websphere integration user group 13 july 2015 : datapower session
TRANSCRIPT
© 2015 IBM Corporation
IBM DataPower GatewaysOverview and Roadmap
Hugh EverettIBM Technical SalesIBM Manchester, [email protected]
© 2015 IBM Corporation33
DataPower Gateways …
3
IBM DataPower Gateways provide a low startup cost,
helping clients increase ROI and reduce TCO with
specialized, consumable, dedicated gateway appliances that
combine superior performance and hardened security in
physical and virtual form factors
INTEGRATE Systems of Engagement with Systems of Record
CONTROL & MANAGE Traffic and Service Level Agreements
SECURE Mobile, API, Web, SOA, B2B and Cloud Workloads
OPTIMIZE Data Delivery and User Experiences
CONSOLIDATE & Simplify Infrastructure Footprint
© 2015 IBM Corporation4
• Used by 95% of top global insurances firms
• SaaS providers, ASPs, regulators, etc.
• Agencies and ministries• Defense and security organizations• Crown corporations
Insurance
Government
Banking
• Healthcare• Retailers• Utilities, Power, Oil and Gas• Telecom• Airlines• Others
Many, many, more
• Majority of the big US and European banks
• All of the big 5 Canadian banks• Numerous regional banks and credit
unions
DataPower GatewaysOver 14 years of innovation & over 2,000 global installations
© 2015 IBM Corporation5
5
Business & IT Trends
• Enterprises are exposing new electronic channels, to serve:
• Customer (web and mobile apps)
• Employee (web and mobile apps)
• Partners (B2B)
• Developers (APIs)
• Focus on demands of Systems of Engagement for scale,
responsiveness, control & security for accessing System of Records
• Virtualized data centers & cloud deployments are the new norm
• Fragmented “edge” capabilities create operational complexity
• Threat protection, traffic management, protocol mapping,
transformation, caching, authentication & authorization (AAA), single
sign-on, metering and analytics, optimization
© 2015 IBM Corporation6
B2B Gateway
API Gateway
API Gateway
Single Policy-driven & Extensible Security & Integration Gateway
ConnectivityControl &
Visibility
Advanced Access Security
Advanced Threat Protection
PerformanceOptimization
Data Security
DataPower Gateway
(Physical or virtual)DataPower Gateway
(Physical or virtual)
Runtime security enforcement | Traffic control & monitoring | Integration | Optimization
Web Access
Management
Web
Servers
On-demand Router
WebSphere VE
WAS NDLoad Balancer
ADC
Yesterday
Today
Internet
Internet
Mobile/API Gateway
Web Application
Firewall
Consolidate the Edges
Apps, Services, Middleware,
z System
Apps, Services, Middleware,
z System
SOA / ESB Gateway
B2B Gateway
© 2015 IBM Corporation7
Enterprise
Applications
and Systems
DEVELOPERSPARTNERS CONSUMERS
EMPLOYEES
WEBMOBILEB2B SOA APIS
PARTNERS
DEVELOPERS
Business
Channels
Users
Security &
Control
Solutions
CLOUD
ALLCONSUMERS
EMPLOYEES
Converged, Multi-Channel Gateway for Edge ProcessingReduce cost + improve security & control
Gateway services in
Cloud
Virtual appliance in
Public & Private Cloud Physical appliance
z SystemMiddleware
ESBApplication Service
© 2015 IBM Corporation8
Simple Architecture: Firmware + purpose built hardware
Guiding philosophy is to centralize common security,
integration, control, and traffic management functions
and optimize them in a security-hardened appliance
Simple and Secure Platform Architecture
Display
Ports
database
config
App
Server
config
Apache
HTTPD
config
JVM
config
Proprietary
Software
config
Linux Daemons
configJSP
Engineglibclibxml
Full Linux OS
(including shells and user accounts)
config
Bootable
CDROM
Drive
Bootable
USB
Ports
Hardware
Commodity Gateways
config
Hardware
DataPower Gateway
Digitally Signed and Encrypted
Firmware
Flash
Memory
Crypto
Acceleration
IBM Optimized Embedded Operating Environment
Purpose-built Gateways
© 2015 IBM Corporation9
Purpose-Built API Gateway for Microservices Architecture
Trusted Platform Module
(TPM)
Hardware Accelerated
Crypto Card
No DVD/CD Drives &
Working USB Ports
Intrusion Detection
Switch
HSM Module for FIPS
140-2
Signed & Encrypted
Firmware
Secured & Optimized
XSLT & JavaScript
CompilerEncrypted Flash
Storage
© 2015 IBM Corporation10
IBM DataPower Gateway Appliances are the industry-leading
Security & Integration gateways that help provide security, integration, control
and optimized access to a full range of
Mobile, Web, API, SOA, B2B, & Cloud workloads
Common Use Cases
Internet Trusted Domain
Consumer
Application or Service
DMZ
