DataPower and Cast Iron update


Published on

Matt Roberts, Senior Software Engineer IBM Hursley Labs

  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

DataPower and Cast Iron update

  1. 1. DataPower andCast Iron updateMatt RobertsSenior Software EngineerIBM Hursley Labs© 2012 IBM Corporation
  2. 2. Agenda WebSphere DataPower Family – Overview – WebSphere DataPower v5.0 update – DataPower virtual editions – WebSphere Appliance Management Center WebSphere Cast Iron – Cast Iron Integration Services – Cast Iron Express – Cast Iron Live WebAPI Services
  3. 3. WebSphere DataPower Appliances… SECURE your SOA, Web 2.0, Mobile, B2B, and Cloud environments SIMPLIFY your connectivity infrastructure ACCELERATE your time to value GOVERN your evolving IT architecture WebSphere DataPower Appliances provide a low startup cost, helping clients increase ROI and reduce TCO with specialized, consumable, dedicated appliances that combine superior performance and hardened security
  4. 4. IBM WebSphere DataPower organization makes appliances Simple architecture: – microcode firmware + purpose-built hardware Delivered from the factory with everything you need to connect to the network and start working – No need to provision anything but the Ethernet network and CAT cables to get started All computationally-significant components sealed within a tamper-evident casing  Guiding philosophy is to take rote, repeatable – Chips – Memory security / integration tasks and lock them down – Boards and cards in the appliance form factor, including: – Flash-based file system (signed and encrypted) – Security gateway functions – Parsing and xform accelerator – Service Bus (ESB) functions – Cryptographic accelerator – B2B gateway functions – Application optimization functions Appliance “lock down” means: – Removing need for commodity code – Removing reliance on general purpose operating systems and run times – Porting to purpose-built firmware – Simplicity = BIG TCO SAVINGS 4 © 2012 IBM Corporation
  5. 5. Why use an appliance for connectivity? Many functions incorporated in a single device Service level management Dynamic routing and load distribution Transport and message level security Policy enforcement Transport and message transformation Simplified maintenance model Drop-in appliance form-factor Secures traffic in minutes Push-button flash upgrade process Integrates with existing operations Provides high levels of certified security assurance Transport Protocol Security (SSL/TLS) Message Level Security Authentication, Authorization, Audit (AAA) FIPS 140-2 Level 3, Common Criteria EAL4*  Purpose-built, fine-tuned consumable hardware platform  Achieves fast performance with multiple layers of hardware acceleration
  6. 6. WebSphere DataPower FamilyService Gateway XG45 Integration Appliance XI52  Entry-level device, slim footprint (1U)  High density 2U form  Security gateway (AAA, XML threat, etc)  Consumable hardware ESB  Service level management and monitoring  “Any-to-Any” conversion at wire-speed  Intelligent load distribution & dynamic  Bridges multiple transport protocols routing  Mainframe integration & enablement  Lightweight ESB functions (optional module) B2B Appliance XB62 Integration Blade XI50B/XI50z  High density 2U form  Functionally equivalent to XI52  B2B Messaging (AS1/AS2/AS3/ebMS)  Form factor flexibility  Trading Partner Profile Management  XI50B: BladeCenter form factor  B2B Transaction Viewer  XI50z: zEnterprise BladeCenter Extension (zBX) form factor 6
  7. 7. Deploy WebSphere DataPower Appliances in a variety of use cases Internet DMZ Trusted Domain 4 Internal Security 5 Enterprise Service Bus Application Application Consumer 1 Secure Gateway (Web Services, Web Applications) 2 B2B Gateway System z 3 Intelligent Load 6 Runtime SOA Governance Distribution 7 Web Service Management 8 Legacy Integration
  8. 8. Agenda WebSphere DataPower Overview WebSphere DataPower v5.0 WebSphere DataPower virtual editions WebSphere Appliance Management Center
