9. DataPower vs. Typical Software-based Solution Special Purposed Hardware Firmware XML Acceleration Crypto Acceleration Configuration Hardware Floppy CD Rom USB Port Disk Operating system Web Server Config XML Library C Library Dev Platform Application Server Server Daemon Proprietary Software Database DataPower’s Hardware Network Appliance Server-based Software Appliance Config Config Config Config Config
11. What Kind of Value Can You Expect from the DataPower Appliances?
12. WebSphere DataPower Appliances… WebSphere DataPower Appliances provide a low startup cost , helping companies increase their ROI and reduce their TCO with specialized, consumable, dedicated appliances that combine superior performance and hardened security SIMPLIFY your connectivity infrastructure ACCELERATE your time to value SECURE your SOA, Web 2.0, B2B, and Cloud environments GOVERN your evolving IT architecture
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23. DataPower Business Value Assessment Example: German Automotive Customer WVE Target Utilization at 60% Note the reduction in number of servers, development/fix and change effort, and administration DataPower handling XML acceleration and message-level security
24. How is the XB62 Positioned with other IBM B2B Products?
25. View of B2B Solutions within IBM WebSphere TX for Integration & Industry packs Purpose-built B2B hardware for simplified deployment, exceptional performance and hardened security Universal Transformation for complex industry standards with accelerated time to value and reduced cost Sterling Integrator Consolidated B2B software based on the Sterling platform, for a broad range of requirements Business Partners Applications & Systems DataPower B2B Appliance XB62
29. EDIINT Flow: Simple AS2 transaction flow with Transform Application Browser Application EDI XML AS2 (EDI) AS2 (MDN) B2B Hub Partner B Partner A XB62 Note: This flow works the same for any AS protocol as well as for ebMS B2B messages. Data Store AS2 Process B2B Gateway Service Transaction Viewer 4 3a 3b 2 1 5
30. Web Services exchanged between Partners Partners agree to use WS to communicate B2B messages The Web Services bridging pattern is a common pattern for company’s that need to consume a B2B payload over Web Services but wish to pass all inbound B2B data as a canonical B2B messaging format into their B2B gateway service; typically this is due to a trading partner’s requirement to only exchange data with external partners using the Web Services protocol. In this scenario we have chosen to use the AS2 protocol as the canonical protocol of choice. The benefit of tying other DataPower services to the B2B Gateway Service is it provides you with the flexibility to utilize all of the integration functionality included in the device to connect to a wide variety of trading partners whom typically demand that you communicate in a manner that is convenient for them. Essentially, the other services on the B2B appliances can act as a pre or post process to the B2B Gateway Service giving you the extensibility needed to support the most demanding B2B transaction flows.
31. Web Services bridged to AS2 File Transfer Pattern WS Client Browser Flat B2B Hub Partner B Partner A XB62 Flat Note: A Multi-Protocol Gateway Service can also be used to support this flow as well as receiving and sending data over any of the 16 supported protocol handlers. When Services are tied together in front of or behind a B2B Gateway Service they are handled like pre and post processes. Web Service Process Web Service Proxy Transaction Viewer B2B Gateway Service AS2 Pre-Process SOAP Data Store 7 4 5 6 3 2 1
32.
