IBM DataPower Appliances - What's new in 2013 (v6.0)
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

IBM DataPower Appliances - What's new in 2013 (v6.0)

on

  • 17,677 views

 

Statistics

Views

Total Views
17,677
Views on SlideShare
17,229
Embed Views
448

Actions

Likes
1
Downloads
343
Comments
0

19 Embeds 448

http://itdiver.blogspot.ru 368
http://itdiver.blogspot.com 42
http://itdiver.blogspot.co.il 8
http://feeds2.feedburner.com 7
http://itdiver.blogspot.de 5
http://www.feedspot.com 4
http://itdiver.blogspot.fi 2
http://inoreader.com 1
http://feedly.com 1
http://itdiver.blogspot.co.uk 1
http://itdiver.blogspot.fr 1
http://itdiver.blogspot.com.es 1
https://twitter.com 1
http://itdiver.blogspot.hu 1
http://cloud.feedly.com 1
https://home.jolicloud.com 1
http://prlog.ru 1
http://itdiver.blogspot.no 1
http://hotingwow.blogspot.tw 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

IBM DataPower Appliances - What's new in 2013 (v6.0) Presentation Transcript

  • 1. © 2013 IBM CorporationWhat’s New in DataPower Appliances V6.0Arif SiddiquiProduct Manager, DataPower AppliancesIBM
  • 2. 22 © 2013 IBM CorporationAgenda• DataPower Quick Overview• What’s new in DataPower Virtual Edition• What’s new in DataPower v6.0
  • 3. 33 © 2013 IBM CorporationIntroduction to DataPower GatewayAppliancesIBM DataPower Gateway Appliances are the industry-leadingSecurity & Integration gateways that help provide security, control, integrationand optimized access to a full range ofMobile, Web, API, SOA, B2B and Cloud workloads
  • 4. 44 © 2013 IBM CorporationSecurity & Integration Gateway Appliances• Securely expose enterprise data to external consumers/partners, while optimizing delivery of theworkload• Securely connect apps/services within the enterprise, while optimizing delivery of the workload andproviding integration including XML offload, message validation/filtering, message/transport protocoltransformation, traffic control/quota enforcement, SOA governance & management, dynamic routing &intelligent load distribution• Physical appliance that is purpose-built, tamper-evident with simplified deployment combiningsuperior performance, hardened security, increased ROI and reduced TCO• Provides high levels of certified Security assurance‒ e.g. Transport Protocol Security (SSL/TLS), Message Level Security, and Authentication,Authorization, Audit• Simplified maintenance model‒ Drop-in appliance form-factor, Secures traffic in minutes, and Push-button flash upgrade process• Over a decade of innovation. 2000 worldwide installations. 10,000+ physical units sold• Virtual appliance provides deployment flexibility & reduced cost for development and testenvironmentsIBM DataPower Gateway AppliancesInternet Trusted DomainConsumerApplication or ServiceDMZDataPower DataPowerConsumer
  • 5. 55 © 2013 IBM CorporationInternet Trusted DomainConsumerApplication or ServiceSystem zDMZDataPower DataPowerIBM IntegrationBusApplication Service FileTrading partnersDataPower appliances used across a variety of scenarios1 Security Gateway(Web Services/Apps/APIs)2 Intelligent ContentRouting & Load Distribution3 B2B Partner Gateway4 Internal Security Enforcement5 Integration6 Runtime SOA Governance7 Web Service Management8 Legacy IntegrationConsumer
  • 6. 66 © 2013 IBM CorporationUpdate applicationservers individuallyBefore DataPower AppliancesSecure, control, integrate, &optimize all applications instantlyNo changes to applicationsAfter DataPower AppliancesSecure, control, integrate & optimize multiple applications without code changesLower cost and complexityEnable new business with unmatched performanceUse appliances to simplify & centralize critical functionsControlIntegrateRoute & OptimizeSecure