Trading partners
1 Mobile Gateway
2 API Gateway
3 Web Gateway
4 B2B Partner Gateway
5 SOA & API Gateway
6 ESB / Integration Gateway
7 Internal Security Enforcement
8 Web Services Governance & Management
9 Legacy Integration
Consumer
Middleware
z System
DataPower Gateway DataPower Gateway
© 2015 IBM Corporation11
Features
Before DataPower Gateway After DataPower Gateway
Control
Integrate
Optimize
SecureConsumer
Consumer
Consumer
Consumer
Simplify, offload & centralize critical functions
Integrate
Any-to-any message
transformation
Transport protocol
bridging
Message enrichment
Database connectivity
Mainframe connectivity
B2B trading partner
connectivity
Control OptimizeSecure
SSL / TLS offload
Hardware accelerated
crypto operations
JSON, XML offload
JavaScript, JSONiq, XSLT,
XQuery acceleration
Response caching
Intelligent load
distribution
Service level management
Quota enforcement, rate
limiting
Message accounting
Content-based routing
Failure re-routing
Integration with
management & visibility
platforms
Authentication,
authorization, auditing
Security token translation
Threat protection
Schema validation
Message filtering &
semantics validation
Message digital signature
Message encryption
© 2015 IBM Corporation12
Modules
ISAM Proxy Module User access control, session
management, web SSO enforcement
Advanced mobile security: mobile
SSO, context-based access, one-
time password, multi-factor authn
Integration with ISAM for Mobile
Application Optimization
Module Frontend self-balancing
Backend intelligent load distrib’n (ADC)
Session affinity
z Sysplex Distributor integration
Integration
Module Any-to-Any message transformation
Database connectivity
Mainframe IMS connectivity
B2B Module B2B DMZ gateway
EDIINT AS1,AS2,AS3,ebXML
Partner profile management
B2B transaction viewer
Any-to-Any message transformation
Database connectivity
TIBCO EMS
Module Integrate with TIBCO EMS
messaging middleware
Support for queues & topics
Load balancing & fault-tolerance
IBM DataPower Gateway (Base)
Secure Authentication, authorization
Security token translation
Service / API virtualization
Threat protection
Message validation
Message filtering
Message digital signature
Message encryption
AV scanning integration
Integrate Transport protocol bridging
Message enrichment
Message transformation &
processing using JavaScript,
JSONiq, XQuery, XSLT
Mainframe integration &
enablement
Flexible pipeline message
processing engine
Control & Manage Service level management
Quota & rate enforcement
Content-based routing
Message accounting
Integration w/ management &
visibility platforms including
IBM API Management &
WSRR for policy enforcement
Optimize & Offload SSL / TLS offload
Hardware accelerated crypto*
JSON, XML offload
JavaScript, JSONiq, XSLT,
XQuery acceleration
Local response caching
Distributed caching with WXS
or XC10
Backend load balancing
2U Physical or Virtual Edition
Single, modular & extensible platform (2 of 2)
© 2015 IBM Corporation13
Deployment options
Purpose-built, DMZ-ready appliances provide physical security
High density 2U rack-mount design
8 x 1 and 2 x 10 GbE ports
Cryptographic acceleration card
Trusted platform module
Customized intrusion detection
Optional HSM (FIPS 140-2 Level 3 certified)
Virtual appliances provide deployment flexibility
Support multiple hypervisors and cloud environments
− VMware
− Citrix XenServer
− IBM PureApplication System (x86 nodes)
− IBM PureApplication Service on SoftLayer (x86 nodes)
− IBM SoftLayer bare metal instances using supported hypervisors
VirtualPhysical
© 2015 IBM Corporation14
Virtual Edition
DataPower gateway functionality in virtual appliance form
factor to rapidly secure, integrate, control & optimize
access to Mobile, API, Web, SOA & B2B workloads in
hypervisor & clouds platforms
Use for development, test or production
Supports multiple hypervisor & cloud platforms
VMware
Citrix XenServer
IBM PureApplication System W1500/W2500
IBM PureApplication Service on SoftLayer (x86)
IBM SoftLayer bare metal instances on x86 nodes
Seamless configuration migration between physical
and virtual appliances
Utilizes the same industry-proven & purpose-built
platform including an embedded, optimized DataPower
Operating System, that powers the physical appliances
x86 Server
Delivers purpose-built, highly
consumable Security &
Integration Gateway functionality
in virtual appliance form factor for
cloud deployments
© 2015 IBM Corporation15
DataPower’ing IBM Bluemix!!!
