Datasheet: WebSphere DataPower Service Gateway XG45


Published on

WebSphere DataPower Service Gateway XG45 is built for web services deployments, governance, light integrations and hardened security.

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Datasheet: WebSphere DataPower Service Gateway XG45

  1. 1. IBM Software Data Sheet IBM WebSphere DataPower Service Gateway XG45 Appliance Take action to secure and govern web traffic while you reduce IT complexity For business and IT leaders in a wide range of industries, service-oriented Highlights architecture (SOA) and web services offer tremendous business value— but security remains a persistent challenge. You must help your teams Strengthen compliance using robust ●● ● ● bring new services to the market in a rapid and secure manner. You seek data protection, policy enforcement and auditing capabilities. a pragmatic approach that is cost-effective. You need the ability to adopt new and emerging industry standards and then enforce those standards. Gain “front-line defense” for inbound Your business requires an approach that enhances the value of your ●● ● ● and outbound traffic; this appliance acts as a web 2.0 gateway. existing infrastructure and application investments while improving performance, reducing security risks and simplifying operation. Separate security concerns from applica- ●● ● ● tion code with an optional hardware secu- rity module (HSM) that is certified for FIPS The IBM® WebSphere® DataPower® Service Gateway XG45 140-2 Level 3. Appliance is purpose-built to help you secure and govern web traffic ●● ● ● Integrate applications for improved more effectively. The resulting reduction in IT complexity reduces cost application and database connectivity. within your organization. This is business agility at its most powerful, because it helps you create new revenues. You gain the ability to deploy Support centralized policy management ●● ● ● with an appliance that helps you to new applications rapidly. Experience an advanced data-threat-reduction centrally govern data traffic and helps and security-enforcement layer for your web applications and for your you to strengthen the security of your on-premises applications. applications. Employ this IBM appliance to improve your business in a number of ways: ●● ● Simplicity of Web service deployment. ●● ● Light-weight application and database connectivity for easy connectivity. ●● ● Web service proxy for a more efficient gateway approach. ●● ● Centralized policy and service-level management for compliance and for meeting service levels. ●● ● Data validation for web 2.0 and for existing applications that are web-facing. ●● ● Fine-grained authorization, more-secure web application connectivity and superior cryptography (the optional Hardware Security Module (HSM) helps you improve security).
  2. 2. IBM Software Data SheetAt organizations of every size around the globe, IT teams A pragmatic approach to changeare taking action to secure their organization’s web services, Today’s environment also presents positive opportunities forapplications and data. It is a dynamic environment in which to business and IT leaders who seek effective change—for leadersmanage security and governance. Yet even as your team applies who are willing to utilize the latest technology to addressmuch effort to gain “front line” defense for inbound and out- these critical business requirements. The pace of technologicalbound traffic, another trend is in play: Today’s regulations change at IBM serves to help you focus on staying ahead of therequire security to be built into your infrastructure, instead marketplace. Take advantage of robust solutions that help youof “bolting it on” as an afterthought. achieve your corporate goals.Security has become a “board room” discussion. Threats are Take a cost-effective, pragmatic approach to the securitylaunched constantly against web sites. Policy makers, thought involved with web-enabling your applications. Your service-leaders, business leaders and customers consider the security gateway strategy must include the ability to enforce industryof their web interactions and associated data as critical. They standards, and must include the ability to more easily adapt todemand that this information be properly protected. Additional new standards as they are defined. You want an approach thatpressure is being placed on corporations by regulatory agencies, enhances the value of existing infrastructure investments andwhich continue to require increasing levels of consumer protec- organizational structures, while you optimize applicationtion from data breaches. Corporate leaders must find ways to performance.rapidly and cost-effectively meet business security requirements.You must take action to ensure that your business-critical appli- The IBM WebSphere DataPower Service Gateway XG45cations and the associated data are properly protected. And to appliance is purpose-built to help you build a strongerensure that your business maintains a competitive position in application-security foundation. The WebSphere DataPowerthe marketplace, you must accomplish this in a way that does Service XG45 helps you bring new services to the marketnot slow the deployment of new applications and services. more securely and more rapidly. You can take action to manage business-application risk, increase staff productivity and reduce maintenance costs. And with the DataPower Service Gateway XG45 appliance, you can prepare for the future while you makeNew regulations demand response by business leaders the most of your existing IT assets.The State of Nevada in the U.S. recently amended a law that appliesto any sales transaction