Guest

Cisco ACE XML Gateways

Cisco ACE XML Gateway

  • Viewing Options

  • PDF (177.7 KB)
  • Feedback

Product Overview

The Cisco ® ACE XML Gateway (Figure 1) is a key component of the Cisco Application Control Engine (ACE) family of products. It brings application intelligence into the network and enables efficient deployment of secure, reliable, and accelerated Extensible Markup Language (XML) applications and Web services. These state-of-the-art features now enable the intelligent network to support service-oriented architecture (SOA) implemented using Web services technologies and to accelerate, secure, and scale XML applications.
As the common, standards-based, framework for exposing business resources, XML applications and Web services simplify information accessibility and integration but with the cost of computationally intensive XML processing and the potential introduction of new threats and vulnerabilities.
By allowing autoprovisioning of Web services from Universal Description Discovery and Integration (UDDI) registry and application servers, and by providing transport and message-level security for XML -based network traffic, the Cisco ACE XML Gateway greatly facilitates secure deployment of XML applications and Web services. By offloading nonbusiness, computationally intensive operations directly to the network infrastructure, Cisco ACE XML Gateway enables a shared-service environment, reduces end-to-end latency, and enables business services to scale to meet capacity imperatives while improving server utilization.
XML-based services require outstanding throughput to support today's complex integrated application systems. The Cisco ACE XML Gateway delivers industry-leading performance exceeding 30,000 transactions per second (TPS). All-in-memory processing and store-and-forward processing modes help ensure that XML messages of all sizes can be processed without compromising security, interoperability, or system reliability. The result is exceptionally secure, efficient, and flexible XML message processing performance, end to end. The dramatic performance improvements afforded by the Cisco appliance helps eliminate the barriers to deployment of Web services.

Figure 1. Cisco ACE XML Gateway

Optimization of the performance of XML applications and Web services requires the capability to deliver assured throughput, high concurrency, low latency, and support for critical operations such as security and availability. Cisco ACE XML Gateway solution offers these benefits:

• Fast implementation with minimal disruption to existing application services

• Quick start with transparent expansion to accommodate increased capacity requirements

• Fast path to return on investment (ROI) through improved server utilization, reduced application and service latency, and improved IT productivity

The Cisco ACE XML Gateway offers the industry-leading Cisco XML message processing function on a high-performance network appliance to accommodate your development and deployment requirements. Whether you are showing proof of concept, implementing a small set of Web services, or deploying a broad set of enterprisewide, mission-critical services, Cisco provides the industry-leading XML application acceleration solution that scales to meet your network infrastructure availability and performance requirements.

Features and Benefits

• Reduces service latency and improves the user experience and server utilization by implementing a high-performance, highly parallel event-driven architecture

• Manages unpredictable service outages and usage by enabling a shared, scalable infrastructure that actively enforces service latency agreements

• Implements consistent security and XML message processing policies for enterprisewide Web services

Figure 2 shows a typical deployment, and Table 1 summarizes the features and benefits of the Cisco ACE XML Gateway.

Figure 2. Cisco ACE XML Gateway Deployment

Table 1. Features and Benefits

Feature

Benefit

Threat mitigation

• Defends against XML threats
• Protects against identity, content-based, personnel, response compliance, message transport, and XML denial-of-service (XDoS) attacks
• Cost-effectively enforces XML schema at runtime and prevents structural attacks

Access control and privacy

• Exerts comprehensive, enterprisewide, policy control for service access and data privacy
• Provides native integration with commercial directory and identity systems such as Lightweight Directory Access Protocol (LDAP), Kerberos and Microsoft Active Directory, CA Netegrity, and IBM Tivoli Access Manager

Encryption and signing

• Secures access to applications while maintaining message integrity and confidentiality
• Provides full FIPS-compliance, protecting against Secure Sockets Layer (SSL) key hijacking by persistently storing private SSL keys in the platform hardware

Policy-based provisioning and versioning

• Increases developer productivity and improves deployment flexibility with sophisticated rollback and versioning capabilities
• Provides enterprisewide management accessible anywhere on the network through the Web GUI or Secure Shell (SSH) interface
• Enables configuration of security, integration, and routing policies in one centralized policy management system, without programming
• Autodiscovers Web services to simplify policy definition and enforcement
• Uses unique 4Way policy configuration to define policies and bridge protocols at all points in the request-response process

Acceleration and offloading

• Accelerates XML application processing and improves server utilization by offloading computationally intensive operations
• Frees as much as 90 percent of server resources, offloading processing-intensive operations
• Allows upgrades with future performance enhancements without requiring new hardware

Virtualization and load balancing

• Scales XML applications and Web services easily and prevents service disruption by decoupling service consumers and providers
• Abstracts the business logic in XML-based services from the standards, transport and authentication protocols, and data semantics used across different internal systems and by different business partners
• Creates and maintains multiple Web service instances appropriate for different consumers and Web service versions

Routing

• Dynamically routes to valuable XML resources based on content and context of XML messages
• Determines the destination of XML messages based on user-defined content and policies, including payload, envelope, and specific XML Path Language (XPath)

Monitoring

• Quickly debugs and monitors Web services using sophisticated GUI

Audit and logging

• Meets compliance requirements with audit and nonrepudiation capabilities

Bridging and transformation with extensibility software development kit (SDK)

• Switches and bridges XML messages across data, transport, credentials, and security standards
• Enables transformation between XML and non-XML messages and standards
• Extends XML transformations and customization of XML message processing using the Cisco ACE XML Gateway SDK

Product Specifications

Table 2 provides software specifications, and Table 3 provides hardware specifications for the Cisco ACE XML Gateway.

