IBM DataPower XS40 Security Gateway Appliance
The appliance that delivers full security for XML Web Services at the speed of the network.
The IBM DataPower XS40 network device handles message filtering, encryption and digital signatures (XML, web services, SOA).
The IBM WebSphere DataPower XML Security Gateway XS40 is a specialized network device that ensures complete security for XML web services. In contrast to distributed software solutions, it provides protection with no deterioration in performance, It offers all the features of the XA35, combined with total security for XML flows and web services. The XS40's unrivalled performance and advanced functions centralize XML security, allowing important information to be shared quickly and efficiently.
Most companies are showing great enthusiasm for the huge potential offered by XML web services. With the right security, XML technologies can open up whole new horizons for companies in terms of development opportunities. Teams charged with security have more reservations, and with good reason: XML passes through existing protocols and access paths without being detected, bringing new threats in terms of security, reliability and performance. A completely different approach is required to support these new business processes without reinventing security infrastructures.
Complete XML Security
The XML Security Gateway XS40 offers a complete range of security services. This specialist device has been designed to meet the specific requirements of XML processing, with filtering, encryption, digital signatures and data validation at message level (for XML SOAP or raw XML) or at the level of the XML field. The XS40 meets the needs of IT operating teams and business application managers with a simple graphic interface where rapid and secure deployment, definition of complex rules via an advanced interface and support for industry standards are required.
Uncompromised performance
The Security Gateway XS40 eliminates the trade-off between performance and security. Fitted with DataPower's proven XG3 (XML Generation Three) technology, the XS40 is the only device capable of carrying out wirespeed XML parsing, filtering, validation, encryption and conversion â no other network device on the market can match this performance. Its powerful processing is economized to meet increasing security requirements.
Flexibility with regard to standards
Since the processing engine in the XS40 was designed from the very start to process XML, the security functions are not hard-coded. The XS40's ability to dynamically incorporate new schemas allows companies to easily adapt to changes in industry standards, their own internal security rules, partners' specifications and customer requirements. Enterprises can use it to implement all current XML web service security standards and easily incorporate new standards as and when they appear.
Integration of infrastructures
Taking account of the existing security infrastructure, the XS40 cooperates transparently with security components, firewalls and load balancing applications. Compatible with single sign-on systems, public key infrastructures (PKIs) and enterprise management tools, it can easily be integrated into your current operation while ensuring protection for next-generation applications.
Caractéristiques Characteristics |
FonctionnalitésFunctionalities |
Bénéfices obtenusBenefits |
| Virtualisation des ServicesService virtualization |
Masque les ressources d'arrière-plan
afin de cacher les structures internes à l'instar
d'un NAT (Network Address Translation) mais pour
le XAN (XML Aware Network).
Hides background resources in order to conceal internal structures, similar to a NAT (Network Address Translation) but for XAN (XML Aware Network)
|
Facilite les accès aux applications
sans créer de vulnérabilité ou
de conflits de version.
Ensures easier access to applications without creating any vulnerabilities or version conflicts
|
| Parefeu XML/SOAPXML/SOAP firewall |
Parefeu XML filtre à la vitesse du
réseau, filtre basé sur le contenu,
la taille des données utiles ou autre métadonnées.
The XML firewall offers wirespeed filtering based on the content and size of the data used or other metadata
|
Facilite l'utilisation, avec une protection
intelligente des vulnérabilités XML
sans ajout de code ou de compromission de la performance
Ensures easier usage, with intelligent protection for XML vulnerabilities without adding code or compromising performance
|
| Sécurité XML au niveau du champField-level XML security |
XML Encryption et Digital Signature au niveau du message ou élément inter opère avec WS-Security
XML encryption and digital signature at message or element level inter-operated with WS-Security |
Partage d'information soit sélective soit conforme à la législation,
même dans le cas de transactions multipartites et d'environnement semi-confidentiel
Information sharing either selectively or according to legislation, even in the case of multi-party transactions and a semi-confidential environment
|
| Contrôle d'accès aux Web ServicesControlled access to web services |
Utilisation des nouvelles technologies comme SAML, XACML, WS-Security et de systèmes existants
comme LDAP ou SSO pour contrôler l'accès des applications.
Controlled access to web services
|
Sécurité; XML complête sans changement du code. Centralisation du contrôle
d'accès et amélioration de la sécurité.
Security; complete XML without any code change. Centralized access control and improved security
|
| Validation des donnéesData validation |
A l'aide des "schemas" XML, validation des documents XML à la vitesse du réseau,
et protection contre les attaques de type XDoS (XML Denial of Service).
XML schemas offer wirespeed validation of XML documents and protection against XDoS attacks (XML denial of service)
|
Améliore la disponibilité et les performances en assurant que les requêtes
valides accèdent aux serveurs d'applications critiques
Enhances availability and performance while ensuring that valid requests can access critical application servers
|
| Routage XML, routage SOAPXML routing, SOAP routing |
Routage basé sur le contenu, paramètres du réseau ou autre méta données.
Routing based on content, network parameters or other metadata |
S'appuie sur la séparation des problèmes
pour réduire la complexité améliore la performance et la disponibilité par une
utilisation plus efficace.
Based on separating problems to reduce complexity; improves performance and availability through more efficient usage
|
| 
Contact
