accelerate secure and lntegrate with ibm websphere datapower soa appliances - vol 1

901-100-400

.'

'I

-,

')))))

'))'),''

)

:).),)

)))))

,

.))

.)

.),))

!)JJJ.)JJJJJJt)()cooooaO

IBM Training

-

-

---

-- Accelerate, Secure andlntegrate with IBMWebSphere DataPower SOAAppliances

(Course code W8555 i V8555) TOMO I

Student NotebookERC 2.0

g$ffi^ | Training

WebSphere Education

El color azul de la impresin garanliza la autenticidad de este docunrento@ Copyright

Authorized

rung

TrademarksIBM@ is a registered trademark of lnternational Business Machines Corporation.The following are trademarks of lnternational Business Machines Corporation in the UnitedStates, or other countries, or both:

Approach@ DataPower@ DataPower device@DB2@ developerWorks@ Domino@IMSrM Lotus@ MQSeries@Notes@ Rational@ RDNrMTivoli@ WebSphere@ z/OS@zSeries@

VMware@ and the VMware "boxes" logo and design, Virtual SMP and VMotion areregistered trademarks or trademarks (the "Marks") of VMware, lnc. in the United Statesand/or other jurisdictions.Edge of Network@ and ThinkPad@ are trademarks or registered trademarks of Lenovo inthe United States, other countries, or both.Adobe is either a registered trademark or a trademark of Adobe Systems lncorporated inthe United States, and/or other countries.lntel and Pentium are trademarks or registered trademarks of lntel Corporation or itssubsidiaries in the United States and other countries.Java and all Java-based trademarks and logos are trademarks of Sun Microsystems, lnc.in the United States, other countries, or both.Linux@ is a registered trademark of Linus Torvalds in the United States, other countries, orboth.

Microsoft and Windows are trademarks of Microsoft Corporation in the United States, othercountries, or both.UNIX@ is a registered trademark of The Open Group in the United States and othercountries.

Other company, product, or service names may be trademarks or service marks of others.

May 2009 editionThe information contained in this document has not been submitted to any formal IBM test and is distributed on an "as is" basis withoutany warranty ether express or implied. The use of this information or the implementation of any of these techniques is a customerresponsibility and depends on the customer's ability to evaluate and ntegrate them into the customer's operational environment. Whileeach item may have been reviewed by IBM for accuracy in a specific situation, there is no guarantee that the same or similar results willresult elsewhere. Customers attempting to adapt these techniques to their own envronments do so at their own risk.

@ Copyright lnternational Business Machines Corporation 2009. All rights reserved.This document may not be reproduced in whole or in part without the prior written permission of lBM.Note to U.S. Government Users

-

Documentation related to restricted rights -

Use, duplication or disclosure is subject to restrictionsset forth in GSA ADP Schedule Contract with IBM Corp.

I

El color azul de la mpresin gaanliza la autenticidad de este documentoO Copyriqht

IBM Training

ContentsTrademarks xvil

Course description xix

Agenda xxilt

Unit 1. lntroduction to DataPower SOA AppliancesUnit objectives .XMl-aware networking . .Role of XML in SOAUses of XML in SOASome SOA specifications based on XMLDisadvantages and threats with XMLWeb services as a security risk . .Solution: lntegrate an XML-aware network layerSOA appliances in detailDataPower SOA appliances: Built for securityDataPower SOA appliances: Purpose-built solution . .DataPower SOA appliances provide both performance and securityTopic summaryDataPower SOA appliance use casesUse cases for SOA appliances . . .Use case 1: Securing Web servicesLayers of security for XML-based applicationsUse case 2: Legacy integration and hub mediationEnable Web services for legacy applications . . . .Content based routingUse case 3: Web service management . .Enforce service level agreements with DataPower SOA appliancesUse case 4: Accelerate dynamic Web sitesAccelerate dynamic Web sitesTopicsummary :;...lntroduction to DataPower SOA appliancesIBM WebSphere DataPower product line .XML Accelerator XA35 featuresXML Security Gateway XS40 featureslntegration Appliance X150 features .DataPower SOA appliances in the network stackFeatures comparison (1 of 3)Features comparison (2 of 3)Features comparison (3 of 3)Topic summaryCheckpoint . .Unit summary

1-11-21-31-41-51-71-8

)

)

)

)

)

)

))

)))

)

).).").,)JJJJJ(JIaooaG

...1-12

... 1-13

...1-14

... 1-15

... 1-16

1-91-101-1 1

1-17

1-331-341-351-361-371-381-39

.1-181-191-201-211-221-231-241-251-261-271-281-291-301-31

. 1-32

@ Copyright IBM Corp. 2009 Contents iiiCourse materials may not be reproduced in whole or in part

without the prlor wrtten permission of lBM.

El color azul de la impresin garanliza la autentlcidad de este documentoO Copyright

rirgUnit 2. DataPower administration overview

Unit objectivesAdministration through the WebGUlDataPower SOA appliance administrationWebGUl Web administration applicationAdministration using the Web browser . . .Navigation bar categories .System control features (1 of 2)System control features (2 of 2)File managementFile directories for configurationFile directories for security . . .File directories for logging . . . .Administrative access controlCreate an application domainApplication domain

-

Configuration tabConfiguration Checkpoints . . . .View application domain statusCreate a user account and a user groupManage user group detailsManage user account detailsExport the system configuration . .lmport a system configuration . . . .Saving configuration changes . . . .Topic summaryAlternate adm in istrationAdministration by using the command line interfacelnitial CLI login screenQuick initial configuration procedureUser and privileged modesRetrieve system information using the CLIAdministration using Web serviceXML Management: Create a new application domainXML Management: Domain creation responseWSDM interfaceManagement interface summaryTopic summary . .Checkpoint.....Unitsummary...

Unit 3. lntroduction to XSL transformationsUnit objectiveslntroduction to Extensible Stylesheet LanguageThree parts of Extensible Stylesheet Language (XSL)XSL Transformations (XSLT) overviewThe XSLT processWhat is XPath? . ,Example XPath

"rpt.siont

.2-1

.2-3

.2-4

.2-5

.2-6

.2-7

.2-82-102-122-132-142-152-16

.3-1

.3-2

.3-3

.3-4

.3-5

.3-6

.3-7

.3-8

.2-19

.2-20

.2-21

.2-22

.2-23

.2-25

.2-26

.2-27

.2-28

.2-29

.2-30

.2-31

.2-32

.2-33

.2-34

.2-35

.2-36

.2-37

.2-38

.2-39

.2-40

.2-42

.2-43

.2-44

)

')

)

)

)

j

)

)

))

)

))

))

.J)).)J-)JJJJJJJJJIIooooc

lv Accelerate, Secure and Integrate with DataPower @ Copyright IBM Corp. 2009Course materials may not be reproduced in whole or in part

without the prior written permssion of lBM.

El color azul de la impresin garanliza la autenticidad de este documento@ Copyrioht

Stu IBM Trarmngaa

)

l

)

)

)

)\

)))))

.)

.iJ.')J.)JJ\)I()oOOooG

XPath current contextXPath step syntax . . .XPath address notationExample: XPath absolute addressing . . .Example: XPath relative addressing . . . . . .Anatomy of an XSL style sheetThe elementThe elementThe elementXSLT style sheet elements to generate outputXML input as a treeDesired HTML outputXML to HTML (1 of a)XML to HTML Q ot QXML to HTML (3 of 4)XML to HTML (4 of 4)XSL style sheet control elementsThe elementThe element . . .The element (1 of 2)The element Q of 2)Elements to generate output (XML to XML)The elementThe elementTopic summaryCustom style sheet programmingUsing custom style sheets . . . . .How to develop style sheets with DataPower extensionsXSLT variablesDataPower variablesDataPower variable scopesExample

-

DataPower variablesStylesheet using DataPower extension functionsTopic summaryCheckpoint

3-113-123-133-143-153-16

. . .3-17

... 3-18

... 3-19

...3-20

. . .3-213-22

...3-233-24

. . 3-253-263-273-283-293-303-31

. . 3-32

. . 3-333-34

3-373-383-393-413-42

Unit 4. DataPower services overviewUnit objectives .Primary servicesServices available on the DataPower applianceXSL proxy serviceXSL Coprocessor Service . . .XML firewall serviceWeb service proxy serviceMulti-protocol gateway service

Unit summary

Web application firewall serviceDataPower services feature h ierarchy

4-14-24-34-44-54-6

4-10

4-7..4-8..4-9

. . 4-11

@ Copyright IBM Corp. 2009 Contents vCouse materials may not be reproduced n whole or in pan

without the prior written permission of lBM.

El color azul de la impresin garantza la autenticidacl de este documento@ Copyright

rungChoosing the serviceSecondary servicesTopic summaryService configurationObject oriented configurationMessage processing phasesBasic architectural model . .Processing policyProcessing rulesMatch actionProcessing actionsMultistep processing rulesMultistep scope variables . . . .Service typesURL rewritingXML Manager .Default XML Manager configurationXML parser limitsTopic summary .Checkpoint....:.:.Unitsummary......

4-134-144-154-164-174-184-20

4-224-234-244-254-264-274-284-304-314-324-334-344-35

Unit 5. XML firewall service. 5-15-25-35-45-55-6

.

))

I

)

)

)

)))))

.)

