• Save
IBM Worklight Whitepaper
Upcoming SlideShare
Loading in...5

Like this? Share it with your network


IBM Worklight Whitepaper



This whitepaper aims at highlighting the key functionalities and benefits of the IBM® Worklight® software.

This whitepaper aims at highlighting the key functionalities and benefits of the IBM® Worklight® software.



Total Views
Views on SlideShare
Embed Views



1 Embed 24

https://twitter.com 24



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

IBM Worklight Whitepaper Document Transcript

  • 1. IBM SoftwareWebSphereTechnical White PaperIBM Worklight V5.0.6Technology overviewContents1 IBM Worklight—Overview2 IBM Worklight—Components3 Development tools8 Runtime server environment9 The IBM Worklight Console910IBM Worklight DeviceRuntime componentsSecurity and authenticationmechanismsIBM Worklight—OverviewIBM® Worklight® software helps enable organizational leaders toextend their business to mobile devices. This software provides an open,comprehensive and advanced mobile application platform for smart-phones and tablets, helping organizations of all sizes to efficientlydevelop, connect, run and manage mobile and omni-channel applications.Leveraging standards-based technologies and tools, the IBM team hascreated Worklight software that provides a single integrated platform.This platform includes a comprehensive development environment,mobile-optimized runtime middleware, a private enterprise applicationstore and an integrated management and analytics console—all supportedby a variety of security mechanisms.Develop. The IBM Worklight Studio and the IBM Worklight softwaredevelopment kit (SDK) simplify the development of mobile and omni-channel applications (apps) throughout multiple mobile platforms, includ-ing iOS, Android, BlackBerry, Windows 8, Windows Phone and JavaME. The IBM Worklight optimization framework fosters code reusewhile delivering rich user experiences that match the styling requirementsof each target environment. With such code reuse, IBM Worklightreduces costs of development, reduces time-to-market and providesstrong support for your ongoing management efforts.Connect. The IBM Worklight Server architecture and adapter technol-ogy simplifies the integration of mobile apps with back-end enterprisesystems and cloud-based services. The IBM Worklight Server is designed
  • 2. 2WebSphereTechnical White PaperIBM Softwareto fit quickly into your organization’s IT infrastructure and isdesigned to leverage your existing resources. The standaloneback-end integration layer can be customized and sharedamong multiple applications. Furthermore, IBM WorklightAdapters support two types of data-delivery mechanisms: devicerequests and push notifications.Run. The IBM Worklight Studio prepares application files forupload to public app stores and to private distribution reposito-ries. Active mobile apps communicate with virtually any enter-prise back-end systems and cloud-based services through theIBM Worklight server. This server optimizes data for mobiledelivery and consumption, and is supported by a variety ofsecurity features that help to protect sensitive user data intransit on device.Manage. Once the software is deployed, administrators canmanage registration and authentication for users and devices;monitor and control the access of different apps to back-endsystems; directly update and disable apps based upon predefinedrules or custom rules; host and manage a production-ready,cross-platform mobile application store; audit and managemobile data synchronization to enterprise back-end systems;and control virtually all push services and event sources fromone centralized web interface called the IBM WorklightConsole. In addition, administrators can access usage informa-tion about the installed app base and its users, using built-inand customized reports. Usage data can be exported and fedinto analytics platforms such as the IBM Cognos® platformand the IBM Coremetrics® platform.IBM Worklight—ComponentsThe IBM Worklight architecture consists of five maincomponents:●● The IBM Worklight Studio—the platform’s Eclipse-basedintegrated development environment (IDE).●● The IBM Worklight Server—a gateway between apps,back-end systems and cloud services; this gateway handlesvirtually all mobile specifics including application manage-ment and updates, push notifications, user authenticationand device authentication, and synchronization of securityand data.●● The IBM Worklight Application Center—a cross-platform,enterprise app store that helps organizational leaders togovern the distribution of apps throughout the enterprise.