Académique Documents
Professionnel Documents
Culture Documents
TIS 3089
Please Note
IBMs statements regarding its plans, directions, and intent are subject to change
or withdrawal without notice at IBMs sole discretion.
Information regarding potential future products is intended to outline our general
product direction and it should not be relied on in making a purchasing decision.
The information mentioned regarding potential future products is not a
commitment, promise, or legal obligation to deliver any material, code or
functionality. Information about potential future products may not be incorporated
into any contract. The development, release, and timing of any future features or
functionality described for our products remains at our sole discretion.
Performance is based on measurements and projections using standard IBM
benchmarks in a controlled environment. The actual throughput or performance
that any user will experience will vary depending upon many factors, including
considerations such as the amount of multiprogramming in the users job stream,
the I/O configuration, the storage configuration, and the workload processed.
Therefore, no assurance can be given that an individual user will achieve results
similar to those stated here.
Agenda
DataPower Quick Overview
Security & Optimization Gateway
Mobile Connectivity
API Management
Integration
Mainframe Integration & Enablement
B2B
DMZ
Trusted Domain
Consumer
DataPower
DataPower
Application or Service
Consumer
Securely expose enterprise data to external consumers/partners, while optimizing delivery of the workload
Securely connect apps/services within the enterprise, while optimizing delivery of the workload and
providing integration including XML offload, message validation/filtering, message/transport protocol
transformation, traffic control/quota enforcement, SOA governance & management, dynamic routing &
intelligent load distribution
Physical appliance that is purpose-built, tamper-evident with simplified deployment combining superior
performance, hardened security, increased ROI and reduced TCO
Provides high levels of certified Security assurance
e.g. Transport Protocol Security (SSL/TLS), Message Level Security, and Authentication, Authorization,
Audit
Simplified maintenance model
Drop-in appliance form-factor, Secures traffic in minutes, and Push-button flash upgrade process
Over a decade of innovation. 2000 worldwide installations. 10,000+ physical units sold
Virtual appliance provides deployment flexibility & reduced cost for development and test environments
5
Internet
DMZ
Trusted Domain
Consumer
Application or Service
DataPower
DataPower
System z
1 Security Gateway
(Web Services/Apps/APIs)
2 Intelligent Content
Consumer
IBM Integration
Bus
Application
Service
File
Secure
Control
Integrate
Route & Optimize
Update application
servers individually
Integration
In-the-Clear
Request
Clients
8
Control
Service-level agreements
Traffic control
Message accounting
Content-based routing
Governance & management
Optimization
Encrypted and
Signed Request
Malicious
Request
Cobol/
MQ
Appl
Cobol/MQ
Service Providers
Security
DataPower Family
Service Gateway XG45
DataPower Appliances
Over a decade of innovation & over 2000 worldwide installations
Government
Agencies and ministries
Defense and security organizations
Crown corporations
Banking
Insurance
Used by 95% of top global insurances
firms
SaaS providers, ASPs, regulators, etc.
10
Healthcare
Retailers
Utilities, Power, Oil and Gas
Telecom
Airlines
etc.
