More Related Content
Similar to 2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management (20)
2015/06/12 - IBM Systems & Middleware - IBM DataPower and API Management
- 1. © 2015 IBM Corporation
IBM DataPower
and
API Management
Rui Garcia dos Santos
IBM Systems & Middleware
Phone: +351-21.892-7843 x3843
Mobile: +351-91.560-1841
E-mail: Rui.Garcia.Santos@pt.ibm.com
- 2. © 2015 IBM Corporation2
Public Cloud
IBM Cast Iron
Synching data with
SaaS apps to
leverage new cloud
economy
Private Cloud
BPM
WAS DB
DB
CICS
DB2
SAP
.JCAPs
.NET
Pattern
Pattern
IMS
ODM
DB
Mobile
Internet of Things
Trading partner
communities
IBM Integration Bus
Integration Bus provides
universal connectivity for
heterogeneous environments
across enterprise processes,
applications, and data
IBM MQ and MQ Appliance
Messaging backbone provides
reliable transport and data
delivery across data center
IBM PureApplication
System
Enterprises looking to achieve
“more with less” by better
managing IT resources as
collectives
IBM Mobile First
Platform
Productive multi-
device
development and
management
IBM MQTT
Reliable, efficient,
scalable messaging
for mobiles and
sensors
DMZ DMZ
IBM DataPower Gateway
Integration Gateway for secure &
controlled access to enterprise
resources, while optimizing workload
delivery
Developer
Communities
IBM API Management
Manage your APIs to open
up access encouraging
innovation from App
Developers
IBM DataPower Gateway
with B2B module
B2B Integration Gateway for
secure collaboration with
communities of trading
partners
IBM MessageSight
High throughput
internet scale
messaging
IBM DataPower
Gateway (Virtual
Appliance)
Same capabilities in
virtual form factor
WebSphere Service
Registry and
Repository
SOA Governance
IBM Connectivity & Integration offerings
- 4. © 2015 IBM Corporation4
SOA Security & Integration Operational Scenario
1. External Party makes Web Service request
(Web Services = HTTPs with SOAP Payload)
8. Transform XML
9. Switch protocol (e.g. HTTP to MQ)
10. Route based on content
External Systems: different
division, partners,
consumers…: WS, REST,
JSON… Interfaces
FI Owned Systems
External Systems
Payment
Interfaces/Protocols
HTTP MQ JMS DB FTP
Account
Aggregation
Invoice/
Payment
Broker
Portal
Customer
Portal
14. Send to security layer
13. Transform response
12. Switch protocol
11. Aggregate response
17. Send response back
16. Encrypt & Sign
15. Filter response
Protocol switch
Content Routing
Transform XML
Authenticate
Authorize
Audit
Decrypt XML
Verify Sign.
Validate
6. Insert security token (e.g. SAML, Kerberos)
7. Send request to integration layer
Identity Mgmt
System (Tivoli,
LDAP, etc)
Core Enterprise Systems
Account
Services
ERPHRCRM Credit Card
IBM DataPower Gateway with Integration
2. Verify Signature
3. Decrypt & Validate
4. Access Identity Mgmt System
5. Authenticate & authorize
Request
Message
Response
Message
Payment
other
MQ, JMS,
FTP, HTTP,
etc.
