Docstoc

Not All XML Gateways are Created Equal

Document Sample
Not All XML Gateways are Created Equal Powered By Docstoc
					Not All XML Gateways Are Created Equal
                            Managers
Considerations for Business Manager




                              Layer 7 Technologies

                  White Paper
Not All XML Gateways Are Created Equal


Contents

                                             ................................................................................................
Introduction ................................................................                                .................................................. 3
                       ................................................................................................................................ 3
Cost of Implementation ................................                                                                ................................
                 ................................................................................................................................
   Deployability ................................                                                                ............................................. 3
                                  ................................................................................................
       Form Factor Considerations ................................                                .................................................. 3
                                                 ................................................................................................
   Extensibility ................................................................                                ............................................... 4
                                           ................................................................................................
       SDK ................................................................                                ........................................................ 4
                        ................................................................................................................................ 4
       Interoperability ................................                                                                .....................................
                            ................................................................................................
       Standards Commitment ................................                                ........................................................ 4
                  ................................................................................................................................
Cost of Operation ................................                                                                .......................................... 5
                 ................................................................................................................................
   Manageability ................................                                                                ........................................... 5
                               ................................................................................................
   Scalability and Reliability ................................                                .......................................................... 5
                                           ................................................................................................
   Updating................................................................                                .................................................... 5
                ................................................................................................................................
Cost of Upgrade ................................                                                                ............................................ 6
                         ............................................................................................................................ 6
   Repurchasing Gateways ................................                                                                ............................
                           ................................................................................................
About Layer 7 Technologies ................................                                .......................................................... 7
                             ................................................................................................
Contact Layer 7 Technologies ................................                                ....................................................... 7
                  ................................................................................................................................
Legal Information ................................                                                                .......................................... 7




                                             ogies
             Copyright © 2010 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
            trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.                                    2
  Not All XML Gateways Are Created Equal


  Introduction
  XML Gateways were originally introduced to address common security and performance issues arising from the
               based
  use of XML-based messaging protocols in a Service Oriented Architecture (SOA). Over this decade, Gateway
  capabilities have been broadened to address runtime policy enforcement issues (such as regulatory compliance,
       onformation,
  SLA conformation, and granular privacy and access control problems), as well as integration to third party service
  providers, whether across organizational boundaries; across the public internet, or (increasingly) between the
  enterprise and the cloud.

         le
  But while all Gateways provide similar features/functionality, the Total Cost of Ownership (TCO) varies widely. For
  Gateways, TCO extends well beyond just the initial licensing and implementation fees to include the cost of
                                         the
  deploying, customizing, and managing the solution on an ongoing basis. In today’s economic climate, organizations
                                                                                        lock-in
  have expanded their evaluation focus to encompass criteria that will help them avoid lock in and undue operating
  costs.

  This white paper examines those factors that will have the greatest impact on total cost of ownership, namely cost
                                   upgrade.
  of implementation, operation and upgrade


  Cost of Implementation
                                  ost
  Beyond upfront licensing, the cost of implementation for an XML Gateway typically includes configuration and
                                                                     Gateway),
  customization expenses (a factor of the ease of extensibility of a Gateway) as well as ease of deployment. Other
  costs can also include the time and resources to certify new hardware for deployment in a corporate datacenter.

Layer 7 offers hardware,
                                      Deployability
software, VMware and
                                      Deployment flexibility is key to lowering cost of implementation. Where some
Amazon Machine                        Gateway vendors offer only hardware or software solutions, Layer 7 offers multiple
Images, so customers                  form factors – including hardware, software, VMware and Amazon Machine Image
can choose the most                                                                           iate
                                      (AMI) – allowing customers to choose the most appropriate solution for their
appropriate solution for              purpose, deployment platform, budget, and/or stage of implementation.
their purpose, platform,
                                                hardware-only Gateway vendors leave organizations with no
                                 For example, hardware
budget, and/or stage of          flexibility when it comes to purchasing a Gateway for the purposes of developing
implementation                                                                        based soluti
                                 and testing a solution as they only offer a hardware-based solution. However,
                                 development organizations typically do not need the high performance of a
                                                                     VMware-based                       pay
  hardware-based solution. For this reason, Layer 7 makes available VMware based Gateways and even pay-as-you-
  go Amazon Machine instances, which are a better fit (and more appropriately priced) for prototyping than
  production-ready hardware solutions.