• Security
• Control
• Filtering
• Content-Based Routing
• Load balancing
• Monitoring and Logging
Mobile
client
Bluemix
Tooling
VM
Application
Manager
AppApp
AppApp
ServiceService
ServiceService
Open Stack
External
ServiceExternal
Services
Internet
Did you know?
DataPower is trusted as theexclusive gateway for Bluemix,
IBM’s global Platform as a Service
© 2015 IBM Corporation17
GatewayScript: A JavaScript runtime that is
secured, optimized and tuned for the gateway
environment to simplify configuration for developers
and provide an easier development paradigm for
Mobile, Web, & API
New Virtual Edition for Developers provides a low
cost, per user pricing, and easy to use gateway for
developers
Support for Citrix XenServer hypervisor provides
additional deployment flexibility on-premise & cloud
deployments
WebSocket Proxy support enables full-duplex, bi-
directional, & low-latency communication for Mobile
& Web applications, Internet of Things
Improved security & traffic control functionality in
support of IBM API Management offering
Highlights of DataPower v7.0
GatewayScript
Released
June 2014
© 2015 IBM Corporation18
• Secure JavaScript Processing Policy Action for manipulating Mobile, Web, API traffic
• Focuses on the “Developer” experience, with familiar and friendly constructs and APIs
• Why JavaScript
– Popular scripting language
– Large ecosystem
– Fast moving community driven
– Client & Server-side, now Gateway too
• New GatewayScript Processing Policy Action
– Transformation style processing policy action
– Access to gateway functions through APIs
• Attributes of GatewayScript
– Secure: transaction isolation, code injection protection, short lived execution, small footprint
– Manipulate with ease JSON and binary data. Implement your own format handling
– Performant
• Compiler technology & native execution. Leverages common infrastructure with XSTL
• Ahead of time compilation with caching, not single threaded
– Flexible and Modular
• Fully CommonJS Module compliant
• Port community developed feature and function where beneficial
GatewayScript Action
GatewayScript™
© 2015 IBM Corporation19
Highlights of IBM DataPower Gateway & V7.1
Single multi-channel gateway platform to secure & optimize
delivery of mobile, API, web, SOA, B2B, cloud apps, and
integrate with IBM MobileFirst & WebSphere platforms
Integrates industry-proven access enforcement capabilities of
IBM Security Access Manager into the DataPower platform,
available as add-on ISAM Proxy Module
IBM DataPower Gateway is the new name of a consolidated,
extensible & modular platform
Converges three existing products, XG45 / XI52 / XB62, into a
single modular offering
Physical appliance uses purpose-built latest generation
hardware platform to provide increased performance & capacity
Virtual appliance runs on VMware & Citrix XenServer
hypervisors and cloud platforms that support them
Easy-to-use & secure B2B integration capabilities, formerly on
XB62 appliances only, available as add-on B2B Module
Enable authentication from internet consumers & Non-Microsoft
consumers to Microsoft systems with Kerberos S4U2Self
support
© 2015 IBM Corporation20
New Cloud Offerings
Secure Gateway for Bluemix
Applications
Easier DevOps with new REST API
Secure. Integrate. Control. Optimize.
