XML Gateway Leads The SOA Specialist Charge
Vordel's updated network appliance takes the heavy lifting off application servers.
The Upshot
Claim: Vordel's XML Gateway is a pre-hardened network appliance that promises to offload processor-intensive tasks running on application servers. In addition to routing XML traffic based on content or sender, it performs XML content screening and transforms XML payloads on the fly. The XML Gateway protects services and mediates communications between service consumers and providers, while its software-based VXA engine provides XML acceleration for XPath expressions, XML schema validation, and XSL transformations on both hardware- and software-based appliances.
Context:
Vordel has been one of the more aggressive SOA appliance players, and Version 5.0 of the company's XML Gateway provides an impressive range of functionality, from identity management and mediation to XML content inspection and enrichment. Vordel delivers this functionality using a feature-rich suite of tools; in addition to the Vordel Policy Director, which provides policy management, Vordel also offers Vordel Reporter for full visibility reporting on Web service use, and Vordel SOAPbox, which proved to be a useful test harness for XML applications. We previously tested in this Rolling Review Layer 7's SecureSpan XML Networking Gateway, a hardware-accelerated XML firewall and service gateway, and are looking to bring products from Cisco and IBM into our lab.
Credibility:
Vordel's claim for ease of deployment and centralized policy management is well-founded. In our lab tests, we were able to quickly set up both software and hardware-based appliances and manage policies across them. This is a nice feature and obviates having to manage silos of policies across XML appliances.
ABOUT THIS ROLLING REVIEW:
The focus is on SOA appliances. To qualify, products must provide XML security, acceleration, transformation, and parsing functionality. We're evaluating appliances based on ease of installation and configuration, breadth of functionality, management capabilities, features, and price.
Each vendor must provide pricing for a product configuration capable of acting as an XML security gateway in connection with XML acceleration requirements.
When we embarked on this Rolling Review to assess SOA appliances that provide XML security, acceleration, transformation, and parsing, we weren't expecting to find feature-packed products where Web services meet the network. However, as our previous tests of Layer 7's SecureSpan XML Networking Gateway proved, these appliances are mature enough to consolidate specific SOA services and XML processing on the network itself.
Vordel's XML Gateway, which gets the Rolling Review treatment this time around, delivers additional proof of that maturity. This appliance really packs a punch. The XML Gateway moves processor-intensive XML tasks from application servers to the network itself. While other vendors rely solely on hardware acceleration cards, like the Tarari XML Accelerator, Vordel leverages its own XML Acceleration Engine (VXA) for XML processing. This approach enables Vordel to offer XML acceleration in both software- and hardware-based appliances.
The hardware-based XML Gateway appliance runs on Vordel's VX Platform, a pre-hardened deployment environment. Essentially, the VX Platform sits atop the Dell PowerEdge line of servers and is available in two form factors, depending on processing requirements. The VX platform offers cryptographic acceleration via an nCipher nShield Hardware Security Module (HSM), which applies SSL acceleration to transport-level security. Using redundant power supplies, network interfaces, and RAID-configured disks, the VX Platform eliminates single points of failure and offers high availability out of the box.
Vordel surrounds XML Gateway with a diverse and well-featured toolset. The Vordel Policy Director offers centralized policy creation and management, Vordel Reporter provides visibility and reporting on Web service metrics, and SOAPbox is a testing suite for XML applications. Each of these tools was easy to work with once set up and configured.
Racked, Ready, Go
During our test drive, we found the rack-mountable hardware appliance relatively painless to install and set up. Once the appliance was racked and powered up, a Web-based administration interface enabled us to configure the host name and IP address of the appliance; the default gateway, DNS server, and SSH server for it to use; the system time; system users; and other tools that can assist administrators in managing the appliance.
Next, we installed the Vordel Policy Director, which allows Vordel to centralize policy management across XML Gateway appliances and XML firewalls. This time, installation and configuration were a bit more involved, because the Policy Director comprises three components: Policy Director Server, Policy Director Consol, and Policy Studio.
The Policy Director Server is the central Policy Director component, and Vordel recommends running this on a dedicated host. The Policy Director Server maintains historical versions of policies that can be deployed to multiple XML firewalls and/or XML Gateway instances that are running throughout the network. Multiple versions of policies can be loaded from the Policy Director Server and pushed out to processes using the Policy Director Console.
The final piece of the setup is Policy Director Studio, the tool that developers, network administrator, and operations personnel will use. Policy Director Studio acts as the user interface to configure and manage policies enforced on the appliance. Setup of Studio was very straightforward.
What's The Privacy Policy?
Policies define rules for how an XML Gateway-protected service can be consumed. The Vordel XML Gateway enforces a vast number of policies. Once we defined the policies using Policy Studio, we could limit users' service access by HTTP basic authentication, XPath credentials, and service availability.
Policy Studio is a powerful mechanism for policy creation and maintenance, and role-based access to policies is a nice feature. The Policy Director architecture eliminates the need to manage a group of isolated policies across individual XML Gateways.
With XML Gateway, Vordel targets the enterprise, and the product's benefits are most fully realized when running multiple XML Gateways within the network. Implementing Vordel's architecture does take some planning, but overall, Vordel provides a well-thought-out system that centralizes policy management and performs ably under load. And, we found pricing competitive: $59,000 for the XML Gateway appliance hardware, or $35,000 for the XML Gateway software appliance.
Erik Pieczkowski is an enterprise architect and partner with Synegen. His experience ranges from the design and development of high performing, message-driven systems to building and deploying scalable SOAs. Write to him at [email protected].
About the Author
You May Also Like