  9. 9. WebSphere DataPower V5.0: Key Features OAuth 2.0 support – Securely expose enterprise services to Web 2.0 & mobile applications using industry standard – Integrated into the AAA framework, allows DataPower to act as both the PEP for Resource Server and Authorization Server Enhanced Service & SLA Management – Provides more consumable and centralized service Governance & SLA management with support for automatic policy synchronization and enforcement b/w WSRR and DataPower Application Optimization option on XG45 – Decreases cost by enabling self-balancing across a cluster of DataPower appliances and eliminating the need for frontend load balancers – Improves efficiency by providing dynamic and intelligent load distribution to backend servers and eliminates the need for backend load balancers Improved processing capability – Improves processing power with extended memory support for 9005 and XI50B appliances B2B volumetrics support – B2B volumetrics support allows detailed analytics of B2B transactions by providing flexible service based access to B2B metadata stored in the appliance persistence store
  10. 10. Example OAuth “3-Legged” Scenario The resource owner never shares her username or password with the OAuth client OAuth Client Resource Server 4. Here is my access token, let me access the resource 3. OAuth Client sends in its credentials and the approval it obtained from 2. Asks for 1. Resource Owner access token to access initiates a request with the resource OAuth Client Authorization Server 2. Resource Owner authenticates and provides the authorization decision on Resource Owner whether to allow OAuth Client access to their resource
  11. 11. JSON Protection Nesting Depth of 3 DocumentLabel String Size Value StringNumber • Label - Value Pairs – Label String Length (characters) – Value String Length (characters) – Number Length (characters) • Threat Protection – Maximum nesting depth (levels) – Maximum document size (bytes) JSON Examples • Jumbo Payload • Name-Value Pair
  12. 12. Enhanced Governance & SLA Management Support Implement Service Level Agreements (SLA) enforcement on DataPower via declarative policy documents without manually creating DataPower configuration artifacts – WS-Proxy consumes the specified policy and modeled SLA semantics through WS-Policy and WS- PolicyAttachment artifacts that are fetched from WSRR subscription or appliance configuration • Author SLA policy and associate it with a web service (configuration task) • DataPower fetches SLA policy and renders the required DataPower configuration Processing Policy artifacts (rules and actions) to enforce policy • DataPower enforces SLA policy based on Processing Policy artifacts (rules and actions) created from consumed policy documents • DataPower synchronizes SLA policy based on manual user action and/or WSRR subscription settings • Policy domains define syntax & vocabularies used to describe the desired behavior that needs to be enforced. Common policy domains supported in DataPower v5.0 include: – WS-SecurityPolicy (W3C specification) – WS-MediationPolicy (IBM specification) 12
  13. 13. Traffic Management Policy “If message traffic exceeds 100 messages per second, then reject any new messages until message traffic is below 100 messages per W e a th e r A p p lic a tio n V e r s io n 1 .0 G lo b a l W e a th e r S e r v ic e V e r s io n 1 .1 second again” S e r v ic e E n d p o in t S e r v ic e L e v e l A g r e e m e n t In te r n a l S e r v ic e L e v e l D e fin itio n S e r v ic e E n d p o in t E xposed M a x 1 0 0 M s g /S e c Q o S P o lic y WSRR M a x 5 0 0 M s g /S e c Model Q o S P o lic y <wsp:Policy Name=“Max100MsgSec_Reject"> <wsmp:Rule> <wsmp:Condition> <wsmp:Expression> <wsmp:Attribute>MessageCount</wsmp:Attribute> <wsmp:Operation>GreaterThan</wsmp:Operation> <wsmp:Value>100</wsmp:Value> <wsmp:Interval>PT01S</wsmp:Interval> </wsmp:Expression> </wsmp:Condition> <wsmp:Action> Policy generated by <wsmp:RejectMessage/> </wsmp:Action> WSRR, automatically WSRR Policy creation enforced by </wsmp:Rule> DataPower </wsp:Policy>
  14. 14. Application Optimization Option on XG45 Application Optimization Option provides  Self Balancing: Self balance across a cluster of appliances  Replace front-end IP load balancer  New support (introduced in firmware version 4.0.2) enables connections to be preserved, without loss, during failover scenario  Dynamic and Intelligent Load Distribution to backend systems  Replace backend load balancer Front-end IP load balancers not needed Self balancing (IP spraying)
  15. 15. Application Optimization Option on XG45Provides application-aware Intelligent Load Distribution Auto-discovers application targets and distributes load using dynamic feedback mechanism  Topology learning for WAS ND and VE Uses intelligent weighted distribution algorithms based on current server load  Weighted Least Connection load balancing algorithm Provides several options for enabling session affinity DataPower performs dynamic back- side routing and load distribution Failure of target (leveraging dynamic information appliances are masked from back-ends) by appropriate weighted distribution
