News
News
4/22/2005
02:15 PM
Connect Directly
RSS
E-Mail
50%
50%

Review: XML Gateways

Network Computing tested three security devices and, although they all impressed, our top pick edged past the others thanks to stellar performance, flexibility and integration. Find out which one it is.

This product offers the most flexible authentication and authorization of the devices we tested, in addition to a dynamic DoS protection scheme and a highly navigable administration console.

The 2400 is a 1U appliance running Linux with dual 3.06-GHz Xeon processors and dual Gigabit Ethernet NICs, and 2 GB of RAM. It comes equipped with an nCipher HSM (Hardware Security Module) for SSL acceleration and a Tarari RAX processor for XML acceleration.

Only Reactivity provides devicewide defaults that we could easily override at the policy level. These defaults can significantly reduce the amount of time needed to configure policies and help satisfy corporate security policies by enforcing required levels of security. Although DataPower told us this functionality could be achieved on the XS40 through its new domain-based administration model, we didn't relish spending time and energy to implement what Reactivity provides out of the box. Not only could we set defaults on content filtering and override them at the policy level on the 2400, we could choose specific SQL injection protection according to the type of database: For Web services interacting with SQL Server 2000, we enabled the content filter specifically designed to protect SQL Server 2000. For Oracle, another content filter is provided by Reactivity out of the box.

The 2400's authentication and authorization options were equally impressive and showcased Reactivity's easy-to-use, albeit somewhat cluttered, Web console. We configured multiple methods of authentication and authorization on a per-operation basis and further specified multiple methods for any operation. Our only complaint revolves around LDAP configuration, which requires a Ph.D.--or at least an intimate knowledge of LDAP filters and regular expressions--to set up. We much preferred the simple configuration offered by DataPower and Sarvega, which let us specify that the user name and password extracted from the WS-Security header should be validated against our NWC Inc. AD 2000 server, but LDAP implementations are a pain across the board. And in Reactivity's case, with complexity we did get power--Reactivity's implementation is exceedingly flexible and dynamic, and with the right knowledge we could limit access based on any directory attribute. One nit: We'd like to see a basic configuration option that validates against LDAP. All the products require a user name and password with which to bind to the directory.

In our performance tests, Reactivity's appliance matched DataPower's and Sarvega's in accuracy--the 2400 did not allow a single invalid or malicious request to reach our back-end servers--but it did introduce some latency. Reactivity's engineers told us the device is optimized for the WAN, and our testing on a fully Gigabit network did not take advantage of these optimizations. Our imposed limit of 2,000 concurrent users led to Reactivity's lower performance numbers. When we removed the limits and reran the tests, all three devices showed an increase in the number of messages processed per second as the number of concurrent users increased, with most tests showing an average of 1,100 to 1,300 messages per second.

Reactivity XML Security Gateway and Manager 2400 Series, starts at $65,000. Reactivity, (866) 889-3485, (650) 551-7800. www.reactivity.com

Lori MacVittie is a Network Computing senior technology editor working in our Green Bay, Wis., labs. She has been a software developer, a network administrator and a member of the technical architecture team for a global transportation and logistics organization. Write to her at lmacvittie@nwc.com.

Previous
6 of 10
Next
Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.