1 / 40

IBM WebSphere DataPower SOA Appliances Simplify, Help Secure & Govern Your SOA

IBM WebSphere DataPower SOA Appliances Simplify, Help Secure & Govern Your SOA. Sidney Antflick AP WebSphere Sales Leader antflick@au1.ibm.com. Agenda. WebSphere DataPower Overview SOA Appliances’ Deployment & Scenario Summary Why an Appliance is Smart for SOA

ralida
Télécharger la présentation

IBM WebSphere DataPower SOA Appliances Simplify, Help Secure & Govern Your SOA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IBM WebSphere DataPower SOA Appliances Simplify, Help Secure & Govern Your SOA Sidney Antflick AP WebSphere Sales Leader antflick@au1.ibm.com

  2. Agenda • WebSphere DataPower Overview • SOA Appliances’ Deployment & Scenario Summary • Why an Appliance is Smart for SOA • WebSphere DataPower SOA Appliance Portfolio: • Integration Appliance XI50 • XML Security Gateway XS40 • XML Accelerator XA35 • Major Categories of SOA Appliance Functionality • Summary

  3. WebSphere DataPower SOA Appliances redefine the boundaries of middleware extending the SOA Foundation with specialized, consumable, dedicatedSOA appliances that combine superior performance and hardened security for SOA implementations. WebSphere DataPower SOA Appliances An SOA Appliance… Creating customer value through extreme SOA connectivity, performance and security • Simplifies SOA and accelerates time to value • Helps secure SOA XML implementations • Governs and enforces SOA/Web services policies

  4. DataPower: Market leader in integration and SOA appliances Accepted and supported world-wide Leads with standards in SOA, Security, Policy, etc. Used by banks, insurance cos., mutual funds telcos, federal and local governments, healthcare, general business WebSphere DataPower SOA AppliancesExceptional growth and acceptance

  5. WebSphere DataPower SOA Appliances Address Critical Connectivity Issues Simplicity Robustness Speed Governance

  6. Why an Appliance for SOA? • Hardened, specialized hardware for helping to integrate, secure & accelerate SOA • Many functions integrated into a single device: • Impact: connectivity will require service level management, routing, policy, transformation • Higher levels of security assurance certifications require hardware: • Example: government FIPS Level 3 HSM, Common Criteria • Enables run-time SOA governance and policy enforcement • Impact: dynamically control service availability, security, performance, and endpoint selection • Higher performance with hardware acceleration: • Impact: ability to perform more security checks without slow downs • Addresses the divergent needs of different groups: • Example: enterprise architects, network operations, security operations, identity management, web services developers • Simplified deployment and ongoing management: • Impact: reduces need for in-house SOA skills & accelerates time to SOA benefits • Proven Green / IT Efficiency Value • Example: Appliance performs XML and Web services security processing as much as 72x faster than server-based systems • Impact: Same tasks accomplished with reduced system footprint and power consumption

  7. Why an Appliance for SOA?TCO: DataPower Appliance vs. Software Based SolutionTop 10 Financial Services Company in North America • Study compared expanding an existing software based solution vs. starting fresh with DataPower appliances • Three primary drivers: • Reduce maintenance burden associated with software based solution. • Reduce overall yearly costs. • Increase throughput and scale solution to meet growth in business. Cumulative Cost of Ownership over 3 years SoftwareAppliance Infrastructure Operating Costs $1,728,000 $38,400 Application Development/Maintenance $118,800 $30,096 Capital Costs $1,268,640 $231,000 Product Maintenance charges $435,456 $78,000 Installation & Deployment $28,800 $2,000 Total$3,579,696 $379,496 Note: above figures obtained from cost accounting dept, not IT

  8. Why an Appliance for SOA? Configuration vs. Programming Configuration driven Web GUI Drag & Drop Workflow Style Implement Complex Policies No Programming, Less Errors All Functions Available via CLI & SOAP Interface

  9. REPLY Q IBM SOA Appliance Deployment Basic Examples Integration & Governance LEGACY REQ  HTTP XML REQ HTTP XML RESPONSE  XI50 LEGACY RESP  Web Services Client ITCAM for SOA WSRR Security Tivoli Access Manager ------------ Federated Identity Manager XS40 Internet IP Firewall Application Server Acceleration XML HTML WML XML XSL XA35 Client orServer Application Server Web Server Internet

