The Cisco® ACE XML Gateway (Figure 1) is a key component of the Cisco Application Control Engine (ACE) family of products. It brings application intelligence into the network and enables efficient deployment of secure, reliable, and accelerated Extensible Markup Language (XML) applications and Web services. These state-of-the-art features now enable the intelligent network to support service-oriented architecture (SOA) implemented using Web services technologies and to accelerate, secure, and scale XML applications.
As the common, standards-based, framework for exposing business resources, XML applications and Web services simplify information accessibility and integration but with the cost of computationally intensive XML processing and the potential introduction of new threats and vulnerabilities.
By allowing autoprovisioning of Web services from Universal Description Discovery and Integration (UDDI) registry and application servers, and by providing transport and message-level security for XML -based network traffic, the Cisco ACE XML Gateway greatly facilitates secure deployment of XML applications and Web services. By offloading nonbusiness, computationally intensive operations directly to the network infrastructure, Cisco ACE XML Gateway enables a shared-service environment, reduces end-to-end latency, and enables business services to scale to meet capacity imperatives while improving server utilization.
XML-based services require outstanding throughput to support today's complex integrated application systems. The Cisco ACE XML Gateway delivers industry-leading performance exceeding 30,000 transactions per second (TPS). All-in-memory processing and store-and-forward processing modes help ensure that XML messages of all sizes can be processed without compromising security, interoperability, or system reliability. The result is exceptionally secure, efficient, and flexible XML message processing performance, end to end. The dramatic performance improvements afforded by the Cisco appliance helps eliminate the barriers to deployment of Web services.
Figure 1. Cisco ACE XML Gateway
Optimization of the performance of XML applications and Web services requires the capability to deliver assured throughput, high concurrency, low latency, and support for critical operations such as security and availability. Cisco ACE XML Gateway solution offers these benefits:
• Fast implementation with minimal disruption to existing application services
• Quick start with transparent expansion to accommodate increased capacity requirements
• Fast path to return on investment (ROI) through improved server utilization, reduced application and service latency, and improved IT productivity
The Cisco ACE XML Gateway offers the industry-leading Cisco XML message processing function on a high-performance network appliance to accommodate your development and deployment requirements. Whether you are showing proof of concept, implementing a small set of Web services, or deploying a broad set of enterprisewide, mission-critical services, Cisco provides the industry-leading XML application acceleration solution that scales to meet your network infrastructure availability and performance requirements.
Features and Benefits
• Reduces service latency and improves the user experience and server utilization by implementing a high-performance, highly parallel event-driven architecture
• Manages unpredictable service outages and usage by enabling a shared, scalable infrastructure that actively enforces service latency agreements
• Implements consistent security and XML message processing policies for enterprisewide Web services
Figure 2 shows a typical deployment, and Table 1 summarizes the features and benefits of the Cisco ACE XML Gateway.
Figure 2. Cisco ACE XML Gateway Deployment
Table 1. Features and Benefits
Feature
Benefit
Threat mitigation
• Defends against XML threats
• Protects against identity, content-based, personnel, response compliance, message transport, and XML denial-of-service (XDoS) attacks
• Cost-effectively enforces XML schema at runtime and prevents structural attacks
Access control and privacy
• Exerts comprehensive, enterprisewide, policy control for service access and data privacy
• Provides native integration with commercial directory and identity systems such as Lightweight Directory Access Protocol (LDAP), Kerberos and Microsoft Active Directory, CA Netegrity, and IBM Tivoli Access Manager
Encryption and signing
• Secures access to applications while maintaining message integrity and confidentiality
• Provides full FIPS-compliance, protecting against Secure Sockets Layer (SSL) key hijacking by persistently storing private SSL keys in the platform hardware
Policy-based provisioning and versioning
• Increases developer productivity and improves deployment flexibility with sophisticated rollback and versioning capabilities
• Provides enterprisewide management accessible anywhere on the network through the Web GUI or Secure Shell (SSH) interface
• Enables configuration of security, integration, and routing policies in one centralized policy management system, without programming
• Autodiscovers Web services to simplify policy definition and enforcement
• Uses unique 4Way policy configuration to define policies and bridge protocols at all points in the request-response process
Acceleration and offloading
• Accelerates XML application processing and improves server utilization by offloading computationally intensive operations
• Frees as much as 90 percent of server resources, offloading processing-intensive operations
• Allows upgrades with future performance enhancements without requiring new hardware
Virtualization and load balancing
• Scales XML applications and Web services easily and prevents service disruption by decoupling service consumers and providers
• Abstracts the business logic in XML-based services from the standards, transport and authentication protocols, and data semantics used across different internal systems and by different business partners
• Creates and maintains multiple Web service instances appropriate for different consumers and Web service versions
Routing
• Dynamically routes to valuable XML resources based on content and context of XML messages
• Determines the destination of XML messages based on user-defined content and policies, including payload, envelope, and specific XML Path Language (XPath)
Monitoring
• Quickly debugs and monitors Web services using sophisticated GUI
Audit and logging
• Meets compliance requirements with audit and nonrepudiation capabilities
Bridging and transformation with extensibility software development kit (SDK)
• Switches and bridges XML messages across data, transport, credentials, and security standards
• Enables transformation between XML and non-XML messages and standards
• Extends XML transformations and customization of XML message processing using the Cisco ACE XML Gateway SDK
Product Specifications
Table 2 provides software specifications, and Table 3 provides hardware specifications for the Cisco ACE XML Gateway.
