ibm websphere datapower soa appliances what’s new in 2012 ... · crm hr erp credit card datapower...
TRANSCRIPT
1
IBM WebSphere DataPower SOA AppliancesWhat’s new in 2012 and beyond
Peter BrabecWebSphere System Z Brand LeaderDataPower [email protected]: +43 664 618 67 06
2
Agenda
• Over a Decade of Innovation• The 9005 Hardware• Current Capabilities• Application Optimization• DataPower Futures• DataPower Use Cases
3
Over a Decade of Innovation ….
1999
2000
2001
2002
20032004
20052006
20072008
20092010
XSLJITOptimizedSoftwareCompiler
XG4Gigabit/Sec
OEM HWSolution
Acquisition
ITCAMfor
SOAModel9235
DGXTOptimalSoftware
Interpreter
XG3OptimizedHardware
Acceleration
Model7993
WebSphereTransformation
Extender
AOSelf-Balancingand Intelligent
Load Distribution
XA35
XS40
XI50
XB60
XM70
CloudBurst
4
WebSphere DataPower SOA Appliances Roadmap
3.6.0Oct 2006
3.6.0.xJune 2007
WebSphere DataStage TX Design Studio integration
Denotes Major releaseDenotes Minor release
Fix pack delivery ongoing
3.6.1Dec 2007
Improved WS-* Standards support
Enhanced ease of use Improved 3rd party connectivity New MS functional capabilities
3.6.0.xDec 2006
3.6.0.xMar 2007
3.7.1Aug 2008
WS-Policy Enhancements WS-SecurityPolicy Interop Database Enhancements Consumability and Serviceability Customer-driven enhancements
3.7.2Dec 2008
3.7.32Q 2009
V.xQ4 2009
V.x+1Q2 2010
WTX improvements TAM 6.1 / TFIM 6.2 RACF integration Serviceability enhancements
IPv6 IE7 browser support Enhanced WTX integration Enhanced WSRR integration Serviceability enhancements
WebSphere MQ7 support AS1 support (XB60) Enhanced load balancing z/OS integration enhancements
V.x+2Q2 2010
4
All statements regarding IBM's future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only. This information is for planning purposes only. The information herein is subject to change before the products described become
available.
IBM Confidential
5
Continues in 2011!
XI50B
XC10Cast Iron
Acquisition 2010
2011
XH40
HMCHMC
XI50z
XI52
XB62
WAMC
XG45
6
2012 Roadmap
1H2012
2H2012
V5 Firmware Enhancements (GA 26/6/2012)• Supports 9004 + 9005 devices• Large file support for 9005• Large Configuration Extensions• Additional Standards Support Oauth,
X12, EDIFACT• WTX Industry Packs• Governance & SLA Enhancements• Application Optimization for XG45
VNext Firmware Enhancements - Candidates• Additional Standards Support for Oauth• High Availability Enhancements• Additional Edge of Network Capabilities• Monitoring Enhancements• Multi tenancy improvements• Customer Enhancement requests
7
7
WebSphere DataPower Appliances…
WebSphere DataPower Appliances provide a low startup cost,helping clients increase ROI and reduce TCO with specialized, consumable, dedicated appliances that
combine superior performance and hardened security
SIMPLIFY your connectivity infrastructure
ACCELERATE your time to value
SECURE your SOA, Web 2.0, B2B, and Cloud environments
GOVERN your evolving IT architecture
8
DataPower – A Purpose Built Appliance
Specialized compiler technology creates
optimized executable object code from
transformations (e.g. XSLT) that execute
natively on hardware
Everything is viewed as a transformation that is
extensible via DataPower custom extension functions
Purpose-built hardware to execute SOA workloads and
transformations
High-performing throughput-optimized
engine yields wire-speed capabilities
99
Configuration-driven approach speeds time to market• Enforce security standards with zero coding• Uses intuitive pipeline message processing• Import/export configurations between
environments• Transaction probe shows message content
between actions for debugging
Smarter Business Agility with WebSphere DataPower Appliances
1010