●● The IBM Worklight Console—a web-based administrationinterface.●● The IBM Worklight Device Runtime Components—mobiledevice implementations of the server’s functions.Enterpriseback-endsystemsandcloudservicesApplicationCodeWorklight ApplicationCenterIBM Worklight ComponentsWorklight StudioWorklight StudioWorklight ServerWorklight ServerWorklight ConsoleWorklight ConsoleBuildEngineWorklight ApplicationCenterDevice RuntimeDevice RuntimeApplicationCodeHTML5, Hybrid,and Native CodingiOSSDKsAndroidBlackberry Development Team ProvisioningEnterprise App Provisioningand GovernanceApp Feedback ManagementPublic App StoresCross-PlatformCompatibility LayerServer IntegrationFrameworkEncrypted andSyncable StorageReporting for Statisticsand DiagnosticsRuntime SkinningWindowsPhoneWindows 8Java MEMobile WebDesktop WebOptimizationFrameworkIntegrated DeviceSDKsUser authentication andmobile trustMobileWeb AppsDirect UpdateReporting andAnalyticsPush / SMSManagementApp VersionManagementClient-SideApp ResourcesUnified PushNotificationsMashups and servicecompositionJSON TranslationAdapter Library forbackend connectivityThird Party LibraryIntegrationBuildEngineEnterpriseback-endsystemsandcloudservicesStatsAggregation
  • 3. 3WebSphereTechnical White PaperIBM SoftwareDevelopment toolsThe IBM Worklight StudioThe IBM Worklight Studio is an Eclipse-based IDE that makesit possible for developers to perform virtually all the coding andintegration tasks that they require to develop rich employee-facing and customer-facing applications. The IBM WorklightStudio augments the familiar tools of Eclipse with a widevariety of enterprise-grade features that are delivered by theIBM Worklight Plug-ins, enabling IBM Worklight Studio tostreamline application development and to facilitate enterpriseconnectivity.The following are some of the main features that are supportedby the IBM Worklight Studio:Cross-platform supportThe IBM Worklight Studio enables the development of richweb, hybrid and native mobile applications on iOS, Android,BlackBerry, Windows 8 and Windows Phone tablets andsmartphones.Using its optimization framework, IBM Worklight differenti-ates itself from other technologies in the market that deliver alowest-common-denominator solution. With IBM Worklight,developers can share the majority of the application codeacross multiple environments, without compromising platform-specific user experience or application functionality. Developerscan share the common app code among multiple environments,while isolating environment-specific code in designated foldersthat can overwrite or augment the commonly shared code. As aresult, application logic remains consistent among the differentenvironments, while the user interface (UI) behaves nativelyand adheres to user expectations and the unique functionalityand design guidelines of the device.Application developers can directly access the applicationprogramming interfaces (APIs) that modern devices offer, andcan more-easily integrate publically available or customizedthird-party libraries, frameworks and tools. The result:advanced mobile applications that are built according to theunique and specific needs of your organization.Because developers are not dependent on an intermediarybuild-time or runtime layer, such as a cross-compiler or inter-preter, native APIs are accessible upon release of new mobileoperating system (OS) versions or third-party libraries whenIBM Worklight is used. Furthermore, the app’s web code isexecuted directly by the mobile browser, so developers havedirect access to the HTML Document Object Model (DOM)and are free to use any JavaScript API or third-party JavaScripttoolkits and frameworks.Hybrid codingFacing the constantly evolving fragmented ecosystem of mobiledevices and operating systems, application development hasbecome a costly, yet unavoidable, endeavor. This challengehas created a market for cross-platform mobile developmentsolutions that is rapidly growing.However, to achieve cross-platform capabilities, many solutionsin the market rely on limiting proprietary tools, form-basedIDEs, what you see is what you get (WYSIWYG) tools, orsimply prepackaged apps. Without the capability to fullycustomize the code, these solutions result in an unavoidabletradeoff between user experience and multiplatform coverage.Using IBM Worklight, developers can choose between usingpure native code (Objective-C, Java, or C#), standard web tech-nologies (HTML5, CSS3 and JavaScript) or a combination ofboth within the same app. Developers can strike the desiredbalance between development efficiency, app functionality anduser experience.
