Services based on Extensible Markup Language (XML) provide the most efficient and flexible architecture for real-time integration and are central components of many enterprises' integration strategies. Across many industries, enterprises are expanding deployment of XML-based services to increase the returns from their existing IT systems and their service-oriented architecture (SOA) strategies.
Leading enterprise application vendors are also recognizing the potential of XML and are increasingly embedding XML and Web services capabilities throughout their applications. When these versions reach production, the volume of XML traffic increases dramatically, necessitating the optimization of IT infrastructures to help ensure the reliability of these applications.
The Cisco® ACE Application Control Engine XML Gateway delivers the reliability, security, reuse capability, performance, and agility needed to enhance an enterprise's infrastructure while also guaranteeing a higher return on the enterprise's existing IT investments in messaging systems, application servers, mainframe computers, identity and access management (IAM) systems, Web services management (WSM) systems, etc. The Cisco ACE XML Gateway also helps ensure the optimization of an enterprise's infrastructure by offering exceptional insight, control, and policy enforcement for XML messages and Web services, allowing enterprises to fully reap the benefits of SOA.
XML Proliferation in the Enterprise
Enterprises are expanding deployment of XML-based services to increase the returns from their existing IT systems and from their SOA strategies. Used to integrate information assets across the enterprise, XML-based services can do the following:
• Provide the agility to allow enterprises to quickly capitalize on new business opportunities or meet new requirements and mandates
• Enable enterprises to more efficiently use existing IT resources so that business processes work better, even when those resources run on disparate platforms or technologies
• Improve the enterprise's responsiveness to customer needs, generating better customer service and ultimately higher revenues
• Reduce integration costs
• Reduce operating costs
Leading enterprise application vendors are also recognizing the potential of XML to enhance the value they provide to their customers. From SAP to Microsoft, vendors are embedding XML and Web services capabilities throughout their applications. As enterprises put these new versions into production, the volume of XML traffic on networks increases dramatically. Enterprises need to understand the implications of these higher volumes now, before they prevent XML-based services from successfully meeting business goals.
XML Addresses Concerns that Standards Overlook
XML-based services and SOAs must take advantage of the substantial IT investments that enterprises have already made in messaging systems, application servers, mainframe computers, IAM systems, WSM systems, etc. However, even the most mature XML standards and specifications are not sufficient to fully address all the concerns that arise when using these assets in an operational system. The task of addressing interoperability between various implementations is handled by several groups, such as WS-I and Liberty Alliance. Valuable as these efforts are, the unique aspects of each Web service deployment leaves a significant number of system concerns that are not adequately addressed.
Security
Sharing common services, even inside your own firewall, often involves crossing trust boundaries between applications. The complexity of these new application systems increases dramatically when the various Web service components and consumers reside in different domains. Integration of business logic from many parts of an organization may require contribution of service components from different domains, including servers, data centers, geographical locations, trust domains, and organizational groups.
The underlying policies and mechanisms that allow these boundaries to be crossed effectively must be provided as part of the execution, deployment, and management environment supporting these application systems. This environment must be able to do the following:
• Use multiple IAM approaches, which may be deployed in different parts of the enterprise
• Mediate between different WS-Security standards used by different technologies
• Help ensure trust and compliance for XML message processing
Service Reuse
A primary goal of a SOA is reuse: developing a set of services that can be used with different systems and for different business purposes. Reuse means that services will inevitably be used for purposes for which they were not originally developed. Enterprises must provide a means of abstracting critical elements of the services, such as access-control policies or transport protocols, from the initial service development process, or they risk having to modify services for each new version or instance of each service provider and consumer, at considerable cost in development resources.
Performance
XML processing places considerable load on application servers and reduces application responsiveness. Performance is one of the most significant considerations when deploying Web services, because of the overhead associated with expensive operations such as XML parsing, XML Stylesheet Language (XSL) transformations, authentication, schema validation, signature validation, encryption, and message or attachment compression. When these functions are performed on the application server, a significant amount of system resources are consumed by XML-related processing, overburdening systems and degrading the performance of applications (Figure 1).