HTTP
Secure Zone Integration Layer
HTTP
IBM DataPower Gateway
DMZ Security Layer
- 5. © 2015 IBM Corporation5
Applications
and Systems
Silos of security & control are impeding business agility
DEVELOPERSPARTNERS CONSUMERS
EMPLOYEES
WEBMOBILEB2B SOA APIS
PARTNERS
DEVELOPERS
API
GATEWAY
B2B
GATEWAY
SOA
GATEWAY
WEB
ACCESS
PROXY
MOBILE
GATEWAY
Business
Channels
Users
Security &
Control
Solutions
CLOUD
ALL
CLOUD
GATEWAY
CONSUMERS
EMPLOYEES
z SystemMiddleware
ESBApplication Service
- 6. © 2015 IBM Corporation6
Applications
and Systems
DEVELOPERSPARTNERS CONSUMERS
EMPLOYEES
WEBMOBILEB2B SOA APIS
PARTNERS
DEVELOPERS
Business
Channels
Users
Security &
Control
Solutions
CLOUD
ALL
CONSUMERS
EMPLOYEES
Reduce cost + improve security & control with a single gateway
z SystemMiddleware
ESBApplication Service
Virtual appliance Physical appliance
DataPower Gateway
- 7. © 2015 IBM Corporation7
Capabilities
Rapidly deliver secure integration & optimized access for a full range of workloads
• Secure & protect your back-end systems from
harmful workloads and unauthorized users & apps
• Convert payloads, bridge transports and connect
to existing services at wire-speed
• Limit & shape traffic based on service level
agreements, and route based on message content
• Improve response times, reduce load on
backend systems and intelligently distribute load
Secure
Control
Integrate
Optimize
Before DataPower Gateway After DataPower Gateway
Control
Integrate
Optimize
SecureConsumer
Consumer
Consumer
Consumer
- 8. © 2015 IBM Corporation8(2U Physical, Virtual Edition)
IBM DataPower Gateway: New HW and Module Approach
ISAM
Proxy
Module
Integration
Module
B2B
Module
AO
Module
TIBCO
EMS
Module
IBM DataPower Gateway is the new name of a consolidated, extensible & modular platform
Converges three existing products, XG45 / XI52 / XB62, into a single modular offering
Available in physical and virtual form factor
Physical Appliance
2U rack mount appliance using latest generation hardware platform
Two base editions: Non-HSM and HSM (FIPS 140-2 Level 3 certified)
Each software module is licensed separately
Virtual Edition
Three flavors: Developer, Non-Production, Production
Developer includes all software modules, except TIBCO EMS
Non-Production includes all software modules, except TIBCO EMS & ISAM Proxy
Production: Each software module is licensed separately
Supports V7.1
& above
Single Security & Integration gateway platform to provide security, integration, control & optimized access to a full range of
Mobile, API, Web, SOA, B2B, & Cloud workloads
All software modules are
field upgradeable
- 9. © 2015 IBM Corporation9
Modules
ISAM Proxy Module
User access control, session
management, web SSO enforcement
Advanced mobile security: mobile
SSO, context-based access, one-
time password, multi-factor authn
Integration with ISAM for Mobile
Application Optimization
Module
Frontend self-balancing
Backend intelligent load distribution
Session affinity
z Sysplex Distributor integration
Integration
Module
Any-to-Any message transformation
Database connectivity
Mainframe IMS connectivity
B2B Module
B2B DMZ gateway
EDIINT AS1,AS2,AS3,ebXML
Partner profile management
B2B transaction viewer
Any-to-Any message transformation
Database connectivity
TIBCO EMS
Module
Integrate with TIBCO EMS
messaging middleware
Support for queues & topics
Load balancing & fault-tolerance
IBM DataPower Gateway (Base)
Secure
Authentication, authorization
Security token translation
Service / API virtualization
Threat protection
Message validation
Message filtering
Message digital signature
Message encryption
AV scanning integration
Integrate
Transport protocol bridging
Message enrichment
Message transformation &
processing using JavaScript,
JSONiq, XQuery, XSLT
Mainframe integration &
enablement
Flexible pipeline message
processing engine
Control & Manage
Service level management
Quota & rate enforcement
Content-based routing
Message accounting
Integration w/ management &
visibility platforms including
IBM API Management &
WSRR for policy enforcement
Optimize & Offload
SSL / TLS offload
Hardware accelerated crypto*
JSON, XML offload
JavaScript, JSONiq, XSLT,
XQuery acceleration
Local response caching
Distributed caching with WXS
or XC10
Backend load balancing
Physical, Virtual or Cloud Edition*)
Single, modular & extensible platform
*) Coming with 7.2 on Softlayer & Amazon EC2
- 10. © 2015 IBM Corporation10
Highlights of DataPower V7.2 – June 2015
Amazon EC2 and Softlayer CCI support for increased deployment flexibility on public
cloud environments
Enhanced hybrid cloud integration using Secure Gateway service to securely
connect between IBM Bluemix applications and on-premise services secured using
DataPower Gateways
Stronger cloud and on-premise security with support for Elliptic Curve
Cryptography (ECC), Server Name Indication (SNI), and Perfect Forward Secrecy
(PFC) to protect against malicious protocol attacks
Mobile security enhancements for securing access to REST services using JSON
Web Encryption (JWE), JSON Web Signature (JWS), JSON Web Key (JWK) and
JSON Web Token (JWT)
Easier integration between Systems of Engagement and System of Record solutions
with XML support using GatewayScript, JavaScript-based runtime.