  • 4. 4WebSphereTechnical White PaperIBM SoftwareThe IBM Worklight Studio supports three main hybridscenarios:1. HTML can be used to call native code using the Cordovaplug-in (previously known as PhoneGap). The native codecan be either “UI-less,” for example, reading the compass, orcan actually display a user interface (UI). This UI componentwill be overlaid on top of the browser, so that the user sees anative component blended with the HTML UI.2. Developers can decrease the size of the browser so that thebrowser occupies only part of the screen. The rest of thescreen can be used to display native UI components.3. Users can implement complete screens natively and canswitch between native and web screens. The transitionbetween the screens can be animated, as in regular screentransitions.Furthermore, the IBM Worklight Studio ships with aWYSIWYG drag-and-drop UI tool for design and develop-ment. These editing capabilities enable developers to createpure HTML or HTML and JavaScript files by draggingHTML5 and Dojo Mobile components from a built-in paletteto the HTML canvas. Developers can use property sheets tocontrol HTML and CSS properties. At the same time, theseediting capabilities make possible direct editing of HTML andCSS files, updating the graphical canvas so that developers canvisualize immediately the impact of their changes. These edit-ing capabilities are integrated with the optimization frameworkof IBM Worklight, making it possible for developers to view aspecific application environment or skin.No single development approach offers a complete solution tothe larger challenge, but by using the unique support for hybridcoding provided by IBM Worklight, organizational teams areable to use the same mobile platform to develop, connect, runand manage a variety of mobile application types based on thespecific needs of the project at hand.Runtime skinsFurther optimization of apps is possible within theIBM Worklight Studio by using runtime skins. These skinsare packaged with the app’s executable files and are applied tothe mobile app during run time. This makes it possible for theapp to automatically adjust to different devices from the sameOS family. Common scenarios that benefit from runtimeskins include:●● Different screen sizes●● Different screen densities●● Different input method●● Different support levels for HTML5
  • 5. 5WebSphereTechnical White PaperIBM SoftwareSupport for HTML5IBM Worklight leverages a standards-based approach, enablingdevelopers to write HTML5 code directly into the develop-ment environment without the use of cross-compilation ortranscoding. This circumvents the limitation of proprietaryinterpreters or code translators. You can benefit from capabili-ties that include:●● A cleaner, more readable and consistent HTML code.●● Access to rich media types (audio and video), availablepreviously by way of native code only.●● Use of advanced UI components, such as data pickers, slidersand edit boxes that automatically support ellipsis andothers—implemented natively by the browser.●● Use of Cascading Style Sheets 3 (CSS3) styles andCSS3-based animation to reduce app size and to improveapp responsiveness.●● App distribution channels that go beyond the different appstores and their time-consuming and limiting restrictions.●● Support for geolocation services.●● Offline storage capabilities.Browser access Hybrid apps - web Hybrid apps - mixed Native appsWritten in HTML5JavaScript andCSS3. Quick andcheap to develop,but less powerfulthan native.HTML5 code andWorklight runtimelibraries packagedwithin the app andexecuted in a nativeshell.User augments webcode with nativelanguage for uniqueneeds andmaximized userexperience.Platform-specific.Requires uniqueexpertise, pricy andlong to develop.Can deliver higheruser experience.Mobile browser Native shell Native shell Native applicationBrowser access DownloadableDownloadable Downloadable DownloadableDevice APIs Device APIs Device APIsWeb codeWeb code Web NativeIBM Worklight further augments these capabilities withenterprise-grade utilities through an application container foron-device encryption and offline user authentication.Support for third-party JavaScript toolkits and UI frameworksIn addition to its support for HTML5, IBM Worklight pro-vides integration with the growing ecosystem of UI frame-works, such as jQuery Mobile, Sencha Touch and Dojo Mobile.Developers can pick the JavaScript UI framework of theirchoice and use it to develop their application within the studio.WYSIWYG tools are available for HTML5, jQuery Mobile,and Dojo Mobile.Native-device SDK integrationThe IBM Worklight Studio also integrates with the softwaredevelopment kits (SDKs) of the mobile devices that Worklightsupports including Android, iOS, Windows 8, Windows Phoneand Blackberry. This