How IBM leads building mobile cloud solutions · IBM Mobile Client Access for Bluemix provides mobile application security and monitoring functionality, enabling both client logging

Thought Leadership White PaperCloud

How IBM leads building mobile cloud solutionsImplementing the CSCC Customer Cloud Architecture for Mobile

2 How IBM leads building mobile cloud solutions: Implementing the CSCC Customer Cloud Architecture for Mobile

IntroductionThis paper shows how IBM products can be used to support the best practices provided in Customer Cloud Reference Architecture for Mobile,1 a paper published by the Cloud Standards Customer Council (CSCC). The architectural capabilities described in the CSCC document can be used to develop mobile hosting environments using private, public or hybrid cloud deployment models. This IBM paper describes the best practices for using cloud computing to host the services and components required to support the mobile ecosystem.

Using cloud computing to support mobile devices is a natural for several reasons. For one, mobile apps tend to have time-variable usage patterns. As the number of requests coming from mobile devices increases or decreases, the scalability and elasticity of cloud make it easy to change the amount of resources provided to the devices accordingly.

In addition, cloud computing architectures provide offline capabilities, making them a good choice for companies that aren’t always connected to the Internet.

IBM provides first class product support for mobile cloud architecture, helping customers make the most of its many benefits. IBM® MobileFirst™ helps customers build, integrate, and manage mobile apps and devices at scale. IBM MobileFirst Platform Foundation is designed for cloud, and has the flexibility to be deployed in IBM SoftLayer® (IBM’s Infrastructure as a Service (IaaS) offering) or in IBM Bluemix® (IBM’s Platform as a Service (PaaS) offering, deployed on SoftLayer). Combined with MobileFirst and IBM API Management, IBM’s security and data storage portfolios can support safe, managed, and scalable mobile capabilities in business solutions.

Contents 2 Introduction

3 Requirements – Designed for mobile – Innovation through mobile

4 Non-functional requirements

4 Architecture overview

6 Component model – Mobile device – Public network components – Provider cloud services components – Enterprise network components – Complete picture

18 IBM mobile component models – Bluemix services mapping to capabilities

20 Scenarios: Enable enterprise business functionality on mobile

– 1. Mobile banking – 2. Omni-channel retail experience

29 Deployment consideration – IBM SoftLayer (Infrastructure as a Service) – IBM Bluemix (Platform as a Service)

31 Conclusion

31 For more information

31 Acknowledgements

32 References

IBM Cloud 3

• Making existing business functionalities available as a service on mobile devices. These functionalities could include commerce applications, marketing applications, local government applications, facility management applications, cloud applications, and HR applications such as IBM Kenexa®.

• Enabling business processes on mobile devices.• Enabling business process performance dashboards on

mobile devices for exceptional customer experience.• Enabling customized and individualized marketing messages.• Enabling team members to measure business performance

on mobile devices.

New business functionalities built for mobileMobile provides new ways of interacting with users and the enterprise ecosystem. This includes innovative ways of collaborating and executing transactions, applications and business processes on mobile devices. These capabilities are based on new business processes and applications that are designed for mobile devices.

To be “designed for mobile” means enabling new functionalities and business value specifically for mobile devices, rather than just making existing functionalities available on mobile devices. The following capabilities are needed when designing new business functionalities for mobile:

• Using pre-built mobile business apps• Measuring and analyzing exceptional customer experience

on mobile devices• Communicating with the customer on mobile devices• Securing and managing mobile device endpoints • Understanding customer behavior and customer digital

experience on mobile devices

This paper will first explain the requirements for mobile in cloud. It will then show how IBM supports the capabilities and components in the CSCC Cloud Customer Reference Architecture for Mobile, with scenarios illustrating the application of IBM products. This paper clearly shows that IBM is able to support this architecture in public cloud, hybrid cloud, and private cloud — including both dedicated and on-premises deployments.

RequirementsEnabling mobile capabilities with cloud can make it faster and easier to deploy business functionalities from the enterprise ecosystem. Enterprises typically want to support mobile for one or more of these reasons: to enable the enterprise ecosystem on mobile, to enable new business functionality on mobile, or to enable innovation through mobile. This section of the paper will review some common requirements for enabling each of these three goals.

Designed for mobileEnterprise ecosystemAn enterprise’s ecosystem is a 360-degree view of all the elements that help the organization function. The ecosystem includes partners, customers, and vendors, as well as internal functions like sales, marketing, finance, and HR. Enabling the ecosystem on mobile means making sure that the entire ecosystem can access the tools they need to run the business on mobile devices.

Best practices suggest that existing web-based solutions, business functions, business processes, and business performances need to be completely redesigned for mobile, rather than just ported over to mobile browsers. The following steps can help enable the enterprise ecosystem on mobile:


As enterprises take their journey from viewing to transacting to collaborating using mobile devices, various capabilities are identified that are required to support the end-to-end mobile app lifecycle. In the mobile app lifecycle hosted on cloud, there are three stages that need to be considered:

1. Developing and deploying a mobile app2. Running and hosting a mobile solution3. Supporting mobile app end users

This paper focuses on how IBM supports the core components of mobile hosting, along with integration with the on-premises enterprise network. The architecture guidance presented here assumes that mobile apps have already been developed and deployed. As a result, information regarding IBM support for service and app development is provided in a separate paper.

Figure 1 illustrates the high-level architecture of a mobile cloud solution. The architecture has four tiers that IBM supports, each containing a subset of components:

• Mobile device• Public network, which connects the device to the mobile

cloud services• Provider cloud environment, where the various cloud

services exist• Enterprise network, containing existing enterprise

applications, services and data

The following sections provide a summary of each of the major components, their capabilities, and how IBM supports them. Note that the double-arrow symbol next to several of the components in Figure 1 represents that these components should be deployed on a scalable cloud infrastructure that is highly available, and is not a single point of failure.

Innovation through mobileThe always-with-you nature of mobile devices can create new business opportunities for organizations. The following capabilities illustrate opportunities for new business innovation using mobile devices:

• Designing new mobile workflows that use location services for customer engagement

• Creating new business models using location services and NoSQL databases

• Real-time fraud detection, alerts and remediation• Continuous streaming of live data for emergency alerts

Non-functional requirementsNon-functional and operational requirements, like any business application, are important. These requirements include things like security, privacy, scalability, high availability, consumability and extensibility. The combination of cloud and mobile helps meet these requirements by providing exceptional support for capacity management, resiliency, backup, disaster recovery, and mobile device management.

Architecture overview The mobile cloud architecture guidance provided by this paper can help enterprises understand common architectures that have been used successfully in numerous enterprise deployments conducted by IBM, and how to implement them using IBM products and partners.

