More Related Content
Similar to Not all XML Gateways are Created Equal
Similar to Not all XML Gateways are Created Equal (20)
More from CA API Management
More from CA API Management (20)
Not all XML Gateways are Created Equal
- 1. Not All SOA Gateways Are Created Equal
Considerations for Business Manager
Managers
Layer 7 Technologies
White Paper
- 2. Not All SOA Gateways Are Created Equal
Contents
Introduction ................................................................
................................................................................................
.................................................. 3
Cost of Implementation ................................
................................................................................................................................ 3
................................
Deployability ................................
................................................................................................................................
............................................. 3
Form Factor Considerations ................................
................................................................................................
.................................................. 3
Extensibility ................................................................
................................................................................................
............................................... 4
SDK ................................................................
................................................................................................
........................................................ 4
Interoperability ................................
................................................................................................................................ 4
.....................................
Standards Commitment ................................
................................................................................................
........................................................ 4
Cost of Operation ................................
................................................................................................................................
.......................................... 5
Manageability ................................
................................................................................................................................
........................................... 5
Scalability and Reliability ................................
................................................................................................
.......................................................... 5
Updating................................................................
................................................................................................
.................................................... 5
Cost of Upgrade ................................
................................................................................................................................
............................................ 6
Repurchasing Gateways ................................
............................................................................................................................ 6
............................
About Layer 7 Technologies ................................
................................................................................................
.......................................................... 7
Contact Layer 7 Technologies ................................
................................................................................................
....................................................... 7
Legal Information ................................
................................................................................................................................
.......................................... 7
Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
ogies
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 2
- 3. Not All SOA Gateways Are Created Equal
Introduction
SOA Gateways were originally introduced to address common security and performance issues arising from the use
s
of XML-based messaging protocols in a Service Oriented Architecture (SOA). Over this decade, Gateway capabilities
based
have been broadened to address runtime policy enforcement issues (such as regulatory compliance, SLA
conformation, and granular privacy and access control problems), as well as integration to third party service
onformation,
providers, whether across organizational boundaries; across the public internet, or (increasingly) between the
enterprise and the cloud.
But while all Gateways provide similar features/functionality, the Total Cost of Ownership (TCO) varies widely. For
le
Gateways, TCO extends well beyond just the initial licensing and implementation fees to include the cost of
deploying, customizing, and managing the solution on an ongoing basis. In today’s economic climate, organizations
the
have expanded their evaluation focus to encompass criteria that will help them avoid lock in and undue operating
lock-in
costs.
This white paper examines those factors that will have the greatest impact on total cost of ownership, namely cost
of implementation, operation and upgrade
upgrade.
Cost of Implementation
Beyond upfront licensing, the cost of implementation for an SOA Gateway typically includes configuration and
ost
customization expenses (a factor of the ease of extensibility of a Gateway) as well as ease of deployment. Other
Gateway),
costs can also include the time and resources to certify new hardware for deployment in a corporate datacenter.
Layer 7 offers hardware,
Deployability
software, VMware and
Deployment flexibility is key to lowering cost of implementation. Where some
Amazon Machine Gateway vendors offer only hardware or software solutions, Layer 7 offers multiple
Images, so customers form factors – including hardware, software, VMware and Amazon Machine Image
can choose the most (AMI) – allowing customers to choose the most appropriate solution for their
iate
appropriate solution for purpose, deployment platform, budget, and/or stage of implementation.
their purpose, platform,
For example, some Gateway vendors leave organizations with no flexibility when it
budget, and/or stage of comes to purchasing a Gateway for the purposes of developing and testing a
implementation solution as they only offer a hardware-based solution. However, development
deve
organizations typically do not need the high performance of a hardware-based
hardware
solution. For this reason, Layer 7 makes available VMware
VMware-based Gateways and even pay-as-you you-go Amazon
Machine instances, which are a better fit (and more appropriately priced) for prototyping than production-ready
production
hardware solutions.
Form Factor Considerations
Hardware – Most SOA Gateway vendors offer hardware accelerated network appliances featuring dedicated chip
sets to accelerate/offload common XML processes. By optimizing XML performance using a Gateway,
organizations can reduce the load on their application servers, reducing the cost and frequency of server upgrades.
cost
Software/VMWare – While hardware-based Gateways are key in production settings, they are often an
-based
impractical (and costly) solution for development, testing or staging environments where software or VMware-
software-
based appliances are the preferred form factor. Layer 7 is one of the few vendors to offer both a VMWare and
nces
software Gateway at an economical price tag, while delivering identical feature/functionality as the hardware
identical
appliance.
Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
ogies
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 3
- 4. Not All SOA Gateways Are Created Equal
Additionally, Layer 7’s software Gateway can be implemented on customer
eway customer-defined hardware – hardware that has
already been tested and approved for use in their datacenter – eliminating the cost of testing and implementing a
new hardware platform, while significantly decreasing support and maintenance costs.
