12
IBM Software WebSphere Technical White Paper IBM Worklight V6.0 Technology overview Contents 1 IBM Worklight—Overview 2 IBM Worklight—Components 3 Development tools 8 Runtime server environment 9 The Worklight Console 9 Worklight device runtime components 10 Security and authentication mechanisms IBM Worklight—Overview IBM® Worklight software helps enable organizational leaders to transform their business and become a mobile enterprise. This software provides an open, comprehensive and advanced mobile application platform for smartphones and tablets, helping organizations of all sizes to efficiently develop, test, connect, run and manage mobile and omni- channel applications. Leveraging standards-based technologies and tools, Worklight software provides a single integrated platform that includes a comprehensive development environment, mobile-optimized runtime middleware, a private enterprise application store and an integrated management and analytics console—all supported by a variety of security mechanisms. Develop. The Worklight Studio capability and the software development kit (SDK) of the Worklight offering simplify the development of mobile and omni-channel applications (apps) throughout multiple mobile plat- forms, including iOS, Android, BlackBerry, Windows 8, Windows Phone and Java ME. The Worklight optimization framework fosters code reuse and delivers rich user experiences that match the styling requirements of each target environment. With such code reuse, Worklight software reduces costs of development, reduces time-to-market and provides strong support for your ongoing management efforts. Test. Worklight software delivers integrated functional testing capability. For apps that are developed within Worklight software, developers or testers can record a sequence of actions on a mobile device. Once the recording has been captured, it becomes the basis of an intelligent, resilient and code-less test case that can be “played back” on demand on virtually any iOS or Android device or emulated iOS or Android device within the same OS family.

IBM Worklight v6.0 - Technical White Paper, 2013

Embed Size (px)

DESCRIPTION

1 IBM Worklight—Overview2 IBM Worklight—Components3 Development tools8 Runtime server environment9 The Worklight Console9 Worklight device runtime components10 Security and authentication mechanisms

Citation preview

Page 1: IBM Worklight v6.0 - Technical White Paper, 2013

IBM SoftwareWebSphere

Technical White Paper

IBM Worklight V6.0Technology overview

Contents

1 IBM Worklight—Overview

2 IBM Worklight—Components

3 Development tools

8 Runtime server environment

9 The Worklight Console

9 Worklight device runtime components

10 Security and authentication mechanisms

IBM Worklight—OverviewIBM® Worklight software helps enable organizational leaders to transform their business and become a mobile enterprise. This software provides an open, comprehensive and advanced mobile application platform for smartphones and tablets, helping organizations of all sizes to efficiently develop, test, connect, run and manage mobile and omni-channel applications. Leveraging standards-based technologies and tools, Worklight software provides a single integrated platform that includes a comprehensive development environment, mobile-optimized runtime middleware, a private enterprise application store and an integrated management and analytics console—all supported by a variety of security mechanisms.

Develop. The Worklight Studio capability and the software development kit (SDK) of the Worklight offering simplify the development of mobile and omni-channel applications (apps) throughout multiple mobile plat-forms, including iOS, Android, BlackBerry, Windows 8, Windows Phone and Java ME. The Worklight optimization framework fosters code reuse and delivers rich user experiences that match the styling requirements of each target environment. With such code reuse, Worklight software reduces costs of development, reduces time-to-market and provides strong support for your ongoing management efforts.

Test. Worklight software delivers integrated functional testing capability. For apps that are developed within Worklight software, developers or testers can record a sequence of actions on a mobile device. Once the recording has been captured, it becomes the basis of an intelligent, resilient and code-less test case that can be “played back” on demand on virtually any iOS or Android device or emulated iOS or Android device within the same OS family.

Page 2: IBM Worklight v6.0 - Technical White Paper, 2013

2

WebSphereTechnical White PaperIBM Software

Connect. The Worklight Server architecture and adapter technology simplifies the integration of mobile apps with back-end enterprise systems and cloud-based services. The Worklight Server is designed to fit quickly into your organiza-tion’s IT infrastructure and is designed to leverage your existing resources. The standalone back-end integration layer can be customized and shared among multiple applications. Furthermore, Worklight Adapters support two types of data-delivery mechanisms: device requests and push notifications.

Run. The Worklight Studio prepares application files for upload to public app stores and for upload to private distribu-tion repositories. Active mobile apps communicate with virtu-ally any enterprise back-end systems and cloud-based services through the Worklight server. This server optimizes data for mobile delivery and consumption, and is supported by a variety of security features that help to protect sensitive user data in transit on device.

