Data power use cases

© 2015 IBM Corporation

IBM DataPower GatewayCommon Use CasesChristopher Khoury Andrew White

Agenda

• DataPower Gateway Overview

• Security & Optimization Gateway

• Mobile Connectivity

• API Management

• Integration

• Mainframe Integration & Enablement

• B2B

2

3

DataPower Gateways …

3

IBM DataPower Gateways provide a low startup cost,helping clients increase ROI and reduce TCO with

specialized, consumable, dedicated gateway appliances thatcombine superior performance and hardened security in

physical and virtual form factors

INTEGRATE Systems of Engagement with Systems of RecordCONTROL & MANAGE Traffic and Service Level Agreements

SECURE Mobile, API, Web, SOA, B2B and Cloud Workloads

OPTIMIZE Data Delivery and User Experiences

CONSOLIDATE & Simplify Infrastructure Footprint

Single security and integration gateway platform to provide security, integration, control & optimized access to a full range of Mobile, API, Web, SOA, B2B, & Cloud workloads

B2B

Simplify mobile security with single, purpose-built gateway; control mobile traffic and accelerate delivery

WebSimplify web security with single, purpose-built gateway; control traffic and accelerate delivery for intranet and internet web applications

CloudDataPower gateway functionality in a virtual appliance form factor, supports multiple hypervisor & cloud environments

IBM DataPower GatewayAPI

Easily secure, control, publish, monitor & manage your APIs

SOASecure, integrate, control &

manage SOA workloads in the DMZ and Trusted zones

Extend Connectivity & Integration beyond the enterprise with DMZ-ready B2B edge capabilities

Mobile

Gateway for the Multi-channel Enterprise

IBM DataPower Gateway Appliances are the industry-leading Security & Integration gateways that help provide security, integration, control and

optimized access to a full range of Mobile, Web, API, SOA, B2B, & Cloud workloads

Internet Trusted Domain

Consumer

Application or Service

DMZ

Trading partners

1 Mobile Gateway

2 API Gateway

3 Web Gateway

4 B2B Partner Gateway

5 SOA & API Gateway

6 ESB / Integration Gateway

7 Internal Security Enforcement

8 Web Services Governance & Management

9 Legacy Integration

Consumer

Middleware

z System

DataPower Gateway DataPower Gateway

Common Use Cases

Before DataPower Gateway After DataPower Gateway

Control

Integrate

Optimize

SecureConsumer

Consumer

Consumer

Consumer

Simplify, offload & centralize critical functions

IntegrateAny-to-any message

transformation

Transport protocol bridging

Message enrichment

Database connectivity

Mainframe connectivity

B2B trading partner connectivity

Control OptimizeSecureSSL / TLS offload

Hardware accelerated crypto operations

JSON, XML offload

JavaScript, JSONiq, XSLT, XQuery acceleration

Response caching

Intelligent load distribution

Service level management

Quota enforcement, rate limiting

Message accounting

Content-based routing

Failure re-routing

Integration with management & visibility

platforms

Authentication, authorization, auditing

Security token translation

Threat protection

Schema validation

Message filtering & semantics validation

Message digital signature

Message encryption

Features

Modules

ISAM Proxy ModuleUser access control, session management, web SSO enforcementAdvanced mobile security: mobile SSO, context-based access, one-time password, multi-factor authnIntegration with ISAM for Mobile

Application OptimizationModule

Frontend self-balancingBackend intelligent load distributionSession affinityz Sysplex Distributor integration

Integration Module

Any-to-Any message transformationDatabase connectivityMainframe IMS connectivity

B2B ModuleB2B DMZ gatewayEDIINT AS1,AS2,AS3,ebXMLPartner profile managementB2B transaction viewerAny-to-Any message transformationDatabase connectivity

TIBCO EMSModule

Integrate with TIBCO EMS messaging middlewareSupport for queues & topicsLoad balancing & fault-tolerance

IBM DataPower Gateway (Base)IBM DataPower Gateway (Base)Secure

Authentication, authorizationSecurity token translationService / API virtualizationThreat protectionMessage validationMessage filteringMessage digital signatureMessage encryptionAV scanning integration

IntegrateTransport protocol bridgingMessage enrichmentMessage transformation & processing using JavaScript, JSONiq, XQuery, XSLTMainframe integration & enablementFlexible pipeline message processing engine

Control & ManageService level managementQuota & rate enforcementContent-based routingMessage accountingIntegration w/ management & visibility platforms including IBM API Management & WSRR for policy enforcement

Optimize & OffloadSSL / TLS offloadHardware accelerated crypto*JSON, XML offloadJavaScript, JSONiq, XSLT, XQuery accelerationLocal response cachingDistributed caching w/ XC10Backend load balancing

2U Physical or Virtual Edition

DataPower Gateway: Single, modular & extensible platform

Deployment options

Purpose-built, DMZ-ready appliances provide physical security

High density 2U rack-mount design 8 x 1 and 2 x 10 GbE ports Cryptographic acceleration card Trusted platform module Customized intrusion detection Optional HSM (FIPS 140-2 Level 3 certified)

Virtual appliances provide deployment flexibility

Support multiple hypervisors and cloud environments− VMware

− Citrix XenServer

− IBM PureApplication System (x86 nodes)

− IBM PureApplication Service on SoftLayer (x86 nodes)

− IBM SoftLayer bare metal instances using supported hypervisors

VirtualPhysical

Purpose-built hardware provides physical security

• Sealed, tamper-evident case

• No usable USB, VGA, other ports

• Intrusion detection switch

• Trusted Platform Module

• Encrypted flash drive

• FIPS 140-2 level 3 Hardware Security Module (option) for secure storage of private keys

Hardened firmware provides platform security for physical & virtual gateways

• Single signed and encrypted firmware by IBM

• No arbitrary software

• Optimized, embedded operating system

• High assurance, “locked-down” configuration

• Key materials are not exportable from the appliance *

Enterprise grade security requires a secure platform

DataPower gateway functionality in virtual appliance form factor to rapidly secure, integrate, control & optimize access to Mobile, API, Web, SOA & B2B workloads in hypervisor & clouds platforms

Use for development, test or production

Supports multiple hypervisor & cloud platforms VMware Citrix XenServer IBM PureApplication System W1500/W2500 IBM PureApplication Service on SoftLayer (x86) IBM SoftLayer bare metal instances on x86 nodes

Seamless configuration migration between physical

and virtual appliances

Utilizes the same industry-proven & purpose-built platform including an embedded, optimized DataPower Operating System, that powers the physical appliances

x86 Server

Delivers purpose-built, highly consumable Security & Integration Gateway functionality in virtual appliance form factor for cloud deployments

Virtual Edition

Deployment flexibility and elasticity – “Right size” the deployment, quickly deploy where needed, & rapidly scale

Workload isolation - Projects can use their own instances

Unbounded memory scalability - Memory can be added to instances without additional licensing

Low cost for Dev & Test environments - Developers & Non-Production versions include add-on software modules at no additional charge

Free disaster recovery - Warm or cold backup without additional licenses when licensed for Production

Flexible licensing and entitlement Sub-capacity licensing Monthly licensing option Entitlement to future product versions at no

additional charge with active maintenance (S&S)

x86 Server

Delivers purpose-built, highly consumable Security & Integration Gateway functionality in virtual appliance form factor for cloud deployments

Virtual Edition Benefits

• Used by 95% of top global insurances firms

• SaaS providers, ASPs, regulators, etc.

