whats new in data power
TRANSCRIPT
© 2015 IBM Corporation
What’s New in IBM DataPower Gateway
Ozair Sheikh, Senior Product Manager IBM DataPower Gateways
Arif Siddiqui, Principal Product Manager IBM DataPower Gateways & API Economy
2
Agenda
DataPower Gateway Overview Recent Releases What’s New in DataPower Gateway & V7.1 Q&A
3 3
DataPower Gateways …
3
IBM DataPower Gateways provide a low startup cost, helping clients increase ROI and reduce TCO with
specialized, consumable, dedicated gateway appliances that combine superior performance and hardened security in
physical and virtual form factors
INTEGRATE Systems of Engagement with Systems of Record
CONTROL & MANAGE Traffic and Service Level Agreements
SECURE Mobile, API, Web, SOA, B2B and Cloud Workloads
OPTIMIZE Data Delivery and User Experiences
CONSOLIDATE & Simplify Infrastructure Footprint
4
Gateway for the Multi-channel Enterprise
Single security and integration gateway platform to provide security, integration, control & optimized access to a full range of Mobile, API, Web, SOA, B2B, & Cloud workloads
B2B
Simplify mobile security with single, purpose-built gateway; control mobile traffic and accelerate delivery
Web Simplify web security with single, purpose-built gateway; control traffic and accelerate delivery for intranet and internet web applications
Cloud DataPower gateway functionality in a virtual appliance form factor, supports multiple hypervisor & cloud environments
IBM DataPower Gateway API
Easily secure, control, publish, monitor & manage your APIs
SOA Secure, integrate, control &
manage SOA workloads in the DMZ and Trusted zones
Extend Connectivity & Integration beyond the enterprise with DMZ-ready B2B edge capabilities
Mobile
5
IBM DataPower Gateway Appliances are the industry-leading Security & Integration gateways that help provide security, integration, control
and optimized access to a full range of Mobile, Web, API, SOA, B2B, & Cloud workloads
Common Use Cases
Internet Trusted Domain
Consumer
Application or Service
DMZ
Trading partners
1 Mobile Gateway
2 API Gateway
3 Web Gateway
4 B2B Partner Gateway
5 SOA & API Gateway
6 ESB / Integration Gateway
7 Internal Security Enforcement
8 Web Services Governance & Management
9 Legacy Integration
Consumer
Middleware
z System
DataPower Gateway DataPower Gateway
6
IBM API Management: One Integrated Platform design, secure, control, publish, monitor & manage APIs
Explore API documentation
Provision application keys
Self-service experience
Developer Portal API Manager Management Console
Define and manage APIs
Explore API usage with analytics
Manage API user communities
Provision system resources
Monitor runtime health
Scale the environment
API Gateway (IBM DataPower)
Enforce runtime policies to control API traffic
7
Features
Before DataPower Gateway After DataPower Gateway
Control
Integrate
Optimize
Secure Consumer
Consumer
Consumer
Consumer
Simplify, offload & centralize critical functions
Integrate Any-to-any message
transformation
Transport protocol bridging
Message enrichment
Database connectivity
Mainframe connectivity
B2B trading partner connectivity
Control Optimize Secure SSL / TLS offload
Hardware accelerated crypto operations
JSON, XML offload
JavaScript, JSONiq, XSLT, XQuery acceleration
Response caching
Intelligent load distribution
Service level management
Quota enforcement, rate limiting
Message accounting
Content-based routing
Failure re-routing
Integration with management & visibility
platforms
Authentication, authorization, auditing
Security token translation
Threat protection
Schema validation
Message filtering & semantics validation
Message digital signature
Message encryption
8
Deployment options
Purpose-built, DMZ-ready appliances provide physical security High density 2U rack-mount design 8 x 1 and 2 x 10 GbE ports Cryptographic acceleration card Trusted platform module Customized intrusion detection Optional HSM (FIPS 140-2 Level 3 certified)
Virtual appliances provide deployment flexibility Support multiple hypervisors and
cloud environments − VMware − Citrix XenServer − IBM PureApplication System (x86 nodes) − IBM PureApplication Service on
SoftLayer (x86 nodes) − IBM SoftLayer bare metal instances
using supported hypervisors
Virtual Physical
9
Purpose-built hardware provides physical security • Sealed, tamper-evident case
