DataPowerPOC

DataPower XML Integration Appliance XI50


Product profile

A 1U (1.75" thick) rack-mountable network device capable of transforming between disparate message formats, including binary, legacy, and XML, and providing message routing and security. XI50 can be used for cost-effective XML enablement of mainframes, wirespeed enterprise message buses, and enterprise application integration.


Overview

IBM SOA appliances are purpose-built, easy-to-deploy network devices that simplify, help secure, and accelerate your XML and Web services deployments while extending your SOA infrastructure. These new appliances offer an innovative, pragmatic approach to harness the power of SOA while simultaneously enabling you to leverage the value of your existing application, security, and networking infrastructure investments.


Overview

WebSphere DataPower SOA Appliances - Helps you simplify, secure, and accelerate your XML and Web services deployments while extending your SOA infrastructure. There are 3 types of appliances:

WebSphere DataPower Integration Appliance XI50 - XI50 can be used for cost-effective XML enablement of mainframes, wirespeed enterprise message buses, and enterprise application integration.

WebSphere DataPower XML Security Gateway XS40 - Purpose-built by some of the world's top XML experts to help secure XML and Web services transactions

WebSphere DataPower XML Accelerator XA35 - Helps offload overtaxed servers by processing XML, XSD, XPath and XSLT at wirespeed


Overview


Key Features & Benefits• Acceleration of existing integration hubs.

• Mainframe modernization and Web services

• Appliance simplicity

• Any-to-any transformation

• Integrated message level security

• Sophisticated multi-step message routing, filtering, and processing

• Multiple synchronous and asynchronous transport protocols

• Detailed logging and audit trail

• Standards-based interfaces

• Agile, highly flexible underlying scripting/configuration support


Key Features & Benefits• XML enablement and wirespeed application integration

• Metadata-based integration

• Security and performance


Enhance Features for version 3.6.1• Configuration checkpoints• Conformance Policy• Conformance validation• Document processingDocument processing• IMS™ protocol supportIMS™ protocol support• NFSNFS• Quality of Service (QoS)Quality of Service (QoS)• Role-based management (RBM)Role-based management (RBM)• SOAP Messages with Attachments (SwA) SOAP Messages with Attachments (SwA) • SOAP 1.2 SOAP 1.2 • SQL data source SQL data source • Virtual LAN (VLAN) Virtual LAN (VLAN) • Web Services Policy (WS-Policy) Web Services Policy (WS-Policy) • Web Services Reliable Messaging (WSRM) Web Services Reliable Messaging (WSRM) • WebSphere® MQWebSphere® MQ• WSDL interface WSDL interface


Monitoring and management• Count monitors: increment very time messages pass through a service.Can generate notifications.

• Duration monitors: increment very time a configured amount of time Passes, are used for delay or throttle

• Web Service monitors: level activity based on user-configured.

• Service level monitors: provide a finer degree of user control.


XML threat protection and security• Checks on the incoming XML including the following:• XML/SOAP firewall, filtering based on message content, headers, or other network XML/SOAP firewall, filtering based on message content, headers, or other network

variablesvariables• Incoming/outgoing data validationIncoming/outgoing data validation• Data schema validation (XML and binary)Data schema validation (XML and binary)• XML threat protectionXML threat protection• Single message XML denial of service (XDoS) protectionSingle message XML denial of service (XDoS) protection• Multiple message XML denial of service (XDoS) protectionMultiple message XML denial of service (XDoS) protection• Message tampering protectionMessage tampering protection• Protocol threat protectionProtocol threat protection• XML virus protectionXML virus protection• Dictionary attack protectionDictionary attack protection• SQL injection protectionSQL injection protection


Functional acceleration• The performance advantage of DataPower appliances are often close to seventy times higher than when using general purpose systems alone. When digital signature checking and message encryption/decryption take place, there is a great deal of overhead in processing messages.

• The intermediary DataPower appliance decrypts and authenticates the message before forwarding it in the clear over the last mile hop to eventual service provider.


