Sharing Data with Customers and Suppliers

Assessing your future Web Services Infrastructure

Graham Cunningham: SW Business Development graham.cunningham@w3partnership.com

• Business Outcomes

• The Business Challenge

• Web Services the Issues

• Introducing IBM DataPower

• Deployment

• Latest IBM Datapower Features

• W3P

• Q&A

Agenda

• Days Debt Reduction

• Stock Reduction

• Compliance

• New Channels

• Efficient Processing

• Dynamic Routing

Differing Business Scenario's

• LOB – Engineering Automotive

– More efficient delivery and acknowledgement

– Faster time to Invoice

– More accurate Invoicing

– Days debt reduced by 3 days

Debt Reduction

• LOB – Wholesale Distribution

– More efficient delivery and acknowledgement

– Greater visibility of stock levels at supplier/partner

– JIT ordering easier

– Early visibility of demand changes thru supply chain

Stock Reduction

• LOB – Financial Services

– Flexible approach to delivery of key compliance data

– Easy to modify reporting models

– Reuse of internal reporting services

– Secure method of delivering sensitive information

Compliance

• LOB – Media and Entertainment

– Easy rendering of existing web services to mobile

– Decoupled applications from existing backend apps

• Mobile look and feel

– Speed and responsiveness

– 200 % increase in volume of business

New Channels

• LOB – Outsourcing Services

– Prompt sharing of service requests

– Simplification of integration to customer and internal ERP

– Improved accounting reconciliation

– Flexible billing models possible

– Easy to obtain new clients

Efficient Processing

• LOB – Shipping Transportation

– Dynamic Customer services function enabled

– Transports could be dynamically rerouted

– Improved customer services

– More efficient Fleet

Dynamic Routing

• A Web service is a method of communication between two electronic devices over a network. It is a software function provided at a network address over the Web with the service always on as in the concept of utility computing. The W3C defines a Web service generally as:-

• a software system designed to support interoperable machine-to-machine interaction over a network.[1]

• The W3C Web Services Architecture Working Group defined a Web Services Architecture, requiring a specific implementation of a "Web service." In this:

• [a Web service] has an interface described in a machine-processable format (specifically WSDL). Other systems interact with the Web service in a manner prescribed by its description using SOAP(Simple Object Access Protocol) messages, typically conveyed using HTTP with an XML serializationin conjunction with other Web-related standards.[1]

• The W3C also states:• We can identify two major classes of Web services:• REST-compliant Web services, in which the primary purpose of the service is to manipulate

representations of Web resources using a uniform set of stateless operations.• Arbitrary Web services, in which the service may expose an arbitrary set of operations.

Web Services

Communication Security Protocol ConversionTransformation

The adoption of cloud, analytics, mobile, and social computing is forcing organizations to open IT assets to new business channels

…and challenging them to rethink the way they have traditionally approached security & control

Between 2005

and 2020, the

amount of data

in the world will

grow 300X, from

130 to 40,000

exabytes.

81% of adults

use personally

owned mobile

devices for

conducting

business

70% of

employees are

engaged in

social

activities both

internally and

externally

73% of

organizations

discovered

cloud usage

outside of IT

or security

policies

Market Dynamics

• Need for new partner support

• Increase in partner data volume

• Planned security audit

• Backlog in partner management processing.

• In-house built security solutions

The World is Changing

• Lead Architects

– How do you handle application interface security both inside and outside your enterprise?

– Do you have any challenges administering security between your company and other companies?

• Heads of business units.

– Do you have a need to secure your Web Services?

– Would you like to have a scalable and centralized security solution for your application interfaces?

• Middleware management teams

– Are you relying solely on IP firewalls and SSL proxies to secure your application interfaces?

– Are you using or planning to use XML and/or Web Services in critical applications?

