IBM SOA

© 2006 IBM Corporation

DataPower SOA AppliancesSimplify, Help Secure & Accelerate SOA

Raleigh ChiltonDataPower Account Manager

IBM SOA

2

Agenda

Context: IBM’s Business Centric SOA WebSphere DataPower SOA Appliance Overview SOA Appliance Deployment Summary Why an Appliance for SOA IBM WebSphere DataPower SOA Appliance Portfolio

- XML Accelerator XA35

- XML Security Gateway XS40

- Integration Appliance XI50

Easy Configuration SOA Appliance Operations Summary

IBM SOA

3

Business Centric SOA Starts with Your Most Critical Business Pain and Enables You to Build for Flexibility

Deliver trusted information in business context to enable innovation

Enable human and process interaction with consistent levels of service

Achieve greater efficiency and effectiveness with business model innovation

IBM SOA

4

And SOA Lifecycle Is The Key to Successful Projects

Integrate people Integrate processes Integrate information

Manage IT resources Manage services Monitor business metrics

Gather requirements Model & Simulate Design

Discover Construct & Test Compose

Sharing and reuse of services Establish decision rights Policies, measurement and

control for SOA oversight

IBM SOA

5

SOA Entry Points Help Customers Get StartedBoth Business Centric and IT Focused

1

23

45

IBM SOA

6

IBM’s acquisition of DataPower

Software

Skills &Support

An SOA Appliance…

WebSphere DataPower SOA Appliances redefine the boundaries of middleware extending the SOA Foundation with specialized,

consumable, dedicated SOA appliances that combine superior performance and hardened security for SOA implementations.

Simplifies SOA with specialized devices Accelerates SOA with faster XML throughputHelps secure SOA XML implementations

Creating customer value through extreme SOA performance and security

IBM SOA

7

DataPower Pre-IBM Overview Extensive Experience in XML Processing Optimization Seven Years in a Six Year Old Field Advantages: First to Market, Great Team, Deep Standards Involvement, Invented and Owns

Core XML Technology, Comprehensive product portfolio

150% Staff increase / Core DataPower Leadership team Intact / Global reach and expansion New improved hardware platform –IBM hardware combined with DataPower technology innovations New capabilities – WS-*, 3rd party JMS, NFS, XG4, WSDL compiler, XACML, more… Continued IBM Technology Integration – ITCAM for SOA, WebSphere JMS, WebSphere XD,etc

