The Cisco® Application Control Engine (ACE) Extensible Markup Language (XML) Gateway is a key component of the Cisco ACE family of products. It brings application intelligence to the network and enables efficient deployment of secure, reliable, and accelerated XML applications and Web services. These state-of-the-art functions enable the intelligent network to now support Service-Oriented Architectures (SOAs) implemented using Web services technologies and to accelerate, secure, and scale XML applications.
The Cisco ACE XML Gateway enables enterprises to achieve the following primary IT objectives:
• Maximize XML application and Web services scalability by improving concurrency and reducing end-to-end latency
• Improve XML application and data center security by preventing XML-based threats and providing XML message security
• Accelerate performance of XML applications and Web services by offloading computationally intensive XML processing operations and reducing the number of expensive servers
• Improve IT professionals' productivity by reducing the amount of time needed to provision and maintain IT infrastructure
New Features
Cisco ACE XML Gateway Software Version 5.1 offers these new features, summarized in Table 1:
• Performance monitor enhancements
• Traffic monitor graphs
• Extended Reactor XML processor support
• Cavium Secure Sockets Layer (SSL) accelerator support
• Multiple cluster management using the Cisco ACE XML Manager
• Scalability enhancements in the policy object model
• Web Services Addressing (WS-Addressing) routing and processing
• Remote Extensible Stylesheet Language Transformation (XSLT) resource and dynamic XSLT selection
• Windows NT LAN Manager (NTLM) back-end authentication
• Universal Description, Discovery, and Integration (UDDI) Version 3 Web Services Description Language (WSDL) change subscriptions
Table 1. New Features in Cisco ACE XML Gateway Software Version 5.1
Feature
Description
Benefit
Performance Monitor Enhancements
• This release provides the following performance monitoring enhancements:
• Increased granularity of performance statistics, with rich time-based reports from various points in the message processing cycle
• Consumer identity-based performance and use reports
• File export of performance statistics
• Performance statistics reporting by the reactor XML processor
• Greater flexibility for filtering data by time, with the added capability to test performance since a specified time (since 3:00 p.m. Monday, for example)
• Variety of reports and statistics for controlled services results in better operations and capacity planning for services secured by Cisco ACE XML Gateway
Traffic Monitor Graphs
• Fully configurable traffic monitor graphs allow you to display information of importance to you, in the order in which you want to see it.
• View service activity for a particular time range.
• View dynamically updated graphs with the most recent activity displayed on the left side of the graph.
• Traffic monitor graphs present dynamic information about performance, service use, and errors and improve operational visibility
Extended Reactor Processor Support
• This release extends reactor support with these additional features:
• Support for WS-Security
• Using credential caching, provides support for service traffic that is authenticated by mechanisms not usually supported
• High-performance support of access control scenarios using event-driven, parallel processing Reactor XML processor technology
Cavium SSL Accelerator Support
This release adds support for the Cavium Nitrox XL Accelerator card.
• Support for high-performance SSL and crypto operations where Federal Information Processing Standards (FIPS) support is not required
Multiple Cluster Management Using the Cisco ACE XML Manager
This release extends the capabilities of the Cisco ACE XML Manager so that it can administer multiple clusters of Cisco ACE XML Gateway appliances. Each cluster can apply a different version of a policy or a completely different policy.
• Capability to centrally administer a federated cluster from a single Cisco ACE XML Manager console, improving operation and administration productivity
Scalability Enhancements in the Policy-Object Model
• A service definition encapsulates settings for an external service exposed through the Cisco ACE XML Gateway.
• For Simple Object Access Protocol (SOAP) document services, service proxies can now contain multiple operations. Changes across related operations can be applied in a single location.
• Better management of service definition and improved operation productivity through application of policy changes across related operations
WS-Addressing Routing and Processing
• This release extends WS-Addressing support in the Cisco ACE XML Gateway in several ways:
• Enhanced header processing options: The Cisco ACE XML Gateway can consume incoming requests with WS-Addressing headers or rewrite the header value with information appropriate for the destination of the request, as determined by the route.
• Dynamic service routing based on the contents of the WS-Addressing header: The Cisco ACE XML Gateway can forward the request to a back-end service specified in the header. The back-end server does not need to be configured in the policy; its selection can be completely dynamic.
