WebSphere DataPower Service Gateway XG45 is built for web services deployments, governance, light integrations and hardened security. http://ibm.co/HIHOAs
Dev Dives: Streamline document processing with UiPath Studio Web
Datasheet: WebSphere DataPower Service Gateway XG45
1. IBM Software Data Sheet
IBM WebSphere
DataPower Service
Gateway XG45 Appliance
Take action to secure and govern web traffic while
you reduce IT complexity
For business and IT leaders in a wide range of industries, service-oriented
Highlights architecture (SOA) and web services offer tremendous business value—
but security remains a persistent challenge. You must help your teams
Strengthen compliance using robust
●● ● ●
bring new services to the market in a rapid and secure manner. You seek
data protection, policy enforcement
and auditing capabilities. a pragmatic approach that is cost-effective. You need the ability to adopt
new and emerging industry standards and then enforce those standards.
Gain “front-line defense” for inbound
Your business requires an approach that enhances the value of your
●● ● ●
and outbound traffic; this appliance acts
as a web 2.0 gateway. existing infrastructure and application investments while improving
performance, reducing security risks and simplifying operation.
Separate security concerns from applica-
●● ● ●
tion code with an optional hardware secu-
rity module (HSM) that is certified for FIPS The IBM® WebSphere® DataPower® Service Gateway XG45
140-2 Level 3. Appliance is purpose-built to help you secure and govern web traffic
●● ● ●
Integrate applications for improved more effectively. The resulting reduction in IT complexity reduces cost
application and database connectivity. within your organization. This is business agility at its most powerful,
because it helps you create new revenues. You gain the ability to deploy
Support centralized policy management
●● ● ●
with an appliance that helps you to new applications rapidly. Experience an advanced data-threat-reduction
centrally govern data traffic and helps and security-enforcement layer for your web applications and for your
you to strengthen the security of your on-premises applications.
applications.
Employ this IBM appliance to improve your business in a number
of ways:
●● ●
Simplicity of Web service deployment.
●● ●
Light-weight application and database connectivity for easy
connectivity.
●● ●
Web service proxy for a more efficient gateway approach.
●● ●
Centralized policy and service-level management for
compliance and for meeting service levels.
●● ●
Data validation for web 2.0 and for existing applications
that are web-facing.
●● ●
Fine-grained authorization, more-secure web application connectivity
and superior cryptography (the optional Hardware Security Module
(HSM) helps you improve security).
2. IBM Software Data Sheet
At organizations of every size around the globe, IT teams A pragmatic approach to change
are taking action to secure their organization’s web services, Today’s environment also presents positive opportunities for
applications and data. It is a dynamic environment in which to business and IT leaders who seek effective change—for leaders
manage security and governance. Yet even as your team applies who are willing to utilize the latest technology to address
much effort to gain “front line” defense for inbound and out- these critical business requirements. The pace of technological
bound traffic, another trend is in play: Today’s regulations change at IBM serves to help you focus on staying ahead of the
require security to be built into your infrastructure, instead marketplace. Take advantage of robust solutions that help you
of “bolting it on” as an afterthought. achieve your corporate goals.
Security has become a “board room” discussion. Threats are Take a cost-effective, pragmatic approach to the security
launched constantly against web sites. Policy makers, thought involved with web-enabling your applications. Your service-
leaders, business leaders and customers consider the security gateway strategy must include the ability to enforce industry
of their web interactions and associated data as critical. They standards, and must include the ability to more easily adapt to
demand that this information be properly protected. Additional new standards as they are defined. You want an approach that
pressure is being placed on corporations by regulatory agencies, enhances the value of existing infrastructure investments and
which continue to require increasing levels of consumer protec- organizational structures, while you optimize application
tion from data breaches. Corporate leaders must find ways to performance.
rapidly and cost-effectively meet business security requirements.
