Upload
others
View
26
Download
1
Embed Size (px)
Citation preview
IBM DataPower Gateway & V7.1Overview
Robert Conti, Program DirectorIBM DataPower Gateways
Ozair Sheikh, Senior Product Line Manager IBM DataPower Gateways
© 2014 IBM Corporation2
Getting Social with IBM DataPower GatewaysDataPower on Slideshare
LinkedInIBM DataPower Gateway
community
developerWorks Blog
YouTubeIBM DataPower Gateway
Channel
Twitter@IBMGateways
Online User Forum
• YouTube Channel: IBM DataPower Gateways
• Slideshare: IBM DataPower Gateway
• Twitter: @IBMGateways
• LinkedIn groups: IBM DataPower Gateway
• developerWorks blog: IBM DataPower Gateway
• Online User Forum
• Product page on ibm.com
• Product documentation
© 2014 IBM Corporation3
Other Recent Announcements
© 2014 IBM Corporation4
Growing Application of IBM DataPower Gateways
© 2014 IBM Corporation5
Agenda
DataPower Gateway Overview & Recent Releases
What’s New in DataPower Gateway & V7.1
Q&A
© 2014 IBM Corporation6
IBM DataPower Gateway Appliances are the industry-leading
Security & Integration gateways that help provide security, integration, control
and optimized access to a full range of
Mobile, Web, API, SOA, B2B, & Cloud workloads
DataPower Gateways used across a variety of scenarios
Internet Trusted Domain
Consumer
Application or Service
DMZ
Trading partners
1 Mobile Gateway
2 API Gateway
3 Web Gateway
4 B2B Partner Gateway
5 API & SOA Gateway
6 Internal Security Enforcement
7 Web Services Governance & Management
8 Legacy Integration
Consumer
System z
Middleware
DataPower GatewayDataPower Gateway
© 2014 IBM Corporation7
Purpose-built, highly consumable Security
& Integration Gateway functionality in
virtual appliances form factor providing
deployment flexibility
DataPower gateway functionality in a virtual
appliance form factor, supports multiple
hypervisors and cloud environments
VMware ESX/ESXi
Citrix XenServer
IBM Pure Application System W1500 or
W2500
IBM SoftLayer bare metal instances using
supported hypervisor
Seamless configuration migration between
physical and virtual appliances
Powered by a purpose-built platform including
an embedded, optimized DataPower Operating
System
x86 Server
IBM DataPower Virtual Edition
© 2014 IBM Corporation8
IBM DataPower Gateway Capabilities
Rapidly deliver secure integration & optimized access for a full range of workloads
• Secure & protect your back-end
systems from harmful workloads
and unauthorized users
• Limit & shape traffic based on
service level agreements, and route
based on message content
• Convert payloads, bridge
transports and connect to existing
services at wire-speed
• Improve response times, reduce
load on backend systems and
intelligently distribute load
Secure
Control
Integrate
Optimize
© 2014 IBM Corporation9
GatewayScript: A JavaScript runtime that is
secured, optimized and tuned for the gateway
environment to simplify configuration for developers
and provide an easier development paradigm for
Mobile, Web, & API
New Virtual Edition for Developers provides a low
cost, per user pricing, and easy to use gateway for
developers
Support for Citrix XenServer hypervisor provides
additional deployment flexibility on-premise &
cloud deployments
WebSocket Proxy support enables full-duplex, bi-
directional, & low-latency communication for Mobile
& Web applications, Internet of Things
Improved security & traffic control functionality in
support of IBM API Management offering
DataPower Firmware v7.0
GatewayScript
IBM DataPower Gateway
Released
June 2014
© 2014 IBM Corporation10
Agenda
DataPower Gateway Overview & Recent Releases
What’s New in DataPower Gateway & V7.1
Q&A
© 2014 IBM Corporation11
Consolidated productSingle, modular & extensible gateway
platform to secure, integrate, control, &
optimize full range of workloads
New hardware platformIncrease capacity & throughput while
reducing latency with latest
generation hardware
B2B integration moduleCentralize B2B trading partner
connectivity & transaction management
with high performance secure entry
point in the DMZ
Secure. Integrate. Control. Optimize.
