© 2013 IBM Corporation1
IBM Worklight V6
Technical Overview
Marco Dragoni – WebSphere Technical Sales
© 2013 IBM Corporation2
Agenda
Challenges and Common Terminologies
IBM Worklight V6 Product Architecture and features
Worklight components
What's new in V6
Security
Product Architecture & Resources
© 2013 IBM Corporation
AnalyticsSecurityManagement
IBM & Partner Applications
Application Platform and Data Services
Banking Insurance Transport
Telecom Government
Industry Solutions
HealthcareRetail Automotive
Application & Data Platform
Str
ateg
y &
Des
ign
Ser
vice
sD
evelop
men
t & In
tegratio
n S
ervices
Cloud & Managed Services
Devices Network Servers
IBM Mobile First offering portfolio
© 2013 IBM Corporation
What REALLY makes Mobile different?
GPS
Compass
RFID
GSM/CDMA
NFC
Bluetooth
WiFi
Camera
Barcode scanner
Microphone
Touchscreen
Accelerometer
EVERYWHERE ACCESS
SENSORS LOCATION
CONTEXT4
© 2013 IBM Corporation5
Business to Consumer
• Improved customer satisfaction
• Deeper customer engagement and loyalty
• Increased sales through personalized offers
• Customer service
• Competitive differentiator
• Improve brand perception
• Deeper insight into customer buying behavior for up sell and cross sell
• Improved buying experience with mobile concierge services
Business to Enterprise
• Extend existing applications to mobile workers
• Increased worker productivity
• Faster business processing
• Increased employee responsiveness and decision making speed
• Reduced fuel, gas, or physical asset maintenance costs
• Increase revenue through sales engagements
• Resolve internal IT issues faster
• Reduce personnel cost (utilizing personal owned instead of corporate issued devices)
Mobile Application Focus Areas
5
© 2013 IBM Corporation6
Evolving Mobile Landscape - Challenges
Mobile Development is more expensive than traditional Web App Development:
– Which smartphone? Which tablet? Which form factor? iOS, Android, Blackberry, Windows Phone All of the above..
– Skills? Web or native apps? Java or Objective C? Or other?
– Maintenance? Separate software stacks for each major OS Separate applications for each major OS How do I keep software current?
– Security? Encryption? Authentication? Response to stolen/lost devices?
– Management? Can I see my apps? Can I disable them remotely?
– Enterprise Integration? How do I build cross-channel app?
Since the Mobile field is still evolving, so an enterprise would want to pick a platform that can adapt to the future.
© 2013 IBM Corporation7
Mobile Application TypesNative AppsNative Apps
Platform-specific. Requires unique expertise, pricey and long to develop. Can deliver higher user experience.
Native Application
Device APIs
100101010101110100101001001010111010010011010101010100100100101111001001100101010100101010101001010101010101010101011111100000101010101010100100101010101010100011110101000111101010011101010111110010110111101000
1011001110
Hybrid Apps - MixedHybrid Apps - MixedUser augments web code with native language for unique needs and maximized user experience.
Worklight Runtime
Web Native
Device APIs
<!DOCTYPE html PUBLICcreated 2003-12</p></body></html>
100101010101110100101010101010100100100101111001001100
10
Hybrid Apps - WebHybrid Apps - WebSource code consists of web code and included Worklight libraries and executed in a native shell.
Worklight Runtime
Web Code<!DOCTYPE html PUBLIC<html><! - - created 2003-12-1<head><title>XYZ</title</head></body></html>
Device APIs
Web AppsWeb AppsWritten in HTML5 JavaScript and CSS3. Quick and cheap to develop, but less powerful than native.
Mobile Browser
Web Code<!DOCTYPE html PUBLIC<html><! - - created 2003-12-12 - - <head><title>XYZ</title></head><body></p></body></html>
Cost of implementation (TCO) Cost of implementation (TCO)
Cross-device portabilityCross-device portability
Richness of Mobile ExperienceRichness of Mobile Experience
© 2013 IBM Corporation
Apache Cordova, what is it ?