New streamlined WebSphere DataPower Appliance offering meets your Security and Connectivity needs
Integration Appliance XI52, XI50b and XI50z• Additional Network Interfaces• More HDD for logging and Audit• Increased performance• SFTP
B2B Appliance XB62 Unparalleled B2B performance Secure B2B messaging (EDIINT AS1, AS2, AS3) Trading Partner Profile management
Transaction viewing and resending EDI and ebXML Support Native MQ FTE Integration
Service Gateway XG45• Multiprotocol• Enhanced Security Capabilities• Routing and Service Level Management• Fine-grained authorization• Includes Tivoli Option (TAM / TFIM access)
• Centralized Policy Enforcement• Rich authentication• Application Optimization and Load Balancing• Data Integration Module – includes binary Data support
and ODBC
• IMS Connect• TIBCO EMS• ODBC• Tivoli Option
11
DataPower Product FamilyIntegration Appliance XI52
Hardware ESB “Any-to-Any” Conversion at wire-speed Bridges multiple protocols Self Balancing and Load Distribution
Integration Appliance XI50z / XI50b XI52 Blades in an HW integrated form
factor Special drivers ans SW for zEnterprise or
xBlade integration Configuration, Network, Monitoring…
B2B Appliance XB62 B2B Messaging (AS1/AS2/AS3) Trading Partner Profile Management B2B Transaction Viewer
Service Gateway XG45 Enhanced Security Capabilities Centralized Policy Enforcement Fine-grained Authorization and
Authentication
12
New Hardware Platform: 7199 (9005) – XI52, XB62
Features Customer Replaceable Units (CRUs) and Field Replaceable Units (FRUs) Higher performance purpose-built hardware Hard drive standard but not required for proper operation 1 Gb and 10 Gb ports standard 2U in size
8 1-Gigabit Ethernet
NICs
RAID mirroring and striping across four drives
2 10-Gigabit Ethernet NICs
13
• Next-generation 1U rackmount DataPower appliance hardware form-factor– Increased performance
• XG45 is the next-generation of the current XS40 appliances– Has all XS40 capabilities– Now includes Tivoli Access Manager client, WebSphere MQ client and WebSphere
JMS client support– Data Integration Module upgrade option which includes database connectivity, any-to-
any transformation and PKCS7 cryptography (available at initial order as well as upgradeable later)
• Requires DataPower firmware version 4.0.2 and later13
New Hardware Platform: 7198 (9005) – XG4524
Gigabytes Memory
RAID mirroring and striping across two 300GB drives
4 1-Gigabit Ethernet NICs
2 10-Gigabit Ethernet
NICs
14
SOA Security & Integration Operational Scenario
1. External Party makes Web Service request (Web Services = HTTPS with XML Payload)
8. Transform XML9. Switch protocol (e.g. HTTP to MQ) 10. Route based on content
Web Services Interfaces
FI Owned SystemsExternal Systems
Payment
Interfaces/Protocols
HTTP MQ JMS DB FTP
AccountAggregation
Invoice/Payment
Broker Portal
CustomerPortal
External Systems: different division, partners, consumers, etc
14. Send to security layer13. Transform response12. Switch protocol11. Aggregate response
17. Send response back16. Encrypt & Sign15. Filter response
Protocol switch
Content Routing
Transform XML
Authenticate
Authorize
Audit
Decrypt XML
Verify Sign.
Validate
6. Insert security token (e.g. SAML, Kerberos)7. Send request to integration layer
DataPower XS40
DataPower XS40
Tivoli Access Manager
WebSphere App Server
MQ Server
Web service client
Nortel L7 Module
Tivoli NetView
Identity Mgmt System (Tivoli, LDAP, etc)
Core Enterprise SystemsAccountServices
ERPHRCRM Credit Card
DataPower Integration Appliance (XI52 or XG45 + DIM)
2. Verify Signature3. Decrypt & Validate 4. Access Identity Mgmt System5. Authenticate & authorize
Request Message
Response Message
Payment
other
MQ, JMS, FTP, HTTP, etc.
