Datasheet: WebSphere DataPower Service Gateway XG45
IBM Software Data Sheet IBM WebSphere DataPower Service Gateway XG45 Appliance Take action to secure and govern web traffic while you reduce IT complexity For business and IT leaders in a wide range of industries, service-oriented Highlights architecture (SOA) and web services offer tremendous business value— but security remains a persistent challenge. You must help your teams Strengthen compliance using robust ●● ● ● bring new services to the market in a rapid and secure manner. You seek data protection, policy enforcement and auditing capabilities. a pragmatic approach that is cost-effective. You need the ability to adopt new and emerging industry standards and then enforce those standards. Gain “front-line defense” for inbound Your business requires an approach that enhances the value of your ●● ● ● and outbound traffic; this appliance acts as a web 2.0 gateway. existing infrastructure and application investments while improving performance, reducing security risks and simplifying operation. Separate security concerns from applica- ●● ● ● tion code with an optional hardware secu- rity module (HSM) that is certified for FIPS The IBM® WebSphere® DataPower® Service Gateway XG45 140-2 Level 3. Appliance is purpose-built to help you secure and govern web traffic ●● ● ● Integrate applications for improved more effectively. The resulting reduction in IT complexity reduces cost application and database connectivity. within your organization. This is business agility at its most powerful, because it helps you create new revenues. You gain the ability to deploy Support centralized policy management ●● ● ● with an appliance that helps you to new applications rapidly. Experience an advanced data-threat-reduction centrally govern data traffic and helps and security-enforcement layer for your web applications and for your you to strengthen the security of your on-premises applications. applications. Employ this IBM appliance to improve your business in a number of ways: ●● ● Simplicity of Web service deployment. ●● ● Light-weight application and database connectivity for easy connectivity. ●● ● Web service proxy for a more efficient gateway approach. ●● ● Centralized policy and service-level management for compliance and for meeting service levels. ●● ● Data validation for web 2.0 and for existing applications that are web-facing. ●● ● Fine-grained authorization, more-secure web application connectivity and superior cryptography (the optional Hardware Security Module (HSM) helps you improve security).
IBM Software Data SheetAt organizations of every size around the globe, IT teams A pragmatic approach to changeare taking action to secure their organization’s web services, Today’s environment also presents positive opportunities forapplications and data. It is a dynamic environment in which to business and IT leaders who seek effective change—for leadersmanage security and governance. Yet even as your team applies who are willing to utilize the latest technology to addressmuch effort to gain “front line” defense for inbound and out- these critical business requirements. The pace of technologicalbound traffic, another trend is in play: Today’s regulations change at IBM serves to help you focus on staying ahead of therequire security to be built into your infrastructure, instead marketplace. Take advantage of robust solutions that help youof “bolting it on” as an afterthought. achieve your corporate goals.Security has become a “board room” discussion. Threats are Take a cost-effective, pragmatic approach to the securitylaunched constantly against web sites. Policy makers, thought involved with web-enabling your applications. Your service-leaders, business leaders and customers consider the security gateway strategy must include the ability to enforce industryof their web interactions and associated data as critical. They standards, and must include the ability to more easily adapt todemand that this information be properly protected. Additional new standards as they are defined. You want an approach thatpressure is being placed on corporations by regulatory agencies, enhances the value of existing infrastructure investments andwhich continue to require increasing levels of consumer protec- organizational structures, while you optimize applicationtion from data breaches. Corporate leaders must find ways to performance.rapidly and cost-effectively meet business security requirements.You must take action to ensure that your business-critical appli- The IBM WebSphere DataPower Service Gateway XG45cations and the associated data are properly protected. And to appliance is purpose-built to help you build a strongerensure that your business maintains a competitive position in application-security foundation. The WebSphere DataPowerthe marketplace, you must accomplish this in a way that does Service XG45 helps you bring new services to the marketnot slow the deployment of new applications and services. more securely and more rapidly. You can take action to manage business-application risk, increase staff productivity and reduce maintenance costs. And with the DataPower Service Gateway XG45 appliance, you can prepare for the future while you makeNew