This paper shows how IBM products and services can be used to manage mobile devices, and connect to core cloud components such as mobile gateways, mobile backends, mobile business applications, data services and security services. At the same time, data can be pulled from enterprise systems and put into a format that can be leveraged on mobile devices.

IBM Cloud 5

MOBILE DEVICE PUBLIC NETWORK PROVIDER CLOUD ENTERPRISE NETWORK

OfflineCapabilities

Management Agent

Mobile App Mobile Gateway

Mobile Device Management

Mobile Backend

Mobile Business Applications

Data Services

API Management

Transformation & Connectivity

Enterprise Data

Enterprise User Directory

EnterpriseApplications

Mobile Provider Network

Edge Services

Application Component

Data Store Management

Infrastructure Services Device Capabilities

Security

color

Figure 1 : Cloud customer mobile architecture


Component model

Mobile deviceMobile app Mobile apps are the main vehicle for user engagement with services on mobile devices. Mobile apps contain two key components:

• Vendor frameworks: Provide access to device capabilities and features from the device manufacturer and/or mobile network provider, like Apple Pay, Google Wallet, and Core Data

• Enterprise software development kits (SDKs): Provide the ability to support communication with mobile backend services, using SDKs that can be consumed by mobile developers and can encapsulate client flows needed to access backend systems

The frameworks are provided by mobile operating system vendors like Apple, Google and Microsoft. IBM provides the MobileFirst Platform SDK that can help you develop native mobile apps, as well as reusable apps that can run on multiple mobile platforms.

Management agent A management agent installed on a mobile device applies enterprise policies, typically for devices that access sensitive enterprise data. IBM MobileFirst Protect Mobile Device Management (MDM), formerly known as Fiberlink MaaS360, provides secure cloud-based mobile device management, mobile application management, mobile content management, and enterprise app container capabilities.

Offline capabilitiesOffline capabilities provide the ability to work in disconnected mode, allowing users to store data securely on devices and then sync to the backend when a network becomes available.

IBM Cloudant® offers master-master replication and the ability to allow work in offline mode. These offline capabilities are enabled by client-side libraries that store and encrypt information while a device is disconnected, and then replicate the information once the device goes back online.

App securityIBM Mobile Client Access for Bluemix provides mobile application security and monitoring functionality, enabling both client logging and usage statistics. This service is part of IBM MobileFirst Platform Foundation, and enables mobile app developers to add enterprise identity providers or social identity providers as user login options.

Additionally, the IBM advanced threat protection solution for mobile can be leveraged by apps performing sensitive transactions. The IBM Security Trusteer® Mobile SDK helps enhance active protection, detect high-risk access and prevent attacks by cybercriminals from rooted mobile devices.

Enterprise SDKs

Frameworks

IBM Cloud 7

Public network components

Edge services Edge services are used to connect a mobile device and its apps to the right mobile gateway, using wifi or mobile provider networks. These services include:

• Domain name system server: Resolves the URL for a particular web resource to the TCP-IP address of the system or service, which can deliver that resource.

• Firewall: Controls communication access to or from a system, permitting only traffic that meets a specific set of policies. Firewalls can be implemented as separate dedicated hardware, as a component in other networking hardware such as load balancers or routers, or as integral software to an operating system.

• Load balancers: Provide distribution of network or application traffic across many resources (such as computers, processors, storage, or network links) to maximize throughput, minimize response time, increase capacity and increase reliability of applications. Load balancers can support any of the mobile components, but support is especially important for the mobile gateway and mobile backend.

• Content delivery networks (CDN): Provide geographically distributed systems of servers deployed to minimize the response time for serving resources to geographically distributed users. Using CDNs helps ensure that content is highly available and provided to users with minimum latency.

IBM Bluemix supports various services for DNS, firewalls, load balancing and CDN. Additionally, IBM Security Network Protection (IBM XGS) is a next-generation intrusion prevention system (IPS) that can be leveraged to monitor network traffic and provide protection from hidden security vulnerabilities. Finally, IBM DataPower® provides load balancing and SSL termination. It helps quickly secure, integrate, control and optimize access to a range of workloads through a single, extensible, DMZ-ready gateway.

Mobile provider networkThe mobile provider network is the provider of wireless communications that owns or controls all of the elements necessary to sell and deliver services to an end user. These elements include radio spectrum allocation, wireless network infrastructure, back-haul infrastructure, billing, customer care, provisioning computer systems, and marketing and repair organizations. IBM products work with any provider network.

Provider cloud service componentsAll the architecture components discussed below are either provided by the IBM Bluemix public cloud, IBM SoftLayer public cloud, or in private/on-premises clouds.

Mobile gatewayThe mobile gateway marks the entry point from a mobile app to the mobile-specific services for the solution. It typically offers a set of Internet-accessible APIs, and may be implemented by a common gateway across all channels into an API ecosystem. This section describes the different elements of the mobile gateway in more detail.

Domain NameSystem

Content DeliveryNetwork

Firewall

Load Balancer


IBM API Management on Cloud is a cloud-based service that provides mobile gateway functionalities for designing, securing, socializing and managing application programming interfaces (APIs). It provides a developer portal to attract application developers and foster the use of published APIs. An administration portal lets you establish policies for critical API attributes such as self-registration, quotas, key management and security policies. An analytics engine provides role-based insight for API owners, solution administrators and application developers. For more information on IBM API Management on Cloud, please refer to ibm.com/software/products/en/api-management-cloud.

IBM StrongLoop® API gateway also provides mobile gateway functionality. It acts as an intermediary gateway between API consumers (clients) and backend providers (API servers) that externalizes, secures and manages APIs.

Authentication/authorization The mobile gateway provides the ability to identify, authenticate and authorize users, with a variety of methods and token types like OAuth or OpenID, as well as biometric technologies like voice authentication.

The combined capabilities of IBM Security Access Manager and IBM DataPower deliver strong authentication capabilities to protect mobile and cloud APIs with contextual data-based policies.

IBM Security Access Manager simplifies user access management for mobile, web and cloud applications. The solution improves identity assurance with built-in flexibility, standards-based authentication schemes, and context-aware authorization.

The IBM DataPower Gateway is a multi-channel gateway that delivers advanced access control for mobile, API, web, SOA, B2B and cloud workloads, without complex configuration or custom code. By using the built-in transformation capabilities of the IBM DataPower Gateway, you can easily bridge rich web applications to more formal enterprise standards such as REST+JSON or SOAP+XML. IBM DataPower Gateway provides native support for JSON, REST and SOAP, which can help support new devices, social networking, cloud computing and software-as-a-service (SaaS) applications.

IBM Single Sign On for Bluemix is an authentication service that provides an easy-to-embed single sign-on capability for Bluemix-deployed web applications. The Single Sign On service supports several identity sources to perform user authentication:

• SAMLenterprise: a customer-supplied identity source with an exchange of SAML tokens that completes the authentication

• Cloud directory: a user registry that is hosted in the IBM Cloud

• Social identity sources: user registries that are maintained by Google, Facebook, or LinkedIn

Policy enforcement Mobile gateways can help enforce corporate policies during invocations from mobile devices.

