ibm datapower appliances - what's new in 2013 (v6.0)

© 2013 IBM Corporation

What’s New in DataPower Appliances V6.0

Arif Siddiqui

Product Manager, DataPower Appliances

IBM

22 © 2013 IBM Corporation

Agenda

• DataPower Quick Overview

• What’s new in DataPower Virtual Edition

• What’s new in DataPower v6.0


Introduction to DataPower Gateway Appliances

IBM DataPower Gateway Appliances are the industry-leading

Security & Integration gateways that help provide security, control, integration

and optimized access to a full range of

Mobile, Web, API, SOA, B2B and Cloud workloads


Security & Integration Gateway Appliances

• Securely expose enterprise data to external consumers/partners, while optimizing delivery of the workload

• Securely connect apps/services within the enterprise, while optimizing delivery of the workload and providing integration including XML offload, message validation/filtering, message/transport protocol transformation, traffic control/quota enforcement, SOA governance & management, dynamic routing & intelligent load distribution

• Physical appliance that is purpose-built, tamper-evident with simplified deployment combining superior performance, hardened security, increased ROI and reduced TCO

• Provides high levels of certified Security assurance‒ e.g. Transport Protocol Security (SSL/TLS), Message Level Security, and Authentication,

Authorization, Audit• Simplified maintenance model

‒ Drop-in appliance form-factor, Secures traffic in minutes, and Push-button flash upgrade process• Over a decade of innovation. 2000 worldwide installations. 10,000+ physical units sold• Virtual appliance provides deployment flexibility & reduced cost for development and test

environments

IBM DataPower Gateway Appliances

Internet Trusted Domain

Consumer

Application or Service

DMZ

DataPower DataPower

Consumer


Internet Trusted Domain

Consumer

Application or Service

System z

DMZ

DataPower DataPower

IBM Integration

Bus

Application Service FileTrading partners

DataPower appliances used across a variety of scenarios

1 Security Gateway

(Web Services/Apps/APIs)

2 Intelligent Content

Routing & Load Distribution

3 B2B Partner Gateway

4 Internal Security Enforcement

5 Integration

6 Runtime SOA Governance

7 Web Service Management

8 Legacy Integration

Consumer


Update applicationservers individually

Before DataPower Appliances

Secure, control, integrate, & optimize all applications instantly

No changes to applications

After DataPower Appliances

� Secure, control, integrate & optimize multiple applications without code changes

� Lower cost and complexity

� Enable new business with unmatched performance

Use appliances to simplify & centralize critical functions

Control

Integrate

Route & Optimize

Secure


• Control‒ Service-level agreements‒ Traffic control‒ Message accounting‒ Content-based routing‒ Governance & management

• Optimization‒ SSL & TLS offload‒ Hardware accelerated crypto ops‒ XSLT & XQuery acceleration‒ JSONiq acceleration‒ Connection pooling, offload‒ Intelligent load distribution‒ Caching: Local & external (XC10)

• Security‒ OAuth, SAML, XACML, WS-

Security, LTPA, Kerberos, etc‒ Authentication & authorization‒ Security token translation‒ Message & transport protection

• Integration‒ Convert payloads (JSON, XML,

CSV, Cobol, binary, etc)‒ Bridge transports (HTTP, MQ, FTP,

WAS JMS, TIBCO EMS, etc)‒ Database connectivity (DB2, IMS,

Oracle, MS SQL, Sybase)‒ Mainframe integration (IMS

Connect, IMS Callout, CICS, etc)‒ B2B integration (AS1,AS2,AS3,etc)

• Resilience‒ Operation admission control‒ Failure re-routing‒ XML threat protection‒ JSON threat protection‒ Schema validation‒ Messages filtering

Clients

In-the-Clear Request

Malicious Request

Cobol/MQ Appl

Cobol/MQ

Encrypted and Signed Request

Serv

ice P

rovid

ers

IBM DataPower Gateway Appliance capabilities


DataPower Family

Integration Appliance XI52� High density 2U form, XG45 functionality plus

� “Any-to-Any” conversion at wire-speed

� Bridges multiple transport protocols

� Mainframe integration & enablement

� Available in Virtual Edition

Service Gateway XG45� Entry-level device, slim footprint (1U)

� Security gateway (AAA, XML threat, etc)

� Service level management and monitoring

� Intelligent load distribution & dynamic routing

� Lightweight integration functions (optional)

� Available in Virtual Edition

B2B Appliance XB62� High density 2U form, XI52 functionality plus

� B2B Messaging (AS1/AS2/AS3/ebMS)

� Trading Partner Profile Management

� B2B Transaction Viewer

Integration Blade XI50B/XI50z� Functionally equivalent to XI52

� Form factor flexibility

� XI50B: BladeCenter form factor

� XI50z: zEnterprise BladeCenter Extension (zBX) form factor


• Used by 95% of top global insurances firms

• SaaS providers, ASPs, regulators, etc.

