SecureSpan
SecureSpan™ Version 5
The SecureSpan 5 family of
appliances offers:
Enterprise-scale Management
Comprehensive dash-boarding and
reporting allows administrators to
centrally monitor the health and
performance of all SecureSpan
Gateways and associated services.
Policy Migration
Utilize a graphical interface to move,
copy or replicate policies and policy
fragments between SSGs located in
different environments (dev, test,
production, etc.), geographies or
settings (enterprise, cloud, etc).
Disaster Recovery
Policies, configuration and audit files
can be backed up to any SSG or
storage device, and then remotely
restored to any SSG in the extended
enterprise.
Remote Patching
Administrators can selectively
update any software installed on the
appliance, including system files, OS,
and/or third-party software (i.e.,
Oracle Service Bus).
Enhanced PKI
Improvements to the management
and signing of PKI certificates
simplify administration, export and
expiry/re-issuing of certificates.
To learn more about upgrading to
SecureSpan 5, call 1-800-681-9377
(toll free within North America) or
+1.604.681.9377
Centrally Manage and Monitor Your SecureSpan Gateways
Simplify policy migration, disaster recovery, and global Gateway
management from a central, comprehensive operations console
Gain Visibility
The latest version of the SecureSpan family of appliances bundles industry-leading
industry XML
security and sophisticated runtime governance, with enterprise-scale
enterprise management – all at a
lower total cost of ownership than assembling separate solutions.
SecureSpan 5’s management capabilities are principally provided by the new Enterprise
Service Manager (ES
(ESM), which lets administrators gain greater visibility into the
performance of all their SecureSpan Gateways (SSGs) and associated services (whether
those services originate in-house or in the cloud) from a single location.
location By enabling ESM’s
management capa
capabilities on their SecureSpan Gateways,, organizations can centrally:
• Manage the health and performance of all SSGs/SSG clusters, setting thresholds
that spawn alerts based d on performance and exceptions
• Measure and report on the performance of services proxied by all SSGs
• Generate reports on key audit/events/metrics, such as throughput, routing failures,
utilization and availability rates to determine which partners/customers/users
partners are
higher versus lower risk; which are performing to SLA; which are generating
gene alerts
based on breaching set thresholds, etc.
• Log and audit connections to both external (cross domain) and internal services to
discover which ones are critical for which users
• Choose to parse message-levellevel content and extract key identifiers (such
(suc as user
name, customer id, client IP address, etc.), and then generate reports based on all
traffic associated with that identifier in order to locate patterns and trends that
impact performance.
Simplify Management
Administ
dministrators can take advantage of new backup functionality to copy policies,
configuration and auditing data of any SSG/SSG cluster to a secure destination on their
network, or to a removable device for off
off-site storage.. Administrators can then remotely
restore that backup to any SecureSpan appliance in the enterprise, enabling full disaster
recovery.
Additionally, once the ESM has been enabled, p policies
olicies and policy fragments can be centrally
propagated
ropagated between SSGs/SSG clusters in different environments (i.e., development vs. test
vs. production), geographies or settings (i.e., enterprise vs. cloud).
cloud) Migration is facilitated by
a graphical user interface that shows all SSGs and associated policies in the extended
enterprise. Jus
Just select the policies/policy fragments to be moved and the system will
automatically highlight any d discrepancies
iscrepancies between the originating and target SGGs/SSG
clusters (such as differing IP addresses; differently named LDAPs; differing SSG licenses or
RBAC, etc), prompting you to resolve them.. This “mapping” can then be saved and re-used
re
for future migrations
migrations, automating the migration process and dramatically decreasing risk of
migration
migration.
New Features
Enterprise-scale Management
Operations Console • A single, real time view of all Gateways across the enterprise and cloud
showing audits, events and key metrics
Policy Migration • Centrally move policies between environments (development, testing, staging,
production, etc), settings (enterprise, cloud, etc) or geographies, automatically
resolving discrepancies such as SSG licenses, IP addresses, IT resources (i.e.,
LDAPs may be named differently), etc
Services Reporting • Configurable, out-of-the-box reports provide insight into SSG operations,
service-level performance, and service user experience
Remote Patching • Selectively update any software installed on Gateways, including system files
and OS
Disaster Recovery • Centrally back up SSG config files and policies from one or more
Gateways/clusters, and remotely restore, enabling full disaster recovery
Management API • Remote management APIs allow customers to hook their existing, third-party
management tools into the SSG, simplifying asset management
Public Key Infrastructure (PKI)
Managing and Signing of • Expired certificates are identified and flagged, simplifying management
Certificates • Multiple Trusted Certificates can be stored in the same Distinguished Name
(DN), allowing reissue of certifications before they expire
• Export key pairs as PKCS #12 files (PFX filed) for use on another system
• Save Certificate Signing Requests (CSRs) as BASE64 PEM files
• Support for signing/encrypting XML elements not inside a SOAP envelope
• Support for signing SSG-generated SOAP faults
• Granular control for how client certificates are retrieved and validated
JDBC Support
Database Querying • Query external databases using the “Perform JDBC Query” assertion
Connection Management • Manage all JDBC connections using the SecureSpan Manager
Policy Management
Policy Organization • Organize policies to reflect the way your business works by aliasing folders
containing policies/policy fragments in order to associate them with business
units, geographies, customers, and so on
Testing • Selectively disable assertions, facilitating policy debugging
Administration
SSG Config • The revised setup and configuration routine eliminates the need for partitions
Security • Optionally choose to secure the traffic between the SSG and SysLog/LDAP
servers using SSL
Logging/Auditing • Viewer supports more display/formatting and querying/searching capabilities,
making log files easier to work with
• Support for sending audits to external databases, message queues, or other
external locations
Role Assignment • Groups can be assigned a Role, allowing administrators to grant/revoke role
assignments for multiple users in a single action

