Presentation is loading. Please wait.

Presentation is loading. Please wait.

XML-Aware Networking DataPower Technology, Inc. One Alewife Center Cambridge, MA 02140 +1 617 864 0455 Rich Salz, Chief Security.

Published byKevin Reyes Modified over 10 years ago

Similar presentations

Presentation on theme: "XML-Aware Networking DataPower Technology, Inc. One Alewife Center Cambridge, MA 02140 +1 617 864 0455 Rich Salz, Chief Security."— Presentation transcript:

1 XML-Aware Networking DataPower Technology, Inc. One Alewife Center Cambridge, MA 02140 http://www.datapower.com +1 617 864 0455 Rich Salz, Chief Security Architect

2 2 Copyright 2005 DataPower XML Benefits and Costs XML Has Many Architectural & Business Benefits Dramatically lowering cost & time for EAI / b2b Dramatically lowering cost & time for EAI / b2b Flexible websites and one-source publishing Flexible websites and one-source publishing Code reuse, easy debugging Code reuse, easy debugging XML is foundation for web services XML is foundation for web services Broadest industry support since HTTP Broadest industry support since HTTP …But Also Some Real World Drawbacks Scalability: XML is bandwidth, CPU and memory intensive Scalability: XML is bandwidth, CPU and memory intensive Performance: some XML apps literally grind to a halt Performance: some XML apps literally grind to a halt Insecure: connecting systems never before connected Insecure: connecting systems never before connected Insecure: clear text over HTTP with no inherent security Insecure: clear text over HTTP with no inherent security Standards are still in flux Standards are still in flux Financial, technical and organizational challenge Financial, technical and organizational challenge

3 3 Copyright 2005 DataPower Historical Trend Favors XAN Commodity Processes Migrate to Hardware

4 4 Copyright 2005 DataPower XML-aware Network Infrastructure The Performance Performance Security Security Manageability Manageability that you expect from your IP network for your XML apps

5 5 Copyright 2005 DataPower Security and Protocol Layers XML/SOAP HTTP Intermediary HTTP WS-Security XML DSig point-to-point Sender Receiver end-to-end S XML Encryption S XML Access Control

6 6 Copyright 2005 DataPower Measuring XML Performance Broad range of XML operations – parse, validate, transform, route, encrypt Broad range of XML operations – parse, validate, transform, route, encrypt Applications operate on messages, not packets Applications operate on messages, not packets Message size varies from 10 bytes to 1+ gigabyte Message size varies from 10 bytes to 1+ gigabyte XML content complexity varies XML content complexity varies Processing can change message size & content Processing can change message size & content PPS or TPS not very useful PPS or TPS not very useful DataPower XSLTMark (2000) – defined throughput as (bytes_in + bytes_out)/ 2 DataPower XSLTMark (2000) – defined throughput as (bytes_in + bytes_out)/ 2 Good: gives useful rule-of-thumb Good: gives useful rule-of-thumb Bad: does not account for type of XML processing Bad: does not account for type of XML processing

7 7 Copyright 2005 DataPower Anatomy of XML Security Performance Performance is key to security Performance is key to security Each security function requires XML processing Each security function requires XML processing Must implement all services without any compromise Must implement all services without any compromise Need ability to scale as content and user base grows Need ability to scale as content and user base grows Encrypted & Signed SOAP/XML Transaction Approved, decrypted and validated SOAP/XML Transaction Processing Steps Schema Validation Parsing XPath Filtering XML Decryption XML Encryption Signature Verification Schema Validation XML Transformation XML Signing 1 3 5 8 8 1 3 10 6 8 -- Crypto Ops -- XML Ops

8 8 Copyright 2005 DataPower Software Time XML Security Tasks XML Crypto Tasks Pure XML Tasks XML Proc. Crypto Proc. Contribution of XML Processing to Security Basic XML Processing Impact of Crypto Accel. XAN Advantage SoftwareSoftware w/ Crypto Acceleration Software Software w/ Crypto Acceleration x10 XML Security Performance Analysis DataPower

9 9 Copyright 2005 DataPower XML Processors XML-specific hardware for: XML-specific hardware for: XPath XML Schema XML parsing Text inspection Implements Key Standards: Implements Key Standards: XML 1.0 & 1.1 XML Namespaces XML Schema XPath 1.0 XSLT 1.0 PCI-X Interface PCI-X Interface Parallel processing Parallel processing Much more power efficient than systems using general purpose CPU Much more power efficient than systems using general purpose CPU