Agenda
DataPower Quick Overview
Security & Optimization Gateway
Mobile Connectivity
API Management
Integration
Mainframe Integration & Enablement
B2B
11
12
Secure access to
Web and legacy
applications
Authentication
Authorization
User Federation
Converged
security
enforcement
Rocksolid
DataPower
platform
Internet
F
I
R
E
W
A
L
L
DMZ
F
I
R
E
W
A
L
L
Mission-critical data
Intranet
Leverages
enterprise
security and
policy managers
Authorization
Protect data and other system
13 13
Page
resources from unauthorized access
Message Integrity
Verify contents were unchanged in transit
Data Confidentiality
Conceal clear-text using encryption
2010 IBM Corporation
Message Snooping
XML Flood
Resource Hijack
XML Encapsulation
Dictionary Attack
XML Virus
Replay Attack
Mmany others
Threat Protection
Maximum nesting depth (levels)
Maximum document size (bytes)
Extract
Identity
LDAP/Active Directory
System/z NSS (RACF, SAF)
IBM Security Access Manager
Kerberos
WS-Trust
Netegrity SiteMinder
RADIUS
SAML
LTPA
Verify Signature
Custom
Authenticate
Map
Identity
input
LDAP/ActiveDirectory
System/z NSS
IBM Security Access Manager
Netegrity SiteMinder
SAML
XACML
OAuth
Custom
Authorize
Extract
Resource
Add WS-Security
Generate z/OS ICRX Token
Generate Kerberos
Generate Spnego
Generate SAML
Generate LTPA
Map Tivoli Federated Identity
Audit &
Post-Process
output
Map
Resource
URL
XPath
SOAP Operation
HTTP Operation
Custom
Security Gateway
Outside World
DMZ
Security
Gateway
Incoming access control;
Threat protection
Domain Firewall
Internet
Protocol Firewall
HTTP(s)
SaaS
Internal Network
Security
Gateway
Browsers
Partner
Apps
Internal
Consumer
HTTP(s)
Internal
Security
Packaged Apps
Proprietary Apps
Data
ESB
ACL
Tivoli (TAM)
MS Active Directory
Any LDAP, e.g. Oracle
CA SiteMinder
PDP (XACML, SAML, other)
Consumer
ACL
Virus
Scanner
16
Provider
Solution
Implemented WebSphere DataPower to form the Web
services backbone
Through content-based routing, security policy
enforcement & data encryption, DataPower ensures safe
& efficient flow of confidential customer data
Integrated seamlessly into heterogeneous environment
increasing interoperability & promoting reuse
Benefits
17
Identity Mgmt
Discover
Services & Policy
Message
ITCAM for
SOA
(Policy
Monitoring
Point)
Monitor
Services
Message
DataPower (Policy
Enforcement Point)
Message
Service
19
Enterprise
High Load
Slow
Response
(>10s)
User
WAS Application
{ "Task" : "AddEntry",
"Detail": "Create
presentation materials." }
Scenario
Issues
DMZ
Data
Center
Improved Load
DataPower
1
1
User
20
WAS Application
{ "Task" : "AddEntry",
"Detail": Waste time." }
Improved Load
DataPower
2
User
WAS Application
1
1
User
21
Improved Load
DataPower
2
3
Improved
Response
Time
WAS Application
Fast
Response
User
REST
DataPower XC10
22
Low Load
WAS Application
DataPower XI Appliances
Improved Load
3
User
Client
Improved
Response
Time
REST
23
DataPower XC10
Provider
100x
performance
improvement
Reservations System
Agenda
DataPower Quick Overview
Security & Optimization Gateway
Mobile Connectivity
API Management
Integration
Mainframe Integration & Enablement
B2B
25
26
Enhanced form-based authentication support for quick integration with Worklight applications running on mobile devices **
Ready-to-use configuration pattern as reverse proxy & security policy enforcement point in front of Worklight Server**
27
REST
Provider
Mobile Consumer
HTTP(s) GET
JSON or HTML/XHTML
Mobile Consumer
28
XML
Provider
29
Large global phone company has their RESTful service calls using
JSON and XML from Mobile devices and consumer browsers are
secured and load balanced using DataPower
Large retailer went live recently with DataPower proxying Mobile traffic
30
Agenda
DataPower Quick Overview
