Professional Documents
Culture Documents
IBM Corporation
An SOA Appliance
WebSphere DataPower SOA Appliances redefine the boundaries of middleware extending the SOA Foundation with specialized, consumable, dedicated SOA appliances that combine superior performance and hardened security for SOA implementations.
Accelerates XML processing and transformation Increases throughput and reduces latency Lowers development costs
Help secure SOA with XML threat protection and access control Combines Web services security, routing and management functions Drop-in, centralized policy enforcement Easily integrates with exiting infrastructure and processes Transforms messages (Binary to XML, Binary to Binary, XML to Binary) Bridges multiple protocols (e.g. MQ, HTTP, JMS) Routes messages based on content and policy Integrates message-level security and policy functions
XML XSL
Client or Server
Security
`
Internet IP Firewall
LEGACY REQ
LEGACY RESP
DataPower 3.6.1 Feature Summary Multistep v3 processing features Configurable QoS SOAP 1.2 enhancements
Development Services Business Services Management Services Interaction Services Process Services Information Services
Reliable Messaging WS-Policy WS-I Profile enhancements DB2 v9 and IMS Connect Many more
MultiStep v3
New Processing Flow Features: Conditional action execution if then else If XPath = true then execute named Processing Action For-Each Loop: For each node in nodeset execute named Processing Action For each increment of counter execute named Processing Action
Parallel Processing Features: Mark any Processing Action Asynchronous Synchronize parallel asynchronous action execution to rule processing Target multiple Results destinations in parallel
MultiStep v3
Asynchronous Action Causes action to execute async to the rest of MultiStep. MultStep moves immediately to the next action in the rule without waiting for an async action to complete. Particularly good for fire/forget. Can reduce network I/O latency by executing multiple Actions in parallel. Must use Event-sink action to resync to rule. Beware the race condition!
MultiStep v3
Event-sink Action Causes MultiStep to wait for designated async actions to complete. Output contexts of included async actions become reliably available to other MultiStep actions. Limit wait time with Timeout value.
MultiStep v3
MultiWay Results New properties added to Results action allows for parallel execution of Results action with multiple destinations. User can control multiple destination behavior with Multi-Way Results input. May use Multiple Outputs feature to capture response from each destination in separate Output context. Creates contexts Outputname1,Outputname2, Outputname3, etc. Can mark entire action Asynchronous.
Quality of Service
Service Priority Control the service scheduling priority. When system resources are in high demand, "high" priority services will be favored over lower priority services.
Use the Priority twizzle on a Web Service Proxy Policy page to set this.
SOAP 1.2
Support includes, but is not limited to: Importing WSDLs with SOAP 1.2 bindings SOAP 1.2 envelope validation SOAP 1.2 message validation Co-existence of SOAP 1.1/1.2 service definitions Ability to convert between SOAP 1.1 and 1.2 requests
Configure WS-Proxy from WSDL with SOAP 1.2 (both document and rpc) Must support: SOAP Request-Response Message Exchange Pattern SOAP Response Message Exchange Pattern (support for HTTP GET binding) SOAP Web Method Feature SOAP Action Feature Configure a WS-Proxy from a WSDL with both SOAP 1.1 and 1.2 bindings SOAP 1.1 messages would be routed to the 1.1 endpoint and SOAP 1.2 messages to the 1.2 endpoint
SOAP 1.2
Mediation between SOAP 1.1 and 1.2 requests/responses (WS-Proxy) Scenario: Expose a SOAP 1.1 or 1.2 service and allow both SOAP 1.1 and 1.2 clients An "Additional bindings" GUI option will the administrator to direct the WS-Proxy to allow additional bindings, beyond what is specified in the WSDL. The option is additive, and specifying a binding already in the WSDL is harmless. Incoming requests will be processed using any of the allowed bindings, converted as necessary to what the WSDL specifies the server uses, and outgoing responses are similarly "back-converted" as necessary.
Reliable Messaging
WS-ReliableMessaging specification describes a protocol that allows messages to be transferred reliably between nodes implementing this protocol in the presence of software component, system, or network failures. The protocol is described in a transport-independent manner allowing it to be implemented using different network technologies. To support interoperable Web services, a SOAP binding is defined within its specification. The protocol depends upon other Web services specifications for the identification of service endpoint addresses and policies (notably WSAddressing).
Reliable Messaging
Supported Requirements RM Destination (MPGW front side): message acknowledgement, duplicate and "out-of-sequence" message detection. It also should be able to act as RM Source to deliver response messages as WS-RM Sequence RM Source (MPGW backend, "Results" action, "dp:soap-call" extension function): Sequence management (create, close, terminate), injecting RM headers in the outcoming SOAP message, ability to retransmit lost messages, Endpoint to receive Acknowledgement messages.
