Your SlideShare is downloading. ×

IBM DataPower Gateway - Common Use Cases

34,963

Published on

IBM DataPower Gateway appliances are used in a variety of user scenarios to enable security, control, integration and optimized access for a range of workloads including Mobile, Web, API, B2B, Web …

IBM DataPower Gateway appliances are used in a variety of user scenarios to enable security, control, integration and optimized access for a range of workloads including Mobile, Web, API, B2B, Web Services and SOA. This presentation from the IBM DataPower team provides an in-depth look at each use case.

Published in: Technology
0 Comments
20 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
34,963
On Slideshare
0
From Embeds
0
Number of Embeds
19
Actions
Shares
0
Downloads
1,358
Comments
0
Likes
20
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. © 2015 IBM Corporation IBM DataPower Gateway Common Use Cases Ozair Sheikh, Senior Product Manager IBM DataPower Gateways Arif Siddiqui, Principal Product Manager – Strategic Initiatives IBM DataPower Gateways & API Economy
  • 2. © 2015 IBM Corporation2 Agenda  DataPower Gateway Overview  Security & Optimization Gateway  Mobile Connectivity  API Management  Integration  Mainframe Integration & Enablement  B2B
  • 3. © 2015 IBM Corporation33 DataPower Gateways … 3 IBM DataPower Gateways provide a low startup cost, helping clients increase ROI and reduce TCO with specialized, consumable, dedicated gateway appliances that combine superior performance and hardened security in physical and virtual form factors INTEGRATE Systems of Engagement with Systems of Record CONTROL & MANAGE Traffic and Service Level Agreements SECURE Mobile, API, Web, SOA, B2B and Cloud Workloads OPTIMIZE Data Delivery and User Experiences CONSOLIDATE & Simplify Infrastructure Footprint
  • 4. © 2015 IBM Corporation4 Gateway for the Multi-channel Enterprise Single security and integration gateway platform to provide security, integration, control & optimized access to a full range of Mobile, API, Web, SOA, B2B, & Cloud workloads B2B Simplify mobile security with single, purpose-built gateway; control mobile traffic and accelerate delivery Web Simplify web security with single, purpose-built gateway; control traffic and accelerate delivery for intranet and internet web applications Cloud DataPower gateway functionality in a virtual appliance form factor, supports multiple hypervisor & cloud environments IBM DataPower GatewayAPI Easily secure, control, publish, monitor & manage your APIs SOA Secure, integrate, control & manage SOA workloads in the DMZ and Trusted zones Extend Connectivity & Integration beyond the enterprise with DMZ-ready B2B edge capabilities Mobile
  • 5. © 2015 IBM Corporation5 IBM DataPower Gateway Appliances are the industry-leading Security & Integration gateways that help provide security, integration, control and optimized access to a full range of Mobile, Web, API, SOA, B2B, & Cloud workloads Common Use Cases Internet Trusted Domain Consumer Application or Service DMZ Trading partners 1 Mobile Gateway 2 API Gateway 3 Web Gateway 4 B2B Partner Gateway 5 SOA & API Gateway 6 ESB / Integration Gateway 7 Internal Security Enforcement 8 Web Services Governance & Management 9 Legacy Integration Consumer Middleware z System DataPower Gateway DataPower Gateway
  • 6. © 2015 IBM Corporation6 Features Before DataPower Gateway After DataPower Gateway Control Integrate Optimize Secure Consumer Consumer Consumer Consumer Simplify, offload & centralize critical functions Integrate Any-to-any message transformation Transport protocol bridging Message enrichment Database connectivity Mainframe connectivity B2B trading partner connectivity Control OptimizeSecure SSL / TLS offload Hardware accelerated crypto operations JSON, XML offload JavaScript, JSONiq, XSLT, XQuery acceleration Response caching Intelligent load distribution Service level management Quota enforcement, rate limiting Message accounting Content-based routing Failure re-routing Integration with management & visibility platforms Authentication, authorization, auditing Security token translation Threat protection Schema validation Message filtering & semantics validation Message digital signature Message encryption
  • 7. © 2015 IBM Corporation7 Modules ISAM Proxy Module  User access control, session management, web SSO enforcement  Advanced mobile security: mobile SSO, context-based access, one- time password, multi-factor authn  Integration with ISAM for Mobile Application Optimization Module  Frontend self-balancing  Backend intelligent load distribution  Session affinity  z Sysplex Distributor integration Integration Module  Any-to-Any message transformation  Database connectivity  Mainframe IMS connectivity B2B Module  B2B DMZ gateway  EDIINT AS1,AS2,AS3,ebXML  Partner profile management  B2B transaction viewer  Any-to-Any message transformation  Database connectivity TIBCO EMS Module  Integrate with TIBCO EMS messaging middleware  Support for queues & topics  Load balancing & fault-tolerance DataPower Gateway: Single, modular & extensible platform IBM DataPower Gateway (Base) Secure  Authentication, authorization  Security token translation  Service / API virtualization  Threat protection  Message validation  Message filtering  Message digital signature  Message encryption  AV scanning integration Integrate  Transport protocol bridging  Message enrichment  Message transformation & processing using JavaScript, JSONiq, XQuery, XSLT  Mainframe integration & enablement  Flexible pipeline message processing engine Control & Manage  Service level management  Quota & rate enforcement  Content-based routing  Message accounting  Integration w/ management & visibility platforms including IBM API Management & WSRR for policy enforcement Optimize & Offload  SSL / TLS offload  Hardware accelerated crypto*  JSON, XML offload  JavaScript, JSONiq, XSLT, XQuery acceleration  Local response caching  Distributed caching with WXS or XC10  Backend load balancing 2U Physical or Virtual Edition
  • 8. © 2015 IBM Corporation8 Deployment options  Purpose-built, DMZ-ready appliances provide physical security  High density 2U rack-mount design  8 x 1 and 2 x 10 GbE ports  Cryptographic acceleration card  Trusted platform module  Customized intrusion detection  Optional HSM (FIPS 140-2 Level 3 certified)  Virtual appliances provide deployment flexibility  Support multiple hypervisors and cloud environments − VMware − Citrix XenServer − IBM PureApplication System (x86 nodes) − IBM PureApplication Service on SoftLayer (x86 nodes) − IBM SoftLayer bare metal instances using supported hypervisors VirtualPhysical