  10. Integration Appliance XI50 • Hardware ESB • “Any-to-Any” Conversion at Wirespeed • Bridges multiple protocols • Integrated message-level security XML Security Gateway XS40 • Enhanced Security Capabilities • Centralized Policy Enforcement • Fine-grained authorization • Rich authentication XML Accelerator XA35 • Offload XML processing • No more hand-optimizing XML • Lowers development costs WebSphere DataPower SOA Appliance Product Line

  11. Shape = Transport protocol Color = Data format ESB Provide Service EnrichmentThe ESB An Enterprise Service Bus (ESB) is a flexible connectivity infrastructure for integrating applications and services. An ESB performs the following between requestor and service • MATCHES & ROUTES communications between services • CONVERTSbetween different transport protocols • TRANSFORMSbetween different data formats • IDENTIFIES & DISTRIBUTES business events

  12. Integration Appliance XI50Purpose-built hardware ESB for simplified deployment and hardened security • Redefines the boundaries of middleware with specialized hardware • Many functions integrated into a single device • Simplified deployment and ongoing management • Routes messages based on content and policy • Secures services on the network with sophisticated web services access control, policy enforcement, message filtering, and field-level encryption • Optimized to bridge between leading standard protocols at wirespeed, including web services, messaging, files, and database access • Enables transformation between a wide range of data formats, including XML, legacy, and industry standards, and custom formats • Captures and emits events to facilitate web services management and enable business visibility in Business Activity Monitoring solutions

  13. SOA U M B M M B B NIVERSAL ESSAGING ACKBONE ESSAGING ESSAGING ACKBONE ACKBONE Service Extend your ESB to partners and customersWebSphere DataPower XML Security Gateway XS40 • XML firewall and filtering helps stop SOA threats • Message-level encryption and access control enforcement • Web services Authentication, Authorization & Auditing • Helps promote Compliance (e.g. PCI, Sarbanes, etc) ESB WebSphere DataPower XML Security Gateway XS40 Message

  14. XML Security Gateway XS40Web service threat protection and message security • Centralizes XML security and policy enforcement • Hardened security appliance for DMZ deployments • Configuration-driven interface reduces need for specialized SOA skill sets • Heterogeneous interoperability enables secure integrations with partners, customers, and/or vendors • Secures next-generation applications with an XML and SOAP firewall that filters any content, metadata, or network variables at wirespeed. • Validates XML schemas and messages, protecting against XML attacks, buffer overflows, or vulnerabilities in malformed XML documents. • Provides field-level XML security through encryption/decryption and signing/verification of entire messages or individual XML fields. • Supports a variety of access control mechanisms, and can control access by rejecting unsigned messages and verifying signatures within SAML assertions.

  15. XML Accelerator XA35Centralized XSLT Management, Offload XML Processing • Wirespeed XML/XSLT/XPath Processing • Schema validation, XML compression, XML caching • SSL termination and acceleration • Easy configuration and administration • Accelerates XML processing and SSL termination/acceleration, increasing throughput, decreasing latency, and reducing server workload. • Innovative XML pipeline processing and XML caching reduce impact of increased XML traffic, improving scalability of resource intensive applications. • Performs XML schema validation to ensure incoming/outgoing XML documents are legitimate and properly structured. • Fully integrated with industry standard IDEs such as Altova XML Spy and Eclipse allows developers to design, debug and deploy against a single XML and XSLT processor, saving valuable cycles from pilot to production.

