Not All XML Gateways Are Created Equal

Considerations for Business Manager

Managers

Layer 7 Technologies

White Paper
Not All XML Gateways Are Created Equal

Contents

Introduction ................................................................
................................................................................................
.................................................. 3
Cost of Implementation ................................
................................................................................................................................
................................ 3
Deployability ................................
................................................................................................................................
............................................. 3
Form Factor Considerations ................................
................................................................................................
.................................................. 3
Extensibility ................................................................
................................................................................................
............................................... 4
SDK ................................................................
................................................................................................
........................................................ 4
Interoperability ................................
................................................................................................................................
..................................... 4
Standards Commitment ................................
................................................................................................
........................................................ 4
Cost of Operation ................................
................................................................................................................................
.......................................... 5
Manageability ................................
................................................................................................................................
........................................... 5
Scalability and Reliability ................................
................................................................................................
.......................................................... 5
Updating................................................................
................................................................................................
.................................................... 5
Cost of Upgrade ................................
................................................................................................................................
............................................ 6
Repurchasing Gateways ................................
............................................................................................................................
............................ 6
About Layer 7 Technologies ................................
................................................................................................
.......................................................... 7
Contact Layer 7 Technologies ................................
................................................................................................
....................................................... 7
Legal Information ................................
................................................................................................................................
.......................................... 7

Copyright © 2010 Layer 7 Technologies

ogies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 2
 Not All XML Gateways Are Created Equal

Introduction
XML Gateways were originally introduced to address common security and performance issues arising from the
use of XML-based
based messaging protocols in a Service Oriented Architecture (SOA). Over this decade, Gateway
capabilities have been broadened to address runtime policy enforcement issues (such as regulatory compliance,
SLA conformation,
onformation, and granular privacy and access control problems), as well as integration to third party service
providers, whether across organizational boundaries; across the public internet, or (increasingly) between the
enterprise and the cloud.

le all Gateways provide similar features/functionality, the Total Cost of Ownership (TCO) varies widely. For
But while
Gateways, TCO extends well beyond just the initial licensing and implementation fees to include the cost of
deploying, customizing, and managing ththe
e solution on an ongoing basis. In today’s economic climate, organizations
have expanded their evaluation focus to encompass criteria that will help them avoid lock
lock-in
in and undue operating
costs.

This white paper examines those factors that will have the greatest impact on total cost of ownership, namely cost
of implementation, operation and upgrade
upgrade.

Cost of Implementation
Beyond upfront licensing, the cost
ost of implementation for an XML Gateway typically includes configuration and
customization expenses (a factor of the ease of extensibility of a Gateway)
Gateway), as well as ease of deployment. Other
costs can also include the time and resources to certify new hardware for deployment in a corporate datacenter.

Layer 7 offers hardware,

Deployability
software, VMware and
Deployment flexibility is key to lowering cost of implementation. Where some
Amazon Machine Gateway vendors offer only hardware or software solutions, Layer 7 offers multiple
Images, so customers form factors – including hardware, software, VMware and Amazon Machine Image
can choose the most (AMI) – allowing customers to choose the most appropriate
iate solution for their
appropriate solution for purpose, deployment platform, budget, and/or stage of implementation.
their purpose, platform,
For example, hardware
hardware-only Gateway vendors leave organizations with no
budget, and/or stage of flexibility when it comes to purchasing a Gateway for the purposes of developing
implementation and testing a solution as they only offer a hardware-based
based solution.
soluti However,
development organizations typically do not need the high performance of a
hardware-based solution. For this reason, Layer 7 makes available VMware
VMware-based
based Gateways and even pay-as-you-
pay
go Amazon Machine instances, which are a better fit (and more appropriately priced) for prototyping than
production-ready hardware solutions.

Form Factor Considerations

Hardware – Most XML Gateway vendors offer hardware accelerated network appliances featuring dedicated chip
sets to accelerate/offload common XML processes. By optimizing XML performance using a Gateway,
organizations can reduce the load on their application servers, reducing the cost and frequency of server upgrades.

Software/VMWare – While hardware--based based Gateways are key in production settings, they are often an
impractical (and costly) solution for development, testing or staging environments where software-
software or VMware-
based appliances are the preferred form factor. Layer 7 is one of the few vendors to offer both a VMWare and
software Gateway at an economical price tag, while delivering identica
identicall feature/functionality as the hardware
appliance.

Copyright © 2010 Layer 7 Technologies

ogies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 3
Not All XML Gateways Are Created Equal

Additionally, Layer 7’s software Gateway can be implemented on customer

customer-defined hardware – hardware that has
already been tested and approved for use in their datacenter – eliminating the cost of testing and implementing a
new hardware platform, while significantly decreasing support and maintenance costs.