Security & Optimization Gateway
Mobile Connectivity
API Management
Integration
Mainframe Integration & Enablement
B2B
31
32
Enterprise
Services
Web Apps
Dev Ops
Dashboard
DataPower
Business
Ops Dashboard
Mobile
On Premise
33
Mobile Apps
& Web consumers
Caching Appliance
IBM DataPower XC10
API consumers
& App Developers
API owners
Multi-device development
IBM Worklight
34
Agenda
DataPower Quick Overview
Security & Optimization Gateway
Mobile Connectivity
API Management
Integration
Mainframe Integration & Enablement
B2B
35
36
Integration
Partner
Apps
Internet
Enhanced
Security
DMZ
SaaS
Internal Network
Domain Firewall
Browsers
DMZ
Protocol Firewall
Outside World
Packaged Apps
Proprietary Apps
Data
HTTP(s)
FTP(s)
SFTP(SSH)
WMQ(s)
WS JMS
TIBCO EMS
Packaged Apps
Proprietary Apps
Data
HTTP
WMQ
DataPower
Gateway
LDAP
Packaged Apps
Proprietary Apps
Data
IMS Connect
ACL
ODBC
DB
JMS
EMS
Packaged Apps
Proprietary Apps
Data
FTP
NFS
Packaged Apps
Proprietary Apps
Data
Integration Scenario
37
Consumer
MQ Queue
Manager
Provider
UK Government Agency
enables integration capabilities using DataPower
Challenge
Data held in the back-end systems vital to delivering
citizen services, fraud detection across various layers of
the Governments across the EU
Vulnerable back-end services
Security
Capacity/ SLA
Consistent usability experience for internal or external
service consumers
Other UK
Departments
Internal Users
Other EU
Countries
Government
network
Solution
DataPower in key network zones within and outside of
the department
Thorough content-based validation, routing, and security
policy enforcement
Integrated seamlessly into heterogeneous environment
increasing interoperability & promoting reuse
Integration Layer
Benefits
Ease of integration
Security assurance of the architecture
Secure SOA on standards-based platform
Consistent experience and policy for all users
38
Core Services
2013 IBM Corporation
Core Data
39
39
Agenda
DataPower Quick Overview
Security & Optimization Gateway
Mobile Connectivity
API Management
Integration
Mainframe Integration & Enablement
B2B
40
41
An Irish Bank
Enabling retail banking
Challenge
Retail application contained 7000 screens; slow
response times over dedicated proprietary network.
Cost of processing XML on the mainframe.
Message transformation needed before the core
banking platform could process requests.
Solution
Branch Network
Benefits
Retail application acceleration through transformations
and caching
Optimized platform for handling, parsing and processing
payloads
42
Solution
Open Internet
DataPower
Benefits
Create customer interaction and value through innovative
business strategy.
Integrate various suppliers using standards based
interfaces securely.
Graphical configuration driven appliance; short learning
curve
43
Client
MQ Server
SOAP/HTTP
IMS
MQ
Brdg
O
T
M
A
IMS Application
SOAP/HTTP
CCB / MQ
DataPower
DataPower
XI50z
DRDA
DB2
44
Service Provider
TCP/IP
IMS
Connect
IMS
O
T
M
A
App1
App2
DataPower
Service Consumer
SOAP / REST
Client
45
DRDA
DataPower
Agenda
DataPower Quick Overview
Security & Optimization Gateway
Mobile Connectivity
API Management
Integration
Mainframe Integration & Enablement
B2B
46
47
48
DataPower
B2B Gateway Service
Partner Connection Internal Partner
Front Side Handlers
Destinations
External Partner
Integration
Destinations
Front Side Handlers
Partner
Profiles
Metadata
Store
(DB)
Document
Store
(HDD)
B2B Viewer
AS2, File and Web Services based interfaces to 100s of B2B customers.
Messages are exchanged at least once a day
Secure proxy solution in the DMZ
Complex incumbent supplier chain
Benefits
Create customer interaction and value through innovative business strategy.
Integrate various suppliers using standards based interfaces securely.
