Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
© 2015 IBM Corporation
IBM DataPower Gateways
Overview and Roadmap
Hugh Everett
IBM Technical Sales
IBM Manchester, UK
+44...
© 2015 IBM Corporation2
Agenda
 DataPower Gateway Overview
 Recent Releases
 Roadmap
 Q&A
© 2015 IBM Corporation33
DataPower Gateways …
3
IBM DataPower Gateways provide a low startup cost,
helping clients increas...
© 2015 IBM Corporation4
• Used by 95% of top global insurances
firms
• SaaS providers, ASPs, regulators, etc.
• Agencies a...
© 2015 IBM Corporation5
5
Business & IT Trends
• Enterprises are exposing new electronic channels, to serve:
• Customer (w...
© 2015 IBM Corporation6
B2B Gateway
API Gateway
API Gateway
Single Policy-driven & Extensible Security & Integration Gatew...
© 2015 IBM Corporation7
Enterprise
Applications
and Systems
DEVELOPERSPARTNERS CONSUMERS
EMPLOYEES
WEBMOBILEB2B SOA APIS
P...
© 2015 IBM Corporation8
 Simple Architecture: Firmware + purpose built hardware
 Guiding philosophy is to centralize com...
© 2015 IBM Corporation9
Purpose-Built API Gateway for Microservices Architecture
Trusted Platform Module
(TPM)
Hardware Ac...
© 2015 IBM Corporation10
IBM DataPower Gateway Appliances are the industry-leading
Security & Integration gateways that he...
© 2015 IBM Corporation11
Features
Before DataPower Gateway After DataPower Gateway
Control
Integrate
Optimize
Secure
Consu...
© 2015 IBM Corporation12
Modules
ISAM Proxy Module
 User access control, session
management, web SSO enforcement
 Advanc...
© 2015 IBM Corporation13
Deployment options
 Purpose-built, DMZ-ready appliances
provide physical security
 High density...
© 2015 IBM Corporation14
Virtual Edition
 DataPower gateway functionality in virtual appliance form
factor to rapidly sec...
© 2015 IBM Corporation15
DataPower’ing IBM Bluemix!!!
• Security
• Control
• Filtering
• Content-Based Routing
• Load bala...
© 2015 IBM Corporation16
Agenda
 DataPower Gateway Overview
 Recent Releases
 Roadmap
 Q&A
© 2015 IBM Corporation17
 GatewayScript: A JavaScript runtime that is
secured, optimized and tuned for the gateway
enviro...
© 2015 IBM Corporation18
• Secure JavaScript Processing Policy Action for manipulating Mobile, Web, API traffic
• Focuses ...
© 2015 IBM Corporation19
Highlights of IBM DataPower Gateway & V7.1
 Single multi-channel gateway platform to secure & op...
© 2015 IBM Corporation20
New Cloud Offerings
Secure Gateway for Bluemix
Applications
Easier DevOps with new REST API
Secur...
© 2015 IBM Corporation21
IBM API Management: One Integrated Platform
design, secure, control, publish, monitor & manage AP...
© 2015 IBM Corporation22
Integrated capabilities for Web and Mobile
Consolidated infrastructure with simpler topology & re...
© 2015 IBM Corporation24
What is ISAM for DataPower Module?
• ISAM for DataPower module provides the reverse proxy compone...
© 2015 IBM Corporation25
SSL Offload
Threat Protection
Rate Limiting / SLA Enforcement
Validation, Filtering
Authenticatio...
© 2015 IBM Corporation28
REST
1
5
3
2 4
Client
Provider
Improve
Response
Time
ImprovedLoad
DataPower
Large Response Time
W...
© 2015 IBM Corporation31
DataPower on GitHub
 Repository of DataPower related tools & collateral
 Open source
 Communit...
© 2015 IBM Corporation32
Agenda
 DataPower Gateway Overview
 Recent Releases
 Roadmap
Q&A
© 2015 IBM Corporation34
DataPower Roadmap
Security
OpenID Connect
Web Application Firewall
Advanced AU/AZ (ISAM)
Network ...
© 2015 IBM Corporation35
Gateway
Services
Public/Private Cloud
1. Enable Virtual Gateways to run in public &
private cloud...
© 2015 IBM Corporation36
Hybrid cloud integration using Secure Gateway Service
• Enhanced hybrid cloud integration
using S...
© 2015 IBM Corporation37
• DataPower device is partitioned into multiple independent environments:
– Isolation of test env...
