Wednesday, October 29, 2008

Cache Machine

Caching is commonly used by XML Gateways in order to take processing off the services in a Services Oriented Architecture. Usually, the XML Gateway caches the responses from services, so that the response can come from the XML Gateway, rather than coming from the service itself.

Vordel's XML Gateways go a step further. As well as caching responses from services, you can cache any attribute which is used by the XML Gateway (for example a session token, a snippit of XML, a certificate looked up from an LDAP directory, or a computed value). Cache values are then looked up using a simple hashmap mechanism, as shown below:



Caching is an important part of any XML Acceleration exercise.

Tuesday, October 21, 2008

InformationWeek Review of Vordel's XML Gateway

(on the InformationWeek site and in the magazine).

Here is a snippit:
This appliance really packs a punch. The XML Gateway moves processor-intensive XML tasks from application servers to the network itself. While other vendors rely solely on hardware acceleration cards, like the Tarari XML Accelerator, Vordel leverages its own XML Acceleration Engine (VXA) for XML processing. This approach enables Vordel to offer XML acceleration in both software- and hardware-based appliances.

The hardware-based XML Gateway appliance runs on Vordel's VX Platform, a pre-hardened deployment environment. Essentially, the VX Platform sits atop theDell ( Dell) PowerEdge line of servers and is available in two form factors, depending on processing requirements. The VX platform offers cryptographic acceleration via an nCipher nShield Hardware Security Module (HSM), which applies SSL acceleration to transport-level security. Using redundant power supplies, network interfaces, and RAID-configured disks, the VX Platform eliminates single points of failure and offers high availability out of the box.


Vordel surrounds XML Gateway with a diverse and well-featured toolset. The Vordel Policy Director offers centralized policy creation and management, Vordel Reporter provides visibility and reporting on Web service metrics, and SOAPbox is a testing suite for XML applications. Each of these tools was easy to work with once set up and configured.

http://www.informationweek.com/news/software/soa/showArticle.jhtml?articleID=211201992



Thursday, October 16, 2008

TMCnet on SOA and Web Services

Richard Grigonis begins this examination of the current state of SOA (and WOA) with a quote from Voltaire, who quotes Locke . Into that illustrious company he then discusses Boomi, FastSoft, Iona, the TM Forum, and Vordel.

Here is a snippit (the full article at http://it.tmcnet.com/topics/it/articles/42983-soa-web-services-the-move.htm):

The Vordel XML Gateway employs the Vordel XML Accelerator (VXA) engine, to accelerate processor-intensive XML processing tasks. VXA maintains high levels of throughput without compromising security, abstraction, or policy enforcement.
From: http://it.tmcnet.com/topics/it/articles/42983-soa-web-services-the-move.htm

Friday, October 10, 2008

Four reasons why virtualization is a sweet spot for XML Gateways

Some Virtualization provides a number of great advantages for XML Gateways. As well as providing appliances and software XML Gateways (Sun Solaris, Windows, and Linux), Vordel provides virtual machine XML Gateways.

It's interesting to share four of the benefits which our customers who use Vordel XML Gateways in a virtualized environment are finding:

Benefit 1) With a virtualized image of an XML Gateway, you can provisioning new XML Gateways quickly, as traffic grows, faster than provisioning a new hardware XML Gateway appliance. For example, if you see traffic rising up to pass 66% of XML Gateway capacity, you can then provision a new XML Gateway quickly, to take up the load. Some VM management products will do this automatically. With virtualized XML Gateways, you are not waiting for the delivery of a new physical appliance, taking it out of the box, putting it onto the rack, etc. Rather, you are provisioning a new VM image.

This is also a lot more straightforward than installing software to provision a new XML Gateway, since with software you have to ensure that the host operating system environement is also locked down.

Benefit 2) You can take advantage of hardware performance updates (more CPU, more memory) without functionally affecting the XML Gateway.

