Upload
jacob-greene
View
234
Download
2
Tags:
Embed Size (px)
Citation preview
© 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
DataPower – 硬體與軟體的完美結合
IBM China Software Development LabMatt Lee
2 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
Agenda
What is “Appliance” Why do we need Appliance DataPower
– What’s DataPower SOA Appliance?
– Use cases DataPower and Web2.0 Summary
3 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
What is “Appliance”
Wikipedia:
– Appliance may refer to a device with a narrow function:
– Home appliance, routine household tasks, using electricity or some other energy input.
– Small appliances– Major appliances
– In medicine and dentistry, custom-fitted appliances to an individual for the purpose of correction of a physical or dental problem such as prosthetic, orthotic appliances, and dental braces.
– Computer appliance, a computing device with a specific function and limited configuration ability
– Fire apparatus, a fire engine or fire truck in British English
4 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
What is “Appliance” Cont.
Software Appliance
– Software application combined with just enough operating system (JeOS) for it to run optimally on industry standard hardware (typically a server) or in a virtual machine.
Virtual Appliance
– software appliance packaged in a virtual machine format as a virtual appliance
Hardware Appliance
– Software appliance on a piece of hardware prior to delivery to the customer
5 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
Why do we need Appliance?
Customers want an easier way to
– Install
– Configure
– Deploy solutions Customers also wants a solution
– All tested together
– Easier to maintain With Hardware, we
– Improve the performance, takes DataPower as an example
6 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
DataPower
7 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
IBM’s acquisition of DataPower
Software
Skills &Support
An SOA Appliance…
WebSphere DataPower SOA Appliances redefine the boundaries of middleware extending the SOA Foundation with specialized,
consumable, dedicated SOA appliances that combine superior performance and hardened security for SOA implementations.
Simplifies SOA with specialized devices Accelerates SOA with faster XML throughputHelps secure SOA XML implementations
Creating customer value through extreme SOA performance and security
8 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
IBM SOA Appliance Product LineSpecialized network devices simplify, help secure & accelerate SOA
Accelerates XML processing and transformation
Increases throughput and reduces latency
Lowers development costs
The ESB appliance
Transforms messages (Binary to XML, Binary to Binary, XML to Binary)
Bridges multiple protocols (e.g. MQ, HTTP)
Routes messages based on content and policy
Integrates message-level security and policy functions
Help secure SOA with XML threat protection and access control
Combines Web services security, routing and management functions
Drop-in, centralized policy enforcement
Easily integrates with exiting infrastructure and processes
XML Accelerator XA35
XML Security Gateway XS40
Integration Appliance XI50
9 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
IBM SOA Appliance Deployment Summary
XMLXMLXSLXSL
InternetInternet
XMLXMLHTMLHTMLWMLWML
XA35XA35 ClientClientoror
ServerServer
XS40XS40
Tivoli Access
Manager------------Federated
Identity Manager
HTTP XML REQHTTP XML REQ
HTTP XML RESPONSEHTTP XML RESPONSE
Web Services Web Services ClientClient
LEGACY REQLEGACY REQ
LEGACY RESP LEGACY RESP REP
LY Q
REPLY
Q
XI50XI50
IP FirewallIP FirewallInternetInternet
Web TierWeb Tier
SecuritySecurity
Integration & Management TiersIntegration & Management Tiers