• Agencies and ministries• Defense and security organizations• Crown corporations

Insurance

Government

Banking

• Healthcare• Retailers• Utilities, Power, Oil and Gas• Telecom• Airlines• Others

Many, many, more

• Majority of the big US and European banks

• All of the big 5 Canadian banks• Numerous regional banks and credit

unions

Over 14 years of innovation & over 2,000 global installations

DataPower Gateways

DataPower’ing IBM Bluemix!!!• Security• Control• Filtering• Content-Based Routing• Load balancing• Monitoring and Logging

Mobile client

DataPowerDataPower

Bluemix Tooling

VM

Application Manager

Application Manager

AppAppAppApp

AppAppAppApp

ServiceServiceServiceService

ServiceServiceServiceService

Open StackOpen Stack

External Service

External ServiceExternal

ServicesExternal Services

Internet

Did you know?DataPower has been trusted to be the exclusive gateway

for Bluemix, IBM’s global Platform as a Service

Agenda




• API Management

• Integration


• B2B

14

Security & Optimization Gateway

DataPower security roles and objectives

• Protect data and other resources on the appliance and protected servers • System availability – Protect against unwanted access, denial of

service attacks, and other unwanted intrusion attempts from the network

– Only allow “valid” messages through • Identification and Authentication – Verify identity of network users

• Authorization – Protect data and other system resources

from unauthorized access

Protect data in the network using cryptographic security protocols

– Data End Point Authentication• Verify who the secure end point claims to be

– Data Origin Authentication• Verify that data was originated by claimed

sender– Message Integrity

• Verify contents were unchanged in transit – Data Confidentiality

• Conceal clear-text using encryption

IntranetIntranetDMZDMZInternetInternet

Mission-critical data

FIREWALL

FIREWALL

AuthenticationAuthorization

User Federation

z/OS RACF for User I&A

Authorization Cert/keys

Secure access to Web and legacy applications

Converged security enforcement

Rocksolid DataPower platform

Leverages enterprise security and policy managers

Applications and Systems

Silos of security & control are impeding business agility

DEVELOPERSPARTNERS CONSUMERS

EMPLOYEES

WEBMOBILEB2B SOA APIS

PARTNERS

DEVELOPERS

API GATEWAY

B2BGATEWAY

SOAGATEWAY

WEB ACCESS PROXY

MOBILE GATEWAY

Business Channels

Users

Security & Control

Solutions

z SystemMiddleware

ESBApplication

CLOUD

ALL

CLOUD GATEWAY

CONSUMERS

EMPLOYEES

Service

Applications and Systems

DEVELOPERSPARTNERS CONSUMERS

EMPLOYEES

WEBMOBILEB2B SOA APIS

PARTNERS

DEVELOPERS

Business Channels

Users

Security & Control

Solutions

z SystemMiddleware

ESBApplication

CLOUD

ALLCONSUMERS

EMPLOYEES

Service

IBM DataPower Gateway

Reduce cost + improve security & control with a single gateway

IBM Multi-channel gateway

ISAM for DataPower module provides the reverse proxy component that provides enforcement for Centralized user authentication & coarse-grained authorization Session management, & web SSO Context based access & mobile SSO Strong authentication including one-time password and multi-factor authentication

Leverage the combined capabilities of IBM DataPower Gateway and IBM Security Access Manager in a single, converged security and integration gateway

New in V7.1


Web Browsers and Portals

MobileWeb

Web 2.0 (AJAX)

NativeMobile

B2B HybridMobile

APISOA (Web Services)

App, Service & APIsecurity


ISAM Module

User access security

Traffic control & optimization

Connectivity &transformation

Security Gateway

New connection to target

Proxying and Enforcement• Terminate incoming connection

• Terminate transport-level security (SSL/TLS offload)

• Threat protection

• Enforce Service Level Agreement policies

• Inspect message content and filter (Schema validate)

• Enforce security policies on message content (Encrypt/decrypt, Verify/sign digital signatures)

• Authentication, Authorization, Auditing (AAA)

• Call out to virus checker

• Transform content & enrich message

• Translate security token

• Dynamically route based on content and load balance (Establish a new connection to pass results)

• Cache data on-box or in centralized, shared XC10 grid

Connection from client

ACL

Virus Scanner

Consumer

Provider

Web Service Request

Basic Auth, OAuth 2.0, WS-Security UNT, etc

Outside World Internal NetworkDMZ

HTTP(s)

HTML, JSON, XML, SOAPMME, DIME, MTOMXMLDSIG, XMLENC

WS-SecurityPolicy

WS-TrustSAML

OAuth 2.0

Internet

SaaS

Partner Apps

Browsers

Pro

toco

l Firew

all

Security Gateway

Packaged AppsProprietary Apps

Data

HTTP(s)ESB

Tivoli (TAM)MS Active Directory

Any LDAP, e.g. OracleCA SiteMinder

PDP (XACML, SAML, other)

Do

ma

in F

irewall

ACL

Security Gateway

InternalConsumer

Incoming access control; Threat protection

Outgoing access control; SAML injection etc

Internal Security

Web Service Request

SAML, LTPA, Kerberos

Protection of data plus XML & JSON threat protection

Use DataPower to help resolve PCI compliance issues Easily sign, verify, encrypt, decrypt any content Configurable XML Encryption and Digital Signatures

– Message-level, Field-level, Headers Security standards: OAuth, WS-Security, WS-Policy, WS-

SecurityPolicy, SAML, XACML, WS-Trust, …

Use WS-SecurityPolicy to define security requirements for your web services– DataPower natively consumes and enforces WS-SecurityPolicy statements

