You are on page 1of 3


SecureSpan™ Version 5

Centrally Manage and Monitor Your SecureSpan Gateways

The SecureSpan 5 family of Simplify policy migration, disaster recovery, and global Gateway
appliances offers: management from a central, comprehensive operations console
Enterprise-scale Management
Gain Visibility
Comprehensive dash-boarding and
reporting allows administrators to The latest version of the SecureSpan family of appliances bundles industry-leading
industry XML
centrally monitor the health and security and sophisticated runtime governance, with enterprise-scale
enterprise management – all at a
performance of all SecureSpan lower total cost of ownership than assembling separate solutions.
Gateways and associated services.
SecureSpan 5’s management capabilities are principally provided by the new Enterprise
Policy Migration Service Manager (ES
(ESM), which lets administrators gain greater visibility into the
Utilize a graphical interface to move, performance of all their SecureSpan Gateways (SSGs) and associated services (whether
copy or replicate policies and policy those services originate in-house or in the cloud) from a single location.
location By enabling ESM’s
fragments between SSGs located in management capa
capabilities on their SecureSpan Gateways,, organizations can centrally:
different environments (dev, test,
• Manage the health and performance of all SSGs/SSG clusters, setting thresholds
production, etc.), geographies or
that spawn alerts based d on performance and exceptions
settings (enterprise, cloud, etc).
• Measure and report on the performance of services proxied by all SSGs
Disaster Recovery • Generate reports on key audit/events/metrics, such as throughput, routing failures,
Policies, configuration and audit files utilization and availability rates to determine which partners/customers/users
partners are
can be backed up to any SSG or higher versus lower risk; which are performing to SLA; which are generating
gene alerts
storage device, and then remotely based on breaching set thresholds, etc.
restored to any SSG in the extended • Log and audit connections to both external (cross domain) and internal services to
enterprise. discover which ones are critical for which users
• Choose to parse message-levellevel content and extract key identifiers (such
(suc as user
Remote Patching name, customer id, client IP address, etc.), and then generate reports based on all
Administrators can selectively traffic associated with that identifier in order to locate patterns and trends that
update any software installed on the impact performance.
appliance, including system files, OS,
and/or third-party software (i.e., Simplify Management
Oracle Service Bus).
dministrators can take advantage of new backup functionality to copy policies,
configuration and auditing data of any SSG/SSG cluster to a secure destination on their
Enhanced PKI
network, or to a removable device for off
off-site storage.. Administrators can then remotely
Improvements to the management
restore that backup to any SecureSpan appliance in the enterprise, enabling full disaster
and signing of PKI certificates
simplify administration, export and
expiry/re-issuing of certificates.
Additionally, once the ESM has been enabled, p policies
olicies and policy fragments can be centrally
ropagated between SSGs/SSG clusters in different environments (i.e., development vs. test
vs. production), geographies or settings (i.e., enterprise vs. cloud).
cloud) Migration is facilitated by
To learn more about upgrading to
a graphical user interface that shows all SSGs and associated policies in the extended
SecureSpan 5, call 1-800-681-9377 enterprise. Jus
Just select the policies/policy fragments to be moved and the system will
(toll free within North America) or automatically highlight any d discrepancies
iscrepancies between the originating and target SGGs/SSG
+1.604.681.9377 clusters (such as differing IP addresses; differently named LDAPs; differing SSG licenses or
RBAC, etc), prompting you to resolve them.. This “mapping” can then be saved and re-used
for future migrations
migrations, automating the migration process and dramatically decreasing risk of
New Features
Enterprise-scale Management
Operations Console • A single, real time view of all Gateways across the enterprise and cloud
showing audits, events and key metrics
Policy Migration • Centrally move policies between environments (development, testing, staging,
production, etc), settings (enterprise, cloud, etc) or geographies, automatically
resolving discrepancies such as SSG licenses, IP addresses, IT resources (i.e.,
LDAPs may be named differently), etc
Services Reporting • Configurable, out-of-the-box reports provide insight into SSG operations,
service-level performance, and service user experience
Remote Patching • Selectively update any software installed on Gateways, including system files
and OS
Disaster Recovery • Centrally back up SSG config files and policies from one or more
Gateways/clusters, and remotely restore, enabling full disaster recovery
Management API • Remote management APIs allow customers to hook their existing, third-party
management tools into the SSG, simplifying asset management
Public Key Infrastructure (PKI)
Managing and Signing of • Expired certificates are identified and flagged, simplifying management
Certificates • Multiple Trusted Certificates can be stored in the same Distinguished Name
(DN), allowing reissue of certifications before they expire
• Export key pairs as PKCS #12 files (PFX filed) for use on another system
• Save Certificate Signing Requests (CSRs) as BASE64 PEM files
• Support for signing/encrypting XML elements not inside a SOAP envelope
• Support for signing SSG-generated SOAP faults
• Granular control for how client certificates are retrieved and validated
JDBC Support
Database Querying • Query external databases using the “Perform JDBC Query” assertion
Connection Management • Manage all JDBC connections using the SecureSpan Manager
Policy Management
Policy Organization • Organize policies to reflect the way your business works by aliasing folders
containing policies/policy fragments in order to associate them with business
units, geographies, customers, and so on
Testing • Selectively disable assertions, facilitating policy debugging
SSG Config • The revised setup and configuration routine eliminates the need for partitions
Security • Optionally choose to secure the traffic between the SSG and SysLog/LDAP
servers using SSL
Logging/Auditing • Viewer supports more display/formatting and querying/searching capabilities,
making log files easier to work with
• Support for sending audits to external databases, message queues, or other
external locations
Role Assignment • Groups can be assigned a Role, allowing administrators to grant/revoke role
assignments for multiple users in a single action