• No usable USB, VGA, other ports
• Intrusion detection switch
• Trusted Platform Module
• Encrypted flash drive
• FIPS 140-2 level 3 Hardware Security Module (option) for secure storage of private keys
Hardened firmware provides platform security for physical & virtual gateways
• Single signed and encrypted firmware by IBM
• No arbitrary software
• Optimized, embedded operating system
• High assurance, “locked-down” configuration
• Key materials are not exportable from the appliance *
Enterprise grade security requires a secure platform
10
Virtual Edition DataPower gateway functionality in virtual appliance form
factor to rapidly secure, integrate, control & optimize access to Mobile, API, Web, SOA & B2B workloads in hypervisor & clouds platforms
Use for development, test or production
Supports multiple hypervisor & cloud platforms
VMware Citrix XenServer IBM PureApplication System W1500/W2500 IBM PureApplication Service on SoftLayer (x86) IBM SoftLayer bare metal instances on x86 nodes
Seamless configuration migration between physical
and virtual appliances Utilizes the same industry-proven & purpose-built
platform including an embedded, optimized DataPower Operating System, that powers the physical appliances
x86 Server
Delivers purpose-built, highly consumable Security & Integration Gateway functionality in virtual appliance form factor for cloud deployments
11
Virtual Edition Benefits Deployment flexibility and elasticity – “Right size” the
deployment, quickly deploy where needed, & rapidly scale Workload isolation - Projects can use their own instances Unbounded memory scalability - Memory can be added
to instances without additional licensing Low cost for Dev & Test environments - Developers &
Non-Production versions include add-on software modules at no additional charge
Free disaster recovery - Warm or cold backup without
additional licenses when licensed for Production Flexible licensing and entitlement
Sub-capacity licensing Monthly licensing option Entitlement to future product versions at no
additional charge with active maintenance (S&S)
x86 Server
Delivers purpose-built, highly consumable Security & Integration Gateway functionality in virtual appliance form factor for cloud deployments
12
• Used by 95% of top global insurances firms
• SaaS providers, ASPs, regulators, etc.
• Agencies and ministries • Defense and security organizations • Crown corporations
Insurance
Government
Banking
• Healthcare • Retailers • Utilities, Power, Oil and Gas • Telecom • Airlines • Others
Many, many, more
• Majority of the big US and European banks
• All of the big 5 Canadian banks • Numerous regional banks and credit
unions
DataPower Gateways Over 14 years of innovation & over 2,000 global installations
13
DataPower’ing IBM Bluemix!!! • Security • Control • Filtering • Content-Based Routing • Load balancing • Monitoring and Logging
Mobile client
Bluemix Tooling
VM
Application Manager
App App
App App
Service Service
Service Service
Open Stack
External Service External
Services
Internet
Did you know? DataPower has been trusted to be the exclusive gateway
for Bluemix, IBM’s global Platform as a Service
14
Agenda
DataPower Gateway Overview Recent Releases What’s New in DataPower Gateway & V7.1 Q&A
15
Provides the API gateway functionality for IBM API Management
Quick integration with IBM Worklight to secure mobile web traffic
Improved REST services handling with native JSON support including schema validation & query, extract, filter & transform through JSONiq
New XML data query, extraction & manipulation support with XQuery 1.0
Enhanced security with new OAuth 2.0 capabilities, new support for Kerberos constrained delegation (S4U2Proxy), and TLS 1.1/1.2
Improved WS-MediationPolicy consumption from WSRR & SLAs for non-SOAP traffic
Embedded On-Demand Router functionality for WAS ND environments
Optimized application delivery with response caching on-the-box & seamless integration with elastic caching XC10 appliances
New System z integration capabilities allowing IMS transactions to easily consume external web services & easy consumption of IMS data as a service
Simple ability to create & deploy common DataPower configuration patterns
Highlights of DataPower v6.0 Released June 2013
16
Adds Application Optimization (optional add-on module) on XB62 Support for self-balancing and intelligent load distribution Eliminate load balancing hops - reducing cost & complexity + improving scalability & performance