  Form Factor Considerations
  Hardware – Most XML Gateway vendors offer hardware accelerated network appliances featuring dedicated chip
  sets to accelerate/offload common XML processes. By optimizing XML performance using a Gateway,
  organizations can reduce the load on their application servers, reducing the cost and frequency of server upgrades.

  Software/VMWare – While hardware-based Gateways are key in production settings, they are often an
                                          -based
                                                                                             software-
  impractical (and costly) solution for development, testing or staging environments where software or VMware-
  based appliances are the preferred form factor. Layer 7 is one of the few vendors to offer both a VMWare and
                                                                  identical
  software Gateway at an economical price tag, while delivering identical feature/functionality as the hardware
  appliance.




                                           ogies
           Copyright © 2010 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
          trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.   3
Not All XML Gateways Are Created Equal

                                                                  customer-defined hardware – hardware that has
Additionally, Layer 7’s software Gateway can be implemented on customer
already been tested and approved for use in their datacenter – eliminating the cost of testing and implementing a
new hardware platform, while significantly decreasing support and maintenance costs.

Virtual – Public and private clouds are gaining acceptance in the marketplace for their ability to convert CapEx to
                       effective                      on-demand.                                          redesig
OpEx by offering cost-effective computing resources on demand. As a result, organizations have begun redesigning
their own datacenters as private clouds, and consuming public cloud resources on a utility basis. Layer 7’s virtual
cloud Gateway offerings (including both our Virtual Appliance and AMI) have made it possible for these
                                  eway                multi-tenant
organizations to spin up XML Gateway instances in a multi tenant environment in order to guard access to their
       based                     Hardware-based vendors are unable to accommodate these changing IT
cloud-based services and APIs. Hardware
requirements.

Extensibility
                                      confirms, IT environments change. While Layer 7’s support for multiple form
As the advent of the cloud so clearly co
factors has been one way to help insulate customers against changes in the datacenter, accommodating business
                                                           cost-effectively customize a solution to match evolving
change requires extensibility – the ability to quickly and cost           y
business needs based on specific industry traits, existing corporate guidelines, and the organization’s unique
business processes.


Layer 7’s Custom Policy                 SDK
Assertion SDK gives                     Layer 7’s Custom Policy Assertion SDK gives developers the ability to extend the
developers the ability to               Gateway’s functionality in order to accommodate their specific requirements
extend the Gateway’s                    using standard Java programming. Custom Assertions can be created for
                                        proprietary message processing, pattern recognition and filtering, as well as
functionality in order to
                                                       third-party
                                        interfacing to third party products, such as identity management infrastructure,
accommodate their
                                                  monitoring applications, or anti-virus systems.
                                        network monito
specific requirements
using standard Java                                                                      limited
                                In contrast, the extensibility of many other Gateways is limited. For example, to
programming                     accommodate the kinds of customization listed above would typically require
                                either the skills of an XSLT programmer (expensive compared to the ubiquity of
          ammers)
Java programmers) and/or the addition of an application server ((such as WebSphere) to run the custom code.

Interoperability
 ndependent                                                   lock-in,
Independent Gateway vendors like Layer 7 do not benefit from lock in, but rather design from the ground up to
                       geneous                                           standards.
accommodate a heterogeneous SOA environment based on Web services standards. As a result, Layer 7’s
  ateways
Gateways interoperate with a wide range of products, including (for example) a wide range of leading identity,
                                                            Active
access, SSO and federation systems, such as LDAP, Microsoft Active Directory/Federated Services, Oracle Access
Manager, IBM Tivoli (TAM and TFIM), CA SiteMinder and TransactionMinder, Sun Java Access Manager and Novell
Access Manager.

