© 2015 IBM Corporation

IBM DataPower GatewaysOverview and Roadmap

Hugh EverettIBM Technical SalesIBM Manchester, UK+44-7711-059360Hugh_Everett@uk.ibm.com

© 2015 IBM Corporation2

Agenda

DataPower Gateway Overview

Recent Releases

Roadmap

Q&A

© 2015 IBM Corporation33

DataPower Gateways …

3

IBM DataPower Gateways provide a low startup cost,

helping clients increase ROI and reduce TCO with

specialized, consumable, dedicated gateway appliances that

combine superior performance and hardened security in

physical and virtual form factors

INTEGRATE Systems of Engagement with Systems of Record

CONTROL & MANAGE Traffic and Service Level Agreements

SECURE Mobile, API, Web, SOA, B2B and Cloud Workloads

OPTIMIZE Data Delivery and User Experiences

CONSOLIDATE & Simplify Infrastructure Footprint

© 2015 IBM Corporation4

• Used by 95% of top global insurances firms

• SaaS providers, ASPs, regulators, etc.

• Agencies and ministries• Defense and security organizations• Crown corporations

Insurance

Government

Banking

• Healthcare• Retailers• Utilities, Power, Oil and Gas• Telecom• Airlines• Others

Many, many, more

• Majority of the big US and European banks

• All of the big 5 Canadian banks• Numerous regional banks and credit

unions

DataPower GatewaysOver 14 years of innovation & over 2,000 global installations

© 2015 IBM Corporation5

5

Business & IT Trends

• Enterprises are exposing new electronic channels, to serve:

• Customer (web and mobile apps)

• Employee (web and mobile apps)

• Partners (B2B)

• Developers (APIs)

• Focus on demands of Systems of Engagement for scale,

responsiveness, control & security for accessing System of Records

• Virtualized data centers & cloud deployments are the new norm

• Fragmented “edge” capabilities create operational complexity

• Threat protection, traffic management, protocol mapping,

transformation, caching, authentication & authorization (AAA), single

sign-on, metering and analytics, optimization

© 2015 IBM Corporation6

B2B Gateway

API Gateway

API Gateway

Single Policy-driven & Extensible Security & Integration Gateway

ConnectivityControl &

Visibility

Advanced Access Security

Advanced Threat Protection

PerformanceOptimization

Data Security

DataPower Gateway

(Physical or virtual)DataPower Gateway

(Physical or virtual)

Runtime security enforcement | Traffic control & monitoring | Integration | Optimization

Web Access

Management

Web

Servers

On-demand Router

WebSphere VE

WAS NDLoad Balancer

ADC

Yesterday

Today

Internet

Internet

Mobile/API Gateway

Web Application

Firewall

Consolidate the Edges

Apps, Services, Middleware,

z System

Apps, Services, Middleware,

z System

SOA / ESB Gateway

B2B Gateway

© 2015 IBM Corporation7

Enterprise

Applications

and Systems

DEVELOPERSPARTNERS CONSUMERS

EMPLOYEES

WEBMOBILEB2B SOA APIS

PARTNERS

DEVELOPERS

Business

Channels

Users

Security &

Control

Solutions

CLOUD

ALLCONSUMERS

EMPLOYEES

Converged, Multi-Channel Gateway for Edge ProcessingReduce cost + improve security & control

Gateway services in

Cloud

Virtual appliance in

Public & Private Cloud Physical appliance

z SystemMiddleware

ESBApplication Service

© 2015 IBM Corporation8

Simple Architecture: Firmware + purpose built hardware

Guiding philosophy is to centralize common security,

integration, control, and traffic management functions

and optimize them in a security-hardened appliance

Simple and Secure Platform Architecture

Display

Ports

database

config

App

Server

config

Apache

HTTPD

config

JVM

config

Proprietary

Software

config

Linux Daemons

configJSP

Engineglibclibxml

Full Linux OS

(including shells and user accounts)

config

Bootable

CDROM

Drive

Bootable

USB

Ports

Hardware

Commodity Gateways

config

Hardware

DataPower Gateway

Digitally Signed and Encrypted

Firmware

Flash

Memory

Crypto

Acceleration

IBM Optimized Embedded Operating Environment

Purpose-built Gateways

© 2015 IBM Corporation9

Purpose-Built API Gateway for Microservices Architecture

Trusted Platform Module

(TPM)