• Integrity & Confidentiality, SupportingTokens, Message/Transport Protection

Use XACML to define access and authorization policies for your web services– DataPower natively consumes and enforces XACML policies

• Resource-based Authorization• PEP, PDP

DataPower security is policy driven

XML Threat Protection• Entity Expansion/Recursion Attacks

• Public Key DoS

• XML Flood

• Resource Hijack

• Dictionary Attack

• Replay Attack

Message/Data Tampering

Message Snooping

XPath or SQL Injection

XML Encapsulation

XML Virus

…many others

JSON Threat Protection• Label - Value Pairs‒ Label String Length (characters)‒ Value String Length (characters)‒ Number Length (characters)

• Threat Protection‒ Maximum nesting depth (levels)‒ Maximum document size (bytes)

AAA : Authentication Authorization Auditing

ExtractIdentity

HTTP HeadersWS-Security TokensWS-SecureConversationWS-TrustKerberosX.509/SSLSAML AssertionIP AddressLTPA TokenHTML FormOAuthCustom

Authenticate

ExtractResource

URLXPathSOAP OperationHTTP OperationCustom

LDAP/Active DirectorySystem/z NSS (RACF, SAF)IBM Security Access ManagerKerberosWS-TrustNetegrity SiteMinderRADIUSSAMLLTPAVerify SignatureCustom

Authorize Audit &Post-Process

MapIdentity

MapResource

LDAP/ActiveDirectorySystem/z NSSIBM Security Access ManagerNetegrity SiteMinderSAMLXACMLOAuthCustom

Add WS-SecurityGenerate z/OS ICRX TokenGenerate KerberosGenerate SpnegoGenerate SAMLGenerate LTPAMap Tivoli Federated Identity

External Access Control Server or Onboard Identity Management Store

input output

Service Level Monitoring (SLM) to protect your services and applications from over-utilization and enforce quota• Frequency based on concurrency OR based on messages per time period• Take action when exceeding a custom threshold:– Notify (or log), Shape (or delay), Throttle (or reject)

Traffic Control / Rate Limiting

Retail Service ProviderSecurely expose services to consumers

Solution Implemented WebSphere DataPower to form the Web

services backbone Through content-based routing, security policy

enforcement & data encryption, DataPower ensures safe & efficient flow of confidential customer data

Integrated seamlessly into heterogeneous environment increasing interoperability & promoting reuse

Benefits Secure SOA on standards-based platform Easily reuse Web services throughout enterprise Boosts productivity of IT staff Substantially shorten time to market for new services

Challenge Consistent & secure delivery of online services to

partners that could be shared, integrated & flexible to meet specific needs

Web services infrastructure needed to support highly secure data routing with daily high volume & sensitive nature of information

Identity Mgmt

Self Balancing: Self balance across a cluster of appliances Replace front-end IP load balancer Enables connections to be preserved, without loss, during failover scenario

Dynamic and Intelligent Load Distribution to backend systems Replace backend load balancer

Auto-discovers application targets and distributes load using dynamic feedback mechanism

Topology learning for WAS ND and VE

Embedded On Demand Router for WAS ND environments

Provides several options for enabling Session Affinity

Cache application response data locally or in a caching grid (IBM DataPower XC10)**

Front-end IP load balancers

not needed

Self balancing

(IP spraying) Built-in cache

Dynamic back-side routing and load distribution (leveraging dynamic

information from back-ends)

Failure of target application endpoints are masked by

appropriate weighted distributionDataPower

Application Optimization

User

WAS Application

{ "Task" : "AddEntry", "Detail": "Create presentation materials." }

Hig

h L

oad

Scenario– JSON REST app to-do list

Issues– High server load– Slow response time

Slow Response

(>10s)

Public Enterprise

User

WAS Application

11

Imp

rov

ed L

oad

Public DMZ DataCenter

DataPower

Improve Server Load with SSL Offload1. Client requests are secured via DP SSL concentrator

Application Optimization Example

User

WAS Application

1

21

PUT /joe/todos HTTP/1.1Host: joe.orgContent-Type: application/jsonContent-Length: 69

{ "Task" : "AddEntry", "Detail": “Waste time." }

Imp

rov

ed

Lo

ad

DataPower

Manage Traffic with Application Fluency2. DataPower enables application aware traffic management

User

WAS Application

311

Imp

rov

ed L

oad

ImprovedResponse

Time

DataPower

Distribute Load Intelligently3. Application Optimization effects load distribution intelligence Leverage dynamic runtime conditions to distribute based on topology & workload

2


REST

Cache at the edge(s)4. Application results are cached at the edge using XC10 caching grid OR locally on-box

User

WAS Application

3

4

1

21

DataPower

DataPower XC10

Lo

w L

oa

d

Fast Response

• Faster application response time

• Lower server load

• Improved system throughput


REST

Using XC10 As a Side Cache For DataPower

User

1

5

3

2 4

Client

Provider

1. Client submits application request.

2. DataPower XI parses request and queries XC10. On a hit, skip to step 5.

3. On a miss, XI forwards request to target Provider.

4. XI adds application response to XC10.

5. Client receives response from XI. Easily integrates into the existing business process

– No code changes to the client or back-end application– Simply add the side cache mediation

Significantly reduces the load on the back-end system by eliminating redundant requests

Improve client observed response time

ImprovedResponse

Time

Imp

rov

ed L

oad

DataPower XC10

DataPower XI AppliancesLarge Response Time

DataPower Gateway + XC10: Travel and Transportation

Online Reservations Reservations System

– Before: 3-5 sec response time – After: .01 -.05 sec response time– Caching service requests– Improved the average response time of the Global

Distribution System requests for Fare Availability and Category Availability

– 52% caching rate – 10 minute cache resulted in 40% reduction in load on the

back-end systems– Maintained high data integrity. Faster responses were

also accurate– POC in 3.5 hrs

100x performance improvement

Improved reliability and scalability of reservation channels

Reduced traffic to backend systems

Deliver high performance & consistent response times

Scale with simplicity and lower TCO

Agenda




• API Management

• Integration


• B2B

31

Mobile Connectivity

• How to protect your back-end systems from harmful workloads and unauthorized mobile users & apps?

• How to limit & shape mobile traffic based on service level agreements, and route based on message content?

• How to convert mobile payloads, bridge transports and connect to existing services at wire-speed?

• How to improve response time, reduce load on backend systems and intelligently distribute load?

Key Mobile-specific Application & API issues?

Secure

Control

Integrate

Optimize

Key Mobile-specific Application & API issues?