  • 9. © 2015 IBM Corporation9  Purpose-built hardware provides physical security • Sealed, tamper-evident case • No usable USB, VGA, other ports • Intrusion detection switch • Trusted Platform Module • Encrypted flash drive • FIPS 140-2 level 3 Hardware Security Module (option) for secure storage of private keys  Hardened firmware provides platform security for physical & virtual gateways • Single signed and encrypted firmware by IBM • No arbitrary software • Optimized, embedded operating system • High assurance, “locked-down” configuration • Key materials are not exportable from the appliance * Enterprise grade security requires a secure platform
  • 10. © 2015 IBM Corporation10 Virtual Edition  DataPower gateway functionality in virtual appliance form factor to rapidly secure, integrate, control & optimize access to Mobile, API, Web, SOA & B2B workloads in hypervisor & clouds platforms  Use for development, test or production  Supports multiple hypervisor & cloud platforms  VMware  Citrix XenServer  IBM PureApplication System W1500/W2500  IBM PureApplication Service on SoftLayer (x86)  IBM SoftLayer bare metal instances on x86 nodes  Seamless configuration migration between physical and virtual appliances  Utilizes the same industry-proven & purpose-built platform including an embedded, optimized DataPower Operating System, that powers the physical appliances x86 Server Delivers purpose-built, highly consumable Security & Integration Gateway functionality in virtual appliance form factor for cloud deployments
  • 11. © 2015 IBM Corporation11 Virtual Edition Benefits  Deployment flexibility and elasticity – “Right size” the deployment, quickly deploy where needed, & rapidly scale  Workload isolation - Projects can use their own instances  Unbounded memory scalability - Memory can be added to instances without additional licensing  Low cost for Dev & Test environments - Developers & Non-Production versions include add-on software modules at no additional charge  Free disaster recovery - Warm or cold backup without additional licenses when licensed for Production  Flexible licensing and entitlement  Sub-capacity licensing  Monthly licensing option  Entitlement to future product versions at no additional charge with active maintenance (S&S) x86 Server Delivers purpose-built, highly consumable Security & Integration Gateway functionality in virtual appliance form factor for cloud deployments
  • 12. © 2015 IBM Corporation12 • Used by 95% of top global insurances firms • SaaS providers, ASPs, regulators, etc. • Agencies and ministries • Defense and security organizations • Crown corporations Insurance Government Banking • Healthcare • Retailers • Utilities, Power, Oil and Gas • Telecom • Airlines • Others Many, many, more • Majority of the big US and European banks • All of the big 5 Canadian banks • Numerous regional banks and credit unions DataPower Gateways Over 14 years of innovation & over 2,000 global installations
  • 13. © 2015 IBM Corporation13 DataPower’ing IBM Bluemix!!! • Security • Control • Filtering • Content-Based Routing • Load balancing • Monitoring and Logging Mobile client Bluemix Tooling VM Application Manager App App App App Service Service Service Service Open Stack External ServiceExternal Services Internet Did you know? DataPower has been trusted to be the exclusive gateway for Bluemix, IBM’s global Platform as a Service
  • 14. © 2015 IBM Corporation14 Agenda  DataPower Gateway Overview  Security & Optimization Gateway  Mobile Connectivity  API Management  Integration  Mainframe Integration & Enablement  B2B
  • 15. © 2015 IBM Corporation15 Use Case: Security & Optimization Gateway Securing the Enterprise & providing optimized access
  • 16. © 2015 IBM Corporation16 DataPower security roles and objectives • Protect data and other resources on the appliance and protected servers – System availability • Protect against unwanted access, denial of service attacks, and other unwanted intrusion attempts from the network • Only allow “valid” messages through – Identification and Authentication • Verify identity of network users – Authorization • Protect data and other system resources from unauthorized access  Protect data in the network using cryptographic security protocols – Data End Point Authentication • Verify who the secure end point claims to be – Data Origin Authentication • Verify that data was originated by claimed sender – Message Integrity • Verify contents were unchanged in transit – Data Confidentiality • Conceal clear-text using encryption IntranetDMZInternet Authentication Authorization User Federation z/OS RACF for User I&A Authorization Cert/keys  Secure access to Web and legacy applications  Converged security enforcement  Rocksolid DataPower platform  Leverages enterprise security and policy managers
  • 17. © 2015 IBM Corporation17 Applications and Systems Silos of security & control are impeding business agility DEVELOPERSPARTNERS CONSUMERS EMPLOYEES WEBMOBILEB2B SOA APIS PARTNERS DEVELOPERS API GATEWAY B2B GATEWAY SOA GATEWAY WEB ACCESS PROXY MOBILE GATEWAY Business Channels Users Security & Control Solutions CLOUD ALL CLOUD GATEWAY CONSUMERS EMPLOYEES z SystemMiddleware ESBApplication Service
  • 18. © 2015 IBM Corporation18 Applications and Systems DEVELOPERSPARTNERS CONSUMERS EMPLOYEES WEBMOBILEB2B SOA APIS PARTNERS DEVELOPERS Business Channels Users Security & Control Solutions CLOUD ALL CONSUMERS EMPLOYEES Reduce cost + improve security & control with a single gateway z SystemMiddleware ESBApplication Service Virtual appliance Physical appliance DataPower Gateway
  • 19. © 2015 IBM Corporation19 IBM Multi-channel gateway  ISAM for DataPower module provides the reverse proxy component that provides enforcement for  Centralized user authentication & coarse-grained authorization  Session management, & web SSO  Context based access & mobile SSO  Strong authentication including one-time password and multi-factor authentication Leverage the combined capabilities of IBM DataPower Gateway and IBM Security Access Manager in a single, converged security and integration gateway New in V7.1 IBM DataPower Gateway Web Browsers and Portals Mobile Web Web 2.0 (AJAX) Native Mobile B2B Hybrid Mobile APISOA (Web Services) App, Service & API security IBM DataPower Gateway ISAM Module User access security Traffic control & optimization Connectivity & transformation
  • 20. © 2015 IBM Corporation20 Security Gateway New connection to target Proxying and Enforcement • Terminate incoming connection • Terminate transport-level security (SSL/TLS offload) • Threat protection • Enforce Service Level Agreement policies • Inspect message content and filter (Schema validate) • Enforce security policies on message content (Encrypt/decrypt, Verify/sign digital signatures) • Authentication, Authorization, Auditing (AAA) • Call out to virus checker • Transform content & enrich message • Translate security token • Dynamically route based on content and load balance (Establish a new connection to pass results) • Cache data on-box or in centralized, shared grid Connection from client ACL Virus Scanner Consumer Provider Web Service Request Basic Auth, OAuth 2.0, WS-Security UNT, etc Outside World Internal NetworkDMZ HTTP(s) HTML, JSON, XML, SOAP MME, DIME, MTOM XMLDSIG, XMLENC WS-Security Policy WS-Trust SAML OAuth 2.0 Internet SaaS Partner Apps Browsers ProtocolFirewall Security Gateway Packaged Apps Proprietary Apps Data HTTP(s) ESB Tivoli (TAM) MS Active Directory Any LDAP, e.g. Oracle CA SiteMinder PDP (XACML, SAML, other) DomainFirewall ACL Security Gateway Internal Consumer Incoming access control; Threat protection Outgoing access control; SAML injection etc Internal Security Web Service Request SAML, LTPA, Kerberos
