SlideShare uma empresa Scribd logo

Intorduction to Datapower

Shilpin Pvt. Ltd.
Shilpin Pvt. Ltd.
Tecnologia
1 de 32
Baixar para ler offline
DataPower Introduction
DataPower SOA Appliance An SOA Appliance… creates customer value through extreme SOA performance, connectivity, and security.  Simplifies SOA and accelerates time to value  Helps secure SOA XML implementations  Governs and enforces SOA/Web Services policies DataPower SOA Appliances redefine the boundaries of middleware extending the SOA Foundation with specialized, consumable, and dedicated SOA Appliances that simplify and combine superior performance, hardened security, and integration for SOA implementations. 2
Why an Appliance for SOA?  Hardened, specialized hardware for helping to integrate, secure & accelerate SOA  Many functions in a single device  Service level management, dynamic routing, policy enforcement, transformation  Higher levels of security assurance certification  FIPS 140-2 Level 3, Common Criteria EAL4  Higher performance with hardware acceleration facilitates security enforcement • Addresses the divergent needs of different groups – Enterprise architects, network operations, security operations, web services developers • Simplified deployment and ongoing management – Drop-in appliance, secures traffic in minutes, integrates with existing operations 3
What is DataPower ? • • • • Provides the flexibility of software in a hardware footprint Is quick to deploy – configuration NOT coding or programming Typically takes days to integrate NOT weeks or months Is a 1U 19” Rack Mounted appliance – • • Looks like a router Has minimal components and has no stack of software. Consequently DataPower is highly secure As attack points are minimised – – DataPower is undergoing accreditation to Common Criteria EAL4 This is globally recognised check by an impartial third party that warrants the security claims made by IBM 4
What Does DataPower Address ? • • XML is the language of Web Services and SOA XML is pervasive – in a matter of years, it will fuel every application, device, and document found in enterprise networks • XML challenges – XML is very ‘Verbose’ • XML is bandwidth intensive • Has a direct impact on Application Server performance • XML processing requires significant processor cycles and memory resources – XML is effectively ‘Human readable’ Text • It has no native security mechanisms • It is readily understood and vulnerable to interception • Security can be implemented on the application server but this is additional XML processing and adds to the performance problem – SOA is not just Web Services and XML • Customers need to integrate existing legacy systems, messaging formats and protocols into the SOA architecture. • The ability to ‘transform’ legacy systems into the XML format is needed. 5
What Does DataPower Address ? • XML Performance – How ? – by offloading XML processing from the Application Server to DataPower in optimised hardware – Thereby greatly reducing the required number of Application Servers • XML Security – How ? – by offloading XML security to DataPower – Provide standards based security – WS Security • Integrating XML and legacy systems – How ? – by using DataPower to transform XML to legacy message formats and protocols e.g • XML < > Cobol Copybook (brings a Mainframe into SOA Architecture) • XML > HMTL (renders HTML content to Portal very rapidly) • XML < > MQ Messaging All of this is done at WIRESPEED 6
WebSphere DataPower SOA Appliance Product Line XM70  XB60 High volume, low latency messaging Enhanced QoS and performance Simplified, configuration-driven approach to LLM Publish/subscribe messaging High Availability          B2B Messaging (AS2/AS3) Trading Partner Profile Management B2B Transaction Viewer Unparalleled performance Simplified management and configuration XA35 – – – Offload XML processing No more hand-optimizing XML Lowers development costs XS40     Enhanced Security Capabilities Centralized Policy Enforcement Fine-grained authorization Rich authentication XI50     Hardware ESB “Any-to-Any” conversion at wire-speed Bridges multiple protocols Integrated message-level security 7
WebSphere DataPower Basic Use Cases Internet DMZ Trusted Domain Application Consumer 1 B2B Gateway 3 Low Latency Gateway Application 2 Secure Gateway (Web Services, Web Applications) Consumer 4 Internal Security 5 Enterprise Service Bus 6 Web Service Management 7 Legacy Integration 8 XML Acceleration System z 8
XML Accelerator XA35 Purpose-built hardware for presentation-tier transformation • “The Original” DataPower XML Appliance • Defines high performance architecture for all DataPower SOA Appliances • Processes XML operations at “wire-speed” • Ideal in an XSL-intensive HTTP presentation tier • XML Pipeline processing accelerates XML/XSLT/XPath evaluation, increasing throughput and decreasing latency by offloading XML operations to the network • Innovative drag-and-drop policy editor accelerates time to value and simplifies configuration and deployment • Logical application domains allow individual “sandboxes” and facilitate configuration management through import/export features • Multiple management interfaces serve varying needs of an organization, including browser-based WebGUI, command line CLI, and scriptable Web Services 9
XML Security Gateway XS40 Purpose-built hardware for assuring confidentiality, authenticity, and nonrepudiation • Native support for WS-Security policy enforcement • Extremely secure hardware design • Integrate with a variety of authentication and authorization systems for real-time protection • Ideal in front-line DMZ or internal security gateway • XML/SOAP Firewall capabilities enable Layer 7 filtering on any content, metadata or network variable in a message • Web Application Firewall service offers additional security, threat mediation, and content processing for other URL encoded HTTP-based applications • Easily configurable field-level security options allow flexible enforcement of confidentiality, authenticity, and non-repudiation requirements • Low latency architecture leverages hardware-acceleration for cryptographic operations 10
Hardware Device for Improved Security • Sealed network-resident appliance – Optimized hardware, firmware, embedded OS – Single signed/encrypted firmware upgrade only – No arbitrary software – High assurance, “default off” locked-down configuration – Security vulnerabilities minimized (few 3 party components) – Hardware storage of encryption keys, locked audit log – No USB ports, tamper-proof case • Third party certification – FIPS 140-2 level 3 HSM (option) – Common Criteria EAL4 “The DataPower [XS40]... is the most hardened ... it looks and feels like a datacenter appliance, with no extra ports or buttons exposed… " - InfoWorld 11
XML security threats are growing DataPower provides hardened real-time protection • • • • • • • • • • • • • • XML Entity Expansion and Recursion Attacks XML Document Size Attacks XML Document Width Attacks XML Document Depth Attacks XML Wellformedness-based Parser Attacks Jumbo Payloads Recursive Elements MegaTags – aka Jumbo Tag Names Public Key DoS XML Flood Resource Hijack Dictionary Attack Message Tampering Data Tampering • • • • • • • • • • • • • • Message Snooping XPath Injection SQL injection WSDL Enumeration Routing Detour Schema Poisoning Malicious Morphing Malicious Include – also called XML External Entity (XXE) Attack Memory Space Breach XML Encapsulation XML Virus Falsified Message Replay Attack …others 12
Gartner: Web Services Security Best Practices  Provide System Security  Inspect ALL traffic  Transform all messages  Mask internal resources  Implement XML filtering  Secure logging  Protect against XML DoS  Require good authentication mechanisms  Provide Message Security  Sign all messages  Validate messages (Inbound+Outbound)  Time-stamp all messages  Ask for Compatibility  SSL MA, SAML, x.509.  WS-Security  WS-* extensions • • • Build Expertise/Design From Strength Educate Business Leaders Build Centralized Infrastructure – – – – • • • SSL is key Use management/security platforms Manage your identities You may need PKI Trust (Really) Your Partners Use OTS Web Services with Caution Monitor and Control “Therefore, enterprises should investigate tools such as security gateways, SSL concentrators and accelerators, and wire-speed SOAP/XML inspection hardware.” -- John Pescatore, Gartner 13
Access Control Integration Framework (AAA) Transport Headers URL SOAP Method XPath Input Message Extract Resource WS-Security SAML X.509 Kerberos Proprietary Tokens Extract Identity LDAP ActiveDirectory SAML Tivoli CA eTrust/Netegrity RSA Entrust Novell RACF Authenticate Map Resource LDAP ActiveDirectory SAML Tivoli CA eTrust/Netegrity RSA Entrust Novell Proprietary Authorize SAML Assertion Credential Mediation IDS Integration Monitoring Audit & Accounting Output Message Authenticate, Authorize, Audit Map Credentials External Access Control Server or Onboard Identity Management Store 14
Web Application Firewall • • • • • • • URL-encoded HTTP application protection in addition to XML Web Services firewall security Protection for static or dynamic HTMLbased applications Supports browser-based clients and HTTP/HTTPS backend servers Wizard-driven configuration Cross-site scripting and SQL Injection protection AAA framework support for web applications General name-value criteria boundary profiles for: – Query string and form parameters  HTML Input Conversion Maps for form processing and handling  Cookie watermarking (sign and/or encrypt)  Rate limiting and traffic throttling/shaping  HTTP header stripping, injection and rewriting  HTTP protocol and method filtering  Content-type filtering  Dynamic routing and load balancing  Session handling policies  SSL Acceleration & Termination (Link)  XML and non-XML processing policies  Customizable error handling – HTTP headers – Cookies 15
