Presentation is loading. Please wait.

Presentation is loading. Please wait.

IBM DataPower Gateway & V7.1 Overview

Similar presentations


Presentation on theme: "IBM DataPower Gateway & V7.1 Overview"— Presentation transcript:

1 IBM DataPower Gateway & V7.1 Overview
Arif Siddiqui, Principal Product Manager – Strategic Initiatives IBM DataPower Gateways & API Economy Ozair Sheikh, Senior Product Manager IBM DataPower Gateways

2 Agenda DataPower Gateway Overview Recent Releases
What’s New in DataPower Gateway & V7.1 Q&A

3 DataPower Gateways … SECURE Mobile, API, Web, SOA, B2B and Cloud Workloads INTEGRATE Systems of Engagement with Systems of Record CONTROL & MANAGE Traffic and Service Level Agreements OPTIMIZE Data Delivery and User Experiences CONSOLIDATE & Simplify Infrastructure Footprint IBM DataPower Gateways provide a low startup cost, helping clients increase ROI and reduce TCO with specialized, consumable, dedicated gateway appliances that combine superior performance and hardened security in physical and virtual form factors 3 3

4 Gateway for the Multi-channel Enterprise
Single security and integration gateway platform to provide security, integration, control & optimized access to a full range of Mobile, API, Web, SOA, B2B, & Cloud workloads B2B Simplify mobile security with single, purpose-built gateway; control mobile traffic and accelerate delivery Web Simplify web security with single, purpose-built gateway; control traffic and accelerate delivery for intranet and internet web applications Cloud DataPower gateway functionality in a virtual appliance form factor, supports multiple hypervisor & cloud environments IBM DataPower Gateway API Easily secure, control, publish, monitor & manage your APIs SOA Secure, integrate, control & manage SOA workloads in the DMZ and Trusted zones Extend Connectivity & Integration beyond the enterprise with DMZ-ready B2B edge capabilities Mobile

5 6 ESB / Integration Gateway 7 Internal Security Enforcement
Common Use Cases IBM DataPower Gateway Appliances are the industry-leading Security & Integration gateways that help provide security, integration, control and optimized access to a full range of Mobile, Web, API, SOA, B2B, & Cloud workloads Internet DMZ Trusted Domain Consumer Application or Service DataPower Gateway DataPower Gateway Middleware z System 1 Mobile Gateway 2 API Gateway 3 Web Gateway 4 B2B Partner Gateway 5 SOA & API Gateway 6 ESB / Integration Gateway 7 Internal Security Enforcement 8 Web Services Governance & Management 9 Legacy Integration Consumer Trading partners

6 Enforce runtime policies to control API traffic
IBM API Management: One Integrated Platform design, secure, control, publish, monitor & manage APIs Developer Portal API Manager Management Console Explore API documentation Provision application keys Self-service experience Define and manage APIs Explore API usage with analytics Manage API user communities Provision system resources Monitor runtime health Scale the environment IBM API Mgmt provides the management platform, while IBM DataPower provides the API Gateway to enforce API security and control . IBM APIM sits on a server as a virtual appliance, while DataPower can be a virtual appliance or a physical appliance API Gateway (IBM DataPower) Enforce runtime policies to control API traffic Confidential

7 Features Simplify, offload & centralize critical functions
Secure Integrate Control Optimize Authentication, authorization, auditing Security token translation Threat protection Schema validation Message filtering & semantics validation Message digital signature Message encryption Any-to-any message transformation Transport protocol bridging Message enrichment Database connectivity Mainframe connectivity B2B trading partner connectivity Service level management Quota enforcement, rate limiting Message accounting Content-based routing Failure re-routing Integration with management & visibility platforms SSL / TLS offload Hardware accelerated crypto operations JSON, XML offload JavaScript, JSONiq, XSLT, XQuery acceleration Response caching Intelligent load distribution Simplify, offload & centralize critical functions Before DataPower Gateway After DataPower Gateway Consumer Secure Integrate Consumer Control Consumer Optimize Consumer 7

8 Deployment options Physical Virtual
Purpose-built, DMZ-ready appliances provide physical security High density 2U rack-mount design 8 x 1 and 2 x 10 GbE ports Cryptographic acceleration card Trusted platform module Customized intrusion detection Optional HSM (FIPS Level 3 certified) Virtual appliances provide deployment flexibility Support multiple hypervisors and cloud environments VMware Citrix XenServer IBM PureApplication System (x86 nodes) IBM PureApplication Service on SoftLayer (x86 nodes) IBM SoftLayer bare metal instances using supported hypervisors

9 Enterprise grade security requires a secure platform
Purpose-built hardware provides physical security Sealed, tamper-evident case No usable USB, VGA, other ports Intrusion detection switch Trusted Platform Module Encrypted flash drive FIPS level 3 Hardware Security Module (option) for secure storage of private keys Hardened firmware provides platform security for physical & virtual gateways Single signed and encrypted firmware by IBM No arbitrary software Optimized, embedded operating system High assurance, “locked-down” configuration Key materials are not exportable from the appliance * Sealed network-resident devices in a tamper-proof case. No drives; no USB ports. Optimized hardware, firmware, and embedded operating system. Single signed/encrypted firmware image prevents attackers from installing arbitrary software. By default, appliances ship with a locked-down configuration. Secure hardware storage of encryption keys and locked audit log. Minimized security vulnerabilities by using few third-party components.

10 Virtual Edition DataPower gateway functionality in virtual appliance form factor to rapidly secure, integrate, control & optimize access to Mobile, API, Web, SOA & B2B workloads in hypervisor & clouds platforms Use for development, test or production Supports multiple hypervisor & cloud platforms VMware Citrix XenServer IBM PureApplication System W1500/W2500 IBM PureApplication Service on SoftLayer (x86) IBM SoftLayer bare metal instances on x86 nodes Seamless configuration migration between physical and virtual appliances Utilizes the same industry-proven & purpose-built platform including an embedded, optimized DataPower Operating System, that powers the physical appliances x86 Server Delivers purpose-built, highly consumable Security & Integration Gateway functionality in virtual appliance form factor for cloud deployments

11 Virtual Edition Benefits
Deployment flexibility and elasticity – “Right size” the deployment, quickly deploy where needed, & rapidly scale Workload isolation - Projects can use their own instances Unbounded memory scalability - Memory can be added to instances without additional licensing Low cost for Dev & Test environments - Developers & Non-Production versions include add-on software modules at no additional charge Free disaster recovery - Warm or cold backup without additional licenses when licensed for Production Flexible licensing and entitlement Sub-capacity licensing Monthly licensing option Entitlement to future product versions at no additional charge with active maintenance (S&S) x86 Server Delivers purpose-built, highly consumable Security & Integration Gateway functionality in virtual appliance form factor for cloud deployments Existing customers can take advantage of new releases and upgrade to new versions with an active Subscription & Support account with IBM

12 DataPower Gateways Government Banking Insurance Many, many, more
Over 14 years of innovation & over 2,000 global installations Government Agencies and ministries Defense and security organizations Crown corporations Banking Majority of the big US and European banks All of the big 5 Canadian banks Numerous regional banks and credit unions Insurance Used by 95% of top global insurances firms SaaS providers, ASPs, regulators, etc. Many, many, more Healthcare Retailers Utilities, Power, Oil and Gas Telecom Airlines Others