  • 21. © 2015 IBM Corporation21 Protection of data plus XML & JSON threat protection  Use DataPower to help resolve PCI compliance issues  Easily sign, verify, encrypt, decrypt any content  Configurable XML Encryption and Digital Signatures – Message-level, Field-level, Headers  Security standards: OAuth, WS-Security, WS-Policy, WS- SecurityPolicy, SAML, XACML, WS-Trust, …  Use WS-SecurityPolicy to define security requirements for your web services – DataPower natively consumes and enforces WS-SecurityPolicy statements • Integrity & Confidentiality, SupportingTokens, Message/Transport Protection  Use XACML to define access and authorization policies for your web services – DataPower natively consumes and enforces XACML policies • Resource-based Authorization • PEP, PDP DataPower security is policy driven XML Threat Protection • Entity Expansion/Recursion Attacks • Public Key DoS • XML Flood • Resource Hijack • Dictionary Attack • Replay Attack  Message/Data Tampering  Message Snooping  XPath or SQL Injection  XML Encapsulation  XML Virus  …many others JSON Threat Protection • Label - Value Pairs ‒ Label String Length (characters) ‒ Value String Length (characters) ‒ Number Length (characters) • Threat Protection ‒ Maximum nesting depth (levels) ‒ Maximum document size (bytes)
  • 22. © 2015 IBM Corporation22 AAA : Authentication Authorization Auditing Extract Identity HTTP Headers WS-Security Tokens WS-SecureConversation WS-Trust Kerberos X.509/SSL SAML Assertion IP Address LTPA Token HTML Form OAuth Custom Authenticate Extract Resource URL XPath SOAP Operation HTTP Operation Custom LDAP/Active Directory System/z NSS (RACF, SAF) IBM Security Access Manager Kerberos WS-Trust Netegrity SiteMinder RADIUS SAML LTPA Verify Signature Custom Authorize Audit & Post-Process Map Identity Map Resource LDAP/ActiveDirectory System/z NSS IBM Security Access Manager Netegrity SiteMinder SAML XACML OAuth Custom Add WS-Security Generate z/OS ICRX Token Generate Kerberos Generate Spnego Generate SAML Generate LTPA Map Tivoli Federated Identity External Access Control Server or Onboard Identity Management Store input output
  • 23. © 2015 IBM Corporation23  Enhance security intelligence and compliance through integration with QRadar security information and event management (SIEM) platform  Coming soon: Device Support Module (DSM) for DataPower Gateways to parse event information Integration with QRadar Security Intelligence Platform QRadar SIEM User Client Provider DataPower
  • 24. © 2015 IBM Corporation24 Service Level Monitoring (SLM) to protect your services and applications from over-utilization and enforce quota – Frequency based on concurrency OR based on messages per time period – Take action when exceeding a custom threshold: • Notify (or log), Shape (or delay), Throttle (or reject) Traffic Control / Rate Limiting
  • 25. © 2015 IBM Corporation25 Retail Service Provider Securely expose services to consumers Solution  Implemented WebSphere DataPower to form the Web services backbone  Through content-based routing, security policy enforcement & data encryption, DataPower ensures safe & efficient flow of confidential customer data  Integrated seamlessly into heterogeneous environment increasing interoperability & promoting reuse Benefits  Secure SOA on standards-based platform  Easily reuse Web services throughout enterprise  Boosts productivity of IT staff  Substantially shorten time to market for new services Challenge  Consistent & secure delivery of online services to partners that could be shared, integrated & flexible to meet specific needs  Web services infrastructure needed to support highly secure data routing with daily high volume & sensitive nature of information Identity Mgmt
  • 26. © 2015 IBM Corporation26  Self Balancing: Self balance across a cluster of appliances  Replace front-end IP load balancer  Enables connections to be preserved, without loss, during failover scenario  Dynamic and Intelligent Load Distribution to backend systems  Replace backend load balancer  Auto-discovers application targets and distributes load using dynamic feedback mechanism  Topology learning for WAS ND and VE  Embedded On Demand Router for WAS ND environments  Provides several options for enabling Session Affinity  Cache application response data locally or in a caching grid (IBM WXS or XC10) Front-end IP load balancers not needed Self balancing (IP spraying) Built-in cache Application Optimization Dynamic back-side routing and load distribution (leveraging dynamic information from back-ends) Failure of target application endpoints are masked by appropriate weighted distributionDataPower
  • 27. © 2015 IBM Corporation27 User WAS Application { "Task" : "AddEntry", "Detail": "Create presentation materials." } HighLoad  Scenario – JSON REST app to-do list  Issues – High server load – Slow response time Slow Response (>10s) Application Optimization Example Public Enterprise User WAS Application 1 1 ImprovedLoad Public DMZ Data Center DataPower Improve Server Load with SSL Offload 1. Client requests are secured via DP SSL concentrator
  • 28. © 2015 IBM Corporation28 User WAS Application 1 21 PUT /joe/todos HTTP/1.1 Host: joe.org Content-Type: application/json Content-Length: 69 { "Task" : "AddEntry", "Detail": “Waste time." } ImprovedLoad DataPower Manage Traffic with Application Fluency 2. DataPower enables application aware traffic management User WAS Application 3 1 1 ImprovedLoad Improved Response Time DataPower Distribute Load Intelligently 3. Application Optimization effects load distribution intelligence Leverage dynamic runtime conditions to distribute based on topology & workload 2 Application Optimization Example
  • 29. © 2015 IBM Corporation29 REST Cache at the edge(s) 4. Results are cached at the edge using IBM WXS or XC10 caching grid OR locally on-box Application Optimization Example User WAS Application 3 4 1 21 DataPower WXS or XC10 LowLoad Fast Response • Faster application response time • Lower server load • Improved system throughput