in which a business accepts a paymentcard. S.B. 227 requires businesses to comply with the payment cardindustry’s Data Security Standards and to encrypt any personal- Many organizations see results withininformation business transfers. This broadens considerably the weeks with this pragmatic approachinformation security obligations of all companies “doing business”within the state’s borders. Be aware that regulations such as these from IBM.act as a precursor to legislation that could mandate higher standardsfor privacy and data security. The WebSphere DataPower Service Gateway XG45 is a high-performance hardware appliance that is purpose-builtPCI security standards are technical and operational requirements to provide specialized functions that are simpler to integrate.set by the PCI Security Standards Council (PCI SSC) to protect The DataPower Service Gateway XG45 provides:cardholder data. The standards apply to all organizations that store,process or transmit cardholder data and the standards provideguidance for software developers and manufacturers of the ●● ● Light-weight connectivity, mediation and stronger securityapplications and devices used in those transactions. processing to your application infrastructure. ●● ● The ability to streamline complex but valuable SOA, XML and web 2.0 applications. ●● ● The ability to shorten deployment times. ●● ● Acceleration of XML and web-services processing. ●● ● Strengthened governance of your valuable application infrastructure ●● ● The ability to “offload” application encryption and decryption 2
  3. 3. IBM Software Data SheetAn appliance for service visibility,integration, governance and securityThe award-winning DataPower Service Gateway XG45 is apurpose-built hardware platform that delivers highly manage-able, more-secure and scalable SOA solutions. A “hardened”SOA appliance, the DataPower Service Gateway XG45 appli-ance offers an advanced approach to threat-reduction and secu-rity for web transactions. Process your data using a consumableappliance that transforms back-end disparate message formats The IBM WebSphere DataPower Service Gateway XG45 Applianceto XML while its performance applies message-level securityand service policies. XG45, you can opt for a data integration module. This module serves as a field-upgradeable option that provides simplerThe DataPower Service Gateway XG45 supports multiple web application integration and or database connectivity. Withapplication and web 2.0 protocols such as HTTP(s), FTP(s), this data integration module from IBM, “any-to-any” dataWAS JMS, SOAP, and MQ and MQ FTE. Use this appliance transformation becomes possible. The performance of thisright away to bridge disparate messaging and secured file- module provides you with the ability to parse and transformtransfer capabilities. The IBM DataPower Service Gateway arbitrary binary, flat text and XML messages—including EDI,XG45 can exchange messages with IBM WebSphere COBOL Copybook, ISO 8583, CSV, ASN.1 and ebXML. ThisMQSeries® systems by connecting as a WebSphere MQ client. data-transformation capability helps you to enhance applicationUse the DataPower appliance to bridge disparate messaging data sharing. You can support modernization of your existingand transport protocols, such as HTTP or TIBCO EMS, to systems. Expect connectivity of external web 2.0 applicationWebSphere MQ. Messages that originate within a WebSphere and portal applications to internal applications. The optionalMQ system or outside of a WebSphere MQ system can flow data integration module available with the DataPower Serviceeasily to and from another WebSphere MQ system, or to and Gateway XG45 also provides PKCS7 for digital signaturesfrom other messaging systems such as HTTP or TIBCO EMS. and message encryption, which help to strengthen message protection.To bridge the disparate messaging and transport protocols, thisDataPower appliance uses a service such as the Multi-ProtocolGateway service. The performance of the IBM DataPowerService Gateway XG45 supports right away multiple data The business value of fine-grained authorization There is a difference between URL-based or connection-level accessformats such as non-XML, XML, JSON, and make possible control and an approach called fine-grained authorization. Fine-“any-to-any” data transformation using a data integration grained authorization makes it possible for you to interrogate individ-module (DIM). This data integration module is available ual SOAP or XML transactions. This action automatically determinesfrom IBM as an option. And to help ensure that only valid whether a specific transaction should be allowed through, basedauthorized user access is provided to your corporate application upon payload contents, security policy and identity information.infrastructure, the DataPower Service Gateway XG45 inte-grates with security and identity management software such as For example, a purchase order has certain requirements: (1) Greater than a specified amount of money, (2) Digitally signed by a CFOIBM Tivoli® software and several LDAP directories including certificate, (3) Targeted for vendor X and (4) Sent before 5:00 p.m.Microsoft AD. This purchase order is allowed through, but the transaction immedi- ately following it is rejected. SAML, WS-Security and XACML areData integration module lets you add emerging as core standards for those who wish to implement thisbinary data formats, PKCS7 and ODBC fine-grained access control—which is especially helpful in an open,One of first steps for leaders who want to try newer technolo- cross-platform environment that joins a variety of policy enforcementgies such as service-oriented architecture (SOA) is to ensure points (such as the DataPower Service Gateway XG45 appliance)they have in place a robust Enterprise Service Bus (ESB) or with central policy repositories. The business value of this approach is clear: You can save time and reduce cost. Business agilityapplication connectivity. With DataPower Service Gateway becomes reality. 3
