Layer 7 CloudSpan FAQ

Published on December 2016 | Categories: Documents | Downloads: 49 | Comments: 0 | Views: 291
of 6
Download PDF   Embed   Report

CloudSpan is Layer 7’s newest family of XML-based products specifically designed to help enterprises solve their issues around securely connecting to, deploying in, and publishing from the cloud. This FAQ addresses many of the common questions users have about CloudSpan.

Comments

Content

CLOUD SOLUTIONS FAQ

Layer 7 CloudSpan & AMI FAQ
Table of Contents
What is CloudSpan? .......................................................................................................................... 2 Is CloudSpan only available as virtual appliances?........................................................................... 2 Does CloudSpan support clustering?................................................................................................. 2 Does CloudSpan require specialized tools or skills? ......................................................................... 3 Is CloudSpan extensible? .................................................................................................................. 3 Can I publish/update policies on a live “in production” CloudSpan device? .................................... 3 Is CloudSpan upgradeable? ............................................................................................................... 3 What third-party identity products does CloudSpan support?........................................................... 4 Which protocols and standards does CloudSpan support? ................................................................ 4 How is the Layer 7 SSG AMI priced?............................................................................................... 4 What is the best practice for scaling Layer 7 AMIs?......................................................................... 4 What is the best practice for upgrading SSG AMIs? ......................................................................... 5 Can the SSG AMI utilize RightScale’s EC2 provisioning capabilities? ........................................... 5 Can the SSG AMI utilize Amazon’s Elastic Block Storage (EBS)? ................................................. 5 Are SSG AMIs public or private images? ......................................................................................... 5 Does the SSG AMI work with Amazon CloudFront? ....................................................................... 6 What performance can be expected for the SSG AMI? .................................................................... 6

FREQUENTLY ASKED QUESTIONS

What is CloudSpan?
CloudSpan is Layer 7’s newest family of XML-based products specifically designed to help enterprises solve their issues around securely connecting to, deploying in, and publishing from the cloud: • CloudSpan CloudConnect allows enterprises to safely consume SaaS and cloud-based services by providing not only secure single sign-on, but also secure, bi-directional application integration. The cloud is the new DMZ. CloudSpan CloudProtect is designed to deliver DMZ-level security in public and private clouds by providing a hardened virtual application container in which organizations can deploy their enterprise applications. CloudSpan CloudControl allows cloud-based service providers to secure, manage and publish their application APIs to partners, customers, and other third-parties using policydriven controls.





Is CloudSpan only available as virtual appliances?
CloudSpan is available in a number of different form factors in order to support multiple deployment scenarios, budgets and business requirements: • Hardware – for deployment in traditional datacenters and other high-performance environments, CloudSpan CloudConnect and CloudControl are available as a 1U 64-bit multiprocessor platform that features dual power supplies, four GE/FE NICS, and mirrored hot-swappable drives Software – for customers that prefer a do-it-yourself approach using their own hardware, CloudSpan CloudConnect and CloudControl are available for Sun Solaris 10 (supports both x86 and Niagara versions), SUSE Linux, and Red Hat Linux 4.0/5.0 Virtual Appliance for VMware – the entire CloudSpan family is available as Virtual Appliances supporting VMWare/ESX deployments and is “VM Ready” certified Amazon Machine Image – CloudSpan CloudProtect and CloudControl can be implemented using the existing SecureSpan XML Gateway AMI form factor.



• •

Does CloudSpan support clustering?
Yes, CloudSpan appliances (except the AMI) support true clustering, allowing organizations to centrally administer multiple devices in a cluster, as well as multiple clusters. CloudSpan also supports cluster-wide rate limiting, which allows organizations to meter service usage in order to take some action when a preset threshold is reached. For example, Telco’s that meter usage of cellular SMS services can use CloudSpan to block access to the service when the customer’s contractual quota is exceeded. Because the clustered devices maintain and update a shared counter, metering is always accurate. This capability also allows SecureSpan to provide effective protection against replay attacks.

January 4, 2011

This document is being provided for informational purposes only. The information presented is accurate at the time of publication, but is subject to change.