Integration Appliance XI50 Purpose-built hardware for Enterprise Service Bus functionality • Web Service virtualization for legacy applications • Enforce high levels of security independent of protocol or payload format • Integrate with enterprise monitoring systems • Service level management options to shape traffic ! Advanced protocol-bridging seamlessly supports a wide array of transports, including HTTP, WebSphere MQ, WebSphere JMS, Tibco EMS, FTP, NFS Any-to-any “DataGlue” engine supports XML and Non-XML (Binary) payloads, promoting asset reuse and enabling integration without coding Direct database access enables message-enrichment and data-as-aservice messaging patterns (DB2, Oracle, MS-SQL, Sybase) High performance architecture creates low-cost, easily-scalable ESB solution for Smart SOA needs 16
The ESB Cost Explosion - background A significant and growing problem with bus installations around the world. In medium to large organizations running significant transaction volumes, the footprint of their ESB becomes very large and expensive, very quickly. Business Partners Internet Access Wireless Access Intranet Portal ESB Internet Portal Wireless Portal DMZ Midrange System Z Internal Trusted Networks DB2 Unix IMS w2k Logging Monitoring / Management SCM Directory / IDM CRM 17
The ESB Cost Explosion – Root causes 1. The resource requirements of today’s services (mostly XML-based) – Software mediation solutions written on general-purpose platforms require shocking amounts of CPU and memory to process messages and perform the basic bus functions: • Message Parsing and Interpretation • Message Transformation • Message Routing 2. The minimal headroom purchased because of HA requirements. – Companies quickly use up extra capacity purchased initially in order to maintain high availability for this critical part of their network. Nevertheless the problem is often still hidden by the HA deployment initially Companies are often taken by surprise by how quickly they “hit the wall” – – It doesn’t take much! • • At somewhere between 20-60 TPS the infrastructure needs to be at least doubled. you don’t have to be a F500 company to get hit 18
The ESB Cost Explosion - Solution The DataPower module, deployed in an Architected ESB Federation pattern, is designed to bring the “commodity” work of an ESB to the network layer. SOA Network Infrastructure History tells us that selecting universal, repetitive functions and moving them to purpose-built appliances reduces solution costs, both in terms of increased performance / reduced processing costs, and reduced complexity of deployment (network devices are configured, not coded). 19
Processing rule actions for ESB Programmer-friendly functions within the purely-configuration message flow. WAIT 20
Processing rule actions for ESB Fan-out (Fan-in) FTP Notification Fire and Forget HTTP JMS HTTP Composition JMS MQ 21
Content-based Routing Select destination based on transaction metadata • Dynamically determine route from transaction context and/or message content – Analyze originating URL, protocol headers, transaction attributes, etc. – Analyze legacy or XML content • Leverage a routing table for real-time decisions – Quickly deploy routing changes, including protocol conversions • Retrieve routing information from other systems – E.g., databases, web servers, file servers, etc. Unclassified Requests Service Providers 22
Protocol Mediation Independently bridge inbound and outbound protocols  First-class support for message and transport protocol bridging  Protocol mediation with simple configuration: – HTTP  MQ  WebSphere JMS  FTP  Tibco EMS  Request-response and sync-async matching  Configurable for fully guaranteed, once-and-only-once delivery WebSphere JMS http(s) 3rd Party Messaging WebSphere MQ Database FTP(s) sFTP DB2, SQL Server, Oracle, Sybase, IMS NFS 24
Web Services Management Service Level Management protects application resources • • Defined as action in the policy pipeline Configure policies based on: – Any parameter: WSDL; Service Endpoint; Operation; Credential – Request; Response; Fault; XPath • • Enforce same thresholds across a pool of devices Configure service level to trigger action: – Notify (Alert) – Shape (Slow Down) – Throttle (Reject) • • • Supports WSDM and other Web services management standards Allows subscription to SLM for alerts, logging, etc. Notify other applications such as billing, audit, etc. 25
System z Integration • Broad integration with System z • Connect to existing applications over WebSphere MQ • Transform XML to/from COBOL Copybook for legacy needs • Natively communicate with IMS Connect • Integrate with RACF security from DataPower AAA • Service enable CICS using WebSphere MQ • Virtualize CICS Web Services 27
Business to Business (B2B) Appliance XB60 Purpose-built B2B hardware for simplified deployment, exceptional performance and hardened security • Extend integration beyond the enterprise with B2B • Hardened Security for DMZ deployments • Easily manage and connect to trading partners using industry standards • Simplified deployment and ongoing management • Trading Partner Management for B2B Governance; B2B protocol policy enforcement, access control, message filtering, and data security • Application Integration with standalone B2B Gateway capabilities supporting B2B patterns for AS2, AS3 and Web Services • Full featured User Interface for B2B configuration and transaction viewing; correlate documents and acknowledgments displaying all associated events • Simplified deployment, configuration and management providing a quicker time to value by establishing rapid connectivity to trading partners 28
DataPower B2B Appliance XB60 - B2B Components The DataPower B2B Appliance extends your ESB beyond the enterprise by supporting the following B2B functionality: • • B2B Gateway Service – AS2 and AS3 packaging/unpackaging – EDI, XML and Binary Payload routing – Front Side Protocol Handlers – Trading Partner Profile Management • Multiple Destinations (Back Side Protocol Handlers) • Certificate Management (Security) – Hard Drive Archive/Purge policy B2B Viewer – B2B transaction viewing – Transaction resend capabilities – Acknowledgement correlation – Transaction event correlation – Role based access • Transaction Store – B2B metadata storage – B2B state management B2B Gateway Service Internal Partner Destinations Front Side Handlers for Integration Transaction Store Front Side Handlers for Partner Connections External Partner Destinations Persistent Storage Persistent Storage – Encrypted with a box specific key – B2B document storage • DataPower B2B XB60 B2B Viewer 29
Low-Latency Appliance XM70 Purpose-built hardware for low-latency, network-based messaging and data feed processing • Drop-in messaging solution which plugs into existing network infrastructure • Enhanced QoS and performance with purpose-built hardware • Simplified, configuration-driven approach to low-latency, publish/subscribe messaging and content-based routing • High availability out of the box (two or more appliances) • Low-latency unicast and multicast messaging, scaling to 1M messages / sec with microsecond latency • Destination, property and content-based routing, including native XML and FIX parsers • Optimized to bridge between leading standard messaging protocols such as MQ, Tibco, WebSphere JMS and HTTP(S) • Simplified deployment, configuration and management providing a quicker time to value by rapidly configuring messaging destinations, connectivity and routing 30
Configuration & Administration Fits into existing environments  Multiple administration consoles     IDE integration      Eclipse/Rational Application Developer Altova XML Spy WAS 7 Admin Console for Multi-box Management Easy export/import for configuration promotion Standard operational interfaces   WebGUI – 100% availability of functions in all consoles CLI – Familiar to network operators SOAP interface – Programmatic access to all config for easy scripting SNMP XI50 SNMP, syslog, etc. Industry leading integration support across IBM and 3rd party application, security, identity management, and networking infrastructure 31
IBM SOA Appliance Deployment Summary Web Tier XML HTML WML Client or Server XML XSL XA35 Application Server Web Server Internet Security Tivoli NetView Tivoli NetView Tivoli Access Manager Tivoli Access Manager Tivoli Access Manager -----------Federated Identity Manager XS40 Internet WebSphere App Server WebSphere App Server IP Firewall Application Server DataPower XS40 DataPower XS40 Integration & Management Tiers  LEGACY REQ Nortel L7 Module Nortel L7 Module DataPower XS40 DataPower XS40  HTTP XML REQ MQ Server MQ Server LEGACY RESP  XI50 HTTP XML RESPONSE  ITCAM for SOA Web service Web service client client Tivoli NetView Web Services Client Tivoli Access Manager 32 WebSphere App Server DataPower XS40
IBM SOA Appliance Deployment continued Business to Business (B2B) DMZ AS2 Message FW XML/EDI/Binary Internet XB60 FW FW AS2 MDN Trading Partners AS2, AS3, HTTP, FTP, Web Services, MQ Receiver WSRR ITCAM for SOA Tivoli NetView Trading Manger for EDI Processing Application Server Tivoli Access Manager WebSphere App Server Low Latency Messaging (LLM) Receiver DataPower XS40 RUM (unicast) Nortel L7 Module DataPower XS40 Transmitter MQ Server RMM XM70 RUM Receiver (multicast) Web service client Transmitter MQ/TIBCO 33
Summary – IBM Specialized Hardware for Smart SOA Connectivity • • • • • • Hardened, specialized product for helping integrate, secure & accelerate SOA Many functions integrated into a single device Broad integration with both non-IBM and IBM software Higher levels of security assurance certifications require hardware Higher performance with hardware acceleration Simplified deployment and ongoing management www.ibm.com/software/integration/datapower SOA Appliances: Creating customer value through extreme SOA performance, connectivity, and security  Simplifies SOA and accelerates time to value  Helps secure SOA XML implementations  Governs and enforces SOA/Web Services policies 34