  • 7. 77 © 2013 IBM Corporation• Control‒ Service-level agreements‒ Traffic control‒ Message accounting‒ Content-based routing‒ Governance & management• Optimization‒ SSL & TLS offload‒ Hardware accelerated crypto ops‒ XSLT & XQuery acceleration‒ JSONiq acceleration‒ Connection pooling, offload‒ Intelligent load distribution‒ Caching: Local & external (XC10)• Security‒ OAuth, SAML, XACML, WS-Security, LTPA, Kerberos, etc‒ Authentication & authorization‒ Security token translation‒ Message & transport protection• Integration‒ Convert payloads (JSON, XML,CSV, Cobol, binary, etc)‒ Bridge transports (HTTP, MQ, FTP,WAS JMS, TIBCO EMS, etc)‒ Database connectivity (DB2, IMS,Oracle, MS SQL, Sybase)‒ Mainframe integration (IMSConnect, IMS Callout, CICS, etc)‒ B2B integration (AS1,AS2,AS3,etc)• Resilience‒ Operation admission control‒ Failure re-routing‒ XML threat protection‒ JSON threat protection‒ Schema validation‒ Messages filteringClientsIn-the-ClearRequestMaliciousRequestCobol/MQApplCobol/MQEncrypted andSigned RequestServiceProvidersIBM DataPower Gateway Appliance capabilities
  • 8. 88 © 2013 IBM CorporationDataPower FamilyIntegration Appliance XI52High density 2U form, XG45 functionality plus“Any-to-Any” conversion at wire-speedBridges multiple transport protocolsMainframe integration & enablementAvailable in Virtual EditionService Gateway XG45Entry-level device, slim footprint (1U)Security gateway (AAA, XML threat, etc)Service level management and monitoringIntelligent load distribution & dynamic routingLightweight integration functions (optional)Available in Virtual EditionB2B Appliance XB62High density 2U form, XI52 functionality plusB2B Messaging (AS1/AS2/AS3/ebMS)Trading Partner Profile ManagementB2B Transaction ViewerIntegration Blade XI50B/XI50zFunctionally equivalent to XI52Form factor flexibilityXI50B: BladeCenter form factorXI50z: zEnterprise BladeCenter Extension (zBX)form factor
  • 9. 99 © 2013 IBM Corporation• Used by 95% of top global insurancesfirms• SaaS providers, ASPs, regulators, etc.• Agencies and ministries• Defense and security organizations• Crown corporationsInsuranceGovernmentBanking• Healthcare• Retailers• Utilities, Power, Oil and Gas• Telecom• Airlines• etc.Many, many, more• Majority of the big US and Europeanbanks• All of the big 5 Canadian banks• Numerous regional banks and creditunionsDataPower Gateway AppliancesOver a decade of innovation & over 2000 worldwide installations
  • 10. 1010 © 2013 IBM CorporationAgenda• DataPower Quick Overview• What’s new in DataPower Virtual Edition• What’s new in DataPower v6.0
  • 11. 1111 © 2013 IBM CorporationDataPower Appliances extend its marketleading Security & Integration Gatewayfunctionality into Virtual Appliancesproviding deployment flexibilityBusiness IntegrationBusiness Value:Industry-leading workload security, optimization, andintegration functionality similar to the corresponding physicalDataPower appliance modelsA flexible, cost effective Security & Integration Gateway fornon-production environmentsA production solution for environments not suitable forphysical appliance deploymentWhat’s new:WebSphere DataPower XG45 & XI52 physical appliancefunctionality in a “virtual appliance” form-factor running onVMware hypervisor on x86 servers, IBM PureApplicationSystem W1500, & IBM Workload Deployer platformsAbility to upgrade & downgrade firmware similar to physicalappliancesSeamless configuration migration between physical andvirtual appliancesPowered by a purpose-built platform including an embedded,optimized DataPower Operating Systemx86 ServerIBM DataPower Virtual EditionDeployment flexibility & reduced cost for development and test environments
  • 12. 1212 © 2013 IBM CorporationIBM DataPower Virtual Edition: OverviewVMware ESX v4.0 Update 2, v4.1 OR ESXi v4.0 Update 2, v4.1, v5.0, v5.1HypervisorMinimum virtual resources for each virtual edition appliance: 4 vCPU (i.e. virtual core) and 4GB RAMRequirementsDelivered as an Open Virtualization Archive (OVA) packagePackagePriced based on Processor Value Unit (PVU). Available through Passport Advantage.Pricingx86 Servers, IBM PureApplication System W1500, IBM Workload Deployer utilizing x86 hardwarePlatformTwo functionally equivalent versions, Production & Non-Production, for each product. Each licensed and pricedseparately:XG45 Virtual Edition for Non-Production Environments: For non-production use. Includes following optionalfeatures at no additional cost: Application Optimization, Data Integration ModuleXG45 Virtual Edition: For production use. All optional features must be ordered separately, all are fieldupgradeable.