With increasing user mobility and greater access to corporate applications and data, organizations need more intelligent controls to assess business risk prior to authorizing access to their information. Risk-based access management provides the ability to dynamically analyze user requests for access to business-sensitive applications, and apply business security policies to minimize the risk of improper data exposure or loss.

Policy Enforcement

API/InvocationAnalytics

API/Reverse Proxy

Authentification

IBM Cloud 9

Risk-based access policies are used to further strengthen access security beyond role-based and multifactor authentication. Risk-based access, also known as context-based access, evaluates resource access based on the context in which the user is requesting it.

Both DataPower and Security Access Manager for Mobile enforce established security policies (including risk-based access management) for incoming mobile requests. The IBM Mobile Client Access Bluemix service can also be used for security policy enforcement.

API/invocation analytics The mobile gateway can be used to capture data on API invocation, such as how often an API is invoked and who is invoking it.

IBM DataPower Appliance can be used as an integration engine for invoking APIs, providing invocation logs to analytics systems in the process. On-premises solutions can use IBM DataPower API management. The IBM Mobile Client Access Bluemix service can also be used for monitoring API invocation on Bluemix.

API/reverse proxy The mobile gateway can provide the entry point of an API, which is usually in a DMZ. It can then perform a reverse proxy to trace an API call to an implementation instance, such as an application in the mobile backend.

IBM Security Access Manager for DataPower provides a single security and integration gateway that offers consistent, policy-based enforcement, as well as advanced authentication, authorization and federation solutions across web, mobile, cloud, SOA, API and B2B applications.

Mobile backend The mobile backend provides runtime services to mobile applications, which implement server-side logic, maintain data, and use mobile services. The mobile backend includes an environment to run application logic and the implementation of APIs, which can communicate with the enterprise network, other services, and applications outside the service provider. It provides:

• Application logic/API implementation: Provides the implementation of the business logic being requested by the mobile app via defined APIs. The implementation may call on other services to provide required functions. A variety of runtimes, including Java and Node.js, can be used to code the business logic.

• Mobile app operational analytics: Provide the ability to do analytics on runtime flows, using data that the mobile backend collects and logs.

• Push notifications: Provide support for subscription and sending of push notifications. Mobile apps allow users to register and receive push notifications, while a mobile backend provides APIs for backend logic to push notifications to devices using the mobile provider network.

• Location services: Provide the ability to collect and use location data from mobile apps.

• Mobile data sync: Provides the ability to synchronize data that is stored in the backend. IBM Cloudant Bluemix service is a NoSQL DB service that provides the ability to work in disconnected and connected modes, and can synchronize the data on a device or across multiple Cloudant instances.

• Mobile app security: Interacts with security services to check authorization of users to perform app specific tasks.

App Logic/API Implement

Mobile AppOperational Analysis

Push Notifications

Location Services

Mobile Data Sync

Mobile App Security


IBM MobileFirst Platform Foundation supports all of these capabilities when used with Cloudant and Security Access Manager for Mobile. MFP can run in a Bluemix Docker container, in a SoftLayer bare metal server, in a VM in a customer data center, or in a server provisioned inside a customer data center.

IBM MobileFirst Platform Foundation provides a runtime to host application logic and API implementations. It also provides the operational analytics of the runtime flows from the backend, the gateway, and device management and business applications. Additionally, it provides push notification services (text and email messages) using the mobile provider networks. It has the capability to provide location services and mobile data sync services.

IBM Bluemix offers the AppScan Mobile Analyzer service for Android mobile applications to identify and address security issues in application code. Simply upload your APK file to the service. Once the scan is complete, download a security vulnerability report and remediate any detected vulnerabilities.

Mobile device managementMobile device management (MDM) focuses on managing devices, mostly in business-to-employee (B2E) scenarios. MDM offers services to keep track of enterprise-owned devices on many mobile platforms, and to manage devices that connect to corporate networks using management agents. MDM provides:

• Enterprise app distribution: Provides the ability to host enterprise catalogs, and to distribute enterprise applications to mobile devices if enterprise apps are not deployed to public app stores.

• Mobile device security: Interacts with security services to support enterprise security policies, including policies on accessing enterprise networks, password standards, encrypted documents, and device wiping.

• Device management: Provides the ability for an enterprise to view its organization-wide device usage (across many mobile platforms) and enables administrators to add, remove, wipe, and perform actions across all devices.

• Device analytics: Captures metrics on how employees use devices in order to improve device management.

IBM MobileFirst Protect provides MDM that secures and manages mobile devices, as well as mobile application management that manages apps and content. A management agent applies the policies of the enterprise, typically for devices that access sensitive enterprise data. MDM enforces and manages policies, including security policies, on the device. The MDM solution supports all popular mobile platforms, and allows users to install apps, apply updates, and monitor performance.

IBM Mobile Device Management is an IBM SaaS offering for managing and securing the mobile enterprise. The solution provides the capability to distribute enterprise apps, secures content and mobile devices from malicious access, and manages the addition, removal and wiping of content on mobile devices. It also captures access metrics for employees using the devices.

Mobile business applicationsMobile business applications represent the enterprise-specific or industry-specific capabilities that need to be available on devices that consume mobile services or drive communication with device users. These capabilities can provide the gateway to enterprise applications and data, and include their own analytics components to track usage. This section provides a summary of popular mobile business applications.

Enterprise AppDistribution

Mobile DeviceSecurity

Device Management

Device Analytics

IBM Cloud 11

Proximity services and analytics Proximity services and analytics applications provide insight into patterns of activity in a physical location, helping organizations optimize operations or facilitate next best actions. They can connect insights from digital activity and physical presence to enable unique engagement with users in a specific area.

IBM Presence Insights, formerly IBM Presence Zones, is a Bluemix service that helps you understand mobile activity in and around a physical location. These insights can fuel contextually relevant engagement strategies that optimize the user experience and increase in-app conversions. IBM Presence Insights helps companies understand patterns impacting business operations in malls, stadiums, airports and retail establishments to improve staffing and queue management. It accelerates the value of marketing transformation toward omni-channel commerce by infusing intelligent location awareness as part of your mobile engagement platform.

IBM Presence Insights enables you to:

• Execute intelligent engagement strategies and enable a richer user experience at the point of impact, based on precise location presence

• Optimize onsite operations by applying real-time analytics to mobile presence in and around a physical location to understand patterns and trends

• Accelerate the value of marketing transformation by capturing insights from physical presence as part of a broader omni-channel program

Campaign management Campaign management applications provide contextually relevant experiences to help better connect with mobile customers. This includes using different styles of push, including (Apple/Android) Passbook, Wallet and SMS solutions. These applications connect with the mobile backend services and help send personalized messages to mobile users and dynamic sets of individuals, based on expressed preferences. This component applies deep analytics to help marketers and app developers understand mobile user behavior, preferences and usage, thus enabling them to quickly deploy mobile campaigns with personalized and relevant offers in real time.