Graphical configuration driven appliance; short learning curve
49
Internal
Systems
External
Systems
Internal
System
Internal
Systems
External
Systems
Internal
System
50
DataPower resources
IBM DataPower Web Page (support, technotes, doc)
http://www-01.ibm.com/software/integration/datapower/
IBM Redbooks:
http://www.redbooks.ibm.com/cgi-bin/searchsite.cgi?query=datapower
YouTube:
http://www.youtube.com/watch?v=uWYBDviv5Ts&feature=channel
DataPower Podcasts:
http://www.ibm.com/podcasts/software/websphere/datapower/index.rss
52
www.ibm.com/software/integration/datapower
53
54
Legal Disclaimer
IBM Corporation 2013. All Rights Reserved.
The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained
in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBMs current product plans and strategy, which are
subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing
contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and
conditions of the applicable license agreement governing the use of IBM software.
References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or
capabilities referenced in this presentation may change at any time at IBMs sole discretion based on market opportunities or other factors, and are not intended to be a commitment to
future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by
you will result in any specific sales, revenue growth or other results.
If the text contains performance statistics or references to benchmarks, insert the following language; otherwise delete:
Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will
experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage
configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
If the text includes any customer examples, please confirm we have prior written approval from such customer and insert the following language; otherwise delete:
All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs
and performance characteristics may vary by customer.
Please review text for proper trademark attribution of IBM products. At first use, each product name must be the full name and include appropriate trademark symbols (e.g., IBM
Lotus Sametime Unyte). Subsequent references can drop IBM but should include the proper branding (e.g., Lotus Sametime Gateway, or WebSphere Application Server).
Please refer to http://www.ibm.com/legal/copytrade.shtml for guidance on which trademarks require the or symbol. Do not use abbreviations for IBM product names in your
presentation. All product names must be used as adjectives rather than nouns. Please list all of the trademarks that you use in your presentation as follows; delete any not included in
your presentation. IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International
Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both.
If you reference Adobe in the text, please mark the first use and include the following; otherwise delete:
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries.
If you reference Java in the text, please mark the first use and include the following; otherwise delete:
Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.
If you reference Microsoft and/or Windows in the text, please mark the first use and include the following, as applicable; otherwise delete:
Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both.
If you reference Intel and/or any of the following Intel products in the text, please mark the first use and include those that you use as follows; otherwise delete:
Intel, Intel Centrino, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and
other countries.
If you reference UNIX in the text, please mark the first use and include the following; otherwise delete:
UNIX is a registered trademark of The Open Group in the United States and other countries.
If you reference Linux in your presentation, please mark the first use and include the following; otherwise delete:
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of
others.
If the text/graphics include screenshots, no actual IBM employee names may be used (even your own), if your screenshots include fictitious company names (e.g., Renovations, Zeta
Bank, Acme) please update and insert the following; otherwise delete: All references to [insert fictitious company name] refer to a fictitious company and are used for illustration
purposes only.
55
BACKUP Material
56
Industry Pains:
HIPAA Security requirements
for transporting data over the
Internet
HL7 v3.0 XML threat protection
Complexity of B2B for
healthcare
Partner A
Partner B
B2B Hub
EDI
Application
XB62
2
AS2 Process
3b
AS2
(EDI)
B2B
3a
Gateway
Service
AS2
(MDN)
Internet
XML
Application
Data
Store
Transaction
Viewer
Browser
Note: This flow works the same for any AS protocol as well as for ebMS B2B messages.
