ofJava programmers) and/or the addition of an application server ((such as WebSphere) to run the custom code.InteroperabilityIndependent Gateway vendors like Layer 7 do not benefit from lock ndependent lock-in, but rather design from the ground up toaccommodate a heterogeneous SOA environment based on Web services standards. As a result, Layer 7’s standards.Gateways interoperate with a wide range of products, including (for example) a wide range of leading identity, atewaysaccess, SSO and federation systems, such as LDAP, Microsoft Active Directory/Federated Services, Oracle AccessManager, IBM Tivoli (TAM and TFIM), CA SiteMinder and TransactionMinder, Sun Java Access Manager and NovellAccess Manager.Standards CommitmentOne of the best guarantees against vendor or platform lock in is wide support for Web services standards. Any lock-incredible vendor in the SOA Gateway market should be able to demonstrate a history of active participation in thestandards bodies that govern Web services. This includes both authoring the standards and participating in regular bothinterops. Layer 7 has been an active participant in the OASIS, W3C and WS-I standards consortiums, and hashelped drive key standards like WS-Policy, WS Policy, WS-SecurityPolicy, WS-Trust, WS-Federation, WS-I BSP to name a few. SP Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are ogies trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 4
    • Not All SOA Gateways Are Created EqualCost of OperationWhile implementation costs represent a key factor in the TCO equation, they’re typically only a one-time cost. oneOperational costs – including ongoing Gateway management, administration and updating – represent a fargreater impact on total cost of ownership over time.ManageabilityMost SOA Gateways are implemented as a series of discrete functional units rather than as a cluster. While this can s functionalprovide some flexibility when it comes to deployment, it also dramatically raises administration costs as eachGateway must be separately configured, updated and managed. In contrast, Layer 7 Gateways feature trueclustering capabilities and can be centrally administered as if they were a single device. For distributed organizations that span diverse development, test, staging, Layer 7 embeds these production and even cloud environments – worldwide – management becomes kinds of enterprise- even more costly and complex. Pain points arise around policy migration, scale management Gateway and service performance monitoring, and policy lifecycle and capabilities directly management (from authoring to deployment to change management). Layer 7 within the Gateway embeds these kinds of enterprise scale management capabilities directly within enterprise-scale itself – there’s no need the Gateway itself – there’s no need to deploy, manage and upgrade a separate nage to deploy, manage and product. For example, IBM typically recommends deploying “ITCAM for SOA” to upgrade a separate provide enterprise management capabilities for their DataPower products. And product while Layer 7 allows global management of all Gateways from a single locati location,TCAM is typically required to be deployed in multiple locations to support regional deployments.For those organizations that already have a monitoring and management infrastructure in place, Layer 7 offersout-of-the-box connectors to leading agent sed management products, as well as a robust API for integration box agent-basedwith monitoring, auditing and KPI tracking software.Scalability and ReliabilityScalability and reliability should go hand in hand. While simply placing a load balancer in front of a series ofGateways can be a cheap and easy way to scale, solutions that offer built in clustering and failover can go a long built-inway to ensuring reliability by providing fault tolerance and high availability. As load increases, the ability to scalecost-effectively without affecting performance is key. effectivelyLayer 7’s true clustering capabilities (i.e., the ability to exchange information, load balance and automati automatically failover) gives them the edge over other Gateways when it comes to horizontal scaling. Additionally, Layer 7’ssoftware-based appliances give organizations the choice to scale vertically (which may be more cost effective) by basedadding more processors to the server.UpdatingIn an ideal setting, policies are developed, tested and implemented in production never to change. The reality,however, is that policies must change to keep up with evolving business needs, regulatory requirements and orymarket demands. The ability to implement changes on the fly (without having to bring down the Gateway) is key to s.ensuring business as usual.Layer 7 provides the ability to implement changed/new policies in production without incurring downtime. In acluster, policies are updated centrally, and then replicated between devices in real time without requiring off- real-time off Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are ogies trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 5