Recomendados

Data power use cases
Data power use casesData power use cases
Data power use cases
sflynn073
 
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use CasesIBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway
 
Data Power Architectural Patterns - Jagadish Vemugunta
Data Power Architectural Patterns - Jagadish VemuguntaData Power Architectural Patterns - Jagadish Vemugunta
Data Power Architectural Patterns - Jagadish Vemugunta
floridawusergroup
 
WebSphere DataPower B2B Appliance overview
WebSphere DataPower B2B Appliance overviewWebSphere DataPower B2B Appliance overview
WebSphere DataPower B2B Appliance overview
Sarah Duffy
 
IBM DataPower Gateways - What's new in 2016 v7.5.2
IBM DataPower Gateways - What's new in 2016 v7.5.2IBM DataPower Gateways - What's new in 2016 v7.5.2
IBM DataPower Gateways - What's new in 2016 v7.5.2
IBM DataPower Gateway
 
How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)
Shiu-Fun Poon
 
Fleet and elastic agent
Fleet and elastic agentFleet and elastic agent
Fleet and elastic agent
Ismaeel Enjreny
 
001 introduction Fortigate Administration Introduction
001 introduction Fortigate Administration Introduction001 introduction Fortigate Administration Introduction
001 introduction Fortigate Administration Introduction
Mohamed Sana
 

Recomendados

Data power use cases
Data power use casesData power use cases
Data power use cases
sflynn073
 
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use CasesIBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway
 
Data Power Architectural Patterns - Jagadish Vemugunta
Data Power Architectural Patterns - Jagadish VemuguntaData Power Architectural Patterns - Jagadish Vemugunta
Data Power Architectural Patterns - Jagadish Vemugunta
floridawusergroup
 