10 10 Copyright 2005 DataPower Vendor Example: DataPower XA35 XML Accelerator Offload XML processing Offload XML processing No more hand-optimizing XML No more hand-optimizing XML XS40 XML Security Gateway Security Security Agility – future-proof Agility – future-proof True network device True network device XG4 XML-aware subsystems First to break XML gigabit barrier First to break XML gigabit barrier Highly embeddable OEM solution Highly embeddable OEM solution Broad applications Broad applications XI50 Integration Appliance Application-oriented networking Application-oriented networking Groundbreaking DOP architecture Groundbreaking DOP architecture Integrated message-level security Integrated message-level security XI50 Integration Device

Download ppt "XML-Aware Networking DataPower Technology, Inc. One Alewife Center Cambridge, MA 02140 +1 617 864 0455 Rich Salz, Chief Security."

Similar presentations

Connected Health Framework

Connected Health Framework
IBM Software Group ® SOA – Successful Adoption and Barriers IDC Service-Oriented Architecture Conference 2005 Rick Robinson, IT Architect, IBM EMEA WebSphere.

IBM Software Group ® SOA – Successful Adoption and Barriers IDC Service-Oriented Architecture Conference 2005 Rick Robinson, IT Architect, IBM EMEA WebSphere.
Eclipse, M2M and the Internet of Things

Eclipse, M2M and the Internet of Things
Eclipse, M2M and the Internet of Things

Eclipse, M2M and the Internet of Things
Hello i am so and so, title/role and a little background on myself (i.e. former microsoft employee or anything interesting) set context for what going.

Hello i am so and so, title/role and a little background on myself (i.e. former microsoft employee or anything interesting) set context for what going.
Qusay H. Mahmoud CIS*6650.01 1 CIS*6650.01 Service-Oriented Computing Qusay H. Mahmoud, Ph.D.

Qusay H. Mahmoud CIS* CIS* Service-Oriented Computing Qusay H. Mahmoud, Ph.D.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Cloud Computing: Theirs, Mine and Ours Belinda G. Watkins, VP EIS - Network Computing FedEx Services March 11, 2011.

Cloud Computing: Theirs, Mine and Ours Belinda G. Watkins, VP EIS - Network Computing FedEx Services March 11, 2011.
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
Federal Student Aid Technical Architecture Initiatives Sandy England

Federal Student Aid Technical Architecture Initiatives Sandy England
SOA with Progress Philipp Walther Consultant. © 2007 Progress Software Corporation2 Agenda  SOA  Enterprise Service Bus (ESB)  The Progress SOA Portfolio.

SOA with Progress Philipp Walther Consultant. © 2007 Progress Software Corporation2 Agenda  SOA  Enterprise Service Bus (ESB)  The Progress SOA Portfolio.
MSIT 458: Information Security & Assurance By Curtis Pethley.

MSIT 458: Information Security & Assurance By Curtis Pethley.
Network Shared Services. Shared Services –Network Authentication and Authorization Services –Exchange Network Discovery Service –Universal Description.

Network Shared Services. Shared Services –Network Authentication and Authorization Services –Exchange Network Discovery Service –Universal Description.
1 IS112 – Chapter 1 Notes Computer Organization and Programming Professor Catherine Dwyer Fall 2005.

1 IS112 – Chapter 1 Notes Computer Organization and Programming Professor Catherine Dwyer Fall 2005.
V1.00 © 2009 Research In Motion Limited Introduction to Mobile Device Web Development Trainer name Date.

V1.00 © 2009 Research In Motion Limited Introduction to Mobile Device Web Development Trainer name Date.
Systems Integration & Consulting June 2009. 2 Copyright ® 2009 Ayenda Agenda Introduction to Systems Integration System Integration Challenges and Opportunities.

Systems Integration & Consulting June Copyright ® 2009 Ayenda Agenda Introduction to Systems Integration System Integration Challenges and Opportunities.
1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.

1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.
1 sm Using E-Business Solutions to Meet Management Challenges: Interoperability & Flexibility Bring Success to the Implementation of Specialized Components.

1 sm Using E-Business Solutions to Meet Management Challenges: Interoperability & Flexibility Bring Success to the Implementation of Specialized Components.

Similar presentations

Ads by Google