13 DataPower’ing IBM Bluemix!!!
Did you know? DataPower has been trusted to be the exclusive gateway for Bluemix, IBM’s global Platform as a Service Mobile client Bluemix Tooling VM Application Manager App Service Open Stack External Service External Services Internet DataPower’ing IBM Bluemix!!! Security Control Filtering Content-Based Routing Load balancing Monitoring and Logging

14 Agenda DataPower Gateway Overview Recent Releases
What’s New in DataPower Gateway & V7.1 Q&A

15 Highlights of DataPower v6.0
Released June 2013 Highlights of DataPower v6.0 Provides the API gateway functionality for IBM API Management Quick integration with IBM Worklight to secure mobile web traffic Improved REST services handling with native JSON support including schema validation & query, extract, filter & transform through JSONiq New XML data query, extraction & manipulation support with XQuery 1.0 Enhanced security with new OAuth 2.0 capabilities, new support for Kerberos constrained delegation (S4U2Proxy), and TLS 1.1/1.2 Improved WS-MediationPolicy consumption from WSRR & SLAs for non-SOAP traffic Embedded On-Demand Router functionality for WAS ND environments Optimized application delivery with response caching on-the-box & seamless integration with elastic caching XC10 appliances New System z integration capabilities allowing IMS transactions to easily consume external web services & easy consumption of IMS data as a service Simple ability to create & deploy common DataPower configuration patterns Summary: WebSphere DataPower gateway appliances are uniquely positioned to act as security and integration gateways for a full range of web, mobile, API, SOA, B2B, and cloud workloads in a single, highly security-enhanced, highly consumable, DMZ-ready appliance. Version 6.0 new features and enhancements: Functionality to rapidly enable security, control, integration, and optimized access to web, mobile, and API workloads. API gateway functionality for IBM API Management V2.0 solution. Mobile web traffic security for IBM Worklight: Easy-to-use authentication integration for Worklight platform. Front-end proxy for WebSphere Application Server: Embedded, on-demand router functionality for WebSphere Application Server Network Deployment environments. Local response caching and integration with DataPower XC10 Caching Appliance: Optimized application delivery with local response caching on the appliance and seamless integration with elastic caching XC10 appliances. Enhanced value for System z: New integration capabilities between DataPower and IMS that allow IMS transactions to easily consume external web services and remote applications to easily consume IMS data as a service. Pattern-based configurations: Intuitive and easy-to-use tool for creating and deploying common DataPower configuration patterns. At a glance IBM WebSphere DataPower Appliances extend industry-leading, service-oriented architecture (SOA), and business-to-business (B2B), security, control, optimization, and integration capabilities to web, mobile, and API workloads. DataPower Appliances firmware V6.0: Helps reduce infrastructure complexity and lowers total cost of ownership for security and integration gateway solutions. Provides API gateway functionality for the IBM API Management V2.0 solution. Provides easy-to-use, security-enhanced integration with Worklight. Enables operational agility for WebSphere Application Server Network Deployment environments. Helps improve application user experience with fast, more consistent response times and reduces the load on backend systems. Enhances integration with IMS systems by helping to reduce CPU consumption for System z. Helps provide fast time to value and improved developer productivity with configuration-pattern-authoring and deployment support. Detailed Description: Emerging technology trends, like mobile and API management, allow businesses to expand the scope of valuable IT assets to new channels and use cases. These shifts in technology enable businesses to reach consumers, business partners, and clients anywhere in the world at any time. These new opportunities require the enterprise to accommodate additional security capabilities, access controls, and to manage the exponential growth in application traffic. WebSphere DataPower Appliances provided industry-leading security, control, optimization, and integration capabilities for SOA and B2B platforms for more than 12 years. WebSphere DataPower firmware V6.0 extends these capabilities to additional business channels and use cases by enhancing support for web applications, mobile, and web API workloads and provides API gateway functions for the IBM API Management V2.0 solution. Security enhanced web application, mobile, and API gateway Enhanced OAuth 2.0 functionality now includes support for public client, implicit grant type, refresh token, and revoke token. New Kerberos constrained delegation support, specifically S4U2Proxy based on incoming AP-REQ token, provides flexible authentication flows. Provides support for Transport Layer Security (TLS) 1.1 and 1.2 to meet strict security requirements. New XQuery 1.0 support provides easy-to-use query and manipulation of XML data. Enhanced JSON support allows schema validation through built-in action, and query, extraction, and filter operations on JSON messages through JSONiq. Enhanced policy framework support allows dynamic consumption of WS-MediationPolicy artifacts created in WebSphere Service Registry and Repository to enforce service level agreements (SLA) for non-SOAP messages. Supports enhanced transaction monitoring support with built-in, monitoring data collection of traffic flowing through multi-protocol gateway service. Support for LDAP connection pooling and granular timeout can provide performance and resiliency improvements. Delivers enhanced service level monitoring for enforcement, based on data volume. Enhanced SSL Proxy service supports user-controlled timeouts and connection limits, and resiliency for misbehaving client or providers. Provides support for ISAM 7.0 and TAM clients to integrate with IBM Security Systems product groups. Mobile web traffic security for Worklight Enhanced form-based login authentication support can enable quick integration with Worklight. Ready-to-use configuration patterns are provided to easily deploy DataPower appliances as a proxy and security policy enforcement point in front of the Worklight Server. Front-end proxy for WebSphere Application Server Embedded On Demand Router (ODR) capability within DataPower appliances help simplify deployment topologies and provides operational agility, that enable intelligent load balancing decisions to backend WebSphere Application Server Network Deployment environments, that include those running Worklight, based on dynamic, real-time topology, and workload information. Note: The Application Optimization feature is required for ODR functionality. Local response caching and integration with IBM DataPower XC10 Caching Appliance Provides configuration driven local caching on the appliance for HTTP response messages from backend provider systems. Provides built-in, seamless integration with elastic, distributed caching XC10 appliances to cache HTTP response data by using ready-to-use configuration to help provide fast, more consistent response times and help reduce load on back-end systems for web services, and mobile and web application traffic. Enhanced value for System z WebSphere DataPower historically provided unique capabilities for securing, optimizing, and integrating legacy enterprise assets running in System z. Version 6.0 enhances these capabilities, expanding the value of these critical resources, specifically for transactions that run in IMS. IMS Callout feature allows IMS transactions to easily consume external web services via DataPower, with minimal application updates required. Note: IMS Callout functionality requires one of the following models: WebSphere DataPower Integration Appliance XI52 WebSphere DataPower Integration Appliance XI52 Virtual Edition WebSphere DataPower Integration Blade XI50B WebSphere DataPower B2B Appliance XB62 IMS DB feature easily exposes IMS data as a service to remote applications. Note: IMS DB functions require one of the following DataPower models: XG45 or XG45 Virtual Edition (with Database Integration Module feature) XI52, XI52 Virtual Edition or XI50B (with Database Connectivity feature) Pattern-based configurations Includes an intuitive, easy-to-use interface that runs on DataPower appliances, for creating and deploying common DataPower configuration patterns. Creation of custom, reusable configuration patterns that empower users to deploy proxies for business services by using well-defined and approved pattern points-of-variability (PoV). This allows scalability of use and can help reduce time to value. 15