© 2015 IBM Corporation39
Getting Social with IBM DataPower Gateways
DataPower on Slideshare LinkedIn
IBM DataPower Gateway...
© 2015 IBM Corporation40
Available Now: DataPower Handbook, Second Edition, Volume 1
 Known as the ‘bible’ of
DataPower p...
© 2015 IBM Corporation41
Agenda
 DataPower Gateway Overview
 Recent Releases
 Roadmap
Q&A
Thank You
© 2015 IBM Corporation42
BACKUP
© 2015 IBM Corporation43
 Simple Architecture: Purpose-built firmware + hardware
 Complete gateway platform delivered as...
© 2015 IBM Corporation4444
Configuration-driven approach speeds time to market
• Enforce security standards with zero codi...
© 2015 IBM Corporation45
(2U Physical, Virtual Edition)
ISAM
Proxy
Module
Integration
Module
B2B
Module
AO
Module
TIBCO
EM...
© 2015 IBM Corporation46
Capabilities
Rapidly deliver secure integration & optimized access for a full range of workloads
...
© 2015 IBM Corporation47
SSL Offload
Threat Protection
Rate Limiting / SLA Enforcement
Validation,Filtering
Authentication...
© 2015 IBM Corporation48
• Data format & language
– JavaScript
‒ JSON
‒ JSON Schema
‒ JSONiq
‒ REST
‒ SOAP 1.1, 1.2
‒ WSDL...
© 2015 IBM Corporation4949
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
Gigabit/Sec
HW Solution
Acquisition...
© 2015 IBM Corporation50
The adoption of cloud, analytics, mobile, and social computing
is forcing organizations to open I...
Upcoming SlideShare
Loading in …5
×

WebSphere Integration User Group 13 July 2015 : DataPower session

928 views

Published on

Presentation material used to discuss DataPower during the WI UG in IBM Hursley UK on 13 July 2015

Published in: Technology
  • Be the first to comment

WebSphere Integration User Group 13 July 2015 : DataPower session

  1. 1. © 2015 IBM Corporation IBM DataPower Gateways Overview and Roadmap Hugh Everett IBM Technical Sales IBM Manchester, UK +44-7711-059360 Hugh_Everett@uk.ibm.com
  2. 2. © 2015 IBM Corporation2 Agenda  DataPower Gateway Overview  Recent Releases  Roadmap  Q&A
  3. 3. © 2015 IBM Corporation33 DataPower Gateways … 3 IBM DataPower Gateways provide a low startup cost, helping clients increase ROI and reduce TCO with specialized, consumable, dedicated gateway appliances that combine superior performance and hardened security in physical and virtual form factors INTEGRATE Systems of Engagement with Systems of Record CONTROL & MANAGE Traffic and Service Level Agreements SECURE Mobile, API, Web, SOA, B2B and Cloud Workloads OPTIMIZE Data Delivery and User Experiences CONSOLIDATE & Simplify Infrastructure Footprint
  4. 4. © 2015 IBM Corporation4 • Used by 95% of top global insurances firms • SaaS providers, ASPs, regulators, etc. • Agencies and ministries • Defense and security organizations • Crown corporations Insurance Government Banking • Healthcare • Retailers • Utilities, Power, Oil and Gas • Telecom • Airlines • Others Many, many, more • Majority of the big US and European banks • All of the big 5 Canadian banks • Numerous regional banks and credit unions DataPower Gateways Over 14 years of innovation & over 2,000 global installations
  5. 5. © 2015 IBM Corporation5 5 Business & IT Trends • Enterprises are exposing new electronic channels, to serve: • Customer (web and mobile apps) • Employee (web and mobile apps) • Partners (B2B) • Developers (APIs) • Focus on demands of Systems of Engagement for scale, responsiveness, control & security for accessing System of Records • Virtualized data centers & cloud deployments are the new norm • Fragmented “edge” capabilities create operational complexity • Threat protection, traffic management, protocol mapping, transformation, caching, authentication & authorization (AAA), single sign-on, metering and analytics, optimization
  6. 6. © 2015 IBM Corporation6 B2B Gateway API Gateway API Gateway Single Policy-driven & Extensible Security & Integration Gateway Connectivity Control & Visibility Advanced Access Security Advanced Threat Protection Performance Optimization Data Security DataPower Gateway (Physical or virtual) DataPower Gateway (Physical or virtual) Runtime security enforcement | Traffic control & monitoring | Integration | Optimization Web Access Management Web Servers On-demand Router WebSphere VE WAS ND Load Balancer ADC Yesterday Today Internet Internet Mobile/API Gateway Web Application Firewall Consolidate the Edges Apps, Services, Middleware, z System Apps, Services, Middleware, z System SOA / ESB Gateway B2B Gateway