• C level execs

– Protecting company reputation

– Passing industry audits

– Utilising all channels to customer/suppliers

The Business Challenge

The technologies tend to be a bit different

JSON/REST instead of SOAP/XML, OAuth instead of SAML

Bandwidth and battery life are at a premium

Need to minimize back and forth communications

Security is a paramount concern

Mobility of devices makes them easier to steal or spoof

Access patterns and volumes are less predictable

More service calls on mobile devices, potentially more users, anytime

Performance matters

Performance expectations are much higher on mobile

Mobile Issues

Websites

Connected appliances

Partners

Websites

Internet TVs Smart phones

Tablets

Game consoles

Connected cars

Millions 1993 - 2000 Trillions 2013+

15

The Current Landscape

•Build more resources

•Acquire new skills

•Address new challenges: mobile, Internet of Things

•Maintain a secure and robust infrastructure

How can you do this?

Why an Appliance For Connectivity?

http

://ww

w.w

3p

artnersh

ip.co

m

• Consumable hardware platform• Certified security assurance• Achieves fast performance• Many functions in a single device• Simplified maintenance model• Lower cost and complexity

IBM DataPower

1717

IBM DataPower Gateways provide a low startup cost,helping clients increase ROI and reduce TCO with

specialized, consumable, dedicated gateway appliances thatcombine superior performance and hardened security in

physical and virtual form factors

INTEGRATE Systems of Engagement with Systems of Record

CONTROL & MANAGE Traffic and Service Level Agreements

SECURE Mobile, API, Web, SOA, B2B and Cloud Workloads

OPTIMIZE Data Delivery and User Experiences

CONSOLIDATE & Simplify Infrastructure Footprint

DataPower Gateways

Single security and integration gateway platform to provide security, integration, control & optimized access to a full range of Mobile, API, Web, SOA, B2B, & Cloud workloads

B2B

Simplify mobile security with single, purpose-built gateway; control mobile traffic and accelerate delivery

WebSimplify web security with single, purpose-built gateway; control traffic and accelerate delivery for intranet and internet web applications

CloudDataPower gateway functionality

in a virtual appliance form factor,

supports multiple hypervisor &

cloud environments

IBM DataPower

GatewayAPIEasily secure, control,

publish, monitor &

manage your APIs

SOASecure, integrate, control

& manage SOA workloads

in the DMZ and Trusted

zones

Extend Connectivity & Integration beyond the enterprise with DMZ-ready B2B edge capabilities

Mobile

Gateway for the Multi-channel Enterprise

Application or Service

5 SOA & API Gateway

6 ESB / Integration Gateway

7 Internal Security Enforcement

8 Web Services Governance & Management

9 Legacy Integration

z System

IBM DataPower Gateway Appliances are the industry-leading

Security & Integration gateways that help provide security, integration,

control and optimized access to a full range of

Mobile, Web, API, SOA, B2B, & Cloud workloads

Internet Trusted Domain

Consumer

DMZ

Trading partners

1 Mobile Gateway

2 API Gateway

3 Web Gateway

4 B2B Partner Gateway

Consumer

Middleware

DataPower Gateway DataPower Gateway

Common Use Cases

Proficiency

Before DataPower GatewayAfter DataPower Gateway

Control

Integrate

Optimize

SecureConsumer

Consumer

Consumer

Consumer

Simplify, offload & centralize critical functions

IntegrateAny-to-any message

transformation

Transport protocol bridging

Message enrichment

Database connectivity

Mainframe connectivity

B2B trading partner

connectivity

Control OptimizeSecureSSL / TLS offload

Hardware accelerated

crypto operations

JSON, XML offload

JavaScript, JSONiq, XSLT,

XQuery acceleration

Response caching

Intelligent load distribution

Service level management

Quota enforcement, rate

limiting

Message accounting

Content-based routing

Failure re-routing

Integration with management

& visibility platforms

Authentication, authorization,

auditing

Security token translation

Threat protection

Schema validation

Message filtering & semantics

validation

Message digital signature

Message encryption

Functions

Deployment

• Appliance On Premise

• Virtual device On Premise- Licensed as IBM s/w

• Virtual Device (cloud)- Rental Model

Purpose-built hardware provides physical security

• Sealed, tamper-evident case

• No usable USB, VGA, other ports

• Intrusion detection switch

• Trusted Platform Module

• Encrypted flash drive

• FIPS 140-2 level 3 Hardware Security Module (option) for secure storage of private keys

