Automating Web Services Security and Acceleration with Cisco ACE Application Switch and Cisco ACE XML Gateway
PDF(110.6 KB) View with Adobe Reader on a variety of devices
Updated:December 11, 2013
What You Will Learn
As more and more enterprises deploy Web-based applications to reduce costs, increase efficiency, and shorten service delivery time frames, Web 2.0 and service-oriented architecture (SOA) technologies
1are becoming ubiquitous. These technologies provide exceptional application flexibility, but they also create new challenges of scale, performance, and security.
Approaching these challenges from an applications perspective, Cisco
® provides an integrated solution that enables our customers to automate Web services security, scalability, and performance improvements.
As described in this document, using the industry-leading Cisco ACE Application Control Engine application switch and Cisco ACE XML Gateway together, enterprises can easily automate these tasks, thus reducing the time and costs associated with configuration tasks while minimizing deployment complexity and risk.
Today customers typically deploy Extensible Markup Language (XML) gateways in the data center as a front-end to application servers hosting XML applications and Web services. As traffic is sent from clients to the data center application servers, it passes through the XML gateway to secure, offload, and accelerate message processing for XML traffic. Because today's XML gateways do not provide complete Layer 4 to Layer 7 application switching capabilities, XML gateways must be deployed in tandem with application switching platforms.
In typical implementations, the application switch and XML gateway are deployed as separate entities with no knowledge of each other. The application switch is unaware of the Web services traffic being processed by the XML gateway. At the same time, the XML gateway is unaware of the application switching services being provided by the application switch.
As a result, inserting an XML gateway for Web services processing requires the administrator to manually configure application switching policies on the application switch to help ensure that Web services traffic is properly directed to the XML gateway. Additional application switching policies must be configured to enable the application switch to properly load balance the Web services traffic among the servers. This process can be very complex, time consuming, and error prone.
The Integrated Cisco ACE and Cisco ACE XML Gateway Solution
The Cisco ACE application switch and Cisco ACE XML Gateway platforms have been designed to work together to automate and simplify Web services security and acceleration. Using an XML API, the Cisco ACE and Cisco ACE XML Gateway no longer are isolated and separate entities.
Using the XML API, they can discover each other and learn about each others' configurations. Furthermore, they can dynamically configure each other to enable automated Web services security and acceleration. Specifically, the Cisco ACE XML Gateway can automatically reconfigure the Cisco ACE to insert itself for Web services traffic processing. Also, the Cisco ACE can automatically add newly inserted Cisco ACE XML Gateway units to its service policy configurations, which provides an attractive way to insert Cisco ACE XML Gateways to automate Web services security and scalability. Only Cisco provides this unique integrated solution.
The Cisco ACE XML Gateway brings application intelligence to the network and enables efficient deployment of secure, reliable, and accelerated Web service environments based on XML and Simple Object Access Protocol (SOAP) using a shared, network infrastructure. It delivers an integrated XML firewall, providing the critical protection needed at each service perimeter, between untrusted and trusted zones. In addition to working with the transport and session layers of network traffic, the Cisco ACE XML Gateway differs from network firewalls in that it focuses primarily on the application layer and works with the payload of the XML message.
The Cisco ACE application switch product family provides administrators with new levels of control for deploying, securing, and accelerating applications across the extended enterprise and allows organizations to define, in unique virtual devices, available, fast, and secure application services. The unique virtualization capabilities of the Cisco ACE enable organizations to scale, accelerate, and secure application deployments, reduce costs in the data center, simplify application delivery network architectures, and centralize application delivery management tasks.
Deploying Cisco ACE and Cisco ACE XML Gateway together delivers the following benefits:
• Accelerated Web services rollouts through automated and simplified Cisco ACE and Cisco ACE XML Gateway configuration
• Maximized Web services application availability
• Accelerated Web services application performance
• Secured Web services applications
• Improved Web services application scalability
• Reduced capital expenses through fewer servers, load balancers, and data center firewalls
The integrated Cisco ACE and Cisco ACE XML Gateway solution will be available in 2008.
Cisco is the only vendor that offers a combined solution for Web application and Web services security and optimization. The Cisco ACE application switch and Cisco ACE XML Gateway have been proven in the marketplace by Fortune 100 enterprises wanting to secure Web services handling billions of dollars in transactions, from financial services, to consumer media, to manufacturing. The integration of the Cisco ACE XML Gateway with the Cisco ACE application switch product line makes Cisco the leading vendor of application delivery solutions.