enables developers to take full advantageof the native code capabilities and the best-in-class developmenttools, testing and debugging mechanisms that are native to themobile SDKs, without leaving the development environment.To further streamline the iterative development process, thestudio enhances preview capabilities for iOS and Androidhybrid apps. An in-browser simulator makes it possible for youto define the form factor of the target device, concurrently dis-playing multiple devices on the screen and simulating ApacheCordova APIs (an open-source framework for bridging callsbetween native components and web views).Standardized data retrievalThe IBM Worklight studio enables developers to use XSLtransformations and JavaScript code to convert retrieved hierar-chical data from any back-end system to JavaScript ObjectNotation (JSON) format, thus preparing the data for deliveryand app consumption. Developers can invoke back-end servicesdirectly from within the studio and can receive raw results inExtensible Markup Language (XML), or processed results(after having converted to JSON using Extensible StylesheetLanguage [XSL] transformations and JavaScript) inJSON format.
  • 6. 6WebSphereTechnical White PaperIBM SoftwareDevelopers can perform server-side mashups in JavaScript tocollect data from various back-end applications and streamlinethem to the device, thereby reducing the number of requeststhat are made on the slow mobile network and greatly improv-ing app responsiveness.In addition, developers can choose to implement server-side,back-end integration and authentication code in Java, ratherthan in JavaScript.Unified push notificationsIn the process of creating the integration adapters, developerscan leverage the IBM Worklight uniform push architecture topreconfigure automatic alerts from one centralized interface.Using its unified push API for its supported devices,IBM Worklight makes the entire process of communicatingwith the users and devices completely transparent to thedeveloper.Back-endsystemsPollingadaptersMessage-basedadaptersUnified pushAPINotificationstatedatabaseUser-devicedatabaseAdministrative consoleAndroiddispatcheriOS dispatcheriOSpush APIAndroidpush APIApplepushservers(APN)Googlepushservers(C2DM)IBM Worklightclient-sidepush servicesIBM worklightclient-sidepush services
  • 7. 7WebSphereTechnical White PaperIBM SoftwareCollaboration and distributed developmentEnterprise mobile development is rarely a simple process thatis conducted by one developer. Most commonly, the complexenterprise development environment consists of multiple devel-opment, testing and quality assurance (QA) teams all workingon different portions of the app, sometimes even from differentgeographical locations. IBM Worklight is designed to supportsuch scenarios through a variety of features and functions,including integration with other IBM collaboration tools.Centralized buildThe IBM Worklight Builder is a stand-alone application thatcan be more-easily integrated with common central buildservices, such as IBM Rational® Jazz™ Builder, Hudson andLuntbuild. Leveraging the centralized build functionality, thedifferent teams involved in the development, testing andQA phases can work off of one common version of the code,effectively enhancing the collaboration and automation of theinternal application development process.The shell approachMost often, enterprises employ multiple development teamswith different skills and expertise. The “shell” approach enablesleaders of such companies to reduce the internal barriers ofmobile development, making it ubiquitous throughout theorganization by compartmentalizing skill sets andresponsibilities.The shell approach breaks down the development of the appinto two portions: an external shell and an inner application.The shell consists of a customizable container that providesJavaScript access to the native capabilities of the device.A devoted team of expert developers are responsible for itsbranding, security configurations, audits and authenticationframeworks. The team can create a variety of shells, each carry-ing different policies and branding, forcing inner apps that arerunning within each shell to automatically comply with itsparameters. Such parameters could include restriction of accessto data, use of certain APIs, different branding and so forth.With the corporate policies enforced by the shell, the innerapps can be more easily built by departmental developmentteams, using nothing but web languages. Such teams are onlyrequired to focus on the user interface, the business logic and,potentially, data integration. Distribution of the app or apps canbe achieved by way of three different channels:●● An inner app can be fused into a shell by the centralized buildserver and uploaded to a private or public app store, whilenew versions of the inner app are sent and updated directly(subject to the vendor’s terms of service) on the user device.●● A shell can be packaged with a directory of corporate-sanctioned applications, enabling users to choose a differentinner app according to their needs.●● A shell can be distributed empty to the user, who will thenaccess a repository of applications that are stored on theserver.Customizable native shell codeMobile browserInner-appweb codeCustomizableweb shell codeDevice APIs