  • 30. © 2015 IBM Corporation30 REST Using IBM WXS or XC10 As a Side Cache For DataPower User 1 5 3 2 4 Client Provider 1. Client submits application request. 2. DataPower XI parses request and queries WXS / XC10. On a hit, skip to step 5. 3. On a miss, XI forwards request to target Provider. 4. XI adds application response to WXS / XC10. 5. Client receives response from XI.  Easily integrates into the existing business process – No code changes to the client or back-end application – Simply add the side cache mediation  Significantly reduces the load on the back-end system by eliminating redundant requests  Improve client observed response time Improved Response Time ImprovedLoad WXS or XC10 DataPower XI Appliances Large Response Time
  • 31. © 2015 IBM Corporation31 DataPower Gateway + XC10: Travel and Transportation Online Reservations Reservations System – Before: 3-5 sec response time – After: .01 -.05 sec response time – Caching service requests – Improved the average response time of the Global Distribution System requests for Fare Availability and Category Availability – 52% caching rate – 10 minute cache resulted in 40% reduction in load on the back-end systems – Maintained high data integrity. Faster responses were also accurate – POC in 3.5 hrs 100x performance improvement Improved reliability and scalability of reservation channels Reduced traffic to backend systems Deliver high performance & consistent response times Scale with simplicity and lower TCO
  • 32. © 2015 IBM Corporation32 Agenda  DataPower Gateway Overview  Security & Optimization Gateway  Mobile Connectivity  API Management  Integration  Mainframe Integration & Enablement  B2B
  • 33. © 2015 IBM Corporation33 Use Case: Mobile Connectivity Securely & Rapidly connect Mobile Apps with Enterprise Services
  • 34. © 2015 IBM Corporation34 • How to protect your back-end systems from harmful workloads and unauthorized mobile users & apps? • How to limit & shape mobile traffic based on service level agreements, and route based on message content? • How to convert mobile payloads, bridge transports and connect to existing services at wire-speed? • How to improve response time, reduce load on backend systems and intelligently distribute load? Key Mobile-specific Application & API issues? Secure Control Integrate Optimize
  • 35. © 2015 IBM Corporation35 SSL Offload Threat Protection Rate Limiting / SLA Enforcement Validation, Filtering Authentication Authorization Context-based Access Mobile SS0 Security Token Translation Message Transformation Content-Based Routing Intelligent Load Distribution Response Caching Middleware / ESB, Legacy Apps Apps, Services Rapidly Connect Mobile Apps with Enterprise Services Securely expose enterprise data & APIs to Mobile Apps while optimizing delivery IBM DataPower Gateway ISAM Module /apimanagement Native, Hybrid, Mobile Web
  • 36. © 2015 IBM Corporation36 • DataPower appliance with ISAM module for security enforcement, traffic control & management, application acceleration, transport bridging & message transformation • ISAM for Mobile as decision point for context based access (CBA), mobile SSO, strong authentication including one-time password (OTP) & multi-factor authentication (MFA) Mobile Gateway solution for on-premise and cloud ISAM for Mobile Rapidly deliver secure integration & optimized access for enterprise mobile applications DataPower Gateway (Security Enforcement Point) ISAM Module Apps, Services, Middleware, (Security Decision Point) z System
  • 37. © 2015 IBM Corporation37 Closer look at some Mobile Connectivity scenarios REST Proxy Provider JSON / XML / SOAPREST JSON or XML / HTTP(s) Mobile Consumer  SSL offload  Enforcement point for centralized security policies – Authentication, Authorization, OAuth 2.0, Audit – Threat protection for XML and JSON – Message validation and filtering  Centralized management and monitoring point – Traffic control / Rate limiting  Routing / Intelligent load distribution to Provider  RESTful façade to non-REST Provider REST Service Gateway for Mobile Apps Provider HTTP(s) GETHTTP(s) GET JSON or HTML/XHTML Mobile Consumer XML Application Acceleration for Mobile Apps  Offload heavy lifting of message transformation from the Provider  Transform to a format best suited for the requesting Mobile App – JSON for native/hybrid app – HTML/XHTML for browser based IBM DataPower Gateway IBM DataPower Gateway  Cache response data from Provider – Locally on the appliance – Externally to elastic caching XC10
  • 38. Sportsbet leverages IBM DataPower appliances to drive mobile business growth Challenges Business -Increase demand for mobile services while bolstering security & cost optimization IT - Securely integrate mobile apps with e-commerce platform & APIs to address performance, capacity management & decoupling front-end apps from back-end business logic Solution IBM DataPower appliance XG45 as a mobile security & integration gateway Benefits Time to value - Rapid implementation enabled the business to quickly integrate the middle layer in just 2 weeks vs. 2 months with a competitor’s product Performance - Processed ~4000 transactions per minute increasing performance 4X Security & Agility - Separation of concern between consumer applications & core e-commerce system, through security, translation & transformation logic in the gateway - Enterprise Architecture Manager, Sportsbet “DataPower forms our mobile middle layer & our API infrastructure for all future consumer apps”
  • 39. Sprint leverages IBM DataPower appliances to rapidly & securely grow mobile revenue Challenges Business - Grow mobile revenue while protecting customer privacy and optimizing costs IT - Integrate mobile devices, addressing security, speed, scalability and optimization of demand on existing application infrastructure Benefits Time to value - Drop-in rack-ready solution for rapid deployment enables the business to quickly launch a new mobile device within a month Scale on demand - 50 billion transactions/month for external ad gateway - 1 billion transactions/month for internal users Solution - IBM DataPower Integration Appliance XI52 as a security & integration gateway for external and internal use - IBM DataPower Caching Appliance XC10 as a side cache to increase customer responsiveness
  • 40. © 2015 IBM Corporation40 Agenda  DataPower Gateway Overview  Security & Optimization Gateway  Mobile Connectivity  API Management  Integration  Mainframe Integration & Enablement  B2B
  • 41. © 2015 IBM Corporation41 Use Case: API Management Securely & Rapidly Create, Socialize & Manage Business APIs to engage with a Developer ecosystem
  • 42. © 2015 IBM Corporation42 IBM API Management: One Integrated Platform design, secure, control, publish, monitor & manage APIs Explore API documentation Provision application keys Self-service experience Developer Portal API Manager Management Console Define and manage APIs Explore API usage with analytics Manage API user communities Provision system resources Monitor runtime health Scale the environment API Gateway (IBM DataPower) Enforce runtime policies to control API traffic