.)).),)-)-)J-)JJJJJJJI(aoooo

Unit objectivesWhat is an XML firewall service? (1 of 2) .What is an XML firewall service? Q of 2)Configuring an XML firewall serviceXML firewall service

-

Object model . . . .Step 1: Create an XML firewallStep 2: XML firewall configuration (1 of 2)Step 2: XML firewall configuration (2 of IPlanning for configuration migrationRequesVresponse message processing . . . .Request/response attachment processing . .Advanced XML firewall configurationHeader injection and suppression parametersAssociate monitors to XML firewallXML threat protectionStep 3: lmplement a seruice policy .CreateaMatchaction .. . .. .Processing actionsMore processing actions . . . .Validate actionTransform acton .Filter actionFilter action

-

Replay attackContent based routingRoute action configuration

. .5-7.5-8.5-9

5-105-115-125-135-155-165-175-185-19.5-20.5-22.5-23.5-24.5-25.5-26.5-27.5-28

vl Accelerate, Secure and Integrate with DataPower @ Copyright IBM Corp. 2009Course materials may not be reproduced in whole or n part

without the prior written permisson of lBM.

EI color azul de ia impresin garanliza la autentcidad de esie documentoO Copyright

IBM TrainirgStudent Notebook

Style sheet programming with dynamic routing . . .Results actionResults asynchronous and multi-way results modeExporting XML firewall configurationCloning an XMLfirewall configuration . . . . . .Troubleshooting an XML firewall configurationCheckpointUnit summary

Unit 6. Problem determination toolsUnit objectivesProblem determination toolsCommon problem determination toolsAppliance status information . . . . . . .Troubleshooting panelTroubleshooti ng: Network connectivityTroubleshooting : Packet captu reTroubleshooting: Generate error report . . . . . .Troubleshooting: Send a test message . .Troubleshooting: System log . .Filtering system log . .Troubleshooting: Generate Log EventTroubleshooting: XML File Capture . . .Troubleshooting: Multistep probeTroubleshooting: Enabling the multistep probeMultistep probe windowMultistep probe contentProblem determination with cURLCommunicating with DataPower supportTopic summaryLog targetsLogging basicsAvailable log levelsLogtargets ...Log target configuration ...Nine log target types .,. :',Event filtersObject filtersEvent subscriptionsLog actionTopic summaryCheckpoint . .Unit summary

Unit 7. Handling errors in a service policy.Unit objectivesError handling constructsConfigure an On Error action

5-295-315-325-335-345-355-365-37

)

)

)

)

)

'

i)

l

)

)

)

)

)))))))))

.)

.)"_).,}

6-16-26-36-46-56-6

7-1

6-226-236-246-256-266-276-286-296-306-316-326-336-34

6-7.....6-8.....6-9.... 6-10.... 6-11. . . .6-12.... 6-13....6-14... 6-15... 6-16. . .6-17...6-18... 6-19...6-20

JJ.)JJJ()caooo3

@ Copyright IBM Corp. 2009 Contents viiCourse materials may not be reproduced in whole or in part


El color azul de la impresin garanliza la autenticidad de este docurento@ Copyright

iningCreating an error rule .Configure Transform action in error rule . . . . .Style sheet programming using error variablesExample custom error style sheetError rule versus On Error actionCheckpointUnit summary

Unit 8. DataPower cryptographic toolsUnit objectivesSecurity problemsSecurity problem 1

-

Message confidentialitySymmetric key encryption . .Asymmetric key encryptionSecurity problem 2

-

Message integritySecurity problem 3

-

NonrepudiationDigital signatureSecurity problems I soluoDigital certificates . . .Distribution problemDataPower crypto tools .Generating crypto (asymmetric) keys on board ( of 2)Generating crypto (asymmetric) keys on board (2 of 2)Download keys from temporary storageKeys and ceftificates are objectsCrypto shared secret (symmetric) keyCrypto certificateCertificates exist in a trust chainCrypto identification credentialCrypto validation credentialCrypto profilelmport and export crypto objectsUploading keys .Java keytool commandCertificates can expire or get revokedCertificate revocation list (CRL) retrievalCrypto certification monitorHardware security module (HSM)Checkpoint .Unit summary

Unit 9. Securing connections using SSL.Unit objectivesSolving security problemsSSL featuresSSL terminology .SSL handshakeSSL handshake: client hello

.7-5

.7-6

.7-7

.7-8

.7-97-107-11

8-18-2

. . .8-3

. . .8-4

. . .8-5

. . .8-6

. . .8-7

. . .8-8

. . .8-9

. .8-10

.8-13

.8-14

.8-15

.8-16. .8-17. .8-18. .8-19. .8-20. .8-21. .8-22. .8-24.8-25.8-26.8-27.8-28.8-29.8-30.8-31.8-32.8-33

)

))

')))

)

)

)))

))))

.)_)

.,)

.)

.)J,).)")JJJJJJJ\)(,1

.9-1

.9-2

.9-3

.9-4

.9-5

.9-6

.9-7

viii Accelerate, Secure and lntegrate with DataPower @ Copyright IBM Corp. 2009Course materials may not be reproduced in whole or in part

without the prior wrtten permission of lBM.

El color azul cle la impresin garanltza la aulenlicidad de este documento@ Copyright

IBM TrainingStudent Notebook

SSL handshake: server helloSSL handshake: verify seruer certificate .SSL handshake: client key exchange . . .SSL handshake: reply with secret keySSL handshake secured . .DataPower support for SSLSSL Proxy profile: crypto objects relationshipSecuring connections from client to applianceStep 1: Appliance supplies cryptographic certificateStep 2: Configuring SSL server crypto profilelf you do not have an SSL server crypto profileStep 3: Verify SSL server proxy profile settingsSecuring the connection from appliance to external application serverStep 1: Appliance validates presented certificateStep 2: Configuring an SSL client crypto profileStep 3: Verify SSL client proxy profile settingsSSL Proxy Profile list . .Useragent....Configuring a user agentCreate a user agent configuration . .Checkpoint ....Unit summary

Unit 10. XML threat protectionUnit objectives .What are the security concerns?Traditional systems and exposure . .Addressing the security concerns . .Three high-level deployment patternsFour types of XML attacksXML denial of service (XDoS): Single-message attacksXML denial of service (XDoS): Multiple-message attacks .Unauthorized access attacksData integrity and confidentiality attacksSystem compromise attacksXML parser limitsXML threat protection . . .XML threat protection: Single message XDoSXML threat protection: Multiple message XDoSXML threat protection: Protocol threatsXML threat protection: XML virusXML threat protection: Dictionary attackMessage tamperingSQL injection attackSQL injection attack protectionCheckpointUnit summary

..9-8

..9-9

. 9-10

. 9-119-129-139-149-159-16

.9-179-189-199-209-219-22

. . 9-23

. .9-24

. . 9-25

. . 9-269-279-289-29

l

)

I

)

))

\

J

)

))

,)

)

))

).).J.-).)J._)

JJJ-)(^)IoaooG

10-110-210-310-410-5

. . 10-6

. . 10-7

. . 10-810-9

10-1010-11

. . . 10-1210-1310-1410-1510-17

. . . 10-19

. . . 10-20

. . . 10-21

. . . 10-22

. . . 10-23

. . . 10-25

. . . 10-26

. . . 10-27

@ Copyright IBM Corp. 2009 Contents txCourse materials may not be reproduced n whole or n part


El color azul de la impresin garanliza la autentlcidad de este docurento@ Copyrighl

ningUnit 11. Web service proxy service

Unit objectivesWeb service proxy overviewWeb service proxy architectureWeb service proxy benefitsWeb service proxy featuresWeb service proxy basic configuration steps . .Step 1: Obtain WSDL documentWSDL structureStep 2: Creating a Web service proxyWeb service proxy object editor . .Web service proxy GUI .Step 3: Add WSDL document to Web service proxyStep 4: Configure WSDL endpointConfigure local endpoint handlerView WSDL servicesRetrieve the "client'WSDL from the serviceModifying the location in the "client" WSDLStep 5: Configuring Web seruice proxy policy (optional)Configure Web service proxy policy ruleDefault validation (user policies)Create reusable ruleAdvanced Web service proxy configurationWS-PolicyConformance policyConformance policy objectService priorityProxy settings (1 of 4) . .Proxy settings (2 of \ . .Proxy settings (3 of 4)

Encrypt actionDecrypt action

1 1-111-21 1-311-41 1-51 1-611-71 1-81 1-9

.11-10

.1 1-11

.11-12

.11-13

.11-14

.11-15

.11-16

.11-17

.11-18

.11-19

.11-20

.11-21

.11-22

.11-23

.11-24

.11-25

.11-26

.11-27

.11-28

.11-29

.11-31. .11-32. .11-33. .11-34. .1 1-35. .11-36. .11-37

12-112-212-3

. .12-5

..12-6

. .12-7

. .12-8

. .12-9

.12-10

.12-12

.12-13

Proxy settings $ of $ .Web service proxy SLMWSDL cache policyTroubleshooting Web service proxyCheckpointUnit summary

Unit 12. XML and Web services security overviewUnit objectivesReview of basic security terminology . . .Web services security . . .Components of WS-SecuritySpecifying security in SOAP messagesScenario 1: Ensure confidentiality with XML encryptionDataPower support for XML encryption

))

))))

.)))))_)-)JJJJJJJJJJ\I

Field-level encryption and decryption

x Accelerate, Secure and Integrate with DataPower @ Copyright IBM Corp. 2009Course materials may not be reproduced in whole or in part

without the pror wrtten permission of lBM.

