Scribd
Upload
100 views10 pages

API Security & Deployment Guide

Forum Sentry is a security platform that provides centralized identity management, access control, and security functions. It offers various deployment models including an API security gateway that acts as a tier 0 edge solution. The platform supports features such as single sign-on, threat mitigation, data privacy, integrity and trust. It is designed to securely manage identity, access control, and security across modern applications, services, and architectures.

Uploaded by

Kay Ade
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
100 views10 pages

API Security & Deployment Guide

Forum Sentry is a security platform that provides centralized identity management, access control, and security functions. It offers various deployment models including an API security gateway that acts as a tier 0 edge solution. The platform supports features such as single sign-on, threat mitigation, data privacy, integrity and trust. It is designed to securely manage identity, access control, and security across modern applications, services, and architectures.

Uploaded by

Kay Ade
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Forum Sentry

Deployment Architecture Concepts

Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
Product Focus:

Models:
456X Rev B 1 U Form Factor, FIPS 140-2 Level II Chassis, Integrated FIPS 140-2
Level II HSM (optional). 32 GB RAM, 1 TB HD

456X Rev C 1 U Form Factor, FIPS 140-2 Level II Chassis, Integrated FIPS 140-2
Level II HSM (optional). 256 GB RAM, 800GB Flash Cache, 2 TB HD

Virtual Appliance Fully encapsulated virtualized rendition of 456x system in a deployable


OVA VMWare system

Software Sentry Windows, Linux, or Solaris deployable Sentry (single-package install)

Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
Core Features: Security, Identity, Mediation

Threat Mitigation
• Content-Aware (SOAP, XML, REST, …)
• Intrusion Detection and Prevention
• Rate-based rules, Size-based rules
Identity Enforcement • Antivirus Engine, Pattern recognition
• WSS, Kerberos, DSIG
• HTTP, OAuth, SAML
Data Privacy
• Content Encryption
• Cookie, SSL X509, URI
• Content Decryption
• Message-to-Protocol,
• SSL / TLS
• Protocol-to-Message

API Security Gateway


Integrity and Trust
• Digital Signature
Access Control & SSO • Signature Verification
• Schema Validation
• Credential Persistence
• Session Management
• Attributes, Roles
Behavior Monitoring
• SAML 1.0/1.1/2.0, • Archiving
• OAuth 1.0, 2.0 • Logging
• Monitoring
• Reporting

Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
Use Cases
• Single Sign-on (SSO)
Forum Sentry often functions as an SSO entity with enhanced Trust, Data and Access Control context.

• Identity Management & Access Control


Single platform brings context and more authority over Identity, Content and Access Control while also reducing
previously redundant and dense Identity check network traffic and cost.

• Web Services, XML, REST API Security


Properly securing your XML, SOAP, JSON and REST traffic

• Modern Architecture Design


Tier 0 architecture design for secure, sophisticated and simplified Identity, Security, Access Control management.

• Cyber Security
Line speed layer 4 through 7 payload and content inspection, validation and virus scanning.

• Mobility, IT Modernization and Integration Initiatives


Tier 0 versus End Mile coding of Identity, Security for system to system (Cloud, Mobile, B2B). Forum Sentry has
strong integration capabilities than supports more rapid, simplified and comprehensive policy management.

• Secure Storage
Forum Sentry Cloud Controller enables secure scale-out, seamless integration with cloud storage providers

Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
API Security – Edge Deployment

1
Load
Balancer

Mobile Apps

API Security Gateway HTTP, FTP, SFTP, SMTP, JBOSS,


3 IBM MQ, AS2, Tibco, Oracle,
Active MQ, AMQP
Modern Service Traffic
Users / Portals
SOAP, XML, REST, JSON,
HTML, ebXML, SwA

Secure API 4
Protocol
B2B Break
5

TIER 0 / EDGE

Cloud / 3rd Party


Mobile Services FTP/SFTP Services
Identity: Oauth, SAML, WS-Tokens, HTTP Form Post, HTML Portal Servers XML Services
2 HTTP Basic, HTTP Digest, NTLM, Kerberos, X509 Mutual,
REST Services SOAP Services
RSA SecureID, FTP Auth, SFTP Auth ESB Services

Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
Centralized Tier 0 - Identity Management, Access Control, Security
Legacy

Virtual
Mobile Apps Authentication

Secure Protocol Break API


HTTP | FTP | SFTP | JMS | SMTP
ESB
Role Based
Access Control
SOA

Web Browsers Content-Based


Access Control Portals
SSO Session
Management Apps

B2B Identity Adapters


Web Services
Internet / DMZ boundary
DMZ / Extranet boundary
TIER 0: DMZ / Intranet boundary
Extranet / Intranet boundary Modern
Cloud / 3rd Party Intranet / internal-enclave boundary

Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
The API Gateway Whitespace

Mobile Browsers B2B Cloud / 3rd Party

Firewall

Identity, Access Control, SSO Layer 4-7


• RBAC Identity, Security, Mediation.
FIPS 140-2 and NDPP Secure
• CBAC API Security Gateway
• SSO FIPS 140-2 & NDPP Certified
• Session Management
Internet / DMZ boundary
DMZ / Extranet boundary WAF
DMZ / Intranet boundary
Extranet / Intranet boundary
IDS
Intranet / internal-enclave boundary
SIEM

Endpoint Services (APIs)


Virtual ESB SOA

Apps Portals Data Dashboards

Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
Inbound Deployment Topology - DMZ

Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
Inbound Deployment Topology – Behind FW

Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459
Outbound Deployment Topology

Forum Systems | www.forumsys.com | 888.811.0060 | 199 Wells Ave., Suite 105, Newton, MA 02459

You might also like