• Agencies and ministries• Defense and security organizations• Crown corporations

Insurance

Government

Banking

• Healthcare• Retailers• Utilities, Power, Oil and Gas• Telecom• Airlines• etc.

Many, many, more

• Majority of the big US and European banks

• All of the big 5 Canadian banks• Numerous regional banks and credit

unions

DataPower Gateway Appliances

Over a decade of innovation & over 2000 worldwide installations


Agenda





DataPower Appliances extend its market leading Security & Integration Gateway

functionality into Virtual Appliances providing deployment flexibility

Business IntegrationBusiness Value:

� Industry-leading workload security, optimization, and

integration functionality similar to the corresponding physical

DataPower appliance models

� A flexible, cost effective Security & Integration Gateway for

non-production environments

� A production solution for environments not suitable for

physical appliance deployment

What’s new:

� WebSphere DataPower XG45 & XI52 physical appliance

functionality in a “virtual appliance” form-factor running on

VMware hypervisor on x86 servers, IBM PureApplication

System W1500, & IBM Workload Deployer platforms

� Ability to upgrade & downgrade firmware similar to physical

appliances

� Seamless configuration migration between physical and

virtual appliances

� Powered by a purpose-built platform including an embedded,

optimized DataPower Operating System

x86 Server

IBM DataPower Virtual EditionDeployment flexibility & reduced cost for development and test environments


IBM DataPower Virtual Edition: Overview

� VMware ESX v4.0 Update 2, v4.1 OR ESXi v4.0 Update 2, v4.1, v5.0, v5.1Hypervisor

� Minimum virtual resources for each virtual edition appliance: 4 vCPU (i.e. virtual core) and 4GB RAMRequirements

� Delivered as an Open Virtualization Archive (OVA) packagePackage

� Priced based on Processor Value Unit (PVU). Available through Passport Advantage. Pricing

� x86 Servers, IBM PureApplication System W1500, IBM Workload Deployer utilizing x86 hardwarePlatform

� Two functionally equivalent versions, Production & Non-Production, for each product. Each licensed and priced separately:

� XG45 Virtual Edition for Non-Production Environments: For non-production use. Includes following optional

features at no additional cost: Application Optimization, Data Integration Module

� XG45 Virtual Edition: For production use. All optional features must be ordered separately, all are field

upgradeable.

** Both XG45 Virtual Edition versions include Tivoli Access Manager feature in the base product like physical appliance models

� XI52 Virtual Edition for Non-Production Environments: For non-production use. Includes following optional

features at no additional cost: Application Optimization, Database Connectivity, Tivoli Access Manager

** TIBCO EMS option must be ordered separately

� XI52 Virtual Edition: For production use. All optional features must be ordered separately, all are field upgradeable.

Version

� Same workload security, optimization, & integration functionality as the corresponding physical appliance model.

Exceptions, besides lack of physical security features (e.g. tamper-resistant hardware), include capability implemented or enhanced via hardware in physical appliances:

� No Hardware Security Module (HSM) support for FIPS 140-2 Level 3 compliance

� No hardware acceleration support for cryptographic operations

� Seamless configuration migration, through export/import feature, between physical and virtual appliances� Full-appliance secure backup/restore only works within the same form factor, i.e. virtual to virtual & physical to physical

� Each “virtual appliance” is powered by a purpose-built platform and includes an embedded, optimized DataPower

Operating System

� Uses signed/encrypted firmware images like physical appliances, doesn’t allow installation of other software

� Uses “scrypt4” format firmware image (scrypt2/3 used for physical appliances), does not run or support firmware prior to v5.0.0

Functionality

� WebSphere DataPower Service Gateway XG45 Virtual Edition (Passport Advantage Product ID: 5725-J90)

� WebSphere DataPower Integration Appliance XI52 Virtual Edition (Passport Advantage Product ID: 5725-J91)

Product Name


Agenda





What’s NewSummary

IBM DataPower Gateway Appliances extend industry-leading

service-oriented architecture (SOA) and business-to-business (B2B)

security, control, optimization, and integration capabilities to

web, mobile, and API workloads


Secure integrationSecurely integrate API, Web & Mobile workloads, in addition to SOA & B2B

Mobile-ready security gatewaySecure & optimize delivery of Mobile applications & integrate with IBM Worklight

Faster consistent response timeReduce load on back-end systems and optimize delivery through local & external caching and intelligent load distribution

Secure. Integrate. Optimize.