58
Agenda
DataPower Quick Overview
Security & Optimization Gateway
Mobile Connectivity
API Management
Integration
Mainframe Integration & Enablement
B2B
59
Agenda
DataPower Quick Overview
Security & Optimization Gateway
Mobile Connectivity
API Management
Integration
Mainframe Integration & Enablement
B2B
61
Application Optimization
Application Optimization (AO) is about leveraging application knowledge in the network to better
optimize application behavior, conformance, and performance
Internet
DMZ
Trusted Domain
Application Optimization
- Application Intelligence
- Application Security
- SSL Acceleration
System z
Consumer
Application
SOA Optimization
Consumer
63
- XML Intelligence
- XML Security
- Routing, Transformation, Mediation
Application
Application Optimization
Self Balancing: Self balance across a cluster of appliances
Replace front-end IP load balancer
New support (introduced in firmware version 4.0.2) enables connections to be
preserved, without loss, during failover scenario
Dynamic and Intelligent Load Distribution to backend systems
Replace backend load balancer
Front-end IP load
balancers not needed
64
Application Optimization
Provides application-aware Intelligent Load Distribution
Auto-discovers application targets and distributes load using dynamic
feedback mechanism
Topology learning for WAS ND and VE
Uses intelligent weighted distribution algorithms based on current server load
Weighted Least Connection load balancing algorithm
Provides several options for enabling Session Affinity
Failure of target
appliances are masked
by appropriate weighted
distribution
Agenda
DataPower Quick Overview
Security & Optimization Gateway
Mobile Connectivity
API Management
Integration
Mainframe Integration & Enablement
B2B
66
Integration
Content-Based Routing
Dynamically route based on any message content
Attributes such as the originating IP, requested URL, protocol headers, etc.
Data within the message such as SOAP Headers, XML, Non-XML content, etc.
Query a repository for routing information
WebSphere Service Registry & Repository, XML files, Databases, Web Servers
Unclassified
Requests
Output
Message
?
<XML/>
TEXT
Service
Providers
?
<XML/>
binary
67
TEXT
binary
Integration
Transport Protocol Translation
Integrate disparate transport protocols with extreme ease
No dependencies between inbound front-side and outbound back-side
Examples: HTTP(s), WebSphere MQ, WebSphere MQ FTE, WebSphere JMS, Tibco
EMS, SFTP, FTP(s), NFS, IMS, Database (DB2, Oracle, Sybase, SQL Server)
Support synchronous, asynchronous, pub-sub, assured-delivery, once-and-only once
message patterns
WebSphere
JMS
HTTP(s)
WebSphere
MQ, MQ FTE
TIBCO
EMS
FTP(s)
SFTP
68
Database
DB2, SQL Server,
Oracle, Sybase,
IMS
NFS
Agenda
DataPower Quick Overview
Security & Optimization Gateway
Mobile Connectivity
API Management
Integration
Mainframe Integration & Enablement
B2B
69
IMS Integration
Web Services Security and Management for IMS Web Services
SOAP/HTTP
Client
70
DataPower
WAS+IMS connector
IMS Integration
Web Services Enablement for IMS-based Services
DataPower provides WS-enablement to IMS applications
User codes schema-dependent WTX data map to perform
request/response mapping
Requires WebSphere MQ for z/OS
MQ bridge to access IMS
MQ connectivity is embedded in DataPower
71
DataPower
Client
CCB / MQ
MQ Server
SOAP/HTTP
MQ
Brdg
O
T
M
A
IMS Application
IMS
IMS Integration
Web Services Enablement for IMS-based Services (contd)
SOAP/HTTP
Client
72
DataPower
IMS
Connect
CCB / TCP
IMS
O
T
M
A
User exit
IMS
(e.g..
HWSSM
PL0)
O
T
M
A
Appl1
Appl2
Appl3
Appl4
Appl5
Appl6
IMS Integration
IMS Connect Reverse Proxy
Bring DataPower value add to standard IMS connect usage patterns
Provide an IMS Connect Client on DataPower that natively connects to
IMS Connect
Provide an IMS Connect Server on DataPower that accepts IMS Connect
client connections and provides an intermediation framework that
leverages DataPower
Enables authentication checks, authorization, logging, SLM,
transformation, route, DB look-up, SSL offload, etc.
Client
73
DataPower
IMS
Connect
CCB / TCP
IMS
O
T
M
A
User exit
IMS
(e.g..