You must take action to ensure that your business-critical appli- The IBM WebSphere DataPower Service Gateway XG45
cations and the associated data are properly protected. And to appliance is purpose-built to help you build a stronger
ensure that your business maintains a competitive position in application-security foundation. The WebSphere DataPower
the marketplace, you must accomplish this in a way that does Service XG45 helps you bring new services to the market
not slow the deployment of new applications and services. more securely and more rapidly. You can take action to manage
business-application risk, increase staff productivity and reduce
maintenance costs. And with the DataPower Service Gateway
XG45 appliance, you can prepare for the future while you make
New regulations demand response by business leaders
the most of your existing IT assets.
The State of Nevada in the U.S. recently amended a law that applies
to any sales transaction in which a business accepts a payment
card. S.B. 227 requires businesses to comply with the payment card
industry’s Data Security Standards and to encrypt any personal-
Many organizations see results within
information business transfers. This broadens considerably the weeks with this pragmatic approach
information security obligations of all companies “doing business”
within the state’s borders. Be aware that regulations such as these
from IBM.
act as a precursor to legislation that could mandate higher standards
for privacy and data security. The WebSphere DataPower Service Gateway XG45 is a
high-performance hardware appliance that is purpose-built
PCI security standards are technical and operational requirements
to provide specialized functions that are simpler to integrate.
set by the PCI Security Standards Council (PCI SSC) to protect
The DataPower Service Gateway XG45 provides:
cardholder data. The standards apply to all organizations that store,
process or transmit cardholder data and the standards provide
guidance for software developers and manufacturers of the
●● ●
Light-weight connectivity, mediation and stronger security
applications and devices used in those transactions. processing to your application infrastructure.
●● ●
The ability to streamline complex but valuable SOA,
XML and web 2.0 applications.
●● ●
The ability to shorten deployment times.
●● ●
Acceleration of XML and web-services processing.
●● ●
Strengthened governance of your valuable application
infrastructure
●● ●
The ability to “offload” application encryption and
decryption
2
3. IBM Software Data Sheet
An appliance for service visibility,
integration, governance and security
The award-winning DataPower Service Gateway XG45 is a
purpose-built hardware platform that delivers highly manage-
able, more-secure and scalable SOA solutions. A “hardened”
SOA appliance, the DataPower Service Gateway XG45 appli-
ance offers an advanced approach to threat-reduction and secu-
rity for web transactions. Process your data using a consumable
appliance that transforms back-end disparate message formats The IBM WebSphere DataPower Service Gateway XG45 Appliance
to XML while its performance applies message-level security
and service policies. XG45, you can opt for a data integration module. This module
serves as a field-upgradeable option that provides simpler
The DataPower Service Gateway XG45 supports multiple web application integration and or database connectivity. With
application and web 2.0 protocols such as HTTP(s), FTP(s), this data integration module from IBM, “any-to-any” data
WAS JMS, SOAP, and MQ and MQ FTE. Use this appliance transformation becomes possible. The performance of this
right away to bridge disparate messaging and secured file- module provides you with the ability to parse and transform
transfer capabilities. The IBM DataPower Service Gateway arbitrary binary, flat text and XML messages—including EDI,
XG45 can exchange messages with IBM WebSphere COBOL Copybook, ISO 8583, CSV, ASN.1 and ebXML. This
MQSeries® systems by connecting as a WebSphere MQ client. data-transformation capability helps you to enhance application
Use the DataPower appliance to bridge disparate messaging data sharing. You can support modernization of your existing
and transport protocols, such as HTTP or TIBCO EMS, to systems. Expect connectivity of external web 2.0 application
WebSphere MQ. Messages that originate within a WebSphere and portal applications to internal applications. The optional
MQ system or outside of a WebSphere MQ system can flow data integration module available with the DataPower Service
easily to and from another WebSphere MQ system, or to and Gateway XG45 also provides PKCS7 for digital signatures
from other messaging systems such as HTTP or TIBCO EMS. and message encryption, which help to strengthen message
protection.
