Last week I got a presentation for a security device I had never heard about.
Most times this means it is something which is not commodity, or has no real use-case.
But this time I was really impressed. The device is a possible replacement for IBM Datapower XML Security Gateway. But the way they designed the device is totally different.
What CrossCheck networks did was creating a device with just security as main use case. First of all it was an XML gateway, nowadays is does support HTML, XML, SOAP, FTP, JMS and others.
It also translates different flavors of JMS to each other, it can even convert from IBM MQ to JBoss MQ directly.
The Forum Sentry XML Gatewat comes in two flavors, as an appliance and as an VMWare image.
This is useful for the Development and Test environments.
The main use-case for the device is as a security device. It will stand in the DMZ and acts as a level 7 security gateway. This is the same use-case as the IBM Datapower, only the marketing is a little bit different, CrossCheck Networks markets the device mainly as a security appliance. IBM did market the Datapower mainly as a ESB in the past. Nowadays they also market it mainly as a security appliance.
The main differences I spotted between those two where:
|Forum Sentry XML Gateway||IBM Datapower XML Security Gateway XS40|
|Supports protocol conversions (also IBM MQ → JBoss MQ)||Support protocol conversions (but does only support IBM related JMS technologies)|
|Support virus scanning (also in SOAP with attachments)||-|
|Supports large streaming files||Only does this in the Datapower XB60 B2B gateway|
|Supports authentication by using cascading user stores (i.g. If you can not find this username/ password in LDAP go to your Active Directory and try to match there). This can be configured for each url(-part)/ service(-part).||Support authentication|
|Real nice configuration, no need to type any XSLT.||Most conversions are made in XSLT.|
|SSO for web, ftp and services.||SSO for SOAP.|
My conclusion after this short demo
The Forum sentry has some advantages when you compare it to the IBM Datapower XML Security Gateway XS40. The main difference is that you can do more whith only one appliance. You can replace an IBM Webseal, a virus scanner and an IBM Datapower XS40 with only one device.
My advice is to take this device in considerations where you have to choose for an XML firewall/ hardware ESB.