  • 43. © 2015 IBM Corporation43 Consumer (Systems of Engagement) Provider (Systems of Record) API Management Solution Partner App Developer API API API API Gateway (DataPower) Developer Portal Syndication Creation & Assembly Policy Management Monitoring & Analytics Security & Control Lifecycle Mgmt & Governance External App Developer Mobile & Web Apps Internal App Developer API Management App / API Provider, Middleware, Datastore, z System On-premise OR Cloud Business Partner Apps Enterprise Internal Apps
  • 44. © 2015 IBM Corporation44 Business Challenge Business Challenge  Accelerate end-to-end mobile application development  Reduce time to configure and manage software, prepare test environments  Enhanced analytics on the usage of their services  Increased performance to handle peak seasonal volumes Solution  IBM API Management, DataPower, Worklight, PureSystems Business Value  Enhanced user experience enabling quick access to customer information using OAuth authentication replacing custom security solution  Ability to access backend data through DataPower/API Management using RESTful services  Easily handle traffic spikes, enabling easier capacity planning Large Financial institution provides secure mobile access to customer information $
  • 45. © 2015 IBM Corporation45 Business Challenge  Difficult for internal partners and developers to discover & access key financial services  Lacked a standard ecosystem to manage internal partners including global credit card companies and merchants  No visibility on Service consumption or ability to chargeback for LoB use of Services Example Apps Solution  IBM API Management & DataPower Leading Global Commercial Bank provides easy & secure access to key financial services Business Value  Offers 3rd party merchants secure standards-based access to key business services as APIs, with a self-service experience  Provides an internal ecosystem for partners and a central repository with usage analytics  Drives innovation for Mobile application development $
  • 46. © 2015 IBM Corporation46 Business Challenge Business Challenge  External business partners retrieve flight information by scraping the company’s website  Unauthorized access to full flight information , with no usage analytics  Delays in updating website – difficult for authorized partner to test changes  REST-based API had just been built but security was not in place Solution  IBM API Management & DataPower Business Value  Easily and securely connect company Website to new APIs, saving cost of building OAuth based secure access  Enable secure exposure of APIs to External Business Partners, saving the implementation cost of building a developer support infrastructure with access management  Ability to leverage existing investment in IBM DataPower gateway and internal team skillset  Enable secure Mobile app integration with Enterprise APIs Large Airline in North America provides authorized access to flight services
  • 47. © 2015 IBM Corporation47 Leading European Auto Manufacturer provides innovative vehicle connectivity with IBM API Management Business Challenge  Offer innovative connectivity services to customers, improve the driver experience, improve safety, and create new revenue sources  Improve driving conditions with driver profiling, eco-driving, fleet management, reduce accident risk  Collect data to monetize them for partners Solution  IBM API Management, DataPower & MessageSight Business Value  “Always connected” low-latency reliable communications with the car systems/apps and customer mobile apps  Vehicle data APIs published on secure developer portal  Internal & external developers use vehicle data to develop mobile applications  Drives innovation for Mobile application development
  • 48. © 2015 IBM Corporation48 Business ChallengeBusiness Challenge  Difficult for internal partners and developers to discover & access key retail services  Leverage mobility as a revenue stream and manage internal and external business partners  No visibility on Service consumption or ability to chargeback for LoB use of Services Solution  IBM API Management & DataPower Business Value  Offers 3rd party merchants secure standards-based access to key business services as APIs, with a self-service experience  Provides an internal ecosystem for partners and a central repository with usage analytics  Drives innovation for Mobile application development Leading Retailer in North America provides easy & secure access to retail services
  • 49. © 2015 IBM Corporation49 Agenda  DataPower Gateway Overview  Security & Optimization Gateway  Mobile Connectivity  API Management  Integration  Mainframe Integration & Enablement  B2B
  • 50. © 2015 IBM Corporation50 Use Case: Enterprise Integration Consumable integration solution for securely connecting applications & services while optimizing delivery of workload
  • 51. © 2015 IBM Corporation51 Integration • Dynamically route based on any message content – Attributes such as the originating IP, requested URL, protocol headers, etc. – Data within the message such as SOAP Headers, XML, Non-XML content, etc. • Query a repository for routing information – WebSphere Service Registry & Repository, XML files, Databases, Web Servers Content-Based Routing Service Providers Unclassified Requests  Transform the message format with ultimate flexibility – Leverage WebSphere Transformation Extender for data mapping Any-To-Any Message Transformation <XML/> TEXT binary Input Message Output Message <XML/> TEXT binary ? ? WebSphere TX Design Studio
  • 52. © 2015 IBM Corporation52 Integration Transport Protocol Translation  Integrate disparate transport protocols with extreme ease – No dependencies between inbound “front-side” and outbound “back-side” – Examples: HTTP(s), WebSphere MQ, WebSphere MQ FTE, WebSphere JMS, Tibco EMS, SFTP, FTP(s), NFS, IMS, Database (DB2, Oracle, Sybase, SQL Server)  Support synchronous, asynchronous, pub-sub, assured-delivery, once-and-only once message patterns HTTP(s) FTP(s) SFTP WebSphere MQ, MQ FTE WebSphere JMS Database DB2, SQL Server, Oracle, Sybase, TIBCO EMS IMS NFS
  • 53. © 2015 IBM Corporation53 Integration Consumer Provider SOAP / HTTP(s) MQ Queue Manager Cobol / MQ Format & transport bridging Message Format & Transport Protocol Mediation Example Outside World Internal NetworkDMZ ProtocolFirewall HTTP(s) FTP(s) SFTP(SSH) WMQ(s) WS JMS TIBCO EMS ODBC DomainFirewall ACL DB LDAP Packaged Apps Proprietary Apps Data Packaged Apps Proprietary Apps Data Internet JMS EMS FTP NFS Packaged Apps Proprietary Apps Data Packaged Apps Proprietary Apps Data Packaged Apps Proprietary Apps Data DataPower Gateway HTTP WMQ IMS Connect Enhanced Security DMZ SaaS Partner Apps Browsers • Content based routing • Message enrichment • Message transformation • Transport protocol translation • AAA, Threat protection • Message validation & filtering • Traffic control / Rate limiting Integration Scenario • Intelligent content based routing • Intelligent load distribution • Local and distributed caching