regulations demand response by business leaders the most of your existing IT assets.The State of Nevada in the U.S. recently amended a law that appliesto any sales transaction in which a business accepts a paymentcard. S.B. 227 requires businesses to comply with the payment cardindustry’s Data Security Standards and to encrypt any personal- Many organizations see results withininformation business transfers. This broadens considerably the weeks with this pragmatic approachinformation security obligations of all companies “doing business”within the state’s borders. Be aware that regulations such as these from IBM.act as a precursor to legislation that could mandate higher standardsfor privacy and data security. The WebSphere DataPower Service Gateway XG45 is a high-performance hardware appliance that is purpose-builtPCI security standards are technical and operational requirements to provide specialized functions that are simpler to integrate.set by the PCI Security Standards Council (PCI SSC) to protect The DataPower Service Gateway XG45 provides:cardholder data. The standards apply to all organizations that store,process or transmit cardholder data and the standards provideguidance for software developers and manufacturers of the ●● ● Light-weight connectivity, mediation and stronger securityapplications and devices used in those transactions. processing to your application infrastructure. ●● ● The ability to streamline complex but valuable SOA, XML and web 2.0 applications. ●● ● The ability to shorten deployment times. ●● ● Acceleration of XML and web-services processing. ●● ● Strengthened governance of your valuable application infrastructure ●● ● The ability to “offload” application encryption and decryption 2
IBM Software Data SheetAn appliance for service visibility,integration, governance and securityThe award-winning DataPower Service Gateway XG45 is apurpose-built hardware platform that delivers highly manage-able, more-secure and scalable SOA solutions. A “hardened”SOA appliance, the DataPower Service Gateway XG45 appli-ance offers an advanced approach to threat-reduction and secu-rity for web transactions. Process your data using a consumableappliance that transforms back-end disparate message formats The IBM WebSphere DataPower Service Gateway XG45 Applianceto XML while its performance applies message-level securityand service policies. XG45, you can opt for a data integration module. This module serves as a field-upgradeable option that provides simplerThe DataPower Service Gateway XG45 supports multiple web application integration and or database connectivity. Withapplication and web 2.0 protocols such as HTTP(s), FTP(s), this data integration module from IBM, “any-to-any” dataWAS JMS, SOAP, and MQ and MQ FTE. Use this appliance transformation becomes possible. The performance of thisright away to bridge disparate messaging and secured file- module provides you with the ability to parse and transformtransfer capabilities. The IBM DataPower Service Gateway arbitrary binary, flat text and XML messages—including EDI,XG45 can exchange messages with IBM WebSphere COBOL Copybook, ISO 8583, CSV, ASN.1 and ebXML. ThisMQSeries® systems by connecting as a WebSphere MQ client. data-transformation capability helps you to enhance applicationUse the DataPower appliance to bridge disparate messaging data sharing. You can support modernization of your existingand transport protocols, such as HTTP or TIBCO EMS, to systems. Expect connectivity of external web 2.0 applicationWebSphere MQ. Messages that originate within a WebSphere and portal applications to internal applications. The optionalMQ system or outside of a WebSphere MQ system can flow data integration module available with the DataPower Serviceeasily to and from another WebSphere MQ system, or to and Gateway XG45 also provides PKCS7 for digital signaturesfrom other messaging systems such as HTTP or TIBCO EMS. and message encryption, which help to strengthen message protection.To bridge the disparate messaging and transport protocols, thisDataPower appliance uses a service such as the Multi-ProtocolGateway service. The performance of the IBM DataPowerService Gateway XG45 supports right away multiple data The business value of fine-grained authorization There is a difference between URL-based or connection-level accessformats such as non-XML, XML, JSON, and make possible control and an approach called fine-grained authorization. Fine-“any-to-any” data transformation using a data integration grained authorization makes it possible for you to interrogate individ-module (DIM). This data integration module is available ual SOAP or XML transactions. This action automatically determinesfrom IBM as an option. And to help ensure that only valid whether a specific transaction should be allowed through, basedauthorized user access is provided to your corporate application upon payload contents, security policy and identity information.infrastructure, the DataPower Service Gateway XG45 inte-grates with security and identity management software such as For example, a purchase order has certain requirements: (1) Greater than a specified amount of money, (2) Digitally signed by a CFOIBM Tivoli® software and several LDAP directories