  4. 4. IBM Software Data SheetSupport compliance with robustdata-protection and auditing capabilities The vast number of different protocols thatA powerful Authentication, Authorization and Auditing (AAA)framework makes it possible for the DataPower Service it could handle … made the DataPowerGateway XG45 appliance to use a broad variety of methods Appliance appealing as a leader in thatfor extracting data from incoming requests along with identity market segment.information such as user passwords and security tokens.Authentication and authorization steps are also modular; these —Bank IT Directorsteps can be based upon on-board or off-board repositories.Audit-and-accounting processing is fully extensible. Thisunique framework enables the appliance to integrate with awide variety of identity management solutions. You can inte- Increase trust in existing services withgrate proprietary, in-house Single Sign On (SSO) systems with run-time policy enforcementyour web services security architecture. The device selectively The performance of the DataPower Service Gateway XG45shares information through encryption-and-decryption and appliance enables enterprises to centralize security and gover-signing-and-verification of entire messages or of individual nance functions in a single “drop-in” device that reducesXML fields. ongoing maintenance costs. You can configure simpler firewall and web services proxy functions using a web GUI, and haveThese granular and conditional security policies can be based it operational in minutes. Or, you can create custom securityon nearly any variable, including content, IP address, host name and routing rules using Extensible Stylesheet Languageand other user-defined filters. Robust data protection, policy Transformation (XSLT), if that is a requirement. Theenforcement and auditing capabilities help organizations around WebSphere DataPower Service Gateway XG45 appliance isthe world achieve and maintain compliance with industry and designed to be an excellent policy-enforcement and executionregulatory requirements such as Sarbanes-Oxley, the Payment engine for those who wish to better secure “next generation”Card Industry Data Security Standard (PCI-DSS) and the applications, which makes it easier for you to control accessHealth Insurance Portability and Accountability Act (HIPAA). to applications, services and data using customizable roles and rights.Mitigate risks with “DMZ-grade” securityfor mission-critical applications This purpose-built appliance integrates with leading policyDiscover a hardware device that delivers advanced XML and managers and service registries, such as IBM WebSphereweb services access controls without complex configuration or Service Registry and Repository. Support for standards such ascustom code. The WebSphere DataPower Service Gateway WSSecurity, WS-SecurityPolicy, WS-Reliable Messaging andXG45 appliance offers the higher levels of security-assurance WS-Policy are standard capabilities provided by WebSpherecertification that are required by such enterprises as financial DataPower Service Gateway XG45. The DataPower Serviceservices and government agencies, including Public Key Gateway XG45 supports Simple Network ManagementInfrastructure (PKI), Federal Information Processing Standard Protocol (SNMP), script-based configuration and remote log-(FIPS), 140-2 Hardware Security Module (HSM), General ging to integrate seamlessly with leading management software.Services Administration (GSA) eAuthentication, HomelandSecurity Presidential Directive (HSPD)-12 .The combination “Drop-in,” standards-based security andof high-performance of hardware acceleration with simplified governance for web 2.0 applicationsdeployment and ongoing management represents a powerful Modern web applications are evolving from static pages andcombination for your organization. You can expect to reduce forms into interactions that rival native desktop programs suchcomplexity. You can expect to reduce the costs of securing as email clients, street-mapping software and customer relation-mission-critical services, applications and data. Your reduced ship management (CRM) systems. Your customers, colleaguesneed for SOA programming skills can result in faster time-to-market for SOA benefits, without sacrificing strong supportfor security. 4
  5. 5. IBM Software Data Sheetand partners have come to demand the same level of interactiv-ity and data access for their information. Unfortunately, criticalbusiness data can be locked away in your existing system IBM has developed a solid business approachapplications—applications that were not designed for this to the appliance marketplace, taking intotype of use. account the challenges of adding new members to the range, maintainingThe DataPower Service Gateway XG45 appliance bridgesweb 2.0 applications to more formal enterprise standards such a consistent focus and ensuring clientsas JavaScript Object Notation (JSON). The DataPower Service continue to get ongoing value.Gateway XG45 appliance offers native support for JSON andfor Representational State Transfer (REST), which helps your —Lustratus Research, Inc., A Competitive Review of SOA Appliances, March 2010team more easily support new devices (smartphones, tablets,netbooks, and other devices), social networking, cloudcomputing and Software as a Service (SaaS) applications. IT