33. MQ FTE Integration Pattern – Inbound File to Message Internet Browser (LOB User) XB60 Trading Partner XB62 Data Store Browser (Admin) Browser (Partner view) Server Data Store Enterprise MQFTE Network Queue Manager Queue Manager Queue Manager Queue Manager MQ Explorer DB Logger (DB2 or Oracle) B2B Gateway Service Transaction Viewer Profile Mgmt Source Agent Applications Target Agent 1 4 2a 3 6 5 2
37. Healthcare Applications Partner B Hospital Internet AS2 (HL7 V3) AS2/MDN Validate XML and Transform to any V.2.x format Browser Healthcare Applications HL7 V3 Partner A Regional Healthcare Center Any Transport HL7 V2.x Any Transport HL7 V3.x Health Level 7 Pattern with Transformation Browser B2B Hub AS2 Process B2B Appliance B2B Gateway Service Profiles Internal Profile Regional Center External Profile Hospital Transaction Viewer 5 4 3 2 1 6
38. XB60 Active/Passive High Availability Deployment Pattern Applications DMZ Trusted Domain Internet Partners Application Integration Middleware WebSphere DataPower XB60 B2B Viewer B2B Metadata Storage B2B Payload Storage File Server (SAN) Multi-Protocol Service (pollers) WebSphere DataPower XB60 B2B Viewer B2B Metadata Storage Primary System (Active) Secondary System (Passive) Real-time Data Synchronization Active/Passive Standby Control B2B Gateway Service Multi-Protocol Service (pollers) B2B Gateway Service Partners Partners Shared Virtual IP Address
39. Using AS2 for Health Care Claim Processing HIPAA 837/835 Transaction Flow
40. AS2/EDI-X12 Purchase Order / Advance Ship Notice / Invoice Data Flow with Transform to XML
The B2B Appliance is part of a bigger DataPower family of products, which consists of a Security Gateway appliance, an integration appliance which is also available in a Blade form factor, an Low Latency Messaging appliance and the new Edge appliance. In June we intend to release the new DataPower hardware 2U form factor, this new form factor will replace the 1U hardware form factor used for the XB60 and XI52 by the end of 2011. The XB60/XB62 is a supper set of the XI50/XI52 and XS40 in that it has all of the same functionality as the two models plus B2B functionality.
The XM70 is our low latency appliance that provides ….
Application Integration with standalone B2B Gateway capabilities supporting B2B patterns for EDIINT AS1/2/3 and Web Services Full featured User Interface for B2B configuration and transaction viewing; correlate documents and acknowledgments displaying all associated events Trading Partner Management for B2B Governance; B2B protocol policy enforcement, access control, message filtering, and data security
*** Fix paragraph spacing My Datapower clients may have seen this before. This is a slide I often draw for my clients to describe the most basic idea of an appliance. The packaging of this B2B solution in a physical box is often referred to as a hardware form factor. There are things you often see in integration middleware such as content based routing, conditional processing, support for many protocols like http, MQ, JMS, etc… Then there are things you can really appreciate about hardware devices such as routers. You see things like high throughput, ability to handle many connections, firewall rules. And perhaps the best thing is they are firmware based which means you have simple firmware uploads. In a nutshell, here is the magic combination that makes appliances work so well for B2B and SOA: If you take some characteristics of the stuff at the top (the highly flexible integration software … and some characteristics of the stuff at the bottom (hardware simplicity and high performance … And smoosh them together in a purple pizza box taking attractive characteristics from the hardware and software solutions. The software stacks tend to be very flexible for many integration tasks. But they also take a lot of care and feeding.
I’m going to paraphrase our next presenter here… The story - Oven Let’s imagine I own a restaurant I want to serve hot food to our customers But I am not an expert in the scientific process of creating heat from electricity or gas Luckily the marketplace offers this thing called an oven… how lucky for me I can put the food in the oven I turn a single knob to a certain temperature I set the timer and press start Some time later I have hot food, which makes my customers happy The story – B2B Appliance I am a supplier and I need to make my most important customer happy. They want to take advantage of the reduced costs of electronic trading. They have been after me to get this done for a while. Right now they FTP me some documents and sometimes even send me a fax. In the past we have had a lot of problems with these FTP documents getting lost, or showing up late, or showing up duplicated. I’m afraid that if I can’t start doing B2B at some point they will go with a lower cost supplier for some or all of their orders. So my goal is to be easier and cheaper to trade documents with. I am not an expert in B2B messaging protocols, or deploying software onto the public internet, or signing or encrypting messages, or secure logging of messages. But I know I’ll need to do these things because my customer has various B2B requirements related to security of credit cards, and customer data, and other bits of data that will be in these B2B messages. Lucky for me there is this thing called a B2B appliance that knows how to do those things. I can configure my partner profiles, my logging requirements, acknowledgement and security requirements The appliance will take care of my data and put it into the B2B messaging wrapper Come up with an example: When you use your oven you aren’t really interested in the scientific aspects of heat and convection Similarly, when you use want to use Digital Signatures you should have to be an expert on security-style programming to get your documents signed.
