You are on page 1of 3

Oracle Service Bus Appliance

The Oracle Service Bus Appliance Secure, Easy to Deploy ESB Appliance from Layer 7 & Oracle
The DMZ-ready, pre-configured Oracle Service Bus Appliance offers extreme
Quick & Easy Deployment
XML performance and reduced administration costs
OSB Appliance is a turn-key, pre-
integrated device designed to be
installable out of the box – just rack OSB in the DMZ
it, assign an IP address, and let the Organizations trying to deploy middleware products in the DMZ often face significant
appliance configure itself to run on resistance from their operations department due to the cost and risks associated with
your network, dramatically testing and certifying DMZ solutions. For SOA-based environments, that means forged and
decreasing time to deploy. malicious XML messages, as well as other XML-based threats could potentially penetrate the
enterprise perimeter, posing a security risk to an organization’s most vulnerable computing
DMZ-class Security resources.
With support for all major WS* and
WS-I security protocols, as well as The Oracle Service Bus (OSB) Appliance combines the power and performance of an
the ability to define and enforce appliance-based approach with Layer 7’s recognized leadership in XML security and
identity-driven security policies, OSB acceleration to create an integrated solution that can dramatically reduce the effort to
Appliance provides a single, secure create a DMZ-ready implementation of OSB:
point of entry to enterprise services.
• Simple configuration – comes pre-configured and pre-integrated, ready to deploy
Extreme XML Processing • Easy deployment – just install it in the rack; connect the power and network
OSB Appliance provides hardware- cable(s); assign an IP address, and turn the appliance on
based acceleration for XML message
processing at the edge of the • DMZ-class security – a rich set of security capabilities to secure and govern XML
network, allowing organizations to and Web services transactions at the enterprise perimeter on a hardened gateway
optimize network performance. • Extreme XML performance – hardware-accelerated XML message processing of key
SOA processing bottlenecks, such as schema validation and transformations

To learn more about Layer 7 and Deployed on a multi-core, 1U Sun server that features active-active clustering, dual power
how it can address your supplies, mirrored hot-swappable drives and optional Federal Information Processing
organization’s SOA and Web services Standards (FIPS) 140-2 level 3 compliant Hardware Security Module (HSM), OSB Appliance
needs, call 1-800-681-9377 (toll provides a quick, cost-effective solution for DMZ conformance.
free within North America) or
+1.604.681.9377 Integrated Solution
The Oracle Service Bus Appliance offers an integrated solution, combining the Layer 7
SecureSpan XML Gateway’s best-of-breed XML security and acceleration with the market-
leading mediation, virtualization and adaptive connectivity of Oracle Service Bus (OSB) – all
in an easy to configure and deploy appliance form factor that can reduce SOA cost and
complexity, as well as provide faster time to market for a wide range of SOA projects, such
• Cross-domain Information Sharing: provide secure, flexible transports and
messaging in order to share privileged information between multiple identity
• Extranet Service Exchange: Simplify the construction of commercial extranet
services allowing customers and trading partners to conduct secure, private
• And for any project in which power consumption and physical space are limited

Copyright © 2010 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.
Key Features
Oracle Support
Oracle Internet Directory • Offload authentication to Oracle Internet Directory
Oracle Access Manager • Offload authentication decisions to Oracle Access Manager (OAM)
Oracle Web Services • Interoperate with Oracle Web Services Manager (OWSM)
Oracle Registry • Lookup service interfaces from Oracle Registry
Identity and Message Level Security
Identity-based access to • Integration with leading identity, access, SSO and federation systems from
services and operations Oracle, Sun, Microsoft, CA, IBM Tivoli, Novell
• Enforce fine-grained entitlement decisions authored in an XACML PDP
Manage security for • Credential chaining, credential remapping and support for federated identity
cross-domain and B2B • Integrated SAML STS issuer featuring comprehensive support for SAML 1.1/2.0
relationships authentication, authorization and attribute based policies
• Integrated PKI CA for automated deployment and management of client-side
certificates, and integrated RA for external CAs
• STS support through WS-Trust and WS-Federation
Enforce WS* and WS-I • Support for all major WS* and WS-I security protocols, including SOAP
standards 1.0/1.1/1.2, WS-Security 1.1 / 1.2, WS-SecureConversation, WS-SecurityPolicy,
WS-Addressing, WS-Trust, WS-Federation, WS-Secure Exchange, WS-Policy and
WS-I Basic Security Profile, SAML 1.1/2.0, XACML 2.0
Secure WSDL, REST and • Selectively control access to interfaces down to an operation level
POX interfaces • Create on-the-fly composite WSDL views tailored to specific requestors
• Support for popular Cloud and SaaS interfaces from Amazon and Salesforce
• Service look-up and publications using WSIL and UDDI
Audit transactions • Log message-level transaction information
• Spool log data to off-board data stores and management systems
Cryptography • Optional onboard HSM, as well as support for external HSMs (i.e., SafeNet)
• Support for elliptic curve cryptography (conforms to NSA’s Suite B algorithms)
• FIPS 140-2 support in both hardware (Level 3) and software (Level 1)
Threat Protection
Filter XML content for • Configurable validation & filtering of HTTP headers, parameters and form data
SOA, Web 2.0 and Cloud • Detection of classified or “dirty” words or arbitrary signatures with subsequent
scrubbing, rejection or redaction of messages
• Support for XML, SOAP, POX, AJAX, REST and other XML-based services
Transactional Integrity • Protect against identity spoofing and session hijacking cluster-wide
Protection • Assure integrity of communication end-to-end
Prevent XML attack and • Protect against XML parsing; XDoS and OS attacks; SQL and malicious scripting
intrusion language injection attacks; external entity attacks
• Protection against XML content tampering and viruses in SOAP attachments
• DoD STIG vulnerability tested and assured
XML Acceleration
Accelerated XML • High speed message transformations based on internal or external XSLT
processing • High speed message validation against predefined external schema
• High speed message searching, element detection and content comparisons
Hardware SSL • Offload SSL operations to hardware