  16. WebSphere DataPower Appliances Benefits • Flexible Connectivity: an XML appliance shields the applications from security requirements, protocol changes and service versioning - no application modifications needed • Reduce Complexity: Replace software servers functionality with an XML appliance, reduce infrastructure footprint, and off-load heavy processes to dedicated XML appliances • Lower TCO: Dedicated XML appliances have shown to reduce operational costs by as much as 50% • Improved Agility by Reduced Time to Market: dramatically decrease the testing time and amount of development required to upgrade your environment, most policies are configuration driven as opposed to development driven • Reduce Risk: the XML appliance provides the connectivity layer without requiring application modification, and delivers improved security and audit support • Configuration Driven: The XML appliance is configuration driven to do policy definitions, it does not involve development to support your infrastructure

  17. Governance Connectivity / Integration Security Performance Interoperability Consumability WebSphere DataPower Base Qualities & Features diagram key WSDL WSRR Strategic Theme Major Quality Service Level Management Off-box Management Specific Feature UDDI WS-Policy DataGlue WS-SIB Smart SOA FTP/ FTPS Database Connectivity Enterprise Service Bus WS-MQ Tibco EMS WS-TX SSL / TLS Hardened WS-SecureConversation Role-Based Management Maslow’s Hierarchy of Enterprise Needs Flexible WS-Federation Web App Firewall WS-SecurityPolicy WS-Security LDAP XACML TAM / TFIM Optimally tuned firmware XG4 Crypto Acceleration XG3 Clustering and High Availability IBM patented technology WS-* Standards SOAP XSD Schema de facto Standards XSLT HTTP 1.1 .Net SKI WS-I Basic Profile XML Hardware & Firmware Tightly Coupled Eclipse Plug-In Web GUI SOAP Management Multistep SNMP v3 CLI Monolithic, Secured Firmware ITCAM for SOA

  18. Governance Connectivity / Integration Security Performance Interoperability Consumability WebSphere DataPower 3.7.1 Feature Additions diagram key Strategic Theme Major Quality WSRR / WS-Policy Integration Specific Feature MQ Ordered Messaging Improved Database Connectivity Updated MQ sync point support Enhanced Tibco connectivity Updated WS-SecurityPolicy Maslow’s Hierarchy of Enterprise Needs Updated XACML support MQ Tibco WS-Policy interop with BEA and MSFT Improved WTX interop Configuration Profiler Locator beacon Customer-driven enhancements CLI Install Wizard Out of the box SNMP configuration WS-Policy GUI Improvements RBM integration

  19. Governance Connectivity / Integration Security Performance Interoperability Consumability WebSphere DataPower 3.7.1 Feature Additions Governance integration Further improvements in central policy control diagram key Strategic Theme Major Quality WSRR / WS-Policy Integration Specific Feature MQ Ordered Messaging Broader applications for MQ More business problems can be solved in existing MQ environments Database Stored Procedure return value Updated MQ support Enhanced Tibco connectivity Policy-driven SSL cert validation LDAP bind-search-rebind Maslow’s Hierarchy of Enterprise Needs AAA cache invalidation control Centralized security policy enhancements Easily enable and disable users from one central location Interop for fast time to value Testing and validation MQ Ordered Messaging Tibco enhancements WS-Policy interop with BEA and MSFT Improved WTX interop Configuration Profiler Locator beacon Even easier to operate and manage For handling larger deployments and new users alike Usability improvements Configuration Mediations CLI Install Wizard GUI Improvements Better RBM LDAP integration

  20. Centralized policy and governance between WSRR and DataPower WSRR administrator submits WS-Policy and WSDL DataPower subscribes to and enforces Policy on WSDL endpoints Policy-driven security and flexibility improvements Policy-driven SSL client cert validation AAA cache invalidation improvements for performance and policy enforcement LDAP bind-search-rebind semantics useful for large LDAP repositories (for example) WebSphere family enhancements to satisfy a greater class of applications (financial services, etc.) MQ Ordered messaging improvements MQ browse, better sync point support, more automated ReplyQ behavior, better backout queue support WTX interop Configuration file handling for better production elevations Profiler to identify non-standard practices Environment-specific configuration mediation components (IP addresses, variables) Interoperability with other products for even better heterogeneous environment support Database stored procedure return value support WS-Security Policy interop testing and validation with Microsoft .net and BEA WL 10 ActiveDirectory search improvements for role-based management Tibco support improvements Active/passive server config Improved LB/failover behavior Connectivity enhancements Better url-open timeout control, per-transaction timeout, non-XML input size reporting Other Usability, Serviceability improvements for better operations MOTD and banner support, CLI Wizard, SNMP ease-of-use etc. Expanded support for native code sets. Data traffic can be sent in DBCS and other code sets. (http://www-306.ibm.com/software/globalization/icu/index.jsp) Domain deletion safety Ethernet interface disable control Better workflow with in-situ file viewer / edit Internal Load Balancer programmatic control WebSphere DataPower SOA Appliances v3.7.1 – Latest Innovations in Firmware