infrastructure, Eclipse-based application developmentPowerful enhancements help your environment or XMLSpy integration. This innovative, prag-organization thrive matic approach helps to reduce your total cost of ownershipThe newest addition to the WebSphere DataPower appliance for security, mediation, web 2.0 and web services, the WebSphere DataPower Service Gateway XG45 You can re-use existing XSLT programs and deploy themappliance helps you to take full advantage of your existing on the DataPower Service Gateway XG45 appliance. IBM WebSphere DataPower Service Gateway XG45 Appliance Feature Business benefit Web-application firewall and ●● Create portal connections that are more secure. Help protect your organization against XML vulnerabilities; gateway this IBM appliance acts as the XML proxy. ●● Experience strong security functions beyond those of an XML firewall. Expect web services access control (AAA), XML Encryption and Digital Signature, WS-Security and content-based routing. XML denial-of-service ●● Validate incoming requests and document malformed and malicious traffic; gain access to valuable post-attack protection forensics. ●● Take control over the low-byte XML messages that can bypass your traditional perimeter protection and cause your mission-critical applications to fail instantly. Field-level message security ●● Take action to protect the information that keeps your organization agile and competitive. This IBM service- gateway appliance selectively shares information of entire messages—or of individual XML fields. Access control for web ●● Gain powerful access-control functions. Enable more-secure access to web services-based applications for services your clients, whether they are internal or external. Light-weight application ●● You can opt for a Data Integration Module as a field- upgradeable option for any-to-any data transformation. The connectivity module can parse and transform arbitrary binary, flat text, and XML messages, including EDI, COBOL Copybook, ISO 8583, CSV, ASN.1, and ebXML. The optional Data Integration Module also provides database access and PKCS7 encryption. Fine-grained authorization ●● Gain more control over the processes that bring value to your organization. Instead of URL-based or connection- level access control, expect fine-grained authorization that interrogates individual SOAP or XML transactions to determine whether they should be allowed through. Service virtualization ●● Transparently map a rich set of services to protected back-end resources—without sacrificing performance. This IBM appliance gives you the combined power of URL rewriting, high-performance XSL transformations and routing for XML and SOAP. 5
  6. 6. The hardware platform for the WebSphere DataPowerService Gateway XG45 appliance●● ● 1U high-density, rack-mount design●● ● Latest-generation hardware technology that helps increase performance and capacity © Copyright IBM Corporation 2011●● ● Easier service; multiple field-replaceable parts IBM Corporation●● ● Customized intrusion-detection handling Software Group Route 100●● ● Enhanced LEDs for different hardware components, which Somers, NY 10589 U.S.A. provide user feedback Produced in the United States of America●● ● Hardware diagnostic tool to help identify hardware problems December 2011●● ● Two network I/O modules for increased flexibility and IBM, the IBM logo,, Tivoli, WebSphere, MQSeries and serviceability (four 1-GB ports and two 10-GB ports) DataPower are trademarks of International Business Machines Corporation in the United States, other countries or both. If theseWhy IBM? and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbolsMore than 1,700 organizations of all sizes employ indicate U.S. registered or common law trademarks owned by IBM atIBM WebSphere DataPower SOA appliances to reduce the time this information was published. Such trademarks may also beIT complexity, lower costs, improve return-on-investment and registered or common law trademarks in other countries. A current list of IBM trademarks is available on the web at “Copyright and trademarkfoster new business. IBM appliances are used by companies in information” at wide range of industries around the globe. These IBM appli- Microsoft, Windows, Windows NT, and the Windows logo are trademarksances are purpose built, enabling you to match a specific of Microsoft Corporation in the United States, other countries, or both.appliance to a specific business requirement—which provides Java and all Java-based trademarks and logos are trademarks or registeredleaders with optimal return on investment. Engage the trademarks of Oracle and/or its affiliates.IBM team and take advantage of our deep industry and Other product, company or service names may be trademarks or servicetechnical knowledge combined with the robust capabilities marks of others.provided by IBM appliances. Work smarter with IBM. Please RecycleFor more informationThe best SOA appliance is the one that helps yourbusiness aspirations become reality. To learn more aboutIBM WebSphere DataPower appliances, or to confirm whichappliance is the best fit for your organization, contact yourIBM sales representative or your IBM Business Partner, or visitthe following website:, IBM Global Financing can help you acquire theIT solutions that your business needs in the most cost-effectiveand strategic way possible. We’ll partner with credit-qualifiedclients to customize an IT financing solution to suit your busi-ness goals, enable effective cash management, and improve yourtotal cost of ownership. IBM Global Financing is your smartestchoice to fund critical IT investments and propel your businessforward. For more information, visit: WSD14015-USEN-02