Purchasing Notes: There are several hardware options that require extra lead time for Build-to-Order systems: Hardware Security Module (HSM) FIPS 140-2 Level 3 and Level 2 XS40 + HSM : 9235-34X (that is, <Machine Type> - <Model>) XS40 + Hard Disk Drive (HDD) + HSM : 9235-3DX XI50 + HSM : 9235-44X XI50 + HDD + HSM : 9235-4DX XG4 Acceleration (better than XG3 standard acceleration) XI50 + XG4 : 9235-43X XI50 + HDD + XG4 : 9235-4CX XG4 and XSM XI50 + HSM + XG4 : 9235-45X XI50 + HDD + HSM + XG4 : 9235-4FX For clarity, the HDD option does not have extra lead time. Dual swappable power supplies: Separate power cords, designed for high availability Careful thermal design: Multiple fans & high air flow capacity Integrated failover: VRRP-like failover ensures systems defaults to redundant appliance without service interruption Works seamlessly with existing load balancers, firewalls, routers and other network infrastructure No spooled application messages on device: - Prevents stored message loss in the unlikely event of device failure Internal self-monitoring & self-healing features Extensive utilization monitoring & alerts (see Configuration & Logging)
Primarily, organizations are looking for the following value from a B2B integration provider: ● A single, cost-effective, easy-to-use package based on a powerful management-by-exception paradigm that reduces ongoing operational costs ● A B2B gateway that allows modular configuration and reusable building-block approaches, delivering large-scale, rapid onboarding of trading partners, low maintenance and strong return on investment (ROI) ● An architecture that delivers scalability for both small- and large-scale implementations, supporting mission-critical business processes with automated enablement and comprehensive event support, delivering extreme scalability for even the most demanding workloads, full extensibility and broad interoperability—validated in many small and large innovative deployments across the globe These critical needs arise from recent business and market dynamics such as supply chain integrations, mergers and acquisitions, or spin-offs. As departments increasingly consolidate trading partners into their processes, information exchange is exploding. Data transfer size and frequency are growing at a rapid pace. The need for B2B Integration is crucial for a multienterprise business process platform (ME-BPP). A B2B solution is a critical component of any IT portfolio that addresses a multienterprise integration strategy. Centralized and consolidated B2B trading partner and transaction management tools. Outsource non-core business functions to third parties for improved operational efficiency and reduced cost. Rapidly adjust product and service offerings to meet changing customer requirements. Access new customers and increase revenue opportunities with new routes to market for products and services.
There are three primary B2B Technologies in IBM: The WebSphere DataPower B2B Appliance XB62 is the only B2B appliance form factor at this time, is IBM strategic direction for B2B appliances and our intent is to expand its capabilities to better integrate to Sterling Software solutions over the next several releases. Sterling Integrator and the Collaboration Network is IBM’s strategic direction as a basis for our B2B Software and B2B “Software as a Service” solutions; our intent is to enhance Sterling technology with IBM technology over time where it makes the most sense to do so WebSphere Transformation Extender is IBM’s Leading solution for industry standards and any-to-any transformation; our intent is to continue to offer WTX and to enhance Sterling products to integrate with WTX.
Standalone Consolidated B2B Solutions Use XB60 when customers need B2B governance in the DMZ, Exceptional EDIINT data throughput or wish to bridge application integration and B2B in a single purposed appliance Use XB60 when customers want a standalone B2B appliance at network edge functioning as a light weight B2B solution – EDIINT routing with any payload and pass-thru delivery to partners or back-end Extensible Distributed B2B solutions Use the XB62 with WebSphere MQFTE when customers need to enable transfers across boundaries with their trading partners and need to support a wide range of B2B and non-B2B protocols with the ability to ensure data security and partner identity while the files traverse the Internet. Use the XB62 with WTX and Industry packs when customers demand B2B governance and high performance at the network edge and also needs full any-to-any data transformation and document processing Use the XB62 with WPS when customers demand B2B governance and high performance at the network edge and needs to support using information in the payload to trigger key business processes in their downstream systems Use the XB62 with Sterling when customers demand B2B governance and high performance at the network edge, need to provide a single secure network entry point for all business transactions and also needs the ability to process large volumes of EDI transactions.