Hardware Accelerated

Crypto Card

No DVD/CD Drives &

Working USB Ports

Intrusion Detection

Switch

HSM Module for FIPS

140-2

Signed & Encrypted

Firmware

Secured & Optimized

XSLT & JavaScript

CompilerEncrypted Flash

Storage

© 2015 IBM Corporation10

IBM DataPower Gateway Appliances are the industry-leading

Security & Integration gateways that help provide security, integration, control

and optimized access to a full range of

Mobile, Web, API, SOA, B2B, & Cloud workloads

Common Use Cases

Internet Trusted Domain

Consumer

Application or Service

DMZ

Trading partners

1 Mobile Gateway

2 API Gateway

3 Web Gateway

4 B2B Partner Gateway

5 SOA & API Gateway

6 ESB / Integration Gateway

7 Internal Security Enforcement

8 Web Services Governance & Management

9 Legacy Integration

Consumer

Middleware

z System

DataPower Gateway DataPower Gateway

© 2015 IBM Corporation11

Features

Before DataPower Gateway After DataPower Gateway

Control

Integrate

Optimize

SecureConsumer

Consumer

Consumer

Consumer

Simplify, offload & centralize critical functions

Integrate

Any-to-any message

transformation

Transport protocol

bridging

Message enrichment

Database connectivity

Mainframe connectivity

B2B trading partner

connectivity

Control OptimizeSecure

SSL / TLS offload

Hardware accelerated

crypto operations

JSON, XML offload

JavaScript, JSONiq, XSLT,

XQuery acceleration

Response caching

Intelligent load

distribution

Service level management

Quota enforcement, rate

limiting

Message accounting

Content-based routing

Failure re-routing

Integration with

management & visibility

platforms

Authentication,

authorization, auditing

Security token translation

Threat protection

Schema validation

Message filtering &

semantics validation

Message digital signature

Message encryption

© 2015 IBM Corporation12

Modules

ISAM Proxy Module User access control, session

management, web SSO enforcement

Advanced mobile security: mobile

SSO, context-based access, one-

time password, multi-factor authn

Integration with ISAM for Mobile

Application Optimization

Module Frontend self-balancing

Backend intelligent load distrib’n (ADC)

Session affinity

z Sysplex Distributor integration

Integration

Module Any-to-Any message transformation

Database connectivity

Mainframe IMS connectivity

B2B Module B2B DMZ gateway

EDIINT AS1,AS2,AS3,ebXML

Partner profile management

B2B transaction viewer

Any-to-Any message transformation

Database connectivity

TIBCO EMS

Module Integrate with TIBCO EMS

messaging middleware

Support for queues & topics

Load balancing & fault-tolerance

IBM DataPower Gateway (Base)

Secure Authentication, authorization

Security token translation

Service / API virtualization

Threat protection

Message validation

Message filtering

Message digital signature

Message encryption

AV scanning integration

Integrate Transport protocol bridging

Message enrichment

Message transformation &

processing using JavaScript,

JSONiq, XQuery, XSLT

Mainframe integration &

enablement

Flexible pipeline message

processing engine

Control & Manage Service level management

Quota & rate enforcement

Content-based routing

Message accounting

Integration w/ management &

visibility platforms including

IBM API Management &

WSRR for policy enforcement

Optimize & Offload SSL / TLS offload

Hardware accelerated crypto*

JSON, XML offload

JavaScript, JSONiq, XSLT,

XQuery acceleration

Local response caching

Distributed caching with WXS

or XC10

Backend load balancing

2U Physical or Virtual Edition

Single, modular & extensible platform (2 of 2)

© 2015 IBM Corporation13

Deployment options

Purpose-built, DMZ-ready appliances provide physical security

High density 2U rack-mount design

8 x 1 and 2 x 10 GbE ports

Cryptographic acceleration card

Trusted platform module

Customized intrusion detection

Optional HSM (FIPS 140-2 Level 3 certified)

Virtual appliances provide deployment flexibility

Support multiple hypervisors and cloud environments

− VMware

− Citrix XenServer

− IBM PureApplication System (x86 nodes)

− IBM PureApplication Service on SoftLayer (x86 nodes)