16 Highlights of DataPower v6.0.1
Released Dec 2013 Highlights of DataPower v6.0.1 Adds Application Optimization (optional add-on module) on XB62 Support for self-balancing and intelligent load distribution Eliminate load balancing hops - reducing cost & complexity + improving scalability & performance Empowers XB62 to provide API gateway functionality for IBM API Management solution Enables a converged solution for B2B and API management gateways NIST SP a security standard compliance + FIPS Level 1 certified cryptography module Enables U.S. Federal & Public sector customers to meet government mandated security standard Supported on both physical & virtual appliances Enhanced support for Web, Mobile & REST workloads Enhanced Configuration Pattern Console Improved error handling and description Adds version support for configuration patterns Important Note: This firmware is not supported on 9004 appliances, i.e. XS40, XI50 or XB60 Links: Release Notes:

17 Highlights of DataPower v7.0
Released June 2014 Highlights of DataPower v7.0 GatewayScript: A JavaScript runtime that is secured, optimized and tuned for the gateway environment to simplify configuration for developers and provide an easier development paradigm for Mobile, Web, & API New Virtual Edition for Developers provides a low cost, per user pricing, and easy to use gateway for developers Support for Citrix XenServer hypervisor provides additional deployment flexibility on-premise & cloud deployments WebSocket Proxy support enables full-duplex, bi-directional, & low-latency communication for Mobile & Web applications, Internet of Things Improved security & traffic control functionality in support of IBM API Management offering GatewayScript Summary: WebSphere DataPower gateway appliances are positioned to act as security and integration gateways for a full range of web, mobile, API, service-oriented architecture (SOA), B2B, and cloud workloads in a single, highly secure, highly consumable, DMZ-ready appliance. Version 7.0 new features and enhancements include the following: Enhanced web, mobile and API gateway capabilities with WebSocket proxy support and improved security functionality Introduction of cost-effective DataPower Virtual Edition for Developers and deployment support on VMware Type 2 hypervisors that allows developers to have a dedicated copy of DataPower appliance for development and unit testing on their workstations GatewayScript, a JavaScript programming model that is optimized, secured and tuned for the gateway environment to enable secure and efficient processing of mobile, web, and API workloads Easier integration with Sterling MEIG for offloading security functions Improved network scalability and performance with support for link aggregation Ability to run on Citrix XenServer-based platforms to enable private cloud and SoftLayer bare-metal and dedicated server deployment At a glance: WebSphere® DataPower® gateway appliances provide industry-leading security, control, optimization, and integration capabilities for mobile, web, API, service-oriented architecture (SOA), and business-to-business (B2B) workloads. DataPower Appliances firmware V7.0 delivers the following: Enhances support for web, Mobile and API workload processing. Provides a flexible, cost-effective gateway for developers. Empowers developers to be more productive with a JavaScript-based programming model. Enables Sterling Multi-Enterprise Integration Gateway (MEIG) integration to secure B2B workloads. Helps to increase network redundancy and increase throughput. Enables additional private cloud and SoftLayer deployment flexibility. Provides reliability, availability, and serviceability enhancements. Detailed Description: Mobile, web, and API workloads enable new channels and provide additional business opportunities for enterprises, while SOA and B2B infrastructure continue to grow and sustain investment. WebSphere DataPower Firmware V7 provides enhanced security and integration support for web, mobile, API, and B2B workloads, increased network performance and redundancy, additional deployment flexibility and helps improve developer productivity. Enhanced security and integration functionality for web, mobile and API gateway workloads are provided through: GatewayScript, a JavaScript runtime, which is optimized, secured and tuned for the gateway environment to enable secure and efficient processing of mobile, web, and API workloads WebSocket proxy support for the Multi-Protocol Gateway Service that enables full-duplex, bi-directional, and low-latency communication for HTTP-based web and mobile applications The ability to proxy HTTP-based application traffic that uses methods not reserved by the HTTP/1.1 specification Enhanced API gateway functionality to allow dynamic security and logging capabilities for OAuth 2.0 Fine-grained, cookie handling controls RSA SecurID one-time password (OTP) support through RADIUS integration Increased developer productivity through: The introduction of a cost-effective DataPower Virtual Edition for developers and deployment support on VMware Type 2 hypervisors to allow developers to have a dedicated copy of DataPower appliance for development and unit testing on their workstations. GatewayScript, the new highly-tuned, JavaScript-based gateway runtime for processing with security-first, performance optimized execution. Enhanced B2B connectivity from: Offload of resource intensive security functions from Sterling MEIG Highly reliable storage of B2B transaction document payload that uses Network File System (NFS) Network redundancy and increased throughput with support for Link Aggregation allows: Combining multiple Ethernet interfaces into one, logical network interface to improve network availability and bandwidth characteristics of the interface Easier configuration by using existing Ethernet interface objects Deployment flexibility for private cloud and SoftLayer environments from: New support for Citrix XenServer-based platforms that enables private cloud and SoftLayer bare-metal and dedicated server deployment VMware vCenter and vMotion support for dynamic and automated virtual environments SFTP support on XG45 appliances enables Secure File Transfer Protocol (SFTP) connectivity within the DMZ for XG45 appliances. Reliability, availability, and serviceability enhancements provide: Additional details that are added to system and latency logs Enhanced debugging information for problem determination

18 Agenda DataPower Gateway Overview Recent Releases
What’s New in DataPower Gateway & V7.1 Q&A

19 Secure. Integrate. Control. Optimize.
7.1 DataPower Released Nov 2014 IBM Gateway Secure. Integrate. Control. Optimize. Consolidated product Single, modular & extensible gateway platform to secure, integrate, control, & optimize full range of workloads New hardware platform Increase capacity & throughput while reducing latency with latest generation hardware Deployment flexibility Use physical or virtual appliance with seamless configuration migration with on-premise & cloud deployments B2B module Centralize B2B trading partner connectivity & transaction management with high performance secure entry point in the DMZ Multi-channel gateway Utilize single gateway with integrated access enforcement from ISAM to secure & optimize delivery of mobile, API, web, SOA, B2B, cloud apps, and integrate with IBM MobileFirst & WebSphere platforms Enhanced security Enable additional flexible authentication from internet consumers & Non-Microsoft consumers to Microsoft systems Slide shows feature/functions on the left and platform/deployment on the right. Introducing IBM’s Multi-channel gateway solution that integrates advanced user access enforcement capabilities of IBM Security Access Manager into the DataPower platform to allow users to utilize a single converged gateway to secure, integrate, control & optimize delivery of workloads for a full range of channels including Mobile, Cloud, API, Web, SOA, & B2B. Simplified product portfolio through consolidation of all existing gateway models into a single, modular & extensible gateway platform – available in physical appliance & virtual appliance form factors. New, higher capacity & more performant latest generation hardware platform. Takeaway: IBM DataPower Gateway is a security and integration platform for multiple channels including mobile, cloud, API, web, SOA, and B2B workloads; providing security, integration, control & optimization functionality in a single, purpose-built platform that helps to reduce infrastructure complexity, lower operating costs, allow consistent enforcement of security & control policies while improving user experience and helping scale the backend IT infrastructure.