Application ServerApplication Server
Application Server Web ServerApplication Server Web Server
DataPower XS40
DataPower XS40
Tivoli Access Manager
WebSphere App Server
MQ Server
Web service client
Nortel L7 Module
Tivoli NetView
DataPower XS40
DataPower XS40
Tivoli Access Manager
WebSphere App Server
MQ Server
Web service client
Nortel L7 Module
Tivoli NetView
DataPower XS40
DataPower XS40
Tivoli Access Manager
WebSphere App Server
MQ Server
Web service client
Nortel L7 Module
Tivoli NetView
ITCAM for SOA
`
Client
10 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
Why an Appliance for SOA? Integrated
– Many functions integrated into a single device
– Addresses the divergent needs of different groups (architects, operators, developers)
– Integrates well with other IBM SWG and standards-based products Hardware reliability
– Dual power supplies, no spinning media, self-healing capability, failover support Security
– Higher levels of security assurance certifications require hardware (HSM, government criteria)
– Inline application-aware security filtering and intrusion protection Higher performance with hardware acceleration
– Wire-speed application-aware parsing and processing
– Ability to perform costly XML security operations without slow downs Consumabilty
– Simplified deployment and management: up in minutes, not hours
– Reduces need for in-house SOA skills & accelerates time to SOA benefits
11 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
Typical DataPower Use Cases Monitoring and control
– Example: centralized ingress management for all Web Services using ITCAM SOA Deep-content routing and data aggregation
– Example: XPath (content) routing on Web Service parameters Functional acceleration
– Example: security processing; WSS encryption, decryption, authentication, signatures Application-layer security and threat protection
– Example: XML Denial-of-Service protection Protocol and message bridging
– Example: Convert to WS to legacy Cobol/MQ
Service Providers
Clients
In-the-clear SOAP/HTTP
MaliciousSOAP/HTTP
In-the-clear SOAP/HTTP
SOAP
SOAP
SOAP
Cobol/MQ Appl
Cobol/MQ
Encrypted and Signed SOAP/HTTP
12 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
Use Case: Monitoring and Control
Service Requester
Service Provider
Centralized monitoring
Enforcement point for centralized policies
– WS Registry and Repository integration
– Support for WS-Policy forthcoming
ITCAM SOA
Centralized monitoring and management point for all WS traffic
– Out-of-the-box service-level monitoring and throttling
– ITCAM SOA provides dashboard
– Centralized logging
13 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
Web Services Management Service Level Management
WSM
Configure and install in minutes Hierarchical Service Level at WSDL, service, port, operational level Flexible actions when reaching a threshold: notify/alert, shape, throttle Threshold for both overall requests and failures Graphical display
14 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
Use Case: Deep-Content Routing/Aggregation
Route based on
– IP information
– SSL parameters
– HTTP headers
– XPath on XML/SOAP
Load balancing Enrich and aggregate messages with
data from
– A remote Web Service
– A database
Service Providers
DataPower
XPath RoutingUnclassified
Requests
Message enrichment
SQL
DB
15 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
Use Case: Application-layer Security and Threat Protection
Filter based on:
– IP criteria
– SSL information
– HTTP header
– XPath on SOAP/XML XDoS protection Well-formedness checking Schema validation
Service Originator
Service Provider
XDoS protection
Access is blocked
Malicious SOAP/XML
Message security
– WS-Secure Conversation
– WS-Trust
– WS-Policy (coming) Access control
– TAM, TFIM, RSA, Netegrity, Oblix,..