Figure 1. Proportion of Service Resources Expended
Streamlining Operations at Scale
Although pilot implementations of a select number of XML-based services may seem easy for the developer team to manage, the demands quickly change as service use expands. The risks of uncontrolled XML-based service deployments, from security, to developer efficiency, to application service-level agreements (SLAs), are too great to ignore. Enterprises need a way to do the following:
• Autodiscover services as they are deployed on application servers or registered in Universal Description, Discovery, and Integration (UDDI)
• Delegate creation of enforceable policy across the enterprise while maintaining consistency and oversight from centralized teams such as security architects
• Control and audit all events, messages, and administration to help ensure the visibility needed to identify problems quickly and act decisively
XML-Enabled Networks Make Your Infrastructure Better
XML requires support from an infrastructure that is designed to address the implementation, operation, integration, and optimization challenges of practical and scalable deployments. The Cisco ACE XML Gateway provides this infrastructure as a network function, where tasks can be performed most efficiently and cost effectively across all XML-based services. Migrating these capabilities to the network follows the historical trend of other functions such as routing, firewalling, and load balancing, which have been offloaded from application servers onto network devices. XML as a self-describing information set lends itself to independent processing in policy-enforcement points within the network, and Simple Object Access Protocol (SOAP) is designed to allow transparent network intermediaries to perform processing on behalf of the service components within a SOA.
The Cisco ACE XML Gateway provides higher return from your existing investments and helps realize the promise of SOA. The Cisco ACE XML Gateway makes the rest of your IT infrastructure work better, generating higher payoffs to your organization.
Cisco ACE XML Gateway Helps Messaging Systems Deliver XML Better
Many enterprises have invested millions of dollars in messaging systems such as IBM WebSphere MQ, TIBCO, webMethods, Progress Software SonicMQ, and Sun SeeBeyond eGate Integrator. These systems serve as a cornerstone for application integration and play an important role in an enterprise service architecture (ESA). For example, one Cisco customer has used a messaging system to collect information from a variety of applications to create a single view of the customer.
Messaging systems do an excellent job of connecting with different enterprise systems and routing information between them. However, they were not designed for a distributed Web services environment. The Cisco ACE XML Gateway enhances these systems by doing the following:
• Mediating between the XML and Web services interfaces required by SOA development and the previously deployed messaging software
• Offloading resource-intensive XML processing, improving service response time, and reducing the number of servers required to process a given volume of XML messages
• Providing a centrally controlled but distributed enforcement point for all security, routing, and performance policies
• Serving as a single point of access to IAM, streamlining connectivity to these systems
Some enterprises have begun to deploy enterprise service buses (ESBs) as centralized application platforms. The Cisco ACE XML Gateway complements ESBs in a manner similar to the way in which it complements messaging systems. The combined solution provides enterprises with the following benefits:
• An agile integration and process orchestration platform that works optimally with a wide range of service characteristics
• Significantly improved response rates and performance compared to deploying an ESB alone
• The capability to mediate between multiple ESBs and existing messaging systems if more than one is deployed in the enterprise or acquired through a merger
• A faster path to ROI; because Cisco customers can typically deploy the Cisco ACE XML Gateway in less than 40 days, they can deploy it as a bridge to the ESB as they roll out the ESB enterprisewide, typically over many months or even years
Cisco ACE XML Gateway Helps Application Servers Process XML Better
Application servers form the core of an agile IT infrastructure. They give enterprises a great deal of flexibility to develop the business logic they need though C#, Java code, or Enterprise Java Beans (EJBs). Application servers play an important role in many XML-based service use cases, including point-to-point integration and enterprise portals.