Reliable Messaging
Users can enable Reliable Messaging through: WS-RM Policy Assertion embedded in the WSDL underlying a WS-Proxy. Enabling WS-RM through the GUI (shown at right). Options on ReliableMessaging tab control Global, Destination and Source behaviors. Reliable Messaging dependent on WS-Addressing mode for some configurations and for interoperability with some implementations (notably WebSphere).
WS-Policy/WS-Security Policy
WS-Policy is a specification that defines metadata to enable interoperability between web service consumers and web service providers. The WS-Policy specifications enable organizations to automate their service governance models creating a concrete instance of web service governance. New Features: Parse WSDL with policy elements already included in the WSDL and recognize standardized policy domains [i.e. WS-SecurityPolicy, WSReliableMessaging Policy] Retrieve WSDLs from registries: WSRR or UDDI Includes customizable policy templates (e.g. UsernameSignEncrypt) Ability to attach policies to subjects not embedded in the WSDL
WS-Policy/WS-Security Policy
Configuration of WS-Policy begins with the WSDL. Once loaded into a Web Service Proxy, additional configuration actions become available through the Policy tab (shown below).
WS-Policy/WS-Security Policy
The interface affords the user methods for creating policy attachments, as well as enabling Policy Subjects.
SOAP with Attachments Profile 1.0/1.1 WS-I Attachments Profile 1.0 WS-I Basic Profile 1.1 WS-I Basic Security Profile 1.0
VLAN
The DataPower device can participate in a virtual LAN using the VLAN Sub-Interface. Note that implementing a VLAN on a physical Ethernet interface enables that interface, even if no real IP address has been assigned to it. VLAN can be configured in the default domain only.
PKIX Enhancements
Full PKIX certificate chain checking now applies to all uses of a validation credential, not just in SSL. Note that this will not apply to messages with multiple signature certificates.
DB2 v9 support
The device can now connect natively to a DB2 v9 database, running a range of platforms including z/OS. The DataPower device can use the XML capabilities built into v9 to: Insert XML directly into the DB Modify XML stored in the DB Query XML using XQuery & SQL Retrieve XML
NFS v4
Authentication protocol to use for this NFS mount. AUTH_SYS : Use the original system level authentication, based solely on IP address and host name. krb5 : Use Kerberos Version 5 for authentication of mounts, with no protection of the integrity or confidentiality of NFS data. krb5i : Use Kerberos Version 5 for authentication of mounts, with a secure hash to provide data integrity protection. krb5p : Use Kerberos Version 5 for authentication of mounts, with date confidentiality protection. Uses encryption to protect the data from being read by the network, in addition to using a secure hash to protect against undetected corruption by the network.
ICAP Enhancements
New Anti-Virus Processing Action eases configuration and use of this capability. Additional Host Types added. Policy can be set directly on the Action configuration page.
WSDM II
Enhanced query and status support through WSDM interface. Request Response
<s12:Header> <wsa:Action> http://docs.oasis-open.org/wsrf/2004/06/WSResourceProperties/GetResourceProperty </wsa:Action> <wsa:To s12:mustUnderstand="1"> https://127.0.0.1:5550/service/wsdm10 </wsa:To> <dpt:DomainDisambiguator>default</dpt:DomainDisambiguator> </s12:Header> <s12:Body> <wsrp:GetResourceProperty> dpm:status.system </wsrp:GetResourceProperty> </s12:Body> </s12:Envelope>
<s12:Body> <wsrp:GetResourcePropertyResponse xmlns:mows1-1="http://docs.oasis-open.org/wsdm/mows-2.xsd"> <status.system xmlns="http://www.datapower.com/schemas/manage ment"> <SystemUsage> <Interval>1000</Interval> <Load>37</Load> <WorkList>0</WorkList> </SystemUsage> </status.system> </wsrp:GetResourcePropertyResponse> </s12:Body>
WebSphere MQ Enhancements
Ability to use either SSL Proxy Profile or backward-compatible SSL Key/Cipher config Channel Heartbeat added Under-the-covers code refresh with full backward compatibility
RBM can now apply to CLI access. Note: Turning ON RBM for CLI and then clicking Apply causes RBM to extend to the CLI immediately. When RBM uses any Auth Method other that Local Usergroup, it is possible to configure Fallback Users to ensure ongoing access in the event of Auth Method failure. Admin user can be restricted to the Serial Port only for added security.
Configuration Comparison II
Enhanced Configuration Comparison includes ability to do the following: Determine Checkpoint Limit
Set Checkpoints per Application Domain Roll Back Application Domain to Checkpoint
IMS
IMS
IMS
IMS Connect Front Side Protocol Handler for accepting IMS-based client requests passing through a MultiProtocol Gateway
IMS Connect object for basic connection configuration values. Note Default Header tab for critical connection values.
MPGW IMS Destination URL with URL Builder help. Uses IMS Connect object.
Questions