Hardened firmware provides platform security for physical & virtual gateways

• Single signed and encrypted firmware by IBM

• No arbitrary software

• Optimized, embedded operating system

• High assurance, “locked-down” configuration

• Key materials are not exportable from the appliance *

Security

23

HTTP MQ JMS FTP IMS

SOAPXML

COBOL

CSV

• Integrate disparate transport protocols with extreme ease

• Transform the message format with ultimate flexibility for data mapping

• Support synchronous, asynchronous, publish & subscribe and guaranteed-delivery message patterns

Simplify - Transport and payload transformations

24

• Enforce security standards with zero coding

• Uses intuitive pipeline message processing

• Import/export configurations between environments

• Transaction probe shows message content between actions for debugging

Accelerate - Configuration Approach

25

• Easily integrate DataPower with your existing monitoring infrastructure

• Leverage advanced SOA monitoring tools for a more holistic analysis

• Create advanced log and audit solutions that meet your application requirements

• Customize your monitoring with a flexible log subscription engine

– Send to multiple targets

– Send in multiple formats

SNMPsyslog

OtherITCAM

SOAsyslog

Governance - DataPower Monitoring

Secure. Integrate. Control. Optimize.

Released

Nov 2014

Consolidated productSingle, modular & extensible gateway

platform to secure, integrate, control, &

optimize full range of workloads

New hardware platformIncrease capacity & throughput while

reducing latency with latest

generation hardware

Deployment flexibilityUse physical or virtual appliance with

seamless configuration migration with

on-premise & cloud deployments

B2B moduleCentralize B2B trading partner

connectivity & transaction management

with high performance secure entry point

in the DMZ

Multi-channel gatewayUtilize single gateway with integrated

access enforcement from ISAM to secure &

optimize delivery of mobile, API, web, SOA,

B2B, cloud apps, and integrate with IBM

MobileFirst & WebSphere platforms

Enhanced securityEnable additional flexible authentication

from internet consumers & Non-Microsoft

consumers to Microsoft systems

IBM Gateway 7.1DataPower

Single multi-channel gateway platform to secure & optimize delivery

of mobile, API, web, SOA, B2B, cloud apps, and integrate with IBM

MobileFirst & WebSphere platforms

Integrates industry-proven access enforcement capabilities of IBM

Security Access Manager into the DataPower platform, available as

add-on ISAM Proxy Module

IBM DataPower Gateway is the new name of a consolidated,

extensible & modular platform

Converges three existing products, XG45 / XI52 / XB62, into a single

modular offering

Physical appliance uses purpose-built latest generation hardware

platform to provide increased performance & capacity

Virtual appliance runs on VMware & Citrix XenServer hypervisors and

cloud platforms that support them

Easy-to-use & secure B2B integration capabilities, formerly on XB62

appliances only, available as add-on B2B Module

Enable authentication from internet consumers & Non-Microsoft

consumers to Microsoft systems with Kerberos S4U2Self support

Highlights of IBM DataPower Gateway & V7.1

Modules

ISAM Proxy Module User access control, session

management, web SSO

enforcement

Advanced mobile security: mobile

SSO, context-based access, one-

time password, multi-factor authn

Integration w/ ISAM4Mobile

Application Optimization

Module Frontend self-balancing

Backend intelligent load

distribution

Session affinity

z Sysplex Distributor integration

Integration

Module Any-to-Any message

transformation

Database connectivity

Mainframe IMS connectivity

B2B Module B2B DMZ gateway

EDIINT AS1,AS2,AS3,ebXML

Partner profile management

B2B transaction viewer

Any-to-Any message transformation

Database connectivity

TIBCO EMS

Module Integrate with TIBCO EMS

messaging middleware

Support for queues & topics

Load balancing & fault-tolerance

IBM DataPower Gateway (Base)Secure

Authentication, authorization

Security token translation

Service / API virtualization

Threat protection

Message validation

Message filtering

Message digital signature

Message encryption

AV scanning integration

Integrate Transport protocol bridging

Message enrichment

Message transformation &

processing using JavaScript,

JSONiq, XQuery, XSLT

Mainframe integration &

enablement

Flexible pipeline message

processing engine

Control & Manage Service level management

Quota & rate enforcement

Content-based routing

Message accounting

Integration w/ management

& visibility platforms

including IBM API

Management & WSRR for

policy enforcement

Optimize & Offload SSL / TLS offload

Hardware accelerated crypto

JSON, XML offload

JavaScript, JSONiq, XSLT,

XQuery acceleration

Local response caching

Distributed caching w/ XC10

Backend load balancing

(2U Physical or Virtual Edition)

