If a network is like a highway, think of XML messages as sport utility vehicles: They're big, bulky and there are...
more of them filling the roads every day. And Web services are the consumers driving much of that increased traffic.
The percentage of all local area network (LAN) traffic that's XML based "is growing dramatically, and will continue to grow dramatically," said Jason Bloomberg, a senior analyst at ZapThink LLC in Waltham, Mass. "This is a real red flag for the data center manager."
As the popularity of XML-dependent technologies such as Web services rises, so too do the demands on an organization's network infrastructure. "A lot of this traffic wasn't even around six months ago," Bloomberg said. "It will be even worse in six months."
What makes XML so attractive as a data format -- its descriptiveness -- is also a weakness. Bloomberg said XML is more "verbose" than binary-formatted traffic. Even a small bit of XML-formatted information has to have an electronic envelope and a lot of extraneous information that goes with it.
XML messages are also less secure than their binary equivalent because they are written in ASCII text, so they're human-readable. "It's very easy to snoop on," Bloomberg said, unlike a Common Object Request Broker Architecture (CORBA) message. Also, since XML traffic runs over port 80, "it just goes right through firewalls."
A host of XML infrastructure products
From an infrastructure standpoint, what can an organization do to speed up its XML traffic and make those messages more secure?
"There's a whole crop of XML infrastructure products, most of which are hardware appliances, that address these issues of either performance, security or also [data] transformation," said Bloomberg.
He said there are XML-aware network appliances, or XML proxies, that specifically deal with issues of performance and reliability, "which are two sides of the same coin." He cited Sarvega Inc., Burr Ridge, Ill., and DataPower Technology Inc., Cambridge, Mass., as two vendors that offer products designed to accelerate the process of data transformation, which is among the most processor-intensive functions involved in moving XML messages along a network.
"If you can offload some of the hardcore processing -- whether it's transformation or encryption and decryption -- you're much more likely to get that wire-speed throughput that you require," Bloomberg said.
XML firewalls key to secure Web services
Another key infrastructure investment involves security. A firewall is the logical choice, but Bloomberg said traditional firewalls will not provide Web services security. That's because those firewalls operate on a perimeter model -- they work on the edge of the network -- and are packet-based, so they deal in terms of URLs and IP addresses, as opposed to understanding the content of a message. To secure their Web services -- either external or internal -- companies need to invest in XML firewalls, Bloomberg said.
Even though XML firewalls are plug-and-go hardware devices, it's not as simple as that. After the XML firewall assembles data packets and parses the XML to understand the message, organizations have to have some type of enterprise identity management product in place to determine whether the parts of that message are appropriately authorized. And they need to have an information policy in place as well, Bloomberg said.
For example, if a Web service message requesting information is received by a company, identity management software can help the recipient determine who's making the request, what the sender's authorization status is and whether some or all of the response needs to be encrypted.
Identity management must be enterprise-wide
While identity management is a crucial security aspect of Web services, it's not unique to it. "It's not really a Web services project per se," Bloomberg said. "You have to put your Web services in the context of the overall security picture for your company."
Many vendors have been working on so-called single sign-on products for a host of applications and are now extending them to Web services. Examples, he said, include Netegrity Inc., Oblix Inc. and RSA Security Inc., as well as Microsoft Corp.'s Active Directory.
A company's XML infrastructure spending ultimately comes down to a decision of hardware versus software, Bloomberg said. Most XML-aware network appliances are hardware. Some are software. Or companies can go with a combination of both.
The plus side for hardware is that it comes configured from the factory, so there is no software to install. However, it means taking up rack space, which is expensive, not to mention another responsibility for a data center manger.
"The last thing they want is more boxes," Bloomberg said.
FOR MORE INFORMATION:
Tip: XML firewalls
Commentary: The new class of XML-aware intermediary
Product & Vendor Solution Center: Web services