Manage. Once the software is deployed, administrators can manage registration and authentication for users and devices; monitor and control the access of different apps to back-end systems; directly update and disable apps based upon predefined rules or custom rules; host and manage a production-ready, cross-platform mobile application store; audit and manage mobile data synchronization to enterprise back-end systems;

Ent

erpr

ise

back

-end

sys

tem

s an

dcl

oud

serv

ices

App

licat

ion

Cod

e

Worklight ApplicationCenter

IBM Worklight Components

Worklight StudioWorklight Studio

Worklight ServerWorklight Server

Worklight ConsoleWorklight Console

Bui

ld E

ngin

e

Worklight ApplicationCenter

Device RuntimeDevice Runtime

App

licat

ion

Cod

e

HTML5, Hybrid,and Native Coding

iOS

SDKs

Android

Blackberry Development Team Provisioning

Enterprise App Provisioningand Governance

App Feedback Management

Public App Stores

Cross-PlatformCompatibility Layer

Server IntegrationFramework

Encrypted andSyncable Storage

Reporting for Statisticsand Diagnostics

Runtime Skinning

WindowsPhone

Windows 8

Java ME

Mobile Web

Desktop Web

OptimizationFramework

Integrated DeviceSDKs

User authentication andmobile trust

MobileWeb Apps

Direct UpdateReporting and

Analytics

Push / SMSManagement

App VersionManagement

Client-SideApp Resources

Unified PushNotifications

Mashups and servicecomposition

JSON Translation

Adapter Library forbackend connectivity

Third Party LibraryIntegration

Bui

ld E

ngin

e

Ent

erpr

ise

back

-end

sys

tem

s an

dcl

oud

serv

ices

Sta

ts A

ggre

gatio

n

and control virtually all push services and event sources from one centralized web interface known as the Worklight Console. In addition, administrators can access usage information about the installed app base and its users, using built-in and custom-ized reports. Usage data can be exported and fed into analytics platforms such as the IBM Cognos® platform and the IBM Coremetrics® platform.

Development toolsThe Worklight StudioThe Worklight Studio is an Eclipse-based IDE that makes it possible for developers to perform virtually all the coding and integration tasks that they require to develop rich employee-facing and customer-facing applications. The Worklight Studio augments the familiar tools of Eclipse with a wide variety of enterprise-grade features that are delivered by the Worklight Plug-ins, enabling Worklight Studio to streamline application development and to facilitate enterprise connectivity.

The following are some of the main features that are supported by the Worklight Studio:

Cross-platform support The Worklight Studio enables the development of rich web, hybrid and native mobile applications on iOS, Android, BlackBerry, Windows 8 and Windows Phone tablets and smartphones.

Page 3: IBM Worklight v6.0 - Technical White Paper, 2013

3

WebSphereTechnical White PaperIBM Software

Using its optimization framework, Worklight software differen-tiates itself from other technologies in the market that deliver a lowest-common-denominator solution. With the Worklight approach, developers can share the majority of the application code across multiple environments, without compromising platform-specific user experience or application functionality. Developers can share the common app code among multiple environments, while isolating environment-specific code in designated folders that can overwrite or augment the commonly shared code. As a result, application logic remains consistent among the different environments, while the user interface (UI) behaves natively and adheres to user expectations and the unique functionality and design guidelines of the device.

Application developers can directly access the application programming interfaces (APIs) that modern devices offer, and can more-easily integrate publically available or customized third-party libraries, frameworks and tools. The result: advanced mobile applications that are built according to the unique and specific needs of your organization.

Because developers are not dependent on an intermediary build-time or runtime layer, such as a cross-compiler or inter-preter, native APIs are accessible upon release of new mobile operating system (OS) versions or third-party libraries when Worklight software is used. Furthermore, the app’s web code is executed directly by the mobile browser, so developers have direct access to the HTML Document Object Model (DOM) and are free to use any JavaScript API or third-party JavaScript toolkits and frameworks.

Hybrid coding Facing the constantly evolving fragmented ecosystem of mobile devices and operating systems, application development has become a costly, yet unavoidable, endeavor. This challenge has created a market for cross-platform mobile development solutions that is rapidly growing.