Post-Acquisition Innovation Continues

19991999 20002000 20012001 20022002 20032003 20042004 20052005 20062006 FEBFEB APRAPR JUNJUN AUGAUG OCTOCT

DGXTDGXTOptimalOptimalSoftwareSoftware

InterpreterInterpreter

XSLJITXSLJITOptimizedOptimizedSoftwareSoftwareCompilerCompiler

XG3XG3OptimizedOptimizedHardwareHardware

AccelerationAcceleration

XA35XA35World’s FirstWorld’s First

XMLXMLAcceleratorAccelerator

XS40XS40First WirespeedFirst Wirespeed

XML SecurityXML SecurityGatewayGateway

XG4XG4Gigabit/SecGigabit/Sec

OEM HWOEM HWSolutionSolution

XI50XI50IntegrationIntegrationApplianceAppliance

Acquired Acquired by IBMby IBM

Unprecedented Unprecedented GrowthGrowth

GlobalGlobalExpansionExpansion

NewNewIBMIBM

HardwareHardware

3.5.1 3.5.1 IT CAM for SOAIT CAM for SOA

33rdrd Party JMS Party JMS

WSDL Compiler, NFSWSDL Compiler, NFS

XG4XG4AvailableAvailable

3.63.6

DECDEC

VerticalVerticalSolutionsSolutions

IBM SOA

8

IBM SOA Appliance Deployment Summary

XMLXMLHTMLHTMLWMLWML

XMLXMLXSLXSL

InternetInternet

XA35XA35 ClientClient

ororServerServer

`XS40XS40

DataPower XS40

DataPower XS40

Tivoli Access Manager

WebSphere App Server

MQ Server

Web service client

Nortel L7 Module

Tivoli NetView

Tivoli Access

Manager------------Federated

Identity Manager

HTTP XML REQHTTP XML REQ

HTTP XML RESPONSEHTTP XML RESPONSE

Web Services Web Services ClientClient

LEGACY LEGACY REQREQ

LEGACY LEGACY RESP RESP

REPLY

Q

REPLY

Q

XI50XI50

IP FirewallIP FirewallInternetInternet

Web TierWeb Tier

SecuritySecurity

Integration & Management TiersIntegration & Management Tiers

Application ServerApplication Server

Application Server Web ServerApplication Server Web Server

DataPower XS40

DataPower XS40

Tivoli Access Manager

WebSphere App Server

MQ Server

Web service client

Nortel L7 Module

Tivoli NetView

DataPower XS40

DataPower XS40

Tivoli Access Manager

WebSphere App Server

MQ Server

Web service client

Nortel L7 Module

Tivoli NetView

DataPower XS40

DataPower XS40

Tivoli Access Manager

WebSphere App Server

MQ Server

Web service client

Nortel L7 Module

Tivoli NetView

ITCAM for SOA

IBM SOA

9

Deployment Scenarios

Pack

et

Filt

er

internaluser

XS40

Pack

et

Filt

er

Demilitarized Zone

Internetuser

Internet

Demilitarized Zone

Pack

et

Filt

er

Pack

et

Filt

er

SOAPenabled

enterpriseapplication

SOA platform

legacyenterprise

application

intranetInternetfederated extranet

XS40XS40

1. Helps protect against incoming attacks;

Incoming access control

3. Internalsecurity

2. Outgoing access control, SAML injection, role mappings

XI505. Legacy

transformation

XI50

4. Web servicesmanagement

IBM SOA

10

Why an Appliance for SOA

Hardened, specialized hardware for helping to integrate, secure & accelerate SOA

Many functions integrated into a single device Higher levels of security assurance certifications require hardware

- Example: government FIPS Level 3 HSM, Common Criteria

Higher performance with hardware acceleration- Impact: ability to perform more security checks without slow downs

Addresses the divergent needs of different groups- Example: enterprise architects, network operations, security operations, identity

management, web services developers

Simplified deployment and ongoing management- Impact: Reduces need for in-house SOA skills & accelerates time to SOA benefits

IBM SOA

11

Update application servers individually

Before SOA Appliances

Access control Access control updateupdate Change purchase Change purchase order schemaorder schema

TransformationTransformation

New XML standardNew XML standard

RoutingRouting

Security ProcessingSecurity Processing

Secure, route, transform all applications instantly

No changes to applications

After SOA Appliances

Route, transform, and help secure multiple applications without code changes

Lower cost and complexity Enable new business with unmatched performance

SOA Appliances Centralize and Simplify Key Functions

IBM SOA

12

IBM SOA Appliance Product Line

XML Accelerator XA35 Offload XML processing No more hand-optimizing XML

Integration Appliance XI50 “Any-to-Any” Conversion at Wirespeed Groundbreaking DOP architecture Integrated message-level security

XML Security Gateway XS40 Enhanced Security Capabilities Agility – helps future-proof Easy Deployment

IBM SOA

13

Wirespeed XML/XSLT/XPath processing – Accelerates XML processing, increasing throughput and decreasing latency for XML-based applications by offloading transformation and other resource-intensive functions

Schema Validation - Performs XML Schema validation to ensure incoming/outgoing XML documents are legitimate and properly structured

XML Compression, XML Caching – Reduces impact of increased XML traffic

Innovative XML Processing Capabilities -- XML Pipeline processing, deployable in Proxy or co-processor mode, dynamic content generation, data and forms processing, support for popular XSLT extensions

SSL Termination/Acceleration – Accelerates SSL with industry-leading hardware further lessening server workload

Easy Configuration & Administration - Support CLI and WebGUI as well as fully integrated with industry standard IDEs such as Altova XML Spy and Eclipse allowing developers to design, debug and deploy against one single XML and XSLT processor, saving valuable cycles in the progression from pilot to production

XML Accelerator XA35 Centralized XSLT Management Centralized XSLT Management

Offload XML ProcessingOffload XML Processing

IBM SOA

14

XML/SOAP Firewall - Filter on any content, metadata or network variables Data Validation - Approve incoming/outgoing XML and SOAP at wirespeed Field Level Security- WS-Security, encrypt & sign individual fields, non-repudiation XML Web Services Access Control/AAA - SAML, LDAP, RADIUS, etc. MultiStep - Sophisticated multi-stage pipeline Web Services Management - Service Level Management, Service Virtualization, Policy

Management Transport Layer Flexibility - HTTP, HTTPS, SSL Easy Configuration & Management - WebGUI, CLI, IDE and Eclipse Configuration

to address broad organizational needs (Architects, Developers, Network Operations, Security)