El color azul de la impresin garanltza a autenticidad de este documenlo@ Copyright


XPath toolSample encrypted SOAP messageScenario 2: Ensure integrity with XML signaturesDataPower support for XML signatureSign actionVerify actionVerify action

-

Advanced tabField-level message signature and verificationSample signed SOAP messageCheckpoint . . .Unit summary

Unit 13. Authentication, authorization, and auditing (AAA)Unit objectivesAuthentication, authorizalion, and auditing .Authentication and authorization frameworkAAA action and access control policyHow to define an access control policy (1 of 2)How to define an access control policy (2 of 2)Access control policy processingScenario 1: Authorize authenticated clientsScenario 1: Sample SOAP request messageScenario 1: ldentify the clientScenario 1: Authorize access to resourcesScenario 2: Securitytoken conversion . . . . . .Scenario 2: Sample HTTP request messageScenario 2: ldentify the clientScenario 2: Authorize access to resources . . . ,Scenario 3: Multiple identity extraction methodsScenario 3: ldentify the clientScenario 3: Authorize access to resources . .lnternal access control resourcesAAA XML fileExample AAA XML fileLightweight Third Party AuthenticationExternal access control resourceLightweight Directory Access ProtocolSecurity Assertion Markup LanguageTypes of SAML assertionsScenario 4: Authorize valid SAML assertions . . . .Scenario 4: SAML authentication statement . . . . .Scenario 4: SAML attribute statementScenario 4: ldentify the clientScenario 4: Authorize access to resources . . . . . .Scenario 4: Match SAML attributesAccess control policy using SAML information . . .Checkpoint....Unitsmmary ..:

12-1412-1512-1612-1812-1912-2012-2112-2212-2312-2412-25

13-113-2

)

)

)

))

)

)

)

))))))))))

.).-).)J.J.JJJJ.J{)OaooaG

13-413-613-713-813-9

. 13-10

. 13-1 1

. 13-121 3-1313-1413-1513-1613-171 3-181 3-1913-2013-21

..13-22

..13-23

. . 13-2413-2513-2613-2713-28

. . 13-29

. . 13-30

. . 13-31

. . 13-32

. . 13-33

. . 13-34

. . 13-35

. . 13-36

. . 13-37

@ Copyright IBM Corp. 2009 Contents xiCourse materials may not be reproduced in whole or n part

without the pror written permission of lBM.

El color azul de la impresn gaanliza la autenticidad de este documento@ Copyright

ningUnit 14. Configuring LDAP using AAA

Unit objectivesExternal access control resource . . .Lightweight Directory Access ProtocolDirectory servicesDirectoriesCommon LDAP attributesDirectory services structureLDAP operationsLDAP Data lnterchange Format (LDIF)LDAP URLDirectory services implementationsExample scenarioAuthenticate the client using LDAPAuthorize the client using LDAPConfigure a load balancer groupConfigure the load balancer group health settingsCheckpoint . . .Unit summary . .

Protocol handlers at a glance (2 o 2)Front-side protocol handlers . . . .Static back-end gatewayDynamic back-end gateway . . . .

Step 1: Configure the back-end transport .Step 2: Create a document processing rule

Scenario 2: Dynamic back-end serviceStep 1: Configure the back-end transport .Sample service targeting style sheet . . . .Scenario 3: Provide WebSphere MQ access . .

- Scenario 4: Provide WebSphere JMS accessScenario 5: Provide IMS Connect accessComparing servicesCheckpoint.....Unitsumm"ty......

Unit 16. Monitoring objectsUnitobjectives ..;..

Unit 15. Multi-protocol gateway service . . . .15-1Unit objectives .15-2

.15-3

.15-4

.15-5

.15-6

.15-7

.15-8

What is a multi-protocol gateway?Protocol handlers at a glance (1 of 2)

Multi-protocol gateway and XML firewall comparedMulti-protocol gateway editor . . . .15-10

. .15-12

. .15-13

. .15-14

. .15-15

. .15-16

. .15-17

. .15-18

. .15-19

. .15-20

. .15-21

. .15-22

. .15-23

. .15-24

Scenario 1: Provide HTTP and HTTPS access

Step 3: Create the front side handlersStep 4: Configure the front side handler .Step 5: Configure the SSL Proxy profile

. . .14-9

. .14-10

. .14-11

. .14-12

. .14-13

. .14-14

. .14-16.14-17.14-18.14-19

. .14-20

.15-25

.15-26

" . .14-3. . .14-4. . .14-5. . .14-6. . .14-7

14-114-2

16-116-2

)

I

I

))))

))

)

)

))).).J).)

.J_)r)JJJJJJJJJilIoooo

xii Accelerate, Secure and Integrate with DataPower @ Copyright IBM Corp. 2009Course materials may not be reproduced in whole or in part


El color azul de la impresin garantiza ia autenticdad de este documento@ Copyright

IBM Training Stu F"Message monitorsMonitor objectsDefining monitor objectsStep 1: Specifying particular traffic to monitorStep 1: Matching on HTTP headersStep 2: Message type configurationStep 3: Message Filter Action configurationStep 4C: Message count monitor configurationStep 4C: Thresholds/Filters for count monitor . . .Step 4D: Message duration monitor configurationStep 4D: The transaction life cycleStep 4D:Thresholds/Filters for duration monitor .Step 5: Service-monitor association example . . .Other types of monitorsWhich monitor types are supported by a service?CheckpointUnit summary

Unit 17. Service level monitoringUnit objectivesWhat is service level monitoring (SLM)?SLM in DataPower

-

Basic principlesTwo ways to configure SLMService level monitor types in the Web service proxy . .Service level monitor

-

GraphsThe WS-Proxy's SLM tabSLM Rule actionSLM action granularity . . .Configuring the SLM policy . . . . . . .Constructing an SLM policy . . . . . . .The SLM credential classThe SLM resource classSLM resource class exampleThe SLM actionThe SLM ScheduleSLM statement (1 of 2)SLM statement (2 of 2)SLMpolicy...Checkpointquestions . . .Unit summary

Unit 18. lntegration with WebSphere MQUnit objectives .WebSphere MQ fundamentalsWebSphere MQ message . . . .TransactionsDataPower support for WebSphere MQ .Provide WebSphere MQ Access

....16-4

.... 16-5

.... 16-6

....16-7

.... 16-8

.... 16-9

. . . 16-10

... 16-11

. . . 16-12

. . . 16-13

. . . 16-1416-1516-1616-1716-18

.... 16-19

. . 17-1117-10

. 17-12

. 17-13

. 17-14

. 17-15

. 17-16

. 17-18

. 17-1917-2017-2117-2217-23

. . 18-1

. . 18-2

. . 18-3

. . 18-4

. . 18-5

16-3

17-117-217-317-417-5

18-7

)

)

))

)

I

)

)

)

)

)

)

))))))))

.,)-).l.J-).)JJJ\){JeaoaoG

. . 18-8

@ Copyright IBM Corp. 2009 Contents xiiiCourse materials may not be reproduced in whole or in part


El color azul de la impresin garanltza la autenticidad de este docunrentoO Copyrght

iningStep 1: Create an MQ queue manager (1 of 2)Step 1 : Create an MQ queue manager (2 o12)Step 1: Use SSL in mutual authentication modeStep 2: Add an MQ front side handlerStep 3: Configure an MQ back-end transport .

"

Ordered processing of MQ messagesControlling backout of MQ messagesDecision tree for the backout settingsMQ Header action in service policyTypical uses of an MQ Header actionTransactions and WebSphere MQMQ front-side transactionsMQ back-side transactionsWebSphere MQ DataPower URLMQ queue manager Group objectCheckpointUnitsummary...

Unit 19. DataPower and Java Message Service (JMS)Unit objectivesMessaging middlewareJava Message Service (JMS)Why use JMS instead of HTTP?JMS modelsWebSphere

-

Service integration bus (SlBus)JMS Queue resources on SlBus . .JMS topic resources on SlBusWebSphere JMS support . . .WebSphere JMS interaction .WebSphere JMS: Main

-

Messaging bus . . .WebSphere JMS: Main

-

Optional settingsWebSphere JMS - WebSphere JMS EndpointCommunicating to WebSphere JMSWebSphere JMS Front Side Handler . .WebSphere JMS Backend URL .TIBCO EMS JMS supportTIBCO EMS interactionTIBCO EMS: Main

-

EMS hostTIBCO EMS: Main

-

Optional settingsTIBCO EMS: Load balancing and fail-over . . .

- Communicating to TIBCO EMSTIBCO EMS Front Side HandlerTIBCO EMS Backend URLOrdered processing of JMS messagesCheckpointUnit summary

.18-918-1018-1 118-1218-1318-1518-1718-1818-1918-2018-2118-2218-2318-2418-2518-2618-27

19-119-219-3

.19-4

.19-5

.19-6

.19-7

.19-8

.19-919-1019-1119-1219-1319-1519-1619-1719-1819-1919-2019-2119-2219-2419-2519-2619-2719-2819-3019-31

xiv Accelerate, Secure and lntegrate with DataPower @ Copyright IBM Corp. 2009Course materials may not be reproduced in whole or in part


El color azul de la impresin garantiza la autenticidad de este docunrento@ Copyright

)))

))

.)

)

))

)

)))

.)))),))

JJJJJJJJJi)IOoooo


Unit 20. DataPower architectural scenariosUnit objectivesAgendaAgendaEnterprise Service Bus (ESB)DataPower Xl50 usage as an Enterprise Service BusExample 1: DataPower Xl50 as an ESB .Example 2: DataPower Xl50 as an ESB gateway . . .DataPower Xl50 functionality within an ESBAgendaDataPower deployment scenarios for securityExample 1: Secure XML Web servicesExample 1: Secure Web services in DV|Z .Example 2: Federated identity within an organization . . . .Example 2: lntranet identity federation diagramExample 3: Federated identity among partnersExample 3: Extranet identity federation deployment diagram . .Example 4: DataPower as a Web application firewallExample 4: DataPower as a Web application firewall diagram .AgendaExample 1: Web service virtualization . .Example 1: Web service virlualization diagram . . .Example 2: Service level monitoringExample 2: Service level monitoring deployment diagramExample 3: SOA governanceExample 3: SOA governance diagramCheckpointUnit summary

Unit 21. Course summary 21-121-2Unit objectives .