However, to achieve cross-platform capabilities, many solutions in the market rely on limiting proprietary tools, form-based IDEs, what you see is what you get (WYSIWYG) tools, or

simply prepackaged apps. Without the capability to fully customize the code, these solutions result in an unavoidable tradeoff between user experience and multiplatform coverage. Using Worklight software, developers can choose between using pure native code (Objective-C, Java or C#), standard web technologies (HTML5, Cascading Style Sheets 3 and JavaScript) or a combination of both within the same app. Developers can strike the desired balance between development efficiency, app functionality and user experience.

The Worklight Studio supports three main hybrid scenarios:

1. HTML can be used to call native code using the Cordova plug-in (previously known as PhoneGap). The native code can be either “UI-less,” for example, reading the compass, or can actually display a user interface (UI). This UI component will be overlaid on top of the browser, so that the user sees a native component blended with the HTML UI.

2. Developers can decrease the size of the browser so that the browser occupies only part of the screen. The other part of the screen can be used to display native UI components.

3. Users can implement complete screens natively and can switch between native screens and web screens. The transi-tion between the screens can be animated, as in regular screen transitions.

Furthermore, the Worklight Studio ships with a UI tool for design and development. The UI tool is WYSIWYG drag-and-drop. These editing capabilities enable developers to create pure HTML or HTML and JavaScript files by dragging HTML5 and Dojo Mobile components from a built-in palette to the HTML canvas. Developers can use property sheets to control HTML and CSS properties. At the same time, these editing capabilities make possible direct editing of HTML and CSS files, updating the graphical canvas so that developers can visualize immediately the impact of their changes. These edit-ing capabilities are integrated with the optimization framework of Worklight software, making it possible for developers to view a specific application environment or to view a specific skin.

Page 4: IBM Worklight v6.0 - Technical White Paper, 2013

4

WebSphereTechnical White PaperIBM Software

No single development approach offers a complete solution to the larger challenge, but by using the unique support for hybrid coding provided by Worklight software, organizational teams are able to use the same mobile platform to develop, connect, run and manage a variety of mobile application types based on the specific needs of the project at hand.

Runtime skins Further optimization of apps is possible within the Worklight Studio by using runtime skins. These skins are packaged with the app’s executable files and are applied to the mobile app during run time. This capability makes it possible for the app to automatically adjust to different devices from the same OS family. Common scenarios that benefit from runtime skins include:

●● Different screen sizes●● Different screen densities●● Different input method●● Different support levels for HTML5

Browser access Hybrid apps - web Hybrid apps - mixed Native apps

Written in HTML5JavaScript andCSS3. Quick andcheap to develop,but less powerfulthan native.

HTML5 code andWorklight runtimelibraries packagedwithin the app and executed in a nativeshell.

User augments webcode with nativelanguage for uniqueneeds andmaximized userexperience.

Platform-specific.Requires uniqueexpertise, pricy andlong to develop.Can deliver higheruser experience.

Mobile browser Native shell Native shell Native application

Browser access DownloadableDownloadable Downloadable Downloadable

Device APIs Device APIs Device APIs

Web codeWeb code Web Native

Support for HTML5 Worklight software leverages a standards-based approach, enabling developers to write HTML5 code directly into the development environment without the use of cross-compilation or transcoding. This capability circumvents the limitation of proprietary interpreters or code translators. You can benefit from capabilities that include:

●● A cleaner, more readable and consistent HTML code.●● Access to rich media types (audio and video), available

previously by way of native code only.●● Use of advanced UI components, such as data pickers, sliders

and edit boxes that automatically support ellipsis and others—implemented natively by the browser.

●● Use of Cascading Style Sheets 3 (CSS3) styles and CSS3-based animation to reduce app size and to improve app responsiveness.

●● App distribution channels that go beyond the different app stores and their time-consuming and limiting restrictions.

●● Support for geolocation services.●● Offline storage capabilities.

Worklight software further augments these capabilities with enterprise-grade utilities through an application container for on-device encryption and off line user authentication.