** Both XG45 Virtual Edition versions include Tivoli Access Manager feature in the base product like physical appliancemodelsXI52 Virtual Edition for Non-Production Environments: For non-production use. Includes following optionalfeatures at no additional cost: Application Optimization, Database Connectivity, Tivoli Access Manager** TIBCO EMS option must be ordered separatelyXI52 Virtual Edition: For production use. All optional features must be ordered separately, all are field upgradeable.VersionSame workload security, optimization, & integration functionality as the corresponding physical appliance model.Exceptions, besides lack of physical security features (e.g. tamper-resistant hardware), include capabilityimplemented or enhanced via hardware in physical appliances:No Hardware Security Module (HSM) support for FIPS 140-2 Level 3 complianceNo hardware acceleration support for cryptographic operationsSeamless configuration migration, through export/import feature, between physical and virtual appliancesFull-appliance secure backup/restore only works within the same form factor, i.e. virtual to virtual & physical to physicalEach “virtual appliance” is powered by a purpose-built platform and includes an embedded, optimized DataPowerOperating SystemUses signed/encrypted firmware images like physical appliances, doesn’t allow installation of other softwareUses “scrypt4” format firmware image (scrypt2/3 used for physical appliances), does not run or support firmware prior to v5.0.0FunctionalityWebSphere DataPower Service Gateway XG45 Virtual Edition (Passport Advantage Product ID: 5725-J90)WebSphere DataPower Integration Appliance XI52 Virtual Edition (Passport Advantage Product ID: 5725-J91)Product Name
  • 13. 1313 © 2013 IBM CorporationAgenda• DataPower Quick Overview• What’s new in DataPower Virtual Edition• What’s new in DataPower v6.0
  • 14. 1414 © 2013 IBM CorporationWhat’s NewSummaryIBM DataPower Gateway Appliances extend industry-leadingservice-oriented architecture (SOA) and business-to-business (B2B)security, control, optimization, and integration capabilities toweb, mobile, and API workloads
  • 15. 1515 © 2013 IBM CorporationSecure integrationSecurely integrate API, Web & Mobileworkloads, in addition to SOA & B2BMobile-ready security gatewaySecure & optimize delivery of Mobileapplications & integrate withIBM WorklightFaster consistent response timeReduce load on back-end systems andoptimize delivery through local & externalcaching and intelligent load distributionSecure. Integrate. Optimize.Pattern-based configurationCreate & deploy common configurationpatterns for reduced time to value,improved productivity & qualityDeployment flexibilityUse physical or virtual appliance withseamless configuration migrationSystem z integrationEasily consume external web servicesfrom IMS & expose IMS data as aservice6DataPower
  • 16. 1616 © 2013 IBM CorporationSecure, integrate & optimize access to Web, Mobile & API workloadsIBM DataPower Gateway Appliance v6.0DataPower Appliances extend itsmarket leading Security & IntegrationGateway for Web, Mobile & APIworkloads, in addition to SOA & B2B,reducing infrastructure complexity &lowering TCOBusiness IntegrationBusiness Value:Secure integration of Web, Mobile, API, SOA & B2B workloads in a single,highly secure, highly consumable, DMZ-ready applianceOperational agility for WAS Network Deployment environmentsFast & consistent response time for enterprise applications including mobile &web apps with local & external caching reducing load on back-end systemsEnhanced System z integration with IMS systems for reduced TCOFaster time to value & improved developer productivity with configurationpattern-authoring & deployment supportWhat’s new:Provides the API gateway functionality for IBM API Management V2.0Quick integration with IBM Worklight to secure