Course learning objectivesCourse review (1 of 3)Course review (2 of 3)Course review (3 of 3)DataPower services feature hierarchyClass evaluationLab exercise solutions . . .To learn more on this subjectReferences . . .Unit summaryUnit summary

20-120-220-3

)

)

)

)

)

).J.,)..1

.)JJJUa0aoooG

. 20-4

.20-5

. 20-6

.20-7

. 20-8

. 20-920-1020-1120-1320-1420-1620-1720-1820-1920-2120-2220-2320-2420-2520-2620-2720-2920-3020-3120-32

. . .21-3

. . .21-4

...21-5

. . .21-6

...21-7

...21-8

. . .21-9

. .21-10

Appendix A. Web application firewall service .. . . . A-1AppendixB. Checkpointsolutions ....8-1Glossary of abbreviations and acronyms. . . . X-1@ Copyright IBM Corp. 2009 Contents xv

Course materials may not be reproduced in whole or in partwithout the pror written permlssion of lBM.

El color azul de la impresin garanliza la autenticidad de este documentoO Copyriqht

f"i"g((^,ara)oonftnor)nooooooooooo()o()Oooooo()ooo(,o(og(,()oeecaOoaooO

xvi Accelerate, Secure and lntegrate wth DataPower @ Copyright IBM Gorp. 2009Course materlals may not be reproduced ln whole or n part

wthout the prlor wrltten permlsson of lBM.

El color azul de la impresin garanliza la autenticidad de este documento.@ Copyright

IBM Traini.g rr_flStudent Notebook

TrademarksThe reader should recognize that the following terms, which appear in the content of thistraining document, are official trademarks of IBM or other companies:IBM@ is a registered trademark of lnternational Business Machines Corporation.The following are trademarks of lnternational Business Machines Corporation in the UnitedStates, or other countries, or both:

DataPower@developerWorks@Lotus@Rational@WebSphere@

Approach@D82@IMSTMNotes@Tivoli@zSeries@

DataPower device@Domino@MQSeries@RDNTMz/OS@

)

)

)

.)

)

.)r.)

.i

LJ

.,

r)JJ\)fJIaIooa

VMware@ and the VMware "boxes" logo and design, Virtual SMP and VMotion areregistered trademarks or trademarks (the "Marks") of VMware, lnc. in the United Statesand/or other j urisdictions.Edge of Network@ and ThinkPad@ are trademarks or registered trademarks of Lenovo inthe United States, other countries, or both.Adobe is either a registered trademark or a trademark of Adobe Systems lncorporated inthe United States, and/or other countries.lntel and Pentium are trademarks or registered trademarks of lntel Corporation or itssubsidiaries in the United States and other countries.Java and all Java-based trademarks and logos are trademarks of Sun Microsystems, lnc.in the United States, other countries, or both.Linux@ is a registered trademark of Linus Torvalds in the United States, other countries, orboth.

Microsoft and Windows are trademarks of Microsoft Corporation in the United States, othercountries, or both.UNIX@ is a registered trademark of The Open Group in the United States and othercountries.

Other company, product, or service names may be trademarks or service marks of others.

@ Copyright IBM Corp. 2009 Trademarks xviiCourse materials may not be reproduced in whole or in part


El color azul de la impresin ganIza la autenticidacl de este documento@ Copyright

rung

xvii Accelerate, Secure and Integrate wth DataPower @ Copyright IBM Corp. 2009Course materlals may not be reproduced ln whole or ln part

wlthout the pror wrltten permlsslon of lBM.

El color azul de la impresin garanliza la autenticdad de este documento.@ Copyright


Course descriptionAccelerate, Secure and lntegrate with IBM WebSphere DataPower SOAAppliances

Duration: 5 days

Purposeln this 5-day instructor-led course, students learn the fundamentalskills required to implement IBM WebSphere DataPower SOAAppliances.The IBM WebSphere DataPower SOA Appliances allow an enterpriseto simplify, accelerate, and enhance the security capabilities of itsExtensible Markup Language (XML) and Web services deployments,and extend the capabilities of its service-oriented architecture (SOA)infrastructure.

Through a combination of instructor-led lectures and hands-on labexercises, students learn how to implement the key use cases for theDataPower appliances, including XML acceleration and threatprotection, authentication, authorization, and auditing (AAA), Webservice virtualization, Web services security, and integrating with IBMWebSphere MQ and Java Message Service (JMS).Students also learn how to use various problem determination toolssuch as logs, monitors, and probes, as well as techniques for testingDataPower services and handling errors.The hands-on exercises give students experience working directly withan IBM WebSphere DataPower SOA Appliance by focusing on skillssuch as creating XML firewalls, working with encryption andcryptographic objects, configuring service level monitoring,troubleshooting services, and handlng errors.

AudienceThis course is designed for integration developers who configureservice policies on IBM WebSphere DataPower SOA Appliances.

PrerequisitesBefore taking this course, students should be familiar with. Security-based concepts and protocols

@ Copyright IBM Corp. 2009 Course description xixCourse materials may not be reproduced in whole or in part


El color azul de la impresin garantiza la autenticidad de este documentoO Copyright

ning. XML-related technologies, such as XML schema, XPath, and XSLT. Web service fundamentals and the Web Services Security

specification

ObjectivesAfter completing this course, students should be able to:. Describe the key use cases and architectural scenarios for the IBM

WebSphere DataPower SOA Appliances. Describe how WebSphere DataPower Appliances are configured,

including the role of XSL Transformations (XSLT). Configure an XML firewall to protect against a new class of

XML-based threats. Create a Web services proxy to virtualize Web service applications. lmplement Web services security. Create and configure cryptographic objects. Configure Secure Sockets Layer (SSL) to and from WebSphere

DataPower SOA Appliances. Configure a multi-protocol gateway (MPG) to handle multiple

protocols for a single service. Configure a service level monitoring (SLM) policy to handle service

processing violations. Enforce service level policies to manage traffic to and from

WebSphere DataPower SOA Appliances. Configure support for IBM WebSphere MQ and Java Message

Service (JMS). Troubleshoot services using logs and probes. Handle errors in service policies

Contents. Course introduction. lntroduction to DataPower SOA Appliances. DataPower administration overview. lntroduction to XSL transformations. DataPower services overview. XML firewall service

xx Accelerate, Secure and Integrate with DataPower @ Copyright IBM Corp. 2009Course materials may not be repfoduced in whole or in part


El color azul de la impresln garantiza la autenticidad de este documentoO Copyrighl

IBM Traini.gStudent Notebook

. Problem determination tools

. Handling errors in a service policy

. DataPower cryptographic tools

. Securing connections using SSL

. XML threat protection

. Web service proxy service

. XML and Web services security overview

. Authentication, authorization, and auditing (AAA)

. Configuring LDAP using AAA

. Multi-protocol gateway service

. Monitoring objects

. Service level monitoring

. lntegration with WebSphere Me

. DataPower and Java Message Service (JMS)

. DataPower architectural scenarios

. Course summary

t,

)))J.).)JUtcoooC

@ Gopyright IBM Corp. 2009 Course description xxiCourse materials may not be reproduced in whole or in part


El color azul dc la impresin garantza ra aurenticidad cre csle crocLrmento@ Coryright

ning

xxii Accelerate, Secure and Integrate with DataPower @ Copyright IBM Corp. 2009Course materals may not be reproduced in whole or in part

without the prlor wrltten permission of IBM'

El color azul de la mpresin garantiza la autenticidad de este documento.@ Copyright

IBM Training Stuat-lotlooTAgendaDay 1

Day 2

Day 3

Day 4

Course introductionUnit 1. lntroduction to DataPower SOA AppliancesUnit 2. DataPower administration overviewExercise 1. Exercises setupUnit 3. lntroduction to XSL transformationsExercise 2. Creating XML transformationsUnit 4. DataPower services overviewExercise 3. Creating a simple XML firewall

Unit 5. XML firewall serviceUnit 6. Problem determination toolsExercise 4. Creating an advanced XML firewallUnit 7. Handling errors in a service policyExercise 5. Adding error handling to a service policy

Unit 8. DataPower cryptographic toolsExercise 6. Creating cryptographic objectsUnit 9. Securing connections using SSL

Exercise 7. Securing connections using SSLUnit 10. XML threat protectionExercise 8. Protecting against XML threatsUnit 11 . Web service proxy serviceExercise 9. Configuring a Web service proxyUnit 12. XML and Web services security overviewExercise 10. Web service encryption and digital signatures

Unit 13. Authentication, authorization, and auditing (AAA)Exercise 11. Web service authentication and authorizationUnit 14. Configuring LDAP using AAAExercise 12. Creating a AAA policy using LDAP

Unit 15. Multi-protocol gateway serviceExercise 13. Configuring a multi-protocol gateway serviceUnit 16. Monitoring objectsUnit 17. Service level monitoring

)

)))))

)

))

.)\

._),JJJ\,I{oooOo

@ Copyright IBM Corp. 2009 Agenda xxiiiCourse materials may not be reproduced in whole or in part

wthout the prior wrtten permission of lBM.

