Using IBM DataPower for rapid security and application integration with an open source enterprise

© 2014 Dealertrack Technologies, Inc. All rights reserved.
Using DataPower for rapid security and application integration
with an open source enterprise
Gennadiy Civil, Director Technology Architecture
Dealertrack Technologies
April 2013
IBM IMPACT 2014 Conference Session 2035A

2
Agenda
I. Background
II. What are we integrating?
III. Integration Components – Data Layer and Services Layer
IV. Data Integration – Hub and Spoke IBM CDC
V. Partner Integration – IBM Data Power
VI. Use Case 1 – DataPower Partner Service Integration
VII. Use Case 2 – DataPower SSO Integration
VIII. Use Case 3 – DataPower Batch File Exchange
IX. Use Case 4 – DataPower Integration between DT Offerings
X. Use Case 5 – DataPower Encrypting Proxy
XI. Team Dynamics and Skill sets
XII. Living with IBM Data Power
XIII. Questions

3
Background
●
Dealertrack Technologies (NASDAQ:TRAK) is the leading
software-as-a-service and data provider to the automotive industry
●
Origins as the first multi-lender auto finance portal. Dealertrack
started at a time when you had to fill a paper application at a car
dealership and fax the application to a few banks the dealer
worked with.
●
Today when you buy or lease a car from a dealer in US or Canada
chances are your electronic application goes through a
Dealertrack network to over 1000 lenders
●
11 Major product offerings from auto finance to registration and
vehicle title management
●
Dealertrack's software is there at every step from the initial contact
when you walked into a dealership or started on-line research until
you drive away in a new car

4
4
Exclusively available on Dealertrack
Dealertrack Partners – small sample

5
Background
●
In our 14-year history, Dealertrack has made 24 acquisitions and developed 11 major
new products internally
●
This means a great variety of LOB's applications using all kinds of technology
●
Integration of our products and the ability to create new resources is the company's
#1 strategic project
●
Python / Django / Apache / Mule ESB / Red Hat MRG
●
Java / jBoss / Tomcat/ JSF / SringMVC/ AngularJS/ Swing/
●
Perl / php / COBOL / C++
●
IIS / .NET / MSMQ
●
RPG2 / WebSphere MQ
●
CA Siteminder for Authentication
●
DB2 PureData/DB2 Standalone/MySQL/MS SQL Server/MUMPS/Oracle
●
Others

6
What are we integrating?
A combination of web, mobile apps, web services, and 5250 telnet
delivered SaaS products for all aspects of the retail automotive supply
chain
Customers include:
●
Auto Dealers
●
Lenders
●
Manufacturers
●
Web Portals
●
After-market Suppliers
●
Parts Manufacturers
●
State Governments
●
Independent Providers

7
Integration Layers
●
Data Integration – using InfoSphere CDC
●
Services Integration on the ESB
●
Partner Integration – IBM DataPower
Real Time
Master Data Management
over IBM CDC
LOB1
Finance
Solutions
LOB2
Lender
Solutions
LOB..N
Data
Power
Mule ESB
Real Time Master Data Management
over IBM CDC
Partners
Web Services
DMZ

8
Data Integration – IBM CDC
●
Sharing key data elements across DT solutions make
each solution more valuable to our users
●
Every process touches one or more of:
– Dealers
– Users
– Partners
– Customers
– Vehicles
●
Re-platforming of all solutions to a common single
database would require many hundreds of person-years
of effort and produce no meaningful benefit until
completion
over IBM CDC

9
Data Integration Constraints and
Approach
Constraints:
●
Wholesale application conversion to SOA or re-hosting with conversion to
a common database is too costly and time consuming for all applications
●
Subject matter expert developers are our scarcest resources and are
often skilled in and deeply wedded to specific software stacks
●
Integration of data is a prerequisite to integrating applications
●
Thousands of external data integration points with 3rd parties
Approach:
●
Definition of common data entities that are shared across platforms
●
Minimum modification of applications to create and consume shared data
●
Real-time replication between databases in a hub and spoke topology
over IBM CDC

10
Partner Integration - Why
Dealertrack Needs:
●
Reduce the burden on developers:
●
Offload the following :
– Encrypt/decrypt, sign and verify for service traffic to Partner
– Authenticate incoming SOAP and REST service calls
– Allow the development team to focus on the business logic
– Integrate with existing authentication provider
– Integrate with Open source products
– Integrate with the rest of Dealertrack Systems
●
Previous bad development experience with custom encryption/decryption –
over two weeks in troubleshooting because of “.” and not a “,” in the
certificate
Data
Power