Empowers XB62 to provide API gateway functionality for IBM API Management solution Enables a converged solution for B2B and API management gateways
NIST SP800-131a security standard compliance + FIPS 140-2 Level 1 certified cryptography
module Enables U.S. Federal & Public sector customers to meet government mandated security standard Supported on both physical & virtual appliances
Enhanced support for Web, Mobile & REST workloads
Enhanced Configuration Pattern Console
Improved error handling and description Adds version support for configuration patterns
Important Note: This firmware is not supported on 9004 appliances, i.e. XS40, XI50 or XB60
Links:
Release Notes: http://pic.dhe.ibm.com/infocenter/wsdatap/v6r0m1/index.jsp?topic=%2Fcom.ibm.dp.xi.doc%2FrelnotesXI.html
Highlights of DataPower v6.0.1 Released Dec 2013
17
GatewayScript: A JavaScript runtime that is
secured, optimized and tuned for the gateway environment to simplify configuration for developers and provide an easier development paradigm for Mobile, Web, & API
New Virtual Edition for Developers provides a low cost, per user pricing, and easy to use gateway for developers
Support for Citrix XenServer hypervisor provides additional deployment flexibility on-premise & cloud deployments
WebSocket Proxy support enables full-duplex, bi-
directional, & low-latency communication for Mobile & Web applications, Internet of Things
Improved security & traffic control functionality in support of IBM API Management offering
Highlights of DataPower v7.0
GatewayScript
Released June 2014
18
Agenda
DataPower Gateway Overview Recent Releases What’s New in DataPower Gateway & V7.1 Q&A
19
Secure. Integrate. Control. Optimize.
7.1 DataPower
IBM Gateway Released Nov 2014
Consolidated product Single, modular & extensible gateway platform to secure, integrate, control, & optimize full range of workloads
New hardware platform Increase capacity & throughput while reducing latency with latest generation hardware
Deployment flexibility Use physical or virtual appliance with seamless configuration migration with on-premise & cloud deployments
B2B module Centralize B2B trading partner connectivity & transaction management with high performance secure entry point in the DMZ
Multi-channel gateway Utilize single gateway with integrated access enforcement from ISAM to secure & optimize delivery of mobile, API, web, SOA, B2B, cloud apps, and integrate with IBM MobileFirst & WebSphere platforms
Enhanced security Enable additional flexible authentication from internet consumers & Non-Microsoft consumers to Microsoft systems
20
Highlights of IBM DataPower Gateway & V7.1 Single multi-channel gateway platform to secure & optimize delivery of mobile, API, web, SOA, B2B, cloud apps, and integrate with IBM MobileFirst & WebSphere platforms
Integrates industry-proven access enforcement capabilities of IBM Security Access Manager into the DataPower platform, available as add-on ISAM Proxy Module
IBM DataPower Gateway is the new name of a consolidated, extensible & modular platform
Converges three existing products, XG45 / XI52 / XB62, into a single modular offering
Physical appliance uses purpose-built latest generation hardware platform to provide increased performance & capacity
Virtual appliance runs on VMware & Citrix XenServer hypervisors and cloud platforms that support them
Easy-to-use & secure B2B integration capabilities, formerly on XB62 appliances only, available as add-on B2B Module Enable authentication from internet consumers & Non-Microsoft consumers to Microsoft systems with Kerberos S4U2Self support
21
IBM DataPower Gateway is the new name of a consolidated, extensible & modular platform Converges three existing products, XG45 / XI52 / XB62, into a single modular offering Available in physical and virtual form factor Supports V7.1 and above
Physical Appliance
2U rack mount appliance using latest generation hardware platform Two base editions: Non-HSM and HSM (FIPS 140-2 Level 3 certified)
Each software module is licensed separately Virtual Edition
Three editions: Developer, Non-Production, Production Developer includes all software modules at no additional cost, except TIBCO EMS Non-Production includes all software modules at no additional cost, except TIBCO EMS & ISAM Proxy Production: Each software module is licensed separately