Copyright © 2010 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.
Identity and Message Level Security
Cryptography • Support for external HSMs (i.e., SafeNet Luna)
• Support for elliptic curve cryptography (conforms to NSA’s Suite B algorithms)
• FIPS 140-2 support in both hardware (Level 3) and software (Level 1)
Digital Signatures • Support for multiple digital signatures, allowing different entities to sign
different parts of a single message
• Sign or encrypt XML elements that are not inside a SOAP envelope
Form Factors
Hardware • Active-active clusterable, dual power supply, mirrored hot-swappable drives,
2-way dual core Sun 1U server
Software • Solaris 10 for x86 and Niagara, SUSE Linux, Red Hat Linux 4.0/5.0
Virtual Appliance • VMware/ESX (VMware Ready certified)
Cloud • Amazon EC2 AMI
Supported Products
Operating System • Added support for Red Hat Enterprise Linux (RHEL) 5
Database • Added support for MySQL 5
VMware • Added support for 64-bit images
CentraSite • Improved integration with Software AG’s CentraSite Active SOA
Supported Standards
XML 1.0, SOAP 1.2, REST, AJAX, XPath 1.0, XSLT 1.0, WSDL 1.1, XML Schema, LDAP 3.0, SAML 1.1/2.0, PKCS #10,
X.509 v3 Certificates, FIPS 140-2, Kerberos, W3C XML Signature 1.0, W3C XML Encryption 1.0, SSL/TLS 1.1 / 3.0,
SNMP, SMTP, POP3, IMAP4, HTTP/HTTPS, JMS 1.0, MQ Series, Tibco EMS, FTP, WS-Security 1.1, WS-Trust 1.0, WS-
Federation, WS-Addressing, WSSecureConversation, WS-MetadataExchange, WS-Policy, WS-SecurityPolicy, WS-
PolicyAttachment, WS-SecureExchange, WSIL, WS-I, WS-I BSP, UDDI 3.0, XACML 2.0 / 1.1 / 1.0, MTOM

To learn more about how to upgrade to SecureSpan 5, call us today at +1 800.681.9377 (toll free within
North America), or +1.604.681.9377, or visit us at

Copyright © 2010 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.