Web services and XML gateways make Web technologies secure, but at a price. XML parsing requires a lot of memory and CPUs. The harder you try to prescreen incoming XML documents--by enforcing restrictions and checking for malicious content, for example--the more resources you consume. As power gets drained, performance declines.
DataPower helps matters with its updated XS40 XML Security Gateway, which I tested in our NWC Inc. business applications lab in Green Bay, Wis. Besides accelerating XML processing, version 3.0 offers administration-console enhancements that make it less onerous to build and manage XML- and SOAP-related security policies.
The XS40 is a 1U appliance with dual 10/100/1000 interfaces for traffic processing and a single 10/100/1000 interface for out-of-band management. It acts as a proxy between the client and internal SOAP endpoints.
A particularly useful feature of version 3.0 is its XPath editor. Previously, users had to write XPath queries manually to implement policies involving XML routing. With 3.0, I build a routing table simply by selecting the node in the XPath editor. DataPower generated the correct XPath expressions.
The new task-oriented features of the XS40 are a boon as well. The Web Services Definition Language tool let me import WSDL for the services I wanted to secure, then walked me through the creation of a policy, including authorization of specific operations, decryption and signature verification. The only drawback to the wizard approach is that there's no way to finish in the middle of the process. That can make editing an existing policy tedious.