Add-on software modules provide additional functionality that can be activated quickly
when needed IBM API Management solution requires base IBM DataPower Gateway as runtime for
executing API workloads
Single, modular & extensible platform (1 of 2)
22
Modules
ISAM Proxy Module User access control, session
management, web SSO enforcement Advanced mobile security: mobile
SSO, context-based access, one-time password, multi-factor authn
Integration with ISAM for Mobile
Application Optimization Module
Frontend self-balancing Backend intelligent load distribution Session affinity z Sysplex Distributor integration
Integration Module
Any-to-Any message transformation Database connectivity Mainframe IMS connectivity
B2B Module B2B DMZ gateway EDIINT AS1,AS2,AS3,ebXML Partner profile management B2B transaction viewer Any-to-Any message transformation Database connectivity
TIBCO EMS Module
Integrate with TIBCO EMS messaging middleware
Support for queues & topics Load balancing & fault-tolerance
IBM DataPower Gateway (Base) Secure
Authentication, authorization Security token translation Service / API virtualization Threat protection Message validation Message filtering Message digital signature Message encryption AV scanning integration
Integrate Transport protocol bridging Message enrichment Message transformation &
processing using JavaScript, JSONiq, XQuery, XSLT
Mainframe integration & enablement
Flexible pipeline message processing engine
Control & Manage Service level management Quota & rate enforcement Content-based routing Message accounting Integration w/ management &
visibility platforms including IBM API Management & WSRR for policy enforcement
Optimize & Offload SSL / TLS offload Hardware accelerated crypto* JSON, XML offload JavaScript, JSONiq, XSLT,
XQuery acceleration Local response caching Distributed caching with WXS
or XC10 Backend load balancing
2U Physical or Virtual Edition
Single, modular & extensible platform (2 of 2)
23
Latest Generation Hardware Platform Trusted Platform Module
Customized intrusion detection
Cryptographic Acceleration Card
Hardware Security Module (Optional, FIPS 140-2 Level 3 certified)
Runtime Hardware Diagnostic
Intelligent Platform Management Interface
Supercapacitor Powered Flash-backed RAID Cache
Multiple Replaceable Units – Customer Replaceable Units (CRU)
• Fan, Power Supply, HDD, Network Module – Field Replaceable Units (FRU)
• Appliance, CPU, Memory, Flash Drive, Coin Battery, Supercapacitor for RAID
• Cryptographic Acceleration Card, HSM Card, RAID Card
Purpose-built, high density 2U rack mount design
Increased capacity ‒ Higher performance CPU & memory ‒ Faster cryptographic acceleration card ‒ New RAID controller w/ large write cache
192 GB memory
Two 1.2 TB high speed hard drives
Three management traffic ports 1 RJ45 serial port 2 x 1 GbE ports
Ten application traffic ports ‒ 8 x 1 GbE ports ‒ 2 x 10 GbE ports
2 10-Gigabit Ethernet NICs
8 1-Gigabit Ethernet NICs
RAID mirroring across two drives
24
Comparison with older products
IBM WebSphere DataPower Service Gateway XG45
(1U Physical, Virtual Edition)
IBM WebSphere DataPower Integration Appliance XI52
(2U Physical, Virtual Edition)
Previously 3 Products (XG45/XI52/XB62)
2 Physical appliances (1U & 2U) 2 Virtual appliances (XG45/XI52)
Now 1 Product
1 Physical appliance (2U only) 1 Virtual appliance
IBM DataPower Gateway Virtual Edition provides the same functionality & modules as physical appliances with the exception of
HSM (that provides FIPS 140-2 Level 3 certification)
Integration & B2B Module are independent & can be purchased separately
IBM DataPower Gateway + Integration Module
(2U Physical, Virtual Edition)
IBM WebSphere DataPower B2B Appliance XB62
(2U Physical)
IBM DataPower Gateway
(2U Physical, Virtual Edition)
IBM DataPower Gateway + B2B Module
(2U Physical, Virtual Edition)
IBM DataPower Gateway 2U rack mount physical appliance is available with optional HSM (FIPS 140-2 Level 3 certified)
25
Firmware V7.1, Modules & Supported Platforms Firmware V7.1 delivers
ISAM Proxy Module to enable advance access enforcement of mobile & web use cases B2B Module to enable secure B2B integration capabilities, formerly available on XB62 only Integration Module to enable integration functionality including any-to-any message