HTTP
Security LayerIntegration Layer
HTTP
DataPower Service Gateway (XG45)
15
WebSphere DataPower appliances support 8 basic Use CasesInternet Trusted Domain
Business
Consumer
1 B2B Partner Gateway
2 Secure Gateway (Web Services, Web Applications)
3 Intelligent Load Distribution
Application
Application
System z
DMZ
4 Internal Security
5 Enterprise Service Bus
6 Web Service Management
7 Legacy Integration
8 Run time SOA Governance
Each Use Case offers unique value propositions that result
in decreased costs and improved productivity and
performance
HMCHMC
1616
WebSphere DataPower XI50z for zEnterprise• XI52 features optimized in a dense,
high compute IBM zEnterprise BladeCenter Extension (zBX) form-factor
• Supports all ESB, Security, and Integration capabilities of DataPower XI52
• Purpose-built Integration Appliance• Highest capacity DataPower appliance
for SOA workloads optimized for zEnterprise environments
• Tightly integrated with zEnterprise– Unified hardware and firmware
management through the Hardware Management Console (HMC)
– Inherits serviceability, monitoring and reporting capabilities of zEnterprise
HMCHMC
17
What’s New in 4.0.2
• Support for XG45• Support for HSM for XI52, XB62, and XG45• Reliability Enhancements• Serviceability Enhancements• Maintain Session Affinity across failure using Application Optimization
18
DataPower Use Case• Monitoring and control
– Example: centralized ingress management for all Web Services using ITCAM SOA• Deep-content routing and data aggregation
– Example: XPath (content) routing on Web Service parameters• Functional acceleration
– Example: XSLT, WS Security• Application-layer security and threat protection
– Example: XML Denial-of-Service protection, WS Security, AAA• Protocol and message bridging
– Example: Convert to WS to legacy Cobol/MQ
Service Providers
Clients
In-the-clear SOAP/HTTP
MaliciousSOAP/HTTP
Service Provider
SOAP
SOAP
SOAP
Cobol/MQ Appl
Cobol/MQ
Encrypted and Signed SOAP/HTTP
In-the-clear SOAP/HTTP
19
Security and Governance• Hosting secure DMZ functions and enforcement requires secure
hardware• Virtualized and software approaches
– Enables the enforcement of dynamically changing policies to govern who can access what, how, and when
– Subject to hacks and incomplete hardware security• Network and infrastructure approach
– Rely on closed, obfuscated, and cryptographic hardware capabilities to completely secure platform
– Devices still largely configuration centric without a cohesive approach for end-to-end governance
• DataPower approach– Leverage hardware componentry to secure platform
• Trusted platform module• Intrusion detection• Encrypted flash drive
– Participate in broader data-center centric approach to overall solution “application-fluent governance”
TPM Chip
2020
Internet Trusted Domain
Consumer
ConsumerApplication
Application
System z
DMZ
Current infrastructure tends to be complex and fragmentedSmarter Business Agility with WebSphere DataPower Appliances
IP-Based Load Balancing
Monitoring
Access Control
Authentication
Caching
Traffic Shaping
SSL Offloading
Identity Federation
Transformation
Caching
Transformation
IP-Based Load Balancing
Protocol Mediation
Validation
21
Evolution of the Edge
Pac
ket
Filt
er
Pac
ket
Filt
er
intranet [Software + appliances]Internet
ESB
DMZ [Appliances ONLY]
datacenter
users
internaluser
intrusiondetection
identityfederation
loadbalancing
WAN and connection
optimization
application-awaretransformations
loadbalancing
caching
Security policy
enforcement
monitoring
intrusionprevention
trafficshaping
trafficshaping
DataPowerXG45
ISS
NEPs
caching
NEPs
IHS plugin, Proxy Server,Edge Server
XDoSprotection
QoS policyenforcement
WebSphere VE (XD)W
datacenter
WebSeal
SSL offload
extensible rules
Fine grainAccess control
XI52, WESB, WMB
Increased processing requirements in the DMZ: Load distribution, security,
monitoring, traffic management
clouds
threats
WSJ2EEWebREST
2222
DataPower + AO consolidates the infrastructureInternet Trusted Domain
Consumer
ConsumerApplication
Application
System z
DMZ
Smarter Business Agility with WebSphere DataPower Appliances
Application Optimization
SOA Optimization
- Application Intelligence- Application Security- SSL Acceleration
