VIEWS: 7 PAGES: 2 POSTED ON: 4/4/2012 Public Domain
Protect, abstract and meter vCloud APIs With VMware vCloud, enterprises and service providers can programmatically control their virtualized assets via the vCloud APIs. Layer 7’s CloudSpan CloudControl Gateway delivers key protection, abstraction and metering capabilities for vCloud APIs by implementing a configurable policy creation and enforcement point at the API level.
API Management for VMware vCloud Layer 7’s CloudSpan CloudControl Protect, Abstract, and Meter vCloud APIs Gateways offer: Layer 7 CloudSpan CloudControl abstracts vCloud APIs, giving organizations Abstraction & Management enhanced control and management capabilities Policy-driven management streamlines API versioning, composition and orchestration, vCloud API Abstraction Provides Greater Control while ensuring conformance to VMware’s vCloud initiative represents virtualization 2.0, avoiding the classic virtualization SLA and quality of service goals metaphors rooted in the physical world—hosts, SANs, and networks—and instead through throttling/rate limiting. promoting a multi-tenanted, resource-centric view of the virtual datacenter. With vCloud, enterprises and service providers can create the basis of a public or private cloud that Metering & Reporting features simplified service provisioning and chargeback by programmatically controlling Granular logging, monitoring and their virtualized assets via the vCloud APIs. Adding a layer of abstraction on top of the auditing capabilities, coupled with vCloud APIs allows organizations to simplify the way in which service providers can manage performance metrics allow you to and control vCloud Director, streamlining automation. understand, track and meter API usage. The Layer 7 CloudSpan CloudControl gateway delivers key protection, abstraction and metering capabilities for vCloud APIs by implementing a configurable policy creation and Protection & Control enforcement point at the API level. CloudControl’s intuitive drag-and-drop policy builder lets Implement fine-grained access you create and enforce API policies that provide for: control and comprehensive threat protection for all API calls. • Abstraction and masking of APIs • Composition/orchestration to create new APIs • Live dashboard monitoring of API usage To learn more about Layer 7’s latest • Versioning of REST and SOAP APIs (beyond vCloud basic versioning) release, call 1-800-681-9377 (toll • Mapping between SOAP and REST free within North America) or • Transformation of any GET, POST, DELETE, and PUT content +1.604.681.9377. You can also email • Authentication (HTTP basic, digest, SSL, but also SAML, Kerberos, X.509 certs, OAuth, etc) us at firstname.lastname@example.org; friend us on • Cloud single sign-on (SSO) facebook.com/layer7; visit us at • Fine grained authorization to individual APIs layer7.com, or follow-us on twitter • Validation of XML structures (such as OVF containers) @layer7. • Threat detection, including threats embedded in XML OVF files • Automatic fail-over between hosts • JSON Schema validation • Management of federated relationships • Fully customizable audit Secure Hybrid Cloud – The Future of Enterprise IT The CloudControl gateway is the basis of an enterprise-class cloud governance solution. In contrast to other solutions that run as third party services or attempt to broker security from a remote datacenter, CloudControl runs as an integral part of the vCloud Director environment. The CloudControl VMware virtual machine is easily incorporated into any VMware infrastructure. In this way, the security, management and metering solution for your cloud APIs resides within the cloud they are protecting—not off at some other location where proxyed transactions can be subjected to attack while traversing the open Internet. Locally integrating a security solution as an integral part of your cloud infrastructure allows you to properly secure your cloud APIs, ensuring sophisticated access control and protection against denial-of-service (DoS) attacks. Key Features vCloud API Protection & Control Threat Protection • Protect against Cross-Site Scripting (XSS), SQL Injection, XML content/structural threats, viruses, etc • Create custom threat profiles to extend built-in filters for message structure & XML-specific threats • Track failed authentications and/or policy violations to identify patterns and potential threats • Validate HTTP parameters, REST query/POST parameters, JSON data structures, XML schemas, etc Access Control • Support for HTTP basic, digest, SSL client-side certificate authorization, Microsoft SPNEGO, etc • Support for all major authentication and authorization standards, including SAML, Kerberos, digital signatures, X.509 certificates, LDAP, OAuth, etc, and leading identity and access management systems Privacy • Powerful message content filtering and transformation tools help identify and surpass leakage of sensitive information (i.e. SSNs, credit card numbers, etc.) • Support for multiple types of element or message level XML signing and encryption vCloud API Abstraction & Management API Lifecycle • APIs can be smoothly migrated between environments (i.e. from Dev to Test, East to West, etc.) with full dependency resolution and re-mapping • Supports automatic API versioning including rollback to any previous version • Global security settings, threat detection profiles, etc. can be reused across multiple APIs to save time and ensure consistency API Composition • Point and click API composer supports quickly building composite virtual APIs from any combination and/or subset of existing APIs Orchestration • Policy-driven API request sequencing based on administrator-defined conditions and logic • Routing based on message content or service availability • Run multiple back-end service calls concurrently, thereby reducing overall latency Multiple Protocols • Supports any combination of XML/REST/SOAP APIs and enables translation between protocols to simplify customer adoption • Filter/customize back-end error messages to better fit customers deployment patterns SLA/Performance • Enforce availability through throttling and/or rate limiting to ensure SLAs and QoS priorities Control • Advanced, carrier-grade traffic shaping to manage bandwidth to API servers • Access to API methods can be filtered/restricted based on user, time of day, service level, etc. • Route traffic based on geography, IP address, back-end response times, etc for optimum performance • Integrated clustering provides scalability and automatic failover between multiple instances of APIs/services Management API • Remote management APIs allow customers to hook their existing, third-party management tools into CloudSpan, simplifying asset management vCloud API Metering & Reporting Metrics and Reporting • Configurable, out-of-the-box reports provide insight into API performance: meter and track API/method usage for per-user billing, capacity planning, SLA compliance etc. • Real time monitoring dashboard provides fine-grained insight into API & network level performance Customer Mapping • Report on service performance, policy violations and SLA conformance based on specific customers, composites (i.e., processes and transactions using a service) or clients to build a profile of user experience Audit transactions • Log files provide a granular audit trail of all API connections mediated by CloudControl Supported Standards XML, JSON, SOAP, REST, PCI-DSS, AJAX, XPath, XSLT, WSDL, XML Schema, LDAP, SAML, XACML, OAuth, PKCS, X.509 Certificates, JMS, FIPS 140-2, Kerberos, XML Signature, XML Encryption, SSL/TLS, SNMP, SMTP, POP3, IMAP4, HTTP/HTTPS, MQ Series, Tibco EMS, FTP, WS-Security, WS-Trust, WS-Federation, WS-SecureExchange, WS-Addressing, WS-SecureConversation, WS-MetadataExchange, WS-Policy, WS-SecurityPolicy, WS-PolicyAttachment, WSIL, WS-I, WS-I BSP, UDDI, WSRR, MTOM, IPv6, WCF To learn more about Layer 7 call us today at +1 800.681.9377 (toll free within North America) or +1.604.681.9377. You can also email us at email@example.com; friend us on facebook.com/layer7; visit us at layer7.com, or follow-us on twitter @layer7 Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.
Pages to are hidden for
"API Management for VMare vCloud"Please download to view full document