– SAML 2.0 (partial)
– LDAP, RADIUS, XKMS
16 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
XML ThreatsSecurity Risks Growing
XML well-formedness checking XML schema validation XML Entity Expansion and
Recursion Attacks XML Document Size Attacks XML Document Width Attacks XML Document Depth Attacks XML Wellformedness-based
Parser Attacks Jumbo Payloads Recursive Elements MegaTags – aka Jumbo Tag
Names Public Key DoS XML Flood Dictionary Attack
Message Tampering Data Tampering Message Snooping XPath Injection SQL injection Routing Detour Schema Poisoning Memory Space Breach XML Encapsulation XML Virus Falsified Message Replay Attack …others
17 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
Access Control AAA Framework Diagram - Authenticate, Authorize, Audit
Extract Identity
Extract Resource
Authenticate
AuthorizeAudit &
Accounting
SAMLWS-SecuritySSL client certHTTP Basic-Auth
SAML assertionNon-repudiationMonitoring
Web Service URISOAP op nameTransfer amount
DataPower AAA Framework
SOAP/XML
Message
SOAP/XML
Message
External Access Control Server or On-Board Policy
Map Credentials
Map Resource
18 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
Use Case: Bridging
Application formats– EDI
– Cobol CopyBook
– CORBA
– CICS
– ISO 8583
– CSV
– ASN.1
– ebXML
– Web 2.0
Transport protocols
– HTTP
– MQ
– SSL
– Compression
Clients Cobol/MQ Application
(eg. IMS, CICS)
DataPower
Format and transport bridging
Cobol/MQRequest
MQ QueueManager
XSLT
– XPath 1.0 (with some 2.0)
– XSLT 1.0 (with some 2.0)
– Internal schema support
– External schema support
SOAP/HTTPRequest
19 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
DataGlue’s “any-to-any” Transformation
InputInputMessageMessageFormatFormat
XML
OutputOutputMessageMessageFormatFormat
Text
Binary
Other
Binary
XML
Text
Other
Transform Disparate Data Formats (XML, Binary, Text, etc.) Broker data between previously siloed systems Simplifies Reuse of and Connectivity to existing systems Promotes loose coupling Transformation of data on the wire enables integration without coding
20 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
DataPower and Web2.0
21 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
Web
Enterprise
RESTJSON
XML RSS
ATOM
DB2
LegacyCICSIMS
J2EE
App ServerWAS, CE, Tomcat
WPS, ESB, Portal
SOAPWS-* JMS
MOM
Bridging Web (WOA) and Enterprise SOA?
This is what Web 2.0
means to us (for now)
22 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
Web 2.0 Case Study:A Simple (yet Complex) “Todo List” Web Service
Web Service (SOAP) Provider
SOAPClients
GetHandle
AddTask
ShutDown
23 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
24 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
25 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
26 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
Web 2.0 Case Study - DataPower SOA Value
Web Service (SOAP) Provider
SOAPClients
GetHandle
AddTask
ShutDown
GetHandle
AddTask
ShutDown
Can add DataPower to enable management, acceleration, app-level threat protection, routing, and more
27 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
Web 2.0 Case Study – JSON-RPC Bridging
Web Service (SOAP) Provider
AJAXClients
JSON SOAPGetHandle
AddTask
ShutDown
GetHandle
AddTask
ShutDown
…{"Task": "Dry cleaning: shirt, pants, and 20% discount coupon“}…
Perform format translation from JSON to SOAP (and vice versa)
28 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
Web 2.0 Case Study – Simplified REST Bridging
Web Service (SOAP) Provider
RESTClients
SOAPGetHandle
AddTask
ShutDown
Hide underlying “conversational” exchange from the REST interface
POST /jerry/todos HTTP/1.1Host: cuomo.orgAuthorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==Content-Type: text/xmlContent-Length: 62<Item> Have fun: try the scenic drive up the Outer Banks</Item>
29 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
Another type of REST request to add another task
30 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
A REST request to get the task list in text
31 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
A REST request to get the task list in XML
32 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
Web 2.0 Case Study – ATOM Interface
Web Service (SOAP) Provider
ATOMFeed
Reader
HTTP GET /jerry/todos
SOAPgetList
Provide ATOM feed interface to back-end Web Service
33 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
34 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
Web 2.0 Case Study Summary
Web Service (SOAP) Provider
DataPower
SOAPClients
AJAXClients
RESTClients
ATOMReader
Enabled SOAP, JSON-RPC, REST, and ATOM interfaces with zero changes to backing Web Service using today’s DataPower XI50
35 © 2007 IBM Corporation
2007 【 IBM developerWorks 開發者大會】
IBM developerWorks| Oct 2007
Summary – What we have discussed today:
What is “Appliance” Why do we need Appliance DataPower
– What’s DataPower SOA Appliance?
– Use cases DataPower and Web2.0