11
IBM Data Power for Partner Integration
Choosing:
●
Compared with competitors
●
6 hours POC comparing with 5 days competitors
●
Last year Impact 2013 Conference DataPower sessions galore.
●
IBM has been very solid partner to work with from the initial requir
to the purchase process
●
Choose DataPower

12
Use Case 1 - Partner Integration
●
SOAP Web Service
●
No need to actually write the service implementation
●
Takes care of complex details, enables development team
to focus on the application logic
Partner
Data Power
Mule
ESB
SOAP
WS-Security
Host WSDL
Decrypt
Validate Signature
Log
Convert to JSON
Encrypt/Sign
HTTP
Convert to SOAP/XML

13
Use Case 1 - Partner Integration
Partner Integration - DataPower
Real Time
Master Data Management
over IBM CDC
Data
Power Mule
ESB
over IBM CDC
Partners
Web Services
RedHat
MRG
Message
Broker
Apache
Web Farm
Python/Django
End
Users
HTTP(s)
Apache
Services Farm
Python

14
Use Case 2 - SSO Mobile Integration
●
DMS – Dealer Management Solutions is a line of
business within Dealertrack
●
Dealertrack Portals is Dealertrack's F&I offering
●
The Use Case:
– Single Sign On between desktop browser and the mobile device. The user
needed to see the same page as the desktop browser on the mobil device
– The salesperson at the dealership needs to get up from his or her desk and have
the same page of the currently displayed application show up on the mobile
device
– QR Code printed on a screen, scan the code and have the device login and
synchronize the session to the mobile device
– This means SSO – Single Sign On between the QR code link and DT Portal
– Cant pass password around, need to be password-less
– DataPower made the job easy

15
Partner Integration - DataPower
Data
Power
Mule
ESB
End
Users
HTTPs
Apache
Services Farm
Python
Siteminder

16
●
Client Sends URL
Request with a token
from QR Code
●
DataPower:
– Calls Service To Validate Token
– Decodes
– Uses AAA Policy to create SAML
– POSTs SAML to SiteMinder
– No need for the programmers to
understand SAML particulars, the
DataPower handles the
integration without coding

17
Partner Integration – Use Case 3
●
Batch File Exchange integration
●
Simple Poll from the Partner SFTP Site
●
Drop to internal FTP site with Dynamic location based on
original file name
●
Saves a lot of development work for Dealertrack

18
Use Case 4 – Data Integration between
applications
●
Send DMS ( Dealer Management System)” deal” to
DataPower.
●
HTTP Form POST XML in the body and convert to JSON
●
Call existing service with JSON
●
Service Responds and DP converts to HTTP response

19
Use Case 5 – Encrypting Proxy
●
Dealertrack purchased
ATMOS document storage
device
●
In Development the doc
storage is in the cloud
●
In Post-Development there is
a physical appliance within
Dealertrack Infrastructure
●
The applications want to
know or care about the fact
that the documents need to
be stored encrypted “@rest”
Client Application
Data Power
Route Dev/Prod
Encrypt/ Decrypt

20
Team Dynamics
●
7 Scrum Teams running development
●
Operations team supporting DataPower from
administration point of view
●
Started with IBM Training
– Admin Training
– Development training
●
DevOps are part of the development Scrum teams
●
Over 11 month 13 developers in different Scrum teams
got familiar and comfortable with DataPower
– 5 reformed Microsoft developers
●
XSLT is an essential skill
– 7 Python/Java Open Source Developers

21
Living with Data Power
●
6 month in production
– 5 Use Cases in production
– Volume is low but ramping up every day
●
No issues
●
Data Power Wish List
– Custom JMS – prefer to be able to connect to our
message broker directly ( RedHat MRG )
– PGP Encryption – PGP was a requirement from the
partner and the only encryption technology
available to them

22
That is all folks!
●
In today's presentation I have told the
Dealertrack's DataPower Story starting with
last year Impact 2013 conference to being
in production now
●
I am happy to answer any questions at this
time
●
After the question and answer period we will
wrap this session with short closing remarks

23
Questions?

24
Final Remarks
●
In closing I wold like to mention that Dealertrack
starts new story this year at Impact 2014
●
We purchased IBM BPM and ODM products and
starting to implement new line of solutions
●
Dealertrack's first “Quick Win” project with BPM
and ODM is scheduled to start Monday when we
come back from Impact and hopefully recover
from the information overload over the weekend
●
Hope to present a similar session at next year's
conference telling a BPM and ODM success story

Using IBM DataPower for rapid security and application integration with an open source enterprise

More Related Content

What's hot

Viewers also liked

Similar to Using IBM DataPower for rapid security and application integration with an open source enterprise

Recently uploaded

Using IBM DataPower for rapid security and application integration with an open source enterprise