  7. 7. © 2015 IBM Corporation7 Enterprise Applications and Systems DEVELOPERSPARTNERS CONSUMERS EMPLOYEES WEBMOBILEB2B SOA APIS PARTNERS DEVELOPERS Business Channels Users Security & Control Solutions CLOUD ALL CONSUMERS EMPLOYEES Converged, Multi-Channel Gateway for Edge Processing Reduce cost + improve security & control Gateway services in Cloud Virtual appliance in Public & Private Cloud Physical appliance z SystemMiddleware ESBApplication Service
  8. 8. © 2015 IBM Corporation8  Simple Architecture: Firmware + purpose built hardware  Guiding philosophy is to centralize common security, integration, control, and traffic management functions and optimize them in a security-hardened appliance Simple and Secure Platform Architecture Display Ports database config App Server config Apache HTTPD config JVM config Proprietary Software config Linux Daemons config JSP Engine glibclibxml Full Linux OS (including shells and user accounts) config Bootable CDROM Drive Bootable USB Ports Hardware Commodity Gateways config Hardware DataPower Gateway Digitally Signed and Encrypted Firmware Flash Memory Crypto Acceleration IBM Optimized Embedded Operating Environment Purpose-built Gateways
  9. 9. © 2015 IBM Corporation9 Purpose-Built API Gateway for Microservices Architecture Trusted Platform Module (TPM) Hardware Accelerated Crypto Card No DVD/CD Drives & Working USB Ports Intrusion Detection Switch HSM Module for FIPS 140-2 Signed & Encrypted Firmware Secured & Optimized XSLT & JavaScript Compiler Encrypted Flash Storage
  10. 10. © 2015 IBM Corporation10 IBM DataPower Gateway Appliances are the industry-leading Security & Integration gateways that help provide security, integration, control and optimized access to a full range of Mobile, Web, API, SOA, B2B, & Cloud workloads Common Use Cases Internet Trusted Domain Consumer Application or Service DMZ Trading partners 1 Mobile Gateway 2 API Gateway 3 Web Gateway 4 B2B Partner Gateway 5 SOA & API Gateway 6 ESB / Integration Gateway 7 Internal Security Enforcement 8 Web Services Governance & Management 9 Legacy Integration Consumer Middleware z System DataPower Gateway DataPower Gateway
  11. 11. © 2015 IBM Corporation11 Features Before DataPower Gateway After DataPower Gateway Control Integrate Optimize Secure Consumer Consumer Consumer Consumer Simplify, offload & centralize critical functions Integrate Any-to-any message transformation Transport protocol bridging Message enrichment Database connectivity Mainframe connectivity B2B trading partner connectivity Control OptimizeSecure SSL / TLS offload Hardware accelerated crypto operations JSON, XML offload JavaScript, JSONiq, XSLT, XQuery acceleration Response caching Intelligent load distribution Service level management Quota enforcement, rate limiting Message accounting Content-based routing Failure re-routing Integration with management & visibility platforms Authentication, authorization, auditing Security token translation Threat protection Schema validation Message filtering & semantics validation Message digital signature Message encryption
  12. 12. © 2015 IBM Corporation12 Modules ISAM Proxy Module  User access control, session management, web SSO enforcement  Advanced mobile security: mobile SSO, context-based access, one- time password, multi-factor authn  Integration with ISAM for Mobile Application Optimization Module  Frontend self-balancing  Backend intelligent load distrib’n (ADC)  Session affinity  z Sysplex Distributor integration Integration Module  Any-to-Any message transformation  Database connectivity  Mainframe IMS connectivity B2B Module  B2B DMZ gateway  EDIINT AS1,AS2,AS3,ebXML  Partner profile management  B2B transaction viewer  Any-to-Any message transformation  Database connectivity TIBCO EMS Module  Integrate with TIBCO EMS messaging middleware  Support for queues & topics  Load balancing & fault-tolerance IBM DataPower Gateway (Base) Secure  Authentication, authorization  Security token translation  Service / API virtualization  Threat protection  Message validation  Message filtering  Message digital signature  Message encryption  AV scanning integration Integrate  Transport protocol bridging  