However, when implemented without XML gateways, application servers place a significant burden on developers to understand the technology they are using and to integrate with other systems and infrastructures. With technologies as complex as Web services, this approach is not scalable from a resource perspective. In addition, the high overhead of implementation, testing, and maintenance make this a costly option.
Furthermore, for a given XML-based service, 80 percent of the processing can be performed more efficiently in the network through policy enforcement points because enforcement points take advantage of common processing across services (See Figure 2). No application server available on the market today was built specifically for XML processing. The Cisco ACE XML Gateway can take advantage of overlap across services running on different application servers deployed in your environment.
The Cisco ACE XML Gateway makes XML-based service implementations running on application servers better by doing the following:
• Insulating developers from the complexities of varied security policies, transport protocols, etc.
• Offloading XML processing onto purpose-built devices, freeing server resources to process business logic and reducing the number of CPUs required to perform a given transaction
These features enable the gateway to process XML messages at a much higher throughput than with standard software. Figure 3
Figure 2. Work Needed for XML Processing
Figure 3. Performance Comparison
The Cisco ACE XML Gateway also makes application servers more efficient by offloading specialized functions such as digital signing. The Cisco solution can save messages for audit purposes or insert an element into a message telling the service consumer when that message was received. Enterprises can use these capabilities to meet compliance requirements or to demonstrate that they are meeting service-level agreements (SLAs) either internally or with partners.
Cisco ACE XML Gateway Helps Mainframes Run XML Better
Enterprises have a long tradition of complementing their mainframe applications with front-end processes that offload processing such as network functions from expensive CPU cycles. As XML-based services and Web services become common means of extending the value of mainframe applications using orchestration and bridging technologies from companies such as GT Software, Contivo, DataDirect, and iWay, enterprises need to complement these systems with a front-end processor for offloading expensive XML processing. The Cisco ACE XML Gateway performs this critical function, offloading costly XML processing and security operations and further optimizing CPU usage and providing an exceptionally cost-effective enterprise architecture.
Cisco ACE XML Gateway Helps Identity and Access Management Systems Address XML Better
Enterprises have invested significant budget and resources in standardizing on IAM systems so they can improve the security and manageability of their identity information. Web services and SOA must use enterprise security policies to help ensure consistency across applications and compliance with governance requirements. In addition, the volume of requests coming from disparate Web services can easily overwhelm IAM systems, which were not designed to accommodate decentralized access.
The Cisco ACE XML Gateway makes IAM systems better by serving as a centralized policy enforcement point and optimizing access to the identity information and policies that are already encapsulated in these systems. By doing so, the Cisco ACE XML Gateway improves overall enterprise security and extends the use of previous IAM investments.
Cisco ACE XML Gateway Helps Keep Web Services Management Systems Better Informed
As enterprises mature in their use of Web services and SOAs, they are deploying WSM systems to improve the manageability of their infrastructure. WSM systems are very effective for visibility and analysis, governance, and high-level policy creation, but they are less effective for run-time policy enforcement. The Cisco ACE XML Gateway makes WSM systems better by centralizing run-time policy enforcement in the network and providing WSM systems with the information they need to show an end-to-end view of the Web services environment. The WSM system can use this information to measure quality of service (QoS) or to demonstrate adherence to SLAs.
Building the Business Case for the Cisco ACE XML Gateway
As demonstrated in the discussion and case studies presented here, Cisco ACE XML Gateways work alongside your existing investments in IT infrastructure to make this infrastructure work better. However, the Cisco ACE XML Gateway is not just a technology that is nice to have; it is crucial to the success of XML and SOA. As business-critical services are deployed, and particularly as SOA initiatives mature, the ongoing success of these efforts will be determined by effective use of XML gateways. The strategic benefits of the Cisco ACE XML Gateway include the following:
• Greater agility and responsiveness to the needs of the business
• Ready adaptability: the capability to deploy services without modifying a single line of code and without having to resubmit services and their consumers to quality assurance (QA)
• Lower infrastructure complexity; because endpoints do not need to be managed individually and agents do not need to be deployed individually, the infrastructure has fewer points of failure
• Visibility across platforms, ESBs, and applications to help ensure security and maintain the levels of application responsiveness and performance that business users require
• Protection of today's investments against future changes in technologies, standards, protocols, etc.