  • 8. 8WebSphereTechnical White PaperIBM SoftwareRuntime server environmentThe IBM Worklight Server●● The Java-based IBM Worklight Server is a scalable gatewaybetween apps, external services and the enterprise. Theserver helps facilitate encrypted communication, back-endconnectivity, data manipulation, authentication, analytics,private cross-platform application store and operationalmanagement functions that are supported by a variety ofsecurity features. Server-side entities that affect the behaviorof the IBM Worklight server are represented in the studio’sproject tree, including configuration files, authenticationintegration code and more. From the IBM Worklight Studio,developers can save under a unified project all inter-relatedclient and server code and resources in their source controlsystem. Server configuration artifacts are automatically builtby the Worklight Studio in to a web archive (WAR) file. Thisfile can then be deployed on a standalone server for collabo-ration or test purposes.●● The IBM Worklight Server can be deployed to a widerange of hardware and operating system environments.Organizational teams that deploy the server to anIBM PureApplication™ System on Intel or Power canapply patterns of expertise. Use the IBM Mobile Applicationpattern for PureApplication System to configure and managea scalable and cloud-ready mobile server infrastructure.The IBM Worklight Server can:●● Provide adapter technology that connects to a variety ofenterprise information systems over widely used integrationtechnologies, such as Simple Object Access Protocol (SOAP),representational state transfer (REST), Structured QueryLanguage (SQL), Lightweight Directory Access Protocol(LDAP) and more. In addition, IBM Worklight provides aspecial IBM Cast Iron® adapter.●● Enable multisource data mashups to efficiently integrateseveral data streams into one and serve it to the applicationuser. Multisource data mashups are not only an effective wayof optimizing data delivery to the mobile user, but alsoreduce overall traffic in the system.●● Enable developers to add custom server-side logic that isnecessary for delivering back-end data for mobile consump-tion. This helps distribute processes between the client andserver and helps address data-security regulations within theorganization.●● Provide flexible security architecture with server-managedsecurity challenges, delivering more-robust protection.●● Integrate with the corporate authentication infrastructureto help secure application and data access, in addition totransaction invocation. The IBM Worklight authenticationinfrastructure is flexible enough to support different types ofauthentication—from multifactor or multistep login processesto non-interactive single sign-on (SSO) integration. You canalso expect offline authentication of users to increase appavailability. Furthermore, the IBM Worklight Server simpli-fies the integration with HTTP-based services that requireauthentication. Integration with Kerberos, Windows NTLAN Manager (NTLM), Basic and Digest authenticationcan be more-easily achieved by simple configuration of theHTTP adapter, without the need to write server-side code.The server also supports device-based application SSO,enabling apps to be automatically authenticated if an existingauthenticated session is already available through the samemobile device.●● Integrate with IBM WebSphere® security functions byproviding authenticators and login modules to leverageWebSphere security configuration and settings.●● You can employ standard and proprietary securitymechanisms to help prevent attacks.●● More-easily scale to support hundreds of thousands of usersand multiple applications through physical clustering.●● Provide app-deployment and version-control features that aremanaged and accessed by the IBM Worklight Console.●● Be integrated with IT monitoring and performance manage-ment systems that verify the vitality of the IBM WorklightServer and the services that it provides to applications.●● Automatically collect user-adoption and usage data forauditing and reporting purposes and gain access to customconfiguration of reporting metrics. Raw data can be more-easily exported for further analysis by the different businessintelligence tools used by the organization.