transformation, database connectivity & mainframe connectivity Kerberos S4U2Self functionality to provide flexible authentication for Microsoft environments Increase in XML Names maximum to allow for large configurations, RAS & other enhancements
V7.1 supports the following IBM DataPower Gateway (Physical and Virtual Edition) XG45 (Physical and Virtual Edition) XI52 (Physical and Virtual Edition), XI50B (2426 & 4195 models) XB62 (Physical)
ISAM Proxy module requires V7.1 and is available on the following IBM DataPower Gateway (Physical and Virtual Edition) XG45 (Physical, and Virtual Edition) XI52 (Physical, and Virtual Edition) XB62 (Physical)
B2B module requires V7.1 and is available on the following IBM DataPower Gateway (Physical and Virtual Edition) XG45 (Physical, and Virtual Edition) XI52 (Physical, and Virtual Edition)
Integration module requires V7.1 and is available on the following IBM DataPower Gateway (Physical and Virtual Edition)
26
Applications and Systems
Silos of security & control are impeding business agility
DEVELOPERS PARTNERS CONSUMERS
EMPLOYEES
WEB MOBILE B2B SOA APIS
PARTNERS
DEVELOPERS
API GATEWAY
B2B GATEWAY
SOA GATEWAY
WEB ACCESS PROXY
MOBILE GATEWAY
Business Channels
Users
Security & Control
Solutions
CLOUD
ALL
CLOUD GATEWAY
CONSUMERS
EMPLOYEES
z System Middleware
ESB Application Service
27
Applications and Systems
DEVELOPERS PARTNERS CONSUMERS
EMPLOYEES
WEB MOBILE B2B SOA APIS
PARTNERS
DEVELOPERS
Business Channels
Users
Security & Control
Solutions
CLOUD
ALL CONSUMERS
EMPLOYEES
Reduce cost + improve security & control with a single gateway
z System Middleware
ESB Application Service
Virtual appliance Physical appliance
DataPower Gateway
28
IBM Multi-channel gateway
ISAM for DataPower module provides the reverse proxy component that provides enforcement for Centralized user authentication & coarse-grained authorization Session management, & web SSO Context based access & mobile SSO Strong authentication including one-time password and multi-factor authentication
Leverage the combined capabilities of IBM DataPower Gateway and IBM Security Access Manager in a single, converged security and integration gateway
New in V7.1
IBM DataPower Gateway
Web Browsers and Portals
Mobile Web
Web 2.0 (AJAX)
Native Mobile
B2B Hybrid Mobile
API SOA (Web Services)
App, Service & API security
IBM DataPower Gateway
ISAM Module
User access security
Traffic control & optimization
Connectivity & transformation
29
What is ISAM for DataPower Module?
• ISAM for DataPower module provides the reverse proxy component that is available on ISAM for Web and ISAM for Mobile appliances
ISAM Module
DataPower
Base Appliance • Reverse Proxy
IBM Security Access Manager for Mobile • Context based Access
(CBA) • One-time Password
(OTP) / Multi-factor Authentication (MFA)
• Advanced Security
IBM Security Access Manager for Web • Load Balancer • Protocol Analysis
Module (PAM)
ISAM for Web was formerly known as Tivoli Access Manager for E-Business (TAMeb)
30
SSL Offload Threat Protection
Rate Limiting / SLA Enforcement Validation, Filtering
Authentication Authorization
Context-based Access Mobile SS0
Security Token Translation Message Transformation Content-Based Routing
Intelligent Load Distribution Response Caching
Middleware / ESB, Legacy Apps
Apps, Services
Rapidly Connect Mobile Apps with Enterprise Services Securely expose enterprise data & APIs to Mobile Apps while optimizing delivery
IBM DataPower Gateway
ISAM Module
/apimanagement
Native, Hybrid, Mobile Web
31
• DataPower appliance with ISAM module for security enforcement, traffic control & management, application acceleration, transport bridging & message transformation
• ISAM for Mobile as decision point for context based access (CBA), mobile SSO, strong authentication including one-time password (OTP) & multi-factor authentication (MFA)
Mobile Gateway solution for on-premise and cloud
ISAM for Mobile
Rapidly deliver secure integration & optimized access for enterprise mobile applications
DataPower Gateway (Security Enforcement Point)
ISAM Module
Apps, Services, Middleware,
(Security Decision Point)
z System
32
Multi-Channel Gateway for MobileFirst & WebSphere Products
33
REST
1
5 3
2 4
Client Provider
Improve Response
Time
Impr
oved
Loa
d
DataPower Large Response Time
WebSphere Extreme Scale (WXS)
