Not all XML Gateways are Created Equal
1 like866 views
This document discusses considerations for business managers regarding the total cost of ownership of SOA gateways. It covers factors like cost of implementation, which can be impacted by a gateway's deployability across hardware, software, and virtual form factors, as well as its extensibility through SDKs and standards support. The cost of ongoing operation is also discussed, including manageability, scalability, reliability, and costs associated with updating and upgrading gateways over time. Layer 7 Technologies is highlighted as offering multiple deployment options and a focus on avoiding vendor lock-in.
Not all XML Gateways are Created Equal
- 1. Not All SOA Gateways Are Created Equal Considerations for Business Manager Managers Layer 7 Technologies White Paper
- 2. Not All SOA Gateways Are Created Equal Contents Introduction ................................................................ ................................................................................................ .................................................. 3 Cost of Implementation ................................ ................................................................................................................................ 3 ................................ Deployability ................................ ................................................................................................................................ ............................................. 3 Form Factor Considerations ................................ ................................................................................................ .................................................. 3 Extensibility ................................................................ ................................................................................................ ............................................... 4 SDK ................................................................ ................................................................................................ ........................................................ 4 Interoperability ................................ ................................................................................................................................ 4 ..................................... Standards Commitment ................................ ................................................................................................ ........................................................ 4 Cost of Operation ................................ ................................................................................................................................ .......................................... 5 Manageability ................................ ................................................................................................................................ ........................................... 5 Scalability and Reliability ................................ ................................................................................................ .......................................................... 5 Updating................................................................ ................................................................................................ .................................................... 5 Cost of Upgrade ................................ ................................................................................................................................ ............................................ 6 Repurchasing Gateways ................................ ............................................................................................................................ 6 ............................ About Layer 7 Technologies ................................ ................................................................................................ .......................................................... 7 Contact Layer 7 Technologies ................................ ................................................................................................ ....................................................... 7 Legal Information ................................ ................................................................................................................................ .......................................... 7 Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are ogies trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 2
- 3. Not All SOA Gateways Are Created Equal Introduction SOA Gateways were originally introduced to address common security and performance issues arising from the use s of XML-based messaging protocols in a Service Oriented Architecture (SOA). Over this decade, Gateway capabilities based have been broadened to address runtime policy enforcement issues (such as regulatory compliance, SLA conformation, and granular privacy and access control problems), as well as integration to third party service onformation, providers, whether across organizational boundaries; across the public internet, or (increasingly) between the enterprise and the cloud. But while all Gateways provide similar features/functionality, the Total Cost of Ownership (TCO) varies widely. For le Gateways, TCO extends well beyond just the initial licensing and implementation fees to include the cost of deploying, customizing, and managing the solution on an ongoing basis. In today’s economic climate, organizations the have expanded their evaluation focus to encompass criteria that will help them avoid lock in and undue operating lock-in costs. This white paper examines those factors that will have the greatest impact on total cost of ownership, namely cost of implementation, operation and upgrade upgrade. Cost of Implementation Beyond upfront licensing, the cost of implementation for an SOA Gateway typically includes configuration and ost customization expenses (a factor of the ease of extensibility of a Gateway) as well as ease of deployment. Other Gateway), costs can also include the time and resources to certify new hardware for deployment in a corporate datacenter. Layer 7 offers hardware, Deployability software, VMware and Deployment flexibility is key to lowering cost of implementation. Where some Amazon Machine Gateway vendors offer only hardware or software solutions, Layer 7 offers multiple Images, so customers form factors – including hardware, software, VMware and Amazon Machine Image can choose the most (AMI) – allowing customers to choose the most appropriate solution for their iate appropriate solution for purpose, deployment platform, budget, and/or stage of implementation. their purpose, platform, For example, some Gateway vendors