These purpose-built hardware security appliances with focused software capabilities can process xml at wire speed, and provide secure connectivity inside and outside the enterprise.

As businesses continue to allow increased access to their applications and data, many new attack threats are possible. IBM WebSphere DataPower SOA appliances are designed primarily as a secure response to a new breed of XML threats. They validate requests up front and subsequently hide implementation details, making further attacks more difficult. DataPower appliances support the most stringent security standards, and their fast XML processing engine and message transformation capabilities also make them ideal for Enterprise Service Bus (ESB) implementation.

How can application security be done in an appliance? IBM WebSphere DataPower allows the creation of reusable Crypto profiles and policies that control how connectivity is established. This combination allows centralized management of certificates and simplifies connectivity to trusted partners, while also providing more stringent connection security as needed. IBM WebSphere DataPower supports AAA (Authentication, Authorization and Auditing) policies. The system knows who is requesting a service and what services are authorized before the request ever gets passed on to back-end systems for processing. It can then record which services were actually used. Web Services requests are often not validated up front due to the extreme amount of processing cycles needed, resulting in unauthorized or malformed requests going to back-end applications which must then handle the errors. Many Web service security standards are unused due to difficulty in implementation. Developers are taken away from business process development tasks to try to understand security tasks. Together, these factors can result in undue risk when legacy applications – which have historically always assumed a trusted user – are exposed to the Internet. DataPower can offload the burden of this security component from business developers, and reject bad requests before they even enter the enterprise. What about integration? • DataPower has the ability to create processing policies that can provide ‘any to any’ transformations. For example, a Web form request can be turned into a SOAP request, MQ message or fixed-length format. The response can be processed in reverse if required. These transformations are done at near wire speed. • Multiple protocol listeners can be added to a processing policy to allow different clients to connect to a service. This can allow development to leverage modern communication styles while still supporting legacy methods of doing business. • Request routing can be handled in many ways, allowing for load balancing and SLA fulfillment. • IBM WebSphere DataPower can inspect the content in a document, a document header, the requested URL or the AAA information (to name a few) in order to route, shape or throttle traffic to the appropriate resources. • Timers and pollers can be added to policies to continually check for new requests and responses that are part of existing business processes.

Where to start?