XML Security Gateway XS40 Easy to Use Appliance Purpose-BuiltEasy to Use Appliance Purpose-Built

for SOA Securityfor SOA Security

IBM SOA

15

DataGlue “Any-to-Any” Transformation Engine Content-based Message Routing

Message Enrichment Protocol Bridging (HTTP, MQ, JMS, FTP, etc)

Request-response and sync-async matching XML/SOAP Firewall - Filter on any content, metadata or network variables Data Validation - Approve incoming/outgoing XML and SOAP at wirespeed Field Level Security- WS-Security, encrypt & sign individual fields, non-repudiation XML Web Services Access Control/AAA - SAML, LDAP, RADIUS, etc. MultiStep - Sophisticated multi-stage pipeline Web Services Management – Centralized Service Level Management, Service

Virtualization, Policy Management Easy Configuration & Management - WebGUI, CLI, IDE and Eclipse Configuration to

address broad organizational needs (Architects, Developers, Network Operations, Security)

XML Integration Appliance XI50Middleware Appliance Purpose-Built forMiddleware Appliance Purpose-Built for

Application IntegrationApplication Integration

IBM SOA

16

Content-based Routing Features

Service Providers

IBM SOAAppliance

UnclassifiedRequests

Routing Policy

Route based on- IP information

- SSL parameters

- HTTP headers

- XPath against any data contente.g., XML/SOAP envelope

Load balancing- Round-robin

- Least requests

SLA/Traffic shaping- Throttle requests

IBM SOA

17

AAA Framework DiagramAuthenticate, Authorize, Audit Enforcement

Extract Identity

Extract Resource

Authenticate

AuthorizeAudit &

Accounting

SAMLWS-SecuritySSL client certHTTP Basic-Auth

SAML assertionNon-repudiationMonitoring

Web Service URISOAP op nameTransfer amount

XS40 AAA Framework

SOAP/XML

Message

SOAP/XML

Message

External Access Control Server or On-Board Policy

Map Credentials

Map Resource

IBM SOA

18

Web Services Management: Service Level Management

Configure and install in minutes Hierarchical Service Level at WSDL, service, port, operation level Flexible actions when reaching a threshold: notify/alert, shape, throttle Threshold for both overall requests and failures Graphical display

IBM SOA

19

Award-Winning WebGUI: Ease of Use

Ease of Use Example – Graphical User Interface providing drag and drop services, in order desired, for XML filtering, signing, verification, schema validation, encryption, decryption, transformation, routing, access control, service level monitoring, and advanced operations

WSDL-based policy creation Hierarchical policies applied at WSDL, service, port, operation level Drag & drop policy creation screen allows flexible chaining of operations Configure and install in minutes

IBM SOA

20

Simple Appliance Configuration for Complex Functionality

Fits into your existing environment Address broad organizational needs (Architects,

Developers, Network Operations, Security)

Complete Configuration from GUI or CLI interface

IT CAM SE – Multi-box management

IDE integration/Eclipse plug-in

XPath / XML config files

SNMP

SOAP management interface

IBM SOA

21

SOA Appliances Operations

Logging

Role-based Management

Managing configs & policy – Deploying, backing up, Diff/Undo, App domains: many virtual devices

Separate, locked audit log

Troubleshooting aids

Security – Device security, Key and Certificate management, HSM option, Security Audit, Single Image Firmware Upgrade

IBM SOA

22

Integration Across IBM

XI50 Ships with WebSphere MQ Support Auto-configure XML firewall by importing WebSphere service descriptors Tivoli Ready

- Fine-grained access control with Tivoli Access Manager (TAM) - Certified

- Tivoli Federated Identity Manager (FIM) Certified (SAML, WS-Trust) - Certified

- Monitoring of XML traffic flows with NetView

- End-to-end SOA Management with IT CAM for SOA

IBM Autonomic integration - Certified WSAD/Eclipse integration

- Rich console allows creation and monitoring of policies from within IDE

Futures- Integrated SOA tooling across the portfolio

- Continued investment in 3rd party (competitive middleware) integration & interop

IBM SOA

23

Summary – IBM SOA Appliances

Hardened, specialized product for helping integrate, secure & accelerate SOA Many functions integrated into a single device Broad integration with both non-IBM and IBM software Higher levels of security assurance certifications require hardware Higher performance with hardware acceleration Simplified deployment and ongoing management

http://www.ibm.com/software/integration/datapower/

Simplifies SOA with specialized devices Accelerates SOA with faster XML throughputHelps secure SOA XML implementations

SOA Appliances: Creating customer value through extreme SOA performance and security

IBM SOA

24

Thank You