Table 2. Product Specifications: Cisco ACE XML Gateway Software

Item

Specification

Standards

• Simple Object Access Protocol (SOAP) 1.1 and 1.2
• SOAP With Attachment (SWA) 1.1
• Web Services Description Language (WSDL) 1.1
• XPath
• E-business XML (ebXML)
• Representational State Transfer (REST)
• Extensible Stylesheet Language Transformation (XSLT) 1.0
• Web Services Addressing (WS-Addressing)

Transport

• HTTP and HTTPS
• Java Message Service (JMS)
• IBM WebSphere MQ
• TIBCO RMS and EMS
• User Datagram Protocol (UDP)
• TCP
• IP Multicast

Security

• WS-Security 1.0 and 1.1
• Security Assertion Markup Language (SAML) 1.0 and 2.0
• XML Encryption and XML Digital Signature
• XML Schema and Document Type Definition (DTD)
• SSL 2.0 and 3.0
• Transport Layer Security (TLS) 1.0

Cryptographic support

• Cryptographic algorithms including:
• Advanced Encryption Standard (AES)
• Data Encryption Standard (DES)
• 3DES
• Blowfish
• RSA
• Diffie-Helman
• Digital Signature Algorithm (DSA)
• Secure Hash Algorithm 1 (SHA-1) and Message-Digest 5 (MD5)
• Applicability Statement 2 (AS2) (RFC 3335)

Message formats

• XML
• SOAP 1.1 and SWA
• SOAP 1.2
• Message Transmission Optimization Mechanism (MTOM)
• Flat file
• Many industry-standard document styles

Transformation

• XSLT
• XPath
• GUI mapping
• SDK

Message routing

• Configurable routes
• Policy-based processing

Administration

• Web UI
• Command-line interface (CLI)
• SSH
• Simple Network Management Protocol (SNMP)
• Roles-Based Access Control (RBAC)
• Delegated administration
• Central policy management and distributed enforcement
• Import and export of configuration, statistics, and logs

Logging, monitoring, and auditing

• Syslog and message and event logs
• Traffic and service-level agreement (SLA) monitoring and reporting
• Statistics for monitoring and various alerts and triggers
• Audit trail of administrative operations
• Integration with third-party Web service management tools

Table 3. Product Specifications: Cisco ACE XML Gateway Hardware

Item

Specification

Chassis

Dimensions

• 1 rack unit (1RU) standard rack mount: 1.70 x 16.78 x 27.75 in. (4.32 x 42.62 x 70.49 cm)

Weight

• 37 lb (16.8 kg) fully configured (per unit, not including shipping materials)

Processor

2 Intel Dual-Core Xeon processors

Hardware accelerators

One of the following:

• 1 FIPS 140-2 Level 3-compliant 4,000 SSL TPS
• 1 non-FIPS 14,000 SSL TPS

Ports

4 Gigabit Ethernet ports plus a dedicated management Ethernet port

Memory

RAM: 2 GB (fixed)

Storage

Dual hot-swappable serial attached Small Computer System Interface (SCSI) hard disk drive (SAS HDD) with RAID (20 GB usable)

Power

Dual redundant; 700 watts (W)

Performance

More than 5000 TPS

Service and Support

Cisco Services offer a flexible suite of support services designed to help maintain high-quality network performance while controlling operational costs. The services and support programs described in Table 4, Cisco SMARTnet ® Service and Software Application Support plus Upgrades (SASU), are available as part of the Cisco ACE XML Gateway Service and Support solution and are available directly from Cisco and through Cisco Certified Partners.

Table 4. Cisco SMARTnet and Software Application Service and Support Programs

Service and Support

Features

Benefits

Available directly from Cisco or through Cisco Certified Partners

• Cisco SMARTnet Service
• Cisco SASU
• Access to software updates and upgrades 24 hours a day
• Web access to technical repositories and tools
• Telephone support through the Cisco Technical Assistance Center (TAC)
• Advance replacement of hardware parts (Cisco SMARTnet Service only)
• Supplements existing staff
• Helps ensure that functions meet needs
• Mitigates risk
• Helps enable proactive or expedited problem resolution
• Lowers total cost of ownership (TCO) by using Cisco expertise and knowledge
• Helps minimize network downtime

Ordering Information

Companies can choose between two versions of the Cisco ACE XML Gateway, depending on which cryptographic processor meets their needs. One offers FIPS-compliant SSL acceleration at 4000 transactions per second (TPS), and the other is not FIPS complaint (for those companies that are not subject to FIPS regulations) and can process 14,000 TPS.
Table 5 provides ordering information for the Cisco ACE XML Gateway.

Table 5. Ordering Information

Product Options

Product Name

Part Number

Support and Services

Chassis

Cisco ACE XML Gateway Appliance

ACE-XML-K9
or
ACE-XML-NF-K9*

CON-SNT-ACEXK9

or
CON-SNT-ACEXNK9

Software

Cisco ACE XML Gateway Software

ACE-XML-SW-5.2

or
ACE-XML-SW-5.1

-

-

Cryptography

FIPS-compliant SSL acceleration
or
Non-FIPS SSL acceleration

ACE-XML-FIPS
or
ACE-XML-NONFIPS

CON-SNT-ACEXFIPS
or
CON-SNT-ACEXNFIP

Licensing

ACE XML Gateway License
or
ACE XML Manager License

ACE-XML-GATE-LIC
or

ACE-XML-MGMT-LIC

CON-SAU-ACEXGW
or
CON-SAU-ACEXMG


* Minimum software Cisco ACE XML Gateway Software Version 5.1 required

For More Information

For more information about the Cisco ACE XML Gateway, visit: http://www.cisco.com/go/ace or contact your local Cisco account representative.