McAfee Services Gateway

McAfee Services Gateway Overview:

McAfee® Services Gateway simplifies and secures application architecture on-premises or in the cloud. It expedites deployments by addressing common security and performance challenges and accelerates, secures, integrates, and routes XML, web services, and legacy data in a single, easy-to-manage solution.

Description:

McAfee Services Gateway is easily deployed and provides a layer of security, control, and management for your application-to-application traffic (e.g., SOA or REST). Services Gateway enables the enterprise to develop a standards-based policy enforcement point that is integrated with internal identity management solutions, middleware, and auditing/monitoring infrastructure. After corporate control is established with Services Gateway, administrators can offload security processing from middleware, safely expose APIs, and provide high-speed data mediation — all from a gateway deployed at the network edge.

As applications are exposed externally, Services Gateway is used to abstract, secure, and simplify services delivery. More than just middleware, an XML Gateway, or an XML firewall, Services Gateway delivers a unique set of features tailor-made to integrate, mediate, secure, and scale services in a dynamic application perimeter.

Legacy application protection and support for future business requirements — Support multiple communication types, protect legacy applications, and provide simple integration with current application standards.

Increased control and visibility — Integrate your external applications with existing enterprise systems such as McAfee Cloud Identity Manager or internal applications. Consolidate application logs and reporting.

Accelerated and optimized applications — Leverage the high-performance Intel Multi-Core architecture to scale and accelerate your applications.

Benefits and Features:

Solutions:

The Services Gateway

As applications are exposed externally, a services gateway is used to at the network edge to abstract, secure, and simplify services delivery. As a best practice for delivering application-toapplication, service-oriented architecture (SOA), or representational state transfer (REST)-based service interaction models, McAfee Services Gateway provides a unique set of features tailormade to integrate, mediate, secure, and scale services at the ever-changing application perimeter.

Secure the edge
The static network perimeter is gone. Regain control with a centralized policy enforcement point to authenticate, authorize, and govern service interactions with customers, partners, employees, and cloud providers (IaaS/PaaS) as they consume or deploy applications.

Build dynamic applications
Innovate faster, gain a competitive edge, and securely expose mass customizable applications on-premises or in the cloud, regardless of the abstraction pattern (SOA, WOA), delivery method (App Store, Cloud) or protocol (REST, SOAP).

Get more. Go neutral.
Break free of purpose-built inflexible appliances tied to expensive vendor suites. When it comes to lower cost, multicore optimized performance, ready middleware interoperability, and vendor viability, protect your investment with McAfee.

Flexibility without compromise
Simplify infrastructure by deploying on standard Intel Multi-Core servers. Address common SOA bottlenecks with specialized soft appliances with no compromise on extensibility or virtualization.

Protecting the Application Edge

The transition to cloud environments presents a catalyst for the enterprise to put in place a solution that works across internal and external domains. What is needed is a true cross-domain services gateway that provides application security across enterprise boundaries, no matter the protocol or deployment pattern. The Services Gateway is the ultimate control point for application interactions, connecting on-premises applications to external cloud providers, external business partners, or

McAfee Services Gateway is a highly scalable software product that provides common functions of a service bus, security gateway, and XML acceleration engine into a single product that scales on next-generation Intel Multi-Core servers for the modern virtualized data center. McAfee Services Gateway acts as the secure enterprise glue for large, complex, distributed applications that span multiple physical data center environments and multiple vendors based on common SOAP or REST service patterns.

The SOA security challenge
The biggest challenge for service-based, largescale applications that span data centers is application security, policy, and run-time control. Service-enablement of existing applications provides a universal SOAP or REST tunnel for function calls or data access which brings new security requirements such as SOAP or REST message-level security, service virtualization, delegated AAA functions, and threat prevention. Expansion towards cloud service provider API usage also increases the need for integrated authentication and identity management as well as threat defense. Perimeter defense or XML firewall functionality is as important as ever to protect applications from new breeds of content attacks. Furthermore, the proliferation of thirdparty cloud-based APIs creates new challenges around authentication and authorization, especially for enterprises that wish to use their existing identity management infrastructure to securely access cloud APIs and resources.

McAfee Service Gateway provides unmatched support for these features in a form factor that avoids the use of custom, hard-to-manage, proprietary XML hardware. It runs on secure, open operating systems, and avoids the "security by obscurity" problem with "hardened" hardware appliances.

The governance challenge
It's no mystery that the modern data center is an amalgamation of heterogeneous software and systems, brimming with complexity. McAfee Services Gateway reduces the management, development, and capital costs of large distributed applications that use any type of SOAP, REST, or custom service. It runs on industrystandard operating systems, like Linux and Microsoft Windows, and can secure, transform, route, and mediate among services offered by any vendor, whether they use a silo-, legacy-, or standards-based communication mechanism— or offer application functionality through an API. Furthermore, it uses a codeless Eclipsebased designer that supports simple or complex mediation applications.

As enterprises extend their applications to the cloud, functionality around API throttling and governance has become increasingly important. McAfee Expressway Services Gateway supports quality of service enforcement and API mediation functionality. This allows the enterprise to use the gateway as a security layer that abstracts APIs to external services and provides a central point of control for decoupling security policy from internal applications.