Standards Commitment
                                                         lock-in
One of the best guarantees against vendor or platform lock is wide support for Web services standards. Any
credible vendor in the XML Gateway market should be able to demonstrate a history of active participation in the
                                                                                          participating in regular
standards bodies that govern Web services. This includes both authoring the standards and partici
interops. Layer 7 has been an active participant in the OASIS, W3C and WS-I standards consortiums, and has
                                    Policy, WS-SecurityPolicy, WS-Trust, WS-Federation, WS-I BSP to name a few.
helped drive key standards like WS-Policy, WS                                              I



                                         ogies
         Copyright © 2010 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
        trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.   4
Not All XML Gateways Are Created Equal


Cost of Operation
                                                                                                one
While implementation costs represent a key factor in the TCO equation, they’re typically only a one-time cost.
Operational costs – including ongoing Gateway management, administration and updating – represent a far
greater impact on total cost of ownership over time.

Manageability
Most XML Gateways are implemented as a series of discrete functional units rather than as a cluster. While this
can provide some flexibility when it comes to deployment, it also dramatically raises administration costs as each
Gateway must be separately configured, updated and managed. In contrast, Layer 7 Gateways feature true
clustering capabilities and can be centrally administered as if they were a single device.

                                   For distributed organizations that span diverse development, test, staging,
 Layer 7 embeds these
                                   production and even cloud environments – worldwide – management becomes
 kinds of enterprise-
                                   even more costly and complex. Pain points arise around policy migration,
 scale management
                                   Gateway and service performance monitoring, and policy lifecycle
 capabilities directly
                                   management (from authoring to deployment to change management). Layer 7
 within the Gateway
                                                           enterprise-scale management capabilities directly within
                                   embeds these kinds of ent          scale
 itself – there’s no need          the Gateway itself – there’s no need to deploy, manage and upgrade a separate
 to deploy, manage and                                                   ecommends
                                   product. For example, IBM typically recommends deploying “ITCAM for SOA” to
 upgrade a separate                                    management
                                   provide enterprise manageme capabilities for their DataPower products. And
 product                           while Layer 7 allows global management of all Gateways from a single location,
TCAM is typically required to be deployed in multiple locations to support regional deployments.

                                            monitoring
For those organizations that already have a monitoring and management infrastructure in place, Layer 7 offers
           box                        agent-based
out-of-the-box connectors to leading agent based management products, as well as a robust API for integration
with monitoring, auditing and KPI tracking software.

Scalability and Reliability
Scalability and reliability should go hand in hand. While simply placing a load balancer in front of a series of
                                                                       built-in
Gateways can be a cheap and easy way to scale, solutions that offer built in clustering and failover can go a long
way to ensuring reliability by providing fault tolerance and high availability. As load increases, the ability to scale
     effectively
cost-effectively without affecting performance is key.

                                                                                                    automatically fail
Layer 7’s true clustering capabilities (i.e., the ability to exchange information, load balance and automati
over) gives them the edge over other Gateways when it comes to horizontal scaling. Additionally, Layer 7’s
          based
software-based appliances give organizations the choice to scale vertically (which may be more cost effective) by
adding more processors to the server.

Updating
In an ideal setting, policies are developed, tested and implemented in production never to change. The reality,
                                                                                      ory
however, is that policies must change to keep up with evolving business needs, regulatory requirements and
     et
market demands. The ability to implement changes on the fly (without having to bring down the Gateway) is key to
ensuring business as usual.

Layer 7 provides the ability to implement changed/new policies in production without incurring downtime. In a
                                                                                real-time                   off
cluster, policies are updated centrally, and then replicated between devices in real time without requiring off-



                                         ogies
         Copyright © 2010 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
         trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.   5
Not All XML Gateways Are Created Equal

lining, making for easy change management. Additionally, any Gateway/cluster worldwide can be backed up and
                                     simplifying
restored from a centralized console, simplifying disaster recovery and ensuring business continuity.

                                                                 wide
In contrast, other XML Gateways typically do not support cluster-wide administration, and thus requires
administrators to manually replicate policies on each Gateway. In addition, policy changes usually cannot be
implemented on the fly – rather, Gateways must be brought offline before updates can occur.