Pieces of native code which runs natively within the mobile OS and a JavaScript wrapper
Apache Cordova (former Cordova) is an open-source mobile development framework developed by Nitobi Software
Cordova provides a JavaScript API that allows developers to access native mobile device features and even execute native code using JavaScript
JavaScript Wrapper
Native code
myFunc(params);
© 2013 IBM Corporation
Hybrid Mobile web applications are created in HTML5, CSS3, and JavaScript, and run using the browser API offered by the OS on the mobile device.
The objectives of the JS framework are the following: quickly create mobile web applications that look and behave consistently across all supported devices have advanced user interface capabilities providing the developer a standard set of layouts, user interface widgets, and interactions, as well as a rich API for applying and extending them
JS Framework (Jquery, Dojo, Sencha), what are they ?
© 2013 IBM Corporation10
Agenda
Challenges and Common Terminologies
IBM Worklight V6 Product Architecture and features
Worklight components
What's new in V6
Security
Product Architecture & Resources
© 2013 IBM Corporation
Worklight ServerUnified notifications, runtime skinning, version management, security, integration and delivery
Worklight ConsoleA web-based console for control of your mobile apps and infrastructure
Worklight StudioThe most complete, extensible environment with maximum code reuse and per-device optimization
Worklight Runtime ComponentsExtensive libraries and client APIs that expose and interface with native device functionality←
Worklight Application CenterA cross-platform private mobile application store focused on the needs of a development organization or a team
Worklight Components
© 2013 IBM Corporation
En
terp
rise
Bac
ken
d S
yste
ms
&
En
terp
rise
Bac
ken
d S
yste
ms
&
Clo
ud
Ser
vice
sC
lou
d S
ervi
ces
Worklight ServerWorklight Server
User authentication and mobile trust
Mashups and servicecomposition
JSON Translation
Adapter Library for backend connectivity
Sta
ts A
gg
reg
atio
n
Unified PushNotifications
Client-SideApp Resources
Direct Update
Mobile Web Apps
Feedback Management
Device RuntimeDevice Runtime
Cross-Platform Compatibility Layer
Encrypted and Syncable Storage
Runtime Skinning
Server Integration Framework
Reporting for Statisticsand Diagnostics
Ap
pli
cati
on
Co
de
Ap
pli
cati
on
Co
de
HTML5, Hybrid, and Native Coding
Optimization Framework
Integrated Device SDKs
3rd Party Library Integration
Worklight StudioWorklight Studio
Worklight ConsoleWorklight Console
Push /SMS Management
App VersionManagement
Worklight Application Worklight Application CenterCenter
Development Team Provisioning
App Feedback Management
Enterprise App Provisioning and Governance
Blackberry
Android
iOS
Windows Phone
Java ME
Windows 8
SDKs
Mobile Web
Desktop Web
11 22 33
44
55
Worklight Architecture
© 2013 IBM Corporation13
Web-based development (WL Studio capabilities)
Worklight apps are developed using standard web technologies:– HTML– JavaScript – Style Sheets & Images
Worklight apps use the Worklight (WL) JavaScript API to access the Worklight platform capabilities , for example:– Access back-end data and server functionality– Environment specific UI behavior– Use functionality specific to device– Session management– Push notification etc…
© 2013 IBM Corporation14
Integrating Best-in-class Tools
Worklight is compatible with prominent HTML5 libraries and tools:
© 2013 IBM Corporation15
Single Shared Codebase
Common code placedin primary file
Environment optimization code is maintained separately
© 2013 IBM Corporation16
WYSIWYG UI Construction – Dojo Mobile
© 2013 IBM Corporation17
WYSIWYG UI Construction – JQuery Mobile
© 2013 IBM Corporation18
Preview in browser simulator
Perform device specific tests in the Mobile Browser Simulator: supports PhoneGap
© 2013 IBM Corporation19
Browser Simulator - example
Generates the Geolocation values returned by the Cordova API when querying Geolocation data. To generate a new set of values, click Next. To generate the values periodically, click Start.
