IBM SOA Data Power SOA Appliances Simplify Help
IBM SOA Data. Power SOA Appliances Simplify, Help Secure & Accelerate SOA Raleigh Chilton Data. Power Account Manager © 2006 IBM Corporation
IBM SOA Agenda § § § Context: IBM’s Business Centric SOA Web. Sphere Data. Power SOA Appliance Overview SOA Appliance Deployment Summary Why an Appliance for SOA IBM Web. Sphere Data. Power SOA Appliance Portfolio - XML Accelerator XA 35 - XML Security Gateway XS 40 - Integration Appliance XI 50 § § § 2 Easy Configuration SOA Appliance Operations Summary
IBM SOA Business Centric SOA Starts with Your Most Critical Business Pain and Enables You to Build for Flexibility § Enable human and process interaction with consistent levels of service § Deliver trusted information in business context to enable innovation § Achieve greater efficiency and effectiveness with business model innovation 3
IBM SOA And SOA Lifecycle Is The Key to Successful Projects § Discover § Construct & Test § Compose § Gather requirements § Model & Simulate § Design § Sharing and reuse of services § Establish decision rights § Policies, measurement and control for SOA oversight 4 § Integrate people § Integrate processes § Integrate information § Manage IT resources § Manage services § Monitor business metrics
IBM SOA Entry Points Help Customers Get Started Both Business Centric and IT Focused 1 2 3 4 5 5
IBM SOA IBM’s acquisition of Data. Power Software An SOA Appliance… Creating customer value through extreme SOA performance and security Skills & Support § Simplifies SOA with specialized devices § Accelerates SOA with faster XML throughput § Helps secure SOA XML implementations Web. Sphere Data. Power SOA Appliances redefine the boundaries of middleware extending the SOA Foundation with specialized, consumable, dedicated SOA appliances that combine superior performance and hardened security for SOA implementations. 6
IBM SOA Data. Power Pre-IBM Overview § Extensive Experience in XML Processing Optimization § Seven Years in a Six Year Old Field § Advantages: First to Market, Great Team, Deep Standards Involvement, Invented and Owns Core XML Technology, Comprehensive product portfolio DGXT XG 3 XS 40 Optimal Software Interpreter Optimized Hardware Acceleration First Wirespeed XML Security Gateway XI 50 Integration Appliance Unprecedented Growth XG 4 New Available IBM Hardware Vertical Solutions 1999 2000 2001 2002 2003 2004 2005 2006 FEB APR JUN AUG OCT DEC XSLJIT Optimized Software Compiler XA 35 XG 4 World’s First XML Accelerator Gigabit/Sec OEM HW Solution Acquired by IBM 3. 5. 1 Global Expansion IT CAM for SOA 3. 6 3 rd Party JMS WSDL Compiler, NFS Post-Acquisition Innovation Continues § § 7 150% Staff increase / Core Data. Power Leadership team Intact / Global reach and expansion New improved hardware platform –IBM hardware combined with Data. Power technology innovations New capabilities – WS-*, 3 rd party JMS, NFS, XG 4, WSDL compiler, XACML, more… Continued IBM Technology Integration – ITCAM for SOA, Web. Sphere JMS, Web. Sphere XD, etc
IBM SOA Appliance Deployment Summary Web Tier XML HTML WML XSL XA 35 Application Server Web Server Internet Client or Server Security Tivoli Access Manager ------Federated Identity Manager XS 40 Internet IP Firewall Application Server R EP LY Q Integration & Management Tiers LEGACY REQ LEGACY RESP HTTP XML REQ XI 50 HTTP XML RESPONSE ITCAM for SOA 8 Web Services Client
IBM SOA Deployment Scenarios Internet XS 40 SOAP enabled enterprise application Internet user Packet Filter SOA platform Packet Filter XI 50 5. Legacy transformation Demilitarized Zone Internet XS 40 3. Internal security XS 40 1. Helps protect against incoming attacks; Incoming access control 2. Outgoing access control, SAML injection, role mappings 9 internal user Packet Filter Demilitarized Zone legacy enterprise application intranet Packet Filter federated extranet XI 50 4. Web services management
IBM SOA Why an Appliance for SOA § Hardened, specialized hardware for helping to integrate, secure & accelerate SOA § Many functions integrated into a single device § Higher levels of security assurance certifications require hardware - Example: government FIPS Level 3 HSM, Common Criteria § Higher performance with hardware acceleration - Impact: ability to perform more security checks without slow downs § Addresses the divergent needs of different groups - Example: enterprise architects, network operations, security operations, identity management, web services developers § Simplified deployment and ongoing management - Impact: Reduces need for in-house SOA skills & accelerates time to SOA benefits 10
IBM SOA Appliances Centralize and Simplify Key Functions § § § Route, transform, and help secure multiple applications without code changes Lower cost and complexity Enable new business with unmatched performance Before SOA Appliances After SOA Appliances Security Processing Routing Transformation New XML standard Access control update Change purchase order schema Update application servers individually Secure, route, transform all applications instantly No changes to applications 11
IBM SOA Appliance Product Line XML Accelerator XA 35 § § Offload XML processing No more hand-optimizing XML Security Gateway XS 40 § Enhanced Security Capabilities § Agility – helps future-proof § Easy Deployment 12 Integration Appliance XI 50 § “Any-to-Any” Conversion at Wirespeed § Groundbreaking DOP architecture § Integrated message-level security