Cost of Upgrade
                                          or hardware-only Gateways, migrating between versions typically requires a
                                         For hardware
 Because some
                                         complete forklift upgrade. In effect, this means returning the existing Gateway;
 Gateway vendors are
                                                                           implementing
                                         repurchasing new hardware; re-implementing existing configurations and
 hardware-dependent,
                                                       re-training on the new systems – all of which can be an expensive
                                         policies; and re
 migrating between
                                         undertaking at a time when IT is experiencing more pressure on their budgets
 versions requires a                     than ever.
 complete forklift
 upgrade                           In contrast, Layer 7 offers an XML Gateway whose hardware can be upgraded
                                                                               of
                                   independently, giving customers the choice of remaining on their currently
supported version of the product while upgrading (not migrating) to the latest hardware to take advantage of
performance benefits. And not only can the new hardware be purchased for a nominal fee (a fraction of the initial
  rchase
purchase price), the original hardware can be repurposed as a general use server, affording total investment
protection.

Repurchasing Gateways
                                                                                           hree f
In order to remain supported, customers are forced to repurchase new Gateways every three to five years when
the original hardware is retired. Despite paying a significant yearly support and maintenance fee, the repurchase
price is typically (depending on your bargaining power) close to the initial purchase price, leading to an
unreasonably high total cost of ownership for Gateway customers after just one or two hardware refreshes.

A comparable deployment of Layer 7 hardware Gateways is significantly less expensive – as little as one third the
         en
cost. When considering development and test environments where most Layer 7 customers have the flexibility to
                                       ,
deploy software or VMware Gateways, the savings are even more dramatic. As long as Layer 7 customers remain
                                                 to
current on Support and Maintenance, the cost to upgrade between Layer 7 hardware platforms is nominal, with no
charge for soft appliances. This represents a significant difference in total cost of ownership between Layer 7 and
other Gateways over just one or two refresh periods.

                          t
As a result, the total cost of ownership for a Layer 7 solution is dramatically lower than other Gateway
              ,                                       one-third of the re-purchase price, and one quarter of the 3-5
deployments, with initial purchase costs as little as one                                                        3
year TCO.




                                         ogies
         Copyright © 2010 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
         trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.   6
Not All XML Gateways Are Created Equal


About Layer 7 Technologies
With more than 100 customers across 6 continents, and successful partnerships with some of the largest ISVs and
                                                                         cloud                                award
resellers in the industry, Layer 7 Technologies is the leader in SOA and cloud security and governance. Our award-
                                                                                             enterprise-scale
winning SecureSpan™ family of XML Gateways feature sophisticated runtime governance, enterprise
                             leading
management and industry-leading XML security. Our CloudSpan™ family enables enterprises and service providers
      urely
to securely consume cloud services, as well as protect and control their own applications deployed in public and
private clouds. Founded in 2002, Layer 7 has a history of helping organizations address their security, visibility and
governance issues by enabling them to control, manage and adapt their Web services, no matter where they
                                        cloud.
originate – in the enterprise or in the cloud


Contact Layer 7 Technologies
Layer 7 Technologies welcomes your questions, comments, and general feedback.

Email:
info@layer7tech.com

Web Site:
www.layer7tech.com

Phone:
(+1) 604-681-9377
           9377
1-800-681-9377 (toll free within North America)

Fax:
604-681-9387

Address:
Layer 7 Technologies
1200 G Street, NW, Suite 800
Washington, DC 20005

Layer 7 Technologies
Suite 405-1100 Melville Street
Vancouver, BC
V6E 4A6 Canada


Legal Information
Copyright © 2010 by Layer 7 Technologies, Inc. (www.layer7tech.com). Contents confidential. All rights reserved.
SecureSpan™ is a registered trademark of Layer 7 Technologies, Inc. All other mentioned trade names and/or
                                                owners.
trademarks are the property of their respective owne




                                         ogies
         Copyright © 2010 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
         trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.   7
rks are the property of their respective owne




                                 LAYER 7 CONFIDENTIAL – TO BE DISCLOSED ONLY UNDER NDA
                                         ogies
         Copyright © 2010 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
         trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.   7