HWSSM
PL0)
O
T
M
A
Appl1
Appl2
Appl3
Appl4
Appl5
Appl6
DB2 Integration
Information as a Service
DataPower provides a standard WS faade to DB/2
Common tool (IBM Data Studio 1.2+) to generate WSDL and data mapping in both Data Web
Services runtime and DataPower
SOAP call is mapped to an ODBC (DRDA) invocation
SOAP/HTTP
Client
74
DataPower
DB2
DRDA
CICS Integration
Web Services Security and Management for CICS Web Services
Content-based Message Routing
Protocol Bridging (HTTP, MQ, JMS, FTP, etc.)
XML/SOAP Firewall
Data Validation
Field Level Security
XML Web Services Access Control/AAA
Web Services Management
SOAP/HTTP
Client
75
DataPower
WAS+CICS connector
CICS Integration
Web Services Enablement for CICS Applications
DataPower provides WS-enablement to CICS applications
User codes schema-dependent WTX data map to perform
request/response mapping
CICS Application
76
CICS
Brdg
CICS
Client
CCB / MQ
MQ Server
SOAP/HTTP
DataPower
Agenda
DataPower Quick Overview
Security & Optimization Gateway
Mobile Connectivity
API Management
Integration
Mainframe Integration & Enablement
B2B
77
Partner A
WS Client
Flat
Partner B
B2B Hub
XB62
Pre-Process
B2B
Gateway
Service
Flat
5
4
SOAP
Internet
AS2
Data
Store
Web Service
Process
2
6
Web Service
Proxy
Transaction
Viewer
Browser
Note: A Multi-Protocol Gateway Service can also be used to support this flow as well as receiving and
sending data over any of the 16 supported protocol handlers. When Services are tied together in
front of or behind a B2B Gateway Service they are handled like pre and post processes.
78
Browser
(Admin)
Trading Partner
XB62
Queue
Manager
2a
B2B
Gateway
Service
Internet
3
Profile
Mgmt
Data
Store
Server
Queue
Manager
Queue
Manager
Data
Store
Manager
Target
Agent
XB60
Transaction
Viewer
Applications
DB (DB2 or Oracle)
Logger
MQ
Explorer
Browser
(Partner view)
Browser
(LOB User)
79
Source
Agent
MQFTE
Network
Queue
Secured
Network
WebSphere DataPower
B2B Appliance
B2B Gateway Service
3
2
ebMS
(ebXML))
Internet
ebMS
(Ack)
4
External Partners
ebXML
Collaboration Partner
Agreement
Collaboration
Entries
Protocol
Collaboration
Agreement Entry
Partner
CPAIdAgreement
/ Collaboration
Entries
Applications
CPAId / Collaboration
CPAId
/ Collaboration
Internal
Collaboration
PartnerCollaboration
Profile
Internal
PartnerCollaboration
Profile
Internal
External Collaboration
Partner Profile
PartnerCollaboration
Profile
External
Partner
Profile
External Collaboration
Partner Profile
Transaction
Viewer
80
Browser
Partner A
Regional Healthcare Center
B2B Appliance
B2B Hub
B2B Gateway
Service
AS2 Process
1
Profiles
5
HL7 V3
Any Transport
HL7 V3.x
Internet
Any Transport
HL7 V2.x
External Profile
Hospital
Internal Profile
Regional
Center
Healthcare
Applications
81
Transaction
Viewer
Healthcare
Applications
Healthcare Provider
Browser
(Admin)
HL7/MLLP
Clinical Trials
System
Trading Partner
XB62
B2B
Gateway
Service
Internet
3
AS2
(MDN))
HL7/MQ
2a
AS2
(HL7))
Profile
Mgmt
Data
Store
WebSphere
MQ
XML/HTTP
WebSphere Healthcare
Connectivity Pack
Billing
System
HL7/MLLP
Transaction
Viewer
Browser
(Partner view)
82
HL7/MLLP
Pharmacy
Patient
Administration
System