Page 5: IBM Worklight v6.0 - Technical White Paper, 2013

5

WebSphereTechnical White PaperIBM Software

Geo-location toolkit Geo-location is a powerful differentiator of mobile apps. Yet because geo-location coordinates must be polled constantly to understand where a mobile device is located, the resulting stream of geographic information can be difficult to manage. You risk exhausting resources such as battery and network. Worklight software includes geo-location services that make it easier to respond to geo events with greater intelligence. These services handle multiple geo modalities such as global positioning system (GPS), Wi-Fi sampling and interpolation, and these services include policies for acquiring geographic data and sending it in batch. This capability helps you to optimize battery and network usage. The geo-location toolkit makes it possible for business actions to be triggered when users reach a point of interest, or when users enter or exit a region (geo-fencing), and the geo-location toolkit can execute server-side logic to enable meaningful reaction to important geo events.

Screen templates The delivery of an outstanding mobile UI experience requires conformance with continuously evolving mobile patterns of behavior that are specific to each OS family. Worklight software includes screen templates that automate the creation of mobile screens. The design of these screen templates is based upon industry-proven methods. Developers can choose from templates in four categories:

●● Lists●● Authentication●● Navigation and search●● Configuration

Each screen template can be previewed live, used “as is” or further refined using any combination of web and native technologies.

Support for third-party JavaScript toolkits and UI frameworks In addition to its support for HTML5, Worklight software provides integration with the growing ecosystem of UI frame-works, such as jQuery Mobile, Sencha Touch and Dojo Mobile. Developers can pick the JavaScript UI framework of their choice and use it to develop their application within the studio. WYSIWYG tools are available for HTML5, jQuery Mobile, and Dojo Mobile.

Native-device SDK integration The Worklight Studio also integrates with the software development kits (SDKs) of the mobile devices that Worklight software supports including Android, iOS, Windows 8, Windows Phone and Blackberry. This integration enables developers to take full advantage of the native code capabilities and the best-in-class development tools, testing and debugging mechanisms that are native to the mobile SDKs, without leaving the development environment. To further streamline the iterative development process, the studio enhances preview capabilities for iOS and Android hybrid apps. An in-browser simulator makes it possible for you to define the form factor of the target device, concurrently displaying multiple devices on the screen and simulating Apache Cordova APIs (an open-source framework for bridging calls between native components and web views).

Standardized data retrieval The Worklight Studio enables developers to use XSL transformations and JavaScript code to convert retrieved hierar-chical data from any back-end system to JavaScript Object Notation (JSON) format, thus preparing the data for delivery and app consumption. Developers can invoke back-end services directly from within the studio and can receive raw results in Extensible Markup Language (XML), or developers can receive processed results (after having converted to JSON using Extensible Stylesheet Language [XSL] transformations and JavaScript) in JSON format.

Page 6: IBM Worklight v6.0 - Technical White Paper, 2013

6

WebSphereTechnical White PaperIBM Software

Developers can perform server-side mashups in JavaScript to collect data from various back-end applications and streamline them to the device, thereby reducing the number of requests that are made on the slow mobile network and greatly improv-ing app responsiveness.

In addition, developers can choose to implement server-side, back-end integration and authentication code in Java, rather than in JavaScript.

Unified push notifications In the process of creating the integration adapters, developers can leverage the uniform push architecture of Worklight soft-ware to preconfigure automatic alerts from one centralized interface. Using its unified push API for its supported devices, Worklight software makes the entire process of communicating with the users and devices completely transparent to the developer.

Collaboration and distributed developmentEnterprise mobile development is rarely a simple process that is conducted by one developer. Most commonly, the complex enterprise development environment consists of multiple devel-opment, testing and quality assurance (QA) teams all working on different portions of the app, sometimes even from different geographical locations. Worklight software is designed to support such scenarios through a variety of features and func-tions, including integration with other IBM collaboration tools.

Centralized build The Worklight Builder is a stand-alone application that can be more-easily integrated with common central build services, such as IBM Rational® Jazz™ Builder, Hudson and Luntbuild. Leveraging the centralized build functionality, the different teams involved in the development, testing and QA phases can work off of one common version of the code, effectively enhancing the collaboration and automation of the internal application development process.

Automated mobile functional testing The accelerated delivery cycles of mobile applications requires fast and effective test cycles. Worklight software includes integrated automated functional testing. This testing is available for Android and iOS native and hybrid applications. Designed for use by developers and testers, this capability automates functional testing of apps that are developed with Worklight. First, developers or testers record a sequence of actions on a mobile device, using a recording-ready app to generate a test script. Next, developers or testers edit and enhance the script using natural-language syntax to add verification points and other instructions. The enhanced test script can be run on demand on a real device, simulator or emulator. Results can be viewed and can be shared using a generated HTML report. Automated functional testing makes it possible for organiza-tional teams to test Worklight apps more rapidly, at lower cost and more methodically. The result: higher-quality mobile apps.