Pattern-based configurationCreate & deploy common configuration patterns for reduced time to value, improved productivity & quality

Deployment flexibilityUse physical or virtual appliance with seamless configuration migration

System z integrationEasily consume external web services from IMS & expose IMS data as a service

6DataPower


Secure, integrate & optimize access to Web, Mobile & API workloads IBM DataPower Gateway Appliance v6.0

DataPower Appliances extend its market leading Security & Integration

Gateway for Web, Mobile & API workloads, in addition to SOA & B2B, reducing infrastructure complexity &

lowering TCO


� Secure integration of Web, Mobile, API, SOA & B2B workloads in a single,

highly secure, highly consumable, DMZ-ready appliance

� Operational agility for WAS Network Deployment environments

� Fast & consistent response time for enterprise applications including mobile &

web apps with local & external caching reducing load on back-end systems

� Enhanced System z integration with IMS systems for reduced TCO

� Faster time to value & improved developer productivity with configuration

pattern-authoring & deployment support

What’s new:

� Provides the API gateway functionality for IBM API Management V2.0

� Quick integration with IBM Worklight to secure mobile web traffic

� Improved REST services handling with native JSON support including schema

validation & query, extract, filter & transform through JSONiq

� New XML data query, extraction & manipulation support with XQuery 1.0

� Enhanced security with improved OAuth 2.0 and new support for Kerberos

constrained delegation & TLS 1.1/1.2

� Improved WS-MediationPolicy consumption from WSRR & SLAs for non-

SOAP traffic

� Embedded On-Demand Router functionality for WAS ND environments

� Optimized application delivery with response caching on-the-box & seamless

integration with elastic caching XC10 appliances

� New System z integration capabilities allowing IMS transactions to easily

consume external web services & easy consumption of IMS data as a service

� Simple ability to create & deploy common DataPower configuration patterns


On Premise

App Developer Portal

Business

Ops Dashboard

Enterprise

ServicesDataPower

Dev Ops

Dashboard

Web Apps

Mobile

Create, Manage, Socialize APIs•Dev Ops Dashboard for easy assembly of new APIs and to secure and manage APIs from an IT Ops

perspective, API lifecycle mgmt

•Business Ops Dashboard with analytics and controls to publish APIs, document APIs, set quotas,

manage communities and monitor service levels

•Application Developer Portal with Self-Service registration and with hooks into social communities

On-Premise DMZ-ready API Gateway•Rapid on-ramping of APIs

•API security; SSL termination, Threat protection, Authentication, Authorization with OAuth

•Quota enforcement / Traffic control; Enforce API consumption policies

•Monitors API use

•Caching support for both on-box local and remote caching using XC10

•Intelligent routing and load distribution

IBM API Management V2.0 (On-Premise)Secure, control and optimize access to APIs through DataPower


IBM API Management (On-Premise)

DataPowerXG45 w/ DIM & AO option,

XI50, XI50B, XI52 w/ AO option

• REQUIRED component

• Physical or Virtual

• Purchase new or re-use

existing appliances

Secure, Control,

Optimize

Cast Iron Standard Edition

• OPTIONAL component

•Physical or HVE

•Purchase new or re-use

existing appliances

Create

(Assemble)