− IBM SoftLayer bare metal instances using supported hypervisors

VirtualPhysical

© 2015 IBM Corporation14

Virtual Edition

DataPower gateway functionality in virtual appliance form

factor to rapidly secure, integrate, control & optimize

access to Mobile, API, Web, SOA & B2B workloads in

hypervisor & clouds platforms

Use for development, test or production

Supports multiple hypervisor & cloud platforms

VMware

Citrix XenServer

IBM PureApplication System W1500/W2500

IBM PureApplication Service on SoftLayer (x86)

IBM SoftLayer bare metal instances on x86 nodes

Seamless configuration migration between physical

and virtual appliances

Utilizes the same industry-proven & purpose-built

platform including an embedded, optimized DataPower

Operating System, that powers the physical appliances

x86 Server

Delivers purpose-built, highly

consumable Security &

Integration Gateway functionality

in virtual appliance form factor for

cloud deployments

© 2015 IBM Corporation15

DataPower’ing IBM Bluemix!!!

• Security

• Control

• Filtering

• Content-Based Routing

• Load balancing

• Monitoring and Logging

Mobile

client

Bluemix

Tooling

VM

Application

Manager

AppApp

AppApp

ServiceService

ServiceService

Open Stack

External

ServiceExternal

Services

Internet

Did you know?

DataPower is trusted as theexclusive gateway for Bluemix,

IBM’s global Platform as a Service

© 2015 IBM Corporation16

Agenda

DataPower Gateway Overview

Recent Releases

Roadmap

Q&A

© 2015 IBM Corporation17

GatewayScript: A JavaScript runtime that is

secured, optimized and tuned for the gateway

environment to simplify configuration for developers

and provide an easier development paradigm for

Mobile, Web, & API

New Virtual Edition for Developers provides a low

cost, per user pricing, and easy to use gateway for

developers

Support for Citrix XenServer hypervisor provides

additional deployment flexibility on-premise & cloud

deployments

WebSocket Proxy support enables full-duplex, bi-

directional, & low-latency communication for Mobile

& Web applications, Internet of Things

Improved security & traffic control functionality in

support of IBM API Management offering

Highlights of DataPower v7.0

GatewayScript

Released

June 2014

© 2015 IBM Corporation18

• Secure JavaScript Processing Policy Action for manipulating Mobile, Web, API traffic

• Focuses on the “Developer” experience, with familiar and friendly constructs and APIs

• Why JavaScript

– Popular scripting language

– Large ecosystem

– Fast moving community driven

– Client & Server-side, now Gateway too

• New GatewayScript Processing Policy Action

– Transformation style processing policy action

– Access to gateway functions through APIs

• Attributes of GatewayScript

– Secure: transaction isolation, code injection protection, short lived execution, small footprint

– Manipulate with ease JSON and binary data. Implement your own format handling

– Performant

• Compiler technology & native execution. Leverages common infrastructure with XSTL

• Ahead of time compilation with caching, not single threaded

– Flexible and Modular

• Fully CommonJS Module compliant

• Port community developed feature and function where beneficial

GatewayScript Action

GatewayScript™

© 2015 IBM Corporation19

Highlights of IBM DataPower Gateway & V7.1

Single multi-channel gateway platform to secure & optimize

delivery of mobile, API, web, SOA, B2B, cloud apps, and

integrate with IBM MobileFirst & WebSphere platforms

Integrates industry-proven access enforcement capabilities of

IBM Security Access Manager into the DataPower platform,

available as add-on ISAM Proxy Module

IBM DataPower Gateway is the new name of a consolidated,

extensible & modular platform

Converges three existing products, XG45 / XI52 / XB62, into a

single modular offering

Physical appliance uses purpose-built latest generation

hardware platform to provide increased performance & capacity

Virtual appliance runs on VMware & Citrix XenServer

hypervisors and cloud platforms that support them

Easy-to-use & secure B2B integration capabilities, formerly on

XB62 appliances only, available as add-on B2B Module

Enable authentication from internet consumers & Non-Microsoft

consumers to Microsoft systems with Kerberos S4U2Self

support

© 2015 IBM Corporation20

New Cloud Offerings

Secure Gateway for Bluemix

Applications

Easier DevOps with new REST API

Secure. Integrate. Control. Optimize.

