Organizations are finding it easier than ever to open their systems across internal lines of business, as well as to external third parties, thanks to the availability of XML and SOA appliances. These technologies enable organizations to accelerate and secure message exchanges, and integrate disparate systems -- all through configuration. The decision to deploy one of these devices instead of another should be based on your use case and the features that are most important.
"SOA is all about taking internal systems, legacy applications, mainframes, code -- whatever the case may be -- and exposing it as standards-based services, and using those services to integrate across divisions, applications and out to partners for sharing data and application access," said Jaime Ryan, partner solutions architect at Layer 7. "If you expose everything as services, then it's easy to integrate disparate systems -- make them talk to each other and make them agile when a new requirement for services or applications comes along."
XML and SOA appliances generally fall into one of two major categories; however, all these appliances provide three primary capabilities:
Before the appliance model existed, people had to do code instead of configuration, Ryan noted. "The appliance form factor gives an enterprise an easy way to drop in a box that does all that stuff for you," he said.
Security first for SOA application gateways
Security is one of the biggest reasons why they think of this sort of product.
Randy Heffner, vice president, Forrester Research
Security or SOA application gateways typically sit in the demilitarized zone, or DMZ, and serve as the ingress for consumer-based transactions via the Internet. These appliances have security "baked in," Ryan said. The primary use case for these appliances is to secure third-party access to internal applications, but they can also be used to span multiple security zones across lines of business.
"In more conversations than not that I have with Forrester clients and others in the industry, security is one of the biggest reasons why they think of this sort of product set within their overall approach to SOA," said Randy Heffner, a vice president at Forrester Research.
SOA application gateways typically provide authentication and authorization, access control, digital signature processing, and encryption.
"It's nice to open accessibility to our corporate applications for other departments, consumers and third-party partners; but if we're going to do that, we better make sure we have the right levels of security," said Lustratus Research Ltd. director Steve Craggs.
Integration gateways focus on speed
An integration gateway is an internal component that sits behind the firewall in the data center. "These are more of the notion of being able to participate in a Web services-centric ecosystem by taking advantage of legacy services," said Adolfo Rodriguez, DataPower chief architect at IBM.
For example, if an organization wants to expose a legacy service that is accessed through a messaging protocol, an integration gateway can translate the protocol to enable partner consumption. "A single appliance can take a message, secure it, make sure it's authenticated, transform the message format and deliver it to a different protocol," Ryan said. "It's kind of an all-in-one hub to route messages in the format they’re supposed to be in."
The purpose of integration gateways is not to create new services, according to IBM's Rodriguez. Rather, it's about taking content and translating services and "exposing them as something different." Similarly, Ryan said, integration gateways are more focused on quick content distribution and bridging systems instead of on security.
Choosing SOA appliances
In addition to understanding what function is needed most -- security, acceleration, or integration -- organizations need to determine whether they want an appliance that's more developer- or administrator-oriented.
According to Forrester's Heffner, the most programmer/developer-oriented product among the mix is Intel's SOA Expressway. "The others have more of an administrator configuration kind of feel, and although some of the configurations you'd do with them are more than what an administrator would understand, the process for using and configuring the gateway is more like admin configuration than it is code development," he said.
Vendors also offer different programming capabilities. With Layer 7, for example, "you can write your own Java code to handle some special circumstance and deploy it into the gateway yourself," Heffner said. "That gives you a lot of extensibility."
Others, like Forum Systems, don't allow users to customize code within their product because of its heavy focus as a security appliance. "There are certain risks you take if you allow code to be deployed within an appliance," Heffner said. "Maybe it's not as secure. That's specifically why [organizations] buy a Forum Systems product over the others."