Virtual – Public and private clouds are gaining acceptance in the marketplace for their ability to convert CapEx to
OpEx by offering cost-effective computing resources on
effective on-demand. As a result, organizations have begun redesigning
ations
their own datacenters as private clouds, and consuming public cloud resources on a utility basis. Layer 7’s virtual
cloud Gateway offerings (including both our Virtual Appliance and AMI) have made it possible for these
organizations to spin up SOA Gateway instances in a multi-tenant environment in order to guard access to their
tenant
cloud-based services and APIs. Hardware based vendors are unable to accommodate these changing IT
based Hardware-based
requirements.
Extensibility
As the advent of the cloud so clearly co
confirms, IT environments change. While Layer 7’s support for multiple form
factors has been one way to help insulate customers against changes in the datacenter, accommodating business
change requires extensibility – the ability to quickly and cost-effectively customize a solution to match evolving
effectively
business needs based on specific industry traits, existing corporate guidelines, and the organization’s unique
business processes.
Layer 7’s Custom Policy SDK
Assertion SDK gives Layer 7’s Custom Policy Assertion SDK gives developers the ability to extend the
developers the ability to Gateway’s functionality in order to accommodate their specific requirements
extend the Gateway’s using standard Java programming. Custom Assertions can be created for
proprietary message processing, pattern recognition and filtering, as well as
functionality in order to
interfacing to third party products, such as identity management infrastructure,
third-party infrastructure
accommodate their
network monitoring applications, or anti
anti-virus systems.
specific requirements
using standard Java In contrast, the extensibility of many other Gateways is limited. For example, to
limited
programming accommodate the kinds of customization listed above would typically require
either the skills of an XSLT programmer (expensive compared to the ubiquity of
Java programmers) and/or the addition of an application server ((such as WebSphere) to run the custom code.
Interoperability
Independent Gateway vendors like Layer 7 do not benefit from lock
ndependent lock-in, but rather design from the ground up to
accommodate a heterogeneous SOA environment based on Web services standards. As a result, Layer 7’s
standards.
Gateways interoperate with a wide range of products, including (for example) a wide range of leading identity,
ateways
access, SSO and federation systems, such as LDAP, Microsoft Active Directory/Federated Services, Oracle Access
Manager, IBM Tivoli (TAM and TFIM), CA SiteMinder and TransactionMinder, Sun Java Access Manager and Novell
Access Manager.
Standards Commitment
One of the best guarantees against vendor or platform lock in is wide support for Web services standards. Any
lock-in
credible vendor in the SOA Gateway market should be able to demonstrate a history of active participation in the
standards bodies that govern Web services. This includes both authoring the standards and participating in regular
both
interops. Layer 7 has been an active participant in the OASIS, W3C and WS-I standards consortiums, and has
helped drive key standards like WS-Policy, WS
Policy, WS-SecurityPolicy, WS-Trust, WS-Federation, WS-I BSP to name a few.
SP
Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
ogies
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 4
- 5. Not All SOA Gateways Are Created Equal
Cost of Operation
While implementation costs represent a key factor in the TCO equation, they’re typically only a one-time cost.
one
Operational costs – including ongoing Gateway management, administration and updating – represent a far
greater impact on total cost of ownership over time.
Manageability
Most SOA Gateways are implemented as a series of discrete functional units rather than as a cluster. While this can
s functional
provide some flexibility when it comes to deployment, it also dramatically raises administration costs as each
Gateway must be separately configured, updated and managed. In contrast, Layer 7 Gateways feature true
clustering capabilities and can be centrally administered as if they were a single device.
For distributed organizations that span diverse development, test, staging,
Layer 7 embeds these
production and even cloud environments – worldwide – management becomes
kinds of enterprise-
even more costly and complex. Pain points arise around policy migration,
scale management
Gateway and service performance monitoring, and policy lifecycle
and
capabilities directly
management (from authoring to deployment to change management). Layer 7
within the Gateway
embeds these kinds of enterprise scale management capabilities directly within
enterprise-scale
itself – there’s no need the Gateway itself – there’s no need to deploy, manage and upgrade a separate
nage
to deploy, manage and product. For example, IBM typically recommends deploying “ITCAM for SOA” to
upgrade a separate provide enterprise management capabilities for their DataPower products. And
product while Layer 7 allows global management of all Gateways from a single locati
location,
TCAM is typically required to be deployed in multiple locations to support regional deployments.
For those organizations that already have a monitoring and management infrastructure in place, Layer 7 offers
out-of-the-box connectors to leading agent sed management products, as well as a robust API for integration
box agent-based
with monitoring, auditing and KPI tracking software.