GatewayScript Enhancements

Robust Platform Security

7.2 Features

Deploy DataPower Gateways on Amazon

EC2 and SoftLayer CCI to provide

enhanced cloud elasticity for cloud

workloads.

Enhanced hybrid cloud integration to

securely connect between IBM Bluemix

applications and on-premise services

protected using DataPower Gateways

Protect mission-critical applications from

security vulnerabilities with enhanced TLS

protocol support using Elliptic Curve

Cryptography, Server Name Indication, and

Perfect Forward Secrecy

New REST-based management API to build

deployment and automation scripts, enabling

easier devops for continuous software

delivery and quicker problem resolution.

Enhanced Mobile and API security

Easily transform between XML and JSON

messages to quickly integrate System of

Records data sources with Systems of

Engagement interfaces

Increased mobile and API security for

protecting mission-critical transactions with

JSON Encryption, JSON Signature, JSON

Key, and JSON Token

Available

June 19th, 2015

Announce

May 26th, 2015

© 2015 IBM Corporation21

IBM API Management: One Integrated Platform

design, secure, control, publish, monitor & manage APIs

Explore API documentation

Provision application keys

Self-service experience

Developer Portal API Manager Management Console

Define and manage APIs

Explore API usage with analytics

Manage API user communities

Provision system resources

Monitor runtime health

Scale the environment

API Gateway (IBM DataPower)

Enforce runtime policies to control API traffic

© 2015 IBM Corporation22

Integrated capabilities for Web and MobileConsolidated infrastructure with simpler topology & reduced TCO

Internet

Application

Server

Cluster

WAS ND,

MobileFirst,

Commerce,

Portal,

Process

Server

DataPower

Appliances

WebSphere

Extreme Scale

1

2

3

4

High availability

application gateway

Replacing existing

load balancers with

optional embedded

ADC module

Out-of-the-box WAS proxy

•Intelligent load balancing for WAS ND clusters without additional servers

•Application-specific optimized routing &

session affinity

Enhanced caching capabilities

On-the-box cache with user-friendly

policy control and optional distributed

caching with seamless WXS integration

Gateway

Web Application Gateway

Application security capabilities for simplicity, improved performance

and scalability modules; Protection from zero day and OWASP Top 10

attacks with optional Web Application Firewall module and optional

ISAM module to provide Web Access Mgmt

© 2015 IBM Corporation24

What is ISAM for DataPower Module?

• ISAM for DataPower module provides the reverse proxy component that is

available on ISAM for Web and ISAM for Mobile appliances

ISAM

Module

DataPower

Base Appliance

• Reverse Proxy

IBM SecurityAccess Managerfor Mobile

• Context based Access (CBA)

• One-time Password (OTP) / Multi-factor Authentication (MFA)

• Advanced Security

IBM SecurityAccess Managerfor Web

• Load Balancer

• Protocol Analysis Module (PAM)

ISAM for Web was formerly known as Tivoli Access Manager for E-Business (TAMeb)

© 2015 IBM Corporation25

SSL OffloadThreat Protection

Rate Limiting / SLA EnforcementValidation, Filtering

AuthenticationAuthorization

Context-based AccessMobile SS0

Security Token TranslationMessage TransformationContent-Based Routing

Intelligent Load DistributionResponse Caching

Middleware / ESB, Legacy Apps

Apps, Services

Rapidly Connect Mobile Apps with Enterprise ServicesSecurely expose enterprise data & APIs to Mobile Apps while optimizing delivery

IBM DataPower Gateway

ISAM Module

/apimanagement

Native, Hybrid, Mobile Web

© 2015 IBM Corporation28

REST

1

5

3

2 4

Client

Provider

Improve Response

Time

Imp

roved

Lo

ad

DataPower

Large Response Time

WebSphere Extreme Scale (WXS)

http://www-01.ibm.com/support/docview.wss?uid=swg21697033

1. Client submits application request.

2. DataPower parses request and queries WXS. On a hit, skip to step 5.

3. On a miss, DataPower forwards request to target Provider.

4. DataPower adds application response to WXS.

5. Client receives response from DataPower.

Response Caching Integration with WXS

© 2015 IBM Corporation31

DataPower on GitHub Repository of DataPower related tools & collateral

Open source

Community driven: Use, collaborate, contribute

http://ibm-datapower.github.io/

DataPower Configuration Manager Tool for DataPower configuration management & migration