Message enrichment  Message transformation & processing using JavaScript, JSONiq, XQuery, XSLT  Mainframe integration & enablement  Flexible pipeline message processing engine Control & Manage  Service level management  Quota & rate enforcement  Content-based routing  Message accounting  Integration w/ management & visibility platforms including IBM API Management & WSRR for policy enforcement Optimize & Offload  SSL / TLS offload  Hardware accelerated crypto*  JSON, XML offload  JavaScript, JSONiq, XSLT, XQuery acceleration  Local response caching  Distributed caching with WXS or XC10  Backend load balancing 2U Physical or Virtual Edition Single, modular & extensible platform (2 of 2)
  13. 13. © 2015 IBM Corporation13 Deployment options  Purpose-built, DMZ-ready appliances provide physical security  High density 2U rack-mount design  8 x 1 and 2 x 10 GbE ports  Cryptographic acceleration card  Trusted platform module  Customized intrusion detection  Optional HSM (FIPS 140-2 Level 3 certified)  Virtual appliances provide deployment flexibility  Support multiple hypervisors and cloud environments − VMware − Citrix XenServer − IBM PureApplication System (x86 nodes) − IBM PureApplication Service on SoftLayer (x86 nodes) − IBM SoftLayer bare metal instances using supported hypervisors VirtualPhysical
  14. 14. © 2015 IBM Corporation14 Virtual Edition  DataPower gateway functionality in virtual appliance form factor to rapidly secure, integrate, control & optimize access to Mobile, API, Web, SOA & B2B workloads in hypervisor & clouds platforms  Use for development, test or production  Supports multiple hypervisor & cloud platforms  VMware  Citrix XenServer  IBM PureApplication System W1500/W2500  IBM PureApplication Service on SoftLayer (x86)  IBM SoftLayer bare metal instances on x86 nodes  Seamless configuration migration between physical and virtual appliances  Utilizes the same industry-proven & purpose-built platform including an embedded, optimized DataPower Operating System, that powers the physical appliances x86 Server Delivers purpose-built, highly consumable Security & Integration Gateway functionality in virtual appliance form factor for cloud deployments
  15. 15. © 2015 IBM Corporation15 DataPower’ing IBM Bluemix!!! • Security • Control • Filtering • Content-Based Routing • Load balancing • Monitoring and Logging Mobile client Bluemix Tooling VM Application Manager App App App App Service Service Service Service Open Stack External ServiceExternal Services Internet Did you know? DataPower is trusted as the exclusive gateway for Bluemix, IBM’s global Platform as a Service
  16. 16. © 2015 IBM Corporation16 Agenda  DataPower Gateway Overview  Recent Releases  Roadmap  Q&A
  17. 17. © 2015 IBM Corporation17  GatewayScript: A JavaScript runtime that is secured, optimized and tuned for the gateway environment to simplify configuration for developers and provide an easier development paradigm for Mobile, Web, & API  New Virtual Edition for Developers provides a low cost, per user pricing, and easy to use gateway for developers  Support for Citrix XenServer hypervisor provides additional deployment flexibility on-premise & cloud deployments  WebSocket Proxy support enables full-duplex, bi- directional, & low-latency communication for Mobile & Web applications, Internet of Things  Improved security & traffic control functionality in support of IBM API Management offering Highlights of DataPower v7.0 GatewayScript Released June 2014
  18. 18. © 2015 IBM Corporation18 • Secure JavaScript Processing Policy Action for manipulating Mobile, Web, API traffic • Focuses on the “Developer” experience, with familiar and friendly constructs and APIs • Why JavaScript – Popular scripting language – Large ecosystem – Fast moving community driven – Client & Server-side, now Gateway too • New GatewayScript Processing Policy Action – Transformation style processing policy action – Access to gateway functions through APIs • Attributes of GatewayScript – Secure: transaction isolation, code injection protection, short lived execution, small footprint – Manipulate with ease JSON and binary data. Implement your own format handling – Performant • Compiler technology & native execution. Leverages common infrastructure with XSTL • Ahead of time compilation with caching, not single threaded – Flexible and Modular • Fully CommonJS Module compliant • Port community developed feature and function where beneficial GatewayScript Action GatewayScript™