mobile web trafficImproved REST services handling with native JSON support including schemavalidation & query, extract, filter & transform through JSONiqNew XML data query, extraction & manipulation support with XQuery 1.0Enhanced security with improved OAuth 2.0 and new support for Kerberosconstrained delegation & TLS 1.1/1.2Improved WS-MediationPolicy consumption from WSRR & SLAs for non-SOAP trafficEmbedded On-Demand Router functionality for WAS ND environmentsOptimized application delivery with response caching on-the-box & seamlessintegration with elastic caching XC10 appliancesNew System z integration capabilities allowing IMS transactions to easilyconsume external web services & easy consumption of IMS data as a serviceSimple ability to create & deploy common DataPower configuration patterns
  • 17. 1717 © 2013 IBM CorporationOn PremiseApp Developer PortalBusinessOps DashboardEnterpriseServicesDataPowerDev OpsDashboardWeb AppsMobileCreate, Manage, Socialize APIs•Dev Ops Dashboard for easy assembly of new APIs and to secure and manage APIs from an IT Opsperspective, API lifecycle mgmt•Business Ops Dashboard with analytics and controls to publish APIs, document APIs, set quotas,manage communities and monitor service levels•Application Developer Portal with Self-Service registration and with hooks into social communitiesOn-Premise DMZ-ready API Gateway•Rapid on-ramping of APIs•API security; SSL termination, Threat protection, Authentication, Authorization with OAuth•Quota enforcement / Traffic control; Enforce API consumption policies•Monitors API use•Caching support for both on-box local and remote caching using XC10•Intelligent routing and load distributionIBM API Management V2.0 (On-Premise)Secure, control and optimize access to APIs through DataPower
  • 18. 1818 © 2013 IBM CorporationIBM API Management (On-Premise)DataPowerXG45 w/ DIM & AO option,XI50, XI50B, XI52 w/ AO option• REQUIRED component• Physical or Virtual• Purchase new or re-useexisting appliancesSecure, Control,OptimizeCast Iron Standard Edition• OPTIONAL component•Physical or HVE•Purchase new or re-useexisting appliancesCreate(Assemble)IBM API Management• 2 Hypervisor InstallsCreate, Publish,Manage, SocializeAPI GatewayIBM API Management V2.01 Solution, 1 Pane of Glass1 Solution, 1 Pane of GlassAvailable in IBM API Management V2.0 & DataPower V6.0
  • 19. 1919 © 2013 IBM Corporatione.g. REST (JSON/XML)over HTTPSSSL OffloadThreat ProtectionRate LimitingValidation, Filteringnow with Native JSON Support**AuthenticationAuthorizationSecurity Token TranslationTransformationContent-Based RoutingIntelligent Load Distributionnow with On Demand Router for WAS ND**Response Caching Locally or to XC10 **Securely expose enterprisedata to Mobile Apps whileoptimizing delivery of theworkloadSecurely expose enterprisedata to Mobile Apps whileoptimizing delivery of theworkloadWorklight, WAS NDe.g. SOAPover HTTPSMessage Oriented,Legacy AppsWeb Apps, ServicesConnect Mobile Apps with Enterprise Apps & ServicesIBM DataPower Gateway ApplianceSecurity, Control, Integration & Optimization of mobile workloadEnhanced form-based authentication support for quick integration with Worklight applications running on mobile devices **Ready-to-use configuration pattern as reverse proxy & security policy enforcement point in front of Worklight Server**** Available in DataPower firmware version 6.0
  • 20. 2020 © 2013 IBM CorporationXQuery 1.0Flexible XML data manipulation<gold-customers>{for $x in orders/orderwhere $x/price >= 100.00order by $x/lastreturn <customer first="{$x/first}" last="{$x/last}" />}</gold-customers>• Query, extract, filter, transform XML messages using XQuery 1.0‒ Efficient data query & manipulation of XML‒ Simple scripting language syntax provides ease of use‒ Built-in functions & FLWOR statements improve productivity & reduce LoC<orders><order><first>John</first> <last>Smith</last><sku>20223</sku><price>23.95</price> </order><order><first>Alice</first><last>Brown</last><sku>54321</sku><price>199.95</price></order><order><first>John</first> <last>Smith</last><sku>23420</sku><price>104.95</price></order><order><first>Bob</first> <last>Green</last><sku>90231</sku><price>300.00</price></order><order><first>Scott</first><last>Jones</last><sku>54321</sku><price>199.95</price></order><order><first>Jim</first> <last>Lee</last> <sku>89820</sku><price>46.50</price> </order></orders><?xml version="1.0" encoding="UTF-8"?