GatewayScript Enhancements
Robust Platform Security
7.2 Features
Deploy DataPower Gateways on Amazon
EC2 and SoftLayer CCI to provide
enhanced cloud elasticity for cloud
workloads.
Enhanced hybrid cloud integration to
securely connect between IBM Bluemix
applications and on-premise services
protected using DataPower Gateways
Protect mission-critical applications from
security vulnerabilities with enhanced TLS
protocol support using Elliptic Curve
Cryptography, Server Name Indication, and
Perfect Forward Secrecy
New REST-based management API to build
deployment and automation scripts, enabling
easier devops for continuous software
delivery and quicker problem resolution.
Enhanced Mobile and API security
Easily transform between XML and JSON
messages to quickly integrate System of
Records data sources with Systems of
Engagement interfaces
Increased mobile and API security for
protecting mission-critical transactions with
JSON Encryption, JSON Signature, JSON
Key, and JSON Token
Available
June 19th, 2015
Announce
May 26th, 2015
© 2015 IBM Corporation21
IBM API Management: One Integrated Platform
design, secure, control, publish, monitor & manage APIs
Explore API documentation
Provision application keys
Self-service experience
Developer Portal API Manager Management Console
Define and manage APIs
Explore API usage with analytics
Manage API user communities
Provision system resources
Monitor runtime health
Scale the environment
API Gateway (IBM DataPower)
Enforce runtime policies to control API traffic
© 2015 IBM Corporation22
Integrated capabilities for Web and MobileConsolidated infrastructure with simpler topology & reduced TCO
Internet
Application
Server
Cluster
WAS ND,
MobileFirst,
Commerce,
Portal,
Process
Server
DataPower
Appliances
WebSphere
Extreme Scale
1
2
3
4
High availability
application gateway
Replacing existing
load balancers with
optional embedded
ADC module
Out-of-the-box WAS proxy
•Intelligent load balancing for WAS ND clusters without additional servers
•Application-specific optimized routing &
session affinity
Enhanced caching capabilities
On-the-box cache with user-friendly
policy control and optional distributed
caching with seamless WXS integration
Gateway
Web Application Gateway
Application security capabilities for simplicity, improved performance
and scalability modules; Protection from zero day and OWASP Top 10
attacks with optional Web Application Firewall module and optional
ISAM module to provide Web Access Mgmt
© 2015 IBM Corporation24
What is ISAM for DataPower Module?
• ISAM for DataPower module provides the reverse proxy component that is
available on ISAM for Web and ISAM for Mobile appliances
ISAM
Module
DataPower
Base Appliance
• Reverse Proxy
IBM SecurityAccess Managerfor Mobile
• Context based Access (CBA)
• One-time Password (OTP) / Multi-factor Authentication (MFA)
• Advanced Security
IBM SecurityAccess Managerfor Web
• Load Balancer
• Protocol Analysis Module (PAM)
ISAM for Web was formerly known as Tivoli Access Manager for E-Business (TAMeb)
© 2015 IBM Corporation25
SSL OffloadThreat Protection
Rate Limiting / SLA EnforcementValidation, Filtering
AuthenticationAuthorization
Context-based AccessMobile SS0
Security Token TranslationMessage TransformationContent-Based Routing
Intelligent Load DistributionResponse Caching
Middleware / ESB, Legacy Apps
Apps, Services
Rapidly Connect Mobile Apps with Enterprise ServicesSecurely expose enterprise data & APIs to Mobile Apps while optimizing delivery
IBM DataPower Gateway
ISAM Module
/apimanagement
Native, Hybrid, Mobile Web
© 2015 IBM Corporation28
REST
1
5
3
2 4
Client
Provider
Improve Response
Time
Imp
roved
Lo
ad
DataPower
Large Response Time
WebSphere Extreme Scale (WXS)