  21. Deployment Scenarios for Advanced Connectivity federated extranet Internet intranet Demilitarized Zone Demilitarized Zone legacy enterpriseapplication internaluser Internetuser XI50 5. Legacy transformation XS40 Packet Filter Packet Filter Packet Filter Packet Filter 3. Internal security SOA platform XS40 XS40 Internet SOAP enabledenterprise application XI50 1. Helps protect against incoming attacks; Incoming access control 4. Web services management 2. Outgoing access control, SAML injection, role mappings

  22. Hardware superiority • High reliability (swappable redundant components, whole-box VRRP-style failover, careful design, RAID 1 for HDD options, non-HDD options avail) • High security assurance • physical intrusion detection • crypto acceleration • signed firmware • only Ethernet and serial ports • XS40 and XI50 • locked-down structure (undergoing CC EAL4) • HSM option (FIPS-140-2 Level 3) • High performance (dedicated tightly optimized HW and FW engineering, XG4 available, crypto, low latency and high throughput, patented technology) • Monitoring and management (self-monitoring and self-healing, rich remote monitoring and administrative capabilities) “The DataPower [XS40]... is the most hardened ... it looks and feels like a datacenter appliance, with no extra ports or buttons exposed… " - InfoWorld

  23. Simplicity without sacrifice • WSDL-based policy creation • Hierarchical policies applied at WSDL, service, port, operation level • Drag & drop policy creation screen allows flexible chaining of operations • Configure and install in minutes Ease of Use Example – Graphical User Interface providing drag and drop services, in order desired, for XML filtering, signing, verification, schema validation, encryption, decryption, transformation, routing, access control, service level monitoring, and advanced operations

  24. DataPower’s Unique Appliance AgilityHardware Performance + Highly Customizable Configuration • More future-proof solution required for today's emerging SOAs: • Evolving specifications, varied corporate policies, changing security requirements • Efficient Processing needed for XML Web services integration • High Customization required for broad-based SOA • DataPower Agility (“DA”) Architecture Enables Flexibility & Performance: • Advanced Patented XML Processing Engine for wirespeed performance • Customizable XML configuration files for highly flexible configuration • Easily adapts to changes in standards, service requirements and customer needs • Benefits: • No need to wait for software or hardware code change, QA, and patch upgrade • Quicker time to market and reduced maintenance cost

  25. Integration across the IBM Software Portfolio • Mature integration within WebSphere software portfolio • WebSphere MQ with WebSphere DataPower: 4+ years, numerous customers • Industry-leading SOA Runtime Governance with WSRR + DataPower • Many more examples: WTX for data maps, WS-Security for WMB • Auto-configure XML firewall by importing WebSphere service descriptors • Complete SOA Security and Management solution with Tivoli products • Robust enterprise integration through native DB2 and IMSConnect • Deliver data as Web services into new or existing SOA solutions with DataPower/Data Studio integration • IBM Autonomic Integration – CBE/CEI Certified WebSphere MQ, HTTP, JMS, Web Services WSRR, WTX, WS-Security WS-Policy RAD, Eclipse IMSConnect TAM, TFIM, ITCAM4SOA, WS-Trust, SAML,XACML LDAP, SNMP, Syslog, AMP, NetView SQL, Xquery, Data Studio

  26. Integration with the Competition • Standards-based integration with third party vendors • Tighter integration with some key competitors • No platform dependencies – hardware or software • Exceptional interoperability through industry profiles and testing LDAP SAML XACML LDAP SAML SNMP LDAP, OCSP XKMS HTTP/SOAP HTTP SQL HTTP/SOAP, MQ HTTP/SOAP SQL SNMP XML SQL HTTP/SOAP HTTP EMS HTTP UDDI