IBM Silverpop Engage® is an IBM SaaS cloud-based digital marketing platform that provides email marketing, lead management and mobile engagement solutions. Silverpop Engage enables marketers to use individual customer data and behaviors, collected from a variety of sources, to inform and drive personalized customer interactions in near real-time, delivering exceptional experiences for customers across the entire buyer journey.

IBM Silverpop Engage delivers:

• A cloud-based digital marketing automation platform that provides increased engagement and lead management

• A powerful interaction engine that delivers highly personalized customer communications, leveraging behavioral data and compelling customers to take action at a higher rate

• Multichannel marketing capabilities that allow you to deliver a consistent experience across all digital channels (email, mobile, web and social)

• Behavioral insights that help you understand the path to increased revenue

• A scalable, flexible marketing database that collects data from a variety of sources, creating a single customer identity

ProximityServices & Analytics

CampaignManagement

BusinessAnalytics & Reporting

Workflow/Rules


Silverpop Engage is the foundation for the IBM Marketing Cloud SaaS. The IBM Marketing Cloud enables the delivery of exceptional experiences for customers across the entire buyer journey by leveraging customer data, providing analytical insights and automating cross-channel interactions.

The IBM Marketing Cloud is part of IBM’s broader Marketing Solutions portfolio. IBM Marketing Solutions make it easier to design meaningful customer experiences across applications, devices and time, accelerating today’s results and tomorrow’s ambitions.

Business analytics and reporting Business analytics and reporting applications provide complete mobile visibility by capturing user information for mobile websites, including both network and client interactions, and touch-screen gestures such as pinching, zooming, scrolling, and device rotation.

These components can be used to build and manage an early warning system to detect mobile user problems. They can also provide proactive awareness into mobile application failures, usability issues or other obstacles that lead to failed transactions, abandonment, poor app store ratings and negative feedback. Finally, they can help quantify revenue impact and segmentation by analyzing specific mobile user behaviors or device attributes.

IBM Tealeaf® CX Mobile enables companies to apply Tealeaf’s powerful customer experience management solutions to their mobile websites, native applications and hybrid applications, including support for HTML5 and responsive web design (RWD). It provides expansive visibility into the mobile customer experience, helping deliver more successful mobile products and services. Tealeaf CX Mobile works with the Tealeaf CX platform and the Tealeaf Customer Behavior Analytics suite. Tealeaf CX Mobile helps companies:

• Optimize customer experiences across their mobile channels, including mobile web, HTML5 and RWD-based sites, as well as hybrid apps and native apps, for both iOS and Android

• Gain full mobile visibility by capturing user information and touch-screen gestures such as tapping, swiping, pinching, zooming, scrolling and device rotation

• Build and manage an early warning system to detect mobile user problems and provide proactive awareness into mobile application failures, usability issues or other obstacles

• Quantify revenue impact and segmentation with near real-time drag-and-drop analysis, based on specific mobile user behaviors or device attributes

• Quickly find and isolate problems within mobile customer sessions — for both individual customers and aggregates —with powerful ad hoc discovery and segmentation

Workflow/rules Workflow applications control the flow of information at various points in the mobile architecture. A mobile client is integrated and synchronized with mobile business applications, mobile backend and enterprise systems that are potentially based on different workflow /rules engines.

The Workflow for Bluemix service makes it easy for you to create workflows that orchestrate and coordinate the REST-based services that you use in your apps. The JavaScript-based Workflow language lets you define interactions between any services. By offloading all the service interactions to the Workflow service, your application becomes easier to understand, maintain and evolve. Your workflows are run and managed in a robust and scalable way, regardless of whether your workflow and services run for milliseconds or days.

IBM Cloud 13

IBM Bluemix Business Rules enables developers to spend less time recoding and testing when business policies change. The Business Rules service minimizes your code changes by keeping business logic separate from application logic. The business rules created by the service can be used to optimize complex workflows.

Workflows built using the IBM BPM can also be enabled on mobile devices. IBM BPM is the modeling and execution engine for building, deploying, managing and governing business processes.

API management API management capabilities advertise the available services endpoints to which the mobile gateway has access. It provides API discovery, catalogs, connection of offered APIs to service implementations, and management capabilities, such as API versioning.

• API discovery/documentation: Provides the ability for mobile developers to find and use APIs securely.

• Management: Provides a management view into API usage by mobile apps, using information from the mobile gateway and backend.

IBM API Management enables you to create, assemble, manage, secure and socialize web APIs. It provides a developer portal to attract and engage application developers and foster use of published APIs. An administration portal allows you

to establish policies for critical API attributes such as self-registration, quotas, key management and security policies. An analytics engine provides role-based insight for API owners, solution administrators and application developers, in order to manage your APIs and ensure your service levels are being achieved.

API Management offers a wide array of API and service management features, including:

• Easily customize APIs: API business owners can customize their developer portal with their branding to advertise, market, socialize and sell APIs.

• Secure and scale: Manage access to APIs using a combination of API keys and secret keys.

• Manage and monitor capabilities: Extract API usage and analytics data to quickly react to new opportunities.

• Empower developers: Quickly create and collaborate internally and externally to foster innovation and creativity.

• Simplify application development: Rapidly create APIs from existing business assets or cloud services, through configuration and a no-coding approach.

IBM StrongLoop creates APIs that connect mobile, IoT and web apps to the enterprise, using Node.js as the vehicle to deliver these capabilities. StrongLoop APIs provide an efficient, mobile-ready way to visualize, create, and manage APIs. StrongLoop is a part of the IBM MobileFirst Platform Foundation.

API Discovery/Documentation

Management


Data services Data services enable mobile apps to store and access data. Mobile applications deal with data from many different sources, including enterprise systems and social networks. Data is often stored in a form suitable for rapid access by mobile apps, and sometimes includes (potentially transformed) extracts of enterprise data. Data services can include:

• Mobile app data / NoSQL: Stores data in a form that is easily and rapidly consumed by mobile apps

• File repositories: Provide the ability to store static files, such as PDFs and content

• Caches: Provide the ability to cache data for fast access by mobile apps

IBM Cloudant is a NoSQL database platform built for the cloud. You can use Cloudant as a fully managed DBaaS running on public cloud platforms like IBM SoftLayer, or via an on-premises version called Cloudant Local, which you can run on the private, public, or hybrid cloud platform of your choice. Cloudant has a RESTful API, which makes it easy to access from any language or PaaS offering, such as IBM Bluemix or IBM MobileFirst Platform Foundation. What makes Cloudant unique is its ability to spread data across data centers and devices, thus pushing data to the network edge for faster access and greater fault tolerance.