El color azul de la impresin garantiza la autentcidad de este documento@ Copyright

ining r , -Q

Day 5Unit 18. lntegration with WebSphere MQExercise 14. Configuring a multi-protocol gateway service with

WebSphere MQUnit 19. DataPower and Java Message Service (JMS)Unit 20. DataPower architectural scenariosUnit 21. Course summary

AppendixesAppendix A. Web application firewall serviceExercise A. Creating a firewall and HTTP proxy for a Web applicationExercise B. Configuring WebSphere JMS

xxiv Accelerate, Secure and Integrate with DataPower @ Copyright IBM Corp. 2009Course materials may not be reproduced in whole or in part


El color azul de la impresin garanliza la autenticidad de este documentoO Copyright

)

,

)

)

)))

)))))

.)-)

.J

.")JJJJJJ\)Icoooa


'

)

)

)

)

)

)

)

)

)

)

))

)

)

)

))

))

.J

-).),)JJJ(JOOooae

Unit 1. lntroduction to DataPower SOAAppliances

What this unit is aboutThis unit introduces the concept of SOA appliances: an XML-awarenetwork device that accelerates, secures, and integrates XML-basedapplications and Web services.

What you should be able to doAfter completing this unit, you should be able to:. Describe and define the role of an SOA appliance. ldentify the products in the WebSphere DataPower SOA Appliance

product line. Describe how to use WebSphere DataPower SOA Appliances in

an enterprise architecture

How you will check your progress. Checkpoint

Referenceshttp ://www. i bm . co m/s oftwa reli nteg rati o n/d atapowe r/

WebSphere DataPower SOA Appliances

@ Copyright IBM Corp. 2009 Unit 1. lntroduction to DataPower SOA AppliancesCourse materials may not be reproduced in whole or in part

without the pror written permssion of lBM.

1-1

E color azul de la impresn garantrza la aulenticidad de este documento@ Copyright

rErrng

Unit objectivesAfter completing this unit, you should be able to:. Describe and define the role of an SOA appliance. ldentify the products in the WebSphere DataPower SOA

Appliance product line. Describe how to use WebSphere DataPower SOA Appliances

in an enterprise architecture

o Copyright IBM Corporation 2009

Figure 1-1. Unit objectives wB5ss / v85552.0

Nofes

1-2 Accelerate, Secure and lntegrate with DataPower @ Copyright IBM Corp. 2009Course materials may not be reproduced in whole or in part


El color azul de la impresin garantlza la autentlcidad de este documento@ Copyrght

'

)

)

)

)

)

).).J.J.).).),JJJJ)oooo.


XML-aware networkingAfter completing this topic, you should be able to:. Explain the role of XML in a service-oriented architecture

(SOA) ,^ rf \1t\rt .^,i*lrin a^ e/^l a,ia h tl

' ldentify the uses of XML within an SOA i r o ic;',-' e't. Explain the disadvantages and threats with deploying XML-

based applications in the enterprise. Describe the features in an XMl-aware network layer that

mitigate the risks of deploying XML-based applications

u lut\.btn

O Copyright IBM Corporation 2009

Figure 1-2. XMl-aware networking

Notes:

w8555 / V85552.0

))))

-)J(.)(3ooo(_

@ Copyright IBM Corp. 2009 Unit 1. lntroducton to DataPower SOA AppliancesCourse materials may not be reproduced in whole or in part


1-3

E color azul cle la rnrprcsin garnnlza l aLtentcidad dc esti: cioountcirtrO Oopyr lllrl

rirg

Role of XML in SOA. Extensible Markup Language (XML) provides a text-based,

human-readable scheme for describing information in astructured format

. lts simplicity and self-describing nature makes XML popular asan interoperable data format

. XML is becoming the way to:-

Exchange data between disparate systems within and outside of anenterprise system

- Enable application functions as interoperable services

. XML is also the foundation for a number of SOA specifications.

@ copyright IBM Corpotion 2009

Figure 1-3. Role of XML in SOA w8555 / V85552.0

/Vofes.'Extensible Markup Language (XML) is a way of encapsulating and describing data in atext-based, human-readable manner.Being text-based, practically any computer system in existence can process the dataformat. Compare this scheme with proprietary binary formats. Being human-readableenables future developers to decipher the data format, years after the original developershave retired.

ln short, XML provides a self-describing container for data that is widely compatible todayand tomorrow.For these reasons, XML is a natural choice within an SOA implementation, and for anumber of specifications that define SOA.

1-4 Accelerate, Secure and Integrate with DataPower @ Copyright IBM Corp. 2009Course materials may not be reproduced in whole or in part


)

))

,

;

)

))

)))

)))

.)))

.,)

.,)

.)JJJJJJJ'-)\rl\)Ioaooo

El color azul de la impresin garanliza a autenticidad de este docurnento@ Copyrght


Uses of XML in SOA

Security serverIBM Tivoli Access

Manager

WSDL

Securityassertion.

,alo c /"NL. ie |,n

Order managementWeb applicationon IBM WebSphereApplication Server

Customer billingapplication

on IBM WebSphereProcess Server

O Copyrght lBN.4 Corporaton 2009

Customerdatabaseon IBM DB2

Universal Database

:3t.tl:i

)

''.,

).),i

.)J\{taooot

Figure 1-4. Uses of XML in SOA w8555 / V85552.0

Notes:1. Web Services Description Language (WSDL) provides an interoperable,

platform-independent format for describing the interface and binding details of anetwork service. Since WSDL documents are also XML documents, they can beconsumed by virtually any computer system regardless of operating system,program ming language, or- hardware differences.

2. One of the more popular messaging formats for encapsulating an operation callis SOAP. The SOAP specification defines an XML-based envelope format forholding the message payload and processing instructions through the body andheader elements, respectively. As XML messages, a wide range of systems can invokeand provide service functionality by consuming and producing SOAP messages,regardless of the implementation differences between the client and the server.

3. Additional information about messages can also be encapsulated in an XML format. Forexample, the Web services security specifications provide a standard for encodingsecurity metadata in a SOAP message header. A wide range of security packagessupport these security tokens, allowing the exchange of security information.

@ Copyright IBM Gorp. 2009 Unit 1. lntroduction to DataPower SOA Appliances l-5Course materials may not be reproduced n whole or in part


El color azul de la impresn garantiza la autenticidad cje este docur-nentoO Copyrichl

ining4. Security servers might choose to attach authentication, authorization, or additional

security characteristics on an incoming message as it passes through servers in theenterprise. Security asseftions reduce the number of security checks from internalapplications and abstract security decisions from application developers.

5. Applications can retrieve and store information to data stores using an XML stream orXML messages. The use of XML abstracts the actual implementation of the data storeitself. lt provides information as a service.

1.6 Accelerate, Secure and lntegrate with DataPower @ Copyright IBM Corp. 2009Course materials may not be reproduced in whole or in part


)")

)l

))

)

).))

.)jI

.)

_)

U",}.jJJJ')JJJJIoooo

El color azul de la impresin garantiza la autenticidad de este docunrentoO Copyright


Some SOA specfications based on XMLSpecification Description

XML schema

SOAP Provides a standard structure for Web services requests andresponse messages, in XML format.

WSDL Provides a language for defining the interface and binding details of aWeb service. WSDL documents are XML documents.

XSLT The language for transforming XML documents to another format.Transform templates are described using XML.

XPath A platform-independent syntax for addressing parts of an XMLdocument tree.

XML digitalsignatures

Provides a standard for storing digital signatures of XML documents,in XML format.

XML encryption Provides a standard for storing encrypted parts of an XML document,in XML format.

SAML Provides a standard for stating security assertions. Assertions can bewritten in an XML format.

@ Copyright IBM Corporation 2009

Figure 1-5. Some SOA specifications based on XML w8555 / V85552.0

Nofes.'WSDL: Web Services Description LanguageXSLI XSL (XML Stylesheet Language) TransformationsXPath: XML Path LanguageSAML: Security Assertion Markup Language

@ Copyright IBM Corp. 2009 Unit 1. Introduction to DataPower SOA AppliancesCourse materials may not be reproduced in whole or in part


1-7

El color azul de la irrpresin ganIiza la autenticidad de este documentoO Copyright

ining

Disadvantages and threats with XML. As a text-based, human-readable protocol, XML tends to be

more verbose-

Parsing, processing, and transforming XML data incur significantoverhead for application servers

. XML introduces new threats and security exposures-

Most companies disable XML validation due to performance costs-

Traditional network security devices do not protect against a newclass of XML-based attacks, such as:. Entity expansion and recursion. Malicious includes. XML encapsulation

. Dealing with XML-based applications becomes a compromisebetween performance and security

@ Copyright IBM CorpoEtion 2009

,\

)))

l

)

')

)

)

)

))

)

))

I

)

)

))

))

.)))J.J.JJJJJJJJJJJ\,,Icooo

Figure 1-6. Disadvantages and threats with XML w8555 / V8s552.0

Notes:Entity expansion and recursion attacks use entity declarations in an XML document headerthat references itself. When an XML parser resolves the recursive reference, the size of theentity expands exponentially, consuming all available memory and processing power on aserver.

Malicious includes add a URL reference into an XML document. The reference itselfguesses at the name and location of privileged information, such as a UNIX password file.XML encapsulation exploits the CDATA reference, which attaches arbitrary non-XML datainto an XML document. Within the CDATA reference, malicious users can embed arbitrarycode or system commands. A poorly designed service might inadvertently execute thecode or the command.More information on XML threats will be discussed in a later lecture.