Application-aware routing and data aggregation

• DataPower Appliances allow wire-speed translation of data models using XSLT, completely decoupling the client from the implementation.

• DataPower can retrieve data from a database not just to enable lookup-baesd routing, but also to augment service requests as they pass through the appliance. In this way, messages can be enriched with data dynamically.

• DataPower is capable of choosing from requests, hosting servers depending on

dynamic network conditions and service-level information, such as with the XPath dynamic network conditions and service-level information, such as with the XPath language language .


Protocol and format bridging

• Any-to-any Transformation Engine: If the enterprise’s standard protocols reach beyond the commonly accepted Web Services data formats, appliances can parse and transform arbitrary binary, flat text and XML messages, including EDI, COBOL Copybook, ISO 8583, CSV, ASN.1 and ebXML.

• Protocols. Services can be exposed and called using any combination of the typical protocols used for passing SOAP and XML messages in an SOA, such as HTTP, HTTPS and JMS. Direct communication with WebSphere MQ and IMS Connect is also supported.


Configuration Architecture• DataPower device consists of layers of related objects.

• Service objects, such as an XSL Proxy, XML Firewall or Web Service Proxy,occupy the top layer. .

• Any single service has only one processing policy. The processing policy,however, might have any number of rules.

XSLTXSLT

FilterFilter

ActionAction

RuleRule

Processing PolicyProcessing Policy

ServiceService

DataPower DeviceDataPower Device


Configuring and using DataPower

• In addition to the WebGUI, DataPower provides a command line interface (CLI) that is accessible via SSH and Telnet. Programmatic support is enabled through XML management interfaces, such as the Service-Oriented Management API (SOMA) and the Appliance Management Protocol (AMP).

• DataPower provides a powerful Web Graphical User Interface (Web GUI). It shows the palette of common mediations (actions) that can be dropped in the message processing policy.

• An Eclipse plug-in enables tooling support for configuration. Multiple appliances can be managed together as part of a set through the use of IBM Tivoli Composite Appliance Management System Edition for WebSphere DataPower (ITCAMSE for WDP) ..


Logging

• Log targets: local files, HTTP-based destination, Syslog, SNMP, SMTP.

• Log categories: the use of categories allows log targets to subscribe.

• Various objects on the device can generate log messages during normal operation.


WebGui Control Panel


Configure Web Service Proxy Sample


DataPower Weaknesses

• Port numbers need to be associated with each Web Service Proxy, can cause problem in load balancing and uri.

• DataPower can be polluted with unwanted objects due to deletion,can cause problem in limited space and too many unwanted objects.

• The use of Front Side Handler is confusing and can potentiallycause problems in design time and run time.

• Monitor is weak, only keep track for 3 hours.

• Debugging and probing can be dangerous if the person is not trained.


Suggested DataPower Setup

• The suggested domains are by regions: National, NCAL, SCAL, HI, NW, CO, GA, OH and MAS.

• Pre-assigned port numbers for each domain (region) so that they are not overlapping.

• We would like to keep dev, qa and production DataPower in very similar structure.

• Setup Web Service Proxy within DataPower to use default port 80 only.

• Setup reports to run against DataPower clean up un-used objects.

KP Domain

WS Proxy:80

National Domain

WS Proxy:1000WS

Proxy:1002WS Proxy:1003

WS Proxy:1999

NCAL Domain

WS Proxy:2000WS


WS Proxy:2999

MAS Domain

WS Proxy:8000WS


WS Proxy:8999


Suggested Domains and Web Service Proxy Setup

NDND


Suggested Topology

WS ProvidersWS Providers

IHSIHS

NDND


Demo


Support

http://www.datapower.com Reference docs:

• ReferenceGuide.pdf

• WebGUIGuide.pdf

• 3.6.1-Extensions-Common.pdf

DataPowerPOC

Documents

Transcript of DataPowerPOC