To bridge the disparate messaging and transport protocols, this
DataPower appliance uses a service such as the Multi-Protocol
Gateway service. The performance of the IBM DataPower
Service Gateway XG45 supports right away multiple data The business value of fine-grained authorization
There is a difference between URL-based or connection-level access
formats such as non-XML, XML, JSON, and make possible
control and an approach called fine-grained authorization. Fine-
“any-to-any” data transformation using a data integration
grained authorization makes it possible for you to interrogate individ-
module (DIM). This data integration module is available
ual SOAP or XML transactions. This action automatically determines
from IBM as an option. And to help ensure that only valid whether a specific transaction should be allowed through, based
authorized user access is provided to your corporate application upon payload contents, security policy and identity information.
infrastructure, the DataPower Service Gateway XG45 inte-
grates with security and identity management software such as For example, a purchase order has certain requirements: (1) Greater
than a specified amount of money, (2) Digitally signed by a CFO
IBM Tivoli® software and several LDAP directories including
certificate, (3) Targeted for vendor X and (4) Sent before 5:00 p.m.
Microsoft AD.
This purchase order is allowed through, but the transaction immedi-
ately following it is rejected. SAML, WS-Security and XACML are
Data integration module lets you add emerging as core standards for those who wish to implement this
binary data formats, PKCS7 and ODBC fine-grained access control—which is especially helpful in an open,
One of first steps for leaders who want to try newer technolo- cross-platform environment that joins a variety of policy enforcement
gies such as service-oriented architecture (SOA) is to ensure points (such as the DataPower Service Gateway XG45 appliance)
they have in place a robust Enterprise Service Bus (ESB) or with central policy repositories. The business value of this approach
is clear: You can save time and reduce cost. Business agility
application connectivity. With DataPower Service Gateway
becomes reality.
3
4. IBM Software Data Sheet
Support compliance with robust
data-protection and auditing capabilities The vast number of different protocols that
A powerful Authentication, Authorization and Auditing (AAA)
framework makes it possible for the DataPower Service
it could handle … made the DataPower
Gateway XG45 appliance to use a broad variety of methods Appliance appealing as a leader in that
for extracting data from incoming requests along with identity market segment.
information such as user passwords and security tokens.
Authentication and authorization steps are also modular; these
—Bank IT Director
steps can be based upon on-board or off-board repositories.
Audit-and-accounting processing is fully extensible. This
unique framework enables the appliance to integrate with a
wide variety of identity management solutions. You can inte-
Increase trust in existing services with
grate proprietary, in-house Single Sign On (SSO) systems with
run-time policy enforcement
your web services security architecture. The device selectively
The performance of the DataPower Service Gateway XG45
shares information through encryption-and-decryption and
appliance enables enterprises to centralize security and gover-
signing-and-verification of entire messages or of individual
nance functions in a single “drop-in” device that reduces
XML fields.
ongoing maintenance costs. You can configure simpler firewall
and web services proxy functions using a web GUI, and have
These granular and conditional security policies can be based
it operational in minutes. Or, you can create custom security
on nearly any variable, including content, IP address, host name
and routing rules using Extensible Stylesheet Language
and other user-defined filters. Robust data protection, policy
Transformation (XSLT), if that is a requirement. The
enforcement and auditing capabilities help organizations around
WebSphere DataPower Service Gateway XG45 appliance is
the world achieve and maintain compliance with industry and
designed to be an excellent policy-enforcement and execution
regulatory requirements such as Sarbanes-Oxley, the Payment
engine for those who wish to better secure “next generation”
Card Industry Data Security Standard (PCI-DSS) and the
applications, which makes it easier for you to control access
Health Insurance Portability and Accountability Act (HIPAA).
to applications, services and data using customizable roles
and rights.
Mitigate risks with “DMZ-grade” security
for mission-critical applications This purpose-built appliance integrates with leading policy
Discover a hardware device that delivers advanced XML and managers and service registries, such as IBM WebSphere
web services access controls without complex configuration or Service Registry and Repository. Support for standards such as
custom code. The WebSphere DataPower Service Gateway WSSecurity, WS-SecurityPolicy, WS-Reliable Messaging and
XG45 appliance offers the higher levels of security-assurance WS-Policy are standard capabilities provided by WebSphere
certification that are required by such enterprises as financial DataPower Service Gateway XG45. The DataPower Service
services and government agencies, including Public Key Gateway XG45 supports Simple Network Management
Infrastructure (PKI), Federal Information Processing Standard Protocol (SNMP), script-based configuration and remote log-
(FIPS), 140-2 Hardware Security Module (HSM), General ging to integrate seamlessly with leading management software.