leave organizations with no flexibility when it budget, and/or stage of comes to purchasing a Gateway for the purposes of developing and testing a implementation solution as they only offer a hardware-based solution. However, development deve organizations typically do not need the high performance of a hardware-based hardware solution. For this reason, Layer 7 makes available VMware VMware-based Gateways and even pay-as-you you-go Amazon Machine instances, which are a better fit (and more appropriately priced) for prototyping than production-ready production hardware solutions. Form Factor Considerations Hardware – Most SOA Gateway vendors offer hardware accelerated network appliances featuring dedicated chip sets to accelerate/offload common XML processes. By optimizing XML performance using a Gateway, organizations can reduce the load on their application servers, reducing the cost and frequency of server upgrades. cost Software/VMWare – While hardware-based Gateways are key in production settings, they are often an -based impractical (and costly) solution for development, testing or staging environments where software or VMware- software- based appliances are the preferred form factor. Layer 7 is one of the few vendors to offer both a VMWare and nces software Gateway at an economical price tag, while delivering identical feature/functionality as the hardware identical appliance. Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are ogies trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 3
- 4. Not All SOA Gateways Are Created Equal Additionally, Layer 7’s software Gateway can be implemented on customer eway customer-defined hardware – hardware that has already been tested and approved for use in their datacenter – eliminating the cost of testing and implementing a new hardware platform, while significantly decreasing support and maintenance costs. Virtual – Public and private clouds are gaining acceptance in the marketplace for their ability to convert CapEx to OpEx by offering cost-effective computing resources on effective on-demand. As a result, organizations have begun redesigning ations their own datacenters as private clouds, and consuming public cloud resources on a utility basis. Layer 7’s virtual cloud Gateway offerings (including both our Virtual Appliance and AMI) have made it possible for these organizations to spin up SOA Gateway instances in a multi-tenant environment in order to guard access to their tenant cloud-based services and APIs. Hardware based vendors are unable to accommodate these changing IT based Hardware-based requirements. Extensibility As the advent of the cloud so clearly co confirms, IT environments change. While Layer 7’s support for multiple form factors has been one way to help insulate customers against changes in the datacenter, accommodating business change requires extensibility – the ability to quickly and cost-effectively customize a solution to match evolving effectively business needs based on specific industry traits, existing corporate guidelines, and the organization’s unique business processes. Layer 7’s Custom Policy SDK Assertion SDK gives Layer 7’s Custom Policy Assertion SDK gives developers the ability to extend the developers the ability to Gateway’s functionality in order to accommodate their specific requirements extend the Gateway’s using standard Java programming. Custom Assertions can be created for proprietary message processing, pattern recognition and filtering, as well as functionality in order to interfacing to third party products, such as identity management infrastructure, third-party infrastructure accommodate their network monitoring applications, or anti anti-virus systems. specific requirements using standard Java In contrast, the extensibility of many other Gateways is limited. For example, to limited programming accommodate the kinds of customization listed above would typically require either the skills of an XSLT programmer (expensive compared to the ubiquity of Java programmers) and/or the addition of an application server ((such as WebSphere) to run the custom code. Interoperability Independent Gateway vendors like Layer 7 do not benefit from lock ndependent lock-in, but rather design from the ground up to accommodate a heterogeneous SOA environment based on Web services standards. As a result, Layer 7’s standards. Gateways interoperate with a wide range of products, including (for example) a wide range of leading identity, ateways access, SSO and federation systems, such as LDAP, Microsoft Active Directory/Federated Services, Oracle Access Manager, IBM Tivoli (TAM and TFIM), CA SiteMinder and TransactionMinder, Sun Java Access Manager and Novell Access Manager. Standards Commitment One of the best guarantees against vendor or platform lock in is wide support for Web services standards. Any lock-in credible vendor in the SOA Gateway market should be able to demonstrate a history of active participation in the standards bodies that govern Web services. This includes both authoring the standards and participating in regular both interops. Layer 7 has been an active participant in the OASIS, W3C and WS-I standards consortiums, and has helped drive key standards like WS-Policy, WS Policy, WS-SecurityPolicy, WS-Trust, WS-Federation, WS-I BSP to name a few. SP Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are ogies trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 4
- 5. Not All SOA Gateways Are Created Equal Cost of Operation While implementation costs represent a key factor in the TCO equation, they’re typically only a one-time cost. one Operational costs – including ongoing Gateway management, administration and updating – represent a far greater impact on total cost of ownership over time. Manageability Most SOA Gateways are implemented as a series of discrete functional units rather than as a cluster. While this can s functional provide some flexibility when it comes to deployment, it also dramatically raises administration costs as each Gateway must be separately configured, updated and managed. In contrast, Layer 7 Gateways feature true clustering capabilities and can be centrally administered as if they were a single device. For distributed organizations that span diverse development, test, staging, Layer 7 embeds these production and even cloud environments – worldwide – management becomes kinds of enterprise- even more costly and complex. Pain points arise around policy migration, scale management Gateway and service performance monitoring, and policy lifecycle and capabilities directly management (from authoring to deployment to change management). Layer 7 within the Gateway embeds these kinds of enterprise scale management capabilities directly within enterprise-scale itself – there’s no need the Gateway itself – there’s no need to deploy, manage and upgrade a separate nage to deploy, manage and product. For example, IBM typically recommends deploying “ITCAM for SOA” to