Compose, an IBM Company, also provides a suite of scalable databases in the cloud to deliver relational and non-relational cloud database services to web and mobile app developers. Compose offers MongoDB, Elasticsearch, RethinkDB, Redis, and PostgreSQL as services.

Object Storage for Bluemix is a file repository service for storing static files, such as PDFs and content.

IBM Data Cache for Bluemix is a caching service that supports distributed caching scenarios for web and mobile applications.

Security servicesSecurity services enable access management, so that only authorized users can securely access mobile cloud services. This component also provides protection of data across mobile devices and cloud services, and enables visibility to create actionable security intelligence across cloud and enterprise environments. Read this section to learn about some key security services for mobile.

Identity and access management This service identifies and authorizes the user, providing risk-based and context-based access to mobile and cloud services. This includes user management, authentication, identity federation, single sign-on, and mobile access management capabilities. These capabilities are also leveraged by other components in the architecture; for instance, mobile gateway enforces user authentication and mobile access management, while enterprise secure connectivity enables security services to connect to enterprise security systems, such as LDAP registries.

Mobile App Data/NoSQL

File Repositories

Cache

Security Intelligence

Identity &Access Management

Data & ApplicationProtection

IBM Cloud 15

IBM Security Identity Manager enables organizations to drive effective identity management and governance across the enterprise for improved security and compliance. Now also available as a virtual appliance, IBM Security Identity Manager automates the creation, modification, recertification and termination of identities throughout the user lifecycle.

IBM Security Access Manager for Mobile provides mobile access security protection by proactively enforcing access policies for web environments and mobile collaboration channels. The solution also enforces context-aware authorization by integrating with Trusteer Mobile SDK and supporting device fingerprinting, geographic location awareness and IP reputation techniques.

These capabilities are available as virtual or hardware appliances that can be easily deployed into virtual, cloud or traditional environments. IBM Security products also integrate with other security products to provide intelligent identity and access assurance. Customers can get identity and access capabilities as a service through managed IBM Cloud Identity Services or the IBM Single Sign On service on Bluemix.

Data and application protection This service enables protection of enterprise data using a multi-level defense approach across infrastructure, application and data layers. Application security enables security as part of the development, delivery and execution of mobile apps, including libraries and tools to secure and scan mobile apps as part of the application development lifecycle. This component helps eliminate security vulnerabilities from mobile apps that access critical data before they are placed into production and deployed.

Protecting deployed applications against application threats can be achieved with web application firewalls. Data security capabilities support securing and monitoring access to data in

mobile devices, enterprise databases, file shares, document-sharing solutions, and big data environments that may be accessed through the mobile platform. This includes encrypting data at rest with enterprise key management, securing data in motion with secure connectivity architectures, and data activity monitoring that provides both real-time data monitoring and vulnerability assessment.

IBM Application Security Analyzer provides cloud-based web and mobile application security testing, including static and dynamic application security analysis. As such, it helps eliminate vulnerabilities from applications before they are placed into production. Convenient, detailed reporting permits are provided to effectively address vulnerabilities that are found, enabling application users to benefit from a more secure experience.

Enterprise transformation and connectivityThe enterprise transformation and connectivity component enables secure connection to enterprise systems and the ability to filter, aggregate or modify data as it moves between mobile components and enterprise systems. Data transformation may be required when the native format of enterprise data is not appropriate for transfer to mobile devices.

• Enterprise security connectivity: Leverages security services to securely integrate with enterprise data security, and authenticate and authorize access to enterprise systems.

• Transformation: Transforms data between enterprise systems and mobile components.

• Enterprise data connectivity: Allows mobile components to connect securely to enterprise data. Examples include VPN and gateway tunnels.

EnterpriseSecurity Connectivity

Transformations

EnterpriseData Connectivity


IBM Integration Bus is a robust and flexible secured integration foundation, based on enterprise service bus (ESB) technology. It provides connectivity for the requests from the MFP to the systems of record, and universal data transformation from the format provided by the MFP requests and the format as required by the systems of record.

IBM DataPower is a security engine that provides secured connectivity and data transformation to the systems of record.

Enterprise network componentsEnterprise user directoryThe enterprise user directory provides storage for user information, supporting authentication, authorization, and profile data.

IBM Directory Server provides and stores users’ identification, password and security policies.

Enterprise dataEnterprise data is any data that is shared by the users of an organization, generally across departments or geographic regions. Enterprise data includes one or more existing system of record, such as master data managers, catalogs, transactional data or data warehouses. Enterprise data must be secured via authorized and controlled access. For more information about enterprise data options, see the CSCC Cloud Customer Architecture for Big Data and Analytics.

IBM DB2®, IBM InfoSphere® Warehouse, IBM PureData® for Analytics, IBM DB2 with BLU Acceleration®, and IBM dashDB™ all provide enterprise data capabilities. InfoSphere Master Data Management (MDM) manages master data for single or multiple domains, including customers, suppliers, products, and accounts, while also providing collaborative and operational capabilities.

IBM MobileFirst Platform Foundation is a comprehensive mobile platform designed to provide secure data transmission, scalable integration to enterprise data sources, and multifactor authentication.2

Enterprise applicationsEnterprise applications are any applications that run enterprise business processes and logic within existing enterprise systems, and interact with or consume information from mobile capabilities.

Examples of enterprise applications include applications running on IBM mainframe or IBM Commerce systems, ERP applications from SAP and Oracle, and JEE business applications built using IBM WebSphere®.

Complete pictureFigure 2 illustrates the complete picture of the CSCC Cloud Customer Reference Architecture for Mobile, with all of the components, subcomponents, and their relationships.

IBM Cloud 17


OfflineCapabilities

Management Agent

Mobile AppMobile Gateway


Mobile Backend

Data Services

API Management

Enterprise Data




Edge Services Transformation & Connectivity





Security

COLOR

Security Services

Enterprise SDKs

Frameworks

Domain NameSystem


Firewall

Load Balancer

Policy Enforcement

API/InvocationAnalytics

API/Reverse Proxy

Authentification App Logic/API Implement

Mobile AppOperational Analysis

Push Notifications

Location Services

Mobile Data Sync

Mobile App Security

ProximityServices & Analytics

CampaignManagement

BusinessAnalytics & Reporting

Workflow/Rules

Mobile App Data/NoSQL

File Repositories

Cache

API Discovery/Documentation

Management

Enterprise AppDistribution

Mobile DeviceSecurity

Device Management

Device Analytics

EnterpriseSecurity Connectivity

Transformations

EnterpriseData Connectivity







WSO2

Figure 2 : Cloud customer mobile architecture sub-components


IBM mobile component models This section discusses IBM products that can be used to support the CSCC Cloud Customer Reference Architecture for Mobile. In addition, we will name IBM products that provide various capabilities.