http://www-01.ibm.com/support/docview.wss?uid=swg21697033
1. Client submits application request.
2. DataPower parses request and queries WXS. On a hit, skip to step 5.
3. On a miss, DataPower forwards request to target Provider.
4. DataPower adds application response to WXS.
5. Client receives response from DataPower.
Response Caching Integration with WXS
© 2015 IBM Corporation31
DataPower on GitHub Repository of DataPower related tools & collateral
Open source
Community driven: Use, collaborate, contribute
http://ibm-datapower.github.io/
DataPower Configuration Manager Tool for DataPower configuration management & migration
Standalone command line or IBM UrbanCode Deploy plugin
https://github.com/ibm-datapower/datapower-configuration-manager
https://github.com/ibm-datapower/datapower-configuration-manager/wiki/Easy-On-Ramp
DPXMLSH Bash script / shell library for working with DataPower’s XML Management interface
Interactive & scripted use
https://github.com/ibm-datapower/datapower-xml-shell
© 2015 IBM Corporation34
DataPower Roadmap
SecurityOpenID Connect
Web Application Firewall
Advanced AU/AZ (ISAM)
Network HSM support
IntegrationDFDL
Raw TCP/IP Socket
3rd Party JMS
ControlEnhanced SLA / rate limiting
Layer4 load balancing
Layer7 self balancing
OOTB Monitoring
OptimizationDistributed caching
GatewayScript streaming
Intelligent compression
Web performance optimization
APIDynamic policy support
Advanced security enforcement
Advanced control, optimization
Robust analytics data handling
B2BAS4
Connect:Direct
Translucent FTP Proxy
User ExperienceNextGen UX
GatewayScript IDE Support
GatewayScript Debugging
Cloud / PlatformMulti-tenancy
Amazon EC2
DPaaS
KVM
MobileMobileFirst integration
Dynamic policy support
Advanced SICO* enforcement
MQTT
* Security, integration, control, optimization
© 2015 IBM Corporation35
GatewayServices
Public/Private Cloud
1. Enable Virtual Gateways to run in public &
private clouds– IBM & Non-IBM platforms
• SoftLayer, Bluemix, PureApplication System, z System
• Amazon EC2, VMware vCloud, Microsoft Azure
– Support relevant hypervisors including VMWare, Xen, KVM,
Hyper-V
– BYOL, PAYG licensing models
Gateway as a Service
IBM Cloud
2. Enable Gateway as a Service in IBM Cloud– Provided as a built-in & integrated component of the
platform
– Evaluation Center with pre-built Integrations for Try and Buy
– BYOL, PAYG licensing model
3. Enable Gateway Services in IBM Cloud and
in Containers“DataPower Containers Everywhere” (Docker / LXC )
– Provided as a built-in & integrated component of the
platform & Catalog
– Granular gateway capabilities
– PAYG licensing models
Gateway Services
IBM CloudSoftLayer, Bluemix, PureApplication
DataPower Cloud Gateway Edition
© 2015 IBM Corporation36
Hybrid cloud integration using Secure Gateway Service
• Enhanced hybrid cloud integration
using Secure Gateway service to
securely connect between IBM
Bluemix applications and on-premise
services protected using DataPower
Gateways– Quickly setup connectivity without
making enterprise firewall changes
while still allowing controlled access
from cloud services
– Supports multiple gateways instances,
load balancing and fault tolerance
– Manage and monitor gateway
instances and usage
Bluemix
On Premise
Datacenter
ServicesRuntimes
New
© 2015 IBM Corporation37
• DataPower device is partitioned into multiple independent environments:– Isolation of test environments
– Isolation of business concerns
– Improve utilization
• Full isolation achieved using a hardware optimized DataPower Hypervisor– Maintains model of trust chain established down to the hardware
– Resources are capped within each partition
3
7
Multi-Tenant Appliances
DataPower Appliances
Appliance is partitioned into multiple segments, each is independent and isolated
© 2015 IBM Corporation39
Getting Social with IBM DataPower Gateways
DataPower on Slideshare LinkedInIBM DataPower Gateway Group
developerWorks BlogYouTubeIBM DataPower Gateway Channel
Twitter@IBMGateways
Online User Forum
• YouTube Channel: IBM DataPower Gateways
• Slideshare: IBM DataPower Gateway
• Twitter: @IBMGateways
• LinkedIn Group: IBM DataPower Gateway
• developerWorks blog: IBM DataPower Gateway
• GitHub: IBM DataPower Gateway
• Online User Forum
• Product page on ibm.com
• Product documentation
© 2015 IBM Corporation40
Available Now: DataPower Handbook, Second Edition, Volume 1
Known as the ‘bible’ of
DataPower planning,
implementation, and
usage.