upgrade a separate provide enterprise management capabilities for their DataPower products. And product while Layer 7 allows global management of all Gateways from a single locati location, TCAM is typically required to be deployed in multiple locations to support regional deployments. For those organizations that already have a monitoring and management infrastructure in place, Layer 7 offers out-of-the-box connectors to leading agent sed management products, as well as a robust API for integration box agent-based with monitoring, auditing and KPI tracking software. Scalability and Reliability Scalability and reliability should go hand in hand. While simply placing a load balancer in front of a series of Gateways can be a cheap and easy way to scale, solutions that offer built in clustering and failover can go a long built-in way to ensuring reliability by providing fault tolerance and high availability. As load increases, the ability to scale cost-effectively without affecting performance is key. effectively Layer 7’s true clustering capabilities (i.e., the ability to exchange information, load balance and automati automatically fail over) gives them the edge over other Gateways when it comes to horizontal scaling. Additionally, Layer 7’s software-based appliances give organizations the choice to scale vertically (which may be more cost effective) by based adding more processors to the server. Updating In an ideal setting, policies are developed, tested and implemented in production never to change. The reality, however, is that policies must change to keep up with evolving business needs, regulatory requirements and ory market demands. The ability to implement changes on the fly (without having to bring down the Gateway) is key to s. ensuring business as usual. Layer 7 provides the ability to implement changed/new policies in production without incurring downtime. In a cluster, policies are updated centrally, and then replicated between devices in real time without requiring off- real-time off Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are ogies trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 5
- 6. Not All SOA Gateways Are Created Equal lining, making for easy change management. Additionally, any Gateway/cluster worldwide can be backed up and restored from a centralized console, simplifying disaster recovery and ensuring business continuity. disaster In contrast, other SOA Gateways typically do not support cluster-wide administration, and thus requires wide administrators to manually replicate policies on each Gateway. In addition, policy changes usually cannot be canno implemented on the fly – rather, Gateways must be brought offline before updates can occur. Cost of Upgrade For hardware hardware-only Gateways, migrating between versions typically requires a Because some complete forklift upgrade. In effect, this means returning the existing Gateway; Gateway vendors are repurchasing new hardware; re implementing existing configurations and re-implementing hardware-dependent, policies; and re re-training on the new systems – all of which can be an expensive migrating between undertaking at a time when IT is experiencing more pressure on their budgets versions requires a than ever. complete forklift upgrade In contrast, Layer 7 offers an SOA Gateway whose hardware can be upgraded independently, giving customers the choice of remaining on their currently supported version of the product while upgrading (not migrating) to the latest hardware to take advantage of performance benefits. And not only can the new hardware be purchased for a nominal fee (a fraction of the initial purchase price), the original hardware can be repurposed as a general use server, affording total investment protection. Repurchasing Gateways In order to remain supported, customers are forced to repurchase new Gateways every three to five years when hree f the original hardware is retired. Despite paying a significant yearly support and maintenance fee, the repurchase price is typically (depending on your bargaining power) close to the initial purchase price, leading to an unreasonably high total cost of ownership for Gateway customers after just one or two hardware refreshes. A comparable deployment of Layer 7 hardware Gateways is significantly less expensive – as little as one third the cost. When considering development and test environments where most Layer 7 customers have t flexibility to the deploy software or VMware Gateways, the savings are even more dramatic. As long as Layer 7 customers remain , current on Support and Maintenance, the cost to upgrade between Layer 7 hardware platforms is nominal, with no charge for soft appliances. This represents a significant difference in total cost of ownership between Layer 7 and liances. other Gateways over just one or two refresh periods. As a result, the total cost of ownership for a Layer 7 solution is dramatically lower than other Gateway deployments, with initial purchase costs as little as one , one-third of the re-purchase price, and one quarter of the 3-5 3 year TCO. Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are ogies trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 6
- 7. Not All SOA Gateways Are Created Equal About Layer 7 Technologies With more than 150 customers across 6 continents, and successful partnerships with some of the largest ISVs and resellers in the industry, Layer 7 Technologies is the leader in SOA and cloud security and governance. Our award award- winning SecureSpan™ family of SOA Gateways feature sophisticated runtime governance, enterprise-scale Gateways enterprise management and industry-leading XML security. Our CloudSpan™ family enables enterprises and service providers leading to securely consume cloud services, as well as protect and control their own applications deployed in public and own private clouds. Founded in 2002, Layer 7 has a history of helping organizations address their security, visibility and governance issues by enabling them to control, manage and adapt their Web services, no matter the deployment model – in the enterprise or in the cloud cloud. Contact Layer 7 Technologies Layer 7 Technologies welcomes your questions, comments, and general feedback. Email: info@layer7tech.com Web Site: www.layer7tech.com Phone: (+1) 604-681-9377 1-800-681-9377 (toll free within North America) 9377 Fax: 604-681-9387 Address: Layer 7 Technologies 1200 G Street, NW, Suite 800 Washington, DC 20005 Layer 7 Technologies Suite 405-1100 Melville Street Vancouver, BC V6E 4A6 Canada Legal Information Copyright © 2011 by Layer 7 Technologies, Inc. (www.layer7tech.com). Contents confidential. All rights reserved. SecureSpan™ is a registered trademark of Layer 7 Technologies, In All other mentioned trade names and/or Inc. trademarks are the property of their respective owners. Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are ogies trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 7