SSL OffloadThreat Protection

Rate Limiting / SLA EnforcementValidation, Filtering

AuthenticationAuthorization

Context-based AccessMobile SS0

Security Token TranslationMessage TransformationContent-Based Routing

Intelligent Load DistributionResponse Caching

Middleware / ESB, Legacy Apps

Apps, Services


ISAM Module

/apimanagement

Native, Hybrid, Mobile Web

Rapidly Connect Mobile Apps with Enterprise ServicesSecurely expose enterprise data & APIs to Mobile Apps while optimizing delivery

• DataPower appliance with ISAM module for security enforcement, traffic control & management, application acceleration, transport bridging & message transformation

• ISAM for Mobile as decision point for context based access (CBA), mobile SSO, strong authentication including one-time password (OTP) & multi-factor authentication (MFA)

Mobile Gateway solution for on-premise and cloud

ISAM for Mobile

ISAM for Mobile

Rapidly deliver secure integration & optimized access for enterprise mobile applications

DataPower Gateway(Security Enforcement Point)

ISAM Module

Apps, Services, Middleware,

(Security Decision Point)

z System

Closer look at some Mobile Connectivity scenarios

REST Proxy

Provider

JSON / XML / SOAPREST

JSON or XML / HTTP(s)

Mobile Consumer

SSL offload

Enforcement point for centralized security policies– Authentication, Authorization, OAuth 2.0, Audit– Threat protection for XML and JSON– Message validation and filtering

Centralized management and monitoring point– Traffic control / Rate limiting

Routing / Intelligent load distribution to Provider

RESTful façade to non-REST Provider

REST Service Gateway for Mobile Apps

Provider

HTTP(s) GETHTTP(s) GET

JSON or HTML/XHTML

Mobile Consumer

XML

Application Acceleration for Mobile Apps

Offload heavy lifting of message transformation from the Provider

Transform to a format best suited for the requesting Mobile App– JSON for native/hybrid app– HTML/XHTML for browser based



Cache response data from Provider– Locally on the appliance– Externally to elastic caching XC10

Sportsbet leverages IBM DataPower appliances to drive mobile business growth

ChallengesBusiness-Increase demand for mobile services while bolstering security & cost optimization

IT- Securely integrate mobile apps with e-commerce platform & APIs to address performance, capacity management & decoupling front-end apps from back-end business logic

SolutionIBM DataPower appliance XG45 as a mobile security & integration gateway

BenefitsTime to value- Rapid implementation enabled the business to quickly integrate the middle layer in just 2 weeks vs. 2 months with a competitor’s product

Performance - Processed ~4000 transactions per minute increasing performance 4X

Security & Agility- Separation of concern between consumer applications & core e-commerce system, through security, translation & transformation logic in the gateway

- Enterprise Architecture Manager, Sportsbet

“DataPower forms our mobile middle layer & our API infrastructure for all future consumer apps”

ChallengesBusiness- Grow mobile revenue while protecting customer privacy and optimizing costs

IT- Integrate mobile devices, addressing security, speed, scalability and optimization of demand on existing application infrastructure

BenefitsTime to value- Drop-in rack-ready solution for rapid deployment enables the business to quickly launch a new mobile device within a month

Scale on demand- 50 billion transactions/month for external ad gateway- 1 billion transactions/month for internal users

Solution- IBM DataPower Integration Appliance XI52 as a security & integration gateway for external and internal use- IBM DataPower Caching Appliance XC10 as a side cache to increase customer responsiveness

Sprint leverages IBM DataPower appliances to rapidly & securely grow mobile revenue

Agenda




• API Management

• Integration


• B2B

39

API Management

Explore API documentation

Provision application keys

Self-service experience

Developer Portal API Manager Management Console

Define and manage APIs

Explore API usage with analytics

Manage API user communities

Provision system resources

Monitor runtime health

Scale the environment

API Gateway (IBM DataPower)

Enforce runtime policies to control API traffic

IBM API Management: One Integrated Platformdesign, secure, control, publish, monitor & manage APIs

Consumer (Systems of

Engagement)

Provider (Systems of

Record)

API Management Solution

Partner App Developer

APIAPI

API

API Gateway(DataPower)

Developer PortalSyndication

Creation & AssemblyPolicy Management

Monitoring & AnalyticsSecurity & Control

Lifecycle Mgmt & Governance

External App Developer

Mobile & Web Apps

Internal App Developer

App / API Provider, Middleware, Datastore,

z System

On-premise OR Cloud

Business Partner Apps

Enterprise Internal Apps

API Management

Business ChallengeBusiness Challenge Accelerate end-to-end mobile application development Reduce time to configure and manage software, prepare test

environments Enhanced analytics on the usage of their services Increased performance to handle peak seasonal volumes

Business Challenge Accelerate end-to-end mobile application development Reduce time to configure and manage software, prepare test

environments Enhanced analytics on the usage of their services Increased performance to handle peak seasonal volumes

SolutionIBM API Management, DataPower, Worklight, PureSystems SolutionIBM API Management, DataPower, Worklight, PureSystems

Business Value Enhanced user experience enabling quick access to customer

information using OAuth authentication replacing custom security solution

Ability to access backend data through DataPower/API Management using RESTful services

Easily handle traffic spikes, enabling easier capacity planning

Business Value Enhanced user experience enabling quick access to customer

information using OAuth authentication replacing custom security solution

Ability to access backend data through DataPower/API Management using RESTful services

Easily handle traffic spikes, enabling easier capacity planning

$Large Financial institution provides secure mobile access to customer information

Business Challenge Difficult for internal partners and developers to

discover & access key financial services Lacked a standard ecosystem to manage internal

partners including global credit card companies and merchants

No visibility on Service consumption or ability to chargeback for LoB use of Services


discover & access key financial services Lacked a standard ecosystem to manage internal

partners including global credit card companies and merchants

No visibility on Service consumption or ability to chargeback for LoB use of Services

Example Apps

SolutionIBM API Management & DataPowerSolutionIBM API Management & DataPowerBusiness Value Offers 3rd party merchants secure standards-based

access to key business services as APIs, with a self-service experience

Provides an internal ecosystem for partners and a central repository with usage analytics

Drives innovation for Mobile application development

Business Value Offers 3rd party merchants secure standards-based




$Leading Global Commercial Bank provides easy & secure access to key financial services