New content to cover
previous six years of new
products/features,
including 9006/7.1!
Volume 1 consists of
Chap 1 DataPower Intro,
Chap 2 Setup Guide, new
Preface and two
invaluable new
appendices for physical
and virtual appliances.
Available in softcover and e-book formats
© 2015 IBM Corporation43
Simple Architecture: Purpose-built firmware + hardware
Complete gateway platform delivered as firmware
Guiding philosophy is to centralize common security,
integration, control, traffic management, acceleration
functions and optimize them in a security-hardened
gateway appliance
Simple and Secure Architecture
Display
Ports
database
config
App
Server
config
Apache
HTTPD
config
JVM
config
Proprietary
Software
config
Linux Daemons
configJSP
Engineglibclibxml
Full Linux OS
(including shells and user accounts)
config
Bootable
CDROM
Drive
Bootable
USB
Ports
Hardware
Commodity Gateways
config
Hardware
DataPower Gateway Platform
Digitally Signed and Encrypted
Firmware
Flash
Memory
Crypto
Acceleration
IBM Optimized Embedded Operating Environment
Purpose-built Gateways
© 2015 IBM Corporation4444
Configuration-driven approach speeds time to market
• Enforce security standards with zero coding
• Uses intuitive pipeline message processing
• Import/export configurations between
environments
• Transaction probe shows message content
between actions for debugging
44
© 2015 IBM Corporation45
(2U Physical, Virtual Edition)
ISAM Proxy
Module
Integration Module
B2B Module
AO Module
TIBCO EMS
Module
IBM DataPower Gateway is the new name of a consolidated, extensible & modular platform Converges three existing products, XG45 / XI52 / XB62, into a single modular offering
Available in physical and virtual form factor
Physical Appliance 2U rack mount appliance using latest generation hardware platform
Two base editions: Non-HSM and HSM (FIPS 140-2 Level 3 certified)
Each software module is licensed separately
Virtual Edition Three editions: Developer, Non-Production, Production
Developer includes all software modules at no additional cost, except TIBCO EMS
Non-Production includes all software modules at no additional cost, except TIBCO EMS & ISAM Proxy
Production: Each software module is licensed separately
Supports V7.1
& above
All software modules
are field upgradeable
Single, modular & extensible platform
© 2015 IBM Corporation46
CapabilitiesRapidly deliver secure integration & optimized access for a full range of workloads
• Secure & protect your back-end systems from
harmful workloads and unauthorized users & apps
• Convert payloads, bridge transports and connect
to existing services at wire-speed
• Limit & shape traffic based on service level
agreements, and route based on message content
• Improve response times, reduce load on
backend systems and intelligently distribute load
Secure
Control
Integrate
Optimize
Before DataPower Gateway After DataPower Gateway
Control
Integrate
Optimize
SecureConsumer
Consumer
Consumer
Consumer
© 2015 IBM Corporation47
SSL OffloadThreat Protection
Rate Limiting / SLA EnforcementValidation, Filtering
Authentication, AuthorizationContext-based Access, Mobile SS0
Security Token TranslationMessage TransformationContent-Based Routing
Intelligent Load DistributionResponse Caching
Connect Mobile Apps with Enterprise ServicesSecurely expose enterprise systems & APIs to Mobile Apps while optimizing delivery
© 2015 IBM Corporation48
• Data format & language– JavaScript‒ JSON ‒ JSON Schema ‒ JSONiq ‒ REST ‒ SOAP 1.1, 1.2 ‒ WSDL 1.1 ‒ XML 1.0 ‒ XML Schema 1.0 ‒ XPath 1.0 ‒ XPath 2.0 (XQuery only) ‒ XSLT 1.0 ‒ XQuery 1.0