File Name Here.ppt B2B Gateway Service The B2B Gateway uses profile management to ensure B2B Governance by enforcing Trading Partner Agreements, the processing of EDIINT Message formats and routing the payload to the appropriate internal systems and/or external trading partners. Profiles Rules are created in a multi-step processing policy in the receiving partner profile to provide dynamic destination routing and/or to manipulate the data as it flows through the B2B Gateway Service. For outbound data flows the payload data is parsed for the sender and receiver id’s and is wrapped in an AS2 envelope as defined in the external partner’s destination. For inbound data flows the AS2 envelope is processed, the partner profiles are located using the AS2 headers and the payload is routed to the internal partner’s destination. B2B Transaction Viewer The B2B Transaction Viewer is used to monitor the state of AS2 transaction data that was processed by the B2B Gateway Service. Administrators can view all transactions and partners can view only their own transactions; access is controlled using DataPower’s Role Based Management capabilities. Failed transactions can be resent from the B2B Viewer to external partners.
File Name Here.ppt In this example Partner A sends an EDI file into their B2B Hub (1) which wraps the file in an AS2 envelope and sends it to Partner B (2), Partner B’s B2B Gateway Services in the XB60 transforms the EDI file to XML (3a) and sends it to the backend application over any XB60 supported protocol (3b), after the transaction has been successfully received by the back-end, Partner B’s B2B Gateway Service generates and sends an MDN back to partner A. Optionally, the Admin user can view the state of the transaction in the B2B viewer (5).
File Name Here.ppt Web Service Proxy The Web Service Proxy provides the ability to use a WSDL to define a service we want to use to receive files from our trading partner A processing policy is used in this Web Services Proxy to take the payload and wrap it in a minimal AS2 header with appropriate AS ID’s for integration into the B2B Gateway Service B2B Gateway Service The B2B Gateway consumes the AS2 message passed from the Web Service Proxy and processes the AS2 (Note MDN’s are not used between services). After it processes the AS2 envelope the file is routed to an internal system. Optionally, you could use a processing policy in the internal profile to validate/transform or look at content for dynamic destination routing Profiles Rules are created in a multi-step processing policy in the receiving partner profile. For outbound, the files passed into the B2B Gateway are parsed for sender and receiver information, the processing policy in the receiving profile is used to wrap the file in SOAP and pass it to the Web Service Proxy For inbound data flows the B2B Gateway Service gets partner information from the AS2 headers that were added by the Web Service Proxy B2B Transaction Viewer The B2B Transaction Viewer is used to monitor the state of AS2 transaction data that was processed by the B2B Gateway Service. Administrators can view all transactions and partners can view only their own transactions; access is controlled using DataPower’s Role Based Management capabilities. Failed transactions can be resent from the B2B Viewer to external partners.
File Name Here.ppt A flat file is passed from Partner A’s back-end application into a process that wraps the file in a SOAP envelope as defined in the WSDL. Partner A sends the SOAP message to Partner B over HTTP or HTTPS. Partner B unwraps the SOAP envelop based on information defined in the WSDL using a Web Service Proxy service Partner B wraps the flat file payload in a minimal AS2 header using a processing policy within the Web Service Proxy service and routes the AS2 message into a B2B Gateway Service over HTTP or HTTPS Partner B’s B2B Gateway service unwraps the AS2 message and sends the flat file to Partner B’s back-end application using any protocol supported by the B2B appliance. Optionally, if a Web Services response indicating the message was required by the sender this can be generated in the processing policy and sent after the file has been routed to the application. If the response is generated from the back-end Web Service application this could be passed back into the policy and sent to the partner. The user can view the state of the transactions using the B2B Transaction Viewer.