  • 54. © 2015 IBM Corporation54 Core Services Core Data UK Government Agency Enables integration capabilities using DataPower Solution  DataPower in key network zones within and outside of the department  Thorough content-based validation, routing, and security policy enforcement  Integrated seamlessly into heterogeneous environment increasing interoperability & promoting reuse Benefits  Ease of integration  Security assurance of the architecture  Secure SOA on standards-based platform  Consistent experience and policy for all users Challenge  Data held in the back-end systems vital to delivering citizen services, fraud detection across various layers of the Governments across the EU  Vulnerable back-end services  Security  Capacity/ SLA  Consistent usability experience for internal or external service consumers Integration Layer Government network Other EU Countries Other UK Departments Internal Users
  • 55. © 2015 IBM Corporation5555 Security & Integration Scenario – Financial Firm
  • 56. © 2015 IBM Corporation56 Centralized Service Governance & Policy Enforcement  Complete SOA Governance solution – WSRR for web service life-cycle policy management – DataPower for web service run-time policy enforcement  Use WebSphere Service Registry & Repository (WSRR) to store, publish, and govern your web services – DataPower can subscribe or poll web services information from WSRR  Automatically expose services and policies in DataPower via WSRR subscription – Include WS-Policy, WS-Security Policy statements via WS-PolicyAttachment – Retrieve WSDLs by specific version number  Dynamically retrieve run-time routing information from WSRR WSRR (Policy Administration Point) Consumer Service Message Message Message Message ITCAM for SOA (Policy Monitoring Point) Discover Services & Policy Monitor Services DataPower (Policy Enforcement Point)  Centralized transaction monitoring – ITCAM for SOA  Support for UDDI v2 and v3 for UDDI registries
  • 57. © 2015 IBM Corporation57 Agenda  DataPower Gateway Overview  Security & Optimization Gateway  Mobile Connectivity  API Management  Integration  Mainframe Integration & Enablement  B2B
  • 58. © 2015 IBM Corporation58 Use Case: Mainframe integration & enablement Offload processing for reduced MIPS Web Services Enablement for IMS, CICS, DB2
  • 59. © 2015 IBM Corporation59 Broad integration with System z Client SOAP/HTTP` SOAP/HTTP CCB / MQ IMS SOAP Gateway WAS+IMS connector DataPower IMS O T M A IMSApplication MQServer MQ Brdg • Connect to existing applications over WebSphere MQ, HTTP • Transform XML to/from COBOL Copybook for legacy needs • Integrate with RACF security from DataPower AAA • Dynamic crypto material retrieval & caching, or offload crypto ops to z • Connect to IMS – Via IMS Connect client – Via Web Services – Via WebSphere MQ – Via IMS DB – Connect from IMS via “Callout” • Connect to CICS – Via WebSphere MQ – Via Web Service • Connect to DB2 – Via Web Service – Via direct ODBC call with ODBC Client option DRDA DB2
  • 60. © 2015 IBM Corporation60 • IMS Callout feature allows IMS transactions to easily consume external web services via DataPower, with minimal application updates required Enhanced value for System z & IMS  IMS DB feature supports DataPower integration with IMS database through SQL interface ‒ Enrich messages with database content ‒ Expose data as a service to remote applications Client SOAP / REST ` DataPower DRDA IMS O T M A App1 IMS Connect App2 Service Provider SOAP / REST ` DataPower TCP/IP Service Consumer IMS Callout
  • 61. © 2015 IBM Corporation61 Core banking platform on Z An Irish Bank Enabling retail banking Solution  DataPower in trusted network exposed services for XML/ HTTP(S) and protocol bridging to WebSphere MQ  Message validation and transformation using WebSphere Transformation Extender (WTX) Benefits  Retail application acceleration through transformations and caching  Optimized platform for handling, parsing and processing payloads Challenge  Retail application contained 7000 screens; slow response times over dedicated proprietary network.  Cost of processing XML on the mainframe.  Message transformation needed before the core banking platform could process requests. DataPower Q Branch Network Q Q Q Q Branch Application (web based)
  • 62. © 2015 IBM Corporation62 Customer & Product related application and systems on Z High Street Clothing and Fashion Accessories Retailer Increase customer interaction and loyalty Solution  DataPower acted as a reverse proxy for:  Outbound messages via a service provider  Inbound customer updates/ delivery notifications  Transform SOAP/ XML payload to COBOL copybook messages for CICS application Benefits  Create customer interaction and value through innovative business strategy.  Integrate various suppliers using standards based interfaces securely.  Graphical configuration driven appliance; short learning curve Challenge  Highly competitive industry; first mover advantage  Weak customer loyalty  Multi channel customer experience  Complex supply chain and service providers DataPower Q Open Internet Q
  • 63. © 2015 IBM Corporation63 IMS Integration Web Services Security and Management for IMS Web Services • Content-based Message Routing • Protocol Bridging (HTTP, MQ, JMS, FTP, etc.) • XML/SOAP Firewall • Data Validation • Field Level Security • XML Web Services Access Control/AAA • Web Services Management Client SOAP / REST` SOAP/HTTP IMS SOAP Gateway WAS+IMS connector DataPower
  • 64. © 2015 IBM Corporation64 DataPower IMS Integration Web Services Enablement for IMS-based Services IMS O T M A IMSApplication MQServer MQ Brdg  DataPower provides WS-enablement to IMS applications  User codes schema-dependent WTX data map to perform request/response mapping  Requires WebSphere MQ for z/OS – MQ bridge to access IMS – MQ connectivity is embedded in DataPower CCB / MQ Client SOAP / REST`
  • 65. © 2015 IBM Corporation65 DataPower IMS Integration Web Services Enablement for IMS-based Services (cont’d) CCB / TCP Client SOAP / REST` IMS O T M A Appl1 IMS Connect Appl2 Appl3 IMS O T M A Appl4 Appl5 Appl6 User exit (e.g.. HWSSM PL0)  DataPower provides WS-enablement to IMS applications  User codes schema-dependent WTX data map to perform request/response mapping  “IMS Connect Client” (back-side handler) natively connects to IMS Connect using its custom request/response protocol
  • 66. © 2015 IBM Corporation66 DataPower IMS Integration IMS Connect Reverse Proxy CCB / TCPClient IMS Connect TCP ` IMS O T M A Appl1 IMS Connect Appl2 Appl3 IMS O T M A Appl4 Appl5 Appl6 User exit (e.g.. HWSSM PL0)  Bring DataPower value add to standard IMS connect usage patterns  Provide an “IMS Connect Client” on DataPower that natively connects to IMS Connect  Provide an “IMS Connect Server” on DataPower that accepts IMS Connect client connections and provides an intermediation framework that leverages DataPower – Enables authentication checks, authorization, logging, SLM, transformation, route, DB look-up, SSL offload, etc.