20 Highlights of IBM DataPower Gateway & V7.1
Single multi-channel gateway platform to secure & optimize delivery of mobile, API, web, SOA, B2B, cloud apps, and integrate with IBM MobileFirst & WebSphere platforms Integrates industry-proven access enforcement capabilities of IBM Security Access Manager into the DataPower platform, available as add-on ISAM Proxy Module IBM DataPower Gateway is the new name of a consolidated, extensible & modular platform Converges three existing products, XG45 / XI52 / XB62, into a single modular offering Physical appliance uses purpose-built latest generation hardware platform to provide increased performance & capacity Virtual appliance runs on VMware & Citrix XenServer hypervisors and cloud platforms that support them Easy-to-use & secure B2B integration capabilities, formerly on XB62 appliances only, available as add-on B2B Module Enable authentication from internet consumers & Non-Microsoft consumers to Microsoft systems with Kerberos S4U2Self support Summary: DataPower Gateway is a new modular and extensible appliance offering in physical and virtual form factors. The physical appliance is built on the latest generation hardware platform designed to provide increased capacity, performance, and serviceability to meet mission-critical infrastructure requirements. In addition, firmware V7.1 delivers enhanced advanced security processing capabilities for mobile, web, and B2B workloads through flexible software modules. DataPower Gateway is the new product name of a consolidated appliance offering that utilizes an extensible and modular architecture to offer the functionality provided by three products listed below, in a single, consolidated product through software modules on both physical and virtual appliance form factors: WebSphere® DataPower Service Gateway XG45 WebSphere DataPower Integration Appliance XI52 WebSphere DataPower B2B Appliance XB62 The new DataPower Gateway physical appliance is: Built on the latest generation, purpose-built hardware platform designed to provide increased capacity, performance, flexibility and serviceability as compared to its predecessors A single, consolidated, 2U high-density rack mount design Firmware V7.1: Delivers new modular firmware architecture with new software modules Enables advanced security for mobile and web applications through a software module that is built on industry-leading IBM Security Access Manager technology, capabilities that includes: A highly scalable reverse proxy for user access control and web single sign-on An integrated enforcement point for context-based access policies of IBM Security Access Manager for Mobile Combines key access management features of IBM Security Access Manger with the inherent capabilities of DataPower Gateways for message-level security, IT platform security, and application integration. Users can implement a single gateway to help protect and securely integrate: Mobile applications Browser-based web applications and portals APIs SOA environments B2B applications Provides B2B capabilities that were previously unique to the WebSphere DataPower B2B Appliance XB62 as a software module Adds Kerberos S4U2Self functionality to provide flexible authentication for Microsoft environments Provides reliability, availability, and serviceability enhancements At a glance: IBM® DataPower® Gateway and firmware V7.1 deliver the following: A new DataPower Gateway appliance offering utilizes an extensible and modular architecture to offer a rich set of functionality in a single, consolidated product through licensed modules on both physical and virtual appliance form factors. The latest generation hardware platform is designed to provide increased performance and scalability to meet the needs of mission-critical applications. A single mobile, web, and cloud gateway solution integrates industry-proven access management capabilities of IBM Security Access Manager into the DataPower platform. This enables: Secure, integrated, controlled, and optimized access to web, native, and hybrid mobile applications, which include those that were developed for IBM Worklight® Reduced cost and time-to-value by securing access to a wide variety of applications and workloads, which include mobile, web, cloud, and APIs, with a single gateway platform deployed in the DMZ Enforced, dynamic, context-based access policies, to improve overall security posture, through seamless integration with IBM Security Access Manager for Mobile Traditional, web access management security on DataPower Gateway with web single sign-on, session management, and access policy enforcement for multi-factor authentication Delivers an easy-to-use, security-enhanced B2B integration in a software module. Empowers users with additional authentication capabilities for environments that are based on Microsoft™ technology. Provides reliability, availability, and serviceability enhancements. Detailed Description: Emerging technology trends, like mobile and API management, allow businesses to expand the scope of valuable IT assets to new channels and use cases. These shifts in technology enable businesses to reach consumers, business partners, and clients anywhere in the world at any time. These new opportunities require the enterprise to accommodate additional security capabilities, access controls, and to manage the exponential growth in application traffic. DataPower Gateway is the new name of a consolidated product that utilizes an extensible and modular architecture that offers the functionality provided by three existing products, namely WebSphere DataPower Service Gateway XG45, WebSphere DataPower Integration Appliance XI52 and WebSphere DataPower B2B Appliance XB62, in a single consolidated product through optional software modules on both physical and virtual form factors. The modular design that is used by the new DataPower Gateway appliance provides existing DataPower Service Gateway XG45 functionality as the base product and Integration Appliance XI52 and B2B Appliance XB62 capabilities as optional software modules. The DataPower Gateway physical appliance form factor includes: Purpose-built, DMZ-ready, 2U high-density rack mount design Latest-generation, high performance hardware technology that is designed to provide increased capacity, performance, flexibility, and serviceability compared to its predecessors Hardware cryptography accelerator card to improve performance of both transport, secure sockets layer (SSL) or transport layer security (TLS), and message level security processing Increased serviceability with multiple, field-replaceable parts Improved hardware diagnostics to help identify problems Two network I/O features for increased flexibility, throughput, and reduced latency Eight 1 Gigabit Ethernet ports Two 10 Gigabit Ethernet ports Embedded Hardware Security Module (HSM) optional physical module provides enhanced protection of cryptographic keys that is Federal Information Processing Standard (FIPS) Level 3 certified DataPower Gateway appliances and firmware V7.1 utilizes an extensible and modular architecture and provides enhanced security and integration support for mobile, web, and B2B workloads through optional software modules. They provide a consolidated mobile, web, and cloud gateway solution that integrates industry-proven, access management capabilities of IBM Security Access Manager into the DataPower platform. This enables users to implement a single gateway as policy enforcement point to provide security, control, optimization and integration for a full range of workloads helping to simplify infrastructure, reduce cost and improve time to value. Converged policy enforcement and advanced security for mobile and web applications, which exploit the industry-leading capabilities of IBM Security Access Manager, include: A highly scalable reverse proxy for user access control, web single sign on, and session management The ability to enforce fine-grained, security policies in a high-performance environment to protect mission-critical web and mobile applications A converged, policy enforcement point to reduce network hops, reduce management complexity, and provide easier, single entry point for all types of traffic that include mobile, web, API, SOA, B2B, and cloud An ability to enable advanced authentication methods to enforce web and mobile security policies, such as, context-based access, one-time passwords and multi-factor authentications The capability to use predefined configuration patterns for securing, controlling, and optimizing mobile, web and API workloads Note: IBM Security Access Manager Proxy module is required for the converged policy enforcement point functionality and is available on the following DataPower models: DataPower Gateway DataPower Gateway Virtual Edition (Developer, Production and Non-Production versions) WebSphere DataPower Service Gateway XG45 WebSphere DataPower Service Gateway XG45 Virtual Edition (Developer, Production, and Non-Production versions) WebSphere DataPower Integration Appliance XI52 Virtual Edition (Developer, Production, and Non-Production versions) The Developer version of DataPower Gateway Virtual Edition includes the IBM Security Access Manager Proxy module in the base product at no additional charge. With this offering, you can have easy-to-use, security-enhanced B2B integration that: Provides B2B functionality that is available in existing WebSphere DataPower B2B Appliance XB62 as a software module Includes B2B protocol policy enforcement, access control, message filtering, and data security Supports EDIINT AS1, AS2, ebMS 2.0 protocols plus IBM MQ File Transfer Edition integration Includes EDI, XML and Binary payload routing Includes Trading Partner Profile Management for B2B governance Includes full features interface for B2B configuration and transaction viewing Note: The B2B module is required for B2B integration functionality and is available on the following DataPower models: DataPower Gateway Virtual Edition WebSphere DataPower Service Gateway XG45 Virtual Edition WebSphere DataPower Integration Appliance XI52 Virtual Edition The Developer and Non-Production versions of DataPower Virtual Edition include the B2B module in the base product at no additional charge. Integration and mainframe connectivity that: Provides integration functionality available in WebSphere DataPower Integration Appliance XI52 and B2B Appliance XB62 as a software module. Includes any-to-any message transformation between a wide range of data formats including text, binary, COBOL copybooks, industry standards and custom formats. Offers database connectivity to allow reading and writing of data to relational databases with support for IBM DB2®, IBM IMS™ DB, Oracle, Sybase, and Microsoft SQL Server. Supports IBM IMS Connect and IMS Callout capability to allow easy connectivity to and from IMS transactions. Note: The Integration module is required for this integration and mainframe connectivity functionality and is available on the following DataPower models: The Developer and Non-Production versions of Virtual Edition include the Integration module in the base product at no additional charge. Firmware V7.1 provides flexible, security policy enforcement for Kerberos environments by using S4U2Self. This can help provide protocol transition support by using S4U2Self. This enables transition into Kerberos environments even when the consumer used another authentication mechanism.