- XML Intelligence- XML Security- Routing, Transformation, Mediation
23
Service Provider
Active/Passive failover of distributor using standby control
Self balancing (IP spraying)s pushed to
DataPower Tier
Clients
Application Optimization: Self Balancing
Failure of target appliances are masked
by appropriate weighted distribution
Third-party IP sprayer
2424
Smarter Business Agility with WebSphere DataPower Appliances
Use Self Balancing for high availability and capacity scaling
Configure the appliances to share a single IP address
Leverages proven, world-class IBM technology (e.g., Sysplex Distributor)
Eliminates dependency on a separate load balancers
Built for automatic failover
2525
Smarter Business Agility with WebSphere DataPower Appliances
Provide application-aware Intelligent Load Distribution
Auto-discovers application targets using dynamic feedback mechanism
Uses intelligent weighted distribution algorithms based on current server load
Provides several options for enabling session affinity
Combine with traditional DataPower load balancing options for flexibility
26
Distributor HA Support
• Previous firmware suffered from distribution limitations– Distributor appliance quiesce leads to termination of existing connections– Distributor appliance failure leads to termination of existing connections
• New support enables connection state replication for distributor takeover without loss off connections
27
Trend: Technological Convergence
PH
Y
DLC)IPTC
P
HTT
P
XM
L
SO
AP
Business Goals
Technological Scope
Consistent Target
Runtime
Business goals are defined and mapped to appropriate technology based on application fluency
Enforcement across appropriate technological scope in a simple, highly performing, consistent platform
Service Policy
28
Trend: Technological ConvergencePolicy Semantics
Tech
nolo
gica
l Sco
pe
Security Traffic management
SLAs Dynamic routing
SOA
XML
JSON
REST
HTTP
TCP
IP
Caching
• Challenges– Lack of industry standards
(though this is progressing in some areas)
– Consistency of once-heterogeneous solutions
– Organizational barriers
29
29
User
Application tier
Hig
h L o
ad
Slow Response
Business Goals and Requirements
IT Project
Mappingrequirements
Config lifecyclemanagement
Production monitoring
Asset creation
OperationalInstability
Deployment Rigidity
High Cost of Ownership
Intermediary runtimes
Solution Pain Points
30
30
User
Application tier
Low
Loa
d
Fast Response
Business Goals and Requirements
Policy Definition and Association OperationalStability
BusinessAgility
Low Cost of Ownership
Policy enforcement in a
converged intermediary
Vision for the Edge
31
Today: On-Premise Deployment to AppliancesDataPower has a
collection of management tools and
APIs including WebSphere Appliance Management Center
WebSphere Appliance Management Toolkit (WAMT)
WAMT enables deployment of configuration
packages with associated policies
Customer provided
scripts and tools
Tools can deploy solution images and
DataPower configuration
packages per solution template
32
WebSphere Appliance Management Center
• Provide multi-box DataPower appliance management– Support managed sets of different appliance models & firmware– Exploits new support for managed domain tasks, configuration &
firmware deployments– Manage deployment policies for DataPower appliances,
individually or in managed sets• Simplified installation
– Enhanced Installation – for simplification and faster time to value• DataPower currency
– Support latest DP devices and agent platforms - for increased adoption
• Enhanced monitoring capability for more DataPower appliances KPIs– Out of the box monitoring of DataPower device – for visibility and
control of DataPower performance and availability• Ease of Use
– Enhanced Configuration UI – ease of use navigation by user role• Seamless integration into the Tivoli Monitoring infrastructure
– Integrates into IBM’s Service Management solution
32
Simplified Operations Management reduces operations costs
33
Directions• Focus:
– Address customer requirements based on ongoing interaction and feedback
– Maintain currency with Industry standards and specifications– Exploit IBM Technological leadership
• Potential Enhancements include:– Expanded Hardware Support– Expanded Security Standards Support– Enhanced integration with WebSphere Service Registry and