Virtual – Public and private clouds are gaining acceptance in the marketplace for their ability to convert CapEx to
OpEx by offering cost-effective
effective computing resources onon-demand.
demand. As a result, organizations have begun redesigning
redesig
their own datacenters as private clouds, and consuming public cloud resources on a utility basis. Layer 7’s virtual
cloud Gateway offerings (including both our Virtual Appliance and AMI) have made it possible for these
organizations to spin up XML Gateway
eway instances in a multi
multi-tenant
tenant environment in order to guard access to their
cloud-based
based services and APIs. Hardware
Hardware-based vendors are unable to accommodate these changing IT
requirements.

Extensibility
As the advent of the cloud so clearly co
confirms, IT environments change. While Layer 7’s support for multiple form
factors has been one way to help insulate customers against changes in the datacenter, accommodating business
change requires extensibility – the ability to quickly and cost
cost-effectivelyy customize a solution to match evolving
business needs based on specific industry traits, existing corporate guidelines, and the organization’s unique
business processes.

Layer 7’s Custom Policy SDK

Assertion SDK gives
developers the ability to
extend the Gateway’s
functionality in order to
accommodate their
specific requirements
using standard Java
programming
Java programmers)
ammers) and/or the addition of an application server ((such as WebSphere) to run the custom code.
Layer 7’s Custom Policy Assertion SDK gives developers the ability to extend the
Gateway’s functionality in order to accommodate their specific requirements
using standard Java programming. Custom Assertions can be created for
proprietary message processing, pattern recognition and filtering, as well as
interfacing to third
third-party
party products, such as identity management infrastructure,
network monito
monitoring applications, or anti-virus systems.
In contrast, the extensibility of many other Gateways is limited.
limited For example, to
accommodate the kinds of customization listed above would typically require
either the skills of an XSLT programmer (expensive compared to the ubiquity of

Interoperability
Independent
ndependent Gateway vendors like Layer 7 do not benefit from lock
lock-in,
in, but rather design from the ground up to
accommodate a heterogeneous
geneous SOA environment based on Web services sta standards.
ndards. As a result, Layer 7’s
Gateways
ateways interoperate with a wide range of products, including (for example) a wide range of leading identity,
access, SSO and federation systems, such as LDAP, Microsoft Activ
Active
e Directory/Federated Services, Oracle Access
Manager, IBM Tivoli (TAM and TFIM), CA SiteMinder and TransactionMinder, Sun Java Access Manager and Novell
Access Manager.

Standards Commitment
One of the best guarantees against vendor or platform lock
lock-in is wide support for Web services standards. Any
credible vendor in the XML Gateway market should be able to demonstrate a history of active participation in the
standards bodies that govern Web services. This includes both authoring the standards and participating
partici in regular
interops. Layer 7 has been an active participant in the OASIS, W3C and WS-I standards consortiums, and has
helped drive key standards like WS-Policy,
Policy, WS
WS-SecurityPolicy, WS-Trust, WS-Federation, WS-II BSP to name a few.

Copyright © 2010 Layer 7 Technologies

ogies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 4
Not All XML Gateways Are Created Equal

Cost of Operation
While implementation costs represent a key factor in the TCO equation, they’re typically only a one-time
one cost.
Operational costs – including ongoing Gateway management, administration and updating – represent a far
greater impact on total cost of ownership over time.

Manageability
Most XML Gateways are implemented as a series of discrete functional units rather than as a cluster. While this
can provide some flexibility when it comes to deployment, it also dramatically raises administration costs as each
Gateway must be separately configured, updated and managed. In contrast, Layer 7 Gateways feature true
clustering capabilities and can be centrally administered as if they were a single device.

For distributed organizations that span diverse development, test, staging,

Layer 7 embeds these
kinds of enterprise-
scale management
capabilities directly
within the Gateway
itself – there’s no need
to deploy, manage and
upgrade a separate
product
TCAM is typically required to be deployed in multiple locations to support regional deployments.
production and even cloud environments – worldwide – management becomes
even more costly and complex. Pain points arise around policy migration,
Gateway and service performance monitoring, and policy lifecycle
management (from authoring to deployment to change management). Layer 7
embeds these kinds of ent
enterprise-scale
scale management capabilities directly within
the Gateway itself – there’s no need to deploy, manage and upgrade a separate
product. For example, IBM typically recommends
ecommends deploying “ITCAM for SOA” to
provide enterprise manageme
management capabilities for their DataPower products. And
while Layer 7 allows global management of all Gateways from a single location,

For those organizations that already have a m

monitoring
onitoring and management infrastructure in place, Layer 7 offers
out-of-the-box
box connectors to leading agent
agent-based
based management products, as well as a robust API for integration
with monitoring, auditing and KPI tracking software.

Scalability and Reliability

Scalability and reliability should go hand in hand. While simply placing a load balancer in front of a series of
Gateways can be a cheap and easy way to scale, solutions that offer built
built-in
in clustering and failover can go a long
way to ensuring reliability by providing fault tolerance and high availability. As load increases, the ability to scale
cost-effectively
effectively without affecting performance is key.