Back-endsystems

Pollingadapters

Message-basedadapters

Unified pushAPI

Notificationstate

database

User-devicedatabase

Administrative console

Androiddispatcher

iOS dispatcher iOSpush API

Androidpush API

Applepush

servers(APN)

Googlepush

servers(C2DM)

IBM Worklightclient-side

push services

IBM worklightclient-side

push services

Page 7: IBM Worklight v6.0 - Technical White Paper, 2013

7

WebSphereTechnical White PaperIBM Software

The shell approach Often, enterprise leaders employ multiple development teams, and the individuals who compose the teams possess different skills and expertise. The “shell” approach enables leaders of such companies to reduce the internal barriers of mobile devel-opment, making mobile development ubiquitous throughout the organization by compartmentalizing skill sets and responsibilities.

The shell approach breaks down the development of the app into two portions: an external shell and an inner application.

The shell consists of a customizable container that provides JavaScript access to the native capabilities of the device. A devoted team of expert developers are responsible for the shell’s branding, security configurations, audits and authentica-tion frameworks. The team can create a variety of shells. Each shell carries different policies and branding, forcing inner apps that are running within each shell to automatically comply with the shell’s specific parameters. Such parameters could include restriction of access to data, use of certain APIs, different branding and so forth.

With the corporate policies enforced by the shell, the inner apps can be more easily built by departmental development teams, using nothing but web languages. Such teams are only required to focus on the user interface, the business logic and, potentially, data integration. Distribution of the app or apps can be achieved by way of three different channels:

●● An inner app can be fused into a shell by the centralized build server and uploaded to a private or public app store, and new versions of the inner app are sent and updated directly (subject to the vendor’s terms of service) on the user device.

●● A shell can be packaged with a directory of corporate- sanctioned applications, enabling users to choose a different inner app according to their needs.

●● A shell can be distributed empty to the user; the user will then access a repository of applications that are stored on the server.

Runtime server environmentThe Worklight Server●● The Java-based Worklight Server is a scalable gateway

between apps, external services and the enterprise. The server helps facilitate encrypted communication, back-end connectivity, data manipulation, authentication, analytics, private cross-platform application store, and operational management functions that are supported by a variety of security features. Server-side entities that affect the behavior of the Worklight Server are represented in the Worklight Studio project tree, including configuration files, authentica-tion integration code and more. From the Worklight Studio, developers can save a unified project that includes all inter-related client code, server code and resources in their source control system. With Worklight Studio, server configuration artifacts are automatically built into a web archive (WAR) file. This WAR file can then be deployed on a standalone server for collaboration or test purposes.

Customizable native shell code

Mobile browser

Inner-appweb code

Customizableweb shell code

Device APIs

Page 8: IBM Worklight v6.0 - Technical White Paper, 2013

8

WebSphereTechnical White PaperIBM Software

●● The Worklight Server can be deployed to a wide range of hardware and operating system environments. Organizational teams that deploy the server to an IBM PureApplication™ System on Intel or that deploy to IBM Power Systems™ can apply patterns of expertise. These patterns of expertise are embodied within the IBM Mobile Application Platform pattern. The pattern simplifies deployment of the Worklight Server on a scalable and cloud-ready mobile server infrastruc-ture. This capability speeds the deployment, configurationand ongoing maintenance of your mobile server infrastructure.

The Worklight Server can:

●● Provide adapter technology that connects to a variety of enterprise information systems over widely used integration technologies, such as Simple Object Access Protocol (SOAP), representational state transfer (REST), Structured Query Language (SQL), Lightweight Directory Access Protocol (LDAP) and more. In addition, Worklight software provides a special IBM Cast Iron® adapter.

●● Enable multisource data mashups to efficiently integrate several data streams into one stream and serve that stream to the application user. Multisource data mashups are an effective way of optimizing data delivery to the mobile user and reduce overall traffic in the system.

●● Enable developers to add custom server-side logic that is necessary for delivering back-end data for mobile consump-tion. This ability helps distribute processes between the client and server and helps address data-security regulations within the organization.

●● Provide f lexible security architecture with server-managed security challenges, delivering more-robust protection.

