API Management for VMware vCloud

Layer 7s CloudSpan CloudControl Gateways offer: Abstraction & Management Policy-driven management streamlines API versioning, composition and orchestration, while ensuring conformance to SLA and quality of service goals through throttling/rate limiting. Metering & Reporting Granular logging, monitoring and auditing capabilities, coupled with performance metrics allow you to understand, track and meter API usage. Protection & Control Implement fine-grained access control and comprehensive threat protection for all API calls.

Protect, Abstract, and Meter vCloud APIs

Layer 7 CloudSpan CloudControl abstracts vCloud APIs, giving organizations enhanced control and management capabilities vCloud API Abstraction Provides Greater Control
VMwares vCloud initiative represents virtualization 2.0, avoiding the classic virtualization metaphors rooted in the physical worldhosts, SANs, and networksand instead promoting a multi-tenanted, resource-centric view of the virtual datacenter. With vCloud, enterprises and service providers can create the basis of a public or private cloud that features simplified service provisioning and chargeback by programmatically controlling their virtualized assets via the vCloud APIs. Adding a layer of abstraction on top of the vCloud APIs allows organizations to simplify the way in which service providers can manage and control vCloud Director, streamlining automation. The Layer 7 CloudSpan CloudControl gateway delivers key protection, abstraction and metering capabilities for vCloud APIs by implementing a configurable policy creation and enforcement point at the API level. CloudControls intuitive drag-and-drop policy builder lets you create and enforce API policies that provide for: Abstraction and masking of APIs Composition/orchestration to create new APIs Live dashboard monitoring of API usage Versioning of REST and SOAP APIs (beyond vCloud basic versioning) Mapping between SOAP and REST Transformation of any GET, POST, DELETE, and PUT content Authentication (HTTP basic, digest, SSL, but also SAML, Kerberos, X.509 certs, OAuth, etc) Cloud single sign-on (SSO) Fine grained authorization to individual APIs Validation of XML structures (such as OVF containers) Threat detection, including threats embedded in XML OVF files Automatic fail-over between hosts JSON Schema validation Management of federated relationships Fully customizable audit

To learn more about Layer 7s latest release, call 1-800-681-9377 (toll free within North America) or +1.604.681.9377. You can also email us at info@layer7.com; friend us on facebook.com/layer7; visit us at layer7.com, or follow-us on twitter @layer7.

Secure Hybrid Cloud The Future of Enterprise IT

The CloudControl gateway is the basis of an enterprise-class cloud governance solution. In contrast to other solutions that run as third party services or attempt to broker security from a remote datacenter, CloudControl runs as an integral part of the vCloud Director environment. The CloudControl VMware virtual machine is easily incorporated into any VMware infrastructure. In this way, the security, management and metering solution for your cloud APIs resides within the cloud they are protectingnot off at some other location where proxyed transactions can be subjected to attack while traversing the open Internet. Locally integrating a security solution as an integral part of your cloud infrastructure allows you to properly secure your cloud APIs, ensuring sophisticated access control and protection against denial-of-service (DoS) attacks.

Key Features
vCloud API Protection & Control
Threat Protection API Lifecycle API Composition Orchestration SLA/Performance Control Protect against Cross-Site Scripting (XSS), SQL Injection, XML content/structural threats, viruses, etc Create custom threat profiles to extend built-in filters for message structure & XML-specific threats Track failed authentications and/or policy violations to identify patterns and potential threats Validate HTTP parameters, REST query/POST parameters, JSON data structures, XML schemas, etc Support for HTTP basic, digest, SSL client-side certificate authorization, Microsoft SPNEGO, etc Support for all major authentication and authorization standards, including SAML, Kerberos, digital signatures, X.509 certificates, LDAP, OAuth, etc, and leading identity and access management systems Powerful message content filtering and transformation tools help identify and surpass leakage of sensitive information (i.e. SSNs, credit card numbers, etc.) Support for multiple types of element or message level XML signing and encryption APIs can be smoothly migrated between environments (i.e. from Dev to Test, East to West, etc.) with full dependency resolution and re-mapping Supports automatic API versioning including rollback to any previous version Global security settings, threat detection profiles, etc. can be reused across multiple APIs to save time and ensure consistency Point and click API composer supports quickly building composite virtual APIs from any combination and/or subset of existing APIs Policy-driven API request sequencing based on administrator-defined conditions and logic Routing based on message content or service availability Run multiple back-end service calls concurrently, thereby reducing overall latency Supports any combination of XML/REST/SOAP APIs and enables translation between protocols to simplify customer adoption Filter/customize back-end error messages to better fit customers deployment patterns Enforce availability through throttling and/or rate limiting to ensure SLAs and QoS priorities Advanced, carrier-grade traffic shaping to manage bandwidth to API servers Access to API methods can be filtered/restricted based on user, time of day, service level, etc. Route traffic based on geography, IP address, back-end response times, etc for optimum performance Integrated clustering provides scalability and automatic failover between multiple instances of APIs/services Remote management APIs allow customers to hook their existing, third-party management tools into CloudSpan, simplifying asset management Configurable, out-of-the-box reports provide insight into API performance: meter and track API/method usage for per-user billing, capacity planning, SLA compliance etc. Real time monitoring dashboard provides fine-grained insight into API & network level performance Report on service performance, policy violations and SLA conformance based on specific customers, composites (i.e., processes and transactions using a service) or clients to build a profile of user experience

Access Control

Privacy

vCloud API Abstraction & Management

Multiple Protocols

Management API

vCloud API Metering & Reporting

Metrics and Reporting

Customer Mapping Audit transactions

Log files provide a granular audit trail of all API connections mediated by CloudControl

Supported Standards
XML, JSON, SOAP, REST, PCI-DSS, AJAX, XPath, XSLT, WSDL, XML Schema, LDAP, SAML, XACML, OAuth, PKCS, X.509 Certificates, JMS, FIPS 140-2, Kerberos, XML Signature, XML Encryption, SSL/TLS, SNMP, SMTP, POP3, IMAP4, HTTP/HTTPS, MQ Series, Tibco EMS, FTP, WS-Security, WS-Trust, WS-Federation, WS-SecureExchange, WS-Addressing, WS-SecureConversation, WS-MetadataExchange, WS-Policy, WS-SecurityPolicy, WS-PolicyAttachment, WSIL, WS-I, WS-I BSP, UDDI, WSRR, MTOM, IPv6, WCF

To learn more about Layer 7 call us today at +1 800.681.9377 (toll free within North America) or +1.604.681.9377. You can also email us at info@layer7.com; friend us on facebook.com/layer7; visit us at layer7.com, or follow-us on twitter @layer7
Copyright 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.