Defines battery-related data, such as the battery level. You can use the slider to change the battery level and trigger a batterystatus event. The following battery levels trigger events:
– Twenty percent triggers the batterylow event
– Five percent triggers the batterycritical event
To define the plugged in status of your mobile device, select or clear the Plugged In check box.
© 2013 IBM Corporation20
Runtime Skinning – Use Cases
Different Screen Sizes
Different Input Method
Different Screen Densities
Supportfor HTML5
•Decision on which skin to use is done automatically at runtime
© 2013 IBM Corporation21
Skin creation
Skins are created using the Worklight Skin Wizard
Directories adjacent to the environment directory
Containing HTML/CSS/JS
A special, developer-controlled JavaScript file is run at app startup
© 2013 IBM Corporation22
Build and Deploy
By selecting the “Build all and Deploy” (1) command, you will have the following results:
– the vendor project is created (2 and 3)– portion of the app is deployed to Worklight server
1
3
2
© 2013 IBM Corporation23
RTC integration
Worklight
Build Ant
SDK Cmd Line
Worklight supports shell-sharing with RTC eclipse client
Worklight build scripts are
supported in RTC Build System
Possible extension with
DeviceAnywhere and Rational
Quality Manager
© 2013 IBM Corporation
Organizations can develop “custom shells” that include corporate services, such as authentication and security services, integration services, and branding. Web developers can then use sanctioned shells to develop the business logic of the application using only HTML5
Inner Application: Implements the application’s logic Common web code Utilizes External Shell API’s Required to comply with shell parameters
External Shell: Customizable container Provides JS access to native functionality Branding, Security, Authentication Built with the Inner App to create a native App
(IPA/APK file)
Worklight Runtime – Shell Approach
© 2013 IBM Corporation
Device SSO Capability: Device-side SSO enables a mobile user to authenticate him/her-self once and gain
access to all apps from the same developer without being prompted to log in again at each of them
Device SSO implementation: Implemented using combination of server-side capabilities (realms) and unique device
identification (device ID) On successful login the authentication state is saved in the database and used for
validations in subsequent sessions from the same device.
App 1
secure Mobile OS key store
WorklightServer
App 2
ID
Session x
Session y
Duplicate after receiving ID fro App 2
Device Single Sign-on (SSO)
© 2013 IBM Corporation
1. Web resources packaged with app to ensure initial offline availability
2. Web resources transferred to app's cache storage
3. App checks for updates on startup and foreground events
4. Updated web resources downloaded when necessary, with user confirmation or silently
Worklight Server
Native Shell
Pre-packaged resources
1 Download
4 Update web resource
App Store
Web resources
Cached resources
2 Transfer
3 Check for updates
Direct Update – On device logic (WL Server capabilities)
© 2013 IBM Corporation27
JSON Store with data sync
JSON store database is embedded into framework JavaScript APIs for storing, querying and updating data in offline mode are available Sensitive data can be encrypted by using a developer/user provided password Adapter based server-to-client and client-to-server synchronization allows working with data
in offline mode and keeping it updated in online mode
© 2013 IBM Corporation
Worklight Adapters
28
Adapters provide the glue between Worklight and back-end applications
• Provides the extensibility mechanism for Worklight to call out to back-end systems
Worklight has some interfaces that adapters can use (HTTP, SQL, JMS, CastIron and Node.js in test for V6)
• Worklight has client-side JavaScript APIs so that applications can invoke services
• Likewise, server-side JavaScript APIs are available to implement procedures (adapters)
© 2013 IBM Corporation
Worklight Studio - developing adapters files