WebSphere DataPower B2B Appliance overview
WebSphere DataPower B2B Appliance overviewWebSphere DataPower B2B Appliance overview
WebSphere DataPower B2B Appliance overview
Sarah Duffy
 
IBM DataPower Gateways - What's new in 2016 v7.5.2
IBM DataPower Gateways - What's new in 2016 v7.5.2IBM DataPower Gateways - What's new in 2016 v7.5.2
IBM DataPower Gateways - What's new in 2016 v7.5.2
IBM DataPower Gateway
 
How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)
Shiu-Fun Poon
 
Fleet and elastic agent
Fleet and elastic agentFleet and elastic agent
Fleet and elastic agent
Ismaeel Enjreny
 
001 introduction Fortigate Administration Introduction
001 introduction Fortigate Administration Introduction001 introduction Fortigate Administration Introduction
001 introduction Fortigate Administration Introduction
Mohamed Sana
 
What's New in API Connect & DataPower Gateway in 1H 2018
What's New in API Connect & DataPower Gateway in 1H 2018What's New in API Connect & DataPower Gateway in 1H 2018
What's New in API Connect & DataPower Gateway in 1H 2018
IBM API Connect
 
What's new in API Connect and DataPower - 2019
What's new in API Connect and DataPower - 2019What's new in API Connect and DataPower - 2019
What's new in API Connect and DataPower - 2019
IBM DataPower Gateway
 
DataPower API Gateway Performance Benchmarks
DataPower API Gateway Performance BenchmarksDataPower API Gateway Performance Benchmarks
DataPower API Gateway Performance Benchmarks
IBM DataPower Gateway
 
2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management
2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management
2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management
Rui Santos
 
An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSX
Scott Lowe
 
414: Build an agile CI/CD Pipeline for application integration
414: Build an agile CI/CD Pipeline for application integration414: Build an agile CI/CD Pipeline for application integration
414: Build an agile CI/CD Pipeline for application integration
Trevor Dolby
 
Webinar: Simplifying the Enterprise Hybrid Cloud with Azure Stack HCI
Webinar: Simplifying the Enterprise Hybrid Cloud with Azure Stack HCIWebinar: Simplifying the Enterprise Hybrid Cloud with Azure Stack HCI
Webinar: Simplifying the Enterprise Hybrid Cloud with Azure Stack HCI
Storage Switzerland
 
IBM DataPower Gateway appliances feature & virtual edition comparison
IBM DataPower Gateway appliances feature & virtual edition comparisonIBM DataPower Gateway appliances feature & virtual edition comparison
IBM DataPower Gateway appliances feature & virtual edition comparison
IBM DataPower Gateway
 
oVirt Introduction
oVirt IntroductionoVirt Introduction
oVirt Introduction
Roozbeh Shafiee
 
VMware NSX 101: What, Why & How
VMware NSX 101: What, Why & HowVMware NSX 101: What, Why & How
VMware NSX 101: What, Why & How
Aniekan Akpaffiong
 
Best new features in windows server 2016
Best new features in windows server 2016Best new features in windows server 2016
Best new features in windows server 2016
Tuan Yang
 
Azure Virtual Desktop Overview.pptx
Azure Virtual Desktop Overview.pptxAzure Virtual Desktop Overview.pptx
Azure Virtual Desktop Overview.pptx
ceyhan1
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 Presentation
NCS Computech Ltd.
 
AWS re:Invent 2016: Offload Security Heavy-lifting to the AWS Edge (CTD204)
AWS re:Invent 2016: Offload Security Heavy-lifting to the AWS Edge (CTD204)AWS re:Invent 2016: Offload Security Heavy-lifting to the AWS Edge (CTD204)
AWS re:Invent 2016: Offload Security Heavy-lifting to the AWS Edge (CTD204)
Amazon Web Services
 
Integration Monday - Logic App Patterns
Integration Monday - Logic App PatternsIntegration Monday - Logic App Patterns
Integration Monday - Logic App Patterns
BizTalk360
 
The Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
The Fundamentals of Networking in AWS: VPC and Connectivity Options - BusinessThe Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
The Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
Amazon Web Services
 
The evolving story for Agile Integration Architecture in 2019
The evolving story for Agile Integration Architecture in 2019The evolving story for Agile Integration Architecture in 2019
The evolving story for Agile Integration Architecture in 2019
Kim Clark
 
WebSphere App Server vs JBoss vs WebLogic vs Tomcat
WebSphere App Server vs JBoss vs WebLogic vs TomcatWebSphere App Server vs JBoss vs WebLogic vs Tomcat
WebSphere App Server vs JBoss vs WebLogic vs Tomcat
WASdev Community
 
IoT & Azure (EventHub)
IoT & Azure (EventHub)IoT & Azure (EventHub)
IoT & Azure (EventHub)
Mirco Vanini
 
Introduction to soa suite 12c in 20 slides
Introduction to soa suite 12c in 20 slidesIntroduction to soa suite 12c in 20 slides
Introduction to soa suite 12c in 20 slides
Vincenzo Capozzoli
 
Web Api services using IBM Datapower
Web Api services using IBM DatapowerWeb Api services using IBM Datapower
Web Api services using IBM Datapower
Sigortam.net
 
Datapower Steven Cawn
Datapower Steven CawnDatapower Steven Cawn
Datapower Steven Cawn
Valeri Illescas
 

Mais conteúdo relacionado

Mais procurados

Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 Presentation
NCS Computech Ltd.
 

Mais procurados (20)

What's New in API Connect & DataPower Gateway in 1H 2018
What's New in API Connect & DataPower Gateway in 1H 2018What's New in API Connect & DataPower Gateway in 1H 2018
What's New in API Connect & DataPower Gateway in 1H 2018
 
What's new in API Connect and DataPower - 2019
What's new in API Connect and DataPower - 2019What's new in API Connect and DataPower - 2019
What's new in API Connect and DataPower - 2019
 
DataPower API Gateway Performance Benchmarks
DataPower API Gateway Performance BenchmarksDataPower API Gateway Performance Benchmarks
DataPower API Gateway Performance Benchmarks
 
2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management
2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management
2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management
 
An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSX
 
414: Build an agile CI/CD Pipeline for application integration
414: Build an agile CI/CD Pipeline for application integration414: Build an agile CI/CD Pipeline for application integration
414: Build an agile CI/CD Pipeline for application integration
 
Webinar: Simplifying the Enterprise Hybrid Cloud with Azure Stack HCI
Webinar: Simplifying the Enterprise Hybrid Cloud with Azure Stack HCIWebinar: Simplifying the Enterprise Hybrid Cloud with Azure Stack HCI
Webinar: Simplifying the Enterprise Hybrid Cloud with Azure Stack HCI
 