ISAM

API Management

Data Power


OfflineCapabilities

Management Agent

Mobile AppMobile Gateway


Mobile Backend


Data Services

API Management

Enterprise Data




Edge Services





Security

color

Domain NameSystem


Firewall

Load Balancer

IBM MobileFirstMGMT MaaS 360

API Managementon Coud

IBM MobileFirstPlatform Foundation

iOS, Android, & Windows (3rd Party)

MobileFirstPlatform SDK

IBM PresenceZones

XTIFY

TeaLeaf

IBM BusinessProcess Management

Data Power

IBM Integration Bus

Software VPN

Cloudant orCloudant Local

Enterprise Content Management

Xtreme Scale or XC10

MaaS 360

Cloudant Sink

Figure 3 : IBM product mapping

IBM Cloud 19

Bluemix services mapping to capabilitiesFigure 4 maps the services provided by IBM Bluemix cloud for enabling the capabilities found in the CSCC Cloud Customer Reference Architecture for Mobile.

App Logic/API Implement

Push iOS 8/Push Android

Presence Insightsfor Public Bluemix

Cloudant

Advanced Mobile Access

AdvancedMobile Access (iOS) /

Mobile Application Security (Android)

CampaignManagement

Presence Insights

IBM Workflow &IBM Business Rules

XTIFY(not a Bluemix service)


OfflineCapabilities

Management Agent



Mobile Backend


Data Services

API Management

Enterprise Data




Edge Services





Security

color

Domain NameSystem


Firewall

Load Balancer

IBM MobileFirstMGMT SaaS

API Management& SaaS Offering

MaaS 360

Cloudant Sink

Combination ofBluemix SDKs

AdvancedMobile Access (iOS)/Mobile Application Security (Android)

Secure Gateway

MQ Light

Data Cache &Session Cache

Cloudant

Object Store

Figure 4 : Bluemix services mapping


Scenarios: Enable enterprise business functionality on mobile This section illustrates two common scenarios using the mobile for cloud architecture in hybrid cloud deployments:

1. Mobile banking 2. Omni-channel retail experience

These scenarios showcase actual customer use cases and example deployment configurations. Deployment options should be chosen based on customer situations. In these scenarios, we were able to reuse components that the customer currently uses in their traditional data centers, and we are depicting them as part of the enterprise zone of the architecture.

Mobile banking Figure 5 illustrates the flow of a typical use case for mobile banking. The mobile user installs the app on their device, and then uses it to deposit a check by taking a picture of the signed check with the device. The bank also offers services to subscribe to text or email notifications when certain events occur, such as an account falling below a minimum balance or possible fraud alerts. This scenario has three different flows:

1. Mobile app installation: Flow number 1 in blue.2. Check deposit: Flow numbers 2-8 in yellow. 3. Push notification: Flow numbers 9-10 in green.

IBM Cloud 21


Management Agent



Mobile Backend

Data Services



Edge Services

OfflineCapabilities

API Management

Enterprise Data





Security

color

1

23 4

5

10



6

7 8

9

Scalable CloudInfrastructure

Security Services

Figure 5 : Flow of interactions for mobile banking scenario


1. The banking customer installs the mobile app on their device after browsing a public app marketplace such as Google Play or the Apple App Store. In an enterprise usage scenario, the company — using their own enterprise app store and corporate mobile device manager — may instead push the application to the device over the public network. As part of the installation process, the user can opt-in for location-aware services, and sign up for push notifications for things like account balance changes or fraud alerts. IBM Mobile Device Management can be used to install applications securely on mobile devices. It simplifies mobile application management by delivering an easy-to-use enterprise app catalog with full security and operational app lifecycle management.

2. The customer then uses the mobile app to deposit a check by taking a picture with the camera built into the mobile device. The user logs into the app (which will communicate with the mobile gateway for authentication) and then sends the “deposit check” request to the bank with the check image. The user interaction is logged to provide a better understanding of customer behavior and operational efficiency. IBM supports disconnected mobile devices. In instances where there is no connectivity or cellular service, the check image, along with transaction information, is stored in the IBM Cloudant database on the mobile device. When connectivity is re-established, the Cloudant database is synched with the server copy, and the check deposit transaction is initiated. The IBM MobileFirst Platform Foundation will log the customer experience to provide a better understanding of operational efficiency.

3. This service is located using DNS, load balancers, and other public network boundary components collectively known as edge services. For all transitions from the mobile app on a device to the mobile gateway through the public networks, which can be wireless or mobile networks, the mobile app sends requests using a URL resolved by a DNS to an IP address. The IP address may be the IP address of a CDN server, load-balancer, firewall, or proxy service in front of the mobile gateway. The CDN server determines if the requested content is in the CDN storage network. If the CDN server cannot satisfy the request, the request is then sent to the firewall. The firewall evaluates the request and allows the request to continue forward to the mobile gateway if it meets the firewall rules. Both SoftLayer and Bluemix provide edge services. The edge services are typically a responsibility of the cloud services provider; if the initiating request is resolved in the customer data center, then the edge services will be in the customer data center.

4. The mobile gateway receives the deposit request, checks security rules for access to the “deposit check” service, and uses an API service lookup to direct the request to the right service implementation in the mobile backend. The security check validates credentials and authorization of actions, and passes a successfully validated user request on to the mobile backend. It then logs the activity for analytical purposes. Security services ensure that the user is authenticated and has appropriate access to the mobile application. The service ensures that the user is signed on to backend services and systems.

IBM Cloud 23

As previously mentioned, IBM API Management on Cloud can be used to provide mobile gateway functionality. In addition, IBM Security Access Manager for DataPower can be used to provide mobile gateway functionality for the IBM SoftLayer cloud.

5. The mobile backend uses the “deposit check” business logic to store the check image and send the check information to backend processes and systems, which will then deposit the check in the customer’s account. The service retrieves information through the transformation and connectivity components that enforce enterprise application security and ensure the account is valid. The mobile backend provides location services and manages subscription services for push notifications. It also logs the activity for analytics usage, and uses the workflow/rules service to start the deposit check process flow. The IBM MobileFirst Platform Foundation is mobile-optimized middleware that serves as a gateway between applications, backend systems like the check image storage application, and cloud-based services like IBM Bluemix workflow and rules. It connects to the enterprise application to store check images, and uses the connectivity component to retrieve stored images and account balances.

6. Data services may be used to speed up response time. For example, the account balance could be stored in a NoSQL database, while check images are cached in the file repository. The “deposit check” business logic now stores the account, an image of the check, and the deposit amount using the data services APIs. Finally, the information is logged for analytics purposes.