Table 2. Product Specifications: Cisco ACE XML Gateway Software
Item
Specification
Standards
• Simple Object Access Protocol (SOAP) 1.1 and 1.2
• SOAP With Attachment (SWA) 1.1
• Web Services Description Language (WSDL) 1.1
• XPath
• E-business XML (ebXML)
• Representational State Transfer (REST)
• Extensible Stylesheet Language Transformation (XSLT) 1.0
• Web Services Addressing (WS-Addressing)
Transport
• HTTP and HTTPS
• Java Message Service (JMS)
• IBM WebSphere MQ
• TIBCO RMS and EMS
• User Datagram Protocol (UDP)
• TCP
• IP Multicast
Security
• WS-Security 1.0 and 1.1
• Security Assertion Markup Language (SAML) 1.0 and 2.0
• XML Encryption and XML Digital Signature
• XML Schema and Document Type Definition (DTD)
• SSL 2.0 and 3.0
• Transport Layer Security (TLS) 1.0
Cryptographic support
• Cryptographic algorithms including:
• Advanced Encryption Standard (AES)
• Data Encryption Standard (DES)
• 3DES
• Blowfish
• RSA
• Diffie-Helman
• Digital Signature Algorithm (DSA)
• Secure Hash Algorithm 1 (SHA-1) and Message-Digest 5 (MD5)
• Central policy management and distributed enforcement
• Import and export of configuration, statistics, and logs
Logging, monitoring, and auditing
• Syslog and message and event logs
• Traffic and service-level agreement (SLA) monitoring and reporting
• Statistics for monitoring and various alerts and triggers
• Audit trail of administrative operations
• Integration with third-party Web service management tools
Table 3. Product Specifications: Cisco ACE XML Gateway Hardware
Item
Specification
Chassis
Dimensions
• 1 rack unit (1RU) standard rack mount: 1.70 x 16.78 x 27.75 in. (4.32 x 42.62 x 70.49 cm)
Weight
• 37 lb (16.8 kg) fully configured (per unit, not including shipping materials)
Processor
2 Intel Dual-Core Xeon processors
Hardware accelerators
One of the following:
• 1 FIPS 140-2 Level 3-compliant 4,000 SSL TPS
• 1 non-FIPS 14,000 SSL TPS
Ports
4 Gigabit Ethernet ports plus a dedicated management Ethernet port
Memory
RAM: 2 GB (fixed)
Storage
Dual hot-swappable serial attached Small Computer System Interface (SCSI) hard disk drive (SAS HDD) with RAID (20 GB usable)
Power
Dual redundant; 700 watts (W)
Performance
More than 5000 TPS
Service and Support
Cisco Services offer a flexible suite of support services designed to help maintain high-quality network performance while controlling operational costs. The services and support programs described in Table 4, Cisco SMARTnet® Service and Software Application Support plus Upgrades (SASU), are available as part of the Cisco ACE XML Gateway Service and Support solution and are available directly from Cisco and through Cisco Certified Partners.
Table 4. Cisco SMARTnet and Software Application Service and Support Programs
Service and Support
Features
Benefits
Available directly from Cisco or through Cisco Certified Partners
• Cisco SMARTnet Service
• Cisco SASU
• Access to software updates and upgrades 24 hours a day
• Web access to technical repositories and tools
• Telephone support through the Cisco Technical Assistance Center (TAC)
• Advance replacement of hardware parts (Cisco SMARTnet Service only)
• Supplements existing staff
• Helps ensure that functions meet needs
• Mitigates risk
• Helps enable proactive or expedited problem resolution
• Lowers total cost of ownership (TCO) by using Cisco expertise and knowledge
• Helps minimize network downtime
Ordering Information
Companies can choose between two versions of the Cisco ACE XML Gateway, depending on which cryptographic processor meets their needs. One offers FIPS-compliant SSL acceleration at 4000 transactions per second (TPS), and the other is not FIPS complaint (for those companies that are not subject to FIPS regulations) and can process 14,000 TPS.
Table 5 provides ordering information for the Cisco ACE XML Gateway.
Table 5. Ordering Information
Product Options
Product Name
Part Number
Support and Services
Chassis
Cisco ACE XML Gateway Appliance
ACE-XML-K9
or
ACE-XML-NF-K9*
CON-SNT-ACEXK9
or
CON-SNT-ACEXNK9
Software
Cisco ACE XML Gateway Software
ACE-XML-SW-5.2
or
ACE-XML-SW-5.1
-
-
Cryptography
FIPS-compliant SSL acceleration
or
Non-FIPS SSL acceleration
ACE-XML-FIPS
or
ACE-XML-NONFIPS
CON-SNT-ACEXFIPS
or
CON-SNT-ACEXNFIP
Licensing
ACE XML Gateway License
or
ACE XML Manager License
ACE-XML-GATE-LIC
or
ACE-XML-MGMT-LIC
CON-SAU-ACEXGW
or
CON-SAU-ACEXMG
* Minimum software Cisco ACE XML Gateway Software Version 5.1 required
For More Information
For more information about the Cisco ACE XML Gateway, visit: http://www.cisco.com/go/ace or contact your local Cisco account representative.
