Alcatel Carrier Internetworking Solutions OmniAccess 8550 Manuale Utente

Alcatel-Lucent 8550 Web Services Gateway

Threat protection

XML firewall

Protects from

deliberate attacks and

malicious XML messages

XML message validation

Ensures all messages are well formed

XML message control

SQL Injection, Recursive Payload, Oversized Payload, Buffer Overflow,
External Entity Attacks, Oversize Attachments, Cross Site Scripting

Denial of service (DoS)
protection

Prevents DoS attacks focused at web services, replay attacks

Management

Easily managed appliance

integrating with existing

management

platforms

Fault management

SNMP reporting to enterprise network management platforms

Configuration management

Provides Web-based GUI interface with role based management control

Change management

Enforces policy and configuration privileges by role and provides audit of all
policy and configuration changes

Secure hardware

accelerated

appliance

Hardened appliance to

comply with

security standards

High availability

Provides automatic stateful failover for paired nodes

Open standards compliant

Compliance with Web services standards W3C, SOAP, UDDI, WS-Policy,
WS-Trust, WS-Security, WS-Reliable Messaging, WS-Addressing

Secured appliance

No direct operating system access - encrypted hard drive - no internal
devices allow for alternate re-boot of system - all ports disabled -
configuration files digitally locked.

Dedicated Web services
infrastructure

Hardware accelerated XML parsing & encryption with digital signing & SSL
& HTTPS

Feature group

Benefit

Feature

Feature description

Security

governance

Ensures compliance

with corporate

governance policy and

government legislation

Application sessions

Stateful model for Web service run-time policy

Stateful run-time policy enforce-
ment

Run-time policy enforced across multiple transactions per credentialed user

User-centric audit trail

Consolidated audit trail capturing each information record viewed or modified
per credentialed user, encrypted and signed to survive legal audit

Application access control

Stateful policy enforcement on access to individual Web services

Information access control

Stateful policy enforcement on access to individual information records

Secure online

B2B

Enhanced security

through single point of

control to enable secure

automated workflow

among business partners

Partner authentication

Strong authentication for partner institutions (X509, XKMS, RSA, 3DES, DES,
AES, SHA, PKCS, CRLs, OCSP)

Service virtualization

Map external URL used by partners to private internal URL

Secured proxy point

Stateful policy enforcement with cross-referenced audit on all partner activi-
ty

Data protection

Data encryption and digital signing to survive legal audit

User mobility

Enables end users to seamlessly connect to web services at any partner site

Multiple partner groups

Allows web services to be offered to distinct partner groups

Identity

mapping

federation

Consistent enterprise-

wide enforcement

of policy per

credentialed user

Single identity

Dynamic identity translation allowing access to multiple IT
systems with single credential for corporate-wide consistent policy enforce-
ment

Identity interoperability

Enables acceptance of user validations from partners while meeting all
traceability and user privacy requirements (SAML, WS-Trust)

Integration with existing identity
infrastructure

Integrates with existing identity management infrastructure (LDAP, SAML,
WS-Trust)

Corporate

agility

Enables scaleable and

reliable re-use

of existing IT systems

Application interoperability

Provides mediation through message and content translations for applica-
tions (XSLT)

Web service load balancing

Provides round robin load balancing with session stickiness and automatic
failover

Reliable messaging

Provides policy-controlled, guaranteed delivery of web service messages