Standalone command line or IBM UrbanCode Deploy plugin

https://github.com/ibm-datapower/datapower-configuration-manager

https://github.com/ibm-datapower/datapower-configuration-manager/wiki/Easy-On-Ramp

DPXMLSH Bash script / shell library for working with DataPower’s XML Management interface

Interactive & scripted use

https://github.com/ibm-datapower/datapower-xml-shell

© 2015 IBM Corporation32

Agenda

DataPower Gateway Overview

Recent Releases

Roadmap

Q&A

© 2015 IBM Corporation34

DataPower Roadmap

SecurityOpenID Connect

Web Application Firewall

Advanced AU/AZ (ISAM)

Network HSM support

IntegrationDFDL

Raw TCP/IP Socket

3rd Party JMS

ControlEnhanced SLA / rate limiting

Layer4 load balancing

Layer7 self balancing

OOTB Monitoring

OptimizationDistributed caching

GatewayScript streaming

Intelligent compression

Web performance optimization

APIDynamic policy support

Advanced security enforcement

Advanced control, optimization

Robust analytics data handling

B2BAS4

Connect:Direct

Translucent FTP Proxy

User ExperienceNextGen UX

GatewayScript IDE Support

GatewayScript Debugging

Cloud / PlatformMulti-tenancy

Amazon EC2

DPaaS

KVM

MobileMobileFirst integration

Dynamic policy support

Advanced SICO* enforcement

MQTT

* Security, integration, control, optimization

© 2015 IBM Corporation35

GatewayServices

Public/Private Cloud

1. Enable Virtual Gateways to run in public &

private clouds– IBM & Non-IBM platforms

• SoftLayer, Bluemix, PureApplication System, z System

• Amazon EC2, VMware vCloud, Microsoft Azure

– Support relevant hypervisors including VMWare, Xen, KVM,

Hyper-V

– BYOL, PAYG licensing models

Gateway as a Service

IBM Cloud

2. Enable Gateway as a Service in IBM Cloud– Provided as a built-in & integrated component of the

platform

– Evaluation Center with pre-built Integrations for Try and Buy

– BYOL, PAYG licensing model

3. Enable Gateway Services in IBM Cloud and

in Containers“DataPower Containers Everywhere” (Docker / LXC )

– Provided as a built-in & integrated component of the

platform & Catalog

– Granular gateway capabilities

– PAYG licensing models

Gateway Services

IBM CloudSoftLayer, Bluemix, PureApplication

DataPower Cloud Gateway Edition

© 2015 IBM Corporation36

Hybrid cloud integration using Secure Gateway Service

• Enhanced hybrid cloud integration

using Secure Gateway service to

securely connect between IBM

Bluemix applications and on-premise

services protected using DataPower

Gateways– Quickly setup connectivity without

making enterprise firewall changes

while still allowing controlled access

from cloud services

– Supports multiple gateways instances,

load balancing and fault tolerance

– Manage and monitor gateway

instances and usage

Bluemix

On Premise

Datacenter

ServicesRuntimes

New

© 2015 IBM Corporation37

• DataPower device is partitioned into multiple independent environments:– Isolation of test environments

– Isolation of business concerns

– Improve utilization

• Full isolation achieved using a hardware optimized DataPower Hypervisor– Maintains model of trust chain established down to the hardware

– Resources are capped within each partition

3

7

Multi-Tenant Appliances

DataPower Appliances

Appliance is partitioned into multiple segments, each is independent and isolated

© 2015 IBM Corporation39

Getting Social with IBM DataPower Gateways

DataPower on Slideshare LinkedInIBM DataPower Gateway Group

developerWorks BlogYouTubeIBM DataPower Gateway Channel

Twitter@IBMGateways

Online User Forum

• YouTube Channel: IBM DataPower Gateways

• Slideshare: IBM DataPower Gateway

• Twitter: @IBMGateways

• LinkedIn Group: IBM DataPower Gateway

• developerWorks blog: IBM DataPower Gateway

• GitHub: IBM DataPower Gateway

• Online User Forum

• Product page on ibm.com

• Product documentation

© 2015 IBM Corporation40

Available Now: DataPower Handbook, Second Edition, Volume 1

Known as the ‘bible’ of

DataPower planning,

implementation, and

usage.