Repository– Reliability, Availability, and Serviceability enhancements– SLM enhancements
34
Documentation and Additional Information• DataPower Home Page:
– http://www-01.ibm.com/software/integration/datapower/• DataPower Library (brochures, case studies, documentation, Red
books, etc)– http://www-01.ibm.com/software/integration/datapower/library/
• DataPower Education and Training– http://www-
01.ibm.com/software/websphere/education/curriculum/soa/datapower/index.html
• WebSphere Application Acceleration Solutions– http://www-01.ibm.com/software/websphere/products/application-
infrastructure/application-acceleration/index.html
35
DataPower Customer Examples and Use Cases• Finance• Energy and Utilities• Government• Health Care
36
VISA InternationalProvide Greater Agility, Flexibility & Adaptability
Solution• Implemented WebSphere DataPower XML Security Gateway
XS40 to form the backbone of Web services infrastructure• Through content-based message routing, security policy
enforcement & data encryption, the XS40 helps to ensure safe & efficient flow of confidential customer data between Web site & backend systems
• Integrated seamlessly into existing heterogeneous environment increasing interoperability & promoting reuse
Benefits• Secure SOA on standards-based platform • Easily reuse Web services throughout enterprise• Boosts productivity of IT staff• Substantially shorten time to market for new services
• WebSphere DataPower XML Security Gateway XS40
• WebSphere Application Server
Challenge• Consistently & securely delivery of online services to members
that could be shared, integrated & flexible to meet specific needs• Web services infrastructure needed to support highly secure data
routing with daily high volume & sensitive nature of information
Wells FargoESB Infrastructure in a Heterogeneous Environment
Challenge Introducing SOA capabilities Enhancing current heterogeneous IT infrastructure Existing point-to-point home built solution connected
enterprise web applications via WebSphere Message Broker
Solution Implemented WebSphere DataPower Integration
Appliance XI50 for message routing, transformation, logging and security
Benefits Enabled quicker time to value for business initiatives WebSphere DataPower
Integration Appliance XI50 WebSphere MQ WebSphere Message
Broker
Access ControlSub-system
ING Bank Slaski Connecting to Enterprise SOA & Web Services
Solution Deployed WebSphere DataPower Integration Appliance
XI50 for protocol bridging (integration) & data transformation
The XI50 bridges protocol to MQ, which System i understands
Exposed services based on SOAP Client data is sent in XML, the XI50 converts the data
from ASCII to EBCDIC to System i formatBenefits No required application or platform changes to System i Ability to work with newest industry standards (SOAP,
XML) Provides a faster ROI & flexibility
WebSphere DataPower Integration Appliance XI50
WebSphere MQ System i
Challenge Integrate clients to core banking systems (System i)
without making changes to application Ability for clients to access banks’ services 24/7
3939
Bank of AmericaSimplification of Network Infrastructure
Challenge Multiple point hardware and software solutions providing
backbone network routing and load balancing Many different management control points leading to
operational complexity and unplanned network outages
Solution Upgraded existing XS40’s and XI50’s with Application
Optimization software feature Installation of new XI52’s to ensure 100% up time for
backbone networkBenefits Improve utilization of all application servers across
enterprise Significant cost reductions as a result of eliminating
multiple products Simplification of operational environment Improved utilization of backbone network resulting in
improved throughput
WebSphere DataPower Integration Appliance XS40, XI50, and XI52 with Application Optimization
WebSphere MQ
Internet Clients
40
WebSphere DataPower• Use as front side handler to collect events and data• Protect and inspect XML traffic across all network boundaries• Web Services Security
DataPower for Smart Meters
41
AMI Security frameworks are using DataPower between the Meter Head End System and the ESB.