21 Single, modular & extensible platform (1 of 2)
IBM DataPower Gateway is the new name of a consolidated, extensible & modular platform Converges three existing products, XG45 / XI52 / XB62, into a single modular offering Available in physical and virtual form factor Supports V7.1 and above Physical Appliance 2U rack mount appliance using latest generation hardware platform Two base editions: Non-HSM and HSM (FIPS Level 3 certified) Each software module is licensed separately Virtual Edition Three editions: Developer, Non-Production, Production Developer includes all software modules at no additional cost, except TIBCO EMS Non-Production includes all software modules at no additional cost, except TIBCO EMS & ISAM Proxy Production: Each software module is licensed separately Add-on software modules provide additional functionality that can be activated quickly when needed IBM API Management solution requires base IBM DataPower Gateway as runtime for executing API workloads

22 Application Optimization
Single, modular & extensible platform (2 of 2) Modules B2B Module B2B DMZ gateway EDIINT AS1,AS2,AS3,ebXML Partner profile management B2B transaction viewer Any-to-Any message transformation Database connectivity TIBCO EMS Module Integrate with TIBCO EMS messaging middleware Support for queues & topics Load balancing & fault-tolerance ISAM Proxy Module User access control, session management, web SSO enforcement Advanced mobile security: mobile SSO, context-based access, one-time password, multi-factor authn Integration with ISAM for Mobile Application Optimization Module Frontend self-balancing Backend intelligent load distribution Session affinity z Sysplex Distributor integration Integration Module Any-to-Any message transformation Database connectivity Mainframe IMS connectivity IBM DataPower Gateway (Base) Secure Authentication, authorization Security token translation Service / API virtualization Threat protection Message validation Message filtering Message digital signature Message encryption AV scanning integration Integrate Transport protocol bridging Message enrichment Message transformation & processing using JavaScript, JSONiq, XQuery, XSLT Mainframe integration & enablement Flexible pipeline message processing engine Control & Manage Service level management Quota & rate enforcement Content-based routing Message accounting Integration w/ management & visibility platforms including IBM API Management & WSRR for policy enforcement Optimize & Offload SSL / TLS offload Hardware accelerated crypto* JSON, XML offload JavaScript, JSONiq, XSLT, XQuery acceleration Local response caching Distributed caching with WXS or XC10 Backend load balancing Physical Appliance 2U rack mount appliance using latest generation hardware platform Two base editions: Non-HSM and HSM (FIPS Level 3 certified) Each software module is licensed separately Virtual Edition Three editions: Developer, Non-Production, Production Developer includes all software modules at no additional cost, except TIBCO EMS Non-Production includes all software modules at no additional cost, except TIBCO EMS & ISAM Proxy Production: Each software module is licensed separately All software modules are field upgradeable * Hardware crypto accelerated operations are provided on the physical appliance through built-in cryptography accelerator card 2U Physical or Virtual Edition

23 Latest Generation Hardware Platform
Purpose-built, high density 2U rack mount design Increased capacity Higher performance CPU & memory Faster cryptographic acceleration card New RAID controller w/ large write cache 192 GB memory Two 1.2 TB high speed hard drives Three management traffic ports 1 RJ45 serial port 2 x 1 GbE ports Ten application traffic ports 8 x 1 GbE ports 2 x 10 GbE ports Trusted Platform Module Customized intrusion detection Cryptographic Acceleration Card Hardware Security Module (Optional, FIPS Level 3 certified) Runtime Hardware Diagnostic Intelligent Platform Management Interface Supercapacitor Powered Flash-backed RAID Cache Multiple Replaceable Units Customer Replaceable Units (CRU) Fan, Power Supply, HDD, Network Module Field Replaceable Units (FRU) Appliance, CPU, Memory, Flash Drive, Coin Battery, Supercapacitor for RAID Cryptographic Acceleration Card, HSM Card, RAID Card 2 10-Gigabit Ethernet NICs 8 1-Gigabit Ethernet NICs RAID mirroring across two drives

24 Comparison with older products
Previously 3 Products (XG45/XI52/XB62) 2 Physical appliances (1U & 2U) 2 Virtual appliances (XG45/XI52) Now 1 Product 1 Physical appliance (2U only) 1 Virtual appliance IBM DataPower Gateway (2U Physical, Virtual Edition) IBM WebSphere DataPower Service Gateway XG45 (1U Physical, Virtual Edition) IBM WebSphere DataPower Integration Appliance XI52 (2U Physical, Virtual Edition) IBM DataPower Gateway + Integration Module (2U Physical, Virtual Edition) IBM WebSphere DataPower B2B Appliance XB62 (2U Physical) IBM DataPower Gateway + B2B Module (2U Physical, Virtual Edition) Integration & B2B Module are independent & can be purchased separately IBM DataPower Gateway Virtual Edition provides the same functionality & modules as physical appliances with the exception of HSM (that provides FIPS Level 3 certification) IBM DataPower Gateway 2U rack mount physical appliance is available with optional HSM (FIPS Level 3 certified)

25 Firmware V7.1, Modules & Supported Platforms
Firmware V7.1 delivers ISAM Proxy Module to enable advance access enforcement of mobile & web use cases B2B Module to enable secure B2B integration capabilities, formerly available on XB62 only Integration Module to enable integration functionality including any-to-any message transformation, database connectivity & mainframe connectivity Kerberos S4U2Self functionality to provide flexible authentication for Microsoft environments Increase in XML Names maximum to allow for large configurations, RAS & other enhancements V7.1 supports the following IBM DataPower Gateway (Physical and Virtual Edition) XG45 (Physical and Virtual Edition) XI52 (Physical and Virtual Edition), XI50B (2426 & 4195 models) XB62 (Physical) ISAM Proxy module requires V7.1 and is available on the following XG45 (Physical, and Virtual Edition) XI52 (Physical, and Virtual Edition) B2B module requires V7.1 and is available on the following Integration module requires V7.1 and is available on the following V7.1 is supported on existing physical appliances, i.e. XG45 / XI52 / XB62, for both 2426 (i.e. Passport Advantage) and 7198/7199 (i.e. AAS) models ISAM Proxy & B2B modules are available for existing physical appliances, i.e. XG45 / XI52 / XB62, for both 2426 (i.e. Passport Advantage) and 7198/7199 (i.e. AAS) models Integration Module is only available on IDG since XG/XI/XB already provide the similar functionality through base and existing modules

