FEATURE January 2012 Network Security 17 logical message-processing capabilities, they are not Business Process Execution Language (BPEL) business orchestra- tion engines that can manage all of your human interaction and long-running processes. Though they can process batches of messages, they are neither a managed file transfer platform nor an Extract Transform Load (ETL) data warehous- ing tool. And though there is defi- nitely some feature overlap with Web Application Firewalls (WAFs), SOA gateways don’t generally fulfil all of those requirements; neither do WAFs come anywhere close to parity on non- HTML traffic. The exact deployment model for an SOA gateway in an ESB role depends on the feature comparison exercise we just went through, and generally falls into one of three categories. If these ‘lightweight ESBs’ meet all of your corporate requirements for applica- tion integration and SOA deployment, they can easily stand alone and fulfil the ESB pattern. If, on the other hand, an existing ESB is meeting most of your application inte- gration needs, then an SOA gateway can be deployed as a complement to provide value as an on- and off-ramp to that ESB. This ‘ESB gateway’ use case focuses on the gateway’s strengths around secu- rity, high-performance transformation and edge-based protocol mediation. “SOA gateways combine the capabilities of a traditional ESB with security, agility and simplicity” The third option is most common in large enterprises that have grown through mergers and acquisitions and have a heterogeneous corporate IT land- scape. In these cases, the SOA gateway can perform all of the ESB functions for those divisions without an existing infra- structure and can act as a bridge between other, more-entrenched technologies in the rest of the enterprise. It even enables extension of this secure architec- ture to applications deployed in public or private cloud environments. This ‘Federated ESB’ use case takes advantage of the true agility and flexibility of SOA gateways without requiring a rip-and- replace implementation. SOA gateways combine the capabili- ties of a traditional ESB with security, agility and simplicity. They transform the archaic code-based challenge of application integration into a mod- ern configuration and networking problem. They can be implemented as hardware, as VMs or in the cloud. They are Internet-ready, giving enter- prises the immediate ability to support the extended enterprise, which increas- ingly encompasses partners, cloud and mobile. In a modern corporate culture that demands we do more with less, they give you the capacity to respond to customer demands and provide new, secure inter- faces to the data and applications that drive your business. SOA gateways truly are the cure for the common ESB. About the author Jaime Ryan is the partner solutions archi- tect for Layer 7 Technologies, and has been building secure integration architec- tures as a developer, architect, consultant and author for the past 15 years. He is based in San Diego. Layer 7 Technologies helps enterprises secure and govern inter- actions between their organisation and the services they use in the cloud, across the Internet, and out to mobile devices. Layer 7 gives enterprises the ability to control identity, data security, SLA and visibility requirements for sharing application data and functionality across organisational boundaries. A secure model for building e-learning systems In this article, we’re proposing a model for a secure e-learning system designed to be implemented by computer centres at universities. It would provide facul- ties with a new learning approach that could be developed at later stages to provide a secured portal for educators to access instructional and exam materials. In addition, the computer centre is able to use a wireless network to connect to faculties and other organisations outside the university. This model employs a secured network that utilises the latest security technologies, including firewalls, OpenVPN and PGP. A firewall is an appliance or software used to protect a network from unau- thorised access from outside the net- work. It allows legitimate access to the network according to a set of predefined rules and policies. Firewalls are either packet filters or network layer devices: packet filter firewalls allow packets that match a set of established rules; network Shadi R Masadeh, Nedal Turab, Farhan Obisat, Faculty of Information Technology, Applied Science University, Isra University, Arab Academy (AABFS), Amman, Jordan E-learning involves the use of the Internet as a communications medium between instructors and students who are separated by physical distance. 1 Wireless networks have become very common in this environment, often replacing wired networks, in order to provide mobile access to educational systems and the Internet for students and staff. But these networks must be secured.