IBM DataPower Gateway appliances feature & virtual edition comparison
IBM DataPower Gateway appliances feature & virtual edition comparisonIBM DataPower Gateway appliances feature & virtual edition comparison
IBM DataPower Gateway appliances feature & virtual edition comparison
 
oVirt Introduction
oVirt IntroductionoVirt Introduction
oVirt Introduction
 
VMware NSX 101: What, Why & How
VMware NSX 101: What, Why & HowVMware NSX 101: What, Why & How
VMware NSX 101: What, Why & How
 
Best new features in windows server 2016
Best new features in windows server 2016Best new features in windows server 2016
Best new features in windows server 2016
 
Azure Virtual Desktop Overview.pptx
Azure Virtual Desktop Overview.pptxAzure Virtual Desktop Overview.pptx
Azure Virtual Desktop Overview.pptx
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 Presentation
 
AWS re:Invent 2016: Offload Security Heavy-lifting to the AWS Edge (CTD204)
AWS re:Invent 2016: Offload Security Heavy-lifting to the AWS Edge (CTD204)AWS re:Invent 2016: Offload Security Heavy-lifting to the AWS Edge (CTD204)
AWS re:Invent 2016: Offload Security Heavy-lifting to the AWS Edge (CTD204)
 
Integration Monday - Logic App Patterns
Integration Monday - Logic App PatternsIntegration Monday - Logic App Patterns
Integration Monday - Logic App Patterns
 
The Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
The Fundamentals of Networking in AWS: VPC and Connectivity Options - BusinessThe Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
The Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
 
The evolving story for Agile Integration Architecture in 2019
The evolving story for Agile Integration Architecture in 2019The evolving story for Agile Integration Architecture in 2019
The evolving story for Agile Integration Architecture in 2019
 
WebSphere App Server vs JBoss vs WebLogic vs Tomcat
WebSphere App Server vs JBoss vs WebLogic vs TomcatWebSphere App Server vs JBoss vs WebLogic vs Tomcat
WebSphere App Server vs JBoss vs WebLogic vs Tomcat
 
IoT & Azure (EventHub)
IoT & Azure (EventHub)IoT & Azure (EventHub)
IoT & Azure (EventHub)
 
Introduction to soa suite 12c in 20 slides
Introduction to soa suite 12c in 20 slidesIntroduction to soa suite 12c in 20 slides
Introduction to soa suite 12c in 20 slides
 

Semelhante a Intorduction to Datapower

Common DataPower use cases, incl Caching with XC-10 appliance.
Common DataPower use cases, incl Caching with XC-10 appliance.Common DataPower use cases, incl Caching with XC-10 appliance.
Common DataPower use cases, incl Caching with XC-10 appliance.
sflynn073
 
Cyber defense for soa & rest oracle
Cyber defense for soa & rest oracleCyber defense for soa & rest oracle
Cyber defense for soa & rest oracle
igsc
 
Presentation cyber defense for soa & rest
Presentation cyber defense for soa & restPresentation cyber defense for soa & rest
Presentation cyber defense for soa & rest
xKinAnx
 
Whats new in data power
Whats new in data powerWhats new in data power
Whats new in data power
sflynn073
 
FS_Usage_Scenarios
FS_Usage_ScenariosFS_Usage_Scenarios
FS_Usage_Scenarios
Kevin Kao
 
Enterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentEnterprise Node - Securing Your Environment
Enterprise Node - Securing Your Environment
Kurtis Kemple
 
Bloombase Spitfire SOA Security Server Brochure
Bloombase Spitfire SOA Security Server BrochureBloombase Spitfire SOA Security Server Brochure
Bloombase Spitfire SOA Security Server Brochure
Bloombase
 
WSO2 Intro Webinar - Simplifying Enterprise Integration with Configurable WS...
WSO2 Intro Webinar - Simplifying Enterprise Integration with Configurable WS...WSO2 Intro Webinar - Simplifying Enterprise Integration with Configurable WS...
WSO2 Intro Webinar - Simplifying Enterprise Integration with Configurable WS...
WSO2
 

Semelhante a Intorduction to Datapower (20)

Web Api services using IBM Datapower
Web Api services using IBM DatapowerWeb Api services using IBM Datapower
Web Api services using IBM Datapower
 
Datapower Steven Cawn
Datapower Steven CawnDatapower Steven Cawn
Datapower Steven Cawn
 
Common DataPower use cases, incl Caching with XC-10 appliance.
Common DataPower use cases, incl Caching with XC-10 appliance.Common DataPower use cases, incl Caching with XC-10 appliance.
Common DataPower use cases, incl Caching with XC-10 appliance.
 
Layer 7: Enterprise Service Governance with SecureSpan
Layer 7: Enterprise Service Governance with SecureSpanLayer 7: Enterprise Service Governance with SecureSpan
Layer 7: Enterprise Service Governance with SecureSpan
 
Cyber defense for soa & rest oracle
Cyber defense for soa & rest oracleCyber defense for soa & rest oracle
Cyber defense for soa & rest oracle
 
Presentation cyber defense for soa & rest
Presentation cyber defense for soa & restPresentation cyber defense for soa & rest
Presentation cyber defense for soa & rest
 
Layer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTLayer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & REST
 
Layer 7: Getting Your SOA to Production Without Cost and Complexity
Layer 7: Getting Your SOA to Production Without Cost and ComplexityLayer 7: Getting Your SOA to Production Without Cost and Complexity
Layer 7: Getting Your SOA to Production Without Cost and Complexity
 
Layer 7: Managing SOA Security and Operations with SecureSpan
Layer 7: Managing SOA Security and Operations with SecureSpanLayer 7: Managing SOA Security and Operations with SecureSpan
Layer 7: Managing SOA Security and Operations with SecureSpan
 
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the EnterpriseAdobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
 
Whats new in data power
Whats new in data powerWhats new in data power
Whats new in data power
 
FS_Usage_Scenarios
FS_Usage_ScenariosFS_Usage_Scenarios
FS_Usage_Scenarios
 
Operations: Security
Operations: SecurityOperations: Security
Operations: Security
 
Enterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentEnterprise Node - Securing Your Environment
Enterprise Node - Securing Your Environment
 
Bloombase Spitfire SOA Security Server Brochure
Bloombase Spitfire SOA Security Server BrochureBloombase Spitfire SOA Security Server Brochure
Bloombase Spitfire SOA Security Server Brochure
 
WSO2 Intro Webinar - Simplifying Enterprise Integration with Configurable WS...
WSO2 Intro Webinar - Simplifying Enterprise Integration with Configurable WS...WSO2 Intro Webinar - Simplifying Enterprise Integration with Configurable WS...
WSO2 Intro Webinar - Simplifying Enterprise Integration with Configurable WS...
 