• Capability to dynamically route messages between service endpoints using WS-Addressing headers, allowing businesses to adapt to changes quickly and maximize use of service hosts
PUT and DELETE HTTP Method Support
• This release extends support for Representational State Transfer (REST)-based applications by supporting incoming HTTP requests that use the PUT and DELETE HTTP methods.
• Improved support for simple service consumers that use REST-style interaction
MTOM Attachment Handling
• The Cisco ACE XML Gateway provides additional support for acceptance of messages with MTOM attachments. With Multipurpose Internet Mail Extensions (MIME) and Direct Internet Message Encapsulation (DIME) attachments enabled in a service definition, the Cisco ACE XML Gateway also accepts attachments in MTOM-encoded format. MTOM error handling from back-end services now conforms to MTOM client requirements.
• Improved support for service consumers that use MTOM
Remote XSLT Resource and Dynamic XSLT Selection
• With dynamic XSLT selection, a remote server uses a key passed by the Cisco ACE XML Gateway to determine which XSLT to serve to the gateway for use in transforming the message.
• Remote XSLT retrieval, enabling highly dynamic customization of response presentation: an XSLT can be added or changed without having to change or deploy Cisco ACE XML Gateway policy
NTLM Back-end Authentication
• This release extends back-end credential generation support to include credentials in NTLM format.
• Improved support for security credentials for services providers that use NTLM
UDDIv3 WSDL Change Subscriptions
• With UDDI subscriptions enabled, when the source WSDL changes, a notice of the change appears in the Cisco ACE XML Manager interface. The source UDDI registry must be a registry that supports UDDI subscriptions (UDDIv3).
• Improved productivity and fewer errors because changes to service interfaces remain synchronized between policy design and enforcement points
Availability
The product is now orderable.
Ordering Information
Table 2 provides ordering information for the Cisco ACE XML Gateway.
Companies can choose between two versions of the ACE XML Gateway, depending on which cryptographic processor meets their needs. One offers FIPS compliant SSL acceleration at 4,000 transactions per second (TPS), while the other is Non-FIPS complaint (for those companies that aren't subject to FIPS regulations) and can process 14,000 TPS.
Table 2. Ordering Information
Product Options
Product Name
Part Number
Support and Services
Chassis
• ACE XML Gateway Appliance
• ACE-XML-K9
or
• ACE-XML-NF-K9*
• CON-SNT-ACEXK9
or
• CON-SNT-ACEXNK9
Software Options
• ACE XML Gateway Software
• ACE-XML-SW-5.1
or
• ACE-XML-SW-5.0
• N/A
• N/A
Crypto Options
• FIPS compliant SSL acceleration
or
• Non-FIPS SSL acceleration
• ACE-XML-FIPS
or
• ACE-XML-NONFIPS
• CON-SNT-ACEXFIPS
or
• CON-SNT-ACEXNFIP
Licensing Option
• ACE XML Gateway: License
or
• ACE XML Manager: License
• ACE-XML-GATE-LIC
or
• ACE-XML-MGMT-LIC
• CON-SAU-ACEXGW
or
• CON-SAU-ACEXMG
* Minimum 5.1 software version required
Service and Support
Cisco offers a flexible suite of support services to help maintain high-quality network performance while controlling operational costs. The services and support programs described in Table 3 (Cisco SMARTnet® and Software Application Support plus Upgrades ) are available as part of the Cisco ACE XML Gateway Service and Support solution and can be obtained directly from Cisco and from Cisco Certified Partners.
Table 3. Cisco SMARTnet and Software Application Service and Support Programs
Service and Support
Features
Benefits
Available directly from Cisco or from Cisco Certified Partners:
• Cisco SMARTnet service
• Cisco SASU
• Access to software updates and upgrades 24 hours a day
• Web access to technical repositories and tools
• Telephone support through the Cisco Technical Assistance Center (TAC)
• Advance replacement of hardware parts (Cisco SMARTnet only)
• Supplements existing staff
• Helps ensure that functions meet needs
• Mitigates risk
• Helps enable proactive or expedited issue resolution
• Lowers total cost of ownership (TCO) through the use of Cisco expertise and knowledge
• Helps minimize network downtime
For More Information
For more information about the Cisco ACE XML Gateway, visit http://www.cisco.com/go/ace or contact your local Cisco account representative.