The core of McAfee Services Gateway run-time is the software appliance form factor. This means that McAfee Services Gateway can be managed through a web interface, complete with alarms, alerts, a dashboard, and self-healing, self-correcting capabilities. McAfee Services Gateway can also integrate with management consoles that support SNMP and JMX.

McAfee Services Gateway also supports a unique "power deploy" functionality that helps enable policy deployments across different physical networks. Finally, because McAfee Services Gateway is a software solution, it can be packaged into a virtual appliance and can run on popular platforms such as VMware or Amazon EC2.

The performance challenge
As applications grow larger, they tend to mix legacy (binary), plain-old-XML (POX), and web services (SOAP) data to support changing business requirements. Accelerating such a large distributed application requires optimizing not only "point" XML operations, such as transformation or validation, but also providing an optimized service mediation engine to orchestrate services that rely on these functions. McAfee Services Gateway provides a single run-time instance that offers XML and service mediation acceleration that scales with any Intel Xeon Multi-Core server, regularly beating custom hardware appliances by a factor of four to one or greater. McAfee Services Gateway instantly brings the power of Intel Xeon Multi-Core and Moore's Law to XML-rich business applications without requiring any special programming or any custom, proprietary hardware.

Category	Description
XML Firewall Threat Prevention	XML limit checking, SQL injection, DTD checking, XPath injection, forbidden RegEx scan, malformed XML attack, XML bomb attack, XSS protection, schema poisoning attack Adaptive denial-of-service protection and throttling Anti-virus protection using ICAP Enhanced content attack prevention for REST services (query parameters, headers, request methods)
Authentication and Authorization	X.509 certificate, CRL, username/ password, LDAP or Microsoft* Active Directory, Kerberos, SAML 1.0/1.1/2.0, Web SSO cookie and STS credential mapping, Amazon* Cloud API Integrates with CA* SiteMinder, Oracle* Internet Directory, Oracle* Access Manager, IBM* Tivoli Access Manager Integrates with XACML policy decision points, including Axiomatics* Policy Server and Oracle* Entitlements Server
Data Security	OASIS WS-Security 1.0/1.1, WS-Trust, W3C XML encryption and XML signatures, WS-I BSP 1.0/1.1, SOAP with attachments Data validation, schema validation, WSDL validation, SOAP filtering Supports customizable data security
XML Standards and Data Formats	XML, XPath and XSLT (1.0, 2.0), XML Schema Embedded XSL mapper for easy creation of style sheets Secure unstructured data streams: apply security policies to any data format using the embedded Informatica Data Transformation (DT) engine
Transport Layer Security	Support for multiple SSL identities, mutual auth, SSL v3 and TLS v1 SSL Support for HTTP, JMS, FTP, MLLP, Raw TCP, JDBC Customizable protocol support
Cryptographic Support	Supports DES, 3DES, AES, RSA v1.5, RSA-OAEP, SHA-1 and SHA-256 Supports hardware cryptographic acceleration and FIPS 140-2 Level 3 network-based hardware security module
Service Mediation	Secure SOAP, REST, JSON, or custom service mediation within the data center or across the Internet Supports Open Group's X/Open XA transaction standard for long-running transactions Proven integration with all major ISV middleware solutions
Service Governance	Message throttling and ordering High performance run-time policy enforcement for security, SLA, mediation, and transformation UDDI v2/v3 integration for API governance and retrieval Fine-grain service and policy monitoring Zero downtime dynamic policy updates for routing, attack signatures, validation, and transformation Integrates with business service repositories from SoftwareAG* CentraSite, Oracle, SAP
Supported Hardware	Any Intel Xeon Multi-Core server with 4 GB RAM (8 GB recommended)
Management and Monitoring	Cluster support allows a group of appliances to be managed and monitored simultaneously Eclipse-based Intel service and policy designer with pre-built templates Management through command line and SNMP and integrates with HP* OpenView, Microsoft* MOM Automated policy migration: supports policy deployment and dependency resolution across development, test, and production network environments.
Operating Systems	Red Hat* AS4/A5 (32- or 64-bit), SUSE Linux Enterprise 10 (32- or 64-bit), Oracle* Enterprise Linux, Solaris 10, Microsoft* Windows 2003 Server (32 or 64-bit), VMware ESX
Performance Features	Wire-speed XML processing engine optimized for Intel Multi-Core and SSE4.2 hardware instruction set Low sub-millisecond latency High concurrency I/O processing supports thousands of connections with low latency for SSL and non-SSL traffic Large XML processing (>1 GB) Embedded front-end load balancer Sophisticated back-end load balancing with auto-retry capability

*Other names and brands may be claimed as the property of others.

System Requirements:

These are minimum system requirements only. Recommended requirements are in parenthesis, where applicable. Actual requirements will vary depending on the nature of your environment.

Server Operating System

• Red Hat AS4/A5 (32-bit or 64-bit)
• SUSE Linux Enterprise 10 (32-bit or 64-bit)
• Oracle Enterprise Linux
• Solaris 10
• Microsoft Windows 2003 Server (32-bit or 64-bit)
• VMware ESX

Hardware Requirements

• ◦Any Intel Xeon Multi-Core Server with 4 GB RAM (8 GB recommended)

Documentation:

Download the McAfee Services Gateway Datasheet (PDF).