CustomerUser MgmtRepositoryPolicy
Authoring &Management
System
Identity, Federation& Access
ManagementSystems
InternetWeb Portal
Work MgmtSystem Apps
OutageMgmtSystem Apps
FinancialMgmtSystem Apps
LoadMgmt System Apps
InternalEmployee /ContractorRepository
Enterprise Service Bus
Security Services Gateway (Security Enforcement)
Meter HeadEnd
MeterDataMgt System
Customer SelfCare Apps
B2C Apps
Web SvcsRegistry
Logging and Compliance Monitoring System
Web Services Traffic
HTTP Traffic
Policy Distribution
Identity provisioning
IntranetWeb
Portal*
Intranet SSO
ReverseProxy
Internet SSO
ReverseProxy
* Optional
Firewalls
Log data collection
Vendor dependent(Web Svcs shown)
TSPMTSIEM
TDS
TIM TAMeb
TAM -WebSEAL
TAMWebSEALTSPM -
RTSSData
Power
TFIM
XMLFirewallDataPower
Proventia Server
Proventia Server
ISS Managed Security Services
Prov
entia
IPS
Proventia IPS
Proventia IPS
Proventia IPS
Proventia IPS
Fidelis
SiteProtector
ApplicationVulnerability Scanning System
RationalAppScan
42
Energy Australia• Client Background: Energy Australia delivers electricity to
over 1.5 million homes and business across Australia.
• Business Need: Previously, the company would deploy a data logger at a specific site to be retrieved later. Likewise, crews were also dispatched to patrol the line looking for a fault location, a difficult and time-intensive process.
Energy Australia wanted to become more digitally aware and speed fault restoration times for customers, as well as implement a preventative maintenance program.
Solution: Energy Australia engaged IBM Global Business Services to design, build and integrate a new system that utilizes over 14,000 DISCOS sensing devices from IBM Business Partner PowerSense S/A.
An IBM DataPower XI50 Appliance device and IBM WebSphere Transformation Extender software function as a message handling system, routing data from the sensing devices to various systems. Data is displayed in a portal built using IBM WebSphere Application Server software. The new user visualization allows company staff to monitor the electrical distribution system and make informed decisions about network management. This solution is based on IBM’s SAFE Framework.
43
Oncor
• Client Background: Oncor Electric Delivery is a regulated transmission and distribution utility in Texas.
• Business Need: As automated energy meter reading technologies become more prevalent in the industry, so will the energy supplier's need to scale and meet millions of transactions per day.
• Solution: IBM SWG and GBS were engaged to build an automated e-meter solution for Oncor. This project, through the deployment of these automated power meters, has transformed the energy marketplace and how energy is consumed.
– DataPower provides the capability to secure and transform business traffic flowing from the automated meter head end system into the back-end enterprise systems.
– DataPower provides the ability to scale the high traffic requirements, secure all inbound transactions, and broker messages to Oncor's internal Tibco infrastructure. WASND provided a secure, reliable and scalable solution for a large scale MDM solution that ensures business opportunities are not lost due to downtime.
44
Background– Deploy 3.4M smart meters to
residential/non-residential by 2012
– Transform web portal to access meters & customer information
Challenges– Centralize security policy
governance critical in a distributed environment
– Protect data store and web portal against unauthorized access
– Address NERC/FERC and privacy data compliance needs
– Reduce cost of managing web services security and administration across multiple data centers
IBM Solution– Tivoli Security for IAM, Security Policy and Compliance
Management – WebSphere DataPower SOA appliance for XML firewall – WebSphere Service Registry & Repository for services store – 3rd party ESB for mediating legacy systems– IBM Global Business Services leading the process
transformation effort
Datapower was just one part of the IBM security framework that IBM delivered to Oncor for their smart grid project.
