Oracle Service Bus Appliance
The Oracle Service Bus Appliance
offers:
Quick & Easy Deployment
OSB Appliance is a turn-key, pre-
integrated device designed to be
installable out of the box – just rack
it, assign an IP address, and let the
appliance configure itself to run on
your network, dramatically
decreasing time to deploy.
DMZ-class Security
With support for all major WS* and
WS-I security protocols, as well as
the ability to define and enforce
identity-driven security policies, OSB
Appliance provides a single, secure
point of entry to enterprise services.
Extreme XML Processing
OSB Appliance provides hardware-
based acceleration for XML message
processing at the edge of the
network, allowing organizations to
optimize network performance.
To learn more about Layer 7 and
how it can address your
organization’s SOA and Web services
needs, call 1-800-681-9377 (toll
free within North America) or
+1.604.681.9377
Copyright © 2010 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.
Secure, Easy to Deploy ESB Appliance from Layer 7 & Oracle
The DMZ-ready, pre-configured Oracle Service Bus Appliance offers extreme
XML performance and reduced administration costs
OSB in the DMZ
Organizations trying to deploy middleware products in the DMZ often face significant
resistance from their operations department due to the cost and risks associated with
testing and certifying DMZ solutions. For SOA-based environments, that means forged and
malicious XML messages, as well as other XML-based threats could potentially penetrate the
enterprise perimeter, posing a security risk to an organization’s most vulnerable computing
resources.
The Oracle Service Bus (OSB) Appliance combines the power and performance of an
appliance-based approach with Layer 7’s recognized leadership in XML security and
acceleration to create an integrated solution that can dramatically reduce the effort to
create a DMZ-ready implementation of OSB:
• Simple configuration – comes pre-configured and pre-integrated, ready to deploy
• Easy deployment – just install it in the rack; connect the power and network
cable(s); assign an IP address, and turn the appliance on
• DMZ-class security – a rich set of security capabilities to secure and govern XML
and Web services transactions at the enterprise perimeter on a hardened gateway
• Extreme XML performance – hardware-accelerated XML message processing of key
SOA processing bottlenecks, such as schema validation and transformations
Deployed on a multi-core, 1U Sun server that features active-active clustering, dual power
supplies, mirrored hot-swappable drives and optional Federal Information Processing
Standards (FIPS) 140-2 level 3 compliant Hardware Security Module (HSM), OSB Appliance
provides a quick, cost-effective solution for DMZ conformance.
Integrated Solution
The Oracle Service Bus Appliance offers an integrated solution, combining the Layer 7
SecureSpan XML Gateway’s best-of-breed XML security and acceleration with the market-
leading mediation, virtualization and adaptive connectivity of Oracle Service Bus (OSB) – all
in an easy to configure and deploy appliance form factor that can reduce SOA cost and
complexity, as well as provide faster time to market for a wide range of SOA projects, such
as:
• Cross-domain Information Sharing: provide secure, flexible transports and
messaging in order to share privileged information between multiple identity
domains
• Extranet Service Exchange: Simplify the construction of commercial extranet
services allowing customers and trading partners to conduct secure, private
transactions
• And for any project in which power consumption and physical space are limited
Key Features
Oracle Support
Oracle Internet Directory
Oracle Access Manager
Oracle Web Services
Manager
Oracle Registry
Identity and Message Level Security
Identity-based access to
services and operations
Manage security for
cross-domain and B2B
relationships
Enforce WS* and WS-I
standards
Secure WSDL, REST and
POX interfaces
Audit transactions
Cryptography
Threat Protection
Filter XML content for
SOA, Web 2.0 and Cloud
Transactional Integrity
Protection
Prevent XML attack and
intrusion
XML Acceleration
Accelerated XML
processing
Hardware SSL
Copyright © 2010 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.