An adapter contains three files for configuration and implementation• The first file is XML and contains the overall metadata (procedure names, protocol etc)• Second file is JavaScript and contains one function (procedure) for each entry point• Third an XML transformation file if necessary
Adapters are uploaded to Worklight Server ready for mobile applications• Once deployed, adapters are managed through the Worklight Console
© 2013 IBM Corporation
Worklight adapters Framework
© 2013 IBM Corporation31 IBM Mobile Foundation PoT - Introduction to Application Development with Worklight
Worklight Studio - developing and testing adapters
(1) Implement Adapter procedures
(2) Deploy Adapter to embedded web container
(3) Invoke Adapter Procedure
1
2
3
© 2013 IBM Corporation32
A Push Notification is the ability of a mobile devices to receive messages that are “pushed” from a server
Notifications are received regardless of whether the application is currently running or not
Notification may take several forms:
Alert – a pop-up text message
Badge – a small badge mark appearing next to the application icon
Sound alert
The user must approve the push notification subscription
Push Notification
© 2013 IBM Corporation
Unified Push Notifications
Polling Adapters
Message-based Adapters
Unified Push API
Notification State Database
User-Device Database
iOS Dispatcher
Android Dispatcher
Apple Push Servers (APN)
Google Push Servers (GCM)
3rd Party SMS Gateway
Administrative Console
Worklight Client-side Push Services
Worklight Client-side Push Services
iOS Push API
Android Push API
SMS APISMSDispatcher
WindowsDispatcher
Microsoft Push API
Worklight Client-side Push Services
Microsft Push Servers (MPNS)
* NOTE: 5.0.6 only supports not-authorized MPSN
© 2013 IBM Corporation
Application Center
Application Server
ApplicationCatalog Service
ApplicationCatalog Service
ApplicationCatalog Service
Application CenteriOS / Android
Application CenterApplication
Center Console
•Upload/Remove applications•Control application access
•List available applications•Install to a mobile device•Submit application feedback
•View application feedback•Obtain information about applications on a device.
•Inactivate applications for download
© 2013 IBM Corporation
App Center store to the device
35
• Notion of favorite apps that allows you to keep a list per user of favorite app on the mobile client
• Push notifications to get information on updates
• Application filtering by OS level and device type (iphone vs ipad)
• Simplified configuration through JNDI
• Share TEST-ready applications for the Mobile Test Workbench
• Support for iOS / Android / BlackBerry 6 and 7 (native / hybrid)
© 2013 IBM Corporation36
Data Collection and Analytics - BIRT
Eclipse BIRT
© 2013 IBM CorporationOctober 29, 2012
The Analytics Dashboard displays the following charts:
Daily Hits
Daily Visits
Active Users
Environment Usage
Notifications Per Day
Notifications Per Source
New Users
Data Collection and Analytics – Operational Analytics
© 2013 IBM Corporation39
Dynamic Control of Deployed Apps (WL Console capabilities)
CCentralized control of all installed applications and adapters
RRemotely disable apps by device and version
CCustomize user messages
© 2013 IBM Corporation
App management
40
© 2013 IBM Corporation41
Push Services Management
© 2013 IBM Corporation
Geo-location information has lots of potential, both for consumer- and employee-facing applications‒ Creating differentiating services based on user location‒ Optimizing business processes and operations‒ Increasing application security
It’s hard to do it right‒ What to collect and how?‒ How to use what’s collected?
Worklight 6.0 provides you simple and strong tools to:
Control acquisition of GPS and Wifi coordinates
Define points of interest and geo-fences
Trigger actions
based on location changes
Efficiently transmit to Server
Store Handle events
Perform analytics
COLLECT and USE on the mobile device USE on the server
Geo-Location API – New in V6
© 2013 IBM Corporation
Location-aware security for hospital app
Username
Password
Submit✔
?
…
............