  19. 19. © 2015 IBM Corporation19 Highlights of IBM DataPower Gateway & V7.1  Single multi-channel gateway platform to secure & optimize delivery of mobile, API, web, SOA, B2B, cloud apps, and integrate with IBM MobileFirst & WebSphere platforms  Integrates industry-proven access enforcement capabilities of IBM Security Access Manager into the DataPower platform, available as add-on ISAM Proxy Module  IBM DataPower Gateway is the new name of a consolidated, extensible & modular platform  Converges three existing products, XG45 / XI52 / XB62, into a single modular offering  Physical appliance uses purpose-built latest generation hardware platform to provide increased performance & capacity  Virtual appliance runs on VMware & Citrix XenServer hypervisors and cloud platforms that support them  Easy-to-use & secure B2B integration capabilities, formerly on XB62 appliances only, available as add-on B2B Module  Enable authentication from internet consumers & Non-Microsoft consumers to Microsoft systems with Kerberos S4U2Self support
  20. 20. © 2015 IBM Corporation20 New Cloud Offerings Secure Gateway for Bluemix Applications Easier DevOps with new REST API Secure. Integrate. Control. Optimize. GatewayScript Enhancements Robust Platform Security 7.2 Features Deploy DataPower Gateways on Amazon EC2 and SoftLayer CCI to provide enhanced cloud elasticity for cloud workloads. Enhanced hybrid cloud integration to securely connect between IBM Bluemix applications and on-premise services protected using DataPower Gateways Protect mission-critical applications from security vulnerabilities with enhanced TLS protocol support using Elliptic Curve Cryptography, Server Name Indication, and Perfect Forward Secrecy New REST-based management API to build deployment and automation scripts, enabling easier devops for continuous software delivery and quicker problem resolution. Enhanced Mobile and API security Easily transform between XML and JSON messages to quickly integrate System of Records data sources with Systems of Engagement interfaces Increased mobile and API security for protecting mission-critical transactions with JSON Encryption, JSON Signature, JSON Key, and JSON Token Available June 19th, 2015 Announce May 26th, 2015
  21. 21. © 2015 IBM Corporation21 IBM API Management: One Integrated Platform design, secure, control, publish, monitor & manage APIs Explore API documentation Provision application keys Self-service experience Developer Portal API Manager Management Console Define and manage APIs Explore API usage with analytics Manage API user communities Provision system resources Monitor runtime health Scale the environment API Gateway (IBM DataPower) Enforce runtime policies to control API traffic
  22. 22. © 2015 IBM Corporation22 Integrated capabilities for Web and Mobile Consolidated infrastructure with simpler topology & reduced TCO Internet Application Server Cluster WAS ND, MobileFirst, Commerce, Portal, Process Server DataPower Appliances WebSphere Extreme Scale 1 2 3 4 High availability application gateway Replacing existing load balancers with optional embedded ADC module Out-of-the-box WAS proxy •Intelligent load balancing for WAS ND clusters without additional servers •Application-specific optimized routing & session affinity Enhanced caching capabilities On-the-box cache with user-friendly policy control and optional distributed caching with seamless WXS integration Gateway Web Application Gateway Application security capabilities for simplicity, improved performance and scalability modules; Protection from zero day and OWASP Top 10 attacks with optional Web Application Firewall module and optional ISAM module to provide Web Access Mgmt
  23. 23. © 2015 IBM Corporation24 What is ISAM for DataPower Module? • ISAM for DataPower module provides the reverse proxy component that is available on ISAM for Web and ISAM for Mobile appliances ISAM Module DataPower Base Appliance • Reverse Proxy IBM Security Access Manager for Mobile • Context based Access (CBA) • One-time Password (OTP) / Multi-factor Authentication (MFA) • Advanced Security IBM Security Access Manager for Web • Load Balancer • Protocol Analysis Module (PAM) ISAM for Web was formerly known as Tivoli Access Manager for E-Business (TAMeb)