    • Not All SOA Gateways Are Created Equallining, making for easy change management. Additionally, any Gateway/cluster worldwide can be backed up andrestored from a centralized console, simplifying disaster recovery and ensuring business continuity. disasterIn contrast, other SOA Gateways typically do not support cluster-wide administration, and thus requires wideadministrators to manually replicate policies on each Gateway. In addition, policy changes usually cannot be cannoimplemented on the fly – rather, Gateways must be brought offline before updates can occur.Cost of Upgrade For hardware hardware-only Gateways, migrating between versions typically requires a Because some complete forklift upgrade. In effect, this means returning the existing Gateway; Gateway vendors are repurchasing new hardware; re implementing existing configurations and re-implementing hardware-dependent, policies; and re re-training on the new systems – all of which can be an expensive migrating between undertaking at a time when IT is experiencing more pressure on their budgets versions requires a than ever. complete forklift upgrade In contrast, Layer 7 offers an SOA Gateway whose hardware can be upgraded independently, giving customers the choice of remaining on their currentlysupported version of the product while upgrading (not migrating) to the latest hardware to take advantage ofperformance benefits. And not only can the new hardware be purchased for a nominal fee (a fraction of the initialpurchase price), the original hardware can be repurposed as a general use server, affording total investmentprotection.Repurchasing GatewaysIn order to remain supported, customers are forced to repurchase new Gateways every three to five years when hree fthe original hardware is retired. Despite paying a significant yearly support and maintenance fee, the repurchaseprice is typically (depending on your bargaining power) close to the initial purchase price, leading to anunreasonably high total cost of ownership for Gateway customers after just one or two hardware refreshes.A comparable deployment of Layer 7 hardware Gateways is significantly less expensive – as little as one third thecost. When considering development and test environments where most Layer 7 customers have t flexibility to thedeploy software or VMware Gateways, the savings are even more dramatic. As long as Layer 7 customers remain ,current on Support and Maintenance, the cost to upgrade between Layer 7 hardware platforms is nominal, with nocharge for soft appliances. This represents a significant difference in total cost of ownership between Layer 7 and liances.other Gateways over just one or two refresh periods.As a result, the total cost of ownership for a Layer 7 solution is dramatically lower than other Gatewaydeployments, with initial purchase costs as little as one , one-third of the re-purchase price, and one quarter of the 3-5 3year TCO. Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are ogies trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 6
    • Not All SOA Gateways Are Created EqualAbout Layer 7 TechnologiesWith more than 150 customers across 6 continents, and successful partnerships with some of the largest ISVs andresellers in the industry, Layer 7 Technologies is the leader in SOA and cloud security and governance. Our award award-winning SecureSpan™ family of SOA Gateways feature sophisticated runtime governance, enterprise-scale Gateways enterprisemanagement and industry-leading XML security. Our CloudSpan™ family enables enterprises and service providers leadingto securely consume cloud services, as well as protect and control their own applications deployed in public and ownprivate clouds. Founded in 2002, Layer 7 has a history of helping organizations address their security, visibility andgovernance issues by enabling them to control, manage and adapt their Web services, no matter the deploymentmodel – in the enterprise or in the cloud cloud.Contact Layer 7 TechnologiesLayer 7 Technologies welcomes your questions, comments, and general feedback.Email:info@layer7tech.comWeb Site:www.layer7tech.comPhone:(+1) 604-681-93771-800-681-9377 (toll free within North America) 9377Fax:604-681-9387Address:Layer 7 Technologies1200 G Street, NW, Suite 800Washington, DC 20005Layer 7 TechnologiesSuite 405-1100 Melville StreetVancouver, BCV6E 4A6 CanadaLegal InformationCopyright © 2011 by Layer 7 Technologies, Inc. (www.layer7tech.com). Contents confidential. All rights reserved.SecureSpan™ is a registered trademark of Layer 7 Technologies, In All other mentioned trade names and/or Inc.trademarks are the property of their respective owners. Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are ogies trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 7