Solutions SecureSpan Solution for Insurance The SecureSpan Solution for extend your SOA to resellers & customers, reducing Securely e Insurance offers: the barriers to doing business and streamlining self service Drive Partner-based Revenues Securely sharing your applications SecureSpan SOA Gateway selectively exposes your applications in a secure via Web services improves cost manner to customers & partners resulting in agile, cost-effective interactions transparency, communication and collaboration, making it easier for Increase Revenue Potential partners to do business with you rather than your competition. aking Making it easier for partners to do business with you is fundamental to growing revenues. hile But while a third-party system like IVANS is an effective way of connecting with your Cost-effective Self Service brokers, what about resellers that don’t need to remain at arm’s length, such as travel Securely incorporate your customer xtending agents, other insurers, banks, or credit card companies? Extending your SOA to resellers portal into your SOA, creating a self applications would allow them access to your in-house systems and applications, reducing the barriers to service solution that is responsive to doing business by streamlining processes across company boundaries. But this raises customer needs, while ensuring your concerns around security and data confidentiality. backend systems and sensitive customer data remain protected. he eployed The Layer 7 SecureSpan SOA Gateway has been deployed at a number of Fortune 500 , companies to address their security and privacy concerns, gating user access according to Some of our Insurance customers entitlements, their entitlement and monitoring/actioning policy compliance to ensure all include: back-end secure communications between external users and back end systems is secure. A Web services approach a end system allows qualified partners access to your back-end systems, increasing their removing efficiency, remov IT overhead associated with implementing and maintaining Web lications/portals, and enabling smoother business transactions between companies. applications companies Flexible, Secure Self Service your Providing customers with the ability to self serve can significantly reduce yo cost of self-service business. But most customer self service systems are implemented as specialized Web- Web back-end systems using point based portals that are integrated to back oint-to-point integrations. deman Building out and maintaining such systems in response to customer demand takes time and . SOA can consume a large percentage of today’s shrinking IT budget. A SOA-enabled portal can significantly improve the agility of your self service solution, but securely propagating based identity credentials across the user-based Web and machine-based Web services can be a undertaking. complex undertaking service The Layer 7 SecureSpan SOA Gateway uniquely addresses both the service-side and consumer-side needs of SOA portal security. The Gateway can be configured against diverse consumer Management (IAM) products so you can leverage one or more of your Identity and Access Managem existing policy decision points to make authentication and authorization decisions. Moreover, Moreover the Gateway has the unique ability to flow session cookies generated inside a To learn more about Layer 7’s latest Web Single Sign On ( (SSO) product to a Web services client. release, call 1-800-681-9377 (toll free within North America) or identities between security domains in a SOA, Layer 7 can help you resolve By bridging i +1.604.681.9377. You can also email entity identity federation problems; monitor and track your services across the distributed us at email@example.com; friend us on across network, and coordinate security preferences across multiple domains in order to ensure facebook.com/layer7; visit us at cure. your Web services – and sensitive customer data – remain secure layer7.com, or follow-us on twitter @layer7. Key Features Identity and Message Level Security Identity-based access to • Integration with leading identity, access, SSO and federation systems from Oracle, services and operations Sun, Microsoft, CA, IBM Tivoli, Novell • Enforce fine-grained entitlement decisions authored in an XACML PDP Manage security for cross- • Credential chaining, credential remapping and support for federated identity domain and B2B • Integrated STS/SAML issuer supports SAML 1.1/2.0 and Security Context Tokens relationships • Integrated PKI CA for automated deployment and management of client-side certificates, and integrated RA for external CAs • STS support through WS-Trust and WS-Federation Enforce Web services • Support for all major WS* and WS-I security protocols standards Secure WSDL, REST and • Selectively control access to interfaces down to an operation level POX interfaces • Create on-the-fly composite WSDL views tailored to specific requestors • Service look-up and publications using WSIL and UDDI Audit transactions • Log message-level transaction information • Spool log data to off-board data stores and management systems Cryptography • Optional onboard HSM and support for external HSMs (i.e., nCipher, Luna, etc) • Support for elliptic curve cryptography (conforms to NSA’s Suite B algorithms) • FIPS 140-2 support in both hardware (Level 3) and software (Level 2) Threat Protection Filter XML content for SOA, • Configurable validation & filtering of HTTP headers, parameters and form data Web 2.0 and Cloud • Detection of classified or “dirty” words or arbitrary signatures with subsequent scrubbing, rejection or redaction of messages • Support for XML, SOAP, POX, AJAX, REST and other XML-based services Transactional Integrity • Protect against identity spoofing and session hijacking cluster-wide Protection • Assure integrity of communication end-to-end Prevent XML attack and • Protect against XML parsing; XDoS and OS attacks; SQL and malicious scripting intrusion language injection attacks; external entity attacks • Protection against XML content tampering and viruses in SOAP attachments XML Acceleration Accelerated XML • High speed message transformations based on internal or external XSLT processing • High speed message validation against predefined external schema • High speed message searching, element detection and content comparisons Optional hardware-based • ASIC-based hardware accelerator can be optionally used to maximize message acceleration throughput and minimize processing latency Traffic Management Throttling • Granular rate limiting and traffic shaping based on number of requests or service availability across a cluster Cluster-wide counters • Persist message counters across clusters so that rate limiting and traffic shaping can be strictly enforced in high availability configurations CoS for XML • Prioritize XML traffic based on Class of Service/Quality of Service preferences Service availability • Manage routing to back-end services based on availability or latency management performance Management / Administration WS-Policy-based graphical • Compose inheritable policy statements from >100 pre-built policy assertions policy editor & composer • Branch policy execution based on logical conditions, message content, externally retrieved data or transaction specific environment variables Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. • Publish policies to popular registries for lifecycle management • Service and operation level policies with inheritance for simplified administration • Policy lifecycle and migration management across development, test, staging and production, as well as geographically distributed data centers • API-level access to administration • SDK-level policy creation for simplified policy customization On-the-fly policy changes • Polices can be updated live across clusters with no downtime required Global policy migration • Manage policy migration across development, test, staging, and production environments, as well as mirror sites Headless operation • Control administration directly through SOAP and RMI APIs Cluster-wide redundancy • All appliance clusters operate in live active-active mode to ensure recovery from any single gateway failure • New nodes in a cluster can be added without manual re-configuration • All policy changes to a cluster can be made in real-time • Migration of policies can be managed across mirror sites remotely Create custom policies • Policy SDK allows for custom policy assertion creation using Java Form Factors Hardware • Active-active clusterable, dual power supply, mirrored hot-swappable drives, multi-core 1U server Software • Solaris 10 for x86 and Niagara, SUSE Linux, Red Hat Linux 4.0/5.0 Virtual Appliance • VMware/ESX (VM Ready certified) Cloud • Amazon EC2 AMI Supported Standards XML, JSON, SOAP, REST, PCI-DSS, AJAX, XPath, XSLT, WSDL, XML Schema, LDAP, SAML, XACML, OAuth, PKCS, IMAP4, X.509 Certificates, FIPS 140-2, Kerberos, XML Signature, XML Encryption, SSL/TLS, SNMP, SMTP, POP3, HTTP/HTTPS, JMS, MQ Series, Tibco EMS, Raw TCP, FTP/FTPS, WS-Security, WS-Trust, WS-Federation, WS-SecureExchange, WS- Addressing, WS-SecureConversation, WS-MetadataExchange, WS-Policy, WS-SecurityPolicy, WS-PolicyAttachment, WSIL, WS-I, WS-I BSP, UDDI, WSRR, MTOM, IPv6, WCF The SecureSpan Solution for Insurance is supported on all hardware, VMware, cloud and software versions of Layer 7’s SecureSpan appliances. To learn more about Layer 7 call us today at +1 800.681.9377 (toll free within North America) or +1.604.681.9377. You can also email us at firstname.lastname@example.org; friend us on facebook.com/layer7; visit us at layer7.com, or follow-us on twitter @layer7. Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.