  • 9. 9WebSphereTechnical White PaperIBM SoftwareThe IBM Worklight Application CenterThe IBM Worklight Application Center enables companyteams to set up an enterprise app store to help govern the dis-tribution and management of pre-release and production-readymobile applications. Administrators can make the most ofexisting authentication frameworks, including ACL and LDAP,to manage app distribution by department, job function, geog-raphy and other schema. Employees who access the ApplicationCenter from their mobile devices will only see the mobile appsthat they are allowed to download. Employees can rate appsand provide feedback that can be considered for futureenhancements.For development teams, the Worklight Application Centerprovides a convenient way to distribute pre-release software todevelopers and testers. Feedback can be organized by deviceand by version to quickly isolate and resolve defects, whetherthose defects are device-specific or version-specific. TheApplication Center can also integrate with software-buildprocesses to automate the distribution of the latest releases toproject teams, accelerating the develop-test-debug cycle.The Worklight Application Center provides:●● Administrators with improved governance over the distribu-tion of mobile apps throughout the enterprise;●● Employees with easier access to the latest apps that areneeded by their department or job function and that areoptimized for their device;●● Developers with an easier way to distribute mobile buildsand to elicit feedback from members of development andtest teams.The IBM Worklight ConsoleThe IBM Worklight Console is a web-based user interfacethat is dedicated for the ongoing administration of theIBM Worklight Server and its deployed apps, adapters andpush-notification services. Through the console,administrators can:●● Access administrative dashboards that monitor virtually alldeployed adapters and applications.●● Control and monitor virtually all push-notification services,event sources and related applications.●● Assign device-specific security IDs to support installation ofbusiness applications on sanctioned devices.●● Manage multiple versions of the same application andremotely disable applications by version and mobile-operating-system type.●● Access built-in and custom reports of application adoptionand usage using Eclipse’s BIRT plug-in.●● Define device-based access-control policies to control accessof apps.IBM Worklight Device Runtime ComponentsIBM Worklight provides client-side runtime code that servicesHTML5, hybrid or native apps. Capabilities include:●● Access back-end data and transactions. API for theinvocation of IBM Worklight services, retrieval of data andexecution of transactions against back-end systems.●● Authentication and security. API and code for managingthe authentication sequence and for securing the applicationdata and its link to the IBM Worklight Server.●● Offline access. Local JSON database for data persistencewith back-end synchronization; supports encryption and largedata-sets.●● Application Management. API and code for applying newapplication versions and for disabling applications in accor-dance with policies that are defined in the IBM WorklightConsole.●● Troubleshooting. Code for detecting runtime connectivityproblems in the app and for collecting troubleshootinginformation about the app and about the device.●● Usage reporting for audit and analytics. API for collectingbuilt-in and custom data from apps, to be recorded by theIBM Worklight Server for audit and analytics purposes.●● Cross-platform compatibility APIs. Uniform API fordevice features and useful UI tasks, hiding the differencesacross different environments.●● Skins management. Enables developers to adjust thefeatures and functions of the app to the device’s form factorin run time, optimizing the app for different versions of thesame OS family as smartphones and tablets.