• Security policy enforcement‒ OAuth 2.0 ‒ SAML 1.0, 1.1 and 2.0, SAML Token
Profile, SAML queries ‒ XACML 2.0 ‒ Kerberos (including S4U2Self, S4U2Proxy)
‒ SPNEGO ‒ RADIUS‒ RSA SecurID OTP using RADIUS ‒ LDAP versions 2 and 3 ‒ Lightweight Third-Party Authentication‒ Microsoft Active Directory ‒ FIPS 140-2 Level 3 (w/ optional HSM)‒ FIPS 140-2 Level 1 (w/ certified crypto module)
‒ SAF & IBM RACF® integration with z/OS ‒ Internet Content Adaptation Protocol‒ W3C XML Encryption ‒ W3C XML Signature ‒ S/MIME encryption and digital signature ‒ WS-Security 1.0, 1.1 ‒ WS-I Basic Security Profile 1.0, 1.1 ‒ WS-SecurityPolicy ‒ WS-SecureConversation 1.3
DataPower Gateway: Supported standards & protocols• Transport & connectivity
– HTTP, HTTPS, WebSocket Proxy– FTP, FTPS, SFTP – WebSphere MQ– WebSphere MQ File Transfer Edition – TIBCO EMS – WebSphere Java Message Service– IBM IMS Connect, & IMS Callout– NFS – AS1, AS2, AS3, ebMS 2.0, CPPA 2.0,
POP, SMTP (XB62) – DB2, Microsoft SQL Server, Oracle,
Sybase, IMS
• Transport Layer Security‒ TLS versions 1.0, 1.1, and 1.2‒ SSL versions 2 and 3
• Public key infrastructure (PKI)‒ RSA, 3DES, DES, AES, SHA, X.509,
CRLs, OCSP ‒ PKCS#1, PKCS#5, PKCS#7, PKCS#8,
PKCS#10, PKCS#12‒ XKMS for integration with Tivoli Security
Policy Manager (TSPM)
• Management‒ Simple Network Management Protocol‒ SYSLOG ‒ IPv4, IPv6
• Open File Formats‒ Distributed Management Task Force
(DMTF) Open Virtualization Format (OVF)
‒ Virtual Machine Disk Format (VMDK)‒ Virtual Hard Disk (VHD)
Link to Product Documentation
• Web services– WS-I Basic Profile 1.0, 1.1 – WS-I Simple SOAP Basic Profile – WS-Policy Framework – WS-Policy 1.2, 1.5 – WS-Trust 1.3 – WS-Addressing – WS-Enumeration – WS-Eventing – WS-Notification – Web Services Distributed Management– WS-Management – WS-I Attachments Profile – SOAP Attachment Feature 1.2 – SOAP with Attachments (SwA) – Direct Internet Message Encapsulation– Multipurpose Internet Mail Extensions– XML-binary Optimized Packaging (XOP) – Message Transmission Optimization
Mechanism (MTOM) – WS-MediationPolicy (IBM standard) – Universal Description, Discovery, and
Integration (UDDI versions 2 and 3), UDDI version 3 subscription
– WebSphere Service Registry and Repository (WSRR)
© 2015 IBM Corporation4949
2000
2001
2002
20032004
2005
2006
2007
20082009
20102011
Gigabit/Sec
HW Solution
Acquisition
ITCAM for SOA
(Transaction Monitoring)
Model 9235
(aka 9004)
Model 7993
(aka 9003)
WebSphere
Transformation Extender
XA35
XS40
XI50
XB60
2012
XG45,
XI52 & XB62
XI50B Blade
WebSphere Appliance
Management Center
Optimized
Interpreter and
Compiler
Optimized
Hardware
Acceleration
20132014
Application Optimization
(Self-Balancing & Intelligent
Load Distribution)
XI50z Blade
Virtual Edition(VMware)
Virtual Edition(PureApplication System)
Virtual Edition(for Developers + XenServer)
Optimized & secure JavaScript
Multi-channel Gateway
Consolidated Gateway Platform
ISAM Proxy Module
Over 14 years of innovation & 2000+ global installations
IBM DataPower
Gateway
© 2015 IBM Corporation50
The adoption of cloud, analytics, mobile, and social computing
is forcing organizations to open IT assets to new business
channels
…and challenging them to rethink the way they have traditionally approached security & control
Between 2005
and 2020, the
amount of data
in the world will
grow 300X, from
130 to 40,000
exabytes.
81% of adults
use personally
owned mobile
devices for
conducting
business
70% of
employees are
engaged in
social
activities both
internally and
externally
73% of
organizations
discovered
cloud usage
outside of IT
or security
policies