IBM Cloudant is a NoSQL database that can be used for storing the check and synching the check image stored on the mobile device. Caching and file repositories are supported by Bluemix Data Cache Store for expedited retrieval of the stored check image.

7. The mobile business application workflow sends the deposit check transaction through the transformation and connectivity components, which enforce enterprise application security rules and grant access. The process flow uses different services to determine the validity of the check, store the image of the check in the enterprise document repository, and deposit the check using the core banking application. The process execution step is logged for analytics purposes. The Bluemix workflow service provides workflow capabilities for orchestrating the check validation, check storage, and deposit check service execution. IBM Integration Bus provides connectivity to systems of record. In some situations where the workload and connectivity does not change often, IBM DataPower is also used to provide connectivity to the systems of record.

8. The enterprise account application stores the image of the check in the enterprise database for tracking purposes, and applies the deposited amount to the customer’s account in the core banking application. Control returns to the mobile backend. When the mobile backend “deposit check” service completes its tasks, the resulting content is delivered through the mobile gateway (which logs information for analytics again) and the public network to the mobile app.


The check image might be stored in the customer’s existing enterprise content management system, such as IBM FileNet®.

9. Sometime later, once the amount is added in the enterprise application, a request is sent through the transformation and connectivity components that use the data services API to update the account with the amount deposited and the balance. This information is now cached in data services for expedited access, and to save resources by reducing accesses to enterprise systems. The Bluemix Data Cache Store can be used for caching. Alternately, in an on-premises environment, one could use IBM WebSphere eXtreme Scale for caching.

10. Depositing the check information in data services invokes the push notification service in the mobile backend to send an alert to the customer that the check was successfully deposited. The Cloudant Data Services component triggers the push notification service in IBM MobileFirst Platform Foundation. The IBM MobileFirst Platform Foundation backend manages subscription services to send the alert via a push notification on the public network to the device. The push notification service takes care of connecting to and using the right mobile provider network. The customer receives the notification that their deposit has been accepted, and continues to interact with the banking application. The context of app usage is recorded for analysis by the bank to ensure ongoing excellent customer service.

Independently, the analytics being collected can be used for a variety of business purposes, including campaign management, fraud detection, and business presence needs. For example, if the analytics platform identifies a large deposit that could signify an elite customer, it can send that customer information about elite customer services through push notification. Alternatively, location services showing lots of activity from a particular area might cause the bank to add a new ATM there, or to engage with users in local investment opportunities. IBM QRadar (the security intelligence component) receives the logs and events from security components such as firewalls, mobile gateway, and mobile device management, and uses them for analytics. Correlating the collected data and application access logs, the security intelligence component can detect anomalies and report on unauthorized access and suspicious behaviors.

There are many permutations and combinations in the deployment of the CSCC Cloud Customer Reference Architecture for Mobile in public, private, and hybrid cloud environments. Hybrid cloud deployments can span public clouds and private clouds, and can connect with traditional IT resources as well. The different hybrid deployment options for this scenario are shown in Table 1.

IBM Cloud 25

Component IBM component Deployment Enterprise/on-premise/public

Edge services component Customer’s edge services Traditional data center Enterprise

Mobile gateway IBM API Management on Cloud IBM SaaS Public

Enterprise user directory IBM Security Directory Server Traditional data center Enterprise

Mobile backend IBM MobileFirst Platform Foundation

Bluemix dedicated Docker container

Public

Transformation and connectivity IBM Integration Bus/DataPower Traditional data center Enterprise

Ordering system (systems of record)

Customers home-grown system Traditional data center Enterprise

Mobile device management MobileFirst Protect IBM SaaS Public

Data services Cloudant, Compose database services

Bluemix Public

Catching services IBM Data Cache Store Bluemix Public

Workflow Bluemix Workflow Bluemix Public

Table 1 : Hybrid cloud deployment example for mobile banking scenario



Management Agent



Mobile Backend

Data Services



Edge Services

OfflineCapabilities

API Management

Enterprise Data





Security

color

1

23 4

5

10



6

7 8

9

9

Figure 6 : Omni-channel retail experience

IBM Cloud 27

2. Omni-channel retail experienceAn omni-channel experience is a key strategy for retailers. These retailers want the customers to have the same experience across web, mobile and physical stores. When a customer walks into a physical store with his mobile device, he should experience the confluence of the mobile and physical store experiences. In this scenario, we will be discussing how IBM’s mobile and cloud capabilities enable the omni-channel experience.

1. A customer browses for suits and carry-on bags on the mobile app of a retailer. IBM Tealeaf monitors the customer’s behavior, and identifies that the customer compares several suits before adding one to his cart, but ultimately does not complete the purchase. Instead, the customer decides to check out the suit in the retailer’s brick and mortar store.

2. The customer is a member of the retailer’s rewards program, and is opted-in for location services. As a result, he triggers an alert upon entering the store. The sales associate is not only notified of the customer’s presence, but also that he expressed interest in a particular suit while browsing the mobile app. Tealeaf analytics also notifies the sales associate that the selected suit is $50 above the customer’s price range. With this knowledge, the sales associate is able to approach the customer and make suggestions of similar suits that are within the customer’s price range. Thanks to the information provided by Tealeaf Analytics, the sales associate is able to provide the customer with personalized service, leading to a sale for the retailer.

3. This retail store has beacons installed to monitor entry, exit, hovering and customer movements within the store. IBM Presence Insights, running in the Bluemix public cloud, gets information from the beacons and analyzes it to find out that the customer spends time in the luggage area looking at a carry-on bag.

4. Combining analysis of the customer’s social data (captured through the use of streaming analytics running in Bluemix) with a 360-degree view of the customer’s in-store behavior monitored by Tealeaf, the retailer is able to determine that the customer will be traveling soon, and is looking for a light carry-on bag.

5. The request is then sent to the mobile backend, IBM MobileFirst Platform Foundation, running in the Bluemix public cloud. The mobile backend, using the retailer’s push notification service, sends the customer’s mobile app a welcome message and a coupon for 25 percent off a carry-on bag.

6. The message is delivered to the mobile app. The customer uses the coupon to purchase the bag.

The following table shows the hybrid cloud deployment options IBM offers for this scenario.


Component IBM component Deployment Enterprise/private/public

Edge services component Customer’s edge services Traditional data center Enterprise

Mobile gateway IBM API Management on Cloud IBM SaaS Public

Enterprise user directory IBM Directory Services Traditional data center Enterprise

Mobile backend IBM MobileFirst Platform Foundation

Public Bluemix Docker container

Public

Transformation and connectivity IBM Integration Bus/DataPower Traditional data center Enterprise

Mobile business applications (mobile campaign management)

IBM Xtify, Silverpop IBM SaaS Public

Mobile business application (customer behavioral analytics)

Tealeaf Traditional data center Enterprise

Mobile device management IBM MobileFirst Protect IBM SaaS Public

Mobile business applications (Presence Insights)

Presence Insights service Public Bluemix Cloud Foundry Public

Stream/Hadoop Streaming Analytics Bluemix Public

Table 2 : Hybrid cloud deployment example for omni-channel retail experience

IBM Cloud 29

Deployment considerationsMobile capabilities can be deployed in a number of different ways. One thing to consider is whether to deploy mobile services using an IaaS cloud service or to use mobile services provided by a PaaS cloud service. A second consideration is whether the mobile services should use a private cloud deployment model, a public cloud model, or some form of hybrid cloud model.