Layer 7’s true clustering capabilities (i.e., the ability to exchange information, load balance and automatically
automati fail
over) gives them the edge over other Gateways when it comes to horizontal scaling. Additionally, Layer 7’s
software-based
based appliances give organizations the choice to scale vertically (which may be more cost effective) by
adding more processors to the server.

Updating
In an ideal setting, policies are developed, tested and implemented in production never to change. The reality,
however, is that policies must change to keep up with evolving business needs, regulatory
ory requirements and
market
et demands. The ability to implement changes on the fly (without having to bring down the Gateway) is key to
ensuring business as usual.

Layer 7 provides the ability to implement changed/new policies in production without incurring downtime. In a
cluster, policies are updated centrally, and then replicated between devices in real
real-time
time without requiring off-
off

Copyright © 2010 Layer 7 Technologies

ogies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 5
Not All XML Gateways Are Created Equal

lining, making for easy change management. Additionally, any Gateway/cluster worldwide can be backed up and
restored from a centralized console, simplify
simplifying
ing disaster recovery and ensuring business continuity.

In contrast, other XML Gateways typically do not support cluster-wide

wide administration, and thus requires
administrators to manually replicate policies on each Gateway. In addition, policy changes usually cannot be
implemented on the fly – rather, Gateways must be brought offline before updates can occur.

Cost of Upgrade
For
or hardware
hardware-only Gateways, migrating between versions typically requires a
Because some
complete forklift upgrade. In effect, this means returning the existing Gateway;
Gateway vendors are
repurchasing new hardware; re-implementing
implementing existing configurations and
hardware-dependent,
policies; and re
re-training on the new systems – all of which can be an expensive
migrating between
undertaking at a time when IT is experiencing more pressure on their budgets
versions requires a than ever.
complete forklift
upgrade In contrast, Layer 7 offers an XML Gateway whose hardware can be upgraded
independently, giving customers the choice ooff remaining on their currently
supported version of the product while upgrading (not migrating) to the latest hardware to take advantage of
performance benefits. And not only can the new hardware be purchased for a nominal fee (a fraction of the initial
purchase
rchase price), the original hardware can be repurposed as a general use server, affording total investment
protection.

Repurchasing Gateways
In order to remain supported, customers are forced to repurchase new Gateways every three hree to five
f years when
the original hardware is retired. Despite paying a significant yearly support and maintenance fee, the repurchase
price is typically (depending on your bargaining power) close to the initial purchase price, leading to an
unreasonably high total cost of ownership for Gateway customers after just one or two hardware refreshes.

A comparable deployment of Layer 7 hardware Gateways is significantly less expensive – as little as one third the
cost. When
en considering development and test environments where most Layer 7 customers have the flexibility to
deploy software or VMware Gateways,, the savings are even more dramatic. As long as Layer 7 customers remain
current on Support and Maintenance, the cost tto o upgrade between Layer 7 hardware platforms is nominal, with no
charge for soft appliances. This represents a significant difference in total cost of ownership between Layer 7 and
other Gateways over just one or two refresh periods.

As a result, the total costt of ownership for a Layer 7 solution is dramatically lower than other Gateway
deployments,, with initial purchase costs as little as one
one-third of the re-purchase price, and one quarter of the 3-5
3
year TCO.

Copyright © 2010 Layer 7 Technologies

ogies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 6
Not All XML Gateways Are Created Equal

About Layer 7 Technologies

With more than 100 customers across 6 continents, and successful partnerships with some of the largest ISVs and
resellers in the industry, Layer 7 Technologies is the leader in SOA and clo
cloud
ud security and governance. Our award-
award
winning SecureSpan™ family of XML Gateways feature sophisticated runtime governance, enterprise-scale
enterprise
management and industry-leading
leading XML security. Our CloudSpan™ family enables enterprises and service providers
to securely
urely consume cloud services, as well as protect and control their own applications deployed in public and
private clouds. Founded in 2002, Layer 7 has a history of helping organizations address their security, visibility and
governance issues by enabling them to control, manage and adapt their Web services, no matter where they
originate – in the enterprise or in the cloud
cloud.

Contact Layer 7 Technologies

Layer 7 Technologies welcomes your questions, comments, and general feedback.

Email:
info@layer7tech.com

Web Site:
www.layer7tech.com

Phone:
(+1) 604-681-9377
1-800-681-9377
9377 (toll free within North America)

Fax:
604-681-9387

Address:
Layer 7 Technologies
1200 G Street, NW, Suite 800
Washington, DC 20005

Layer 7 Technologies
Suite 405-1100 Melville Street
Vancouver, BC
V6E 4A6 Canada

Legal Information
Copyright © 2010 by Layer 7 Technologies, Inc. (www.layer7tech.com). Contents confidential. All rights reserved.
SecureSpan™ is a registered trademark of Layer 7 Technologies, Inc. All other mentioned trade names and/or
trademarks are the property of their respective owne
owners.

Copyright © 2010 Layer 7 Technologies

ogies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 7