Business Challenge

Business Challenge External business partners retrieve flight information by

scraping the company’s website Unauthorized access to full flight information , with no usage

analytics Delays in updating website – difficult for authorized partner to

test changes REST-based API had just been built but security was not in

place

Business Challenge External business partners retrieve flight information by

scraping the company’s website Unauthorized access to full flight information , with no usage

analytics Delays in updating website – difficult for authorized partner to

test changes REST-based API had just been built but security was not in

place

SolutionIBM API Management & DataPowerSolutionIBM API Management & DataPower

Business Value Easily and securely connect company Website to new APIs,

saving cost of building OAuth based secure access Enable secure exposure of APIs to External Business

Partners, saving the implementation cost of building a developer support infrastructure with access management

Ability to leverage existing investment in IBM DataPower gateway and internal team skillset

Enable secure Mobile app integration with Enterprise APIs

Business Value Easily and securely connect company Website to new APIs,

saving cost of building OAuth based secure access Enable secure exposure of APIs to External Business

Partners, saving the implementation cost of building a developer support infrastructure with access management

Ability to leverage existing investment in IBM DataPower gateway and internal team skillset

Enable secure Mobile app integration with Enterprise APIs

Large Airline in North America provides authorized access to flight services

Business Challenge Offer innovative connectivity services to customers,

improve the driver experience, improve safety, and create new revenue sources

Improve driving conditions with driver profiling, eco-driving, fleet management, reduce accident risk

Collect data to monetize them for partners

Business Challenge Offer innovative connectivity services to customers,

improve the driver experience, improve safety, and create new revenue sources

Improve driving conditions with driver profiling, eco-driving, fleet management, reduce accident risk

Collect data to monetize them for partners

SolutionIBM API Management, DataPower & MessageSightSolutionIBM API Management, DataPower & MessageSight

Business Value “Always connected” low-latency reliable

communications with the car systems/apps and customer mobile apps

Vehicle data APIs published on secure developer portal

Internal & external developers use vehicle data to develop mobile applications


Business Value “Always connected” low-latency reliable

communications with the car systems/apps and customer mobile apps

Vehicle data APIs published on secure developer portal

Internal & external developers use vehicle data to develop mobile applications


Leading European Auto Manufacturer provides innovative vehicle connectivity with IBM API Management

Business ChallengeBusiness Challenge Difficult for internal partners and developers to

discover & access key retail services Leverage mobility as a revenue stream and manage

internal and external business partners No visibility on Service consumption or ability to

chargeback for LoB use of Services


discover & access key retail services Leverage mobility as a revenue stream and manage

internal and external business partners No visibility on Service consumption or ability to

chargeback for LoB use of Services

SolutionIBM API Management & DataPower SolutionIBM API Management & DataPower









Leading Retailer in North America provides easy & secure access to retail services

Agenda




• API Management

• Integration


• B2B

48

Enterprise Integration

Integration

• Dynamically route based on any message content• Attributes such as the originating IP, requested URL, protocol headers, etc.• Data within the message such as SOAP Headers, XML, Non-XML content, etc.

• Query a repository for routing information• WebSphere Service Registry & Repository, XML files, Databases, Web Servers

Content-Based Routing

Service Providers

UnclassifiedRequests

Transform the message format with ultimate flexibility– Leverage WebSphere Transformation Extender for data mapping

Any-To-Any Message Transformation

<XML/> TEXT binary

Input Message

Output Message

<XML/> TEXT binary

? ?

WebSphere TX Design Studio

IntegrationTransport Protocol Translation Integrate disparate transport protocols with extreme ease

– No dependencies between inbound “front-side” and outbound “back-side”– Examples: HTTP(s), WebSphere MQ, WebSphere MQ FTE, WebSphere JMS, Tibco

EMS, SFTP, FTP(s), NFS, IMS, Database (DB2, Oracle, Sybase, SQL Server)

Support synchronous, asynchronous, pub-sub, assured-delivery, once-and-only once message patterns

HTTP(s)

FTP(s)

SFTP

WebSphereMQ, MQ FTE

WebSphereJMS

DatabaseDB2, SQL Server, Oracle, Sybase,

TIBCO EMS

IMS NFS

Integration

ConsumerProvider

SOAP / HTTP(s)

MQ Queue Manager

Cobol / MQ

Format & transport bridging

Message Format & Transport Protocol Mediation Example

Outside World Internal NetworkDMZ

Protocol Firewall

HTTP(s)FTP(s)

SFTP(SSH)WMQ(s)WS JMS

TIBCO EMS

ODBC

Domain Firewall

ACL

DB

LDAP


Data


Data

Internet

JMSEMS

FTP NFS


Data


Data


Data

DataPowerGateway

HTTPWMQ

IMS Connect

Enhanced Security

DMZ

SaaS

Partner Apps

Browsers

• Content based routing• Message enrichment• Message transformation• Transport protocol translation

• AAA, Threat protection• Message validation & filtering• Traffic control / Rate limiting

Integration Scenario• Intelligent content based routing• Intelligent load distribution• Local and distributed caching

Core Services

Core Data

UK Government AgencyEnables integration capabilities using DataPower

Solution DataPower in key network zones within and outside of

the department Thorough content-based validation, routing, and security

policy enforcement Integrated seamlessly into heterogeneous environment

increasing interoperability & promoting reuse

Benefits Ease of integration Security assurance of the architecture Secure SOA on standards-based platform Consistent experience and policy for all users

Challenge Data held in the back-end systems vital to delivering

citizen services, fraud detection across various layers of the Governments across the EU

Vulnerable back-end services Security Capacity/ SLA

Consistent usability experience for internal or external service consumers

Integration Layer

Government network

Other EU Countries

Other UK Departments

Internal Users

54

Security & Integration Scenario – Financial Firm

Centralized Service Governance & Policy Enforcement

Complete SOA Governance solution• WSRR for web service life-cycle policy management• DataPower for web service run-time policy enforcement

Use WebSphere Service Registry & Repository (WSRR) to store, publish, and govern your web services

– DataPower can subscribe or poll web services information from WSRR Automatically expose services and policies in DataPower via WSRR subscription

– Include WS-Policy, WS-Security Policy statements via WS-PolicyAttachment– Retrieve WSDLs by specific version number

Dynamically retrieve run-time routing information from WSRR

WSRR (Policy Administration Point)

Consumer Service

Message

Message

Message

Message

ITCAM for SOA

(Policy Monitoring

Point)

Discover Services & Policy

Monitor Services

DataPower (Policy Enforcement Point)