1-B Accelerate, Secure and Integrate with DataPower @ Copyright IBM Corp. 2009Course materials may not be reproduced in whole or in part


El color azul de la impresin garanltza la autenticidad de este docul.lrento@ Copyright

IBM Traini.gStu

Web services as a security risk' One of the advantages of Web services is its ability to easily

expose back-end systems to business partners and customers-

Web services often leverage HTTP, a widely supported andunblocked protocol in most company networks

. Traditional Web seryers and proxy servers do not inspect XMLand SOAP traffic for attacks

Bina traffic')

XML traffic over HTTP

Externalclient tJ llInternet Demilitarized

zone (DMZ)Intranet


:=

)

))

))

)

))

-)JJ-l.)JJ\.)()eooooG

Figure 1-7. Web services as a security risk w8555 / V85552.0

Nofes.'Many corporations allow inbound communications through port 80 in order to serue staticWeb pages or results from dynamic Web sites (Web applications). Calls to Webapplications are considered lower in risk because they do not represent arbitrary calls toapplications on the system itself. That is, an attacker might succeed in disrupting service onan application server, but the server system itself is not compromised.Web services provide application functionality from a wide range of clients through theexchange of XML messages. lmproper designs can expose sensitive applications that areotherwise not meant to be accessed by external users.The holes in both lP firewalls represent unfiltered traffic that passes freely through anHTTP transport. Gateway servers within the demilitarized zone (DMZ) also do not inspect

@ Copyright IBM Corp. 2009 Unit 1. lntroduction to DataPower SOA AppliancesCourse materals may not be reproduced in whole or in part


1-9

El coior azul de la tmpresirr garariiza la autentlcidacl de este doculento@ Copyrght

iruinng

Solution: lntegrate an XMl-aware network layer. Address performance

and security concernswith XML-awarenetwork devices thataccelerate and secureXML processing-

These network devicescomplement your existingnetwork infrastructure

- XMl-aware networkdevices also offloadprocessor-i ntensive XM Lprocessing and securitytasks from yourapplication i nfrastructu re

. SOA appliances provide a quick way to deploy an XMl-awarenetwork layer

O Copyrght lBl\,.l Corporation 2009

llqt

49*

XML-aware network

Figure 1-8. Solution: lntegrate an XMl-aware network layer w8555 / V85552.0

Notes:The core issue is that traditional network architectures were not designed to handleXML-based traffic. Software-based solutions perform adequately with XML data, but it isnot as fast as a dedicated hardware solution. Most hardware network devices simply do notunderstand XML data. SOA appliances provide a solution to both issues: ahigh-performance, hardware-based XML processing device.


withoul the prior wrtten permission of lBM.

E color azul de la rlpresin ga(arlza a autenticdad dc cste doculnento@) Copyriglrt

'.))

)))))JJ\)Ioo

IBM Training Slu

SOA appliances in detail. SOA appliances are purpose-built, easy-to-deploy network

devices that accelerate and secure your XML and Webservices deployments

. Compared to software solutions, SOA appliances are:-

Simpler to manage-

Easier to scale

- Easier to secure

- Quicker to deploy

- More robust against attacks

- More cost-effective

- they provide lower total cost of ownership (TCO)

. IBM WebSphere DataPower SOA appliances are one of theleaders in the SOA appliance space

@ Copyright lBNl Corporation 2009

w8555 / V85552.0Figure 1-9. SOA appliances in detail

lVofes

l

)

)

)

)

)

)

)

))

)

)

)

)

)

))

_)

))))

))

.JJJJ.)JJJ\)IOoooo3

@ Copyright IBM Corp. 2009 Unit 1. Introduction to DataPower SOA AppliancesCourse matefials may not be reproduced in whole or in part

without the prior wrtten permisson ol lBM.

1-1 1

El color azul de la impresin garantiza la autenticidad de este documentoO Copyrlght

rrirg

DataPower SOA appliances: Built for security. Consist of sealed network-resident devices in a tamper-proof

case. Have no drives, no USB ports, and no spinning media t^- t la;n,J

. Single signed or encrypted firmware image prevents attackersfrom installing arbitrary software

. By default, appliances ship with a locked-down configuration

. Offer secure hardware storage of encryption keys and lockedaudit log

. Security vulnerabilities were minimized by using few third-partycomponents

@ Copyrght IBM Corporation 2009

Figure 1-10. DataPower SOA appliances: Built for security w8555 / v85552.0

Notes:There is no floppy drive or USB port, which eliminates the possibility of loading a devicewith malicious software.There is less of a chance that security holes will be exploited since no third party softwareor complex operating systems are installed.

1-12 Accelerate, Secure and lntegrate with DataPower @ Copyright IBM Corp. 2009Course materials may not be reproduced in whole or n part


I.\

I

)

)')')))))

)

)

)

)))))

.))

._)

)J)_)JJJJJJJJJ\Icoooo

El color azul de la impresin garanliza la autenticidad de este documento@ Copyright

IBM Traini.gStudent Notebook

DataPower SOA appliances: Purpose-builtsolution

Proprietarysoftware

Webserver

Applicationserver

Database

Firmware XMLlibrary C library

Developmentplatform

l Floppy CD-ROMdrive USB port Hard disk HardwareIBM WebSphere DataPower

Purpose-built hardware and firmwareXML Security Server appliance

General-purpose hardware and software


Serverdaemon

Operating system

Figure 1-11. DataPower SOA appliances: Purpose-built soluton

Notes:

w8555 / V85552.0

t

))

-)J(,(J9oooG

@ Copyright IBM Corp. 2009 Unt 1. lntroduction to DataPower SOA AppliancesCourse materials may not be reproduced in whole or in part

wthout the prior written permission of lBM.

1-13

El color azLr dc la inrpresin garantiza a autenticiclar,l de este docUtrclltoG) Coltyr crht

ning

DataPower SOA appliances provide bothperformance and security. As a hardware solution, DataPower processes XML data near

wirespeed. DataPower appliances protect networks against traditional and

new XMl-based attacks. Wth DataPower, there is no compromise: you get both

performance and security in one package

,#

ll ffiil>U

XML traffic over HTTP

Externalclient LIInternet Demilitarized

zone (DMZ)Intranet


:=

Figure 1-1 2. DataPower SOA appliances provide both performance and securty wBs55 / v85552.0

Notes:



I

)I

).))

)

,)J',

J.).)JJl)fOoooo

El color azul de la impresin garantiza la autentlcidad de este docurrentoO Copyrght

IBM Traini^gStudent Notebook

Topic summary

Having completed this topic, you should be able to:. Explain the role of XML in promoting interoperability in an SOA. ldentify the uses of XML within an SOA:-

Provides a platform-neutral interface format-

Defines a platform-neutral messaging format-

Encapsulates security metadata, such as tokens and assertions-

Enables information as a service, as opposed to implementation-specificdatabase protocols

. List the disadvantages and risks associated with XML adoption-

Lower performance compared to a compressed, binary format-

New class of attacks not anticipated with traditional devices. Explain how SOA appliances accelerate and secure XMl-based

applications

@ Copyright IBM Corporaton 2009

Figure 1-13. Topic summary

Notes:

w8555 / V85552.0

.).)

.JJ{JtIoaac



1-15

El coor azLrl c1e la mpresin garanLza la rutenticiclacl dc csLe dcclntentoO Copvriqlrt

rnrng

DataPower SOA appliance use casesAfter completing this topic, you should be able to:. Describe use cases for deploying IBM WebSphere

DataPower SOA appliances

IBM Corportion 2009

Figure 1-1 4. DataPower SOA appliance use cases

Notes:

w8555 / V85552.0


without the prior written permisson of lBM.

El color azul de la impresn gatantza la autenticdad de este documento@ Copyright


Use cases for SOA appliances1. Securing Web services

- Provide secure access of back-end systems to business partnersand customers

2. Legacy integration and hub mediatio n :4odu i0-

Enable mainframe or legacy applications as Web services

3. Web services management

4. Portal acceleration

'Pq. llfr,,t\ Ccac\a cL !rc

O Copyrght IBM Corporation 2009

Fgure 1-1 5. Use cases for SOA appliances

Notes:

2 9( f)taL \MSYr.- exfov-en ws

wB55s / V85552.0

))

)

)

.))),)JJ()t.aoooe

@ Copyright IBM Corp. 2009 Unit 1. Introducton to DataPower SOA AppliancesCourse materials may not be reproduced in whole or in part


1-17

El color azul de la impresn garanliza la autenticidad de este docureltoO Copyrght

ning

Use case 1: Securing Web services. Traditional network security devices do not secure XML or

SOAP-based traffic-

By design, lP firewalls do not distinguish between Web browser trafficand application calls over HTTP

- Externally facing Web services are not protected against XMl-basedattacks

. Augment your existing network security infrastructure withXML-aware network devices acting as an XML firewall-

First level:. Deploy an XML Security Gateway to efficiently screen potential XML-

based attacks at wirespeed

- Second level:. Leverage the security of existing application servers for additional

processing

o Copyrght IBM Corporation 2009

Figure 1-16. Use case 1 : Securing Web services w8555 / VBss52.0

Notes:

1-18 Accelerate, Secure and Integrate with DataPower @ Copyright IBM Cofp: 2009Course materlals may not be reproduced in whole or in part


)

)

)))))

))

)

)

)).).)..).).)J

t,)

JJJJJJJJ\)l,l.oooO

El color azul de la impresin garantiza la aulenlicidad de este documentoO Copyright

il3ll{ Traimi*gstuen tik'

Layers of security for XML-based applicationsI

I,

,t

tIIIIII,

,

,

II

IIIItI

t'-,?:

t

I

1

Demilitarizedzone (DMZ) Intranet

Externalclient I

tII

O Copyright IBN/l Corporation 2009

{:::::::i

Figure 1-17. Layers of security for XML-based applications

Notes:1. Standard lP firewalls protect the edge of your corporate network.2. A cluster of IBM WebSphere DataPower SOA appliances complements your existing

network security infrastructure. These devices become a centralized gateway for allXML-based applications, including Web seryices. The DataPower appliances screenincoming and outgoing traffic for XML-based attacks, SOAP message validity, andcompliance to WSDL messages. IBM WebSphere DataPower SOA appliances can actas a security policy enforcement point (PEP), authenticating and authorizing incomingapplication requests.

