Before we even get into what a DataPower Gateway is, let’s begin by discussing what a “gateway” is, how they differ and why you could potentially want another.
First, a “gateway” is simply a device that joins together two different networks. In the most common scenario, your enterprise networks with the Internet. A router is an example of a gateway device. It directs and decides where information packets are sent.
Another term to understand regards a firewall. A firewall is a filter that examines said packets, against a set of defined rules, in order to decide whether to allow the packets access. Your security and infrastructure team go to great lengths to ensure firewalls are implemented to prevent unwanted access to your network(s).
Finally, a DataPower gateway is a hybrid implementation of the network components (the gateway + a firewall) just mentioned. It is not meant to replace those components, but to supplement them with a specialized application layer (i.e., Layer 7) protocol. The application layer allows your enterprise to implement specialized application services, and DataPower provides additional security that routers and firewalls do not.
So, what does a DataPower Gateway provide that the other network devices don’t do well (or at all) and why are they important to your company?
Here are a few features you can achieve through DataPower:
1. Wire speed XML Parsing
Extensible Markup Language (XML) has been around for quite some time and is used to represent the data exchanged between multiple parties. XML provides a tagged method to identify data elements so that you, your partners, and customers can exchange XML documents as a way to share data.
The problem with XML is not all information passed in an XML document is always needed. To be as efficient as possible, it is a good practice to “starve” the data elements down to just that which you require. The way of filtering these fields is called “parsing”. Parsing in application servers is slow. Load balancing the requests, in order to perform a task to meet a specified service level, becomes necessary when you encounter large volumes of parsing. This can lead to even larger server farms, more administration (backups, fix-packs, etc.) and increased hardware/software costs.
DataPower has a special, built-in XML parsing chipset designed to parse at the speed-of-the-wire, vastly outperforming server based parsing. This specialized application feature is what makes DataPower stand out from the other previous mentioned devices.
If you are already using multiple servers to load balance parsing of XML traffic, you should consider routing those transaction through DataPower and apply your parsing on the “wire”. If you could reduce the effort spent on supporting the server farm, while simultaneously reducing your costs, what are you waiting for? It’s faster to ride in a car than ride a bicycle.
2. Authentication/Authorization and token switching
Gateways primarily reside on the edge of the network. That is an optimal location to perform authentication and authorization. Not only does DataPower integrate with many authentication/authorization servers, but it can also switch the authentication tokens to another format (i.e., basic authentication to Kerberos). Being that DataPower is standards-based, it works with pretty much any authentication mechanism. If your authentication/authorization server is not available out-of-the-box, you can also accomplish the integration using a custom stylesheet. This feature makes DataPower a powerful gateway addition.
3. Advanced Security Implementation
DataPower provides enhanced security to implementations, such as Layer 7. For instance, DataPower has a built-in, specialized ability to encrypt and decrypt at the speed-of-the-wire, meaning you can apply encryption to the XML payload. You have the ability to sign with digital certificates, as well as verify signatures from other partners’ payload. Plus, DataPower can also perform 2-factor authentication using a variety of methods.
Another very common use of DataPower is to use it to manage SSL/TLS. Since DataPower can live in a DMZ, on the edge of the network, it’s best to establish the security there, instead of letting it pass through to your backend servers.
Finally, DataPower provides XML threat protection and SQL injection filtering that other devices or applications are incapable of performing.
There are many more security features in DataPower, but these are just a few to highlight, but remember you are merely scratching the surface.
- Take the time to investigate your DataPower implementation to see if you are taking full advantage of the features.
- DataPower is a secure appliance. Involve your architects and security teams to ensure you are maximizing your investment.
- If you are considering publishing API’s, you will need a powerful gateway.
Want to know more? Contact iSOA Group at email@example.com.