XML Firewall and VPN
The SecureSpan™ XML Firewall combines the capabilities of the SecureSpan XML Accelerator and Data Screen with advanced identity and message level security to address the broadest range of behind the firewall, portal and B2B SOA security challenges.
The SecureSpan XML Firewall includes support for all leading directory, identity, access control, Single Sign-On (SSO) and Federation services. This provides SOA and security architects unparalleled flexibility in defining and enforcing identity-driven SOA security policies leveraging SSO session cookies, Kerberos tickets, SAML assertions and PKI. The SecureSpan XML Firewall also provides architects with advanced policy controls for specifying message and element security rules including the ability to branch policy based on any message context.
Key storage, encryption and signing operations can be handled in FIPS 140-2 certified acceleration hardware onboard the appliance or centrally through Safenet’s Luna HSM. The SecureSpan XML Firewall has demonstrated compliance with all major WS* and WS-I security protocols including WS-Security, WS-SecureConversation, WS-SecurityPolicy, WS-Trust, WS-Secure Exchange, WS-Policy and WS-I Basic Security Profile. The SecureSpan Firewall also supports SAML 1.1 and 2.0 both in sender vouches and holder of key models.
The SecureSpan XML VPN Client is optional SOA client software (or hardware) used in conjunction with the SecureSpan XML Firewall to streamline SOA B2B and portal connectivity. The SecureSpan XML VPN Client can be deployed on or in-front of client applications needing connectivity to secured Web services. The XML VPN Client automatically manages PKI, SSO, Federation and WS* compliance on SOA clients without coding, ensuring secure SOA connectivity and simplifying security change management.
The SecureSpan XML Firewall is available as a linearly scalable, high performance 64-bit, multi-processor, 1U appliance with onboard XML acceleration and optional SSL/crypto accelerator with HSM or as Gateway software for Linux and Solaris server platforms. Deployment options include inline DMZ security or as a security coprocessor to an Enterprise Service Bus (ESB), providing operations including document signing, validation and encryption.
The SecureSpan XML VPN Client is available as a class library for integration into a client application, a stand-alone executable, or as hardware.
To future proof customers against changing requirements, the SecureSpan XML Firewall is software upgradeable to the SecureSpan XML Networking Gateway.