Furthermore, the financial business case for the Cisco ACE XML Gateway is compelling. Whether using the solution inside the firewall or for cross-enterprise integration, Cisco customers have quickly achieved a 100 percent payoff on their investments, often within 3 to 6 months of deployment. The quantifiable benefits of the Cisco ACE XML Gateway include the following:
• Lower development costs for XML-based services because developers are insulated from many of the complexities of service development
• Higher service reuse, reducing development, QA, and maintenance costs
• Faster time-to-market for new initiatives, often resulting in lower operating costs and faster revenue generation
• Lower license costs by generating more performance from expensive applications and middleware
• Faster running XML-based services because fewer CPUs perform similar functions
• Lower hardware costs
After incurring the costs of developing and using XML messaging, enterprises can help protect their investments by deploying a Cisco ACE XML Gateway.
Why Cisco?
Cisco has extensive experience as a provider of XML gateway devices, offering outstanding insight, control, and policy enforcement for XML messages and Web services. In addition to the exceptional security enforcement that Cisco offers, Cisco mediation and logging capabilities facilitate extremely fast connectivity, enabling customers to go to market much faster than with competitors' products and architectures, resulting in increased revenues, lower operating costs, and greater business agility.
Cisco ACE XML Gateway Helps XML-Based Services Respond Faster
Cisco offers the fastest XML appliance on the market today, enabling you to use XML ubiquitously without a major effect on the network. Customers have realized 10X improvement in service responsiveness, reliability, and development speed by using the Cisco solution. Crucial Cisco acceleration and abstraction functions include the following:
• Offloading of XML processing, speeding up point-to-point interactions between a Web service and its consumer: The Cisco ACE XML Gateway speeds up processing of XML transformations, XML schema validation, and XML security. Reduced bandwidth consumption by XML traffic can be achieved by using compression techniques on XML messages or attachments.
• Offloading of security processing, including Secure Sockets Layer (SSL), cryptographic processing, and access control: The Cisco ACE XML Gateway can cache data, such as security credentials, that are reused frequently or are elements in common operations. Centralization of integration with infrastructures such as IAM systems results in a significant reduction in the amount of traffic exchanged.
• Mediation of protocols and credentials between service providers and consumers
• Content-based routing: The Cisco ACE XML Gateway enforces routing policies that are context, content, and table dependent.
• Reports and dashboards: These tools provide network operations teams with visibility into the performance of the Cisco ACE XML Gateway.
Cisco also offers exceptionally fast XML gateway deployment. Features that speed deployment include the following:
• Unmatched policy configuration: Security professionals, administrators, and application developers can then configure policies using the Cisco ACE XML Manager, an easy-to-use Web application for centralized policy management. The Cisco ACE XML Manager uniquely allows enterprises to configure policies and mediate between protocols at all points in the request-response process without requiring any programming.
• Service autodiscovery: The Cisco ACE XML Gateway can instantly discover services deployed in all major platforms and registries and repositories.
Cisco ACE XML Gateway Helps Make XML-Based Services More Reliable
Cisco delivers highly reliable and extensible XML gateways. A crucial factor in this reliability is service virtualization, allowing the Cisco solution to serve as a standards-based, network abstraction layer so that service providers and consumers can use services in the ways that make sense to them.
Service virtualization addresses the problems with the loose coupling inherent in Web services and SOA. Although loose coupling allows service interface definitions to be independent of changing service implementations, it lacks an effective mechanism for handling full service lifecycles. In an operational system, how is the versioning of the services defined by the service interface handled? How can multiple versions of a service interface be tied to a manageable set of service implementations? How are services retired or deprecated in a controlled fashion?