http://www-01.ibm.com/support/docview.wss?uid=swg21697033
1. Client submits application request.
2. DataPower parses request and queries WXS. On a hit, skip to step 5.
3. On a miss, DataPower forwards request to target Provider.
4. DataPower adds application response to WXS.
5. Client receives response from DataPower.
Response Caching Integration with WXS In addition to support for XC10
34
Enhance security intelligence and compliance through integration with QRadar security information and event management (SIEM) platform
Device Support Module (DSM) for DataPower Gateways available to parse event information
Integration with QRadar Security Intelligence Platform
QRadar SIEM
User
Client Provider
DataPower
35
DataPower on GitHub Repository of DataPower related tools & collateral
Open source Community driven: Use, collaborate, contribute http://ibm-datapower.github.io/
DataPower Configuration Manager Tool for DataPower configuration management & migration Standalone command line or IBM UrbanCode Deploy plugin https://github.com/ibm-datapower/datapower-configuration-manager https://github.com/ibm-datapower/datapower-configuration-manager/wiki/Easy-On-Ramp
DPXMLSH
Bash script / shell library for working with DataPower’s XML Management interface Interactive & scripted use https://github.com/ibm-datapower/datapower-xml-shell
36
Secure. Integrate. Control. Optimize.
7.1 DataPower
IBM Gateway Released Nov 2014
Consolidated product Single, modular & extensible gateway platform to secure, integrate, control, & optimize full range of workloads
New hardware platform Increase capacity & throughput while reducing latency with latest generation hardware
Deployment flexibility Use physical or virtual appliance with seamless configuration migration with on-premise & cloud deployments
B2B module Centralize B2B trading partner connectivity & transaction management with high performance secure entry point in the DMZ
Multi-channel gateway Utilize single gateway with integrated access enforcement from ISAM to secure & optimize delivery of mobile, API, web, SOA, B2B, cloud apps, and integrate with IBM MobileFirst & WebSphere platforms
Enhanced security Enable additional flexible authentication from internet consumers & Non-Microsoft consumers to Microsoft systems
37
Agenda
DataPower Gateway Overview Recent Releases What’s New in DataPower Gateway & V7.1 Q&A
38
Getting Social with IBM DataPower Gateways DataPower on Slideshare LinkedIn
IBM DataPower Gateway Group
developerWorks Blog YouTube IBM DataPower Gateway Channel
Twitter @IBMGateways
Online User Forum
• YouTube Channel: IBM DataPower Gateways • Slideshare: IBM DataPower Gateway • Twitter: @IBMGateways • LinkedIn Group: IBM DataPower Gateway • developerWorks blog: IBM DataPower Gateway • GitHub: IBM DataPower Gateway • Online User Forum • Product page on ibm.com • Product documentation
39
Available Now: DataPower Handbook, Second Edition, Volume 1 Known as the ‘bible’ of
DataPower planning, implementation, and usage.
New content to cover previous six years of new products/features, including 9006/7.1!
Volume 1 consists of Chap 1 DataPower Intro, Chap 2 Setup Guide, new Preface and two invaluable new appendices for physical and virtual appliances.