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastrukturyPlnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your Company
 
Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02
 
Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02
 

Mais de Shilpin Pvt. Ltd.

Telecom interconnect Billing Basics
Telecom interconnect Billing BasicsTelecom interconnect Billing Basics
Telecom interconnect Billing Basics
Shilpin Pvt. Ltd.
 

Mais de Shilpin Pvt. Ltd. (8)

Telecom interconnect Billing Basics
Telecom interconnect Billing BasicsTelecom interconnect Billing Basics
Telecom interconnect Billing Basics
 
OSM- An Introduction
OSM- An IntroductionOSM- An Introduction
OSM- An Introduction
 
Introduction of Service Assurance Domain
Introduction of Service Assurance DomainIntroduction of Service Assurance Domain
Introduction of Service Assurance Domain
 
Introduction to MVNO
Introduction to MVNOIntroduction to MVNO
Introduction to MVNO
 
Introduction to GPRS
Introduction to GPRSIntroduction to GPRS
Introduction to GPRS
 
Telecom Roaming Overview
Telecom Roaming OverviewTelecom Roaming Overview
Telecom Roaming Overview
 
GSM Rating Overview
GSM Rating OverviewGSM Rating Overview
GSM Rating Overview
 
Introduction to GSM
Introduction to GSMIntroduction to GSM
Introduction to GSM
 

Último

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Último (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 