Copyright © 2010 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.
Identity and Message Level Security
Cryptography • Support for external HSMs (i.e., SafeNet Luna)
• Support for elliptic curve cryptography (conforms to NSA’s Suite B algorithms)
• FIPS 140-2 support in both hardware (Level 3) and software (Level 1)
Digital Signatures • Support for multiple digital signatures, allowing different entities to sign
different parts of a single message
• Sign or encrypt XML elements that are not inside a SOAP envelope
Form Factors
Hardware • Active-active clusterable, dual power supply, mirrored hot-swappable drives,
2-way dual core Sun 1U server
Software • Solaris 10 for x86 and Niagara, SUSE Linux, Red Hat Linux 4.0/5.0
Virtual Appliance • VMware/ESX (VMware Ready certified)
Cloud • Amazon EC2 AMI
Supported Products
Operating System • Added support for Red Hat Enterprise Linux (RHEL) 5
Database • Added support for MySQL 5
VMware • Added support for 64-bit images
CentraSite • Improved integration with Software AG’s CentraSite Active SOA
Supported Standards
XML 1.0, SOAP 1.2, REST, AJAX, XPath 1.0, XSLT 1.0, WSDL 1.1, XML Schema, LDAP 3.0, SAML 1.1/2.0, PKCS #10,
X.509 v3 Certificates, FIPS 140-2, Kerberos, W3C XML Signature 1.0, W3C XML Encryption 1.0, SSL/TLS 1.1 / 3.0,
SNMP, SMTP, POP3, IMAP4, HTTP/HTTPS, JMS 1.0, MQ Series, Tibco EMS, FTP, WS-Security 1.1, WS-Trust 1.0, WS-
Federation, WS-Addressing, WSSecureConversation, WS-MetadataExchange, WS-Policy, WS-SecurityPolicy, WS-
PolicyAttachment, WS-SecureExchange, WSIL, WS-I, WS-I BSP, UDDI 3.0, XACML 2.0 / 1.1 / 1.0, MTOM

To learn more about how to upgrade to SecureSpan 5, call us today at +1 800.681.9377 (toll free within
North America), or +1.604.681.9377, or visit us at www.layer7tech.com.

Copyright © 2010 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.