Intro to Datapower at #IBM #ICTY

Datapower is the IBM Websphere Connectivity and Integration Appliance. Basically, this is full of custom ASICs and stuff and is fast, easy to configure and not prone to all crap that happens to standard boxes. Datapower was a company in its own right and was acquired by IBM.

How special is Datapower On the feature set, it is special:

  • Simple architecture: firmware and purpose built hardware. (firmware is often updated to keep up with novelties)
  • Delivered from the factory with everything you ned to connect to the network and start working
  • All computationally-significant components are sealed with temper proof casing (chips, memory, board and card, signed flash file system). Superfast parsing and crypto engines. Truly in a league of its own. Does TripleDES, AES, RSA1.5 etc.

How does Datapower fares on the market? Pretty well actually. "...one of the best selling Websphere products since the acquisition of Datapower inc in 2005."

Well, what's in a name? From 2002 to 2012.

XA35-XS50-Xi50-WTX-XB60-Blade-XI52/XB62/XE82-XG45 The firmware is developer since 10 years already. Hopefully, this is now pretty good. JSON is in there now. Phew, enough of XML 🙂

Usage areas and users Various patterns of usage where

sensitive information is transported over the internet. * Government (Defense, Agencies and ministries) * Banking (Encrypting card numbers) * Insurance * Retail, Utilities, Power, Oil and Gas Close to 1000 worldwide installations and growing.

What were the classical business cases? Classic SOA business case, with complex SOAP structures. And this means a huge computing effort... crypto, signing, auth, filtering, SLA checking, alerts... All in a single box. How sweet. So, it saves money and headaches. But messenging has evolved a lot (with mobile coming on the scene).

New use cases

  • Provide secure data communication across channels and protect them (who uses our services, to what extent, limit this leeches, limit traffic to guarantee QoS)
  • Protection from SQL injection (don't be sub-optimal in its performance), XSS
  • Consolidate (Transformation, Protocol mediation, Routing, Caching)
  • Manage (simple configuration, policy driven setup, centralized governance with WSRR links) It also is very suited to the Internet of Things era. It can swallow the storm. Without blinking an eye. Well, a led or two... Support for mobile devices call for special care on security. Datapower to the rescue here. The Datapower is then living in the DMZ. In the DMZ here are the rolls to take:
  1. Secure gateway (web services, web apps)
  2. B2B gateway (EDI aware)
  3. Edge optimization
  4. Side cache In the trusted domain, here are some more:

  5. Internal security point

  6. Enterprise Service Bus
  7. Runtime SOA governance
  8. Web Service Management
  9. Legacy integration Each of these roles are best served with a special flavor of the Datapower brand. Let's say that the next feature will be to brew coffee and sing God Save the Queen. Quite a few things in there indeed.

And ideal beast for deployment into less than fully trusted network (savage gardens, I'd say) Useful due to:

  1. Common criteria compliance to EAL4 and FIPS 140-2 Level 3
  2. Tamper proof box
  3. Signed and encrypted file system

As a secure gateway

Some physical characteristics 1 U form factor, 4x1Gbps Ethernet port, 2x10Gbps ports.

Feature set focus Proxying and enforcement Protocol support: HTTP(S), WMQ, Websphere JMS, FTP(S) Format support: XML, SOAP, JSON, PKCS7 (option) Transformation engines: XSLT, DataGlue - WTX/FFD (option) (use Validation maps and Transformation maps) Using WTX Design Studio (Eclipse based) Does things like:

  • JSON outside, SOAP inside.
  • Disallow some countries to see some content before they are allowed to

As a B2B gateway

Some physical characteristics 2U form factor 8x1Gbps 2x10Gbps More memory, more storage

Feature set focus

  • Partner management functions
  • Enhanced QoS
  • Additonal protocols
  • Addition formats
  • Additional transformation engines
  • And including all of the Security Gateway base

Popular uses in the internal side of business as well... Simplified lower-touch maintenance (1-2 upgrades of firmware per year) Fast, less expensive deployment (config only, delivery to production in less than a month)

As an ESB and Legacy enablement point

  • A drop-in ESB. Less headaches!
  • Easily service-enable legacy apps
  • ...

As an elastic caching within infrastructure Meaning? Meaning it offloads processing from the backend side.

How to do this?

  • Optimize response time (cache response data)
  • Reduce server load (cache response data)

There are other form factors as well In the blade form, in need of fitting that in chassis (XI50b "blade") And for Systemz. XI50z

What's new in 2012? Datapower Firmware V5.0 highlights:

  • OAuth support
  • OAuth scenarios (3-legged, 2-legged)
  • SLA Enforcement and SLDs (Service Level Defintions, synchronized with WSRR) New WS-Proxy feature with WS-Mediation Policy. Configuration only. Great! Works! (We have integrated this, with V5 and WSRR 8, alerts also go to ITCAM for SOA in Tivoli with the Datapower agent).

  • Application optimization options, allowing to self balance across a cluster of appliances.

  • Application aware intelligent load distribution

The Websphere Applicance Management Center (WAMC)

  • multi box management in a single place.

Check the resources

  • (http://www-01.ibm.com/spftwarE/integration/datapower)
  • youtube has some

Redbooks:

  • Appliance architectural paterns
  • The programmatic management interface Good presentation on the features. A bid sad to have had to rush at the end on the new feature set.