IBM API Management

• 2 Hypervisor Installs

Create, Publish,

Manage, Socialize

API Gateway

IBM API Management V2.0

1 Solution, 1 Pane of Glass1 Solution, 1 Pane of Glass

Available in IBM API Management V2.0 & DataPower V6.0


e.g. REST (JSON/XML)

over HTTPS

SSL Offload

Threat Protection

Rate Limiting

Validation, Filtering

now with Native JSON Support**

Authentication

Authorization

Security Token Translation

Transformation

Content-Based Routing

Intelligent Load Distribution

now with On Demand Router for WAS ND**

Response Caching Locally or to XC10 **

Securely expose enterprise data to Mobile Apps while

optimizing delivery of the workload

Securely expose enterprise data to Mobile Apps while

optimizing delivery of the workload

Worklight, WAS ND

e.g. SOAP

over HTTPS

Message Oriented,

Legacy Apps

Web Apps, Services

Connect Mobile Apps with Enterprise Apps & Services

IBM DataPower Gateway Appliance

Security, Control, Integration & Optimization of mobile workload

Enhanced form-based authentication support for quick integration with Worklight applications running on mobile devices **Ready-to-use configuration pattern as reverse proxy & security policy enforcement point in front of Worklight Server**

** Available in DataPower firmware version 6.0


XQuery 1.0 Flexible XML data manipulation

<gold-customers>

{

for $x in orders/order

where $x/price >= 100.00

order by $x/last

return <customer first="{$x/first}" last="{$x/last}" />

}

</gold-customers>

• Query, extract, filter, transform XML messages using XQuery 1.0‒ Efficient data query & manipulation of XML‒ Simple scripting language syntax provides ease of use‒ Built-in functions & FLWOR statements improve productivity & reduce LoC

<orders>

<order><first>John</first> <last>Smith</last><sku>20223</sku><price>23.95</price> </order>

<order><first>Alice</first><last>Brown</last><sku>54321</sku><price>199.95</price></order>

<order><first>John</first> <last>Smith</last><sku>23420</sku><price>104.95</price></order>

<order><first>Bob</first> <last>Green</last><sku>90231</sku><price>300.00</price></order>

<order><first>Scott</first><last>Jones</last><sku>54321</sku><price>199.95</price></order>

<order><first>Jim</first> <last>Lee</last> <sku>89820</sku><price>46.50</price> </order>

</orders>

<?xml version="1.0" encoding="UTF-8"?>

<gold-customers>

<customer first="Alice" last="Brown"/>

<customer first="Bob" last="Green"/>

<customer first="Scott" last="Jones"/>

<customer first="John" last="Smith"/>

</gold-customers>

XQuery is not XML!

INPUT

OUTPUT

FLWOR:ForLetWhereOrder byReturn

Query orders with purchase of at least $100


Native JSON Support Enhanced security & control for REST services

• JSON is now a first class, native format on DataPower similar to XML‒ High-speed parsing and tuned compilation with native execution

• JSON schema validation: Security & input validation‒ Built-in validate action

‒ Support for draft 3 of IETF specification (http://tools.ietf.org/html/draft-zyp-json-schema-03)

{ "name" : "John Smith",

"sku" : "20223",

"price" : "23.95",

"shipTo" : { "name" : "Jane Smith",

"address" : "123 Maple Street",

"city" : "Pretendville",

"state" : "NY",

"zip" : "12345" },

"billTo" : { "name" : "John Smith",



"state" : "NY",

"zip" : "12345" }

}

{

"type": "object",

"properties": {

"name": { "type": "string" },

"sku": { "type": "string" },

"price": { "type": "number", "minimum": 0 },

"shipTo": {

"type": "object",

"properties": {


"address": { "type": "string" },

"city": { "type": "string" },

"state": { "type": "string" },

"zip": { "type": "string" }

}

},

"billTo": {

"type": "object",

"properties": {


"address": { "type": "string" },

"city": { "type": "string" },

"state": { "type": "string" },

"zip": { "type": "string" }

}

}

}

}

JSON SchemaJSON Message


Native JSON Support Enhanced security & control for REST services

• JSON is now a first class, native format on DataPower similar to XML‒ High-speed parsing and tuned compilation with native execution

• Query, extract, filter, transform JSON messages using JSONiq‒ Extension to XQuery: Like SQL for JSON and XML

‒ Efficient data query and manipulation of JSON

‒ Support for JSONiq spec 0.4.42 (http://jsoniq.org/docs/spec/en-US/html-single/index.html)

{ "name" : "John Smith",

"sku" : "20223",

"price" : "23.95",

"shipTo" : { "name" : "Jane Smith",



"state" : "NY",

"zip" : "12345" },

"billTo" : { "name" : "John Smith",



"state" : "NY",

"zip" : "12345" }

}

{ "name" : "Jane Smith",



"state" : "NY",

"zip" : "12345"

}

*** ABORTED: Error noshipHI: Sorry, we do not ship to

Hawaii.

declare namespace output = "http://www.w3.org/2010/xslt-xquery-serialization";

declare option jsoniq-version "0.4.42";

declare option output:method "json";

.("shipTo")

Extract shipping address

declare namespace output =

"http://www.w3.org/2010/xslt-xquery-serialization";


declare option output:method "json";

if (.("shipTo")("state") = "HI")

then fn:error(fn:QName('http://example.org/mine',

'myerr:noshipHI'),

'Sorry, we do not ship to Hawaii.')