  24. 24. © 2015 IBM Corporation25 SSL Offload Threat Protection Rate Limiting / SLA Enforcement Validation, Filtering Authentication Authorization Context-based Access Mobile SS0 Security Token Translation Message Transformation Content-Based Routing IntelligentLoad Distribution Response Caching Middleware / ESB, Legacy Apps Apps, Services Rapidly Connect Mobile Apps with Enterprise Services Securely expose enterprise data & APIs to Mobile Apps while optimizing delivery IBM DataPower Gateway ISAM Module /apimanagement Native, Hybrid, Mobile Web
  25. 25. © 2015 IBM Corporation28 REST 1 5 3 2 4 Client Provider Improve Response Time ImprovedLoad DataPower Large Response Time WebSphere Extreme Scale (WXS) http://www-01.ibm.com/support/docview.wss?uid=swg21697033 1. Client submits application request. 2. DataPower parses request and queries WXS. On a hit, skip to step 5. 3. On a miss, DataPower forwards request to target Provider. 4. DataPower adds application response to WXS. 5. Client receives response from DataPower. Response Caching Integration with WXS
  26. 26. © 2015 IBM Corporation31 DataPower on GitHub  Repository of DataPower related tools & collateral  Open source  Community driven: Use, collaborate, contribute  http://ibm-datapower.github.io/  DataPower Configuration Manager  Tool for DataPower configuration management & migration  Standalone command line or IBM UrbanCode Deploy plugin  https://github.com/ibm-datapower/datapower-configuration-manager  https://github.com/ibm-datapower/datapower-configuration-manager/wiki/Easy-On-Ramp  DPXMLSH  Bash script / shell library for working with DataPower’s XML Management interface  Interactive & scripted use  https://github.com/ibm-datapower/datapower-xml-shell
  27. 27. © 2015 IBM Corporation32 Agenda  DataPower Gateway Overview  Recent Releases  Roadmap Q&A
  28. 28. © 2015 IBM Corporation34 DataPower Roadmap Security OpenID Connect Web Application Firewall Advanced AU/AZ (ISAM) Network HSM support Integration DFDL Raw TCP/IP Socket 3rd Party JMS Control Enhanced SLA / rate limiting Layer4 load balancing Layer7 self balancing OOTB Monitoring Optimization Distributed caching GatewayScript streaming Intelligent compression Web performance optimization API Dynamic policy support Advanced security enforcement Advanced control, optimization Robust analytics data handling B2B AS4 Connect:Direct Translucent FTP Proxy User Experience NextGen UX GatewayScript IDE Support GatewayScript Debugging Cloud / Platform Multi-tenancy Amazon EC2 DPaaS KVM Mobile MobileFirst integration Dynamic policy support Advanced SICO* enforcement MQTT * Security, integration, control, optimization
  29. 29. © 2015 IBM Corporation35 Gateway Services Public/Private Cloud 1. Enable Virtual Gateways to run in public & private clouds – IBM & Non-IBM platforms • SoftLayer, Bluemix, PureApplication System, z System • Amazon EC2, VMware vCloud, Microsoft Azure – Support relevant hypervisors including VMWare, Xen, KVM, Hyper-V – BYOL, PAYG licensing models Gateway as a Service IBM Cloud 2. Enable Gateway as a Service in IBM Cloud – Provided as a built-in & integrated component of the platform – Evaluation Center with pre-built Integrations for Try and Buy – BYOL, PAYG licensing model 3. Enable Gateway Services in IBM Cloud and in Containers “DataPower Containers Everywhere” (Docker / LXC ) – Provided as a built-in & integrated component of the platform & Catalog – Granular gateway capabilities – PAYG licensing models Gateway Services IBM Cloud SoftLayer, Bluemix, PureApplication DataPower Cloud Gateway Edition
  30. 30. © 2015 IBM Corporation36 Hybrid cloud integration using Secure Gateway Service • Enhanced hybrid cloud integration using Secure Gateway service to securely connect between IBM Bluemix applications and on-premise services protected using DataPower Gateways – Quickly setup connectivity without making enterprise firewall changes while still allowing controlled access from cloud services – Supports multiple gateways instances, load balancing and fault tolerance – Manage and monitor gateway instances and usage Bluemix On Premise Datacenter ServicesRuntimes New