Scalability and Reliability
Scalability and reliability should go hand in hand. While simply placing a load balancer in front of a series of
Gateways can be a cheap and easy way to scale, solutions that offer built in clustering and failover can go a long
built-in
way to ensuring reliability by providing fault tolerance and high availability. As load increases, the ability to scale
cost-effectively without affecting performance is key.
effectively
Layer 7’s true clustering capabilities (i.e., the ability to exchange information, load balance and automati
automatically fail
over) gives them the edge over other Gateways when it comes to horizontal scaling. Additionally, Layer 7’s
software-based appliances give organizations the choice to scale vertically (which may be more cost effective) by
based
adding more processors to the server.
Updating
In an ideal setting, policies are developed, tested and implemented in production never to change. The reality,
however, is that policies must change to keep up with evolving business needs, regulatory requirements and
ory
market demands. The ability to implement changes on the fly (without having to bring down the Gateway) is key to
s.
ensuring business as usual.
Layer 7 provides the ability to implement changed/new policies in production without incurring downtime. In a
cluster, policies are updated centrally, and then replicated between devices in real time without requiring off-
real-time off
Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
ogies
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 5
- 6. Not All SOA Gateways Are Created Equal
lining, making for easy change management. Additionally, any Gateway/cluster worldwide can be backed up and
restored from a centralized console, simplifying disaster recovery and ensuring business continuity.
disaster
In contrast, other SOA Gateways typically do not support cluster-wide administration, and thus requires
wide
administrators to manually replicate policies on each Gateway. In addition, policy changes usually cannot be
canno
implemented on the fly – rather, Gateways must be brought offline before updates can occur.
Cost of Upgrade
For hardware
hardware-only Gateways, migrating between versions typically requires a
Because some
complete forklift upgrade. In effect, this means returning the existing Gateway;
Gateway vendors are
repurchasing new hardware; re implementing existing configurations and
re-implementing
hardware-dependent,
policies; and re
re-training on the new systems – all of which can be an expensive
migrating between
undertaking at a time when IT is experiencing more pressure on their budgets
versions requires a than ever.
complete forklift
upgrade In contrast, Layer 7 offers an SOA Gateway whose hardware can be upgraded
independently, giving customers the choice of remaining on their currently
supported version of the product while upgrading (not migrating) to the latest hardware to take advantage of
performance benefits. And not only can the new hardware be purchased for a nominal fee (a fraction of the initial
purchase price), the original hardware can be repurposed as a general use server, affording total investment
protection.
Repurchasing Gateways
In order to remain supported, customers are forced to repurchase new Gateways every three to five years when
hree f
the original hardware is retired. Despite paying a significant yearly support and maintenance fee, the repurchase
price is typically (depending on your bargaining power) close to the initial purchase price, leading to an
unreasonably high total cost of ownership for Gateway customers after just one or two hardware refreshes.
A comparable deployment of Layer 7 hardware Gateways is significantly less expensive – as little as one third the
cost. When considering development and test environments where most Layer 7 customers have t flexibility to
the
deploy software or VMware Gateways, the savings are even more dramatic. As long as Layer 7 customers remain
,
current on Support and Maintenance, the cost to upgrade between Layer 7 hardware platforms is nominal, with no
charge for soft appliances. This represents a significant difference in total cost of ownership between Layer 7 and
liances.
other Gateways over just one or two refresh periods.
As a result, the total cost of ownership for a Layer 7 solution is dramatically lower than other Gateway
deployments, with initial purchase costs as little as one
, one-third of the re-purchase price, and one quarter of the 3-5
3
year TCO.
Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
ogies
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 6
- 7. Not All SOA Gateways Are Created Equal
About Layer 7 Technologies
With more than 150 customers across 6 continents, and successful partnerships with some of the largest ISVs and
resellers in the industry, Layer 7 Technologies is the leader in SOA and cloud security and governance. Our award
award-
winning SecureSpan™ family of SOA Gateways feature sophisticated runtime governance, enterprise-scale
Gateways enterprise
management and industry-leading XML security. Our CloudSpan™ family enables enterprises and service providers
leading
to securely consume cloud services, as well as protect and control their own applications deployed in public and
own
private clouds. Founded in 2002, Layer 7 has a history of helping organizations address their security, visibility and
governance issues by enabling them to control, manage and adapt their Web services, no matter the deployment
model – in the enterprise or in the cloud
cloud.
Contact Layer 7 Technologies
Layer 7 Technologies welcomes your questions, comments, and general feedback.
Email:
info@layer7tech.com
Web Site:
www.layer7tech.com
Phone:
(+1) 604-681-9377
1-800-681-9377 (toll free within North America)
9377
Fax:
604-681-9387
Address:
Layer 7 Technologies
1200 G Street, NW, Suite 800
Washington, DC 20005
Layer 7 Technologies
Suite 405-1100 Melville Street
Vancouver, BC
V6E 4A6 Canada
Legal Information
Copyright © 2011 by Layer 7 Technologies, Inc. (www.layer7tech.com). Contents confidential. All rights reserved.
SecureSpan™ is a registered trademark of Layer 7 Technologies, In All other mentioned trade names and/or
Inc.
trademarks are the property of their respective owners.
Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
ogies
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 7