●● Integrate with the corporate authentication infrastructure to help secure application access and data access, in addition to transaction invocation. The Worklight authentication infrastructure is f lexible enough to support different types of authentication—from multifactor or multistep login processes to non-interactive single sign-on (SSO) integration. You can also expect off line authentication of users to increase app availability. Furthermore, the Worklight Server simplifies the integration with HTTP-based services that require authenti-cation. Integration with Kerberos, Windows NT LAN Manager (NTLM), Basic and Digest authentication can be more-easily achieved by simpler configuration of the HTTP adapter, without the need to write server-side code. The server also supports device-based application SSO, enabling apps to be automatically authenticated if an existing authenti-cated session is already available through the same mobile device.

●● Integrate with IBM WebSphere® security functions by providing authenticators and login modules to leverage WebSphere security configuration and settings.

●● Take action to employ standard security mechanisms and proprietary security mechanisms to help prevent attacks.

●● More-easily scale to support hundreds of thousands of users and multiple applications through physical clustering.

●● Provide app-deployment and version-control features that are managed and accessed by the Worklight Console.

●● Be integrated with IT monitoring and performance manage-ment systems that verify the vitality of the Worklight Server and the services that it provides to applications.

●● Automatically collect user-adoption and usage data for auditing and reporting purposes and gain access to custom configuration of reporting metrics. Raw data can be more-easily exported for further analysis by the different business intelligence tools used by your organization.

The Worklight Application CenterThe Worklight Application Center enables company teams to set up an enterprise app store to help govern the distribution and management of pre-release and production-ready mobile applications. Administrators can make the most of existing authentication frameworks, including ACL and LDAP, to manage app distribution by department, job function, geogra-phy and other schema. Employees who access the Application Center from their mobile devices will only see the mobile apps that they are allowed to download. Employees can rate apps and provide feedback that can be considered for future enhancements.

For development teams, the Worklight Application Center provides a convenient way to distribute pre-release software to developers and testers. Feedback can be organized by device and by version to quickly isolate and resolve defects, whether those defects are device-specific or version-specific. The Application Center can also integrate with software-build processes to automate the distribution of the latest releases to project teams, accelerating the develop-test-debug cycle.

The Worklight Application Center provides:

●● Administrators with improved governance over the distribu-tion of mobile apps throughout the enterprise;

●● Employees with easier access to the latest apps that are needed by their department or job function and that are optimized for their device;

●● Developers with an easier way to distribute mobile builds and to elicit feedback from members of development and test teams.

Page 9: IBM Worklight v6.0 - Technical White Paper, 2013

9

WebSphereTechnical White PaperIBM Software

The Worklight ConsoleThe Worklight Console is a web-based user interface that is dedicated for the ongoing administration of the Worklight Server and its deployed apps, adapters and push-notification services. Through the console, administrators can:

●● Access administrative dashboards that monitor virtually all deployed adapters and applications.

●● Control and monitor virtually all push-notification services, event sources and related applications.

●● Assign device-specific security IDs to support installation of business applications on sanctioned devices.

●● Manage multiple versions of the same application and remotely disable applications by version and mobile- operating-system type.

●● Access built-in and custom reports of application adoption and usage.

●● Define device-based access-control policies to control access of apps.

Application analytics and user experience managementWorklight software provides a scalable operational analytics platform to analyze app usage, responsiveness and pathways. Enterprise teams can search throughout logs and events that are collected from various mobile devices apps and servers. Teams can look for patterns, determine problems and summa-rize the various statistical measures of platform usage from the Worklight Console. Custom reports can help you to identify new users, returning users, and usage frequency throughout mobile operating systems. Business Intelligence and Reporting Tool (BIRT)-based reports are supported.

The Worklight approach enables developers to instrument mobile apps using the included IBM Tealeaf® data-collection library for efficient collection and streaming of customer expe-rience information. With Worklight software, you can utilize the collected data to provide IT diagnostics based upon actual user experiences, including app usage and effectiveness by location. A sudden drop-off or low rate of usage can help you to identify and to locate a software or operational defect.

Organizational leaders who optionally upgrade to the IBM Tealeaf CX Mobile platform will gain additional insight into mobile user experience analytics. IBM Tealeaf CX Mobile unveils obstacles in near-real-time. This capability reveals why mobile users behave as they do by providing enhanced visual replay, including device orientation, screen size and touch-screen interactions. These insights empower organizational

teams to diagnose and resolve customer struggles that can be difficult to identify, and which inhibit app usability and effectiveness.