  27. Customer Success Stories

  28. Major Credit Card ProviderStandard Security Across All Platforms Challenge • Consistently & securely deliver online services to members that could be shared, integrated & flexible to meet specific needs • Web services infrastructure needed to support highly secure data routing with daily high volume & sensitive nature of information Solution • Implemented WebSphere DataPower XML Security Gateway XS40 to form the backbone of Web services infrastructure • Content-based message routing • Security policy enforcement & data encryption • Helps to ensure safe & efficient flow of confidential customer data • Integrated seamlessly into existing heterogeneous environment increasing interoperability & promoting reuse Benefits • Secure SOA on standards-based platform • Easily reuse Web services throughout enterprise • Boosts productivity of IT staff • Substantially shorten time to market for new services • WebSphere DataPower XML Security Gateway XS40 • WebSphere Application Server

  29. Top 5 BankContent Based Load Balancing Clients Challenge • Existing shared integration infrastructure for Retail Bank unstable and unscalable (120 servers, 480 JVM’s!!!) • Require content-based load balancing solution to be extended to offload functionality from existing solution Solution • Implemented WebSphere DataPower Integration Appliance XI50: • Primary function of XI50 is content-based load balancer for HTTP(s) and MQ traffic • Additional tier of XI50’s planned for proxying to backend services (MQ, HTTP and IMSConnect) Benefits • Able to handle traffic bursts from third party partners • Enhanced security on existing message flows • Sophisticated mechanism for proactive identification and “route away” from degrading JVM’s • Broken through their “scaling barrier”, able to do more with less cost 5 12 Providers • WebSphere DataPower Integration Appliance XI50 • WebSphere MQ

  30. Online Service ProviderScalable & Secure Online Transactions Challenge • To deploy a more scalable infrastructure for supporting secure online transactions and enhancing the scalability, manageability & reliability of IT environment. Solution • Implemented WebSphere DataPower Integration Appliance XI50 & WebSphere DataPower XML Security Gateway XS40. • The XI50 provides message and protocol mediation functions and interfaces with the TIBCO messaging bus. • The XI50 secures, transforms & routes web services calls to the appropriate service providers. • The XS40 is deployed in the DMZ for web services security-enforcement by performing a full range of security functions. Benefits • Increased scalability and security for high volume online income tax preparation as well as credit card authorization services. • Faster to implement than software-only solution with significantly lower maintenance costs. • WebSphere DataPower Integration Appliance XI50 • WebSphere DataPower XML Security Gateway XS40

  31. WachoviaSecure SOA Integration of Web Services and Legacy Systems Challenge • High profile Check 21 initiative to leverage SOA • Enhance ATM message integration • Replace legacy system reducing cost, enhancing security Solution • Deployed WebSphere DataPower Integration Appliance XI50 • Message-level security & XML threat protection Benefits • Improved efficiency with on-demand routing of remote deposits from branch office ATMs • SOA message-level security, content validation, & threat protection • Reduced VAN charges by using HTTP without sacrificing security compliance • Reallocated resources to focus on core business tasks WebSphere DataPower Integration Appliance XI50

  32. System z SOAP/HTTP XI50 Client XS40 • WebSphere DataPower Integration Appliance XI50 • WebSphere DataPower XML Security Gateway XS40 • WebSphere MQ Charles SchwabESB Infrastructure Challenge • 1) New web services security for internal and external applications and 2) replace existing ESB/RR Bus • Previous home-grown ESB (called RR Bus) was unmanageable with 48 servers at end of 2007, with dramatically increased loads expected in 2008 Solution • Implemented WebSphere DataPower XML Security Gateway XS40 and WebSphere DataPower Integration Appliance XI50 • 2 DataPower XS40 XML Security Gateway Appliances provide standards-based web services security for Internet and intranet applications • RR Bus – 4 DataPower XI50 Integration Appliance XI50s replaced 48 servers Benefits • Offered new service to business partners: Secure Web Services • Simplification of the home grown routing solution – easier to support and maintain 4 appliances vs. 48 servers • Forecasted ROI with break even mid way through year one • High-performing routing of transactions to mainframe SOP/HTTP