New content to cover

previous six years of new

products/features,

including 9006/7.1!

Volume 1 consists of

Chap 1 DataPower Intro,

Chap 2 Setup Guide, new

Preface and two

invaluable new

appendices for physical

and virtual appliances.

Available in softcover and e-book formats

© 2015 IBM Corporation41

Agenda

DataPower Gateway Overview

Recent Releases

Roadmap

Q&A

Thank You

© 2015 IBM Corporation42

BACKUP

© 2015 IBM Corporation43

Simple Architecture: Purpose-built firmware + hardware

Complete gateway platform delivered as firmware

Guiding philosophy is to centralize common security,

integration, control, traffic management, acceleration

functions and optimize them in a security-hardened

gateway appliance

Simple and Secure Architecture

Display

Ports

database

config

App

Server

config

Apache

HTTPD

config

JVM

config

Proprietary

Software

config

Linux Daemons

configJSP

Engineglibclibxml

Full Linux OS

(including shells and user accounts)

config

Bootable

CDROM

Drive

Bootable

USB

Ports

Hardware

Commodity Gateways

config

Hardware

DataPower Gateway Platform

Digitally Signed and Encrypted

Firmware

Flash

Memory

Crypto

Acceleration

IBM Optimized Embedded Operating Environment

Purpose-built Gateways

© 2015 IBM Corporation4444

Configuration-driven approach speeds time to market

• Enforce security standards with zero coding

• Uses intuitive pipeline message processing

• Import/export configurations between

environments

• Transaction probe shows message content

between actions for debugging

44

© 2015 IBM Corporation45

(2U Physical, Virtual Edition)

ISAM Proxy

Module

Integration Module

B2B Module

AO Module

TIBCO EMS

Module

IBM DataPower Gateway is the new name of a consolidated, extensible & modular platform Converges three existing products, XG45 / XI52 / XB62, into a single modular offering

Available in physical and virtual form factor

Physical Appliance 2U rack mount appliance using latest generation hardware platform

Two base editions: Non-HSM and HSM (FIPS 140-2 Level 3 certified)

Each software module is licensed separately

Virtual Edition Three editions: Developer, Non-Production, Production

Developer includes all software modules at no additional cost, except TIBCO EMS

Non-Production includes all software modules at no additional cost, except TIBCO EMS & ISAM Proxy

Production: Each software module is licensed separately

Supports V7.1

& above

All software modules

are field upgradeable

Single, modular & extensible platform

© 2015 IBM Corporation46

CapabilitiesRapidly deliver secure integration & optimized access for a full range of workloads

• Secure & protect your back-end systems from

harmful workloads and unauthorized users & apps

• Convert payloads, bridge transports and connect

to existing services at wire-speed

• Limit & shape traffic based on service level

agreements, and route based on message content

• Improve response times, reduce load on

backend systems and intelligently distribute load

Secure

Control

Integrate

Optimize

Before DataPower Gateway After DataPower Gateway

Control

Integrate

Optimize

SecureConsumer

Consumer

Consumer

Consumer

© 2015 IBM Corporation47

SSL OffloadThreat Protection

Rate Limiting / SLA EnforcementValidation, Filtering

Authentication, AuthorizationContext-based Access, Mobile SS0

Security Token TranslationMessage TransformationContent-Based Routing

Intelligent Load DistributionResponse Caching

Connect Mobile Apps with Enterprise ServicesSecurely expose enterprise systems & APIs to Mobile Apps while optimizing delivery

© 2015 IBM Corporation48

• Data format & language– JavaScript‒ JSON ‒ JSON Schema ‒ JSONiq ‒ REST ‒ SOAP 1.1, 1.2 ‒ WSDL 1.1 ‒ XML 1.0 ‒ XML Schema 1.0 ‒ XPath 1.0 ‒ XPath 2.0 (XQuery only) ‒ XSLT 1.0 ‒ XQuery 1.0

• Security policy enforcement‒ OAuth 2.0 ‒ SAML 1.0, 1.1 and 2.0, SAML Token

Profile, SAML queries ‒ XACML 2.0 ‒ Kerberos (including S4U2Self, S4U2Proxy)