Service virtualization allows a deployed service interface to be described to its consumers independent of the service interface that is implemented by the service provider. This approach supports the movement, replication, deployment, versioning, and retirement of services in a controlled way. Service virtualization can be supported by the use of a registry, but additional capabilities such as transformation and publication control are needed to make virtualization effective.
The outstanding extensibility of the Cisco solution allows enterprises to apply service virtualization to the maximum number of integration points with the least amount of programming. Native integration with a wide range of messaging systems and IAM systems and with nearly every XML data format and transport protocol means that you can configure, not code, many of your policies. Cisco partnerships with GT Software, Contivo, Data Direct (NEON), and iWay help ensure that Cisco has the fastest and broadest array of options to enable mainframe systems with SOA capabilities. In addition, the Cisco Software Development Kit (SDK) allows enterprises to extend policy configuration to any number of sources, including custom-built systems.
Cisco uniquely offers correlated event, message, and policy logs so that enterprises have complete search of and visibility into all aspects of traffic flowing through the Cisco ACE XML Gateway. See Figure 4. These logs are tamper-proof so that they can be used for audit and Sarbanes-Oxley forensic purposes. They also support requirements for tracking message statistics or QoS.
The Cisco ACE XML Gateway relies on standards-based hardware to provide maximum reliability with a minimum of disruption to existing systems and operational processes. The clustering abilities of the Cisco ACE XML Gateway, along with redundancy in memory, storage, power, etc., enable the gateways to meet the most stringent availability requirements in mission-critical deployments.
Figure 4. Unique Configurable Policy Control
Cisco ACE XML Gateway Helps Make XML-Based Services More Secure
The Cisco ACE XML Gateway serves as a centralized policy enforcement point that helps ensure that security policies are implemented consistently across all of services. The Cisco solution provides the following benefits:
• Efficient transport and message security
• Consistent access control
• Content privacy services, which can selectively remove message contents as necessary to meet business requirements, either broadly or for specific services
• Preconfigured content screening for personal, financial, and medical information
Granular policy configuration capabilities allow you to apply even the most complex security policies without programming. This four-way policy configuration configures policies and mediates between protocols at all points in the request-response process. You can define policies broadly and apply detailed options on per-service, per-connection, per-message, and per-content bases.
Cisco ACE XML Gateway Helps Make XML-Based Services More Reusable
Cisco service virtualization and mediation capabilities allow organizations to achieve the levels of reuse needed to meet the return-on-investment (ROI) goals for SOAs. The Cisco ACE XML Gateway can mediate between disparate credentials (such as Web Services Security [WS-S] and SAML), protocols (such as HTTP and Java Messaging Service [JMS]), and data formats (through data transformation). With the Cisco solution's industry-leading extensibility, your XML gateway has the reach to support you wherever your SOA initiative takes you.
Summary
Enterprises are expanding deployment of XML-based services as the standard for new application development and integration to increase the returns from their existing IT systems and their SOA strategies. However, enterprises can realize the full potential of XML only if they consistently address security, reuse, performance, and agility concerns and efficiently improve the enterprise's infrastructure.
The Cisco ACE XML Gateway provides the foundation of a successful SOA infrastructure and allows enterprises to meet their SOA objectives with minimal new development work.
Cisco: Optimizing XML Messaging Across the Organization
The Cisco market-leading, patented core technology for wire-speed XML inspection combined with flexible pipeline technology and proven, standards-based components deliver the most powerful and configurable acceleration for end-to-end XML-based services. Cisco provides the leading XML appliances used by enterprises to XML-enable their networks and realize the promise of XML messaging, Web services, and application-oriented networking. The Cisco ACE XML Gateway enables businesses to effectively secure, control, and accelerate Web services to expedite services, reduce time-to-market, and gain competitive advantage.
For More Information
To learn more about the Cisco ACE XML Gateway and determine how this solution can make your XML-based services and SOA successful, visit http://www.cisco.com/go/ace.