Page 2 of 6

FREQUENTLY ASKED QUESTIONS Does CloudSpan require specialized tools or skills?
CloudSpan includes an intuitive, graphical policy editor and composer (Layer 7 Policy Manager), allowing anyone with basic scripting skills to create as simple or as complex a policy as required. No knowledge of XSLT or other complex programming language is required. More than 70 pre-made policy assertions are provided out of the box to help you get started. • • • Compose inheritable policy statements Branch policy execution based on logical conditions, message content, externally retrieved data or transaction specific environment variables Create service and operation-level policies using inheritance, simplifying administration

Is CloudSpan extensible?
CloudSpan offers a Custom Policy Assertion SDK, which gives developers the ability to extend the rich palette of Layer 7 policy assertions in order to customize the out-of-the-box functionality to their specific requirements. Custom assertions can be created for proprietary message processing, pattern recognition and filtering, as well as interfacing to third-party products, such as identity management infrastructure, network monitoring applications, or anti-virus systems – all without requiring an application server to run the custom code. Using Java, programmers can create a Layer 7-compatible .jar file that includes all required code and/or interfaces to third-party APIs. Uploading the .jar file to CloudSpan will make it available for use within the policy editor and composer as a policy assertion, which can then be incorporated into both new and existing polices as required.

Can I publish/update policies on a live “in production” CloudSpan device?
Yes, while it’s not recommended that new policies be created and implemented on a production version of CloudSpan, it is possible to do so: the next message processed by CloudSpan will be subject to the new/updated policy. The recommended practice is to migrate a tested policy from a QA/test environment to the production CloudSpan device, and then publish it live. In either case, there’s no need to bring down and restart the system to implement new/updated policies.

Is CloudSpan upgradeable?
CloudSpan provides maintenance releases as packaged software updates, and major releases as packaged migration upgrades. Both updates and upgrades can be implemented without requiring professional services; can be implemented remotely on soft appliances; and can be rolled back, if necessary. Customers that purchase software or VMware versions of the CloudSpan appliance and remain current on their Support and Maintenance are entitled to soft appliance upgrades at no charge For those customers that remain current on their Support and Maintenance, Layer 7 will refresh their hardware platform when it becomes EOL for a nominal fee. Customers are entitled to retain their old appliance hardware – there is no need to return it to Layer 7.

January 4, 2011

This document is being provided for informational purposes only. The information presented is accurate at the time of publication, but is subject to change.

Page 3 of 6

FREQUENTLY ASKED QUESTIONS What third-party identity products does CloudSpan support?
CloudSpan supports integration with leading identity, access, SSO and federation systems, including LDAP, Microsoft Active Directory/Federated Services, Oracle Access Manager, IBM Tivoli (TAM and TFIM), CA SiteMinder, Sun Java Access Manager and Novell Access Manager.

Which protocols and standards does CloudSpan support?
CloudSpan supports most common Web services/Web 2.0 and PKI standards, as well as a number of transport and security protocols, including: XML 1.0 FIPS 140-2 Level 3 SNMP SMTP POP3 WS-Trust 1.0 WS-Policy WS-I WSDL 1.1 3.0 XPath 1.0 PKCS #10 SOAP 1.2 Kerberos IMAP4 HTTP/HTTPS JMS 1.0 WS-Federation WS-SecurityPolicy WSIL XACML 2.0 XSLT 1.0 REST W3C XML Signature 1.0 W3C XML Encryption 1.0 X.509 v3 Certificates SSL/TLS 1.1 / 3.0 WS-Addressing WS-MetadataExchange WS-SecureExchange SAML 1.1/2.0 UDDI AJAX MQ Series Tibco EMS FTP WS-Security 1.1 WSSecureConversation WS-PolicyAttachment WS-I BSP XML Schema LDAP 3.0

How is the Layer 7 SSG AMI priced?
The Layer 7 SecureSpan XML Networking Gateway Amazon Machine Image (SSG AMI) is available for purchase under a number of models, including: Perpetual License – customers who have purchased a SecureSpan XML Networking Gateway or CloudSpan license can opt to run that license on Amazon Web Services Elastic Cloud Compute (AWS EC2) employing the Layer 7 XML Networking Gateway AMI.* Lease/Rent – customers can pay a set monthly fee to Layer 7 for the right to use the SSG AMI.* Utility Pricing – customers can also “pay as you go” based on the size of the instance (i.e., # of CPU equivalents) and the number of hours run.*
*Costs associated with CPU usage, storage, data transfer, etc charged by Amazon would be an additional cost to the customer.

What is the best practice for scaling Layer 7 AMIs?
AWS supports both scaling up (running on a single, larger instance that has more computing resources) and scaling out (adding more instances). Scaling up makes sense for applications that have a steady workload with little variance over a typical day or week. Scaling out makes more sense for applications whose workload varies on an hourly or daily basis.