  • 10. 10WebSphereTechnical White PaperIBM SoftwareThe runtime client environment consists of the followingcomponents:●● JavaScript libraries. These libraries, which are used forJavaScript API implementation, are available in most runtimeenvironments (with the exception of native iPhone andAndroid apps, which are written in Objective-C and Java,respectively, and which do not require JavaScript libraries).●● Native libraries for hybrid apps. A set of native libraries(for iOS and Android) that provide access to device-specificfeatures. Apps written in JavaScript do not access theselibraries directly, but rather through the relevant JavaScriptAPIs. In some cases, native code runs the web code providedby the developer.●● Native libraries for native apps. A set of native librariesfor iOS and Android that provide access to IBM WorklightServer functionality for natively written apps.●● Native code templates. For iOS, Android, BlackBerry,Windows 8 and Windows Phone devices, native-codetemplates encapsulating a browser that runs the web codeprovided by the developer.Security and authentication mechanismsIBM Worklight provides multiple mechanisms and tools thathelp to support the creation of secure applications.The following is a list of the main security featuresof the platform:Mechanism Benefit DetailsOn-device Help protect sensitive information from malware attacks • Uses AES256 and PCKS #5-generated encryption keys forencrypted storage and from device theft storing app-generated information on the device• Allows offline user authentication• Implemented in JavaScript (highly obfuscated) with optionalnative performance enhancementsDirect update Take action to ensure timely propagation of updated hybrid • New versions of the code can be distributed without requiringapp versions to the entire install base the manual update of the app (applicable to web resources)Remote disable Enforce timely adoption of critical security updates to the • Server-side console allows configuration of allowed appentire install base versions. Administrator can force users to install securityupdates to the native codeAuthentication Reduce overall cost and complexity of integration with • Server-side architecture designed for integration withframework authentication infrastructure back-end authentication infrastructure based on JavaAuthentication and Authorization Service (JAAS) concepts,with authentication realms• Specify one SSL per HTTP adapter for enhanced flexibilityand security• Ready-to-implement integration with Kerberos, NTLM, Basicand Digest authentication• Ability to encrypt server-to-server SOAP communication withX509 certificates, following the Web Services Security (WSS)standard• Client-side framework for asynchronous login requests onsession expirationServer-side Help prevent SQL injection and help protect against • Prepared-statement enforcementsafeguards cross-site request forgery (XSRF) • Validation of submitted data against session cookieEnterprise SSO Leverage existing enterprise authentication facilities and • Client-side mechanism obtains and encrypts user credentials,integration user credentials and enable employee-owned devices sends to the server with requests• Encryption incorporates user-supplied PIN, server-side secretand device ID• Credentials cannot be retrieved from lost or stolen device
  • 11. 11WebSphereTechnical White PaperIBM SoftwareMechanism Benefit DetailsDevice SSO Enables a mobile user to authenticate one time in order to • Upon successful login, the authentication state is saved in theintegration gain access to multiple mobile applications from a singledevice.Mobile users get a more-seamless experience withouthaving to explicitly log in to each application.Enterprises can integrate authentication services undersingle umbrella, streamlining governance and reducing helpdesk costs that are related to password resets and security.Developers can eliminate redundant development effort;they are no longer required to build authentication into eachapplication independently.database and used for validations in subsequent sessionsfrom the same device• No credentials are stored in the on-device database; only thestate of the authentication is stored, for improved securityVirtual private Enable delivery and operation of mobile apps for employee- • Client-side and server-side frameworks act as secure socketnetwork (VPN) owned devices or device types that are not allowed on the layer (SSL)-based VPNalternative corporate network, and enable delivery when installation ofVPN client on mobile devices is not possible or is compli-cated to manage• Network access control and policies are preconfigured in theclient-side framework layer• Network access and security measures are updated usingserver-side framework• On-device encrypted storage to help prevent compromise ofsensitive dataIT system security involves protecting systems and informationthrough prevention, detection and response to improper accessfrom within and from outside a client’s enterprise. Improperaccess can result in information being altered, destroyed or mis-appropriated, or can result in misuse of systems to attack others.Without a comprehensive approach to security, no IT system orproduct should be considered completely secure and no singleproduct or security measure can be completely effective in pre-venting improper access. IBM Worklight systems and productsare designed to be part of a comprehensive security approach,which will necessarily involve additional operational proceduresand may require other systems, products or services to be mosteffective. IBM Worklight does not warrant that systems andproducts are immune from the malicious or illegal conduct ofany party.System requirementsProduction environmentThe IBM Worklight server can be installed on the followingoperating systems:●● AIX●● HP-UX●● Red Hat Enterprise Linux (RHEL)●● SUSE Linux (SLES)●● Oracle Solaris●● Microsoft Windows ServerThe server requires the following databases to store metadataand cached back-end data:●● Derby●● Oracle●● MySQL●● IBM DB2®The IBM Worklight server can run on the followingapplication servers:●● Apache Tomcat●● IBM WebSphere Application Server (and NetworkDeployment) version 7.0 and higher (including the providedWebSphere Application Server v8.5 Liberty Profile)The IBM Worklight Server can be clustered to achieve highavailability and scalability. In such cases, a load balancer isrequired. This can be any commercial load balancer, softwareor hardware, which supports “sticky” sessions. The load bal-ancer can optionally act as a reverse proxy and as an SSLaccelerator.
