In the latest edition of SOA Magazine, My friend Thomas Rischbeck lays out the case for XML appliances as an SOA intermediary that can address the security threats associated with modern XML architectures.
What do XML appliances do, exactly? XML appliances serve as policy enforcement points (PEPs) within SOA-based infrastructures, Thomas says. They are also are very adept at handling resource-intensive processing tasks including message encryption-decryption, signature-verification, filtering and transformation. They ease the burden of handling these additional processing tasks from from existing CPUs, Thomas observes.
Plus, XML appliances will scan binary attachments for malware and viruses, a role similar to that of "email servers that check for viruses and restrict message content and size," Thomas adds.
IBM Datapower comes to mind as an example of XML appliance sets that
can be dropped into a network to handle the dirty work of data security,
without the need to have a security team on staff to harden an entire
infrastructure.
Thomas explains that XML appliances "contain hardened chips that can process XML in specialized circuits, at wire speeds. "This yields high throughput and low latency, which are relevant criteria for deployment at the network perimeter." He adds that "many SOA security issues and XML-specific threats can be detected very efficiently by XML appliances."
And, as is the case with appliances these days, they also come in virtual form as well. The only catch is that virtual XML appliances cannot provide XML acceleration.
Leave a comment