Layer 7 Oracle Service Bus Appliance

Document Sample
Layer 7 Oracle Service Bus Appliance Powered By Docstoc
					                                             Layer 7 Oracle Service Bus Appliance
The Layer 7 Oracle Service Bus               Secure, Easy to Deploy ESB Appliance from Layer 7 & Oracle
Appliance offers:
                                             The DMZ-ready, pre-configured Layer 7 Oracle Service Bus Appliance offers
Quick & Easy Deployment
                                             extreme XML performance and reduced administration costs
L7 OSB Appliance is a turn-key, pre-
integrated device designed to be
installable out of the box – just rack       OSB in the DMZ
it, assign an IP address, and let the        Organizations trying to deploy middleware products in the DMZ often face significant
appliance configure itself to run on         resistance from their operations department due to the cost and risks associated with
your network, dramatically                   testing and certifying DMZ solutions. For SOA-based environments, that means forged and
decreasing time to deploy.                   malicious XML messages, as well as other XML-based threats could potentially penetrate the
                                             enterprise perimeter, posing a security risk to an organization’s most vulnerable computing
DMZ-class Security                           resources.
With support for all major WS* and
WS-I security protocols, as well as          The Layer 7 Oracle Service Bus (L7 OSB) Appliance combines the power and performance of
the ability to define and enforce            an appliance-based approach with Layer 7’s recognized leadership in XML security and
identity-driven security policies, L7        acceleration to create an integrated solution that can dramatically reduce the effort to
OSB Appliance provides a single,             create a DMZ-ready implementation of Oracle Service Bus (OSB):
secure point of entry to enterprise
services.                                          •    Simple configuration – comes pre-configured and pre-integrated, ready to deploy
                                                   •    Easy deployment – just install it in the rack; connect the power and network
Extreme XML Processing                                  cable(s); assign an IP address, and turn the appliance on
L7 OSB Appliance provides
hardware-based acceleration for                    •    DMZ-class security – a rich set of security capabilities to secure and govern XML
XML message processing at the edge                      and Web services transactions at the enterprise perimeter on a hardened gateway
of the network, allowing                           •    Extreme XML performance – hardware-accelerated XML message processing of key
organizations to optimize network                       SOA processing bottlenecks, such as schema validation and transformations
                                             Deployed on a multi-core, 1U Sun server that features active-active clustering, dual power
                                             supplies, mirrored hot-swappable drives and optional Federal Information Processing
To learn more about Layer 7 and              Standards (FIPS) 140-2 level 3 compliant Hardware Security Module (HSM), L7 OSB
how it can address your                      Appliance provides a quick, cost-effective solution for DMZ conformance.
organization’s SOA and Web services
needs, call 1-800-681-9377 (toll free
                                             Integrated Solution
within North America) or
+1.604.681.9377. You can also email          The Layer 7 Oracle Service Bus Appliance offers an integrated solution, combining the Layer
us at; friend us on          7 SecureSpan XML Gateway’s best-of-breed XML security and acceleration with the market-; visit us at             leading mediation, virtualization and adaptive connectivity of Oracle Service Bus – all in an, or follow-us on twitter          easy to configure and deploy appliance form factor that can reduce SOA cost and
@layer7.                                     complexity, as well as provide faster time to market for a wide range of SOA projects, such
                                                   •    Cross-domain Information Sharing: provide secure, flexible transports and
                                                        messaging in order to share privileged information between multiple identity
                                                   •    Extranet Service Exchange: Simplify the construction of commercial extranet
                                                        services allowing customers and trading partners to conduct secure, private
                                                   •    And for any project in which power consumption and physical space are limited

                 Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
                 trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.
Key Features
Oracle Support
Oracle Internet Directory        •    Offload authentication to Oracle Internet Directory
Oracle Access Manager            •    Offload authentication decisions to Oracle Access Manager (OAM)
Oracle WSM                       •    Interoperate with Oracle Web Services Manager (OWSM)
Oracle Registry                  •    Lookup service interfaces from Oracle Registry
Identity and Message Level Security
Identity-based access to         •    Integration with leading identity, access, SSO and federation systems from Oracle, Sun,
services and operations               Microsoft, CA, IBM Tivoli, Novell
                                 •    Enforce fine-grained entitlement decisions authored in an XACML PDP
Manage security for cross-       •    Credential chaining, credential remapping and support for federated identity
domain and B2B                   •    Integrated SAML STS issuer featuring support for SAML 1.1/2.0 authentication,
relationships                         authorization and attribute based policies, as well as Secure Context Tokens
                                 •    Integrated PKI CA for automated deployment and management of client-side certificates,
                                      and integrated RA for external CAs
                                 •    STS support through WS-Trust and WS-Federation
Enforce standards                •    Support for all major WS* and WS-I security protocols
Secure WSDL, REST and            •    Selectively control access to interfaces down to an operation level
POX interfaces                   •    Create on-the-fly composite WSDL views tailored to specific requestors
                                 •    Support for popular Cloud and SaaS interfaces from Amazon and Salesforce
                                 •    Service look-up and publications using WSIL and UDDI
Audit transactions               •    Log message-level transaction information
                                 •    Spool log data to off-board data stores and management systems
Cryptography                     •    Optional onboard HSM and support for external HSMs (i.e., nCipher, Luna, etc)
                                 •    Support for elliptic curve cryptography (conforms to NSA’s Suite B algorithms)
                                 •    FIPS 140-2 support in both hardware (Level 3) and software (Level 1)
API Management
API Publication                  •    Secure, manage, monitor and control access to APIs exposed to third parties
                                 •    API usage can be throttled to ensure backend services are not overwhelmed; limited by
                                      user, time of day, location, etc; and quota managed (i.e., # of uses/user/day)
API Metrics and Reporting        •    Configurable, out-of-the-box reports provide insight into API performance: measure
                                      throughput, routing failures, utilization and availability rates, etc
                                 •    Track failed authentications/ policy violations to identify patterns & potential threats
API Security                     •    Support for all major WS* and WS-I security protocols
                                 •    Support for all major authentication and authorization standards, including SAML,
                                      Kerberos, digital signatures, X.509 certificates, LDAP, XACML, etc
Threat Protection
Filter XML content for SOA,      •    Configurable validation & filtering of HTTP headers, parameters and form data
Web 2.0 and Cloud                •    Detection of classified or “dirty” words or arbitrary signatures with subsequent scrubbing,
                                      rejection or redaction of messages
                                 •    Support for XML, SOAP, POX, AJAX, REST and other XML-based services
Transactional Integrity          •    Protect against identity spoofing and session hijacking cluster-wide
Protection                       •    Assure integrity of communication end-to-end
Prevent XML attack and           •    Protect against XML parsing; XDoS and OS attacks; SQL and malicious scripting language
intrusion                             injection attacks; external entity attacks
                                 •    Protection against XML content tampering and viruses in SOAP attachments
                                 •    DoD STIG vulnerability tested and assured
Message Caching                   •    Cache responses to common requests, decreasing back-end service load
Concurrent Assertion              •    Run multiple assertions concurrently, thereby reducing overall latency when performing
Processing                             orchestration

          Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
          trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.
XML Acceleration
Accelerated XML                     •    High speed message transformations based on internal or external XSLT
processing                          •    High speed message validation against predefined external schema
                                    •    High speed message searching, element detection and content comparisons
Hardware SSL                        •    Offload SSL operations to hardware
Traffic Management
Throttling                          •    Granular rate limiting and traffic shaping based on number of requests or service
                                         availability across a cluster
Cluster-wide counters               •    Persist message counters across clusters so that rate limiting and traffic shaping can be
                                         strictly enforced in high availability configurations
CoS for XML                         •    Prioritize XML traffic based on Class of Service/Quality of Service preferences
Service availability mgmt           •    Manage routing to back-end services based on availability/latency performance
Policy Lifecycle
WS-Policy-based graphical           •    Compose inheritable policy statements from 70+ atomic policy assertions
policy editor & composer            •    Branch policy execution based on logical conditions, message content, externally retrieved
                                         data or transaction specific environment variables
                                    •    Publish policies to popular registries for lifecycle management
                                    •    Service and operation level policies with inheritance for simplified administration
                                    •    Policy lifecycle and migration management across development, test, staging and
                                         production, as well as geographically distributed data centers
                                    •    API-level access to administration
                                    •    SDK-level policy creation for simplified policy customization
On-the-fly policy changes           •    Polices can be updated live across clusters with no downtime required
Create custom policies              •    Policy SDK allows for custom policy assertion creation using Java
Enterprise-scale Management
Operations Console                   •    A single, real time view of all Gateways across the enterprise and cloud showing audits,
                                          events and key metrics
Policy Migration                     •    Centrally move policies between environments (development, test, staging, production,
                                          etc), settings (enterprise, cloud, etc) or geographies, automatically resolving discrepancies
                                          such as SSG licenses, IP addresses, IT resources (i.e., LDAPs may be named differently), etc
Services Reporting                   •    Configurable, out-of-the-box reports provide insight into SSG operations, service-level
                                          performance, and service user experience
Remote Patching                      •    Selectively update software installed on Gateways, including system files and OS
Disaster Recovery                    •    Centrally back up SSG config files and policies from one or more Gateways/clusters, and
                                          remotely restore, enabling full disaster recovery
Management API                       •    Remote management APIs allow customers to hook their existing, third-party
                                          management tools into the SSG, simplifying asset management
Form Factors
Hardware                            •    Active-active clusterable, dual power supply, mirrored hot-swappable drives, two-way
                                         dual-core 1U server from Sun
Supported Standards
X.509 Certificates, FIPS 140-2, XML Signature, XML Encryption, SSL/TLS, SNMP, SMTP, POP3, IMAP4, HTTP/HTTPS,
FTP/FTPS, JMS, MQ Series, Tibco EMS, WS-Security, WS-Trust, WS-Federation, WS-SecureExchange, WS-Addressing,
WS-SecureConversation, WS-MetadataExchange, WS-Policy, WS-SecurityPolicy, WS-PolicyAttachment, WS-I, WS-I BSP,

To learn more about Layer 7 call us today at +1 800.681.9377 (toll free within North America) or
+1.604.681.9377. You can also email us at; friend us on; visit us
at, or follow-us on twitter @layer7.

             Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
             trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.

Shared By:
Description: Reduce the effort needed to create a DMZ-ready implementation of Oracle Service Bus The Secure, Easy-to-Deploy Enterprise Service Bus (ESB) from Layer 7 & Oracle Oracle Service Bus (OSB) connects and manages interactions between services and applications to maximize SOA performance. The Layer 7 Oracle Service Bus Appliance (L7 OSBA) uses XML security and acceleration functionality from Layer 7’s SecureSpan gateway to create an integrated solution that dramatically reduces the effort needed to deploy OSB in the DMZ.