  31. 31. © 2015 IBM Corporation37 • DataPower device is partitioned into multiple independent environments: – Isolation of test environments – Isolation of business concerns – Improve utilization • Full isolation achieved using a hardware optimized DataPower Hypervisor – Maintains model of trust chain established down to the hardware – Resources are capped within each partition 3 7 Multi-Tenant Appliances DataPower Appliances Appliance is partitioned into multiple segments, each is independent and isolated
  32. 32. © 2015 IBM Corporation39 Getting Social with IBM DataPower Gateways DataPower on Slideshare LinkedIn IBM DataPower Gateway Group developerWorks BlogYouTube IBM DataPower Gateway Channel Twitter @IBMGateways Online User Forum • YouTube Channel: IBM DataPower Gateways • Slideshare: IBM DataPower Gateway • Twitter: @IBMGateways • LinkedIn Group: IBM DataPower Gateway • developerWorks blog: IBM DataPower Gateway • GitHub: IBM DataPower Gateway • Online User Forum • Product page on ibm.com • Product documentation
  33. 33. © 2015 IBM Corporation40 Available Now: DataPower Handbook, Second Edition, Volume 1  Known as the ‘bible’ of DataPower planning, implementation, and usage.  New content to cover previous six years of new products/features, including 9006/7.1!  Volume 1 consists of Chap 1 DataPower Intro, Chap 2 Setup Guide, new Preface and two invaluable new appendices for physical and virtual appliances. Available in softcover and e-book formats
  34. 34. © 2015 IBM Corporation41 Agenda  DataPower Gateway Overview  Recent Releases  Roadmap Q&A Thank You
  35. 35. © 2015 IBM Corporation42 BACKUP
  36. 36. © 2015 IBM Corporation43  Simple Architecture: Purpose-built firmware + hardware  Complete gateway platform delivered as firmware  Guiding philosophy is to centralize common security, integration, control, traffic management, acceleration functions and optimize them in a security-hardened gateway appliance Simple and Secure Architecture Display Ports database config App Server config Apache HTTPD config JVM config Proprietary Software config Linux Daemons config JSP Engine glibclibxml Full Linux OS (including shells and user accounts) config Bootable CDROM Drive Bootable USB Ports Hardware Commodity Gateways config Hardware DataPower Gateway Platform Digitally Signed and Encrypted Firmware Flash Memory Crypto Acceleration IBM Optimized Embedded Operating Environment Purpose-built Gateways
  37. 37. © 2015 IBM Corporation4444 Configuration-driven approach speeds time to market • Enforce security standards with zero coding • Uses intuitive pipeline message processing • Import/export configurations between environments • Transaction probe shows message content between actions for debugging 44
  38. 38. © 2015 IBM Corporation45 (2U Physical, Virtual Edition) ISAM Proxy Module Integration Module B2B Module AO Module TIBCO EMS Module  IBM DataPower Gateway is the new name of a consolidated, extensible & modular platform  Converges three existing products, XG45 / XI52 / XB62, into a single modular offering  Available in physical and virtual form factor  Physical Appliance  2U rack mount appliance using latest generation hardware platform  Two base editions: Non-HSM and HSM (FIPS 140-2 Level 3 certified)  Each software module is licensed separately  Virtual Edition  Three editions: Developer, Non-Production, Production  Developer includes all software modules at no additional cost, except TIBCO EMS  Non-Production includes all software modules at no additional cost, except TIBCO EMS & ISAM Proxy  Production: Each software module is licensed separately Supports V7.1 & above All software modules are field upgradeable Single, modular & extensible platform
  39. 39. © 2015 IBM Corporation46 Capabilities Rapidly deliver secure integration & optimized access for a full range of workloads • Secure & protect your back-end systems from harmful workloads and unauthorized users & apps • Convert payloads, bridge transports and connect to existing services at wire-speed • Limit & shape traffic based on service level agreements, and route based on message content • Improve response times, reduce load on backend systems and intelligently distribute load Secure Control Integrate Optimize Before DataPower Gateway After DataPower Gateway Control Integrate Optimize SecureConsumer Consumer Consumer Consumer