26 Silos of security & control are impeding business agility
Business Channels B2B MOBILE SOA APIS WEB CLOUD Users PARTNERS PARTNERS DEVELOPERS DEVELOPERS CONSUMERS EMPLOYEES CONSUMERS EMPLOYEES ALL Historically, organizations have been forced to choose specific enforcement solutions based on the backend applications or IT resources that they are trying to secure, control & integrate, or the channel through which they are trying to expose those resources: SOA gateways API management gateways Web access management proxies B2B gateways Mobile gateways Adding a new business channel, for example moving towards an enterprise wide mobile strategy, has often seen IT leaders introduce additional security & integration solutions into an already heterogeneous landscape. This has led to a fragmented set of technologies, often from multiple vendors, that have different management interfaces, different policy languages, and require a diverse set of skills to work with. In the best case it makes it extremely difficult to implement consistent security & control enforcement policies regardless of the business channel that is being used to access applications and services…in the worst case, it makes it impossible. Many enterprises will deploy multiple gateway or proxy technologies in the DMZ and Trusted Zone, in order to secure, control & integrate access to the data center. However, these are often point solutions that are focused on very specific business channels (web, mobile, B2B,web services, REST APIs). The result is a complex deployment architecture that involves several components from several vendors that might include load balancers, web reverse proxies, service-oriented architecture (SOA) and API gateways, web application firewalls, and caching proxies, among others. A need exists to be able to simplify this architecture in the DMZ and Trusted Zone. Security & Control Solutions B2B GATEWAY SOA GATEWAY API GATEWAY MOBILE GATEWAY WEB ACCESS PROXY CLOUD GATEWAY Applications and Systems Application ESB Service Middleware z System

27 Security & Control Solutions Applications and Systems
Reduce cost + improve security & control with a single gateway Business Channels B2B MOBILE SOA APIS WEB CLOUD Users PARTNERS PARTNERS DEVELOPERS DEVELOPERS CONSUMERS EMPLOYEES CONSUMERS EMPLOYEES ALL Organizations need a single solution, a security and integration gateway, that is capable of handling all types of application workloads with a policy-driven interface. This will promote consistent security, control & integration policy enforcement and provide end-to-end security for transactional workloads, regardless of the business channel that they are coming in through; reduce infrastructure complexity, lower operating costs, allow consistent enforcement of security & control policies while improving user experience and helping scale the backend IT infrastructure. An ideal security integration gateway for the multi-channel enterprise should be able to help secure, control, integrate and optimize workloads across all of these different business channels, and utilize a common policy-based interface. The gateway acts as the policy enforcement point (PEP) for all authentication and authorization decisions related to these combined workloads. But the gateway should do more than access management, it should provide a full range of other capabilities as well, such as helping protect against application-level threats, application acceleration, integration, and traffic management. By deploying a security and integration gateway, enterprises can decouple the enforcement of security and other policies from the underlying application and also provide functional offload of repeatable tasks to allow the backend applications and resources to more efficiently scale to meet the high-volume demands that inevitably occur with mobile and cloud traffic. Security & Control Solutions DataPower Gateway Virtual appliance Physical appliance Applications and Systems Application ESB Service Middleware z System

28 IBM Multi-channel gateway
Leverage the combined capabilities of IBM DataPower Gateway and IBM Security Access Manager in a single, converged security and integration gateway New in V7.1 IBM DataPower Gateway B2B SOA (Web Services) API Native Mobile Hybrid Mobile Web 2.0 (AJAX) Mobile Web Web Browsers and Portals IBM DataPower Gateway ISAM Module App, Service & API security User access security Traffic control & optimization Connectivity & transformation ISAM for DataPower module provides the reverse proxy component that provides enforcement for Centralized user authentication & coarse-grained authorization Session management, & web SSO Context based access & mobile SSO Strong authentication including one-time password and multi-factor authentication

29 What is ISAM for DataPower Module?
ISAM for DataPower module provides the reverse proxy component that is available on ISAM for Web and ISAM for Mobile appliances Base Appliance Reverse Proxy IBM Security Access Manager for Mobile Context based Access (CBA) One-time Password (OTP) / Multi-factor Authentication (MFA) Advanced Security IBM Security Access Manager for Web Load Balancer Protocol Analysis Module (PAM) ISAM Module DataPower ISAM for Web was formerly known as Tivoli Access Manager for E-Business (TAMeb) 29

30 Rapidly Connect Mobile Apps with Enterprise Services
Securely expose enterprise data & APIs to Mobile Apps while optimizing delivery This use case is about connecting your mobile apps to your enterprise data & APIs. In this scenario, a business needs a Mobile Gateway for their Security & Integration needs. Its about doing critical functions such as threat protection, validation, security checks like authentication and authorization, rate limiting & SLA enforcement, message transformation (e.g. JSON to SOAP), protocol mediation (e.g. HTTP to MQ), caching, and intelligent routing & load distribution. At IBM we have a solution for that, in the form of DataPower gateway. Organizations need a single solution, a security and integration gateway, that is capable of handling all types of mobile application & API workloads with a policy-driven interface in the DMZ. This will promote consistent security policy enforcement and provide end-to-end security for transactional workloads, lowering operating costs & reducing infrastructure complexity compared to running multiple gateway and reverse proxy solutions. An ideal security integration gateway should be able to help secure, control, integrate and optimize workloads across all types of mobile apps & APIs, and utilize a common policy-based interface. The gateway acts as the policy enforcement point (PEP) for all threat protection, validation, filtering, authentication and authorization decisions related to these combined workloads. But the gateway should do more than access management, it should provide a full range of other capabilities as well, such as helping protect against application-level threats, application acceleration, integration, and traffic management. By deploying a security and integration gateway, enterprises can decouple the enforcement of security and other policies from the underlying application and also provide functional offload of repeatable tasks to allow the backend applications and resources to more efficiently scale to meet the high-volume demands that inevitably occur with mobile traffic. Advance features: Enforce stronger security controls for BYOD using risk-based security Protect access to sensitive data using multi-factor authentication using one-time passwords Enhance performance of mobile applications with edge caching and optimize message delivery Several examples of businesses using DataPower as a Mobile Gateway for their Security & Integration needs: Large international bank has mobile banking gateway through DP Large Mobile company in the UK has traffic from handsets, REST service calls, being secured via DP Global phone company has their RESTful service calls using JSON and XML from Mobile devices and consumer browsers are secured and load balanced using DP Large retailer went live recently with DP proxying Mobile traffic Consulting business secures their provisioning iPad traffic through DP Wireless carrier secures mobile traffic to account data through DP ….. /apimanagement Middleware / ESB, Legacy Apps IBM DataPower Gateway ISAM Module Apps, Services SSL Offload Threat Protection Rate Limiting / SLA Enforcement Validation, Filtering Authentication Authorization Context-based Access Mobile SS0 Security Token Translation Message Transformation Content-Based Routing Intelligent Load Distribution Response Caching Native, Hybrid, Mobile Web