  • 67. © 2015 IBM Corporation67 DataPower DB2 Integration “Information as a Service” DRDA Client SOAP / REST`  DataPower provides a standard WS façade to DB/2 – Common tool (IBM Data Studio 1.2+) to generate WSDL and data mapping in both Data Web Services runtime and DataPower – SOAP call is mapped to an ODBC (DRDA) invocation  Exposes database content (information) as a service  Leverages extensive Web Services security and management capabilities of DataPower to more securely expose critical data to the enterprise DB2
  • 68. © 2015 IBM Corporation68 CICS Integration Web Services Security and Management for CICS Web Services • Content-based Message Routing • Protocol Bridging (HTTP, MQ, JMS, FTP, etc.) • XML/SOAP Firewall • Data Validation • Field Level Security • XML Web Services Access Control/AAA • Web Services Management • Support CICS ID propagation Client SOAP / REST ` SOAP/HTTP CICS Web Services WAS+CICS connector DataPower
  • 69. © 2015 IBM Corporation69 DataPower CICS Integration Web Services Enablement for CICS Applications  DataPower provides WS-enablement to CICS applications  User codes schema-dependent WTX data map to perform request/response mapping  Requires WebSphere MQ for z/OS – MQ bridge to access CICS – MQ connectivity is embedded in DataPower CCB / MQ Client SOAP / REST` CICS CICSApplication MQServer CICS Brdg
  • 70. © 2015 IBM Corporation70 Agenda  DataPower Gateway Overview  Security & Optimization Gateway  Mobile Connectivity  API Management  Integration  Mainframe Integration & Enablement  B2B
  • 71. © 2015 IBM Corporation71 Use Case: B2B integration Extend integration beyond the enterprise to partner community
  • 72. © 2015 IBM Corporation72 DataPower B2B Functionality Extend beyond the enterprise to integrate with partners • B2B Gateway Service – AS1, AS2, AS3 and ebMS v2.0 – Plaintext email support – EDI, XML and Binary Payload routing – Front Side Protocol Handlers – Hard Drive Archive/Purge policy – CPA and Partner Profile Associations – MQ File Transfer Edition integration • Trading Partner Profiles – Two Types – Internal and External – ebXML CPPA v2.0 – Multiple Business IDs – Multiple Destinations (URL Openers) – Certificate Management (S/MIME Security) – Multi-step processing policy • B2B Viewer – B2B transaction viewing – MQ FTE transaction viewing – Transaction resend capabilities – Transaction and Acknowledgement correlation – Role based access • Persistent Storage – AES Encrypted B2B document storage – Option for Off-Box Storage (NFS) • Transaction Store – B2B metadata storage – B2B state management DataPower B2B Gateway Service Partner Connection Front Side Handlers Internal Partner Destinations Integration Front Side Handlers External Partner Destinations B2B Viewer Metadata Store (DB) Document Store (HDD) Partner Profiles
  • 73. © 2015 IBM Corporation73 UK Logistics and Distribution Benefits  Create customer interaction and value through innovative business strategy.  Integrate various suppliers using standards based interfaces securely.  Graphical configuration driven appliance; short learning curve Challenge  AS2, File and Web Services based interfaces to 100s of B2B customers.  Messages are exchanged at least once a day  Secure proxy solution in the DMZ  Complex incumbent supplier chain
  • 74. © 2015 IBM Corporation74 Health Insurance Provider Smarter Business Outcomes:  Reliable and secure routing of customer sensitive data  Easy to use and maintain; no additional skill needed  XML Messages with attachments are authenticated, authorized, and virus scanned Industry Pains:  HIPAA Security requirements for transporting data over the Internet  HL7 v3.0 XML threat protection  Complexity of B2B for healthcare Secure appliance form factor providing secure connections to trading partners, advanced threat protection and reliable file delivery of confidential medical information Value of DataPower B2B Appliances for Extending Connectivity?
  • 75. © 2015 IBM Corporation75 Internet EDIINT Flow: Simple AS2 transaction flow with Transform Application Browser Application EDI XML AS2 (EDI) AS2 (MDN) B2B Hub Partner BPartner A XB62 AS2 Process B2B Gateway Service Transaction Viewer Note: This flow works the same for any AS protocol as well as for ebMS B2B messages. Data Store 4 3a 3b2 1 5
  • 76. © 2015 IBM Corporation76 Internet Web Services bridged to AS2 File Transfer Pattern WS Client Browser Flat B2B Hub Partner BPartner A XB62 Web Service Process Web Service Proxy Transaction Viewer B2B Gateway Service AS2 Pre-ProcessFlat SOAP Note: A Multi-Protocol Gateway Service can also be used to support this flow as well as receiving and sending data over any of the 16 supported protocol handlers. When Services are tied together in front of or behind a B2B Gateway Service they are handled like pre and post processes. Data Store 7 4 5 6 3 2 1
  • 77. © 2015 IBM Corporation77 Internet MQ FTE Integration Pattern – Inbound File to Message Browser (LOB User) XB60 TradingPartner XB62 B2B Gateway Service Transaction Viewer Profile Mgmt Data Store Browser (Admin) Browser (Partner view) Server Source Agent Data Store Applications Enterprise Target Agent MQFTE Network Queue Manager Queue Manager Queue ManagerQueue Manager MQ Explorer DB Logger (DB2 or Oracle) 1 4 2a 3 6 5 2
  • 78. © 2015 IBM Corporation78 Browser B2B Gateway Service WebSphere DataPower B2B Appliance Applications Transaction Viewer Collaboration Partner Agreement Entries Internal Collaboration Partner Profile External Collaboration Partner Profile CPAId / Collaboration Collaboration Protocol Agreement Entry Internal Collaboration Partner Profile External Collaboration Partner Profile CPAId / Collaboration External Partners Internet ebMS (Ack) ebMS (ebXML)) ebXML ebXML with CPPA Pattern 5 4 3 2 1 DMZ Secured Network Public Network Collaboration Partner Agreement Entries Internal Collaboration Partner Profile External Collaboration Partner Profile CPAId / Collaboration
  • 79. © 2015 IBM Corporation79 B2B Hub AS2 Process Healthcare Applications Partner B Hospital Internet AS2 (HL7 V3) AS2/MDN B2B Appliance B2B Gateway Service Profiles Internal Profile Regional Center Validate XML and Transform to any V.2.x format External Profile Hospital Transaction Viewer Healthcare Applications HL7V3 Partner A Regional Healthcare Center Any Transport HL7 V2.x Any Transport HL7 V3.x 5 4 3 2 1 6 Health Level 7 3.x to 2.x Transform Pattern
  • 80. © 2015 IBM Corporation80 Securing HL7 over the Internet with Integration to the WebSphere Healthcare Connectivity Pack TradingPartner XB62 B2B Gateway Service Transaction Viewer Profile Mgmt Data Store Browser (Admin) Browser (Partner view) Clinical Trials System WebSphere Healthcare Connectivity Pack Healthcare Provider Internet 1 2a 3 5 2 WebSphere MQ Patient Administration System Billing System 4 AS2 (HL7)) AS2 (MDN)) HL7/MQ HL7/MLLP HL7/MLLP XML/HTTP Pharmacy HL7/MLLP
  • 81. © 2015 IBM Corporation81 Resources