Multi-channel gatewayUtilize single gateway with integrated
access enforcement from ISAM to secure
& optimize delivery of mobile, API, web,
SOA, B2B, cloud apps, and integrate with
IBM MobileFirst & WebSphere platforms
Deployment flexibilityUse physical or virtual appliance with
seamless configuration migration with
on-premise & cloud deployments
Enhanced securityEnable additional flexible authentication
from internet consumers & Non-Microsoft
consumers to Microsoft systems
7.1DataPower
IBM GatewayAnnounce
Oct 14, 2014
Release
Nov 21, 2014
© 2014 IBM Corporation12
Highlights of IBM DataPower Gateway & V7.1
IBM DataPower Gateway is the new name of a consolidated,
extensible & modular platform
Converges three existing products, XG45 / XI52 / XB62, into a
single modular offering
Available in 2U rack mount physical & virtual form factors
Virtual appliance runs on VMware & Citrix XenServer hypervisors
and cloud platforms that support them including IBM
PureApplication System and SoftLayer
DataPower Gateway physical appliance uses purpose-built latest
generation hardware platform to provide increased performance &
capacity to meet the needs of mission-critical applications
Single multi-channel gateway platform to secure & optimize
delivery of mobile, API, web, SOA, B2B, cloud apps, and integrate
with IBM MobileFirst & WebSphere platforms
Integrates industry-proven access enforcement capabilities of IBM
Security Access Manager into the DataPower platform, available as
add-on ISAM Proxy Module
Easy-to-use & secure B2B integration capabilities, formerly
available on XB62 appliances only, available as add-on B2B Module
Enable authentication from internet consumers & Non-Microsoft
consumers to Microsoft systems with Kerberos S4U2Self support
IBM DataPower Gateway
provides industry-proven
security and integration
gateway capabilities in a single
multi-channel platform for
Mobile, Web, API, B2B, SOA,
& Cloud workloads; reducing
infrastructure complexity &
lowering TCO
© 2014 IBM Corporation13 (2U Physical, Virtual Edition)
IBM DataPower Gateway Overview
ISAM Proxy
Module
Integration Module
B2B Module
AO Module
TIBCO EMS
Module
IBM DataPower Gateway is the new name of a consolidated, extensible & modular platform Converges three existing products, XG45 / XI52 / XB62, into a single modular offering
Available in physical and virtual form factor
Physical Appliance 2U rack mount appliance using latest generation hardware platform
Two base editions: Non-HSM and HSM (FIPS 140-2 Level 3 certified)
Each software module is licensed separately
Virtual Edition Three flavors: Developer, Non-Production, Production
Developer includes all software modules, except TIBCO EMS
Non-Production includes all software modules, except TIBCO EMS & ISAM Proxy
Production: Each software module is licensed separately
Supports V7.1
& above
Single Security & Integration gateway platform to provide security, integration, control & optimized access to a full range of
Mobile, API, Web, SOA, B2B, & Cloud workloads
All software modules are
field upgradeable
1414 © 2014 IBM Corporation
DataPower Gateway: Single product with Modules
IBM WebSphere DataPower Service Gateway XG45
(1U Physical, Virtual Edition)
IBM WebSphere DataPower Integration Appliance XI52
(2U Physical, Virtual Edition)
Previously3 Products (XG45/XI52/XB62)
2 Physical appliances (1U & 2U)2 Virtual appliances (XG45/XI52)
IDG1 Product
1 Physical appliance (2U only)
1 Virtual appliance
IBM DataPower Gateway Virtual Edition provides the same
functionality & modules as physical appliances with the exception of
HSM (that provides FIPS 140-2 Level 3 certification)
Integration & B2B Module are independent & can be purchased separately
IBM DataPower Gateway + Integration Module
(2U Physical, Virtual Edition)
IBM WebSphere DataPower B2B Appliance XB62
(2U Physical)
IBM DataPower Gateway
(2U Physical, Virtual Edition)
IBM DataPower Gateway + B2B Module
(2U Physical, Virtual Edition)
IBM DataPower Gateway 2U rack mount physical appliance is available
with optional HSM (FIPS 140-2 Level 3 certified) or without
1515 © 2014 IBM Corporation
DataPower Gateway: Latest Generation Hardware Platform
Trusted Platform Module
Customized intrusion detection
Cryptographic Acceleration Card
Optional Hardware Security Module (FIPS 140-2 Level 3 certified)
Runtime Hardware Diagnostic
Intelligent Platform Management Interface
Supercapacitor Powered Flash-backed RAID Cache
Multiple Replaceable Units
– Customer Replaceable Units (CRU)
• Fan, Power Supply, HDD, Network Module
– Field Replaceable Units (FRU)
• Appliance, CPU, Memory, Flash Drive, Coin
Battery, Supercapacitor for RAID
• Cryptographic Acceleration Card, HSM Card,
RAID Card
Purpose-built, high density 2U rack mount design
Increased capacity
‒ Higher performance CPU & memory
‒ Faster cryptographic acceleration card
‒ New RAID controller w/ large write cache
192 GB memory
Two 1.2 TB high speed hard drives
Three management traffic ports
1 RJ45 serial port
2 x 1 GbE ports
Ten application traffic ports
‒ 8 x 1 GbE ports
‒ 2 x 10 GbE ports
2 10-Gigabit Ethernet NICs
8 1-Gigabit Ethernet NICs
RAID mirroring across two drives
© 2014 IBM Corporation16
The adoption of cloud, analytics, mobile, and social computing
is forcing organizations to open IT assets to new business
channels
…and challenging them to rethink the way they have traditionally approached security
Between 2005
and 2020, the
amount of data
in the world will
grow 300X, from
130 to 40,000
exabytes.