31 Mobile Gateway solution for on-premise and cloud
Rapidly deliver secure integration & optimized access for enterprise mobile applications DataPower appliance with ISAM module for security enforcement, traffic control & management, application acceleration, transport bridging & message transformation ISAM for Mobile as decision point for context based access (CBA), mobile SSO, strong authentication including one-time password (OTP) & multi-factor authentication (MFA) ISAM for Mobile (Security Decision Point) ISAM Module DataPower Gateway (Security Enforcement Point) Apps, Services, Middleware, z System

32 Multi-Channel Gateway for MobileFirst & WebSphere Products

33 WebSphere Extreme Scale (WXS)
Response Caching Integration with WXS In addition to support for XC10 DataPower Large Response Time 1 3 Improved Load 5 Improve Response Time Client 2 + 4 ? Provider REST Client submits application request. DataPower parses request and queries WXS. On a hit, skip to step 5. On a miss, DataPower forwards request to target Provider. DataPower adds application response to WXS. Client receives response from DataPower. WebSphere Extreme Scale (WXS)

34 Integration with QRadar Security Intelligence Platform
Enhance security intelligence and compliance through integration with QRadar security information and event management (SIEM) platform Coming soon: Device Support Module (DSM) for DataPower Gateways to parse event information DataPower User Provider Client IBM® Security QRadar® SIEM consolidates log source event data from many sources, normalized and correlates that data to provide real-time visibility for threat detection. Ability to enhance enterprise-wide security intelligence and compliance by integrating with IBM Security QRadar Security Intelligence Platform, providing insights into how users access information hosted on-premise or in the cloud. QRadar SIEM

35 DataPower on GitHub Repository of DataPower related tools & collateral
Open source Community driven: Use, collaborate, contribute DataPower Configuration Manager Tool for DataPower configuration management & migration Standalone command line or IBM UrbanCode Deploy plugin DPXMLSH Bash script / shell library for working with DataPower’s XML Management interface Interactive & scripted use

36 Secure. Integrate. Control. Optimize.
7.1 DataPower Released Nov 2014 IBM Gateway Secure. Integrate. Control. Optimize. Consolidated product Single, modular & extensible gateway platform to secure, integrate, control, & optimize full range of workloads New hardware platform Increase capacity & throughput while reducing latency with latest generation hardware Deployment flexibility Use physical or virtual appliance with seamless configuration migration with on-premise & cloud deployments B2B module Centralize B2B trading partner connectivity & transaction management with high performance secure entry point in the DMZ Multi-channel gateway Utilize single gateway with integrated access enforcement from ISAM to secure & optimize delivery of mobile, API, web, SOA, B2B, cloud apps, and integrate with IBM MobileFirst & WebSphere platforms Enhanced security Enable additional flexible authentication from internet consumers & Non-Microsoft consumers to Microsoft systems Slide shows feature/functions on the left and platform/deployment on the right. Introducing IBM’s Multi-channel gateway solution that integrates advanced user access enforcement capabilities of IBM Security Access Manager into the DataPower platform to allow users to utilize a single converged gateway to secure, integrate, control & optimize delivery of workloads for a full range of channels including Mobile, Cloud, API, Web, SOA, & B2B. Simplified product portfolio through consolidation of all existing gateway models into a single, modular & extensible gateway platform – available in physical appliance & virtual appliance form factors. New, higher capacity & more performant latest generation hardware platform. Takeaway: IBM DataPower Gateway is a security and integration platform for multiple channels including mobile, cloud, API, web, SOA, and B2B workloads; providing security, integration, control & optimization functionality in a single, purpose-built platform that helps to reduce infrastructure complexity, lower operating costs, allow consistent enforcement of security & control policies while improving user experience and helping scale the backend IT infrastructure.

37 Agenda DataPower Gateway Overview Recent Releases
What’s New in DataPower Gateway & V7.1 Q&A

38 Getting Social with IBM DataPower Gateways
DataPower on Slideshare LinkedIn IBM DataPower Gateway Group developerWorks Blog YouTube IBM DataPower Gateway Channel Twitter @IBMGateways Online User Forum YouTube Channel: IBM DataPower Gateways Slideshare: IBM DataPower Gateway LinkedIn Group: IBM DataPower Gateway developerWorks blog: IBM DataPower Gateway GitHub: IBM DataPower Gateway Online User Forum Product page on ibm.com Product documentation

39 Available Now: DataPower Handbook, Second Edition, Volume 1
Known as the ‘bible’ of DataPower planning, implementation, and usage. New content to cover previous six years of new products/features, including 9006/7.1! Volume 1 consists of Chap 1 DataPower Intro, Chap 2 Setup Guide, new Preface and two invaluable new appendices for physical and virtual appliances. Available today on Amazon CreateSpace Amazon.com worldwide & Amazon Kindle KindleMatch – buy hardcopy & get ebook for US$2.99 Kinde Unlimited, Kindle lending Available in softcover and e-book formats

40 BACKUP

41 Simple and Secure Architecture
Simple Architecture: Purpose-built firmware + hardware Complete gateway platform delivered as firmware Guiding philosophy is to centralize common security, integration, control, traffic management, acceleration functions and optimize them in a security-hardened gateway appliance Purpose-built Gateways Display Ports database config App Server Apache HTTPD JVM Proprietary Software Linux Daemons JSP Engine glibc libxml Full Linux OS (including shells and user accounts) Bootable CDROM Drive Bootable USB Ports Hardware Commodity Gateways config Hardware DataPower Gateway Platform Digitally Signed and Encrypted Firmware Flash Memory Crypto Acceleration IBM Optimized Embedded Operating Environment How DataPower is different than our competitors 41

42 Configuration-driven approach speeds time to market
Enforce security standards with zero coding Uses intuitive pipeline message processing Import/export configurations between environments Transaction probe shows message content between actions for debugging 42 42

43 Single, modular & extensible platform
IBM DataPower Gateway is the new name of a consolidated, extensible & modular platform Converges three existing products, XG45 / XI52 / XB62, into a single modular offering Available in physical and virtual form factor Physical Appliance 2U rack mount appliance using latest generation hardware platform Two base editions: Non-HSM and HSM (FIPS Level 3 certified) Each software module is licensed separately Virtual Edition Three editions: Developer, Non-Production, Production Developer includes all software modules at no additional cost, except TIBCO EMS Non-Production includes all software modules at no additional cost, except TIBCO EMS & ISAM Proxy Production: Each software module is licensed separately All software modules are field upgradeable ISAM Proxy Module Integration Module B2B Module AO Module TIBCO EMS Module Supports V7.1 & above (2U Physical, Virtual Edition)

44 Capabilities Secure Integrate Control Optimize
Rapidly deliver secure integration & optimized access for a full range of workloads Secure & protect your back-end systems from harmful workloads and unauthorized users & apps Convert payloads, bridge transports and connect to existing services at wire-speed Limit & shape traffic based on service level agreements, and route based on message content Improve response times, reduce load on backend systems and intelligently distribute load Secure Integrate Control Optimize Before DataPower Gateway After DataPower Gateway Consumer Secure Integrate Control Consumer Consumer Optimize Consumer 44