Centralized transaction monitoring– ITCAM for SOA

Support for UDDI v2 and v3 for UDDI registries

Agenda




• API Management

• Integration


• B2B

56

Mainframe integration & enablement

Broad integration with System z

Client

SOAP/HTTP

SOAP/HTTPCCB / MQ

IMS SOAP Gateway

WAS+IMS connector

Dat

aPo

wer

IMS

OTMA

IMS

Ap

plicat io

n

MQ

Server

MQBrdg

• Connect to existing applications over WebSphere MQ, HTTP• Transform XML to/from COBOL Copybook for legacy needs• Integrate with RACF security from DataPower AAA• Dynamic crypto material retrieval & caching, or offload crypto ops to z• Connect to IMS

• Via IMS Connect client• Via Web Services• Via WebSphere MQ• Via IMS DB• Connect from IMS via “Callout”

• Connect to CICS• Via WebSphere MQ• Via Web Service

• Connect to DB2• Via Web Service• Via direct ODBC call with ODBC Client option

DRDA

DB2

• IMS Callout feature allows IMS transactions to easily consume external web services via DataPower, with minimal application updates required

Enhanced value for System z & IMS

IMS DB feature supports DataPower integration with IMS database through SQL interface‒ Enrich messages with database content‒ Expose data as a service to remote applications

Client

SOAP / REST

DataPower

DRDA

IMSOTMA

App1IMSConnect

App2

Service Provider

SOAP / REST

DataPower

TCP/IP

Service Consumer

IMS Callout

Core banking platform on Z

An Irish BankEnabling retail banking

Solution DataPower in trusted network exposed services for XML/

HTTP(S) and protocol bridging to WebSphere MQ Message validation and transformation using

WebSphere Transformation Extender (WTX)

Benefits Retail application acceleration through transformations

and caching Optimized platform for handling, parsing and processing

payloads

Challenge Retail application contained 7000 screens; slow

response times over dedicated proprietary network. Cost of processing XML on the mainframe. Message transformation needed before the core banking

platform could process requests.

DataPower

Q

Branch Network

Q Q Q Q

Branch Application (web based)

Customer & Product related application and systems on Z

High Street Clothing and Fashion Accessories RetailerIncrease customer interaction and loyalty

Solution DataPower acted as a reverse proxy for:

Outbound messages via a service provider Inbound customer updates/ delivery notifications

Transform SOAP/ XML payload to COBOL copybook messages for CICS application

Benefits Create customer interaction and value through innovative

business strategy. Integrate various suppliers using standards based

interfaces securely. Graphical configuration driven appliance; short learning

curve

Challenge Highly competitive industry; first mover advantage Weak customer loyalty Multi channel customer experience Complex supply chain and service providers

DataPower

Q

Open Internet

Q

IMS Integration Web Services Security and Management for IMS Web Services

• Content-based Message Routing

• Protocol Bridging (HTTP, MQ, JMS, FTP, etc.)

• XML/SOAP Firewall

• Data Validation

• Field Level Security

• XML Web Services Access Control/AAA

• Web Services Management

Client

SOAP / REST

SOAP/HTTPIMS SOAP Gateway

WAS+IMS connector

Dat

aPo

wer

Dat

aPo

wer

IMS Integration Web Services Enablement for IMS-based Services

IMS

OTMA

IMS

Ap

pl icatio

n

MQ

Serv er

MQBrdg

DataPower provides WS-enablement to IMS applications

User codes schema-dependent WTX data map to perform request/response mapping

Requires WebSphere MQ for z/OS – MQ bridge to access IMS– MQ connectivity is embedded in DataPower

CCB / MQ

Client

SOAP / REST

Dat

aPo

wer

IMS Integration Web Services Enablement for IMS-based Services (cont’d)

CCB / TCP

Client

SOAP / REST

IMS

OTMA

Appl1IMS

Connect

Appl2

Appl3

IMS

OTMA

Appl4

Appl5

Appl6

User exit

(e.g.. HWSSM

PL0)

DataPower provides WS-enablement to IMS applications


“IMS Connect Client” (back-side handler) natively connects to IMS Connect using its custom request/response protocol

Dat

aPo

wer

IMS IntegrationIMS Connect Reverse Proxy

CCB / TCPClient

IMS Connect TCP

IMS

OTMA

Appl1IMS

Connect

Appl2

Appl3

IMS

OTMA

Appl4

Appl5

Appl6

User exit

(e.g.. HWSSM

PL0)

Bring DataPower value add to standard IMS connect usage patterns

Provide an “IMS Connect Client” on DataPower that natively connects to IMS Connect

Provide an “IMS Connect Server” on DataPower that accepts IMS Connect client connections and provides an intermediation framework that leverages DataPower

– Enables authentication checks, authorization, logging, SLM, transformation, route, DB look-up, SSL offload, etc.

Dat

aPo

wer

DB2 Integration“Information as a Service”

DRDA

Client

SOAP / REST

DataPower provides a standard WS façade to DB/2– Common tool (IBM Data Studio 1.2+) to generate WSDL and data mapping in both Data Web

Services runtime and DataPower– SOAP call is mapped to an ODBC (DRDA) invocation

Exposes database content (information) as a service

Leverages extensive Web Services security and management capabilities of DataPower to more securely expose critical data to the enterprise

DB2

CICS IntegrationWeb Services Security and Management for CICS Web Services

• Content-based Message Routing

• Protocol Bridging (HTTP, MQ, JMS, FTP, etc.)

• XML/SOAP Firewall

• Data Validation

• Field Level Security

• XML Web Services Access Control/AAA

• Web Services Management

• Support CICS ID propagation

Client

SOAP / RESTSOAP/HTTP

CICS Web Services

WAS+CICS connector

Dat

aPo

wer

Dat

aPo

wer

CICS IntegrationWeb Services Enablement for CICS Applications

DataPower provides WS-enablement to CICS applications


Requires WebSphere MQ for z/OS – MQ bridge to access CICS– MQ connectivity is embedded in DataPower

CCB / MQ

Client

SOAP / REST

CIC

S

CIC

S A

pp

lication

MQ

Serv er

CICSBrdg

Agenda




• API Management

• Integration


• B2B

69

B2B integration

DataPower B2B FunctionalityExtend beyond the enterprise to integrate with partners

• B2B Gateway Service• AS1, AS2, AS3 and ebMS v2.0• Plaintext email support• EDI, XML and Binary Payload routing• Front Side Protocol Handlers • Hard Drive Archive/Purge policy• CPA and Partner Profile Associations• MQ File Transfer Edition integration

• Trading Partner Profiles • Two Types – Internal and External• ebXML CPPA v2.0• Multiple Business IDs• Multiple Destinations (URL Openers)• Certificate Management (S/MIME Security)• Multi-step processing policy

• B2B Viewer• B2B transaction viewing• MQ FTE transaction viewing• Transaction resend capabilities• Transaction and Acknowledgement correlation• Role based access