IBM SOA XML Accelerator XA 35 Centralized XSLT Management Offload XML Processing § Wirespeed XML/XSLT/XPath processing – Accelerates XML processing, increasing throughput and decreasing latency for XML-based applications by offloading transformation and other resource-intensive functions § Schema Validation - § XML Compression, XML Caching – Reduces impact of increased XML traffic § Innovative XML Processing Capabilities -- XML Pipeline processing, deployable in Performs XML Schema validation to ensure incoming/outgoing XML documents are legitimate and properly structured Proxy or co-processor mode, dynamic content generation, data and forms processing, support for popular XSLT extensions § SSL Termination/Acceleration – Accelerates SSL with industry-leading hardware further lessening server workload § 13 Easy Configuration & Administration - Support CLI and Web. GUI as well as fully integrated with industry standard IDEs such as Altova XML Spy and Eclipse allowing developers to design, debug and deploy against one single XML and XSLT processor, saving valuable cycles in the progression from pilot to production
IBM SOA XML Security Gateway XS 40 Easy to Use Appliance Purpose-Built for SOA Security § § § XML/SOAP Firewall - Filter on any content, metadata or network variables Data Validation - Approve incoming/outgoing XML and SOAP at wirespeed Field Level Security- WS-Security, encrypt & sign individual fields, non-repudiation XML Web Services Access Control/AAA - SAML, LDAP, RADIUS, etc. Multi. Step - Sophisticated multi-stage pipeline Web Services Management - Service Level Management, Service Virtualization, Policy Management § § Transport Layer Flexibility - HTTP, HTTPS, SSL Easy Configuration & Management - Web. GUI, CLI, IDE and Eclipse Configuration to address broad organizational needs (Architects, Developers, Network Operations, Security) 14
IBM SOA XML Integration Appliance XI 50 Middleware Appliance Purpose-Built for Application Integration § § Data. Glue “Any-to-Any” Transformation Engine Content-based Message Routing § § Message Enrichment Protocol Bridging (HTTP, MQ, JMS, FTP, etc) § Request-response and sync-async matching § § § XML/SOAP Firewall - Filter on any content, metadata or network variables Data Validation - Approve incoming/outgoing XML and SOAP at wirespeed Field Level Security- WS-Security, encrypt & sign individual fields, non-repudiation XML Web Services Access Control/AAA - SAML, LDAP, RADIUS, etc. Multi. Step - Sophisticated multi-stage pipeline Web Services Management – Centralized Service Level Management, Service Virtualization, Policy Management § 15 Easy Configuration & Management - Web. GUI, CLI, IDE and Eclipse Configuration to address broad organizational needs (Architects, Developers, Network Operations, Security)
IBM SOA Content-based Routing Features Load balancing Route based on - IP information SSL parameters HTTP headers XPath against any data content e. g. , XML/SOAP envelope - Round-robin Least requests SLA/Traffic shaping - Throttle requests Routing Policy IBM SOA Appliance Unclassified Requests 16 Service Providers
IBM SOA AAA Framework Diagram Authenticate, Authorize, Audit Enforcement 17
IBM SOA Web Services Management: Service Level Management § § § 18 Configure and install in minutes Hierarchical Service Level at WSDL, service, port, operation level Flexible actions when reaching a threshold: notify/alert, shape, throttle Threshold for both overall requests and failures Graphical display
IBM SOA Award-Winning Web. GUI: Ease of Use § § WSDL-based policy creation Hierarchical policies applied at WSDL, service, port, operation level Drag & drop policy creation screen allows flexible chaining of operations Configure and install in minutes Ease of Use Example – Graphical User Interface providing drag and drop services, in order desired, for XML filtering, signing, verification, schema validation, encryption, decryption, transformation, routing, access control, service level monitoring, and advanced operations 19
IBM SOA Simple Appliance Configuration for Complex Functionality Fits into your existing environment § Address broad organizational needs (Architects, Developers, Network Operations, Security) 20 § Complete Configuration from GUI or CLI interface § IT CAM SE – Multi-box management § IDE integration/Eclipse plug-in § XPath / XML config files § SNMP § SOAP management interface
IBM SOA Appliances Operations 21 § Logging § Role-based Management § Managing configs & policy – § Separate, locked audit log § Troubleshooting aids § Security – Device security, Key and Deploying, backing up, Diff/Undo, App domains: many virtual devices Certificate management, HSM option, Security Audit, Single Image Firmware Upgrade
IBM SOA Integration Across IBM § § § XI 50 Ships with Web. Sphere MQ Support Auto-configure XML firewall by importing Web. Sphere service descriptors Tivoli Ready - § IBM Autonomic integration - Certified § WSAD/Eclipse integration - § Rich console allows creation and monitoring of policies from within IDE Futures - 22 Fine-grained access control with Tivoli Access Manager (TAM) - Certified Tivoli Federated Identity Manager (FIM) Certified (SAML, WS-Trust) - Certified Monitoring of XML traffic flows with Net. View End-to-end SOA Management with IT CAM for SOA Integrated SOA tooling across the portfolio Continued investment in 3 rd party (competitive middleware) integration & interop
IBM SOA Summary – IBM SOA Appliances § § § Hardened, specialized product for helping integrate, secure & accelerate SOA Many functions integrated into a single device Broad integration with both non-IBM and IBM software Higher levels of security assurance certifications require hardware Higher performance with hardware acceleration Simplified deployment and ongoing management http: //www. ibm. com/software/integration/datapower/ SOA Appliances: Creating customer value through extreme SOA performance and security § Simplifies SOA with specialized devices § Accelerates SOA with faster XML throughput § Helps secure SOA XML implementations 23
IBM SOA Thank You 24
- Slides: 24