Benefit 3) You can use a virtualized Vordel XML Gateway as a development environment. Rather than developing and testing policies against hardware XML Gateway appliances, you develop and test policies against what is effectively an emulator of an XML Gateway appliance. You can download the Vordel VX4000 emulator from the Vordel Extranet (screenshot below):



Benefit 4) A virtualized XML Gateway is an ideal demo and evaluation environment for an XML Gateway. I typically use a Virtual Machine "sandbox" which consists of sample Web Services, the Vordel XML Gateway, VordelReporter, and SOAPbox (to simulate traffic). This is everything you need to demo or evaluate an XML Gateway. It is a lot easier to bring this on-site in a demo presentation than to bring a physical appliance!

Here is a screenshot of the "XML Gateway Sandbox" which is a virtual machine environment includes everything you need to get your hands dirty with an XML Gateway (sample XML messages, sample Web Services, an XML Gateway, SOAPbox for sending messages to the XML Gateway, VordelReporter, real-time Monitoring, etc).



Contact Vordel at info@vordel.com if you are interested in a copy of the sandbox to play with yourself.

Sun Solaris XML Gateway case study

The Spanish Government case study on the Vordel Website describes a case study of a Vordel XML Gateway deployed on Sun Solaris in front of Web Services which provide government services.

The case study is interesting because it includes the usage of SAML to integrate with an existing identity silo. Check it out at: http://www.vordel.com/customers/gov.html

Thursday, October 9, 2008

Pen-testing a Web Service

The new 5-series SOAPbox, now on the Vordel site, includes the ability to mimic potential attack paths by automatically injecting malicious content into XML messages. Malicious content attack types include SQL Injection, XPath Injection and Message value fuzzing. Be sure to ensure that you are testing a Web Service which is under your control, or one which you are authorized to test, before sending harmful content to it!

Wednesday, October 8, 2008

Podcasts and Presentations from the Vordel "Vortex" conference

Podcast recordings, photos, and presentations from the Vordel "Vortex 2008" conference are now online at: http://www.vordel.com/presentations/conf_2008.html (password-protected).



There is also a photo slideshow at the same URL.

Monday, October 6, 2008

OWASP Hartford

Unfortunately the recent Sept 24th Hartford OWASP meeting clashed with Vordel's Vortex conference. Otherwise, I would have made the trek over on the Mass Pike and I-84 down to Hartford, to see two tantalizingly named presentations: "MAKING APPLICATIONS SECURE BY REMOVING SECURITY" by Andrew Stone from Accenture, and "TOP TEN BOGUS TECH QUOTES OF THE YEAR" by Paul Roberts of the 451 Group. Hopefully the presentations will be online on the OWASP Hartford site soon. Nice work by James McGovern in getting this new group up off the ground in what used to be virgin OWASP territory.

Which SOA Governance Dilbert character are you?

At the Vordel "Vortex" conference last week in Dublin, I used Dilbert analogies to explain some of the different users who Vordel 5 appeals to:

1) Developers (symbolized by Dilbert himself of course):
  • Policy Studio simplifies the developer's life by allowing policies for Web Services to be created using drag-and-drop and drag-and-link. No messing around with XSLT or XPath.
2) Network admins (which I've symbolized by Dogbert, Dilbert's nemesis, although I guess he is, strictly speaking, a consultant)
  • XML Gateway and XML Firewall which ensure that developers cannot create "Rogue Services", without the services coming under a policy umbrella. Also, because the XML Gateway and XML Firewall ensure that the XML traffic now is controlled, whether it is on Web protocols or on messages queues, it fits in with the world-domination plans of Dogbert.
3) Non-technical Managers (who I've symbolized by the Pointy-Haired Boss, of course)
  • VordelReporter provides reports on Web Service behaviour over time, answering questions like "Who uses each Web Service?", "What kind of response times are our Web Services providing?". But, arguably just as important for the Pointy-Haired Boss, it provides nice colorful views of Service Health (green for good, red for bad, orange for in-between)
  • The new Adobe Flash based Real-Time Monitoring provided as standard with the XML Gateway and XML Firewall. This provides an instant view on XML Networking usage, right in the browser, with spikes and troughs shown in real-time.



[ Dilbert characters courtesy of Scott Adams ]