‒ SPNEGO ‒ RADIUS‒ RSA SecurID OTP using RADIUS ‒ LDAP versions 2 and 3 ‒ Lightweight Third-Party Authentication‒ Microsoft Active Directory ‒ FIPS 140-2 Level 3 (w/ optional HSM)‒ FIPS 140-2 Level 1 (w/ certified crypto module)

‒ SAF & IBM RACF® integration with z/OS ‒ Internet Content Adaptation Protocol‒ W3C XML Encryption ‒ W3C XML Signature ‒ S/MIME encryption and digital signature ‒ WS-Security 1.0, 1.1 ‒ WS-I Basic Security Profile 1.0, 1.1 ‒ WS-SecurityPolicy ‒ WS-SecureConversation 1.3

DataPower Gateway: Supported standards & protocols• Transport & connectivity

– HTTP, HTTPS, WebSocket Proxy– FTP, FTPS, SFTP – WebSphere MQ– WebSphere MQ File Transfer Edition – TIBCO EMS – WebSphere Java Message Service– IBM IMS Connect, & IMS Callout– NFS – AS1, AS2, AS3, ebMS 2.0, CPPA 2.0,

POP, SMTP (XB62) – DB2, Microsoft SQL Server, Oracle,

Sybase, IMS

• Transport Layer Security‒ TLS versions 1.0, 1.1, and 1.2‒ SSL versions 2 and 3

• Public key infrastructure (PKI)‒ RSA, 3DES, DES, AES, SHA, X.509,

CRLs, OCSP ‒ PKCS#1, PKCS#5, PKCS#7, PKCS#8,

PKCS#10, PKCS#12‒ XKMS for integration with Tivoli Security

Policy Manager (TSPM)

• Management‒ Simple Network Management Protocol‒ SYSLOG ‒ IPv4, IPv6

• Open File Formats‒ Distributed Management Task Force

(DMTF) Open Virtualization Format (OVF)

‒ Virtual Machine Disk Format (VMDK)‒ Virtual Hard Disk (VHD)

Link to Product Documentation

• Web services– WS-I Basic Profile 1.0, 1.1 – WS-I Simple SOAP Basic Profile – WS-Policy Framework – WS-Policy 1.2, 1.5 – WS-Trust 1.3 – WS-Addressing – WS-Enumeration – WS-Eventing – WS-Notification – Web Services Distributed Management– WS-Management – WS-I Attachments Profile – SOAP Attachment Feature 1.2 – SOAP with Attachments (SwA) – Direct Internet Message Encapsulation– Multipurpose Internet Mail Extensions– XML-binary Optimized Packaging (XOP) – Message Transmission Optimization

Mechanism (MTOM) – WS-MediationPolicy (IBM standard) – Universal Description, Discovery, and

Integration (UDDI versions 2 and 3), UDDI version 3 subscription

– WebSphere Service Registry and Repository (WSRR)

© 2015 IBM Corporation4949

2000

2001

2002

20032004

2005

2006

2007

20082009

20102011

Gigabit/Sec

HW Solution

Acquisition

ITCAM for SOA

(Transaction Monitoring)

Model 9235

(aka 9004)

Model 7993

(aka 9003)

WebSphere

Transformation Extender

XA35

XS40

XI50

XB60

2012

XG45,

XI52 & XB62

XI50B Blade

WebSphere Appliance

Management Center

Optimized

Interpreter and

Compiler

Optimized

Hardware

Acceleration

20132014

Application Optimization

(Self-Balancing & Intelligent

Load Distribution)

XI50z Blade

Virtual Edition(VMware)

Virtual Edition(PureApplication System)

Virtual Edition(for Developers + XenServer)

Optimized & secure JavaScript

Multi-channel Gateway

Consolidated Gateway Platform

ISAM Proxy Module

Over 14 years of innovation & 2000+ global installations

IBM DataPower

Gateway

© 2015 IBM Corporation50

The adoption of cloud, analytics, mobile, and social computing

is forcing organizations to open IT assets to new business

channels

…and challenging them to rethink the way they have traditionally approached security & control

Between 2005

and 2020, the

amount of data

in the world will

grow 300X, from

130 to 40,000

exabytes.

81% of adults

use personally

owned mobile

devices for

conducting

business

70% of

employees are

engaged in

social

activities both

internally and

externally

73% of

organizations

discovered

cloud usage

outside of IT

or security

policies