Single, modular & extensible platform

DataPower resources

DataPower on

Slideshare

LinkedInIBM DataPower Gateway Group

developerWorks

Blog

YouTubeIBM DataPower Gateway

Channel

Twitter@IBMGateways

Online User Forum

• YouTube Channel: IBM DataPower Gateways

• Slideshare: IBM DataPower Gateway

• Twitter: @IBMGateways

• LinkedIn Group: IBM DataPower Gateway

• developerWorks blog: IBM DataPower Gateway

• GitHub: IBM DataPower Gateway

• Online User Forum

• Product page on ibm.com

• Product documentation

Who Are W3Partnership?

Background Information:

• W3Partnership is an independent provider of business consulting and Integration expertise

• Specialise in implementing Service Oriented Architecture and the standards and technologies associated with SOA

• Capabilities:

• Project Management, Technical Architecture, Design, Delivery and Support

• Expertise in WebSphere Message Broker (IBM Integration Bus – IIB), WebSphere MQ , IBM DataPower, WebSphere Application Server

• Open Source Middleware WSO2

• JEE, Java, JMS, SOAP, WSDL, XSD, XML, XSLT & BPEL

• Developed:

• Own IP called W3 Pattern Application Developer (W3PAD)

Call to Action

Graham Cunningham IBM SW Business Development 07802 461612 Graham.Cunningham@w3partnership.com

Book a 1-1 Meeting(F-F) or Conference call with Meridan Agenda

Use Case VolumesPayloadsSecurity RequirementsProtocols

OutputsA Business CaseSample ConfigurationImplementation Schedule

• Graham Cunningham IBM SW Business Development 07802 461612 Graham.Cunningham@w3partnership.com

• Marcus Langford Thomas Chief Operations Officer 07572 103794 Marcus@w3partnership.com

Contact Details

Visit us at www.w3partnership.com or follow us on:

https://www.linkedin.com/company/w3partnership @w3partnership

Questions

Positioning versus ESB

What is the primaryintegration need?

• IIB for the Integration Bus

• IIB for the integration bus

• Augment and accelerate with DataPower as security & integration gateway

• DataPower as a secure gateway in the DMZ

Integrating a heterogeneous IT

environment i.e. createan integration bus

Secure & optimize delivery of web apps & services to external

consumers/partners in the DMZe.g. edge of network Gateway

Do you require secure connectivity, intelligent load distribution or acceleration between apps & services?

No

Yes

Yes

• DataPower as security & integration gateway

• DataPower as security & integration gateway

• Augment with IIB for broader connectivity

Securing, optimizing & targeted integration to apps or services within

the enterprisee.g. creating an

Integration GatewayYes

Does customer also need a universal connectivity

solution?

No

• Installation, configuration and development experience on XG45, XI50/XI52, and XB60/62

• Previous engagements

• Retail Banks

• Government

• Automotive industry

• Mobile phones retailer

• Credit card company

W3Partnership DataPower credentials

DataPower – Customer Issues

• Users need to architect, design and build common functions on a repetitive basis

• Skilled consultants needs specialist training. A potential inhibitor to fast ROI

• Need to be able to control the versioning of services

– No central control or visibility of interfaces across the enterprise.

– Lack of guidance on implementation of patterns.

• Ease of management in the deployment of services

• Patterns are abstraction mechanisms that can be applied repeatedly for recurring technical challenges

• Patterns enforce architectural standards and principles

• A service pattern defines the architectural standard, structure and technology ready for implementation.

Patterns

W3PAD - Product Capabilities

• Working with patterns• Create new patterns• Load existing patterns• Add new services• Clone patterns• Simply & quickly deploy

services based on existing patterns

• Maintain a record of all services created / deployed (Release Management)