3. DataPower services can fonvard information about the principal, in the form of securitytokens or assertions. Application servers consume these security artifacts and enforcerole-based security in its application.

c lrc^ ci/\ey

w8555 / V85552.0

'^t)

.)J(,)Ocooe

D ?. ( rcc K{ Lo^ejr , n\.ei\1.-,n.!.- e")+ t / k--

e\ .\:ernLsv Jt 1.t , /



1-19

E co or azul cle a ntpresin ()t anl)/t) a autcltLir; tlLcl de ostr: cloounlotlluG) Oot)y lcl ri

ning

Use case 2: Legacy integration and hub mediation. DataPower SOA lntegration Appliance Xl50 features any-to-

any transformation-

The DataGlue engine within the DataPower SOA appliance uses XSLtransforms to manipulate non-XML data

- Quickly provide a Web seruice endpoint to COBOL applicationswithout the use of complex connectors

. As a gateway to legacy systems, the lntegration ApplianceXl50 provides:-

Protocol bridging-

Data transformation

. DataPower SOA appliances can efficiently transform, route,and log messages among XML applications and Web services

@ Copyrght IBM Corporation 2009

Figure 1 -1 8. Use case 2: Legacy integration and hub mediation w8555 / V85552.0

IVofes

1-20 Accelerate, Secure and lntegrate with DataPower @ Copyright IBM Corp. 2009Course malerials may not be reproduced in whole or in part


El color azul de la impresin garantiza la autenticidad de este docunrento@ Copyright

)

)

))

)

)

)

)

)

))))))))

J.JJJ.)JJJJ\,Icooo

IBM Trainirg str*ffioffi

Enable Web services for legacy applications

WebSphereMQ messages

{+"Put" request

queue

"Get" replyqueue

-+

+-

O Copyright IBN Corporaton 2009

Figure 1-1 9. Enable Web services for legacy applications w8555 / V85552.0

Notes:With the lntegration Appliance X150, you do not need to modify your existing legacyapplications. The DataPower SOA appliance acts as an IBM Websphere MQ client to yourexisting GET and PUT queues on Message Broker. With a multi-protocol gatewayDataPower service, Web service clients can now access your legacy applications.

)

).)).).)Jt)()eooOG



1-21

E coor azul dc ia inttres garanlza la autentcidrd cle esle d()cutn(iIto(c) Colryrielht

rnrng

Gontent based routing

-=

' Purchase orderService Vl

DataPowerSOA appliance


Externalclient

Applicationservers

:p=

Figure 1-20. Content based routing w8555 / V85552.0

Notes:1. A DataPower SOA appliance service endpoint receives an XML message representing

a purchase order.2. The document processing policy in the service routes the message to the latest version

of the order fulfillment application, on the first application server.

3. This application server receives the bulk of the purchase orders.4. A second message arrives at the same service endpoint. The message is sent from a

client, which uses the older version of the order fulfillment application. The routingaction redirects the order to the previous version of the order fulfillment application, onthe second application server.


wthout the pror written permission of lBM.

E color azu de la mpres r garatliza la autentlcidad de este doculnentoO Copyright

.)

)

)

))

.).,)

).',})JJIcooo


Use case 3: Web servce management. ln addition to monitoring against XMl-based threats, XML-

aware networks need to enforce service level agreements(sLA)-

Record the amount and duration of Web services requests-

Notify system administrators if service levels are not met-

Automatically reduce traffic frequency in order to avoid overloadingback-end systems

- Limit or block traffic from a particular host

. DataPower SOA appliances can enforce an SLA in addition toa security policy-

Service levels and monitoring can be applied at the endpoint, service,or operation level


Fgure 1-21. Use case 3: Web service management

Nofes.'

w8555 / V85s52.0



1-23

El color azu de la impresin garanliza la autenticidad de este documento@ Copyright

rmng

Enforce service Ievel agreements with DataPowerSOA appliances

Policy IBlock clients that make morethan 500 requests perminute. Clients are identifiedby their IP address.

***

---+

Policy 2Throttle (reduce rate) oftraffic from clents that makemore than 100 requests Perminute.


Figure 1-22. Enforce service level agreements with DataPower SOA appliances w8555 / V85552.0

Nofes.'1. ln the first case, one particular client sends more than 500 requests within a minute.

According to the service level management policy, requests from the client are blockedfor a fixed time period.

2. ln the second case, another client makes more than 100 requests within a minute.lnstead of blocking all subsequent requests, the policy reduces the rate of requests to afixed frequency threshold for a certain time period.



l

,

)

)

)

)

J.,)JJJJJJtJIooao

El color azul de la impresin garantza la autenticidad de este documelrtoO Copyrioht


Use case 4: Accelerate dynamic Web sites. Dynamic Web sites use XML to pass information flexibly between

application layers-

Sites use XML to encapsulate data between different application layers-

ln the final step, the presentation layer transforms XML data into an HTMLWeb page

. However, XSL transformation creates performance problems onthe portal server

. Offloading processor-intensive XML transformations to theDataPower SOA appliance significantly frees up resources on theapplication server-

lnclude XML-PI (processing instructions) in a raw XML response from theportal server

- he XML parser within DataPower SOA appliance automatically appliesthe XSL transformation without additional configuration

@ Copyrght lB[4 Corporation 2009

Figure 1-23. Use case 4: Accelerate dynamic Web sites w8555 / V8s552.0

Nofes;Within an SOA, XML is widely becoming the choice for encapsulating data betweendifferent systems. As a text-based protocol, XML suffers from performance issuescompared to fine-tuned binary data formats. On the other hand, portal systems need tosupport a wide variety of clients, including Web browsers and mobile phones. Suchsystems use XSL transforms to convert the raw XML output into an HTML Web page, WMLmobile phone Web page, or CHTML mobile phone page.IBM WebSphere DataPower SOA appliances provides an easy drop-in solution foroffloading XML processing from portal servers. First, disable XSL transformation on theportal server. On most software packages, this task can be accomplished without affectingindividual portlets or Web applications. Configure the portal server to specify atransformation style sheet in the processing instructions section of an XML document,XML-Pl. As the Pl header is part of the XML specification, any standards-based parser canapply the style sheet to the XML data. A DataPower XSL accelerator service wouldautomatically transform the document as it parses the XML data.

)

)

)

)

)

)

)

)

))

)

)

)

._)

J',,

JJJJIoOooo3

@ Copyright IBM Corp. 2009 Unit 1. Introducton to DataPower SOA AppliancesCourse materials may not be reproduced in whole or in pan


1-25

El color azul de la impresin garaliza la autenticidad de este docunrento@ Copyr cht

ining

Accelerate dynamic Web sites

HTMLb page

Raw XMLresponse

Externalclient

DataPowerSOA appliance


Applicationserver or

poftal server

Figure 1-24. Accelerate dynamic Web sites w8555 / v85552.0

Notes:1. The final presentation layer rendering is offloaded from the portal server to the

DataPower SOA appliance.2. As specified in the XML-PI (processing instruction) header, the XML parser within the

DataPower SOA appliance automatically retrieves an XSL transform from a localdirectory or from a remote file server. The service applies the transform to the raw XMLresponse. No additional configuration is necessary for the DataPower SOA applianceservice.

3. The DataPower SOA appliance returns a properly formatted HTML Web page to theoriginal client.



El color azul de la irrpresln garanliza la autenticrdad de este documento@ Copyright

l

'i

)

I

)

')

)

.J'.,}).,)JJJ\)IOoooo


Topic summaryHaving completed this topic, you should be able to:. Describe use cases for deploying IBM WebSphere

DataPower SOA appliances:-

Secure Web service and XML applications-

lntegrate legacy systems-

Provide centralized Web service management-

Accelerate content rendering of dynamic Web sites

@ Copyright IBM Corporaton 2009


l\lofes;

1

)'

i)I

r-J

(.Io3



1-27

El color azul de la mpresin garantiza la autentic dad de eslc docunrelrto@ Copyright t

w8555 / V85552.0

ining

Introduction to DataPower SOA appliancesAfter completing this topic, you should be able to:. Describe the different features in the IBM WebSphere

DataPower SOA Appliance product line. ldentify the sections of the TCP/IP network protocol stack that

are secured by DataPower SOA appliances

@ Copyright lBlV Corporaton 2009

Figure 1-26. lntroduction to DataPower SOA appliances

Notes:

w8555 / V85552.0

1-28 Accelerate, Secure and lntegrate with DataPower @ Copyright IBM Corp, 2009Course materials my not be reproduced in whole or in part


El color azul de la irnpresin garantiza a autentlcidad de esle documentoG) Copyrght

ll

._)

_)t

.-,

_,-JJl'JIOc

IBM Training Student Notebook

IBM WebSphere DataPower product Iine

iffimnnnr-,;M

. IBM WebSphere DataPower XMLAccelerator XA35-

Offloads processor-intensive XML processing andtransformation tasks from application seryers

- Protects against attacks on Web applications

. IBM WebSphere DataPower XML SecurityGateway XS40-

Acts as a security policy enforcement point forXML applications and Web services

- Virtualizes Web services easily with dynamicWSDL-based configuration

. IBM WebSpher lntegrationAppliance Xl50-

Provides a Web service interface for mainframeapplications

- Performs any-to-any data transformation at

dl c.n s rmaco '\l)4 b'nc'r- a5


)

)

,

)

)

)

)

)

)

)

)))))

)

)

.)

.)

.)

.)J-)._)JJ..)IIoo

Figure 1-27. IBM WebSphere DataPower product line w8555 / V85552.0

Notes:. IBM WebSphere DataPower lntegration Appliance Xl50:

http ://www. i bm.com/software/i nteg ratio n/datapower/xi50/. IBM WebSphere DataPower XML Security Gateway XS40:

http ://www. i bm.com/software/i nteg ratio n/datapower/xs40/. IBM WebSphere DataPower XML Accelerator XA35:

http://www.i bm.com/software/integration/datapower/xa35/


wthout the prlor written permission of lBM.