  16. 16. B2B Volumetrics Support Provides service based access to on-box B2B transaction metadata – XML Management Interface “b2b-query-metadata” operation – Schema definitions in store:///xml-mgmt-ops.xsd and store:///xml-mgmt-b2b.xsd – Query Condition – used to construct the selection criteria, e.g. “all failed transactions with partner A” – Result Constraints – used to specify how to represent the resulting data, including max rows per response, which properties to be included and properties to be used for sorting REQUEST RESPONSE User Comment
  17. 17. DataPower virtual editions Brand New! Planned availability: 30 November 2012 Virtual appliance form factor • VMWare ESX or VMWare ESXi server • XG45 Service Gateway appliance • XI52 Integration Gateway appliance Supports various scenarios • Development and testing – no longer require a physical appliance • Includes various optional features free of charge for non-production use (eg application optimization) • Production environments where physical appliances are not suitable or not necessary Full transportability of configuration between physical and virtual appliances • Develop using a virtual appliance, then move to physical for productionAnnouncement:
  18. 18. Agenda WebSphere DataPower Quick Overview WebSphere DataPower v5.0 WebSphere DataPower virtual editions WebSphere Appliance Management Center
  19. 19. WebSphere Appliance Management Center (WAMC)Simple Multi-Box Management for WebSphere Appliances Web application which provides multi-box operational management for WebSphere DataPower SOA appliances – Centralized firmware management – Disaster recovery – Configuration life cycle deployment Separate standalone monitoring component is included – IBM Tivoli Composite Application Manager (ITCAM) Agent for WebSphere DataPower Appliances Provides firmware management & monitoring support for WebSphere DataPower XC10 appliances Available for download, free of charge, to licensed users entitled to service for a supported appliance
  20. 20. New in WebSphere Appliance Management Center Lighter, snappier, more streamlined interactions – Much lower resource consumption, fast install and start up, improved responsiveness – Simplified user interface for improved work flow Flexible appliance and domain grouping – Appliances & domains can be grouped in any way the user chooses, may be members of multiple groups – Filters allow the user to quickly view and select members of a group Improved firmware management support – Simplified firmware upload and deployment – Supports firmware management on XC10 Finer grained configuration management Quick Page – Deploy configuration at the domain and service level NavigationEasy access to actions
  21. 21. ITCAM Agent for WebSphere DataPower Appliance Focused on monitoring appliance level metrics – DataPower Appliances • Resource utilization • Network and connection statistics • Object status, system log, event notifications, etc. Supports monitoring multiple DataPower Appliances with one agent Tivoli Composite Application WebSphere DataPower SOA Appliance Manager Agent for WebSphere DataPower Appliance 14.11.12 21
  22. 22. WebSphere Cast Iron Cloud Integration  Cast Iron Integration Services  Cast Iron Express  Cast Iron Live Web API Services22
  23. 23. Organisations are increasingly adopting SaaS applications Integration Maximises Value of Cloud Investments Packaged Home-grown Applications Applications 23
  24. 24. Total Connectivity Complete Flexibility Complete Flexibility Complete Re-usability For All Types of Projects UI Mash-ups TIP Exchange Multi-tenant cloud service TIP Development Kit Process Integration Physical Appliances TIP Community Data Migration Virtual Appliances24 © 2012 IBM Corporation
  25. 25. Simple: Configuration, Not Coding approach No “integration experts” or Specialized Resources to Hire No Coding Beyond Configuration Preconfigured Templates (TIPs)
  26. 26. Rapid Success: Integrate in Days! Cloud Offering Customer Scenario Duration Sales Cloud – SAP 10 Days 360 Degree Customer View Private Cloud Custom Cloud - PeopleSoft Billing and Invoice Integration 8 Days Sales Cloud & Chatter – SAP Customer and Sales Order 14 Days Integration Netsuite, CRM 20 Days Opportunity to order sync Oracle CRM On Demand, EBS Real-time order and invoice 10 Days visibility Sales Cloud, Service Cloud, - Jeeves 21 Days26 Order to Shipment © 2012 IBM Corporation