File Name Here.ppt B2B Gateway Service This method of integration allows us to receive files in the B2B Gateway Service and natively integrate with MQ File Transfer Edition using new protocol handlers. Profiles For this inbound data flow a file is sent into the XB62 over an of the supported front-side protocols, if using and AS standard or ebMS the message envelope and acknowledgment is processed. Partner profiles are identified and checked against the configuration if partner information cannot be extracted from the payload it must be set in the Binary Routing Processing Policy for the B2B Gateway service. Optionally, an processing policy in the receiving profile can be used to send or set MQ FTE metadata using RFH2 headers. B2B Transaction Viewer The B2B Transaction Viewer is used to monitor the state of any transaction data that was processed by the B2B Gateway Service. Administrators can view all transactions and partners can view only their own transactions; access is controlled using DataPower’s Role Based Management capabilities. Failed transactions can be resent from the B2B Viewer to external partners. Additional functionality exist in the viewer to allow they user to view the integration ID that ties the MQ FTE transactions to the XB62 transaction; when this ID is clicked on it will query the MQ FTE logging database and return all of the MQ FTE metadata associated with the transaction. New B2B Viewer capabilities provide support for improved end-to-end visibility and correlation of transactions that flow through both the B2B Gateway and MQ File Transfer Edition
File Name Here.ppt 1: Trading Partner sends a file into the B2B Gateway service over any support protocol. The B2B GW uses profile management to identify the partner and process any messaging envelopes that may exist (Security, compression, acknowledgements, etc. - depends on standard used). 2: The B2B Gateway routes the file to a MQ Queue that is shared with an MQ FTE Agent. 2a: Optionally, a processing policy may be used in the B2B Gateway to set RFH2 headers and or trigger the MQ FTE file transfer. 3: The B2B Gateway recognizes the responses from MQ and if a B2B Messaging protocol (AS1, AS2, AS3, etc.) was used it will generate a message disposition notification and send it to the trading partner. 4: The Source Agent moves the file to the Target Agent based on either XML command file instructions or if the Agent was set to poll the shared MQ Queue. 5: The Target Agent moves the file off of the MQ Queue to the file system destination. 6: The back-end application uses the file to complete the flow. NOTE: you may be using adapters on IBM SOA products to integrate to apps like SAP, this is not depicted in this picture.
File Name Here.ppt B2B Gateway Service The B2B Gateway uses Collaboration Protocol Profiles to enforce Collaboration Protocol Agreements (CPA), the processing of B2B Message formats and routing the payload to the appropriate internal systems and/or external trading partners. Profiles CPAs contain the details necessary to perform protocol and data mediation between internal and external partners (including destinations and security requirements). CPAs can be imported into appliance using configuration management interfaces; such as WebGUI, CLI, or SOMA (appliance configuration web service). The B2B appliance provides a CPA Import utility that maps the public side definitions of internal party in the CPA file to B2B Gateway structures, save the certificates defined in the CPA file in the file system, and automatically configures the Gateway with CPA entries, two Partner Profiles, front-side protocol handler(s), and crypto objects . All private objects that could not be stored in a CPA need to be configured manually (Private Keys, internal integration points, etc.) B2B Transaction Viewer The B2B Transaction Viewer is used to monitor the state of ebMS transaction data that was processed by the B2B Gateway Service. Administrators can view all transactions and partners can view only their own transactions; access is controlled using DataPower’s Role Based Management capabilities. Failed transactions can be resent from the B2B Viewer to external partners. Under the ebMS specific view, admin can examine the CPA details of a transaction by looking at the CPA Info fly-out of the B2B Transaction Viewer.