  • 12. Please RecycleDevelopment environmentThe IBM Worklight development environment includesthe IBM Worklight Server, database and the Eclipse-basedIBM Worklight Studio. The development environment issupported on the following operating systems:●● Windows (32-bit or 64-bit)●● Macintosh environmentFor development purposes, the following databases aresupported:●● DB2●● Oracle●● MySQL●● Apache DerbyThe IBM Worklight Studio can be installed on Eclipse andRational Application developer (RAD).Supported application servers:●● IBM WebSphere Application Server Base andIBM WebSphere Application Server Network Deploymentincluding the Liberty profile●● TomcatFor more information, please visit the following website:ibm.com/software/mobile-solutions/worklightFor more informationTo learn more about IBM Worklight assets for mobileapplication development, please contact your IBM marketingrepresentative or IBM Business Partner, or visit the followingwebsite: ibm.com/software/solutions/mobile-enterpriseAdditionally, IBM Global Financing can help you acquirethe software capabilities that your business needs in the mostcost-effective and strategic way possible. We’ll partner withcredit-qualified clients to customize a financing solution tosuit your business and development goals, enable effective cashmanagement, and improve your total cost of ownership. Fundyour critical IT investment and propel your business forwardwith IBM Global Financing. For more information, visit:ibm.com/financing© Copyright IBM Corporation 2013IBM CorporationSoftware GroupRoute 100Somers, NY 10589Produced in the United States of AmericaFebruary 2013IBM, the IBM logo, ibm.com, Cast Iron, Jazz, Rational, Tivoli, Cognos,Coremetrics, DB2, PureApplication, and WebSphere are trademarks ofInternational Business Machines Corp., registered in many jurisdictionsworldwide. Other product and service names might be trademarks ofIBM or other companies. A current list of IBM trademarks isavailable on the web at “Copyright and trademark information”at ibm.com/legal/copytrade.shtmlLinux is a registered trademark of Linus Torvalds in the United States,other countries, or both.Microsoft, Windows, and Windows NT are trademarks of MicrosoftCorporation in the United States, other countries, or both.Java and all Java-based trademarks and logos are trademarks or registeredtrademarks of Oracle and/or its affiliates.Worklight is trademark or registered trademark of Worklight, anIBM Company.This document is current as of the initial date of publication and may bechanged by IBM at any time. Not all offerings are available in everycountry in which IBM operates.It is the user’s responsibility to evaluate and verify the operation ofany other products or programs with IBM products and programs.THE INFORMATION IN THIS DOCUMENT IS PROVIDED“AS IS” WITHOUT ANY WARRANTY, EXPRESS ORIMPLIED, INCLUDING WITHOUT ANY WARRANTIESOF MERCHANTABILITY, FITNESS FOR A PARTICULARPURPOSE AND ANY WARRANTY OR CONDITION OFNON-INFRINGEMENT. IBM products are warranted according to theterms and conditions of the agreements under which they are provided.WSW14181-USEN-06