Filter shipment to Hawaii


<order>

<name>{.("name")}</name>

<price>{.("price")}</price>

<state>{.("shipTo")("state")}</state>

</order>

Transform to XML

<?xml version="1.0" encoding="UTF-8"?>

<order><name>John

Smith</name><price>23.95</price><state>NY</state></order>

[{ "given" : "John", "surname" : "Smith", "sku" : "20223", "price" : 23.95},

{ "given" : "Alice", "surname" : "Brown", "sku" : "54321", "price" : 199.95},

{ "given" : "John", "surname" : "Smith", "sku" : "23420", "price" : 104.95},

{ "given" : "Bob", "surname" : "Green", "sku" : "90231", "price" : 300.00},

{ "given" : "Scott", "surname" : "Jones", "sku" : "54321", "price" : 199.95},

{ "given" : "Jim", "surname" : "Lee", "sku" : "89820", "price" : 46.50}]

Alice Brown

Bob Green

Scott Jones

John Smith


for $x in jn:members(.)

where $x("price") >= 100.00

order by $x("surname")

return concat($x("given"), ' ', $x("surname"), '
')

Query members with purchase of at least $100

INPUTOUTPUT


• OAuth is an open standard for authorization. It provides a method for resource owners to grant limited access to their resources to third party clientapplications without sharing credentials .

Security Enhancements Enhanced OAuth 2.0 support & additional features enable new security use cases

• New OAuth 2.0 specification support‒ Public Client & Implicit Grant Type

� Enables Clients that cannot keep their credentials confidential or can only support simple authorization flows

� Browser-based & native applications including mobile ones

‒ Refresh Token� Allows Clients to obtain new access tokens upon expiration

without going through initial login sequence

• Additional new features‒ SSL Client Certificate Authentication Method

� Client can provide it’s certificate for authentication rather than a secret (i.e. 2-way SSL aka SSL mutual authentication

‒ Revoke Token� Provides better flexibility & control to Client & Resource

Owner, either can revoke� Client can revoke to logout

� Resource Owner can revoke in case of compromised password or lost mobile device


• Kerberos constrained delegation (S4U2Proxy)‒ Preserve the client identity from the incoming Kerberos

ticket for the backend service when DataPower is acting as a proxy

• Transport Layer Security (TLS) 1.1 & 1.2 ‒ Helps meet security guideline (e.g. NIST SP 800-131A)

• LDAP ‒ Connection Pooling: Configured per XML Mgr

� ldap-search(), ldap-simply-query(), AAA

� Improve performance & reduce load on LDAP server

‒ Read Timeout� Extension functions, AAA, CRL, RBM

� Handle slow or unresponsive LDAP server

Security Enhancements Enhanced transport and message security


ApplicationServers

WAS ND Cluster

Application

Servers

WAS ND Cluster

Security Enhancements Enhanced transport and message security

• SSL Proxy Service enhancements‒ Forward proprietary protocol traffic with SSL across

DMZ and within the enterprise� SSL offload & termination

‒ New features

� Transaction timeout (address long lived connections)

� Max client connection limit (configurable)

� Client-side idle timeout (address misbehaving client)

� Server-side idle timeout (address misbehaving/over loaded server)

� Additional logging & improved reliability

• ISAM (formerly TAM) integration enhancements‒ Support for 6.1.1 and 7.0

‒ Support co-existence of multiple registry type

‒ Ships four ISAM client library versions in the

firmware and allows user to select the version

� 6.0, 6.1, 6.1.1, 7.0 (XG45, XI52, XB62, XI50B, VE)

� If ISAM server undergoes an upgrade, then appropriate DataPower ISAM client can be selected to match

� TLS 1.2 or NIST compliance option for ISAM 7.0


• Capability added to Multi-Protocol Gateway Service (MPGW) to enforce

business requirements by consuming WS-MediationPolicy from WSRR Subscriptions and as locally attached policy for non-SOAP traffic