Copyright © 2010 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.
Traffic Management
Throttling • Granular rate limiting and traffic shaping based on number of requests or service
availability across a cluster
Cluster-wide counters • Persist message counters across clusters so that rate limiting and traffic shaping
can be strictly enforced in high availability configurations
CoS for XML • Prioritize XML traffic based on Class of Service/Quality of Service preferences
Service availability mgmt • Manage routing to back-end services based on availability/latency performance
Policy Lifecycle
WS-Policy-based • Compose inheritable policy statements from 70+ atomic policy assertions
graphical policy editor & • Branch policy execution based on logical conditions, message content, externally
composer retrieved data or transaction specific environment variables
• Publish policies to popular registries for lifecycle management
• Service and operation level policies with inheritance for simplified administration
• Policy lifecycle and migration management across development, test, staging and
production, as well as geographically distributed data centers
• API-level access to administration
• SDK-level policy creation for simplified policy customization
On-the-fly policy changes • Polices can be updated live across clusters with no downtime required
Create custom policies • Policy SDK allows for custom policy assertion creation using Java
Enterprise-scale Management
Operations Console • A single, real time view of all Gateways across the enterprise and cloud showing
audits, events and key metrics
Policy Migration • Centrally move policies between environments (development, testing, staging,
production, etc), settings (enterprise, cloud, etc) or geographies, automatically
resolving discrepancies such as SSG licenses, IP addresses, IT resources (i.e.,
LDAPs may be named differently), etc
Services Reporting • Configurable, out-of-the-box reports provide insight into SSG operations,
service-level performance, and service user experience
Remote Patching • Selectively update any software installed on Gateways, including system files
and operating system
Disaster Recovery • Centrally back up SSG config files and policies from one or more
Gateways/clusters, and remotely restore, enabling full disaster recovery
Management API • Remote management APIs allow customers to hook their existing, third-party
management tools into the SSG, simplifying asset management
Form Factors
Hardware • Active-active clusterable, dual power supply, mirrored hot-swappable drives,
two-way dual-core 1U server from Sun
Supported Standards
XML 1.0, SOAP 1.2, REST, AJAX, XPath 1.0, XSLT 1.0, WSDL 1.1, XML Schema, LDAP 3.0, SAML 1.1/2.0, PKCS #10,
X.509 v3 Certificates, FIPS 140-2, Kerberos, W3C XML Signature 1.0, W3C XML Encryption 1.0, SSL/TLS 1.1 / 3.0,
SNMP, SMTP, POP3, IMAP4, HTTP/HTTPS, JMS 1.0, MQ Series, Tibco EMS, FTP, WS-Security 1.1, WS-Trust 1.0, WS-
Federation, WS-Addressing, WS-SecureConversation, WS-MetadataExchange, WS-Policy, WS-SecurityPolicy, WS-
PolicyAttachment, WS-SecureExchange, WSIL, WS-I, WS-I BSP, UDDI 3.0, XACML 2.0, MTOM

To learn more about how Layer 7 can address your needs, call us today at +1 800.681.9377 (toll free
within North America) or +1.604.681.9377or visit us at

Copyright © 2010 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.