  27. 27. Cast Iron Express■ Entry-Level Self-Service offering – Integrate in hours■ Basic integration use-cases: - SalesForce and Databases (DB2, MySQL, MS SQL, Oracle) - SalesForce and Flat-files+FTP, local file upload■ Connectivity, Data Mapping - (but not workflow logic) Sign up online for a free 90 day trial 27
  28. 28. Cast Iron Express web-based user interface 28
  29. 29. Cast Iron Live Web API Services29
  30. 30. The API Economy 5.9 Billion Mobile Subscribers $7bn worth of items 10.5 Billion Minutes Globally in 2011 sold annually on per Day Spent On eBay through APIs Facebook Over 1 Billion API 400 Million Tweets Calls Per Day Each Per Day Today from NetFlix, eBay, Klout, AccuWeather 25 Billion Apps 10x more traffic via Downloaded from API than the Twitter the Apple AppStore website30 IBM Confidential
  31. 31. The Engaging Enterprise • Business Users want to engage Customers in new Apps markets • They need to Externalize the Enterprise • They need to get Apps in front of these Customers Customer • Apps need APIs that Business User Externalize the Enterprise Enterprise • App Developers use APIs • App Developers are now External to the Enterprise App Developer IT Guy • IT Guys need to secure, scale and support the externalized The Platform Enterprise Enterprises wants to tap into • Business Users and IT Guys innovation from a large needs Insights so they can community of developers, not respond to business needs just developers they employ
  32. 32. Key concepts for Web APIs Security – Managing access – Quota usage, tracking and monitoring Capability – Proxy of existing services – “Assembly” of existing data sources to create a new API Caching – Deal with increased load on backend services – Flood control / DoS prevention Analytics – Technical metrics about calls made, devices used, workload per app developer – Business level queries defined on the fly The Enterprise Community 2. Builds – Publicize and promote adoption of your APIs – Manage sign up of app developers – Provide branding for your enterprise, plus self service documentation and samples for your users
  33. 33. Try it free today! Sign up online for a free 90 day trial The Enterprise 2. Builds
  34. 34. Summary WebSphere DataPower Family – Overview – WebSphere DataPower v5.0 update – DataPower virtual editions – WebSphere Appliance Management Center WebSphere Cast Iron – Cast Iron Integration Services – Cast Iron Express – Cast Iron Live WebAPI Services
  35. 35. WebSphere DataPower: IBM Appliances for Smarter Connectivity Established Resources: IBM DataPower Web Page (support, technotes, doc)  developerWorks DataPower Discussion Area  Vast library of published articles:  (Also search for “DataPower” within “WebSphere”, “SOA/Web Services” and “XML”)  (Search “DataPower”) IBM Redbooks:  IBM WebSphere DataPower SOA Appliance Handbook:)  YouTube:  DataPower Podcasts: 
  36. 36. WebSphere Cast Iron cloud integration Resources – Homepage • • Various whitepapers to download on cloud integration – Intro and Technical overview: • – Getting Started: • Cast Iron Express – Web API Services – Https:// – –
  37. 37. WebSphere DataPower Security Gateway XG45 Traditional DataPower Services Security use cases – Policy enforcement (WS-Policy, Service Level Management, etc.) – Cryptography (Encryption, Digital Signatures, etc.) – Access control (Authentication, Authorization, etc.) New DataPower Connectivity and Integration use cases – Built-in support for HTTP, MQ, WebSphere JMS, and FTP – Optional support for Non-XML transformation and database integration 1U form factor38
  38. 38. WebSphere DataPower XG45 Technical Specs  Slim form 1U rackmount design  Multiple Replaceable Units – Customer Replaceable Units (CRU)  Two network modules for • Fan, Power Supply, Hard Drive, application traffic Network Module – 4 x 1 Gbe ports – Field Replaceable Units (FRU) – 2 x 10 Gbe ports • Appliance • Battery (RAID & Coin)  Increase capability • PCI e-Card – Higher performance CPU, memory, flash size, hard drive space…  Enhanced Features – New RAID controller – Runtime Hardware Diagnostic • Large write cache – Customized intrusion detection • Battery backup  Support for Hardware Security Module RAID mirroring across two drives39 4 1-Gigabit 2 10-Gigabit Ethernet NICs Ethernet NICs
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.