><gold-customers><customer first="Alice" last="Brown"/><customer first="Bob" last="Green"/><customer first="Scott" last="Jones"/><customer first="John" last="Smith"/></gold-customers>XQuery is not XML!INPUTOUTPUTFLWOR:ForLetWhereOrder byReturnQuery orders with purchase of at least $100
  • 21. 2121 © 2013 IBM CorporationNative JSON SupportEnhanced security & control for REST services• JSON is now a first class, native format on DataPower similar to XML‒ High-speed parsing and tuned compilation with native execution• JSON schema validation: Security & input validation‒ Built-in validate action‒ Support for draft 3 of IETF specification (http://tools.ietf.org/html/draft-zyp-json-schema-03){ "name" : "John Smith","sku" : "20223","price" : "23.95","shipTo" : { "name" : "Jane Smith","address" : "123 Maple Street","city" : "Pretendville","state" : "NY","zip" : "12345" },"billTo" : { "name" : "John Smith","address" : "123 Maple Street","city" : "Pretendville","state" : "NY","zip" : "12345" }}{"type": "object","properties": {"name": { "type": "string" },"sku": { "type": "string" },"price": { "type": "number", "minimum": 0 },"shipTo": {"type": "object","properties": {"name": { "type": "string" },"address": { "type": "string" },"city": { "type": "string" },"state": { "type": "string" },"zip": { "type": "string" }}},"billTo": {"type": "object","properties": {"name": { "type": "string" },"address": { "type": "string" },"city": { "type": "string" },"state": { "type": "string" },"zip": { "type": "string" }}}}}JSON SchemaJSON Message
  • 22. 2222 © 2013 IBM CorporationNative JSON SupportEnhanced security & control for REST services• JSON is now a first class, native format on DataPower similar to XML‒ High-speed parsing and tuned compilation with native execution• Query, extract, filter, transform JSON messages using JSONiq‒ Extension to XQuery: Like SQL for JSON and XML‒ Efficient data query and manipulation of JSON‒ Support for JSONiq spec 0.4.42 (http://jsoniq.org/docs/spec/en-US/html-single/index.html){ "name" : "John Smith","sku" : "20223","price" : "23.95","shipTo" : { "name" : "Jane Smith","address" : "123 Maple Street","city" : "Pretendville","state" : "NY","zip" : "12345" },"billTo" : { "name" : "John Smith","address" : "123 Maple Street","city" : "Pretendville","state" : "NY","zip" : "12345" }}{ "name" : "Jane Smith","address" : "123 Maple Street","city" : "Pretendville","state" : "NY","zip" : "12345"}*** ABORTED: Error noshipHI: Sorry, we do not ship toHawaii.declare namespace output = "http://www.w3.org/2010/xslt-xquery-serialization";declare option jsoniq-version "0.4.42";declare option output:method "json";.("shipTo")Extract shipping addressdeclare namespace output ="http://www.w3.org/2010/xslt-xquery-serialization";declare option jsoniq-version "0.4.42";declare option output:method "json";if (.("shipTo")("state") = "HI")then fn:error(fn:QName(http://example.org/mine,myerr:noshipHI),Sorry, we do not ship to Hawaii.)Filter shipment to Hawaiideclare option jsoniq-version "0.4.42";<order><name>{.("name")}</name><price>{.("price")}</price><state>{.("shipTo")("state")}</state></order>Transform to XML<?xml version="1.0" encoding="UTF-8"?><order><name>JohnSmith</name><price>23.95</price><state>NY</state></order>[{ "given" : "John", "surname" : "Smith", "sku" : "20223", "price" : 23.95},{ "given" : "Alice", "surname" : "Brown", "sku" : "54321", "price" : 199.95},{ "given" : "John", "surname" : "Smith", "sku" : "23420", "price" : 104.95},{ "given" : "Bob", "surname" : "Green", "sku" : "90231", "price" : 300.00},{ "given" : "Scott", "surname" : "Jones", "sku" : "54321", "price" : 199.95},{ "given" : "Jim", "surname" : "Lee", "sku" : "89820", "price" : 46.50}]Alice BrownBob GreenScott JonesJohn Smithdeclare option jsoniq-version "0.4.42";for $x in jn:members(.)where $x("price") >= 100.00order by $x("surname")return concat($x("given"), , $x("surname"), &#xA;)Query members with purchase of at least $100INPUTOUTPUT