• Offload authentication to Oracle Internet Directory
• Offload authentication decisions to Oracle Access Manager (OAM)
• Interoperate with Oracle Web Services Manager (OWSM)
• Lookup service interfaces from Oracle Registry
• Integration with leading identity, access, SSO and federation systems from
Oracle, Sun, Microsoft, CA, IBM Tivoli, Novell
• Enforce fine-grained entitlement decisions authored in an XACML PDP
• Credential chaining, credential remapping and support for federated identity
• Integrated SAML STS issuer featuring comprehensive support for SAML 1.1/2.0
authentication, authorization and attribute based policies
• Integrated PKI CA for automated deployment and management of client-side
certificates, and integrated RA for external CAs
• STS support through WS-Trust and WS-Federation
• Support for all major WS* and WS-I security protocols, including SOAP
1.0/1.1/1.2, WS-Security 1.1 / 1.2, WS-SecureConversation, WS-SecurityPolicy,
WS-Addressing, WS-Trust, WS-Federation, WS-Secure Exchange, WS-Policy and
WS-I Basic Security Profile, SAML 1.1/2.0, XACML 2.0
• Selectively control access to interfaces down to an operation level
• Create on-the-fly composite WSDL views tailored to specific requestors
• Support for popular Cloud and SaaS interfaces from Amazon and Salesforce
• Service look-up and publications using WSIL and UDDI
• Log message-level transaction information
• Spool log data to off-board data stores and management systems
• Optional onboard HSM, as well as support for external HSMs (i.e., SafeNet)
• Support for elliptic curve cryptography (conforms to NSA’s Suite B algorithms)
• FIPS 140-2 support in both hardware (Level 3) and software (Level 1)
• Configurable validation & filtering of HTTP headers, parameters and form data
• Detection of classified or “dirty” words or arbitrary signatures with subsequent
scrubbing, rejection or redaction of messages
• Support for XML, SOAP, POX, AJAX, REST and other XML-based services
• Protect against identity spoofing and session hijacking cluster-wide
• Assure integrity of communication end-to-end
• Protect against XML parsing; XDoS and OS attacks; SQL and malicious scripting
language injection attacks; external entity attacks
• Protection against XML content tampering and viruses in SOAP attachments
• DoD STIG vulnerability tested and assured
• High speed message transformations based on internal or external XSLT
• High speed message validation against predefined external schema
• High speed message searching, element detection and content comparisons
• Offload SSL operations to hardware
Traffic Management
Throttling • Granular rate limiting and traffic shaping based on number of requests or service
availability across a cluster
Cluster-wide counters • Persist message counters across clusters so that rate limiting and traffic shaping
can be strictly enforced in high availability configurations
CoS for XML • Prioritize XML traffic based on Class of Service/Quality of Service preferences
Service availability mgmt • Manage routing to back-end services based on availability/latency performance
Policy Lifecycle
WS-Policy-based • Compose inheritable policy statements from 70+ atomic policy assertions
graphical policy editor & • Branch policy execution based on logical conditions, message content, externally
composer retrieved data or transaction specific environment variables
• Publish policies to popular registries for lifecycle management
• Service and operation level policies with inheritance for simplified administration
• Policy lifecycle and migration management across development, test, staging and
production, as well as geographically distributed data centers
• API-level access to administration
• SDK-level policy creation for simplified policy customization
On-the-fly policy changes • Polices can be updated live across clusters with no downtime required
Create custom policies • Policy SDK allows for custom policy assertion creation using Java
Enterprise-scale Management
Operations Console • A single, real time view of all Gateways across the enterprise and cloud showing
audits, events and key metrics
Policy Migration • Centrally move policies between environments (development, testing, staging,
production, etc), settings (enterprise, cloud, etc) or geographies, automatically
resolving discrepancies such as SSG licenses, IP addresses, IT resources (i.e.,
LDAPs may be named differently), etc
Services Reporting • Configurable, out-of-the-box reports provide insight into SSG operations,
service-level performance, and service user experience
Remote Patching • Selectively update any software installed on Gateways, including system files
and operating system
Disaster Recovery • Centrally back up SSG config files and policies from one or more
Gateways/clusters, and remotely restore, enabling full disaster recovery
Management API • Remote management APIs allow customers to hook their existing, third-party
management tools into the SSG, simplifying asset management
Form Factors
Hardware • Active-active clusterable, dual power supply, mirrored hot-swappable drives,
two-way dual-core 1U server from Sun
Supported Standards
XML 1.0, SOAP 1.2, REST, AJAX, XPath 1.0, XSLT 1.0, WSDL 1.1, XML Schema, LDAP 3.0, SAML 1.1/2.0, PKCS #10,
X.509 v3 Certificates, FIPS 140-2, Kerberos, W3C XML Signature 1.0, W3C XML Encryption 1.0, SSL/TLS 1.1 / 3.0,
SNMP, SMTP, POP3, IMAP4, HTTP/HTTPS, JMS 1.0, MQ Series, Tibco EMS, FTP, WS-Security 1.1, WS-Trust 1.0, WS-
Federation, WS-Addressing, WS-SecureConversation, WS-MetadataExchange, WS-Policy, WS-SecurityPolicy, WS-
PolicyAttachment, WS-SecureExchange, WSIL, WS-I, WS-I BSP, UDDI 3.0, XACML 2.0, MTOM

To learn more about how Layer 7 can address your needs, call us today at +1 800.681.9377 (toll free
within North America) or +1.604.681.9377or visit us at www.layer7tech.com.

Copyright © 2010 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.