Services Administration (GSA) eAuthentication, Homeland
Security Presidential Directive (HSPD)-12 .The combination
“Drop-in,” standards-based security and
of high-performance of hardware acceleration with simplified
governance for web 2.0 applications
deployment and ongoing management represents a powerful
Modern web applications are evolving from static pages and
combination for your organization. You can expect to reduce
forms into interactions that rival native desktop programs such
complexity. You can expect to reduce the costs of securing
as email clients, street-mapping software and customer relation-
mission-critical services, applications and data. Your reduced
ship management (CRM) systems. Your customers, colleagues
need for SOA programming skills can result in faster time-to-
market for SOA benefits, without sacrificing strong support
for security.
4
5. IBM Software Data Sheet
and partners have come to demand the same level of interactiv-
ity and data access for their information. Unfortunately, critical
business data can be locked away in your existing system
IBM has developed a solid business approach
applications—applications that were not designed for this to the appliance marketplace, taking into
type of use. account the challenges of adding new
members to the range, maintaining
The DataPower Service Gateway XG45 appliance bridges
web 2.0 applications to more formal enterprise standards such
a consistent focus and ensuring clients
as JavaScript Object Notation (JSON). The DataPower Service continue to get ongoing value.
Gateway XG45 appliance offers native support for JSON and
for Representational State Transfer (REST), which helps your —Lustratus Research, Inc., A Competitive Review of SOA Appliances, March 2010
team more easily support new devices (smartphones, tablets,
netbooks, and other devices), social networking, cloud
computing and Software as a Service (SaaS) applications.
IT infrastructure, Eclipse-based application development
Powerful enhancements help your environment or XMLSpy integration. This innovative, prag-
organization thrive matic approach helps to reduce your total cost of ownership
The newest addition to the WebSphere DataPower appliance for security, mediation, web 2.0 and web services projects.
family, the WebSphere DataPower Service Gateway XG45 You can re-use existing XSLT programs and deploy them
appliance helps you to take full advantage of your existing on the DataPower Service Gateway XG45 appliance.
IBM WebSphere DataPower Service Gateway XG45 Appliance
Feature Business benefit
Web-application firewall and ●●
Create portal connections that are more secure. Help protect your organization against XML vulnerabilities;
gateway this IBM appliance acts as the XML proxy.
●●
Experience strong security functions beyond those of an XML firewall. Expect web services access control
(AAA), XML Encryption and Digital Signature, WS-Security and content-based routing.
XML denial-of-service ●●
Validate incoming requests and document malformed and malicious traffic; gain access to valuable post-attack
protection forensics.
●●
Take control over the low-byte XML messages that can bypass your traditional perimeter protection and cause
your mission-critical applications to fail instantly.
Field-level message security ●●
Take action to protect the information that keeps your organization agile and competitive. This IBM service-
gateway appliance selectively shares information of entire messages—or of individual XML fields.
Access control for web ●●
Gain powerful access-control functions. Enable more-secure access to web services-based applications for
services your clients, whether they are internal or external.
Light-weight application ●●
You can opt for a Data Integration Module as a field- upgradeable option for any-to-any data transformation. The
connectivity module can parse and transform arbitrary binary, flat text, and XML messages, including EDI, COBOL Copybook,
ISO 8583, CSV, ASN.1, and ebXML. The optional Data Integration Module also provides database access and
PKCS7 encryption.
Fine-grained authorization ●●
Gain more control over the processes that bring value to your organization. Instead of URL-based or connection-
level access control, expect fine-grained authorization that interrogates individual SOAP or XML transactions to
determine whether they should be allowed through.
Service virtualization ●●
Transparently map a rich set of services to protected back-end resources—without sacrificing performance.
This IBM appliance gives you the combined power of URL rewriting, high-performance XSL transformations and
routing for XML and SOAP.
5