  • 23. 2323 © 2013 IBM Corporation• OAuth is an open standard for authorization. It provides a method for resourceowners to grant limited access to their resources to third party clientapplications without sharing credentials .Security EnhancementsEnhanced OAuth 2.0 support & additional features enable new security use cases• New OAuth 2.0 specification support‒ Public Client & Implicit Grant TypeEnables Clients that cannot keep their credentials confidentialor can only support simple authorization flowsBrowser-based & native applications including mobile ones‒ Refresh TokenAllows Clients to obtain new access tokens upon expirationwithout going through initial login sequence• Additional new features‒ SSL Client Certificate Authentication MethodClient can provide it’s certificate for authentication rather thana secret (i.e. 2-way SSL aka SSL mutual authentication‒ Revoke TokenProvides better flexibility & control to Client & ResourceOwner, either can revokeClient can revoke to logoutResource Owner can revoke in case of compromised password orlost mobile device
  • 24. 2424 © 2013 IBM Corporation• Kerberos constrained delegation (S4U2Proxy)‒ Preserve the client identity from the incoming Kerberosticket for the backend service when DataPower is actingas a proxy• Transport Layer Security (TLS) 1.1 & 1.2‒ Helps meet security guideline (e.g. NIST SP 800-131A)• LDAP‒ Connection Pooling: Configured per XML Mgrldap-search(), ldap-simply-query(), AAAImprove performance & reduce load on LDAP server‒ Read TimeoutExtension functions, AAA, CRL, RBMHandle slow or unresponsive LDAP serverSecurity EnhancementsEnhanced transport and message security
  • 25. 2525 © 2013 IBM CorporationApplicationServersWAS ND ClusterApplicationServersWAS ND ClusterSecurity EnhancementsEnhanced transport and message security• SSL Proxy Service enhancements‒ Forward proprietary protocol traffic with SSL acrossDMZ and within the enterpriseSSL offload & termination‒ New featuresTransaction timeout (address long lived connections)Max client connection limit (configurable)Client-side idle timeout (address misbehaving client)Server-side idle timeout (address misbehaving/overloaded server)Additional logging & improved reliability• ISAM (formerly TAM) integration enhancements‒ Support for 6.1.1 and 7.0‒ Support co-existence of multiple registry type‒ Ships four ISAM client library versions in thefirmware and allows user to select the version6.0, 6.1, 6.1.1, 7.0 (XG45, XI52, XB62, XI50B, VE)If ISAM server undergoes an upgrade, then appropriateDataPower ISAM client can be selected to matchTLS 1.2 or NIST compliance option for ISAM 7.0
  • 26. 2626 © 2013 IBM Corporation• Capability added to Multi-Protocol Gateway Service (MPGW) to enforcebusiness requirements by consuming WS-MediationPolicy from WSRRSubscriptions and as locally attached policy for non-SOAP trafficImplement Service Level Agreements (SLA) enforcement on DataPower viadeclarative policy documents without manually creating DataPower configurationartifactsMPGW SLA & WS-MediationPolicy SupportFlexible traffic control policy consumption & enforcement for non-SOAP trafficVisibility and Control• Reduce costs and increaseoperational efficiency of enterpriseboundaries• Increase enterprise agility throughrapid realization of policies and SLAsin response to business change• Centrally manage and govern service andassociated policies exposed at servicegateway• Enable automatic deployment of operationalpolicies and SLA to service gatewaysWSRRDataPowerSubscribed to a collection of services defined byWSRR saved search‘WebBankingServicesQuery’Can also subscribe directly to a Service Version
  • 27. 2727 © 2013 IBM CorporationDataPowerConsume & enforceEnforcePolicy & SLAsWSRRModel Policy& SLAsPolicy Admin /OperationsManage Policies& ServicesSLAPolicyApp1App2ServiceSLAPolicyTraffic Control Policy Management & Enforcement
