ibm soa © 2006 ibm corporation datapower soa appliances simplify, help secure & accelerate soa...
TRANSCRIPT
IBM SOA
© 2006 IBM Corporation
DataPower SOA AppliancesSimplify, Help Secure & Accelerate SOA
Raleigh ChiltonDataPower Account Manager
IBM SOA
2
Agenda
Context: IBM’s Business Centric SOA WebSphere DataPower SOA Appliance Overview SOA Appliance Deployment Summary Why an Appliance for SOA IBM WebSphere DataPower SOA Appliance Portfolio
- XML Accelerator XA35
- XML Security Gateway XS40
- Integration Appliance XI50
Easy Configuration SOA Appliance Operations Summary
IBM SOA
3
Business Centric SOA Starts with Your Most Critical Business Pain and Enables You to Build for Flexibility
Deliver trusted information in business context to enable innovation
Enable human and process interaction with consistent levels of service
Achieve greater efficiency and effectiveness with business model innovation
IBM SOA
4
And SOA Lifecycle Is The Key to Successful Projects
Integrate people Integrate processes Integrate information
Manage IT resources Manage services Monitor business metrics
Gather requirements Model & Simulate Design
Discover Construct & Test Compose
Sharing and reuse of services Establish decision rights Policies, measurement and
control for SOA oversight
IBM SOA
5
SOA Entry Points Help Customers Get StartedBoth Business Centric and IT Focused
1
23
45
IBM SOA
6
IBM’s acquisition of DataPower
Software
Skills &Support
An SOA Appliance…
WebSphere DataPower SOA Appliances redefine the boundaries of middleware extending the SOA Foundation with specialized,
consumable, dedicated SOA appliances that combine superior performance and hardened security for SOA implementations.
Simplifies SOA with specialized devices Accelerates SOA with faster XML throughputHelps secure SOA XML implementations
Creating customer value through extreme SOA performance and security
IBM SOA
7
DataPower Pre-IBM Overview Extensive Experience in XML Processing Optimization Seven Years in a Six Year Old Field Advantages: First to Market, Great Team, Deep Standards Involvement, Invented and Owns
Core XML Technology, Comprehensive product portfolio
150% Staff increase / Core DataPower Leadership team Intact / Global reach and expansion New improved hardware platform –IBM hardware combined with DataPower technology innovations New capabilities – WS-*, 3rd party JMS, NFS, XG4, WSDL compiler, XACML, more… Continued IBM Technology Integration – ITCAM for SOA, WebSphere JMS, WebSphere XD,etc
Post-Acquisition Innovation Continues
19991999 20002000 20012001 20022002 20032003 20042004 20052005 20062006 FEBFEB APRAPR JUNJUN AUGAUG OCTOCT
DGXTDGXTOptimalOptimalSoftwareSoftware
InterpreterInterpreter
XSLJITXSLJITOptimizedOptimizedSoftwareSoftwareCompilerCompiler
XG3XG3OptimizedOptimizedHardwareHardware
AccelerationAcceleration
XA35XA35World’s FirstWorld’s First
XMLXMLAcceleratorAccelerator
XS40XS40First WirespeedFirst Wirespeed
XML SecurityXML SecurityGatewayGateway
XG4XG4Gigabit/SecGigabit/Sec
OEM HWOEM HWSolutionSolution
XI50XI50IntegrationIntegrationApplianceAppliance
Acquired Acquired by IBMby IBM
Unprecedented Unprecedented GrowthGrowth
GlobalGlobalExpansionExpansion
NewNewIBMIBM
HardwareHardware
3.5.1 3.5.1 IT CAM for SOAIT CAM for SOA
33rdrd Party JMS Party JMS
WSDL Compiler, NFSWSDL Compiler, NFS
XG4XG4AvailableAvailable
3.63.6
DECDEC
VerticalVerticalSolutionsSolutions
IBM SOA
8
IBM SOA Appliance Deployment Summary
XMLXMLHTMLHTMLWMLWML
XMLXMLXSLXSL
InternetInternet
XA35XA35 ClientClient
ororServerServer
`XS40XS40
DataPower XS40
DataPower XS40
Tivoli Access Manager
WebSphere App Server
MQ Server
Web service client
Nortel L7 Module
Tivoli NetView
Tivoli Access
Manager------------Federated
Identity Manager
HTTP XML REQHTTP XML REQ
HTTP XML RESPONSEHTTP XML RESPONSE
Web Services Web Services ClientClient
LEGACY LEGACY REQREQ
LEGACY LEGACY RESP RESP
REPLY
Q
REPLY
Q
XI50XI50
IP FirewallIP FirewallInternetInternet
Web TierWeb Tier
SecuritySecurity
Integration & Management TiersIntegration & Management Tiers
Application ServerApplication Server
Application Server Web ServerApplication Server Web Server
DataPower XS40
DataPower XS40
Tivoli Access Manager
WebSphere App Server
MQ Server
Web service client
Nortel L7 Module
Tivoli NetView
DataPower XS40
DataPower XS40
Tivoli Access Manager
WebSphere App Server
MQ Server
Web service client
Nortel L7 Module
