Embed Size (px)
Citation preview
© 2015 IBM Corporation
IBM DataPowerand
API Management
Rui Garcia dos SantosIBM Systems & Middleware
Phone: +351-21.892-7843 x3843Mobile: +351-91.560-1841
E-mail: [email protected]
© 2015 IBM Corporation2
Public Cloud
IBM Cast Iron Synching data with SaaS apps to leverage new cloud economy
Private Cloud
BPM
WAS DB
DBCICS
DB2
SAP
.JCAPs
.NETPattern
Pattern
IMS
ODM
DB
Mobile
Internet of Things
Trading partner communities
IBM Integration BusIntegration Bus provides universal connectivity for heterogeneous environments across enterprise processes, applications, and data
IBM MQ and MQ ApplianceMessaging backbone provides reliable transport and data delivery across data center
IBM PureApplication SystemEnterprises looking to achieve “more with less” by better managing IT resources as collectives
IBM Mobile First PlatformProductive multi-device development and management
IBM MQTTReliable, efficient, scalable messaging for mobiles and sensors
DMZ DMZ
IBM DataPower Gateway Integration Gateway for secure & controlled access to enterprise resources, while optimizing workload delivery
DeveloperCommunities
IBM API ManagementManage your APIs to open up access encouraging innovation from App Developers
IBM DataPower Gateway with B2B moduleB2B Integration Gateway for secure collaboration with communities of trading partners
IBM MessageSightHigh throughput internet scale messaging
IBM DataPower Gateway (Virtual Appliance)Same capabilities in virtual form factor
WebSphere Service Registry and Repository SOA Governance
IBM Connectivity & Integration offerings
IBM DataPower
© 2015 IBM Corporation4
SOA Security & Integration Operational Scenario
1. External Party makes Web Service request
(Web Services = HTTPs with SOAP Payload)
8. Transform XML
9. Switch protocol (e.g. HTTP to MQ)
10. Route based on content
External Systems: different division, partners, consumers…: WS, REST, JSON… Interfaces
FI Owned SystemsExternal Systems
Payment
Interfaces/Protocols
HTTP MQ JMS DB FTP
AccountAggregation
Invoice/Payment
Broker Portal
CustomerPortal
14. Send to security layer
13. Transform response
12. Switch protocol
11. Aggregate response
17. Send response back
16. Encrypt & Sign
15. Filter response
Protocol switch
Content Routing
Transform XML
Authenticate
Authorize
Audit
Decrypt XML
Verify Sign.
Validate
6. Insert security token (e.g. SAML, Kerberos)
7. Send request to integration layer
Identity Mgmt System (Tivoli, LDAP, etc)
Core Enterprise SystemsAccountServices
ERPHRCRM Credit Card
IBM DataPower Gateway with Integration
2. Verify Signature
3. Decrypt & Validate
4. Access Identity Mgmt System
5. Authenticate & authorize
Request Message
Response Message
Payment
other
MQ, JMS, FTP, HTTP, etc.
HTTP
Secure Zone Integration Layer
HTTP
IBM DataPower Gateway
DMZ Security Layer
© 2015 IBM Corporation5
Applications and Systems
Silos of security & control are impeding business agility
DEVELOPERSPARTNERS CONSUMERS
EMPLOYEES
WEBMOBILEB2B SOA APIS
PARTNERS
DEVELOPERS
API GATEWAY
B2BGATEWAY
SOAGATEWAY
WEB ACCESS PROXY
MOBILE GATEWAY
Business Channels
Users
Security & Control
Solutions
CLOUD
ALL
CLOUD GATEWAY
CONSUMERS
EMPLOYEES
z SystemMiddleware
ESBApplication Service
© 2015 IBM Corporation6
Applications and Systems
DEVELOPERSPARTNERS CONSUMERS
EMPLOYEES
WEBMOBILEB2B SOA APIS
PARTNERS
DEVELOPERS
Business Channels
Users
Security & Control
Solutions
CLOUD
ALLCONSUMERS
EMPLOYEES
Reduce cost + improve security & control with a single gateway
z SystemMiddleware
ESBApplication Service
Virtual appliance Physical appliance
DataPower Gateway
© 2015 IBM Corporation7
CapabilitiesRapidly deliver secure integration & optimized access for a full range of workloads
• Secure & protect your back-end systems from harmful workloads and unauthorized users & apps
• Convert payloads, bridge transports and connect to existing services at wire-speed
• Limit & shape traffic based on service level agreements, and route based on message content
• Improve response times, reduce load on backend systems and intelligently distribute load
Secure
Control
Integrate
Optimize
Before DataPower Gateway After DataPower Gateway
Control
Integrate
Optimize
SecureConsumer
Consumer
Consumer
Consumer
© 2015 IBM Corporation8(2U Physical, Virtual Edition)
IBM DataPower Gateway: New HW and Module Approach
ISAM Proxy
Module
ISAM Proxy
Module
Integration Module
Integration Module
B2B Module
B2B Module
AO Module
TIBCO EMS
Module
IBM DataPower Gateway is the new name of a consolidated, extensible & modular platform Converges three existing products, XG45 / XI52 / XB62, into a single modular offering Available in physical and virtual form factor
Physical Appliance 2U rack mount appliance using latest generation hardware platform Two base editions: Non-HSM and HSM (FIPS 140-2 Level 3 certified) Each software module is licensed separately
Virtual Edition Three flavors: Developer, Non-Production, Production Developer includes all software modules, except TIBCO EMS Non-Production includes all software modules, except TIBCO EMS & ISAM Proxy Production: Each software module is licensed separately
Supports V7.1 & above
Single Security & Integration gateway platform to provide security, integration, control & optimized access to a full range of Mobile, API, Web, SOA, B2B, & Cloud workloads
All software modules are field upgradeable
© 2015 IBM Corporation9
Modules
ISAM Proxy Module User access control, session
management, web SSO enforcement Advanced mobile security: mobile
SSO, context-based access, one-time password, multi-factor authn
Integration with ISAM for Mobile
Application OptimizationModule
Frontend self-balancing Backend intelligent load distribution Session affinity z Sysplex Distributor integration