  • 28. 2828 © 2013 IBM CorporationOptimization: Intelligent Routing & Load DistributionOperational agility for WAS ND environmentsEmbedded On Demand Router (ODR) to intelligently route HTTP traffic to WAS NDIntelligent routing & load distribution to backend WAS ND environments, including those runningWorklight Server, based on dynamic, real-time topology, application and workload informationODR is central to providing the Intelligent Management features of WAS– Automatic routing: discovers & recognizes all changes which affect routing– Application edition routing: upgrade applications without incurring outages– Multi-Cell routing: Automatically route to different application in multiple cells– Weighted Least Outstanding Request (WLOR) load balancing: Quickly redirect traffic away from slow and hung backends– Automatically populate custom headers needed by WAS to process traffic– High available control connection to WAS: REST-based service automatically available on dmgr and nodeagentWhen to use ODR compared to current AO ILD support?Whenever you have a WAS backend– More OOTB functionality: Multi-Cell routing, header population, does not require installation of application on WAS, etc– Smaller configuration footprint: Requires much less configuration on DataPower, connect once and go– Built-in high availability of control connection to retrieve dynamic information from WAS– Consistent technology across DP and IBM HTTP Server (IHS)Requires Application Optimization software optionCluster 1Cluster 2Cluster 3Cell 1Cell 2DataPower w/ ODRWAS ND EnvironmentDataPower performs dynamicrouting and load distributionleveraging dynamic informationfrom back-endsClients
  • 29. 2929 © 2013 IBM CorporationReduced time to value with integrated Gateway & Caching appliancesOut-of-the-box “one-click” configuration options provideefficient and secure cache operations‒ Encrypt/decrypt data stored in the XC10‒ Obfuscate the cache key used to identify a data item‒ Sub-second timeout on cache requests‒ Load balance requests across a collective of XC10instancesRemotely manage and monitor XC10 data grid directlyfrom DataPower management interface‒ Create data grid on XC10‒ Clear data grid on XC10‒ View high-level cache statistics to verify effectiveness ofcaching policiesGreatly reduce the number of lines of XSLT required tointeract with XC10 from a DataPower processing policy‒ Define XC10 data grid to DataPower once and reuse inmultiple policies‒ Easy to use XC10-specific URL format for use withstandard url-open extension function‒ Automatically manage HTTP session cookies required byXC10 REST gateway interface‘Off-box’ Caching integration with XC10 appliances already available** Available in DataPower firmware version 5.0.0.4
  • 30. 3030 © 2013 IBM CorporationOptimization: Backend Response CachingAccelerate workload delivery & reduce load on backend systemsProviderLowLoadFast ResponseTimeClientDataPower213Slow Response TimeDataPowerRESTDataPowerXC10ProviderLowLoadFast Response TimeClient315Slow Response Time2 4Features– Cache HTTP(s) GET, PUT, POST requests– Smart RESTful cache invalidation– Return stale documents– Supports cache validation requests– Cache based on HTTP 1.1 cache control headers– Supports user-defined cache key– Little to no XSLT requiredPolicy-driven local ‘on-box’ HTTP(s) backend response caching & seamlessintegration with XC10 appliances for ‘off-box’, shared, elastic caching– Built into base product • Improve client observed response time• Reduce backend server load• Improve system throughputLocal ‘on-box’ caching– Utilizes appliance memory– Unique to individual applianceExternal ‘off-box’ caching– Utilizes XC10 appliances– Distributed, shared & elastic cacheaccessed across multiple appliances