Intorduction to Datapower

  • 2. DataPower SOA Appliance An SOA Appliance… creates customer value through extreme SOA performance, connectivity, and security.  Simplifies SOA and accelerates time to value  Helps secure SOA XML implementations  Governs and enforces SOA/Web Services policies DataPower SOA Appliances redefine the boundaries of middleware extending the SOA Foundation with specialized, consumable, and dedicated SOA Appliances that simplify and combine superior performance, hardened security, and integration for SOA implementations. 2
  • 3. Why an Appliance for SOA?  Hardened, specialized hardware for helping to integrate, secure & accelerate SOA  Many functions in a single device  Service level management, dynamic routing, policy enforcement, transformation  Higher levels of security assurance certification  FIPS 140-2 Level 3, Common Criteria EAL4  Higher performance with hardware acceleration facilitates security enforcement • Addresses the divergent needs of different groups – Enterprise architects, network operations, security operations, web services developers • Simplified deployment and ongoing management – Drop-in appliance, secures traffic in minutes, integrates with existing operations 3
  • 4. What is DataPower ? • • • • Provides the flexibility of software in a hardware footprint Is quick to deploy – configuration NOT coding or programming Typically takes days to integrate NOT weeks or months Is a 1U 19” Rack Mounted appliance – • • Looks like a router Has minimal components and has no stack of software. Consequently DataPower is highly secure As attack points are minimised – – DataPower is undergoing accreditation to Common Criteria EAL4 This is globally recognised check by an impartial third party that warrants the security claims made by IBM 4
  • 5. What Does DataPower Address ? • • XML is the language of Web Services and SOA XML is pervasive – in a matter of years, it will fuel every application, device, and document found in enterprise networks • XML challenges – XML is very ‘Verbose’ • XML is bandwidth intensive • Has a direct impact on Application Server performance • XML processing requires significant processor cycles and memory resources – XML is effectively ‘Human readable’ Text • It has no native security mechanisms • It is readily understood and vulnerable to interception • Security can be implemented on the application server but this is additional XML processing and adds to the performance problem – SOA is not just Web Services and XML • Customers need to integrate existing legacy systems, messaging formats and protocols into the SOA architecture. • The ability to ‘transform’ legacy systems into the XML format is needed. 5
  • 6. What Does DataPower Address ? • XML Performance – How ? – by offloading XML processing from the Application Server to DataPower in optimised hardware – Thereby greatly reducing the required number of Application Servers • XML Security – How ? – by offloading XML security to DataPower – Provide standards based security – WS Security • Integrating XML and legacy systems – How ? – by using DataPower to transform XML to legacy message formats and protocols e.g • XML < > Cobol Copybook (brings a Mainframe into SOA Architecture) • XML > HMTL (renders HTML content to Portal very rapidly) • XML < > MQ Messaging All of this is done at WIRESPEED 6
  • 7. WebSphere DataPower SOA Appliance Product Line XM70  XB60 High volume, low latency messaging Enhanced QoS and performance Simplified, configuration-driven approach to LLM Publish/subscribe messaging High Availability          B2B Messaging (AS2/AS3) Trading Partner Profile Management B2B Transaction Viewer Unparalleled performance Simplified management and configuration XA35 – – – Offload XML processing No more hand-optimizing XML Lowers development costs XS40     Enhanced Security Capabilities Centralized Policy Enforcement Fine-grained authorization Rich authentication XI50     Hardware ESB “Any-to-Any” conversion at wire-speed Bridges multiple protocols Integrated message-level security 7
  • 8. WebSphere DataPower Basic Use Cases Internet DMZ Trusted Domain Application Consumer 1 B2B Gateway 3 Low Latency Gateway Application 2 Secure Gateway (Web Services, Web Applications) Consumer 4 Internal Security 5 Enterprise Service Bus 6 Web Service Management 7 Legacy Integration 8 XML Acceleration System z 8
  • 9. XML Accelerator XA35 Purpose-built hardware for presentation-tier transformation • “The Original” DataPower XML Appliance • Defines high performance architecture for all DataPower SOA Appliances • Processes XML operations at “wire-speed” • Ideal in an XSL-intensive HTTP presentation tier • XML Pipeline processing accelerates XML/XSLT/XPath evaluation, increasing throughput and decreasing latency by offloading XML operations to the network • Innovative drag-and-drop policy editor accelerates time to value and simplifies configuration and deployment • Logical application domains allow individual “sandboxes” and facilitate configuration management through import/export features • Multiple management interfaces serve varying needs of an organization, including browser-based WebGUI, command line CLI, and scriptable Web Services 9
  • 10. XML Security Gateway XS40 Purpose-built hardware for assuring confidentiality, authenticity, and nonrepudiation • Native support for WS-Security policy enforcement • Extremely secure hardware design • Integrate with a variety of authentication and authorization systems for real-time protection • Ideal in front-line DMZ or internal security gateway • XML/SOAP Firewall capabilities enable Layer 7 filtering on any content, metadata or network variable in a message • Web Application Firewall service offers additional security, threat mediation, and content processing for other URL encoded HTTP-based applications • Easily configurable field-level security options allow flexible enforcement of confidentiality, authenticity, and non-repudiation requirements • Low latency architecture leverages hardware-acceleration for cryptographic operations 10
  • 11. Hardware Device for Improved Security • Sealed network-resident appliance – Optimized hardware, firmware, embedded OS – Single signed/encrypted firmware upgrade only – No arbitrary software – High assurance, “default off” locked-down configuration – Security vulnerabilities minimized (few 3 party components) – Hardware storage of encryption keys, locked audit log – No USB ports, tamper-proof case • Third party certification – FIPS 140-2 level 3 HSM (option) – Common Criteria EAL4 “The DataPower [XS40]... is the most hardened ... it looks and feels like a datacenter appliance, with no extra ports or buttons exposed… " - InfoWorld 11
  • 12. XML security threats are growing DataPower provides hardened real-time protection • • • • • • • • • • • • • • XML Entity Expansion and Recursion Attacks XML Document Size Attacks XML Document Width Attacks XML Document Depth Attacks XML Wellformedness-based Parser Attacks Jumbo Payloads Recursive Elements MegaTags – aka Jumbo Tag Names Public Key DoS XML Flood Resource Hijack Dictionary Attack Message Tampering Data Tampering • • • • • • • • • • • • • • Message Snooping XPath Injection SQL injection WSDL Enumeration Routing Detour Schema Poisoning Malicious Morphing Malicious Include – also called XML External Entity (XXE) Attack Memory Space Breach XML Encapsulation XML Virus Falsified Message Replay Attack …others 12
  • 13. Gartner: Web Services Security Best Practices  Provide System Security  Inspect ALL traffic  Transform all messages  Mask internal resources  Implement XML filtering  Secure logging  Protect against XML DoS  Require good authentication mechanisms  Provide Message Security  Sign all messages  Validate messages (Inbound+Outbound)  Time-stamp all messages  Ask for Compatibility  SSL MA, SAML, x.509.  WS-Security  WS-* extensions • • • Build Expertise/Design From Strength Educate Business Leaders Build Centralized Infrastructure – – – – • • • SSL is key Use management/security platforms Manage your identities You may need PKI Trust (Really) Your Partners Use OTS Web Services with Caution Monitor and Control “Therefore, enterprises should investigate tools such as security gateways, SSL concentrators and accelerators, and wire-speed SOAP/XML inspection hardware.” -- John Pescatore, Gartner 13
  • 14. Access Control Integration Framework (AAA) Transport Headers URL SOAP Method XPath Input Message Extract Resource WS-Security SAML X.509 Kerberos Proprietary Tokens Extract Identity LDAP ActiveDirectory SAML Tivoli CA eTrust/Netegrity RSA Entrust Novell RACF Authenticate Map Resource LDAP ActiveDirectory SAML Tivoli CA eTrust/Netegrity RSA Entrust Novell Proprietary Authorize SAML Assertion Credential Mediation IDS Integration Monitoring Audit & Accounting Output Message Authenticate, Authorize, Audit Map Credentials External Access Control Server or Onboard Identity Management Store 14
  • 15. Web Application Firewall • • • • • • • URL-encoded HTTP application protection in addition to XML Web Services firewall security Protection for static or dynamic HTMLbased applications Supports browser-based clients and HTTP/HTTPS backend servers Wizard-driven configuration Cross-site scripting and SQL Injection protection AAA framework support for web applications General name-value criteria boundary profiles for: – Query string and form parameters  HTML Input Conversion Maps for form processing and handling  Cookie watermarking (sign and/or encrypt)  Rate limiting and traffic throttling/shaping  HTTP header stripping, injection and rewriting  HTTP protocol and method filtering  Content-type filtering  Dynamic routing and load balancing  Session handling policies  SSL Acceleration & Termination (Link)  XML and non-XML processing policies  Customizable error handling – HTTP headers – Cookies 15