Tivoli NetView
DataPower XS40
DataPower XS40
Tivoli Access Manager
WebSphere App Server
MQ Server
Web service client
Nortel L7 Module
Tivoli NetView
ITCAM for SOA
IBM SOA
9
Deployment Scenarios
Pack
et
Filt
er
internaluser
XS40
Pack
et
Filt
er
Demilitarized Zone
Internetuser
Internet
Demilitarized Zone
Pack
et
Filt
er
Pack
et
Filt
er
SOAPenabled
enterpriseapplication
SOA platform
legacyenterprise
application
intranetInternetfederated extranet
XS40XS40
1. Helps protect against incoming attacks;
Incoming access control
3. Internalsecurity
2. Outgoing access control, SAML injection, role mappings
XI505. Legacy
transformation
XI50
4. Web servicesmanagement
IBM SOA
10
Why an Appliance for SOA
Hardened, specialized hardware for helping to integrate, secure & accelerate SOA
Many functions integrated into a single device Higher levels of security assurance certifications require hardware
- Example: government FIPS Level 3 HSM, Common Criteria
Higher performance with hardware acceleration- Impact: ability to perform more security checks without slow downs
Addresses the divergent needs of different groups- Example: enterprise architects, network operations, security operations, identity
management, web services developers
Simplified deployment and ongoing management- Impact: Reduces need for in-house SOA skills & accelerates time to SOA benefits
IBM SOA
11
Update application servers individually
Before SOA Appliances
Access control Access control updateupdate Change purchase Change purchase order schemaorder schema
TransformationTransformation
New XML standardNew XML standard
RoutingRouting
Security ProcessingSecurity Processing
Secure, route, transform all applications instantly
No changes to applications
After SOA Appliances
Route, transform, and help secure multiple applications without code changes
Lower cost and complexity Enable new business with unmatched performance
SOA Appliances Centralize and Simplify Key Functions
IBM SOA
12
IBM SOA Appliance Product Line
XML Accelerator XA35 Offload XML processing No more hand-optimizing XML
Integration Appliance XI50 “Any-to-Any” Conversion at Wirespeed Groundbreaking DOP architecture Integrated message-level security
XML Security Gateway XS40 Enhanced Security Capabilities Agility – helps future-proof Easy Deployment
IBM SOA
13
Wirespeed XML/XSLT/XPath processing – Accelerates XML processing, increasing throughput and decreasing latency for XML-based applications by offloading transformation and other resource-intensive functions
Schema Validation - Performs XML Schema validation to ensure incoming/outgoing XML documents are legitimate and properly structured
XML Compression, XML Caching – Reduces impact of increased XML traffic
Innovative XML Processing Capabilities -- XML Pipeline processing, deployable in Proxy or co-processor mode, dynamic content generation, data and forms processing, support for popular XSLT extensions
SSL Termination/Acceleration – Accelerates SSL with industry-leading hardware further lessening server workload
Easy Configuration & Administration - Support CLI and WebGUI as well as fully integrated with industry standard IDEs such as Altova XML Spy and Eclipse allowing developers to design, debug and deploy against one single XML and XSLT processor, saving valuable cycles in the progression from pilot to production
XML Accelerator XA35 Centralized XSLT Management Centralized XSLT Management
Offload XML ProcessingOffload XML Processing
IBM SOA
14
XML/SOAP Firewall - Filter on any content, metadata or network variables Data Validation - Approve incoming/outgoing XML and SOAP at wirespeed Field Level Security- WS-Security, encrypt & sign individual fields, non-repudiation XML Web Services Access Control/AAA - SAML, LDAP, RADIUS, etc. MultiStep - Sophisticated multi-stage pipeline Web Services Management - Service Level Management, Service Virtualization, Policy
Management Transport Layer Flexibility - HTTP, HTTPS, SSL Easy Configuration & Management - WebGUI, CLI, IDE and Eclipse Configuration
to address broad organizational needs (Architects, Developers, Network Operations, Security)
XML Security Gateway XS40 Easy to Use Appliance Purpose-BuiltEasy to Use Appliance Purpose-Built
for SOA Securityfor SOA Security
IBM SOA
15
DataGlue “Any-to-Any” Transformation Engine Content-based Message Routing
Message Enrichment Protocol Bridging (HTTP, MQ, JMS, FTP, etc)