  • 31. 3131 © 2013 IBM CorporationIMS Callout feature allows IMS transactions to easily consume external webservices via DataPower, with minimal application updates required– Requires one of the following models: XI52, XI52 VE, XI50B, XB62Enhanced value for System z & IMSNew integration capabilities between DataPower and IMSIMS DB feature supports DataPower integrationwith IMS database through SQL interface‒ Enrich messages with database content‒ Expose data as a service to remote applications‒ Requires one of the following models:XG45 or XG45 VE (with Database Integration Module option)XI52, XI52 VE or XI50B (with Database Connectivity option)XB62ClientSOAP / RESTDataPowerDRDAIMSOTMAApp1IMSConnectApp2Service ProviderSOAP / RESTDataPowerTCP/IPService ConsumerIMS Callout
  • 32. 3232 © 2013 IBM CorporationPatterns capture a tested solution to a common recurring use caseShips with 10 Pre-built patterns for commonweb application & web services scenarios• Reduce time to valuethrough accelerateduser configuration &deployment for bothnew & experiencedusers• Increase developerproductivity byleveraging workingexamples of commonuse cases• Improve quality &scale expertisethrough reuse ofconfiguration createdby skilled rolesBuilt-in, easy-to-use, new interface for creating & deployingcommon DataPower configuration patternsImproved User Experience: Pattern-based ConfigurationReduce time-to-value, increase productivity & quality of DataPower solutionsDeploy new service from patternCreate service pattern for reuseBrowse patternsSupports user-defined patterns
  • 33. 3333 © 2013 IBM CorporationSecure, integrate & optimize access to Web, Mobile & API workloadsIBM DataPower Gateway Appliance v6.0DataPower Appliances extend itsmarket leading Security & IntegrationGateway for Web, Mobile & APIworkloads, in addition to SOA & B2B,reducing infrastructure complexity &lowering TCOBusiness IntegrationBusiness Value:Secure integration of Web, Mobile, API, SOA & B2B workloads in a single,highly secure, highly consumable, DMZ-ready applianceOperational agility for WAS Network Deployment environmentsFast & consistent response time for enterprise applications including mobile &web apps with local & external caching reducing load on back-end systemsEnhanced System z integration with IMS systems for reduced TCOFaster time to value & improved developer productivity with configurationpattern-authoring & deployment supportWhat’s new:Provides the API gateway functionality for IBM API Management V2.0Quick integration with IBM Worklight to secure mobile web trafficImproved REST services handling with native JSON support including schemavalidation & query, extract, filter & transform through JSONiqNew XML data query, extraction & manipulation support with XQuery 1.0Enhanced security with improved OAuth 2.0 and new support for Kerberosconstrained delegation & TLS 1.1/1.2Improved WS-MediationPolicy consumption from WSRR & SLAs for non-SOAP trafficEmbedded On-Demand Router functionality for WAS ND environmentsOptimized application delivery with response caching on-the-box & seamlessintegration with elastic caching XC10 appliancesNew System z integration capabilities allowing IMS transactions to easilyconsume external web services & easy consumption of IMS data as a serviceSimple ability to create & deploy common DataPower configuration patterns
  • 34. 3434 © 2013 IBM CorporationDataPower resourceswww.ibm.com/software/integration/datapowerIBM DataPower Web Page (support, technotes, doc)http://www-01.ibm.com/software/integration/datapower/developerWorks DataPower Discussion Areahttp://www.ibm.com/developerworks/forums/forum.jspa?forumID=1198Vast library of published articles:http://www.ibm.com/developerworks/websphere/zones/businessintegration/dp.html(Also search for “DataPower” within “WebSphere”, “SOA/Web Services” and “XML”)http://www.ibm.com/developerworks/views/websphere/libraryview.jsp (Search “DataPower”)IBM Redbooks:http://www.redbooks.ibm.com/cgi-bin/searchsite.cgi?query=datapowerIBM WebSphere DataPower SOA Appliance Handbookhttp://www.amazon.com/IBM-WebSphere-DataPower-Appliance-Handbook/dp/0137148194YouTube:http://www.youtube.com/watch?v=uWYBDviv5Ts&feature=channelDataPower Podcasts:http://www.ibm.com/podcasts/software/websphere/datapower/index.rss