  40. 40. © 2015 IBM Corporation47 SSL Offload Threat Protection Rate Limiting / SLA Enforcement Validation,Filtering Authentication,Authorization Context-basedAccess,Mobile SS0 Security Token Translation Message Transformation Content-BasedRouting IntelligentLoad Distribution Response Caching Connect Mobile Apps with Enterprise Services Securely expose enterprise systems & APIs to Mobile Apps while optimizing delivery
  41. 41. © 2015 IBM Corporation48 • Data format & language – JavaScript ‒ JSON ‒ JSON Schema ‒ JSONiq ‒ REST ‒ SOAP 1.1, 1.2 ‒ WSDL 1.1 ‒ XML 1.0 ‒ XML Schema 1.0 ‒ XPath 1.0 ‒ XPath 2.0 (XQuery only) ‒ XSLT 1.0 ‒ XQuery 1.0 • Security policy enforcement ‒ OAuth 2.0 ‒ SAML 1.0, 1.1 and 2.0, SAML Token Profile, SAML queries ‒ XACML 2.0 ‒ Kerberos (including S4U2Self, S4U2Proxy) ‒ SPNEGO ‒ RADIUS ‒ RSA SecurID OTP using RADIUS ‒ LDAP versions 2 and 3 ‒ Lightweight Third-Party Authentication ‒ Microsoft Active Directory ‒ FIPS 140-2 Level 3 (w/ optional HSM) ‒ FIPS 140-2 Level 1 (w/ certified crypto module) ‒ SAF & IBM RACF® integration with z/OS ‒ Internet Content Adaptation Protocol ‒ W3C XML Encryption ‒ W3C XML Signature ‒ S/MIME encryption and digital signature ‒ WS-Security 1.0, 1.1 ‒ WS-I Basic Security Profile 1.0, 1.1 ‒ WS-SecurityPolicy ‒ WS-SecureConversation 1.3 DataPower Gateway: Supported standards & protocols • Transport & connectivity – HTTP, HTTPS, WebSocket Proxy – FTP, FTPS, SFTP – WebSphere MQ – WebSphere MQ File Transfer Edition – TIBCO EMS – WebSphere Java Message Service – IBM IMS Connect, & IMS Callout – NFS – AS1, AS2, AS3, ebMS 2.0, CPPA 2.0, POP, SMTP (XB62) – DB2, Microsoft SQL Server, Oracle, Sybase, IMS • Transport Layer Security ‒ TLS versions 1.0, 1.1, and 1.2 ‒ SSL versions 2 and 3 • Public key infrastructure (PKI) ‒ RSA, 3DES, DES, AES, SHA, X.509, CRLs, OCSP ‒ PKCS#1, PKCS#5, PKCS#7, PKCS#8, PKCS#10, PKCS#12 ‒ XKMS for integration with Tivoli Security Policy Manager (TSPM) • Management ‒ Simple Network Management Protocol ‒ SYSLOG ‒ IPv4, IPv6 • Open File Formats ‒ Distributed Management Task Force (DMTF) Open Virtualization Format (OVF) ‒ Virtual Machine Disk Format (VMDK) ‒ Virtual Hard Disk (VHD) Link to Product Documentation • Web services – WS-I Basic Profile 1.0, 1.1 – WS-I Simple SOAP Basic Profile – WS-Policy Framework – WS-Policy 1.2, 1.5 – WS-Trust 1.3 – WS-Addressing – WS-Enumeration – WS-Eventing – WS-Notification – Web Services Distributed Management – WS-Management – WS-I Attachments Profile – SOAP Attachment Feature 1.2 – SOAP with Attachments (SwA) – Direct Internet Message Encapsulation – Multipurpose Internet Mail Extensions – XML-binary Optimized Packaging (XOP) – Message Transmission Optimization Mechanism (MTOM) – WS-MediationPolicy (IBM standard) – Universal Description, Discovery, and Integration (UDDI versions 2 and 3), UDDI version 3 subscription – WebSphere Service Registry and Repository (WSRR)
  42. 42. © 2015 IBM Corporation4949 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 Gigabit/Sec HW Solution Acquisition ITCAM for SOA (Transaction Monitoring) Model 9235 (aka 9004) Model 7993 (aka 9003) WebSphere Transformation Extender XA35 XS40 XI50 XB60 2012 XG45, XI52 & XB62 XI50B Blade WebSphere Appliance Management Center Optimized Interpreter and Compiler Optimized Hardware Acceleration 2013 2014 Application Optimization (Self-Balancing & Intelligent Load Distribution) XI50z Blade Virtual Edition (VMware) Virtual Edition (PureApplication System) Virtual Edition (for Developers + XenServer) Optimized & secure JavaScript Multi-channel Gateway Consolidated Gateway Platform ISAM Proxy Module Over 14 years of innovation & 2000+ global installations IBM DataPower Gateway
  43. 43. © 2015 IBM Corporation50 The adoption of cloud, analytics, mobile, and social computing is forcing organizations to open IT assets to new business channels …and challenging them to rethink the way they have traditionally approached security & control Between 2005 and 2020, the amount of data in the world will grow 300X, from 130 to 40,000 exabytes. 81% of adults use personally owned mobile devices for conducting business 70% of employees are engaged in social activities both internally and externally 73% of organizations discovered cloud usage outside of IT or security policies

×