File Name Here.ppt Think of the analogy of WSDL - SOAP over HTTP - WebServices for CPPA - ebMS - ebXML relations -- but wider in CPPA. WSDL describes Web Services and how to access the services; SOAP over HTTP is used to invoke the Web Services. CPA (and ebBP) describes the agreed of business collaborations and the technical capabilities how two trading partners do e-business; ebMS, which is protocol-independent, is used to invoke the business services. An external partner sends an ebMS message into the B2B Gateway service over http or https. The B2B GW uses profile management in combination with CPA entries associated with the B2B Gateway service to identify the ebXML collaboration and process the ebMS message. The B2B Gateway routes the ebxml payload to the back-end applications. After the ebXML payload is successfully transferred to the back-end the B2B Gateway Service generates an ebms ack (signal) message and sends it to the external trading partner. The user can view the state of the transactions using the B2B Transaction Viewer.
File Name Here.ppt B2B Gateway Service The B2B Gateway uses profile management to ensure B2B Governance by enforcing Trading Partner Agreements, the processing of B2B Message formats and routing the payload to the appropriate internal systems and/or external trading partners. Profiles Rules are created in a multi-step processing policy in the receiving partner profile. For outbound data flows the processing policy in the external profile is used to determine if the HL7 documents are version 2 or version 3, if the documents are version 2 (EDI) they are transformed to version 3 (XML) using a map created in WebSphere Transformation Extender Design Studio (The HL7 WTX industry pack can be used as a basis for map development), if the documents are version 3 they will be passed through without modification and routed to the external partner using AS2 to provide B2B security and governance. For inbound data flows the AS2 messages is processed and the processing policy in the internal profile is used to validate the HL7 version 3 (XML) document and transform it to a format that the receiving healthcare application can understand. B2B Transaction Viewer The B2B Transaction Viewer is used to monitor the state of HL7 transaction data that was processed by the B2B Gateway Service. Administrators can view all transactions and partners can view only their own transactions; access is controlled using DataPower’s Role Based Management capabilities. Failed transactions can be resent from the B2B Viewer to external partners.
HL7 v2.x data does not adhere to the EDI X12 spec when it comes to segments and thus it has no ISA segment, but rather a MSH segment. Since we don't natively parse the MSH segment in a B2B Gateway and since the elements used to identify sender and receiver are optional, HL7 data must be handled as binary data when passing it into a B2B Gateway for outbound processing. Partner A sends an HL7 v3.0 XML file wrapped in an AS2 envelope into Partner B’s B2B Gateway service over http or https. The B2B Gateway service uses profile management to identify the sender and receiver partner profiles and routes the HL7 XML file into a processing policy in the internal partner profile. The B2B Gateway service validates the HL7 XML payload against its schema and transforms the file into an HL7 EDI file using the processing policy. The B2B Gateway service transfer the HL7 EDI file to the back-end healthcare applications using any B2B appliance supported protocol. After the HL7 payload is successfully transferred to the back-end the B2B Gateway Service generates an AS2 message disposition notification (MDN) and sends it to Partner A. The user can view the state of the transactions using the B2B Transaction Viewer.
XB60 Active/Passive High Availability Deployment Pattern Configuration: Standby Control must be configured on the Ethernet adapter being used for data transfer with both the primary and secondary device. Both devices in the standby group need to be set to a priority of 100. This will create a Virtual IP Address that is shared between the two devices in the Standby Group. The Primary device receives data over the VIP, if a failure condition arises the Secondary device takes over the VIP and starts to receive data. B2B Payload Data for each B2B Gateway must be stored off device to a shared directory (options for NFS or ISCSI). The storage system can be placed either in the DMZ or protected zone depending on your security requirements. If deployed in the protected zone it is recommended to isolate one of the Ethernet Controllers to the connection and open the appropriate ports through the inner firewall. Pollers must not be configured in the B2B Gateway; they should be configured in a Multi-Protocol Gateway that outputs to the VIP Address and port number of a HTTP front-side handler in B2B Gateway Service. This ensures that the metadata store does not receive active data from pollers. The B2B Gateways and Multi-Protocol Gateways (used for pollers) must be configured identical on both the primary and the secondary systems. The B2B metadata store must be configured as primary on the active device and secondary on the passive device.
are typically cost prohibitive
This book is the single most critical resource, available on amazon, barnes & noble, etc. all this shows our commitment to appliances and maturity, competitors don’t have this stuff