Available in softcover and e-book formats
40
BACKUP
41
• Data format & language – JavaScript ‒ JSON ‒ JSON Schema ‒ JSONiq ‒ REST ‒ SOAP 1.1, 1.2 ‒ WSDL 1.1 ‒ XML 1.0 ‒ XML Schema 1.0 ‒ XPath 1.0 ‒ XPath 2.0 (XQuery only) ‒ XSLT 1.0 ‒ XQuery 1.0
• Security policy enforcement ‒ OAuth 2.0 ‒ SAML 1.0, 1.1 and 2.0, SAML Token
Profile, SAML queries ‒ XACML 2.0 ‒ Kerberos (including S4U2Self, S4U2Proxy) ‒ SPNEGO ‒ RADIUS ‒ RSA SecurID OTP using RADIUS ‒ LDAP versions 2 and 3 ‒ Lightweight Third-Party Authentication ‒ Microsoft Active Directory ‒ FIPS 140-2 Level 3 (w/ optional HSM) ‒ FIPS 140-2 Level 1 (w/ certified crypto module) ‒ SAF & IBM RACF® integration with z/OS ‒ Internet Content Adaptation Protocol ‒ W3C XML Encryption ‒ W3C XML Signature ‒ S/MIME encryption and digital signature ‒ WS-Security 1.0, 1.1 ‒ WS-I Basic Security Profile 1.0, 1.1 ‒ WS-SecurityPolicy ‒ WS-SecureConversation 1.3
DataPower Gateway: Supported standards & protocols • Transport & connectivity
– HTTP, HTTPS, WebSocket Proxy – FTP, FTPS, SFTP – WebSphere MQ – WebSphere MQ File Transfer Edition – TIBCO EMS – WebSphere Java Message Service – IBM IMS Connect, & IMS Callout – NFS – AS1, AS2, AS3, ebMS 2.0, CPPA 2.0,
POP, SMTP (XB62) – DB2, Microsoft SQL Server, Oracle,
Sybase, IMS
• Transport Layer Security ‒ TLS versions 1.0, 1.1, and 1.2 ‒ SSL versions 2 and 3
• Public key infrastructure (PKI)
‒ RSA, 3DES, DES, AES, SHA, X.509, CRLs, OCSP
‒ PKCS#1, PKCS#5, PKCS#7, PKCS#8, PKCS#10, PKCS#12
‒ XKMS for integration with Tivoli Security Policy Manager (TSPM)
• Management ‒ Simple Network Management Protocol ‒ SYSLOG ‒ IPv4, IPv6
• Open File Formats
‒ Distributed Management Task Force (DMTF) Open Virtualization Format (OVF)
‒ Virtual Machine Disk Format (VMDK) ‒ Virtual Hard Disk (VHD)
Link to Product Documentation
• Web services – WS-I Basic Profile 1.0, 1.1 – WS-I Simple SOAP Basic Profile – WS-Policy Framework – WS-Policy 1.2, 1.5 – WS-Trust 1.3 – WS-Addressing – WS-Enumeration – WS-Eventing – WS-Notification – Web Services Distributed Management – WS-Management – WS-I Attachments Profile – SOAP Attachment Feature 1.2 – SOAP with Attachments (SwA) – Direct Internet Message Encapsulation – Multipurpose Internet Mail Extensions – XML-binary Optimized Packaging (XOP) – Message Transmission Optimization
Mechanism (MTOM) – WS-MediationPolicy (IBM standard) – Universal Description, Discovery, and
Integration (UDDI versions 2 and 3), UDDI version 3 subscription
– WebSphere Service Registry and Repository (WSRR)
42
Notices and Disclaimers Copyright © 2015 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM.
U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM.
Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGE ARISING FROM THE USE OF THIS INFORMATION, INCLUDING BUT NOT LIMITED TO, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF PROFIT OR LOSS OF OPPORTUNITY. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided.
Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice.
Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary.
References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business.
Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation.
It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law.
43
Notices and Disclaimers (con’t)
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right.
• IBM, the IBM logo, ibm.com, Bluemix, Blueworks Live, CICS, Clearcase, DOORS®, Enterprise Document Management System™, Global Business Services ®, Global Technology Services ®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, SoDA, SPSS, StoredIQ, Tivoli®, Trusteer®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.
Thank You Your Feedback is
Important!
Access the InterConnect 2015 Conference CONNECT Attendee Portal to complete your session surveys from your smartphone,
laptop or conference kiosk.