API Management for VMare vCloud by Layer7Tech


More Info
									                                       API Management for VMware vCloud
Layer 7’s CloudSpan CloudControl       Protect, Abstract, and Meter vCloud APIs
Gateways offer:
                                       Layer 7 CloudSpan CloudControl abstracts vCloud APIs, giving organizations
Abstraction & Management
                                       enhanced control and management capabilities
Policy-driven management
streamlines API versioning,
composition and orchestration,         vCloud API Abstraction Provides Greater Control
while ensuring conformance to          VMware’s vCloud initiative represents virtualization 2.0, avoiding the classic virtualization
SLA and quality of service goals       metaphors rooted in the physical world—hosts, SANs, and networks—and instead
through throttling/rate limiting.      promoting a multi-tenanted, resource-centric view of the virtual datacenter. With vCloud,
                                       enterprises and service providers can create the basis of a public or private cloud that
Metering & Reporting                   features simplified service provisioning and chargeback by programmatically controlling
Granular logging, monitoring and       their virtualized assets via the vCloud APIs. Adding a layer of abstraction on top of the
auditing capabilities, coupled with    vCloud APIs allows organizations to simplify the way in which service providers can manage
performance metrics allow you to       and control vCloud Director, streamlining automation.
understand, track and meter API
usage.                                 The Layer 7 CloudSpan CloudControl gateway delivers key protection, abstraction and
                                       metering capabilities for vCloud APIs by implementing a configurable policy creation and
Protection & Control                   enforcement point at the API level. CloudControl’s intuitive drag-and-drop policy builder lets
Implement fine-grained access          you create and enforce API policies that provide for:
control and comprehensive threat
protection for all API calls.          •   Abstraction and masking of APIs
                                       •   Composition/orchestration to create new APIs
                                       •   Live dashboard monitoring of API usage
To learn more about Layer 7’s latest   •   Versioning of REST and SOAP APIs (beyond vCloud basic versioning)
release, call 1-800-681-9377 (toll     •   Mapping between SOAP and REST
free within North America) or          •   Transformation of any GET, POST, DELETE, and PUT content
+1.604.681.9377. You can also email    •   Authentication (HTTP basic, digest, SSL, but also SAML, Kerberos, X.509 certs, OAuth, etc)
us at info@layer7.com; friend us on    •   Cloud single sign-on (SSO)
facebook.com/layer7; visit us at       •   Fine grained authorization to individual APIs
layer7.com, or follow-us on twitter    •   Validation of XML structures (such as OVF containers)
@layer7.                               •   Threat detection, including threats embedded in XML OVF files
                                       •   Automatic fail-over between hosts
                                       •   JSON Schema validation
                                       •   Management of federated relationships
                                       •   Fully customizable audit

                                       Secure Hybrid Cloud – The Future of Enterprise IT
                                       The CloudControl gateway is the basis of an enterprise-class cloud governance solution. In
                                       contrast to other solutions that run as third party services or attempt to broker security
                                       from a remote datacenter, CloudControl runs as an integral part of the vCloud Director
                                       environment. The CloudControl VMware virtual machine is easily incorporated into any
                                       VMware infrastructure. In this way, the security, management and metering solution for
                                       your cloud APIs resides within the cloud they are protecting—not off at some other location
                                       where proxyed transactions can be subjected to attack while traversing the open Internet.
                                       Locally integrating a security solution as an integral part of your cloud infrastructure allows
                                       you to properly secure your cloud APIs, ensuring sophisticated access control and protection
                                       against denial-of-service (DoS) attacks.
Key Features
vCloud API Protection & Control
Threat Protection         •     Protect against Cross-Site Scripting (XSS), SQL Injection, XML content/structural threats, viruses, etc
                          •     Create custom threat profiles to extend built-in filters for message structure & XML-specific threats
                          •     Track failed authentications and/or policy violations to identify patterns and potential threats
                          •     Validate HTTP parameters, REST query/POST parameters, JSON data structures, XML schemas, etc
Access Control            •     Support for HTTP basic, digest, SSL client-side certificate authorization, Microsoft SPNEGO, etc
                          •     Support for all major authentication and authorization standards, including SAML, Kerberos, digital
                                signatures, X.509 certificates, LDAP, OAuth, etc, and leading identity and access management systems
Privacy                   •     Powerful message content filtering and transformation tools help identify and surpass leakage of sensitive
                                information (i.e. SSNs, credit card numbers, etc.)
                          •     Support for multiple types of element or message level XML signing and encryption
vCloud API Abstraction & Management
API Lifecycle             •     APIs can be smoothly migrated between environments (i.e. from Dev to Test, East to West, etc.) with full
                                dependency resolution and re-mapping
                          •     Supports automatic API versioning including rollback to any previous version
                          •     Global security settings, threat detection profiles, etc. can be reused across multiple APIs to save time and
                                ensure consistency
API Composition           •     Point and click API composer supports quickly building composite virtual APIs from any combination and/or
                                subset of existing APIs
Orchestration             •     Policy-driven API request sequencing based on administrator-defined conditions and logic
                          •     Routing based on message content or service availability
                          •     Run multiple back-end service calls concurrently, thereby reducing overall latency
Multiple Protocols        •     Supports any combination of XML/REST/SOAP APIs and enables translation between protocols to simplify
                                customer adoption
                          •     Filter/customize back-end error messages to better fit customers deployment patterns
SLA/Performance           •     Enforce availability through throttling and/or rate limiting to ensure SLAs and QoS priorities
Control                   •     Advanced, carrier-grade traffic shaping to manage bandwidth to API servers
                          •     Access to API methods can be filtered/restricted based on user, time of day, service level, etc.
                          •     Route traffic based on geography, IP address, back-end response times, etc for optimum performance
                          •     Integrated clustering provides scalability and automatic failover between multiple instances of APIs/services
Management API            •     Remote management APIs allow customers to hook their existing, third-party management tools into
                                CloudSpan, simplifying asset management
vCloud API Metering & Reporting
Metrics and Reporting     •     Configurable, out-of-the-box reports provide insight into API performance: meter and track API/method
                                usage for per-user billing, capacity planning, SLA compliance etc.
                          •     Real time monitoring dashboard provides fine-grained insight into API & network level performance
Customer Mapping          •     Report on service performance, policy violations and SLA conformance based on specific customers,
                                composites (i.e., processes and transactions using a service) or clients to build a profile of user experience
Audit transactions        •     Log files provide a granular audit trail of all API connections mediated by CloudControl
Supported Standards
FIPS 140-2, Kerberos, XML Signature, XML Encryption, SSL/TLS, SNMP, SMTP, POP3, IMAP4, HTTP/HTTPS, MQ Series, Tibco EMS,
FTP, WS-Security, WS-Trust, WS-Federation, WS-SecureExchange, WS-Addressing, WS-SecureConversation, WS-MetadataExchange,
WS-Policy, WS-SecurityPolicy, WS-PolicyAttachment, WSIL, WS-I, WS-I BSP, UDDI, WSRR, MTOM, IPv6, WCF

To learn more about Layer 7 call us today at +1 800.681.9377 (toll free within North America) or +1.604.681.9377. You
can also email us at info@layer7.com; friend us on facebook.com/layer7; visit us at layer7.com, or follow-us on twitter

                        Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
                        trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.

To top