IBM SoftLayer (Infrastructure as a Service) SoftLayer provides the highest performing cloud infrastructure available today. It uses data centers around the world, each of which provides a wide range of cloud computing options, and integrates and automates the entire deployment process. Features of SoftLayer include:

• A full IaaS solution, offering servers, storage, networking, security, management, and more

• Runs bare metal servers or virtual servers

Bare metal servers provide the raw horsepower you demand for your processor-intensive and disk I/O-intensive workloads. A bare metal server is all about raw hardware. It is a single physical server that is completely dedicated to a single customer.

Virtual servers allow an organization to prioritize flexibility and scalability. They can run on a public node, allowing resources to be shared in a multi-tenant environment. On the other hand, they can also run on a private role in a dedicated environment. A customer can run multiple virtual servers.

There are two main types of virtual machines:

• Standard images (VMs that can only be deployed on virtual servers)

• Flex images (VMs that can be deployed on virtual servers or bare metal servers)

IBM Bluemix (Platform as a Service)IBM Bluemix is the IBM open cloud platform that provides mobile and web developers access to IBM services and software for integration, security, transaction, and other key functions. In addition, Bluemix allows customers to access software from IBM Business Partners. Bluemix consists of applications, services, build packs, and other components.

Bluemix is built using three key open compute technologies: Cloud Foundry, Docker, and OpenStack. It extends each of these with a growing number of services, robust DevOps tooling, integration capabilities, and a seamless developer experience.

Bluemix is available in three deployment options:

• Bluemix Public: multi-tenant cloud, running in IBM-owned data centers in Dallas and London.

• Bluemix Dedicated: single-tenant cloud, running in an IBM-owned data center. This option can run in any SoftLayer data center location, and can have access to Bluemix Public Services through the syndicated Bluemix catalog.

• Bluemix Local: single-tenant cloud, running in a non-IBM location such as a customer data center. This option requires an underlying OpenStack or VMware infrastructure.


ConclusionBy reading this paper, you will have gained an intimate understanding of the CSCC Cloud Customer Reference Architecture for Mobile, and how IBM products can support the key capabilities involved in this architecture. Furthermore, the paper provides a quick look at the different deployment options available to you when moving your mobile platform to the cloud, and offers real use cases that allow you to see IBM products in action.

For more informationTo learn more about the IBM solutions introduced in this paper, contact your IBM representative or IBM Business Partner. To learn more about IBM MobileFirst Platform Foundation, visit ibm.com/mobilefirstplatform.

AcknowledgementsThe major contributors to this white paper were Roland Barcia, Anshu Kak, Heather Kreger, Sunil Dube, Gopal Indurkhya, Sreekanth Iyer and Mahendra K Chopra.

IBM Cloud 31

ReferencesIBM MobileFirst Security: ibm.com/security/tool.html

IBM Cloudant: ibm.com/software/data/cloudant

IBM DataPower Gateways: ibm.com/software/products/en/ibm-datapower-gateways

IBM Security Access Manager: ibm.com/software/products/en/access-mgr-mobile

IBM MobileFirst Platform Foundation: ibm.com/support/knowledgecenter/SSHS8R_7.1.0/wl_welcome.html

IBM mobile device management: ibm.com/software/info/mobile-device-management

IBM Presence Insights: ibm.com/software/products/en/ibm-presence-insights

IBM Silverpop Engage: ibm.com/software/products/en/silverpop-engage

IBM Tealeaf CX Mobile: ibm.com/software/products/en/cx-mobile

IBM Business Process Manager: ibm.com/software/products/en/business-process-manager-family

IBM API Management: ibm.com/software/products/en/api-management-family

IBM StrongLoop: strongloop.com

Compose, an IBM Company: www.compose.io

IBM Cloud Security Enforcer: ibm.com/security/cloud/cloud-security-enforcer.html

IBM Bluemix Catalog: console.ng.bluemix.net/catalog

IBM Security Access Manager for DataPower: ibm.com/software/products/en/access-manager-datapower

Mobilephobia: Curing the CISO’s Most Common Mobile Security Fears: ibm.com/common/ssi/cgi-bin/ssialias?subtype=BK&infotype=PM&htmlfid=WGM12356USEN&attachment=WGM12356USEN.PDF

Securing mobile devices in the business environment: ibm.com/common/ssi/cgi-bin/ssialias?subtype=WH&infotype=SA&appname=GTSE_SE_ZE_USEN_P&htmlfid=SEW03027USEN&attachment=SEW03027USEN.PDF

IBM Mobile Security podcasts: securityintelligence.com/topics/mobile-security-podcasts

IBM X-Force Exchange: ibm.com/security/xforce

The “upwardly mobile” enterprise: ibm.com/services/us/gbs/thoughtleadership/upwardly-mobile

© Copyright IBM Corporation 2016

IBM Corporation IBM Cloud Route 100 Somers, NY 10589

Produced in the United States of America February 2016

IBM, the IBM logo, ibm.com, BLU Acceleration, Bluemix, Cloudant, dashDB, DataPower, DB2, FileNet, InfoSphere, MobileFirst, PureData, Tealeaf, Trusteer, and WebSphere are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml.

Kenexa is a registered trademark of Kenexa, an IBM Company.

Silverpop Engage is a registered trademark of Silverpop, an IBM Company.

SoftLayer is a registered trademark of SoftLayer, Inc., an IBM Company.

Xtify is a registered trademark of Xtify, an IBM Company.

Windows is a trademark of Microsoft Corporation in the United States, other countries, or both.

Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.

This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates.

The performance data discussed herein is presented as derived under specific operating conditions. Actual results may vary.

THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANT-ABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NONINFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided.

1 Customer Cloud Architecture for Mobile (cloud-council.org/CSCC-Customer-Cloud-Architecture-for-Mobile.pdf)

2 Customer Cloud Architecture for Big Data and Analytics (www.cloud-council.org/CSCC-Customer-Cloud-Architecture-for-Big-Data-and-Analytics.pdf)

Please Recycle

KUW12383-USEN-00

Documents

How IBM leads building mobile cloud solutions · IBM Mobile Client Access for Bluemix provides mobile application security and monitoring functionality, enabling both client logging