• Persistent Storage• AES Encrypted B2B document storage • Option for Off-Box Storage (NFS)

• Transaction Store• B2B metadata storage• B2B state management

DataPower

B2B Gateway Service

Partner ConnectionFront Side Handlers

Internal PartnerDestinations

IntegrationFront Side Handlers

External PartnerDestinations

B2B Viewer

MetadataStore(DB)

DocumentStore(HDD)

PartnerProfiles

UK Logistics and Distribution

BenefitsCreate customer interaction and value through innovative business strategy.Integrate various suppliers using standards based interfaces securely.Graphical configuration driven appliance; short learning curve

Challenge AS2, File and Web Services based interfaces to 100s of B2B customers. Messages are exchanged at least once a day Secure proxy solution in the DMZ Complex incumbent supplier chain

Health Insurance Provider

Smarter Business Outcomes: Reliable and secure routing of customer sensitive data Easy to use and maintain; no additional skill needed XML Messages with attachments are authenticated, authorized,

and virus scanned

Industry Pains: HIPAA Security requirements

for transporting data over the Internet

HL7 v3.0 XML threat protection Complexity of B2B for

healthcare

Secure appliance form factor providing secure connections to trading partners, advanced threat protection and reliable file delivery of

confidential medical information

Value of DataPower B2B Appliances for Extending Connectivity?

Internet

EDIINT Flow: Simple AS2 transaction flowwith Transform

Application

Browser

Application

EDI XMLAS2(EDI)

AS2(MDN)

B2B Hub

Partner BPartner A

XB62

AS2 ProcessB2B

Gateway Service

TransactionViewer

Note: This flow works the same for any AS protocol as well as for ebMS B2B messages.

Data Store

4

3a

3b 21

5

Internet

Web Services bridged to AS2 File Transfer Pattern

WS Client

Browser

Flat

B2B Hub

Partner BPartner A

XB62

Web Service Process

Web ServiceProxy

TransactionViewer

B2B Gateway Service

AS2

Pre-ProcessFlat

SOAP

Note: A Multi-Protocol Gateway Service can also be used to support this flow as well as receiving and sending data over any of the 16 supported protocol handlers. When Services are tied together in front of or behind a B2B Gateway Service they are handled like pre and post processes.

Data Store

7

4

5

6

3 2

1

Internet

MQ FTE Integration PatternInbound File to Message

Browser (LOB User)

XB60

Trad

ing

Partn

er

XB62

B2B Gateway Service

TransactionViewer

ProfileMgmt

Data Store

Browser (Admin)

Browser (Partner view)

Server

SourceAgent

Data Store

Applications

Enterprise

TargetAgent

MQFTENetwork

Queue Manager

Queue Manager

Queue ManagerQueue

Manager

MQ Explorer

DB Logger

(DB2 or Oracle)

1 4

2a

3

6

5

2

Browser

B2B Gateway Service

WebSphere DataPower B2B Appliance

Applications

TransactionViewer

Collaboration Partner Agreement Entries

Internal Collaboration Partner Profile

External Collaboration Partner Profile

CPAId / Collaboration

Collaboration ProtocolAgreement Entry




External Partners

Internet ebMS(Ack)

ebMS (ebXML))

ebXML

5

4

3 2

1

DMZ

Secured Network

Public Network

Collaboration Partner Agreement Entries




ebXML with CPPA Pattern

B2B Hub

AS2 Process

HealthcareApplications

Partner BHospital

Internet

AS2 (HL7 V3)

AS2/MDN

B2B Appliance

B2B GatewayService

Profiles

Internal ProfileRegionalCenter

Validate XML andTransform to anyV.2.x format

External ProfileHospital

TransactionViewer

HealthcareApplicationsH

L7

V3

Partner ARegional Healthcare Center

Any TransportHL7 V2.x

Any TransportHL7 V3.x

5

4

3

21

6

Health Level 7 3.x to 2.x Transform Pattern

Securing HL7 over the Internet with Integration to the WebSphere Healthcare Connectivity Pack

Trading P

artne r

XB62

B2B Gateway Service

TransactionViewer

ProfileMgmt

Data Store

Browser (Admin)

Browser (Partner view)

Clinical Trials System

WebSphere Healthcare Connectivity Pack

Healthcare Provider

Internet1

2a

3

5

2WebSphere

MQ

Patient Administration

System

Billing System

4AS2

(HL7))

AS2 (MDN))

HL7/MQ

HL7/MLLP

HL7/MLLP

XML/HTTP

Pharmacy

HL7/MLLP

Resources

Repository of DataPower related tools & collateral Open source Community driven: Use, collaborate, contribute http://ibm-datapower.github.io/

DataPower Configuration Manager Tool for DataPower configuration management & migration Standalone command line or IBM UrbanCode Deploy plugin https://github.com/ibm-datapower/datapower-configuration-manager https://github.com/ibm-datapower/datapower-configuration-manager/wiki/Easy-On-Ramp

DPXMLSH Bash script / shell library for working with DataPower’s XML Management interface Interactive & scripted use https://github.com/ibm-datapower/datapower-xml-shell

DataPower On GitHub

LinkedInIBM DataPower Gateway Group

LinkedInIBM DataPower Gateway Group

• YouTube Channel: IBM DataPower Gateways• Slideshare: IBM DataPower Gateway• Twitter: @IBMGateways• LinkedIn Group: IBM DataPower Gateway • developerWorks blog: IBM DataPower Gateway• GitHub: IBM DataPower Gateway• Online User Forum• Product page on ibm.com• Product documentation

Getting Social with IBM DataPower Gateways

Available Now: DataPower Handbook, Second Edition, Volume 1

Known as the ‘bible’ of DataPower planning, implementation, and usage.

New content to cover previous six years of new products/features, including 9006/7.1!

Volume 1 consists of Chap 1 DataPower Intro, Chap 2 Setup Guide, new Preface and two invaluable new appendices for physical and virtual appliances.

Available in softcover and e-book formats

Notices and DisclaimersCopyright © 2015 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM.

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM.

Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGE ARISING FROM THE USE OF THIS INFORMATION, INCLUDING BUT NOT LIMITED TO, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF PROFIT OR LOSS OF OPPORTUNITY. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided.

Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice.

Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary.

References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business.

Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation.

It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law.

Notices and Disclaimers (con’t)

Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right.

•IBM, the IBM logo, ibm.com, Bluemix, Blueworks Live, CICS, Clearcase, DOORS®, Enterprise Document Management System™, Global Business Services ®, Global Technology Services ®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, SoDA, SPSS, StoredIQ, Tivoli®, Trusteer®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.