  • 82. © 2015 IBM Corporation82 DataPower on GitHub  Repository of DataPower related tools & collateral  Open source  Community driven: Use, collaborate, contribute  http://ibm-datapower.github.io/  DataPower Configuration Manager  Tool for DataPower configuration management & migration  Standalone command line or IBM UrbanCode Deploy plugin  https://github.com/ibm-datapower/datapower-configuration-manager  https://github.com/ibm-datapower/datapower-configuration-manager/wiki/Easy-On-Ramp  DPXMLSH  Bash script / shell library for working with DataPower’s XML Management interface  Interactive & scripted use  https://github.com/ibm-datapower/datapower-xml-shell
  • 83. © 2015 IBM Corporation83 Getting Social with IBM DataPower Gateways DataPower on Slideshare LinkedIn IBM DataPower Gateway Group developerWorks BlogYouTube IBM DataPower Gateway Channel Twitter @IBMGateways Online User Forum • YouTube Channel: IBM DataPower Gateways • Slideshare: IBM DataPower Gateway • Twitter: @IBMGateways • LinkedIn Group: IBM DataPower Gateway • developerWorks blog: IBM DataPower Gateway • GitHub: IBM DataPower Gateway • Online User Forum • Product page on ibm.com • Product documentation
  • 84. © 2015 IBM Corporation84 Available Now: DataPower Handbook, Second Edition, Volume 1  Known as the ‘bible’ of DataPower planning, implementation, and usage.  New content to cover previous six years of new products/features, including 9006/7.1!  Volume 1 consists of Chap 1 DataPower Intro, Chap 2 Setup Guide, new Preface and two invaluable new appendices for physical and virtual appliances. Available in softcover and e-book formats
  • 85. © 2015 IBM Corporation85 BACKUP
  • 86. © 2015 IBM Corporation86  Simple Architecture: Purpose-built firmware + hardware  Complete gateway platform delivered as firmware  Guiding philosophy is to centralize common security, integration, control, traffic management, acceleration functions and optimize them in a security-hardened gateway appliance Simple and Secure Architecture Display Ports database config App Server config Apache HTTPD config JVM config Proprietary Software config Linux Daemons config JSP Engine glibclibxml Full Linux OS (including shells and user accounts) config Bootable CDROM Drive Bootable USB Ports Hardware Commodity Gateways config Hardware DataPower Gateway Platform Digitally Signed and Encrypted Firmware Flash Memory Crypto Acceleration IBM Optimized Embedded Operating Environment Purpose-built Gateways
  • 87. © 2015 IBM Corporation8787 Configuration-driven approach speeds time to market • Enforce security standards with zero coding • Uses intuitive pipeline message processing • Import/export configurations between environments • Transaction probe shows message content between actions for debugging 87
  • 88. © 2015 IBM Corporation88 Capabilities Rapidly deliver secure integration & optimized access for a full range of workloads • Secure & protect your back-end systems from harmful workloads and unauthorized users & apps • Convert payloads, bridge transports and connect to existing services at wire-speed • Limit & shape traffic based on service level agreements, and route based on message content • Improve response times, reduce load on backend systems and intelligently distribute load Secure Control Integrate Optimize Before DataPower Gateway After DataPower Gateway Control Integrate Optimize SecureConsumer Consumer Consumer Consumer
  • 89. © 2015 IBM Corporation89 SSL Offload Threat Protection Rate Limiting / SLA Enforcement Validation, Filtering Authentication, Authorization Context-based Access, Mobile SS0 Security Token Translation Message Transformation Content-Based Routing Intelligent Load Distribution Response Caching Connect Mobile Apps with Enterprise Services Securely expose enterprise systems & APIs to Mobile Apps while optimizing delivery
  • 90. © 2015 IBM Corporation90 • Data format & language – JavaScript ‒ JSON ‒ JSON Schema ‒ JSONiq ‒ REST ‒ SOAP 1.1, 1.2 ‒ WSDL 1.1 ‒ XML 1.0 ‒ XML Schema 1.0 ‒ XPath 1.0 ‒ XPath 2.0 (XQuery only) ‒ XSLT 1.0 ‒ XQuery 1.0 • Security policy enforcement ‒ OAuth 2.0 ‒ SAML 1.0, 1.1 and 2.0, SAML Token Profile, SAML queries ‒ XACML 2.0 ‒ Kerberos (including S4U2Self, S4U2Proxy) ‒ SPNEGO ‒ RADIUS ‒ RSA SecurID OTP using RADIUS ‒ LDAP versions 2 and 3 ‒ Lightweight Third-Party Authentication ‒ Microsoft Active Directory ‒ FIPS 140-2 Level 3 (w/ optional HSM) ‒ FIPS 140-2 Level 1 (w/ certified crypto module) ‒ SAF & IBM RACF® integration with z/OS ‒ Internet Content Adaptation Protocol ‒ W3C XML Encryption ‒ W3C XML Signature ‒ S/MIME encryption and digital signature ‒ WS-Security 1.0, 1.1 ‒ WS-I Basic Security Profile 1.0, 1.1 ‒ WS-SecurityPolicy ‒ WS-SecureConversation 1.3 DataPower Gateway: Supported standards & protocols • Transport & connectivity – HTTP, HTTPS, WebSocket Proxy – FTP, FTPS, SFTP – WebSphere MQ – WebSphere MQ File Transfer Edition – TIBCO EMS – WebSphere Java Message Service – IBM IMS Connect, & IMS Callout – NFS – AS1, AS2, AS3, ebMS 2.0, CPPA 2.0, POP, SMTP (XB62) – DB2, Microsoft SQL Server, Oracle, Sybase, IMS • Transport Layer Security ‒ TLS versions 1.0, 1.1, and 1.2 ‒ SSL versions 2 and 3 • Public key infrastructure (PKI) ‒ RSA, 3DES, DES, AES, SHA, X.509, CRLs, OCSP ‒ PKCS#1, PKCS#5, PKCS#7, PKCS#8, PKCS#10, PKCS#12 ‒ XKMS for integration with Tivoli Security Policy Manager (TSPM) • Management ‒ Simple Network Management Protocol ‒ SYSLOG ‒ IPv4, IPv6 • Open File Formats ‒ Distributed Management Task Force (DMTF) Open Virtualization Format (OVF) ‒ Virtual Machine Disk Format (VMDK) ‒ Virtual Hard Disk (VHD) Link to Product Documentation • Web services – WS-I Basic Profile 1.0, 1.1 – WS-I Simple SOAP Basic Profile – WS-Policy Framework – WS-Policy 1.2, 1.5 – WS-Trust 1.3 – WS-Addressing – WS-Enumeration – WS-Eventing – WS-Notification – Web Services Distributed Management – WS-Management – WS-I Attachments Profile – SOAP Attachment Feature 1.2 – SOAP with Attachments (SwA) – Direct Internet Message Encapsulation – Multipurpose Internet Mail Extensions – XML-binary Optimized Packaging (XOP) – Message Transmission Optimization Mechanism (MTOM) – WS-MediationPolicy (IBM standard) – Universal Description, Discovery, and Integration (UDDI versions 2 and 3), UDDI version 3 subscription – WebSphere Service Registry and Repository (WSRR)
  • 91. © 2015 IBM Corporation9191 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 Gigabit/Sec HW Solution Acquisition ITCAM for SOA (Transaction Monitoring) Model 9235 (aka 9004) Model 7993 (aka 9003) WebSphere Transformation Extender XA35 XS40 XI50 XB60 2012 XG45, XI52 & XB62 XI50B Blade WebSphere Appliance Management Center Optimized Interpreter and Compiler Optimized Hardware Acceleration 2013 2014 Application Optimization (Self-Balancing & Intelligent Load Distribution) XI50z Blade Virtual Edition (VMware) Virtual Edition (PureApplication System) Virtual Edition (for Developers + XenServer) Optimized & secure JavaScript Multi-channel Gateway Consolidated Gateway Platform ISAM Proxy Module Over 14 years of innovation & 2000+ global installations IBM DataPower Gateway

×