including certificate, (3) Targeted for vendor X and (4) Sent before 5:00 p.m.Microsoft AD. This purchase order is allowed through, but the transaction immedi- ately following it is rejected. SAML, WS-Security and XACML areData integration module lets you add emerging as core standards for those who wish to implement thisbinary data formats, PKCS7 and ODBC fine-grained access control—which is especially helpful in an open,One of first steps for leaders who want to try newer technolo- cross-platform environment that joins a variety of policy enforcementgies such as service-oriented architecture (SOA) is to ensure points (such as the DataPower Service Gateway XG45 appliance)they have in place a robust Enterprise Service Bus (ESB) or with central policy repositories. The business value of this approach is clear: You can save time and reduce cost. Business agilityapplication connectivity. With DataPower Service Gateway becomes reality. 3
IBM Software Data SheetSupport compliance with robustdata-protection and auditing capabilities The vast number of different protocols thatA powerful Authentication, Authorization and Auditing (AAA)framework makes it possible for the DataPower Service it could handle … made the DataPowerGateway XG45 appliance to use a broad variety of methods Appliance appealing as a leader in thatfor extracting data from incoming requests along with identity market segment.information such as user passwords and security tokens.Authentication and authorization steps are also modular; these —Bank IT Directorsteps can be based upon on-board or off-board repositories.Audit-and-accounting processing is fully extensible. Thisunique framework enables the appliance to integrate with awide variety of identity management solutions. You can inte- Increase trust in existing services withgrate proprietary, in-house Single Sign On (SSO) systems with run-time policy enforcementyour web services security architecture. The device selectively The performance of the DataPower Service Gateway XG45shares information through encryption-and-decryption and appliance enables enterprises to centralize security and gover-signing-and-verification of entire messages or of individual nance functions in a single “drop-in” device that reducesXML fields. ongoing maintenance costs. You can configure simpler firewall and web services proxy functions using a web GUI, and haveThese granular and conditional security policies can be based it operational in minutes. Or, you can create custom securityon nearly any variable, including content, IP address, host name and routing rules using Extensible Stylesheet Languageand other user-defined filters. Robust data protection, policy Transformation (XSLT), if that is a requirement. Theenforcement and auditing capabilities help organizations around WebSphere DataPower Service Gateway XG45 appliance isthe world achieve and maintain compliance with industry and designed to be an excellent policy-enforcement and executionregulatory requirements such as Sarbanes-Oxley, the Payment engine for those who wish to better secure “next generation”Card Industry Data Security Standard (PCI-DSS) and the applications, which makes it easier for you to control accessHealth Insurance Portability and Accountability Act (HIPAA). to applications, services and data using customizable roles and rights.Mitigate risks with “DMZ-grade” securityfor mission-critical applications This purpose-built appliance integrates with leading policyDiscover a hardware device that delivers advanced XML and managers and service registries, such as IBM WebSphereweb services access controls without complex configuration or Service Registry and Repository. Support for standards such ascustom code. The WebSphere DataPower Service Gateway WSSecurity, WS-SecurityPolicy, WS-Reliable Messaging andXG45 appliance offers the higher levels of security-assurance WS-Policy are standard capabilities provided by WebSpherecertification that are required by such enterprises as financial DataPower Service Gateway XG45. The DataPower Serviceservices and government agencies, including Public Key Gateway XG45 supports Simple Network ManagementInfrastructure (PKI), Federal Information Processing Standard Protocol (SNMP), script-based configuration and remote log-(FIPS), 140-2 Hardware Security Module (HSM), General ging to integrate seamlessly with leading management software.Services Administration (GSA) eAuthentication, HomelandSecurity Presidential Directive (HSPD)-12 .The combination “Drop-in,” standards-based security andof high-performance of hardware acceleration with simplified governance for web 2.0 applicationsdeployment and ongoing management represents a powerful Modern web applications are evolving from static pages andcombination for your organization. You can expect to reduce forms into interactions that rival native desktop programs suchcomplexity. You can expect to reduce the costs of securing as email clients, street-mapping software and customer relation-mission-critical services, applications and data. Your reduced ship management (CRM) systems. Your customers, colleaguesneed for SOA programming skills can result in faster time-to-market for SOA benefits, without sacrificing strong supportfor security. 4