Integration Module
Any-to-Any message transformation Database connectivity Mainframe IMS connectivity
B2B Module B2B DMZ gateway EDIINT AS1,AS2,AS3,ebXML Partner profile management B2B transaction viewer Any-to-Any message transformation Database connectivity
TIBCO EMSModule
Integrate with TIBCO EMS messaging middleware
Support for queues & topics Load balancing & fault-tolerance
IBM DataPower Gateway (Base)Secure
Authentication, authorization Security token translation Service / API virtualization Threat protection Message validation Message filtering Message digital signature Message encryption AV scanning integration
Integrate Transport protocol bridging Message enrichment Message transformation &
processing using JavaScript, JSONiq, XQuery, XSLT
Mainframe integration & enablement
Flexible pipeline message processing engine
Control & Manage Service level management Quota & rate enforcement Content-based routing Message accounting Integration w/ management &
visibility platforms including IBM API Management & WSRR for policy enforcement
Optimize & Offload SSL / TLS offload Hardware accelerated crypto* JSON, XML offload JavaScript, JSONiq, XSLT,
XQuery acceleration Local response caching Distributed caching with WXS
or XC10 Backend load balancing
Physical, Virtual or Cloud Edition*)
Single, modular & extensible platform
*) Coming with 7.2 on Softlayer & Amazon EC2
© 2015 IBM Corporation10
Highlights of DataPower V7.2 – June 2015
Amazon EC2 and Softlayer CCI support for increased deployment flexibility on public cloud
environments
Enhanced hybrid cloud integration using Secure Gateway service to securely connect
between IBM Bluemix applications and on-premise services secured using DataPower
Gateways
Stronger cloud and on-premise security with support for Elliptic Curve Cryptography (ECC),
Server Name Indication (SNI), and Perfect Forward Secrecy (PFC) to protect against
malicious protocol attacks
Mobile security enhancements for securing access to REST services using JSON Web
Encryption (JWE), JSON Web Signature (JWS), JSON Web Key (JWK) and JSON Web
Token (JWT)
Easier integration between Systems of Engagement and System of Record solutions with
XML support using GatewayScript, JavaScript-based runtime.
New management API based on a REST architecture for managing DataPower configuration,
enabling easier DevOps.
Increased transactional reliability with enhanced IMS database support
Distributed caching support with IBM WebSphere eXtreme Scale 8.6+
IBM API Management
© 2015 IBM Corporation12
What is a Business API? A Business API is a public persona for an enterprise; exposing defined assets, data
or services for public consumption A Business API is simple for app developers to use, access and understand A Business API can be easily invoked
What Value Does a Business API Provide? Extends an enterprise and opens new markets by allowing external app
developers to easily leverage, publicize and/or aggregate a company’s assets for broad-based consumption
What “assets, data or services” are exposed via a Business API?: Product catalogs Store listings Order status Inventory Social interaction
Business API = Web API = Product
App Developer
© 2015 IBM Corporation13
Does this sound familiar?
A repeatable business task –
e.g., check customer credit; open new
account
A Service
A way of thinking about your business through linked services and the
outcomes that they bring
Service Orientation
Service Oriented Architecture (SOA)
An business-centric architectural approach based on service
oriented principles13
Most characteristics
of a good service are
“hidden” in this definition
© 2015 IBM Corporation14
APIs are not a new name for SOA Services
There are many similarities – but one very important difference:
The objective they are intended to achieve
APIs SOA
“How can I increase the pace of
innovation?”
“How can I increase the agility and effectiveness of
delivery?”
Reuse → Speed to deliverSharing → ExpediencyEncapsulate → Less to learn
Reuse → Effort to deliverSharing → EffectivenessEncapsulate → Less to change
© 2015 IBM Corporation15
Differences and Value of API and SOA• SOA
– Mostly internal– Integration and exposing current Services– Integration of Backend Data & Applications– Increase the Agility and effectiveness of delivery
• API– Mostly external– Increasing Revenue – Extending customer Reach & Value– Supporting Sales & Marketing Activities– Stimulating Business & Technical Innovation
© 2015 IBM Corporation16
Business Design is an end-to-end Endeavor
© 2015 IBM Corporation17
Who is the Audience? If you are not clear on the audience you have no clue what makes a good API In 2014 More than 80% of API use cases were internal APIs are the currency of Cloud and Mobile – often good places to start
What do they want? Exposing “what you have” as an API isn’t particularly useful Good APIs are simple to understand and use There is an art to a “delightful API experience” Many APIs may not last very long, that is an opportunity not a problem
Under what terms and conditions are you willing to share? Un-managed APIs quickly lead to chaos Business Ts&Cs are important (Plans) Its not a one-way street, give and take Make sharing easy
Three Questions Lead to Good APIs
https://developer.ibm.com/apimanagement/2015/05/07/how-to-get-to-two-speed-it/
© 2015 IBM Corporation18
Summary: API Economy Value Chain
© 2015 IBM Corporation19
Cars.com example: Consumer View
Cars.com example: Provider View
© 2015 IBM Corporation21
Questions?
© 2015 IBM Corporation
IBM DataPowerand
API Management
Rui Garcia dos SantosIBM Systems & Middleware
Phone: +351-21.892-7843 x3843Mobile: +351-91.560-1841
E-mail: [email protected]