  • 16. Integration Appliance XI50 Purpose-built hardware for Enterprise Service Bus functionality • Web Service virtualization for legacy applications • Enforce high levels of security independent of protocol or payload format • Integrate with enterprise monitoring systems • Service level management options to shape traffic ! Advanced protocol-bridging seamlessly supports a wide array of transports, including HTTP, WebSphere MQ, WebSphere JMS, Tibco EMS, FTP, NFS Any-to-any “DataGlue” engine supports XML and Non-XML (Binary) payloads, promoting asset reuse and enabling integration without coding Direct database access enables message-enrichment and data-as-aservice messaging patterns (DB2, Oracle, MS-SQL, Sybase) High performance architecture creates low-cost, easily-scalable ESB solution for Smart SOA needs 16
  • 17. The ESB Cost Explosion - background A significant and growing problem with bus installations around the world. In medium to large organizations running significant transaction volumes, the footprint of their ESB becomes very large and expensive, very quickly. Business Partners Internet Access Wireless Access Intranet Portal ESB Internet Portal Wireless Portal DMZ Midrange System Z Internal Trusted Networks DB2 Unix IMS w2k Logging Monitoring / Management SCM Directory / IDM CRM 17
  • 18. The ESB Cost Explosion – Root causes 1. The resource requirements of today’s services (mostly XML-based) – Software mediation solutions written on general-purpose platforms require shocking amounts of CPU and memory to process messages and perform the basic bus functions: • Message Parsing and Interpretation • Message Transformation • Message Routing 2. The minimal headroom purchased because of HA requirements. – Companies quickly use up extra capacity purchased initially in order to maintain high availability for this critical part of their network. Nevertheless the problem is often still hidden by the HA deployment initially Companies are often taken by surprise by how quickly they “hit the wall” – – It doesn’t take much! • • At somewhere between 20-60 TPS the infrastructure needs to be at least doubled. you don’t have to be a F500 company to get hit 18
  • 19. The ESB Cost Explosion - Solution The DataPower module, deployed in an Architected ESB Federation pattern, is designed to bring the “commodity” work of an ESB to the network layer. SOA Network Infrastructure History tells us that selecting universal, repetitive functions and moving them to purpose-built appliances reduces solution costs, both in terms of increased performance / reduced processing costs, and reduced complexity of deployment (network devices are configured, not coded). 19
  • 20. Processing rule actions for ESB Programmer-friendly functions within the purely-configuration message flow. WAIT 20
  • 21. Processing rule actions for ESB Fan-out (Fan-in) FTP Notification Fire and Forget HTTP JMS HTTP Composition JMS MQ 21
  • 22. Content-based Routing Select destination based on transaction metadata • Dynamically determine route from transaction context and/or message content – Analyze originating URL, protocol headers, transaction attributes, etc. – Analyze legacy or XML content • Leverage a routing table for real-time decisions – Quickly deploy routing changes, including protocol conversions • Retrieve routing information from other systems – E.g., databases, web servers, file servers, etc. Unclassified Requests Service Providers 22
  • 23. Protocol Mediation Independently bridge inbound and outbound protocols  First-class support for message and transport protocol bridging  Protocol mediation with simple configuration: – HTTP  MQ  WebSphere JMS  FTP  Tibco EMS  Request-response and sync-async matching  Configurable for fully guaranteed, once-and-only-once delivery WebSphere JMS http(s) 3rd Party Messaging WebSphere MQ Database FTP(s) sFTP DB2, SQL Server, Oracle, Sybase, IMS NFS 24
  • 24. Web Services Management Service Level Management protects application resources • • Defined as action in the policy pipeline Configure policies based on: – Any parameter: WSDL; Service Endpoint; Operation; Credential – Request; Response; Fault; XPath • • Enforce same thresholds across a pool of devices Configure service level to trigger action: – Notify (Alert) – Shape (Slow Down) – Throttle (Reject) • • • Supports WSDM and other Web services management standards Allows subscription to SLM for alerts, logging, etc. Notify other applications such as billing, audit, etc. 25
  • 25. System z Integration • Broad integration with System z • Connect to existing applications over WebSphere MQ • Transform XML to/from COBOL Copybook for legacy needs • Natively communicate with IMS Connect • Integrate with RACF security from DataPower AAA • Service enable CICS using WebSphere MQ • Virtualize CICS Web Services 27
  • 26. Business to Business (B2B) Appliance XB60 Purpose-built B2B hardware for simplified deployment, exceptional performance and hardened security • Extend integration beyond the enterprise with B2B • Hardened Security for DMZ deployments • Easily manage and connect to trading partners using industry standards • Simplified deployment and ongoing management • Trading Partner Management for B2B Governance; B2B protocol policy enforcement, access control, message filtering, and data security • Application Integration with standalone B2B Gateway capabilities supporting B2B patterns for AS2, AS3 and Web Services • Full featured User Interface for B2B configuration and transaction viewing; correlate documents and acknowledgments displaying all associated events • Simplified deployment, configuration and management providing a quicker time to value by establishing rapid connectivity to trading partners 28
  • 27. DataPower B2B Appliance XB60 - B2B Components The DataPower B2B Appliance extends your ESB beyond the enterprise by supporting the following B2B functionality: • • B2B Gateway Service – AS2 and AS3 packaging/unpackaging – EDI, XML and Binary Payload routing – Front Side Protocol Handlers – Trading Partner Profile Management • Multiple Destinations (Back Side Protocol Handlers) • Certificate Management (Security) – Hard Drive Archive/Purge policy B2B Viewer – B2B transaction viewing – Transaction resend capabilities – Acknowledgement correlation – Transaction event correlation – Role based access • Transaction Store – B2B metadata storage – B2B state management B2B Gateway Service Internal Partner Destinations Front Side Handlers for Integration Transaction Store Front Side Handlers for Partner Connections External Partner Destinations Persistent Storage Persistent Storage – Encrypted with a box specific key – B2B document storage • DataPower B2B XB60 B2B Viewer 29
  • 28. Low-Latency Appliance XM70 Purpose-built hardware for low-latency, network-based messaging and data feed processing • Drop-in messaging solution which plugs into existing network infrastructure • Enhanced QoS and performance with purpose-built hardware • Simplified, configuration-driven approach to low-latency, publish/subscribe messaging and content-based routing • High availability out of the box (two or more appliances) • Low-latency unicast and multicast messaging, scaling to 1M messages / sec with microsecond latency • Destination, property and content-based routing, including native XML and FIX parsers • Optimized to bridge between leading standard messaging protocols such as MQ, Tibco, WebSphere JMS and HTTP(S) • Simplified deployment, configuration and management providing a quicker time to value by rapidly configuring messaging destinations, connectivity and routing 30
  • 29. Configuration & Administration Fits into existing environments  Multiple administration consoles     IDE integration      Eclipse/Rational Application Developer Altova XML Spy WAS 7 Admin Console for Multi-box Management Easy export/import for configuration promotion Standard operational interfaces   WebGUI – 100% availability of functions in all consoles CLI – Familiar to network operators SOAP interface – Programmatic access to all config for easy scripting SNMP XI50 SNMP, syslog, etc. Industry leading integration support across IBM and 3rd party application, security, identity management, and networking infrastructure 31
  • 30. IBM SOA Appliance Deployment Summary Web Tier XML HTML WML Client or Server XML XSL XA35 Application Server Web Server Internet Security Tivoli NetView Tivoli NetView Tivoli Access Manager Tivoli Access Manager Tivoli Access Manager -----------Federated Identity Manager XS40 Internet WebSphere App Server WebSphere App Server IP Firewall Application Server DataPower XS40 DataPower XS40 Integration & Management Tiers  LEGACY REQ Nortel L7 Module Nortel L7 Module DataPower XS40 DataPower XS40  HTTP XML REQ MQ Server MQ Server LEGACY RESP  XI50 HTTP XML RESPONSE  ITCAM for SOA Web service Web service client client Tivoli NetView Web Services Client Tivoli Access Manager 32 WebSphere App Server DataPower XS40
  • 31. IBM SOA Appliance Deployment continued Business to Business (B2B) DMZ AS2 Message FW XML/EDI/Binary Internet XB60 FW FW AS2 MDN Trading Partners AS2, AS3, HTTP, FTP, Web Services, MQ Receiver WSRR ITCAM for SOA Tivoli NetView Trading Manger for EDI Processing Application Server Tivoli Access Manager WebSphere App Server Low Latency Messaging (LLM) Receiver DataPower XS40 RUM (unicast) Nortel L7 Module DataPower XS40 Transmitter MQ Server RMM XM70 RUM Receiver (multicast) Web service client Transmitter MQ/TIBCO 33
  • 32. Summary – IBM Specialized Hardware for Smart SOA Connectivity • • • • • • Hardened, specialized product for helping integrate, secure & accelerate SOA Many functions integrated into a single device Broad integration with both non-IBM and IBM software Higher levels of security assurance certifications require hardware Higher performance with hardware acceleration Simplified deployment and ongoing management www.ibm.com/software/integration/datapower SOA Appliances: Creating customer value through extreme SOA performance, connectivity, and security  Simplifies SOA and accelerates time to value  Helps secure SOA XML implementations  Governs and enforces SOA/Web Services policies 34