Request-response and sync-async matching XML/SOAP Firewall - Filter on any content, metadata or network variables Data Validation - Approve incoming/outgoing XML and SOAP at wirespeed Field Level Security- WS-Security, encrypt & sign individual fields, non-repudiation XML Web Services Access Control/AAA - SAML, LDAP, RADIUS, etc. MultiStep - Sophisticated multi-stage pipeline Web Services Management – Centralized Service Level Management, Service
Virtualization, Policy Management Easy Configuration & Management - WebGUI, CLI, IDE and Eclipse Configuration to
address broad organizational needs (Architects, Developers, Network Operations, Security)
XML Integration Appliance XI50Middleware Appliance Purpose-Built forMiddleware Appliance Purpose-Built for
Application IntegrationApplication Integration
IBM SOA
16
Content-based Routing Features
Service Providers
IBM SOAAppliance
UnclassifiedRequests
Routing Policy
Route based on- IP information
- SSL parameters
- HTTP headers
- XPath against any data contente.g., XML/SOAP envelope
Load balancing- Round-robin
- Least requests
SLA/Traffic shaping- Throttle requests
IBM SOA
17
AAA Framework DiagramAuthenticate, Authorize, Audit Enforcement
Extract Identity
Extract Resource
Authenticate
AuthorizeAudit &
Accounting
SAMLWS-SecuritySSL client certHTTP Basic-Auth
SAML assertionNon-repudiationMonitoring
Web Service URISOAP op nameTransfer amount
XS40 AAA Framework
SOAP/XML
Message
SOAP/XML
Message
External Access Control Server or On-Board Policy
Map Credentials
Map Resource
IBM SOA
18
Web Services Management: Service Level Management
Configure and install in minutes Hierarchical Service Level at WSDL, service, port, operation level Flexible actions when reaching a threshold: notify/alert, shape, throttle Threshold for both overall requests and failures Graphical display
IBM SOA
19
Award-Winning WebGUI: Ease of Use
Ease of Use Example – Graphical User Interface providing drag and drop services, in order desired, for XML filtering, signing, verification, schema validation, encryption, decryption, transformation, routing, access control, service level monitoring, and advanced operations
WSDL-based policy creation Hierarchical policies applied at WSDL, service, port, operation level Drag & drop policy creation screen allows flexible chaining of operations Configure and install in minutes
IBM SOA
20
Simple Appliance Configuration for Complex Functionality
Fits into your existing environment Address broad organizational needs (Architects,
Developers, Network Operations, Security)
Complete Configuration from GUI or CLI interface
IT CAM SE – Multi-box management
IDE integration/Eclipse plug-in
XPath / XML config files
SNMP
SOAP management interface
IBM SOA
21
SOA Appliances Operations
Logging
Role-based Management
Managing configs & policy – Deploying, backing up, Diff/Undo, App domains: many virtual devices
Separate, locked audit log
Troubleshooting aids
Security – Device security, Key and Certificate management, HSM option, Security Audit, Single Image Firmware Upgrade
IBM SOA
22
Integration Across IBM
XI50 Ships with WebSphere MQ Support Auto-configure XML firewall by importing WebSphere service descriptors Tivoli Ready
- Fine-grained access control with Tivoli Access Manager (TAM) - Certified
- Tivoli Federated Identity Manager (FIM) Certified (SAML, WS-Trust) - Certified
- Monitoring of XML traffic flows with NetView
- End-to-end SOA Management with IT CAM for SOA
IBM Autonomic integration - Certified WSAD/Eclipse integration
- Rich console allows creation and monitoring of policies from within IDE
Futures- Integrated SOA tooling across the portfolio
- Continued investment in 3rd party (competitive middleware) integration & interop
IBM SOA
23
Summary – IBM SOA Appliances
Hardened, specialized product for helping integrate, secure & accelerate SOA Many functions integrated into a single device Broad integration with both non-IBM and IBM software Higher levels of security assurance certifications require hardware Higher performance with hardware acceleration Simplified deployment and ongoing management
http://www.ibm.com/software/integration/datapower/
Simplifies SOA with specialized devices Accelerates SOA with faster XML throughputHelps secure SOA XML implementations
SOA Appliances: Creating customer value through extreme SOA performance and security
IBM SOA
24
Thank You