Worklight device runtime componentsWorklight software provides client-side run-time code that services HTML5, hybrid or native apps. Capabilities include:

●● Access back-end data and access transactions. API for the invocation of Worklight services, retrieval of data and execution of transactions against back-end systems.

●● Authentication and enhanced security. API and code for managing the authentication sequence and for securing the application data and its link to the Worklight Server.

●● Offline access. Local JSON database for data persistence with back-end synchronization; supports encryption and large data-sets.

●● Application management. API and code for applying new application versions and for disabling applications in accordance with policies that are defined in the Worklight Console.

●● Troubleshooting. Code for detecting runtime connectivity problems in the app and for collecting troubleshooting information about the app and about the device.

●● Usage reporting for audit and analytics. API for collecting built-in and custom data from apps, to be recorded by the Worklight Server for audit and analytics purposes.

●● Cross-platform compatibility APIs. Uniform API for device features and useful UI tasks, hiding the differences throughout different environments.

●● Skins management. Enables developers to adjust the features and functions of the app to the device’s form factor in run time, optimizing the app for different versions of the same OS family as smartphones and tablets.

The runtime client environment consists of the following components:

●● JavaScript libraries. These libraries, which are used for JavaScript API implementation, are available in most runtime environments (with the exception of native iPhone and Android apps, which are written in Objective-C and Java, respectively, and which do not require JavaScript libraries).

●● Native libraries for hybrid apps. A set of native libraries (for iOS and Android) that provide access to device-specific features. Apps written in JavaScript do not access these libraries directly, but rather through the relevant JavaScript APIs. In some cases, native code runs the web code provided by the developer.

Page 10: IBM Worklight v6.0 - Technical White Paper, 2013

10

WebSphereTechnical White PaperIBM Software

●● Native libraries for native apps. A set of native libraries for iOS and Android that provide access to Worklight Server functionality for natively written apps.

●● Native code templates. For iOS, Android, BlackBerry, Windows 8 and Windows Phone devices, native-code templates encapsulating a browser that runs the web code provided by the developer.

Security enhancement and authentication mechanismsWorklight software provides multiple mechanisms and tools that help to support the creation of more-secure applications.

The following is a list of the main security features of the platform:

Mechanism Benefit Details

On-device Help protect sensitive information from malware attacks • Uses AES256 and PCKS #5-generated encryption keys for

encrypted storage and from device theft storing app-generated information on the device

• Allows offline user authentication

• Implemented in JavaScript (highly obfuscated) with optional

native performance enhancements

Direct update Take action to ensure timely propagation of updated hybrid

app versions to the entire install base

• New versions of the code can be distributed without requiring

the manual update of the app (applicable to web resources)

Remote disable Enforce timely adoption of critical security updates to the

entire install base

• Server-side console allows configuration of allowed app

versions. Administrator can force users to install security

updates to the native code.

Authentication Reduce overall cost and complexity of integration with • Server-side architecture designed for integration with

framework authentication infrastructure back-end authentication infrastructure based on Java

Authentication and Authorization Service (JAAS) concepts,

with authentication realms

• Specify one SSL per HTTP adapter for enhanced flexibility

and security

• Ready-to-implement integration with Kerberos, NTLM, Basic

and Digest authentication

• Ability to encrypt server-to-server SOAP communication with

X509 certificates, following the Web Services Security (WSS)

standard

• Client-side framework for asynchronous login requests on

session expiration

Server-side

safeguards

Help prevent SQL injection and help protect against

cross-site request forgery (XSRF)

• Prepared-statement enforcement

• Validation of submitted data against session cookie

Enterprise SSO Leverage existing enterprise authentication facilities and • Client-side mechanism obtains and encrypts user credentials,

integration user credentials and enable employee-owned devices sends to the server with requests

• Encryption incorporates user-supplied PIN, server-side secret

and device ID

• Credentials cannot be retrieved from lost or stolen device

Device SSO Enables a mobile user to authenticate one time in order to • Upon successful login, the authentication state is saved in the

integration gain access to multiple mobile applications from a single

device.

Mobile users get a more-seamless experience without

having to explicitly log in to each application.

Enterprise teams can integrate authentication services

under a “single umbrella”, streamlining governance and

reducing help-desk costs that are related to password

resets and security.