Differentiated fast-food service
Order #1783 to oven
……
……
……
More engaging mall experience
Device as an
additional auth factor
Routing trucks arriving at warehouse
© 2013 IBM Corporation
Client-side APIs Efficiently sampling GPS, cell triangulation,
and Wifi coordinates Sampling while app in the foreground and in
the background Batch collected data and send to server Available also when app is offline Developer in full control
Events based on Proximity to point of interest Entering, leaving a geo-fence
Server side – maintain an evolving context that is available for all adapter procedures React to important geo events Enrich with business data Integrate context information with business
processes Storage for analytics purposes
WorklightServer
Collect, compress and
stream important information
AnalyticsRepository
Location Data
Ada
pte
r
Ada
pte
r
Feed location data and triggers to business processes decision management systems etc.
Geo-Location API – New in V6
© 2013 IBM Corporation
40+ out-of-the-box common screen patterns
Navigation, search, lists and tables, authentication, configuration panels
For jQuery Mobile and Dojo Mobile
Live preview using the underlying widget library
Screen Patterns – New in V6
© 2013 IBM Corporation
Create, run, and automate tests on mobile applications Improve quality and time-to-value with industry-first app
testing Create resilient and code-less test cases Record once, play back on multiple devices
Standardized, eclipse based Comprehensive – Android and iOS, Native and hybrid Complete – Recording, editing, and running on mobile
devices Resilient – Same test runs
across multiple devices Also for non-developers –
Scripts in natural language description
Deliver consistently high quality across
your mobile app portfolio.
Functional Test Tool – New in V6
© 2013 IBM Corporation
Mobile Test Workbench on client side
A mobile test client is available on the Android and iOS platforms. This client is used to upload apps to the test workbench, to record, to run tests, and to view reports.
© 2013 IBM Corporation
Mobile Test Workbench on Development side
A test navigator lists test projects, tests, mobile devices, and the mobile incoming recordings that are used to generate tests.
A device editor lists the devices that are connected to the test workbench. This editor displays detailed specifications of each device, therefore you can select the hardware platforms on which you can deploy and run your tests.
© 2013 IBM Corporation49
Who is our Competition?
• Very costly development and ongoing maintenance
• Long time to market
• Requires specific knowledge and skills that are not transferable across environments
• No App Specific Management Capabilities
• No cross-platform compatibility
• Lacking complete IDE functionality
• No optimization capabilities
• No mobile middleware services layer
• Does not address enterprise security requirements
• No advanced features, e.g. Runtime Skinning, Unified Push, Remote Disable
• Application typically presents lowest common denominator
• Limited ability to customize UI/UX/Workflow
• Rarely provides sufficient middleware and management capabilities
• Typically very expensive for high user volume
• More suited for SMB Market
• Typically very limited support for HTML5/JS/CSS3
• Often proprietary interpreters and scripting languages
• Less agile development
• Lacking 3rd-party library compatibility
• Business model is primarily based on vendor supplied PS for development
NativeDevelopment
HTML5 and Open Source Frameworks
Pre-packaged Mobile Apps
Other Mobile Enterprise App
Platforms
© 2013 IBM Corporation50
Agenda
Challenges and Common Terminologies
IBM Worklight V6 Product Architecture and features
Worklight components
What's new in V6
Security
Product Architecture & Resources
© 2013 IBM Corporation
Manage Device & DataIBM Endpoint Manager
for Mobile
Malware ProtectionIBM Mobile Device Security (hosted)
Application SecurityIBM Worklight
Secure AccessIBM Security Access
Manager IBM WebSphere
Datapower
Monitor & ProtectIBM Security QRadar
Secure Connectivity IBM Mobile Connect
Secure ApplicationsIBM Security AppScan
Integrate SecurelyIBM WebSphere
DataPower
Manage ApplicationsIBM Worklight
Corporate Intranet
Internet
IBM
Sec
uri
ty F
ram
ewo
rk d
om
ain
s
IBM MobileFirst offering to secure the enterprise
© 2013 IBM Corporation53
Worklight – Authentication Integration Framework
The Worklight server-side architecture has been designed to simplify the task of connecting mobile applications with the enterprise back-end authentication infrastructure.