New management API based on a REST architecture for managing DataPower
configuration, enabling easier DevOps.
Increased transactional reliability with enhanced IMS database support
Distributed caching support with IBM WebSphere eXtreme Scale 8.6+
- 12. © 2015 IBM Corporation12
What is a Business API?
A Business API is a public persona for an enterprise; exposing defined assets, data
or services for public consumption
A Business API is simple for app developers to use, access and understand
A Business API can be easily invoked
What Value Does a Business API Provide?
Extends an enterprise and opens new markets by allowing external app
developers to easily leverage, publicize and/or aggregate a company’s
assets for broad-based consumption
What “assets, data or services”
are exposed via a Business API?:
Product catalogs
Store listings
Order status
Inventory
Social interaction
Business API = Web API = Product
App Developer
- 13. © 2015 IBM Corporation13
Does this sound familiar?
A repeatable
business task –
e.g., check customer
credit; open new
account
A Service
A way of thinking about
your business through
linked services and the
outcomes that they
bring
Service Orientation
Service Oriented
Architecture (SOA)
An business-centric architectural
approach based on service
oriented principles
13
Most characteristics
of a good service are
“hidden” in this definition
- 14. © 2015 IBM Corporation14
APIs are not a new name for SOA Services
There are many similarities – but one very important difference:
The objective they are intended to achieve
APIs SOA
“How can I increase
the pace of
innovation?”
“How can I increase the agility
and effectiveness of
delivery?”
Reuse → Speed to deliver
Sharing → Expediency
Encapsulate → Less to learn
Reuse → Effort to deliver
Sharing → Effectiveness
Encapsulate → Less to change
- 15. © 2015 IBM Corporation15
Differences and Value of API and SOA
• SOA
– Mostly internal
– Integration and exposing current Services
– Integration of Backend Data & Applications
– Increase the Agility and effectiveness of delivery
• API
– Mostly external
– Increasing Revenue
– Extending customer Reach & Value
– Supporting Sales & Marketing Activities
– Stimulating Business & Technical Innovation
- 16. © 2015 IBM Corporation16
Business Design is an end-to-end Endeavor
- 17. © 2015 IBM Corporation17
Who is the Audience?
If you are not clear on the audience you have no clue what makes a good API
In 2014 More than 80% of API use cases were internal
APIs are the currency of Cloud and Mobile – often good places to start
What do they want?
Exposing “what you have” as an API isn’t particularly useful
Good APIs are simple to understand and use
There is an art to a “delightful API experience”
Many APIs may not last very long, that is an opportunity not a problem
Under what terms and conditions
are you willing to share?
Un-managed APIs quickly lead to chaos
Business Ts&Cs are important (Plans)
Its not a one-way street, give and take
Make sharing easy
Three Questions Lead to Good APIs
https://developer.ibm.com/apimanagement/2015/05/07/how-to-get-to-two-speed-it/
- 18. © 2015 IBM Corporation18
Summary: API Economy Value Chain
- 19. © 2015 IBM Corporation19
Cars.com
example:
Consumer View
- 22. © 2015 IBM Corporation
IBM DataPower
and
API Management
Rui Garcia dos Santos
IBM Systems & Middleware
Phone: +351-21.892-7843 x3843
Mobile: +351-91.560-1841
E-mail: Rui.Garcia.Santos@pt.ibm.com