Developers can eliminate redundant development effort;

they are no longer required to build authentication into each

application independently.

database and used for validations in subsequent sessions

from the same device

• No credentials are stored in the on-device database; only the

state of the authentication is stored, for improved security

Page 11: IBM Worklight v6.0 - Technical White Paper, 2013

11

WebSphereTechnical White PaperIBM Software

Mechanism Benefit Details

Virtual private Enable delivery and operation of mobile apps for • Client-side and server-side frameworks act as secure socket

network (VPN) employee-owned devices or device types that are not layer (SSL)-based VPN

alternative allowed on the corporate network, and enable delivery • Network access control and policies are preconfigured in the

when installation of VPN client on mobile devices is not client-side framework layer

possible or when such installation is complicated to • Network access and security measures are updated using

manage server-side framework

• On-device encrypted storage to help prevent compromise of

sensitive data

IT system security involves protecting systems and information through prevention, detection and response to improper access from within and from outside a client’s enterprise. Improper access can result in information being altered, destroyed or misappropriated, or can result in misuse of systems to attack others. Without a comprehensive approach to security, no IT system or product should be considered completely secure and no single product or security measure can be completely effec-tive in preventing improper access. Worklight systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures and may require other systems, products or services to be most effective. IBM Worklight does not warrant that systems and products are immune from the malicious or illegal conduct of any party.

System requirementsProduction environmentThe Worklight server can be installed on the following operating systems:

●● AIX●● HP-UX●● Red Hat Enterprise Linux (RHEL)●● SUSE Linux (SLES)●● Oracle Solaris●● Microsoft Windows Server

The server requires the following databases to store metadata and cached back-end data:

●● Derby●● Oracle●● MySQL●● IBM DB2®

The Worklight server can run on the following application servers:

●● Apache Tomcat●● IBM WebSphere Application Server (and IBM WebSphere

Application Server Network Deployment) version 7.0 and higher (including the provided WebSphere Application Server v8.5 Liberty Profile)

The Worklight Server can be clustered to achieve high availability and scalability. In such cases, a load balancer is required. This load balancer can be any commercial load balancer, software or hardware, which supports “sticky” sessions. The load balancer can optionally act as a reverse proxy and as an SSL accelerator.

Development environmentThe Worklight development environment includes the IBM Worklight Server, database and the Eclipse-based Worklight Studio. The development environment is supported on the following operating systems:

●● Windows (32-bit or 64-bit)●● Macintosh environment

For development purposes, the following databases are supported:

●● IBM DB2 ●● Oracle ●● MySQL ●● Apache Derby

Page 12: IBM Worklight v6.0 - Technical White Paper, 2013

Please Recycle

The Worklight Studio can be installed on Eclipse and Rational Application developer (RAD).

Supported application servers:

●● IBM WebSphere Application Server Base and IBM WebSphere Application Server Network Deployment including the Liberty profile

●● Tomcat

For more information, please visit the following website: ibm.com/software/mobile-solutions/worklight

For more informationTo learn more about IBM Worklight assets for mobile application development, please contact your IBM marketing representative or IBM Business Partner, or visit the following website: ibm.com/software/solutions/mobile-enterprise

IBM Worklight Developer Edition is available at no charge. To download the Worklight Developer Edition, please visit: ibm.com/worklight-trial

Additionally, IBM Global Financing can help you acquire the software capabilities that your business needs in the most cost-effective and strategic way possible. We’ll partner with credit-qualified clients to customize a financing solution to suit your business and development goals, enable effective cash management, and improve your total cost of ownership. Fund your critical IT investment and propel your business forward with IBM Global Financing. For more information, visit: ibm.com/financing

© Copyright IBM Corporation 2013

IBM Corporation Software Group Route 100 Somers, NY 10589

Produced in the United States of America June 2013

IBM, the IBM logo, ibm.com, Cast Iron, Jazz, Rational, Tivoli, Cognos, Coremetrics, DB2, PureApplication, Power Systems, Tealeaf, and WebSphere are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml

Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.

Microsoft, Windows, and Windows NT are trademarks of Microsoft Corporation in the United States, other countries, or both.

Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.

Worklight is trademark or registered trademark of Worklight, an IBM Company.

This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates.

It is the user’s responsibility to evaluate and verify the operation of any other products or programs with IBM products and programs. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided.

WSW14181-USEN-07