� Implement Service Level Agreements (SLA) enforcement on DataPower via

declarative policy documents without manually creating DataPower configuration

artifacts

MPGW SLA & WS-MediationPolicy Support

Flexible traffic control policy consumption & enforcement for non-SOAP traffic

Visibility and Control• Reduce costs and increase

operational efficiency of enterprise boundaries

• Increase enterprise agility through rapid realization of policies and SLAs in response to business change

• Centrally manage and govern service and associated policies exposed at service gateway

• Enable automatic deployment of operational policies and SLA to service gateways

WSRR

DataPowerSubscribed to a collection of services defined by

WSRR saved search

‘WebBankingServicesQuery’

Can also subscribe directly to a Service Version


DataPower

Consume & enforce

Enforce Policy & SLAs

WSRRModel Policy & SLAs

Policy Admin /

Operations

Manage Policies & Services

SLAPolicy

App1

App2

Service

SLAPolicy

Traffic Control Policy Management & Enforcement


Optimization: Intelligent Routing & Load DistributionOperational agility for WAS ND environments

� Embedded On Demand Router (ODR) to intelligently route HTTP traffic to WAS ND� Intelligent routing & load distribution to backend WAS ND environments, including those running

Worklight Server, based on dynamic, real-time topology, application and workload information� ODR is central to providing the Intelligent Management features of WAS– Automatic routing: discovers & recognizes all changes which affect routing– Application edition routing: upgrade applications without incurring outages– Multi-Cell routing: Automatically route to different application in multiple cells– Weighted Least Outstanding Request (WLOR) load balancing: Quickly redirect traffic away from slow and hung backends– Automatically populate custom headers needed by WAS to process traffic– High available control connection to WAS: REST-based service automatically available on dmgr and nodeagent

� When to use ODR compared to current AO ILD support?� Whenever you have a WAS backend

– More OOTB functionality: Multi-Cell routing, header population, does not require installation of application on WAS, etc

– Smaller configuration footprint: Requires much less configuration on DataPower, connect once and go

– Built-in high availability of control connection to retrieve dynamic information from WAS

– Consistent technology across DP and IBM HTTP Server (IHS)

� Requires Application Optimization software option

Cluster 1

Cluster 2

Cluster 3

Cell 1

Cell 2

DataPower w/ ODR

WAS ND EnvironmentDataPower performs dynamic routing and load distribution

leveraging dynamic information from back-ends

Clients


Reduced time to value with integrated Gateway & Caching appliances

� Out-of-the-box “one-click” configuration options provide efficient and secure cache operations

‒ Encrypt/decrypt data stored in the XC10

‒ Obfuscate the cache key used to identify a data item

‒ Sub-second timeout on cache requests

‒ Load balance requests across a collective of XC10 instances

� Remotely manage and monitor XC10 data grid directly from DataPower management interface

‒ Create data grid on XC10

‒ Clear data grid on XC10

‒ View high-level cache statistics to verify effectiveness of caching policies

� Greatly reduce the number of lines of XSLT required to interact with XC10 from a DataPower processing policy

‒ Define XC10 data grid to DataPower once and reuse in multiple policies

‒ Easy to use XC10-specific URL format for use with standard url-open extension function

‒ Automatically manage HTTP session cookies required by XC10 REST gateway interface

‘Off-box’ Caching integration with XC10 appliances already available

** Available in DataPower firmware version 5.0.0.4


Optimization: Backend Response CachingAccelerate workload delivery & reduce load on backend systems

Provider

Lo

w L

oad

Fast Response Time

ClientDataPower

21

3

Slow Response Time

DataPower

REST

DataPower XC10

Provider

Lo

w L

oad

Fast Response TimeClient

31

5

Slow Response Time

2 4

� Features– Cache HTTP(s) GET, PUT, POST requests

– Smart RESTful cache invalidation

– Return stale documents

– Supports cache validation requests

– Cache based on HTTP 1.1 cache control headers

– Supports user-defined cache key

– Little to no XSLT required

� Policy-driven local ‘on-box’ HTTP(s) backend response caching & seamless

integration with XC10 appliances for ‘off-box’, shared, elastic caching– Built into base product

