Embed Size (px)
Citation preview
Bendigo and Adelaide Bank Uses Hybrid BlueMix and API Management Patterns to Reduce Time-to-Market
IBM InterConnect 2016
PaulWinters,Director,[email protected]
AshAustin,SeniorMidrangeSystemsSpecialist,[email protected]
Agenda• Business drivers• System context: BlueMix Public, BlueMix
Dedicated and IBM API Management• Security controls • Reusable and Secure Patterns
Business Drivers
New digital projects too slow and expensive
Inability to deliver innovative business initiatives to customers
New disruptive competitors
Heavy regulatory environment
Increasing use of third-party developers and partnerships
System Context
Public BlueMixSystem of Engagement
IBM API Management [inc. DataPower]
Customers and Staff
Dedicated BlueMixSystem of Engagement
ESB and Core BankingSystems of Record
Bendigo Datacenter
IBM Security Access Manager[inc. WebSEAL]
Microsoft Active Directory Federation Services
IBM API Management
Third Party Website
Staff
Security Controls
IBM API Management Runtime
IBM DataPower
Firewalls Load balancers
Microsoft ADFS and AD
IBM Security Access Manager and ISDS
IdentityLayer
AccessLayer
NetworkLayer
IBM API Management
WebSEAL
Unauthenticated Public Website Access
Public BlueMix
IBM API Management
Customers and Staff
Dedicated BlueMix
ESB and Core Systems
Bendigo Datacenter
IBM Security Access Manager
Microsoft Active Directory Federation Services
Third Party Website
IBM API Management
Authenticated Website Access for Staff
Public BlueMix
IBM API Management
StaffESB and Core Systems
Bendigo Datacenter
IBM Security Access Manager
ADFSThird Party Website
IBM API Management
Staff
Dedicated BlueMix
Public API with Application ID
Public BlueMix
IBM API Management
Dedicated BlueMix
ESB and Core Systems
Bendigo Datacenter
IBM Security Access Manager
Microsoft Active Directory Federation Services
Third Party Website
Customers and Staff
IBM API Management
Secure API with Application ID
IBM API Management
Dedicated BlueMix
ESB and Core Systems
Bendigo Datacenter
IBM Security Access Manager
Microsoft Active Directory Federation Services
Customers and Staff
Third Party Website
IBM API Management
Public BlueMixSystem of Engagement
Secure Web Application Access for Staff
Public BlueMix
IBM DataPower
Staff
Dedicated BlueMix
ESB and Core Systems
Bendigo Datacenter
Microsoft Active Directory Federation Services
IBM Security Access Manager
Third Party Website
IBM API Management
Pulling it all together: an example using multiple patterns
IBM API Management
Staff
Admin application running on Meteor
.NET system of record
Bendigo Datacenter
Microservice built with Express and Compose.ioMongoDB
ADFS
WebSEAL
NodeJS Web Server
Third Party Website
IBM API Management
Customers
Secure API with User Authentication[Work in Progress]
IBM API Management
Dedicated BlueMix
ESB and Core Systems
Bendigo Datacenter
Federated Identity Management
Microsoft Active Directory Federation Services
Customers and Staff
Third Party Website
IBM API Management
Public BlueMix
Summary
Implemented BlueMix Public, BlueMix Dedicated and IBM API Management
A need to improve time-to-market and reduce cost
A set of repeatable secure patterns are being used that fit most scenarios
�
For more information check out these sessions:• 6371A (Inner Circle): Transforming for Rapid Innovation:
The Bendigo and Adelaide Bank Story• CCD-5407: Borderless Hybrid Applications on Bluemix
Public, Dedicated and Local• HAM-3190: Citi Transforming IT: Connecting Mobile and
Cloud Applications to Systems of Record through APIs• HAM-6355: SecureGatewaysinBanking:Real-LifeScenarios
atSberbank