81% of adults
use personally
owned mobile
devices for
conducting
business
70% of
employees are
engaged in
social
activities both
internally and
externally
73% of
organizations
discovered
cloud usage
outside of IT
or security
policies
© 2014 IBM Corporation17
Applications
and Systems
Silos of security & control are impeding business agility
DEVELOPERSPARTNERSCONSUMERS
EMPLOYEES
WEBMOBILEB2B SOA APIS
CONSUMERS
EMPLOYEES
PARTNERS
CONSULTANTS
DEVELOPERS
API GATEWAYB2B
GATEWAYSOA
GATEWAYWEB ACCESS
PROXYMOBILE
GATEWAY
Business
Channels
Users
Enforcement
Solutions
© 2014 IBM Corporation18
Reduce cost & improve security posture with a converged gateway
Business
Channels
Users DEVELOPERSPARTNERSCONSUMERS
EMPLOYEES
WEBMOBILEB2B SOA APIS
CONSUMERS
EMPLOYEES
PARTNERS
CONSULTANTS
DEVELOPERS
Enforcement
Solutions
Applications
and Systems
DataPower
Appliance
ISAM for
DataPower
© 2014 IBM Corporation19
IBM Multi-channel gateway for secure connectivity
• Supports a wide range of Mobile, API, Web, SOA, and B2B workloads with the
combined capabilities of IBM DataPower Gateway and IBM Security Access
Manager for DataPower in the DMZ and Trusted zone.
IBM DataPower Gateway
ISAM for DataPower
Web Browsers
and Portals
Mobile
Web
Web 2.0
(AJAX)
Native
MobileB2B Hybrid
Mobile
ISAM traditional focus on
Web workloadsDataPower traditional focus on
API/SOA/B2B workloads
APISOA
(Web Services)
© 2014 IBM Corporation20
What is ISAM for DataPower Module?
• ISAM for DataPower module provides the reverse proxy component that is
available on ISAM for Web and ISAM for Mobile appliances
• Provides centralized user authentication, coarse-grained authorization, session
management, web SSO, and ISAM for Mobile policy enforcement point
ISAM
Module
DataPower
Base Appliance
• Reverse Proxy
IBM SecurityAccess Managerfor Mobile
• Context based Access (CBA)
• One-time Password (OTP) / Multi-factor Authentication (MFA)
• Advanced Security
IBM SecurityAccess Managerfor Web
• Load Balancer
• Protocol Analysis Module (PAM)
ISAM for Web was formerly known as Tivoli Access Manager for E-Business (TAMeb)
© 2014 IBM Corporation21
• DataPower appliance with ISAM module for security enforcement, traffic control &
management, application acceleration, transport bridging & message transformation
• ISAM for Mobile appliance for context based access (CBA), mobile SSO, strong
authentication including one-time password (OTP) & multi-factor authentication
(MFA)
ISAM for
Mobile
IBM’s Mobile Gateway solution
Rapidly deliver secure integration & optimized access for enterprise mobile applications
DataPower
ISAM
Module
© 2014 IBM Corporation22
Connect Mobile Apps with Enterprise Systems Secure expose enterprise systems & APIs to Mobile Apps while optimizing delivery
SSL OffloadThreat Protection
Rate Limiting / SLA EnforcementValidation, Filtering
Authentication, AuthorizationContext-based Access, Mobile SS0
Security Token TranslationMessage TransformationContent-Based Routing
Intelligent Load DistributionResponse Caching
© 2014 IBM Corporation23
IBM’s Multi-channel gateway – for cloud workloads
Rapidly deliver secure integration & optimized access for enterprise cloud applications
DataPower
ISAM for
Mobile
ISAM
Module
• DataPower appliance with ISAM module for security enforcement, traffic control &
management, application acceleration, transport bridging & message transformation
• ISAM for Mobile appliance for context based access (CBA), mobile SSO, strong
authentication including one-time password (OTP) & multi-factor authentication
(MFA)
© 2014 IBM Corporation24
Multi-Channel Gateway for MobileFirst & WebSphere Products
© 2014 IBM Corporation25
Agenda
DataPower Gateway Overview & Recent Releases
What’s New in DataPower Gateway & V7.1
Q&A
© 2014 IBM Corporation26
Available Now: DataPower Handbook, Second Edition, Volume 1
• Complete rewrite, update of prior content, new content to
cover past six years of new products/features, including
9006/7.1!
• Volume 1 consists of Chap 1 DataPower Intro & Chap 2 Setup
Guide for physical and virtual appliances.
• Additional new Preface and two invaluable new appendices
• Available today on Amazon CreateSpace
• https://www.createspace.com/4745597
• Amazon.com worldwide & Amazon Kindle
• KindleMatch – buy hardcopy & get ebook for US$2.99
• Kinde Unlimited, Kindle lending
• Additional volumes will cover the rest of the first edition
content:
• Networking
• Development
• Administration
• Security
• Problem Determination