1-29

El color azul de la inrpresin garantiza la autenticidad de este docurnentoO Copyright

ining

XML Accelerator XA35 features

. Accelerates dynamic content generation-

Transforms XML data into any presentation layer format at wirespeed

. Offloads XML manipulation through industry standard API-

Performs XML processing and transformation through the Java APIfor XML-based Parsing (JAXP)

@ Copyrght IBM Corporaton 2009

wBs55 / V85552.0

,

)

)))

)

l

)

)

))

))

.))))))).)J..1

J.)JJ-).lJJJIIe

1-30 Accelerate, Secure and Integrate with DataPower @ Copyright IBM Corp. 2009Course materals may not be reproduced in whole or n part


El color azul de la impresin garantiza la autentlcidad de este documento@ Copyright

l

Figure 1-28. XML Accelerator XA35 features

Notes:

IBM Trainirg Stu oT'

XML Security Gateway XS40 features

. XML and Web services security provides:-

XML denial-of-service protection* Field-level message encryption and digital signature-

Web services access control at the operation, interface, or endpoint level-

Service virtualization to abstract service endpoints within your network-

Authentication, authorization, and auditing (AAA) framework that supportsa variety of user password, security token, and other identity informationfrom requests

- Centralized policy management is enforced by a cluster of SOA appliances

- Service level management, policy management, and Web servicesmanagement support

" Includes all XML acceleration features from the XA35 appliance

f) aahFolir


;

)

l

)

)

)

)

))I

)

.-)

.)JJ.)JJJIIcoo

Figure 1-29. XML Security Gateway XS40 features

Notes:



1-31

El color azul de la impresin garanltza la autenticidad de este documento@ Copyriqht

w8555 / V85552.0

rung

lntegration Appliance Xl 50 features

. Acceleration of existing integration hubs-

Processor-intensive tasks such as XSLT processing, routing, and legacy-to-XML conversion can be offloaded to the Xl50

. Mainframe modernization with Web services-

XMl-to-any conversion allows mainframe applications to be virtualized asWeb services

. Manages non-XML traffic as easily as XML data-

Can parse and transform arbitrary binary, flat text, and XML messages-

No custom programming needed to manipulate messages. Offers support for popular messaging systems-

Xl50 appliances acts as an IBM WebSphere MQ client' lncludes all security and acceleration features from the XS40 and

XA35 appliances, respectively@ Copyright lBlV Corporaton 2009

Figure 1-30. lntegration Appliance X150 features w8555 / V85552.0

Notes:


wthout the prior written permission of IBM'

El color azul de la impresin ga(anliza la aulenticidad de este documento@ Copyr ght


DataPower SOA appliances in the network stack

Application layer

Transport layer

Network layer

Data link layer

Physical layer

Multi-protocolgateway

TLS/SSL

UDP

ICMP

Web servicessecurity

SOAP

XML

Web servicesstandards

Webservices

proxy

XSL proxv

Web applicationfirewall

DataPowerservices

XMLfirewall

HTTP

TCP

IP

SNMP

lPSec

TCP/IP protocolstack

@ Copyright IBM Colporation 2009

Fgure 1-31. DataPower SOA appliances in the network stack w8555 / V85552.0

lVofes.'Listed below are some of the protocols associated with the TCP/IP stack:. lP: lnternet protocol, communication across a packet-switched network. ICMP: lnternet Control Message Protocol, for sending system-level error messages. lPSec: lP Security, authentication and encryption at the lP packet level. TCP:Transmission Control Protocol, virtual circuit protocol that guarantees reliable and

in-order data delivery. UDP: User Datagram Protocol, lightweight packet communication without ordering or

reliability guarantee. HTTP: Hypertext Transfer Protocol, transmitting information across the World Wide

Web (WWW). TLS/SSL: Transport Layer Security/Secure Sockets Layer, authentication and

confidentiality over the lnternet. SNMP: Simple Network Management Protocol, monitors network-attached devices

@ Copyright IBM Corp. 2009 Unit 1. lntroduction to DataPower SOA AppliancesCourse mateials may not be reproduced in whole or in part

wthout the pror wrtten permission of lBM.

1-33

El color azul de la lmpresin garanliza la autenticidad de este documento@ Copyright

rirg

Features comparison (1 of 3)Feature xt50 xs40 xA35

XSL transformation

XML and SOAP validation

HTM L-XM L transformation

Basic XML threat protection

SOAP V1.1 and V1.2 bindings

XSLT V1.0 and V2.0

Logging (on-board and off-device)SSL termination and initiation

XML coprocessor mode

Figure 1-32. Features comparison (1 of 3) w855s / V85s52.0

Notes:

1-34 Accelerate, Secure and Integrate with DataPower @ Copyright IBM Corp. 2009Course materials may not be reproduced n whole or in part


El color azu de la impresin garantza la autenticidad de este documento@ Copyright

)

)

;

)))

))

)))))))

_)

)J"),).)JJJJJJI(


Features comparison (2 of 3)

,

)

)

)

)

)

)

)

)

)

)

)

)

))

)

))))

))

).).)

J,)-))..)JJJ\,,IOoa

Feature xt50 xs40 xA35

SNMP management integration

Remote device management integration

WSDL V1.1

Content encryption and decryption

Sign XML content and verify digital signatures

Authentication, authorization, and auditing

Content-based routing and filtering

Fetch content from off-device locations

MIME, DIME, MTOM attachment processing

Figure 1-33. Features comparison (2 of 3) W8555 / VBS5S2.0Notes:Message Transmission Optimizalion Mechanism (MTOM) is now available using theMTOM policy for optimizing wire format transmissions of SOAP messages.


without the pror wrtten permission of lBM.

1-35

El color azul de la impresin garanliza la autenticidad de este documento@ Coryright

ining

Features comparison (3 of 3)Feature xt50 xs40 XA35

Full XML threat protection

Web application firewall

WSDl-based configuration ,/

Direct database access g>n .Pfccnia

Multi-protocol gateway (HTTP, HTTPS)TIBCO EMS support

IBM WebSphere MQ client

Binary-XM L transformations (DataGlue)IBM Tivoli Access Manager support

O Copyright

Figure 1-34. Features comparson (3 of 3) w8555 / V85552.0

Notes

1-36 Accelerate, Secure and lntegrate with DataPower @ Copyright IBM Corp. 2009Course materals may not be reproduced in whole or in part


)

))

)

)

)

)

\

)

))

))))

)

.i

.,

J.))

.J

.JJJJJ\)\)90

El color azul de la impresin garantiza la autenticidad de este docurnento@ Copyrioht


Topic summaryHaving completed this topic, you should be able to:. Describe the different features in the IBM Websphere

DataPower SOA Appliance product line-

Application Integration Xl50-

XML Security Gateway XS40-

XML Accelerator XA35

' ldentify the sections of the TCP/IP network protocol stack thatare secured by DataPower SOA appliances-

Application layer device that operates on web applications, XML-based applications, and Web services

O Copyright lB,4 Corporaton 2009


Notes:

w8555 / V85552.0

,)

.)

.

,i

.t.jJL

IJt

@ Gopyright IBM Corp. 2009 Unit 1. lntroduction to DataPower SOA AppliancesCourse materials may not be reproduced in whole or in part


1-37

El color azul de la impresn qatantza la autelticidad (ie este clooL.utentoO Oopyrlcht

ining

Checkpoint

1. What is an XMl-aware network? Why is it important toimplement an XMl-aware network in an SOA?

2. What features of the DataPower SOA appliance make itsecure from attacks?

3. Name all IBM WebSphere DataPower SOA appliancesproduct offerings and their main features, respectively.

@ Copyrght IBM Corporaton 2009

J

Figure 1-36. Checoint

Nofes.'Write your answers here:

1.

2.

3.

wB5s5 / V85552.0

)

.t

_)t

.)

J

).i

-JJJJJJJJ

1-38 Accelerate, Secure and Integrate with DataPower @ Copyright IBM Corp; 2009Course materals may not be reproduced in whole or in part

without the prior written permlssion of lBM.

El color azul de la impresin garantiza la autenticidad de este documentoO Copyright

J.9UIolrl

IBM Training Sfu ook

Unit summaryHaving completed this unit, you should be able to:. Describe and define the role of an SOA appliance. ldentify the products in the Websphere DataPower SOA

Appliance product line. Describe how to use WebSphere DataPower SOA Appliances

in an enterprise architecture

)

)

)

)

)

)

)

)

)

)

)

))

))

))

)

.,)-))

.,)

.):).lJJJJIeoo

Figure 1-37. Unit summary

Nofes.'

@ Copyright IBM Corp. 2009 Unit 1. lntroduction to DataPower SOA AppliancesCourse materials may not be reproduced in whole or n part

wthout the prior written permisson of lBM.

1-39

El color azul de la impresin garantiza la autenticidad de este docunrentoO Copyright

w8555 / V85552.0

ngr.larlo(-).-)a.)aarlaooOooooo(l()()i)()OoOOoO()ooOo(Jouu(,\)(,(,It)9IOooo

1-40 Accelerate, Secure and Integrate with DataPower @ Copyright IBM Corp. 2009Course materials may not be reproduced in whole or n part

wlthout the prior wrtten permlsslon ot lBM.

El color azul de la impresin garantiza la autenticdad de este documento.@ Copyright

accelerate secure and lntegrate with ibm websphere datapower soa appliances - vol 1

Documents

javabased trademarks

united statesandor

trademark of adobe systems

soauses of xml

datapower device

marks of vmware

ibm corp

service marks