January 4, 2011

This document is being provided for informational purposes only. The information presented is accurate at the time of publication, but is subject to change.

Page 4 of 6

FREQUENTLY ASKED QUESTIONS
For fail-over purposes, as well as the ability to take advantage of EC2’s Auto Scaling capabilities to handle performance spikes, Layer 7 recommends scaling out. Best practices for scaling out involves creating a reserved instance for each AMI to be run. Reserved instances require a one-time, upfront payment per instance in exchange for which: • Time to availability is almost instantaneous (compared to on demand instances, which can introduce a significant lag as resources are spun up) Configuration data is preserved (the image can be preconfigured and is essentially left on stand-by ready for use; on demand instances need to be configured as they come online) Static IP addresses are assigned (on demand instances have randomly assigned IP addresses, introducing configuration overhead)





What is the best practice for upgrading SSG AMIs?
There are two approaches that customers can choose between depending on their own, internal, IT best practices: • Recommended: customers can choose to spin up the latest SSG AMI registered in the AWS EC2 catalog, and then just export policies from their existing AMI and import their policies into the new AMI. o Pros: smoother cutover between old/new SSG AMI o Cons: customers will need to configure the new SSG AMI Alternative: customers can also choose to apply the RPM patch that Layer 7 makes available for upgrade purposes to their existing SSG AMI. o Pros: No need to reconfigure the SSG AMI o Cons: Need to offline the SSG AMI while the RPM is being applied



Can the SSG AMI utilize RightScale’s EC2 provisioning capabilities?
Layer 7 has been working closely with RightScale to create an Amazon Machine Image that can automate much of the provisioning and configuration details customers currently must perform manually. This functionality is currently undergoing testing and is not yet widely available.

Can the SSG AMI utilize Amazon’s Elastic Block Storage (EBS)?
Currently, the SSG AMI does not take advantage of EBS. However, it does support Amazon’s Relational Data Store (RDS), which can be utilized instead of the SSG’s MySQL database in order to provide for greater reliability (RDS can be used to persist data even if the SSG AMI goes down); enhanced performance (RDS elastically scales in a seamless manner as load/demand increase); and backup (storing configuration files in RDS simplifies recovery).

Are SSG AMIs public or private images?
Public images are AMIs that vendors have made available to the general public. They tend to be Commercial Off-The-Shelf (COTS) resources that customers can purchase/lease/rent, and then tailor to their specific needs. For example, the SSG AMI is a public image, generally available for any customer to purchase from the AWS EC2 catalog.

January 4, 2011

This document is being provided for informational purposes only. The information presented is accurate at the time of publication, but is subject to change.

Page 5 of 6

FREQUENTLY ASKED QUESTIONS
Private images are AMIs that customers have purchased/leased/rented from a vendor in the AWS EC2 catalog and then secured for their own use using Amazon’s key pair technology, which ensures against unauthorized usage.

Does the SSG AMI work with Amazon CloudFront?
Yes, customers can utilize Amazon’s CloudFront capabilities in conjunction with the SSG AMI. CloudFront provides customers with load balancing, firewalling and IaaS management capabilities which can be used to ensure the SSG AMI (and associated services) are properly utilizing EC2 resources. Customers may also want to purchase the Layer 7 Enterprise Service Manager (ESM), which allows them to manage and track/report on the performance of each SSG AMI, as well as each individual service being proxied.

What performance can be expected for the SSG AMI?
XML processing performance will vary depending on the resources dedicated to the SSG AMI. AWS EC2 offers a number of different instance sizes that come with a preset, base amount of standard computing resources:
Size Small Large Extra Large Double Extra Large Quadruple Extra Large CPU Equivalents 1 (1 virtual core with 1 EC2 Compute Unit) 4 (2 virtual cores with 2 EC2 Compute Units each) 8 (4 virtual cores with 2 EC2 Compute Units each) 13 (4 virtual cores with 3.25 EC2 Compute Units each) 26 (8 virtual cores with 3.25 EC2 Compute Units each) Memory 1.7GB 7.5GB 15GB 34.2GB 68.4GB Platform 32-bit 64-bit 64-bit 64-bit 64-bit

The following graph shows SSG AMI XML processing performance for 1KB and 10KB messages on AWS EC2’s “small” instance:

Requests/sec

Message Size

In general, the larger the instance size, the better the performance will be (all other factors being equal).

January 4, 2011

This document is being provided for informational purposes only. The information presented is accurate at the time of publication, but is subject to change.

Page 6 of 6

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close