• Improve client observed response time

• Reduce backend server load

• Improve system throughput� Local ‘on-box’ caching

– Utilizes appliance memory

– Unique to individual appliance

� External ‘off-box’ caching– Utilizes XC10 appliances

– Distributed, shared & elastic cache accessed across multiple appliances


� IMS Callout feature allows IMS transactions to easily consume external web services via DataPower, with minimal application updates required – Requires one of the following models: XI52, XI52 VE, XI50B, XB62

Enhanced value for System z & IMSNew integration capabilities between DataPower and IMS

� IMS DB feature supports DataPower integration

with IMS database through SQL interface‒ Enrich messages with database content

‒ Expose data as a service to remote applications

‒ Requires one of the following models:

� XG45 or XG45 VE (with Database Integration Module option)

� XI52, XI52 VE or XI50B (with Database Connectivity option)

� XB62

Client

SOAP / REST

DataPower

DRDA

IMSOTMA

App1IMS

ConnectApp2

Service Provider

SOAP / REST

DataPower

TCP/IP

Service Consumer

IMS Callout


Patterns capture a tested solution to a common recurring use case

Ships with 10 Pre-built patterns for common

web application & web services scenarios

• Reduce time to valuethrough accelerated user configuration & deployment for both new & experienced users

• Increase developer productivity by leveraging working examples of common use cases

• Improve quality & scale expertisethrough reuse of configuration created by skilled roles

Built-in, easy-to-use, new interface for creating & deploying

common DataPower configuration patterns

Improved User Experience: Pattern-based ConfigurationReduce time-to-value, increase productivity & quality of DataPower solutions

Deploy new service from patternCreate service pattern for reuse

Browse patterns

Supports user-defined patterns


Secure, integrate & optimize access to Web, Mobile & API workloads IBM DataPower Gateway Appliance v6.0

DataPower Appliances extend its market leading Security & Integration

Gateway for Web, Mobile & API workloads, in addition to SOA & B2B, reducing infrastructure complexity &

lowering TCO


� Secure integration of Web, Mobile, API, SOA & B2B workloads in a single,

highly secure, highly consumable, DMZ-ready appliance

� Operational agility for WAS Network Deployment environments

� Fast & consistent response time for enterprise applications including mobile &

web apps with local & external caching reducing load on back-end systems

� Enhanced System z integration with IMS systems for reduced TCO

� Faster time to value & improved developer productivity with configuration

pattern-authoring & deployment support

What’s new:

� Provides the API gateway functionality for IBM API Management V2.0

� Quick integration with IBM Worklight to secure mobile web traffic

� Improved REST services handling with native JSON support including schema

validation & query, extract, filter & transform through JSONiq

� New XML data query, extraction & manipulation support with XQuery 1.0

� Enhanced security with improved OAuth 2.0 and new support for Kerberos

constrained delegation & TLS 1.1/1.2

� Improved WS-MediationPolicy consumption from WSRR & SLAs for non-

SOAP traffic

� Embedded On-Demand Router functionality for WAS ND environments

� Optimized application delivery with response caching on-the-box & seamless

integration with elastic caching XC10 appliances

� New System z integration capabilities allowing IMS transactions to easily

consume external web services & easy consumption of IMS data as a service

� Simple ability to create & deploy common DataPower configuration patterns


DataPower resources

www.ibm.com/software/integration/datapower

� IBM DataPower Web Page (support, technotes, doc)� http://www-01.ibm.com/software/integration/datapower/

� developerWorks DataPower Discussion Area� http://www.ibm.com/developerworks/forums/forum.jspa?forumID=1198

� Vast library of published articles:� http://www.ibm.com/developerworks/websphere/zones/businessintegration/dp.html

(Also search for “DataPower” within “WebSphere”, “SOA/Web Services” and “XML”)

� http://www.ibm.com/developerworks/views/websphere/libraryview.jsp (Search “DataPower”)

� IBM Redbooks:� http://www.redbooks.ibm.com/cgi-bin/searchsite.cgi?query=datapower

� IBM WebSphere DataPower SOA Appliance Handbook� http://www.amazon.com/IBM-WebSphere-DataPower-Appliance-Handbook/dp/0137148194

� YouTube:� http://www.youtube.com/watch?v=uWYBDviv5Ts&feature=channel

� DataPower Podcasts:� http://www.ibm.com/podcasts/software/websphere/datapower/index.rss

ibm datapower appliances - what's new in 2013 (v6.0)

Technology

datapower v6

datapower appliancesibm

datapower appliances

message level security

hardened security

ibm corporationwhats

virtual appliance

ibm corporationintroduction