45 Connect Mobile Apps with Enterprise Services
Securely expose enterprise systems & APIs to Mobile Apps while optimizing delivery This use case is about connecting your mobile apps to your enterprise data & APIs. In this scenario, a business needs a Mobile Gateway for their Security & Integration needs. Its about doing critical functions such as threat protection, validation, security checks like authentication and authorization, rate limiting & SLA enforcement, message transformation (e.g. JSON to SOAP), protocol mediation (e.g. HTTP to MQ), caching, and intelligent routing & load distribution. At IBM we have a solution for that, in the form of DataPower gateway. Organizations need a single solution, a security and integration gateway, that is capable of handling all types of mobile application & API workloads with a policy-driven interface in the DMZ. This will promote consistent security policy enforcement and provide end-to-end security for transactional workloads, lowering operating costs & reducing infrastructure complexity compared to running multiple gateway and reverse proxy solutions. An ideal security integration gateway should be able to help secure, control, integrate and optimize workloads across all types of mobile apps & APIs, and utilize a common policy-based interface. The gateway acts as the policy enforcement point (PEP) for all threat protection, validation, filtering, authentication and authorization decisions related to these combined workloads. But the gateway should do more than access management, it should provide a full range of other capabilities as well, such as helping protect against application-level threats, application acceleration, integration, and traffic management. By deploying a security and integration gateway, enterprises can decouple the enforcement of security and other policies from the underlying application and also provide functional offload of repeatable tasks to allow the backend applications and resources to more efficiently scale to meet the high-volume demands that inevitably occur with mobile traffic. Advance features: Enforce stronger security controls for BYOD using risk-based security Protect access to sensitive data using multi-factor authentication using one-time passwords Enhance performance of mobile applications with edge caching and optimize message delivery Several examples of businesses using DataPower as a Mobile Gateway for their Security & Integration needs: Large international bank has mobile banking gateway through DP Large Mobile company in the UK has traffic from handsets, REST service calls, being secured via DP Global phone company has their RESTful service calls using JSON and XML from Mobile devices and consumer browsers are secured and load balanced using DP Large retailer went live recently with DP proxying Mobile traffic Consulting business secures their provisioning iPad traffic through DP Wireless carrier secures mobile traffic to account data through DP ….. SSL Offload Threat Protection Rate Limiting / SLA Enforcement Validation, Filtering Authentication, Authorization Context-based Access, Mobile SS0 Security Token Translation Message Transformation Content-Based Routing Intelligent Load Distribution Response Caching

46 DataPower Gateway: Supported standards & protocols
Data format & language JavaScript JSON JSON Schema JSONiq REST SOAP 1.1, 1.2 WSDL 1.1 XML 1.0 XML Schema 1.0 XPath 1.0 XPath 2.0 (XQuery only) XSLT 1.0 XQuery 1.0 Security policy enforcement OAuth 2.0 SAML 1.0, 1.1 and 2.0, SAML Token Profile, SAML queries XACML 2.0 Kerberos (including S4U2Self, S4U2Proxy) SPNEGO RADIUS RSA SecurID OTP using RADIUS LDAP versions 2 and 3 Lightweight Third-Party Authentication Microsoft Active Directory FIPS Level 3 (w/ optional HSM) FIPS Level 1 (w/ certified crypto module) SAF & IBM RACF® integration with z/OS Internet Content Adaptation Protocol W3C XML Encryption W3C XML Signature S/MIME encryption and digital signature WS-Security 1.0, 1.1 WS-I Basic Security Profile 1.0, 1.1 WS-SecurityPolicy WS-SecureConversation 1.3 Transport & connectivity HTTP, HTTPS, WebSocket Proxy FTP, FTPS, SFTP WebSphere MQ WebSphere MQ File Transfer Edition TIBCO EMS WebSphere Java Message Service IBM IMS Connect, & IMS Callout NFS AS1, AS2, AS3, ebMS 2.0, CPPA 2.0, POP, SMTP (XB62) DB2, Microsoft SQL Server, Oracle, Sybase, IMS Transport Layer Security TLS versions 1.0, 1.1, and 1.2 SSL versions 2 and 3 Public key infrastructure (PKI) RSA, 3DES, DES, AES, SHA, X.509, CRLs, OCSP PKCS#1, PKCS#5, PKCS#7, PKCS#8, PKCS#10, PKCS#12 XKMS for integration with Tivoli Security Policy Manager (TSPM) Management Simple Network Management Protocol SYSLOG IPv4, IPv6 Open File Formats Distributed Management Task Force (DMTF) Open Virtualization Format (OVF) Virtual Machine Disk Format (VMDK) Virtual Hard Disk (VHD) Web services WS-I Basic Profile 1.0, 1.1 WS-I Simple SOAP Basic Profile WS-Policy Framework WS-Policy 1.2, 1.5 WS-Trust 1.3 WS-Addressing WS-Enumeration WS-Eventing WS-Notification Web Services Distributed Management WS-Management WS-I Attachments Profile SOAP Attachment Feature 1.2 SOAP with Attachments (SwA) Direct Internet Message Encapsulation Multipurpose Internet Mail Extensions XML-binary Optimized Packaging (XOP) Message Transmission Optimization Mechanism (MTOM) WS-MediationPolicy (IBM standard) Universal Description, Discovery, and Integration (UDDI versions 2 and 3), UDDI version 3 subscription WebSphere Service Registry and Repository (WSRR) Link to Product Documentation

47 Over 14 years of innovation & 2000+ global installations
Optimized Interpreter and Compiler XA35 2000 XS40 2001 2002 XI50 Optimized Hardware Acceleration 2003 2004 Model 7993 (aka 9003) 2005 Gigabit/Sec HW Solution 2006 XB60 2007 XI50B Blade 2008 Acquisition 2009 XI50z Blade WebSphere Transformation Extender Model 9235 (aka 9004) 2010 XG45, XI52 & XB62 ITCAM for SOA (Transaction Monitoring) 2011 Virtual Edition (VMware) Application Optimization (Self-Balancing & Intelligent Load Distribution) 2012 Lets take a brief look at the history of DP to get a better perspective on how the product portfolio has evolved based on customer demand & feedback over the years and the innovation that has enabled it to become the market leader WebSphere Appliance Management Center Virtual Edition (PureApplication System) 2013 2014 Virtual Edition (for Developers + XenServer) IBM DataPower Gateway Optimized & secure JavaScript Multi-channel Gateway Consolidated Gateway Platform ISAM Proxy Module 47 47

48 The adoption of cloud, analytics, mobile, and social computing is forcing organizations to open IT assets to new business channels 73% of organizations discovered cloud usage outside of IT or security policies Between 2005 and 2020, the amount of data in the world will grow 300X, from 130 to 40,000 exabytes. 81% of adults use personally owned mobile devices for conducting business 70% of employees are engaged in social activities both internally and externally In the past, private data, software and code could be reasonably protected behind a network perimeter of security & control. With the rise of mobile, that perimeter can no longer be the most important line of defense when it comes to security threats & IT control. Organizations must develop mobile security & control strategies that go beyond the perimeter of the enterprise and into the mobile sphere. Similarly, as the API economy continues to expand, organizations are realizing that they are providing services to new users, new stakeholders that may or may not fit into the security & control realms that have been previously established. The dramatic growth in adoption of mobile, cloud, and social computing presents many security & control challenges for the multi-channel enterprise. There exists an increased demand to be able to control access to systems and resources that were previously only available from within the enterprise. However, as these applications are opened up to new business channels, and made accessible across the Internet, enterprises must control who is accessing those systems and under what context. …and challenging them to rethink the way they have traditionally approached security & control 48


Download ppt "IBM DataPower Gateway & V7.1 Overview"

Similar presentations


Ads by Google