The IBM Worklight framework provides both server-side and client-side mechanisms for assisting with this issue.
Server modules define the collection and handling of credentials (authenticator) and mechanisms to validate or verify the credentials (login module).
On the client side, IBM Worklight supports an authentication framework for asynchronous login requests on session expiration (challenge handler)
In addition, IBM Worklight also supports a number of commonly used mechanisms for authentication such as forms based, cookie based, header based and others.
© 2013 IBM Corporation54
Worklight – Data Protection REALM
An authentication realm defines the process to be used to authenticate users and consists of a mechanism to collect the user credentials and verifying the user credentials either against a database or LDAP directory.
When a user attempts to access a protected resource, IBM Worklight checks whether the user is already authenticated according to the process defined for the resource’s realm. If the user has not yet been authenticated, IBM Worklight triggers the process of obtaining the client credentials and verifying them, as defined in the realm.
The semantics of the checks are not limited to the authentication, but may implement any logic that may serve as protection for the server side applicaion resources, for example:
User authentication
Device authentication/provisioning
Application authenticity check
Application remote disable
Direct update
Anti-XSRF check (cross-site request forgery)
© 2013 IBM Corporation55
IBM Worklight, when hosted on WebSphere Application Server and the WebSphere Liberty profile can leverage the functionality provided by the underlying JEE runtime to support LDAP directory servers.
WebSphere Application Server provides implementations that support multiple types of registries and repositories including
the local operating system registry, a stand-alone LDAP registry, a stand-alone custom registry and federated repositories.
Hence users can authenticate to IBM Worklight applications using their enterprise logon typically governed by LDAP directory servers.
Worklight – Directory Server Integration
© 2013 IBM Corporation56
There are several products in the market that function as a reverse proxy and security gateways providing a termination point for HTTPS and user authentication.
IBM Worklight can be configured to work with these types of security components using its flexible authentication integration framework.
IBM Security Access Manager for Enterprise Single Sign-On, IBM DataPower®, CA Siteminder—can be configured as reverse proxy and a security gateway.
The most common configuration for integrating with these security gateways includes leveraging the header-based authentication mechanism in IBM Worklight by using the header authenticator and login module that is provided with the base product.
Worklight – Integrate with Reverse Proxy and Security Gateway
© 2013 IBM Corporation66
Agenda
Challenges and Common Terminologies
IBM Worklight V6 Product Architecture and features
Worklight components
What's new in V6
Security
Product Architecture & Resources
© 2013 IBM Corporation
67
Deployment architecture
Guiding principles:
IBM Worklight Server is installed in the organization LAN, connecting to various enterprise back-end systems.
IBM Worklight Server can be clustered for high availability and scalability.
IBM Worklight Server uses a database for storing push notification information, statistics for reporting and analytics and storing metadata required by the server at run time. A single instance of the database is shared by all Worklight servers.
The IBM Worklight Server is installed behind a web authentication infrastructure (Web SSO) acting as a reverse proxy and providing SSL.
There can be different topologies depending on the corporates network architecture, disaster recovery, different back-end systems etc.
© 2013 IBM Corporation
Worklight Getting Started Resources
Worklight Information Centerhttp://pic.dhe.ibm.com/infocenter/wrklight/v5r0m5/index.jsp
DeveloperWorks Forumhttps://www.ibm.com/developerworks/forums/forum.jspa?forumID=2830
Getting Started Moduleshttps://www.ibm.com/developerworks/mobile/worklight/getting-started/
•Web based, searchable database
•Configuration and installation information
•API references
•Command line instructions
•Living document
•PDF modules covering environment and programming
•Downloadable, working code samples
•Whitepapers covering security, integration, and configuration
•Samples and modules updated with each Worklight release
•Forum for discussing Worklight development
•Moderated by Worklight product management
•Provides direct access to IBM development resources
•Ability to search for known issues or answers
© 2013 IBM Corporation6969Marco Dragoni