Thank YouYour Feedback is

Important!

Access the InterConnect 2015 Conference CONNECT Attendee Portal to complete your session surveys from your smartphone,

laptop or conference kiosk.

BACKUP

Simple Architecture: Purpose-built firmware + hardware

Complete gateway platform delivered as firmware

Guiding philosophy is to centralize common security, integration, control, traffic management, acceleration functions and optimize them in a security-hardened gateway appliance

Simple and Secure Architecture

Display Ports

database

configApp

Server

config

Apache HTTPD

config

JVM

config

Proprietary Software

config

Linux Daemons

configJSP

Engineglibclibxml

Full Linux OS(including shells and user accounts)

config

Bootable CDROM

Drive

Bootable USB Ports

Hardware

Commodity Gateways

config

Hardware

DataPower Gateway PlatformDigitally Signed and Encrypted

Firmware

FlashMemory

Crypto Acceleration

IBM Optimized Embedded Operating Environment

Purpose-built Gateways

89

Configuration-driven approach speeds time to market

• Enforce security standards with zero coding• Uses intuitive pipeline message processing• Import/export configurations between

environments• Transaction probe shows message content

between actions for debugging

89

CapabilitiesRapidly deliver secure integration & optimized access for a full range of workloads

• Secure & protect your back-end systems from harmful workloads and unauthorized users & apps

• Convert payloads, bridge transports and connect to existing services at wire-speed

• Limit & shape traffic based on service level agreements, and route based on message content

• Improve response times, reduce load on backend systems and intelligently distribute load

Secure

Control

Integrate

Optimize

Before DataPower Gateway After DataPower Gateway

Control

Integrate

Optimize

SecureConsumer

Consumer

Consumer

Consumer

SSL OffloadThreat Protection

Rate Limiting / SLA EnforcementValidation, Filtering

Authentication, AuthorizationContext-based Access, Mobile SS0

Security Token TranslationMessage TransformationContent-Based Routing

Intelligent Load DistributionResponse Caching

Connect Mobile Apps with Enterprise ServicesSecurely expose enterprise systems & APIs to Mobile Apps while optimizing delivery

• Data format & language– JavaScript‒ JSON ‒ JSON Schema ‒ JSONiq ‒ REST ‒ SOAP 1.1, 1.2 ‒ WSDL 1.1 ‒ XML 1.0 ‒ XML Schema 1.0 ‒ XPath 1.0 ‒ XPath 2.0 (XQuery only) ‒ XSLT 1.0 ‒ XQuery 1.0

• Security policy enforcement‒ OAuth 2.0 ‒ SAML 1.0, 1.1 and 2.0, SAML Token

Profile, SAML queries ‒ XACML 2.0 ‒ Kerberos (including S4U2Self, S4U2Proxy)‒ SPNEGO ‒ RADIUS‒ RSA SecurID OTP using RADIUS ‒ LDAP versions 2 and 3 ‒ Lightweight Third-Party Authentication‒ Microsoft Active Directory ‒ FIPS 140-2 Level 3 (w/ optional HSM)‒ FIPS 140-2 Level 1 (w/ certified crypto module) ‒ SAF & IBM RACF® integration with z/OS ‒ Internet Content Adaptation Protocol‒ W3C XML Encryption ‒ W3C XML Signature ‒ S/MIME encryption and digital signature ‒ WS-Security 1.0, 1.1 ‒ WS-I Basic Security Profile 1.0, 1.1 ‒ WS-SecurityPolicy ‒ WS-SecureConversation 1.3

DataPower Gateway: Supported standards & protocols• Transport & connectivity– HTTP, HTTPS, WebSocket Proxy– FTP, FTPS, SFTP – WebSphere MQ– WebSphere MQ File Transfer Edition – TIBCO EMS – WebSphere Java Message Service– IBM IMS Connect, & IMS Callout– NFS – AS1, AS2, AS3, ebMS 2.0, CPPA 2.0,

POP, SMTP (XB62) – DB2, Microsoft SQL Server, Oracle,

Sybase, IMS

• Transport Layer Security ‒ TLS versions 1.0, 1.1, and 1.2‒ SSL versions 2 and 3

• Public key infrastructure (PKI)‒ RSA, 3DES, DES, AES, SHA, X.509,

CRLs, OCSP ‒ PKCS#1, PKCS#5, PKCS#7, PKCS#8,

PKCS#10, PKCS#12‒ XKMS for integration with Tivoli Security

Policy Manager (TSPM)

• Management‒ Simple Network Management Protocol‒ SYSLOG ‒ IPv4, IPv6

• Open File Formats‒ Distributed Management Task Force

(DMTF) Open Virtualization Format (OVF)

‒ Virtual Machine Disk Format (VMDK)‒ Virtual Hard Disk (VHD)

Link to Product Documentation

• Web services– WS-I Basic Profile 1.0, 1.1 – WS-I Simple SOAP Basic Profile – WS-Policy Framework – WS-Policy 1.2, 1.5 – WS-Trust 1.3 – WS-Addressing – WS-Enumeration – WS-Eventing – WS-Notification – Web Services Distributed Management– WS-Management – WS-I Attachments Profile – SOAP Attachment Feature 1.2 – SOAP with Attachments (SwA) – Direct Internet Message Encapsulation– Multipurpose Internet Mail Extensions– XML-binary Optimized Packaging (XOP) – Message Transmission Optimization

Mechanism (MTOM) – WS-MediationPolicy (IBM standard) – Universal Description, Discovery, and

Integration (UDDI versions 2 and 3), UDDI version 3 subscription

– WebSphere Service Registry and Repository (WSRR)

93

20002001

2002

20032004

20052006

20072008

20092010

2011

Gigabit/SecHW Solution

Acquisition

ITCAM for SOA(Transaction Monitoring)

Model 9235(aka 9004)

Model 7993(aka 9003)

WebSphereTransformation Extender

XA35

XS40

XI50

XB60

2012

XG45,XI52 & XB62

XI50B Blade

WebSphere Appliance Management Center

Optimized Interpreter and

Compiler

OptimizedHardware

Acceleration

20132014

Application Optimization(Self-Balancing & Intelligent

Load Distribution)

XI50z Blade

Virtual Edition(VMware)

Virtual Edition(PureApplication System)

Virtual Edition(for Developers + XenServer)

Optimized & secure JavaScript

Over 14 years of innovation & 2000+ global installations

Data power use cases

Documents

Transcript of Data power use cases