  33. RouteOne LLCLeveraged SOA to Integrate & Connect People, Process and Finance Information Challenge • Deploy a single highly secure, scalable & flexible credit system Solution • Deployed WebSphere DataPower XML Security Gateway XS40 to simplify, help secure & accelerate • Service based integration of backend systems with on-line & Web services • Connected 22,000 franchised Automotive Dealers, including DaimlerChrysler, Ford Motor Co, General Motors & Toyota, to a single highly secure, scalable and flexible credit application management system Benefits • Reduced function in numerous existing heterogeneous systems • SOA Appliance architecture offers central point of control, manageability & scale • Dynamic credit applications shorten processing times WebSphere DataPower XML Security Gateway XS40

  34. Commonwealth of Massachusetts Executive Office of Health & Human ServicesSOA Governance & Interaction Among Heterogeneous Applications Challenge • Introducing “synchronous” messages of existing services for both internal and external users • Threat protection risk for Web services • SLA imposed high performance requirements • Ease of integration with existing platform Solution • Implemented WebSphere DataPower Integration Appliance XI50 for easy Web services management, wirespeed performance & flexibility • Deployed as a reverse proxy, providing schema validation & trust formations • Augmented existing in-house service bus & WebSphere MQ Benefits • WebSphere DataPower reduces EOHHS’s monthly total cost of ownership expenses • Satisfied EOHHS’ security & reliability concerns • Centralized Web services management • No measurable impact on existing infrastructure • Accelerated SOA adoption across the enterprise • Effectively integrates emerging standards with legacy systems and data • WebSphere DataPower Integration Appliance XI50 • WebSphere MQ

  35. SprintESB for Policy Enforcement of SOA Challenge • To deploy an ESB that provides message security & mediation functions in a highly reliable & scalable fashion, while keeping capital expenditures, development & minimal ongoing management costs Solution • Implemented WebSphere DataPower Integration Appliance XI50 in the DMZ & the Enterprise Network • The XI50s accept HTTP/SOAP traffic and provide policy enforcement for external users • Filtering & validating incoming XML traffic • Authentication & authorizing users • Routing messages to appropriate end points based on defined rules • Converting XML to binary • Mediating between HTTP, SOAP, MQ Benefits • ESB that is scalable, easy-to-deploy, quick to configure & simple to manage • Faster time to market enables Sprint to meet project deadlines • WebSphere DataPower Integration Appliance XI50 • WebSphere MQ

  36. MIB Group, Inc. SOA Security & Integration Challenge • Difficult to modify home-grown custom software application • Adopt SOA to increase revenues, while reducing costs & increasing the security of the service Solution • Deployed WebSphere DataPower Integration Appliance XI50 for SOA security and to transform & route messages • Acts as a gateway by forwarding messages to System z mainframe to be checked against database • Integrates ACORD XML services with existing WebSphere MQ • Integrates SchemaTron validate to generate XSLT to load the generated XSLT onto the XI50 for runtime execution & filtering Benefits • More than 10 times faster than internally developed custom software • Fraud-protection processes are faster, more secure & less error prone • Web service allows MIB to offer more services to customers while reducing overhead cost • WebSphere DataPower Integration Appliance XI50 • WebSphere MQ • System z

  37. Customer Testimonials • "What DataPower brought to the table for us was an extremely high performance level for the exact same function at, honestly, a better price point…They’re a full order of magnitude faster than our software-based solution was…It’s really reduced the amount of additional time that’s incurred in processing our security functions.” • Lincoln Fellingham “IBM’s sophisticated WebSphere integration software, DB2 database and REST Web services are enabling us to maintain our leadership position by building a secure and powerful SOA on our zSeries enterprise server, thereby protecting our existing investments in technology while building a foundation for the future.” - Alexander Klevitsky

  38. Summary – IBM Specialized Hardware for Smart SOA Connectivity • Hardened, specialized product for helping integrate, secure & accelerate SOA • Many functions integrated into a single device • Broad integration with both non-IBM and IBM software • Higher levels of security assurance certifications require hardware • Higher performance with hardware acceleration • Simplified deployment and ongoing management http://www.ibm.com/software/integration/datapower/ SOA Appliances: Creating customer value through extreme SOA performance and security • Integrates SOA with specialized devices • Accelerates SOA with faster XML throughput • Helps secure SOA XML implementations

  39. Thank you

More Related