Runtime Governance for SOA and Cloud Computing

XML Gateway

Subscribe to XML Gateway: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get XML Gateway: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


XML Gateway Authors: Mamoon Yunus, Dirk Zwart, Rizwan Mallal, Mark O'Neill, Ron Schmelzer

Related Topics: XML Magazine, XML Gateway

Article

Tale of Two XML Gateways

Hardware vs. Software Gateways

XML Magazine on Ulitzer

These days,  XML Gateways are a core infrastructure component of any enterprise SOA deployment.  XML Gateways provide the ability to integrate services securely with granular access control, data-level encryption, integrity through signatures and XML threat mitigation.  XML Gateways can be deployed as a hardware appliance or as a software gateway ( also as cloud based instances).  Both of these form factors have their advantages and disadvantages.  This article provides readers with a quick synopsis of the pros and cons of each form factor.

XML Gateway Hardware Appliance:
Advantages:

  • Accelerated SSL and XML Security operations.
  • Tamper proof security of PKI keys via Hardware Security Module (HSM).
  • Ease of installation and manageability.
  • High level of security assurance since a hardware appliance runs dedicated XML Gateway security firmware.
  • Best suited for edge deployments such as the corporate DMZ.
  • No dependency on various flavors of operating systems thus leading to quick resolution to bugs.


Disadvantages:

  • Cost is higher for a hardware appliance.
  • Slows down Test and Dev SOA users as non-production hardware appliances are time-shared for staging and testing.
  • Enterprise customers are dependent on vendors for hardware upgrades.


XML Gateway Software:
Advantages:

  • Less expensive than a hardware appliance.
  • Test and Dev SOA users can run the software on their laptops/desktops thus increasing their productivity.
  • Customers can run the software as a virtual appliance on a hardware of their own preference.
  • Can be installed on the same platform as the end service application thus fulfilling last mile security requirement.
  • Easily run as a cloud based instance.

Disadvantages:

  • Performance slows significantly when heavy cryptographic processing is required for SSL and XML Security operations.
  • Keys are stored on a standard hard disk and are not tamper proof.
  • Installation of the software is on a platform shared with other applications thus making it less secure.
  • Edge deployments such as in the corporate DMZ are more susceptible to attack with software installations.


Given the above points, one can comfortably come away with some clear cut recommendations.  If one is thinking of a production deployment at the edge of a corporate network that requires processing of high volume traffic, than an XML Hardware appliance is preferred. If the requirement for Dev/QA users is to configure XML policies and stage them before roll out, than a XML Software Gateway is preferred.  There are instances where one could see a hybrid deployment model in the enterprise.  For production use cases, a hardware appliance is deployed while for QA/Dev work a software gateway is deployed.  In the end, each customer deployment is unique which will determine the type of XML Gateway form factor to be used in the infrastructure.

More Stories By Rizwan Mallal

Rizwan Mallal serves as the Vice President of Operations at Crosscheck Networks, Inc. As a founding member and Chief Security Architect of Forum Systems, the wholly owned subsidiary of Crosscheck Networks, Rizwan was responsible for all security related aspects of Forum's technology.

Previously, Rizwan was the Chief Architect at Phobos where he was responsible for developing the industry's first embedded SSL offloader. This product triggered Phobos's acquisition by Sonicwall (NASD: SNWL). Before joining Phobos, he was member of the core engineering group at Raptor Systems which pioneered the Firewall/VPN space. Raptor after its successful IPO was later acquired by Axent/Symantec (NASD:SYMC).

Rizwan started his career at Cambridge Technology Partners (acquired by Novell) where he was the technical lead in the client/server group.

Rizwan holds two patents in the area of XML Security. Rizwan has a BSc. in Computer Science from Albright College and MSc. in Computer Science from University of Vermont.