45
London UndergroundTransformation & Routing Messages
Challenge• Train data collected by the London Underground
network used by both the Network Rail (NR) & London Underground (LU) is collected by NR servers
• The data, transmitted by NR in MQ messages needed to be integrated into the LU management network via a new train information system (TrackerNet)
Solution• Implemented WebSphere DataPower Integration
Appliance XI50• The XI50 transforms all collected MQ messages
over Internet from the NR application server for consumption at TrackerNet
Benefits• Ensures fast delivery of train data to TrackerNet• Provides a fast & simple solution as the on-ramp to
MQ at Network Rail • Did not have to deploy a full MQ infrastructure with
the attendant expertise requirement
• WebSphere DataPower Integration Appliance XI50
• WebSphere MQ
46
Los Angeles County’s Information Systems Advisory Board Reduced Complexity of XML Web Services
Solution• Implemented WebSphere DataPower XML Security
Gateway XS40 to secure & encrypt XML transactions• Easily adapt to changing standards, policies & partners• Supports government standards such as:
– FIPS Level 3 HSM– PKI Certified by DoD JITC– Common Criteria EAL4 under evaluation– GSA eAuthentication– HSPD-12
Benefits• Implemented devices quickly & easily• Meet security requirement & reduce complexity• Ability to integrate easily with agencies• Cost-effective solution to encrypt & secure XML
transactions
WebSphere DataPower XML Security Gateway XS40
Challenge• Sharing & securing confidential criminal information with
agencies in other counties & states• Quick access to criminal data
47
Blue Cross Blue Shield of FloridaSecurity Provisioning and Enforcement
Challenge• XML Messages with Attachments coming from other
Blues in the Association need to be authenticated, authorized, and virus scanned
Solution• Implemented WebSphere DataPower Integration
Appliance XI50 to provide security mediation and integration into existing Symantec and SiteMinder infrastructure
Benefits• Virus Scanning is done in the DMZ, preventing virus’
from getting behind the firewall• WebSphere DataPower can be extended to secure
internal message traffic flowing through WebSphere Message Broker
• Best of Breed architecture for Identity Management, Virus Scanning, and XML Security
• WebSphere DataPower Integration Appliance XI50
• WebSphere Message Broker
48
Commonwealth of Massachusetts Executive Office of Health & Human ServicesSOA Governance & Interaction Among Heterogeneous Applications
Challenge• In-house service bus lacked in synchronous messaging &
service level management• Effectively implement SOA Governance to realize the benefits
of SOASolution• Implemented WebSphere DataPower Integration Appliance
XI50 for easy Web services management, wirespeed performance & flexibility
• Deployed as a reverse proxy, providing schema validation & trust formations
• Augmented existing in-house service bus & WebSphere MQBenefits• WebSphere DataPower will reduce EOHHS’s monthly total
cost of ownership expenses• Satisfied EOHHS’ security & reliability concerns• Does not create any measurable impact on existing
infrastructure• Drove SOA adoption
• WebSphere DataPower Integration Appliance XI50
• WebSphere MQ
49
Commonwealth of Massachusetts Executive Office of Health & Human ServicesPhase 2 – Business to Business Connectivity
Challenge• Interaction with Hospitals, Dr.’s, and Insurance companies was
manual, and had lengthy processing delays• Connectivity with secure interaction required by health care
regulationsSolution• Implemented WebSphere DataPower B2B Appliance to
enable trading partner interactions without the need for partners or the Commonwealth to make application modifications
• XB60 deployed in DMZ to ensure secure communications, protecting both the State and trading partners
Benefits• WebSphere DataPower dramatically reduced EOHHS’s cost
of interacting with trading partners• Satisfied EOHHS’ security & reliability concerns• Reduced processing times from 2 week average to 48 hour• Enables rapid connectivity to new trading partners – no
infrastructure modifications required• WebSphere DataPower Business
to Business Gateway XB60
Trading Partner
Trading Partner
AS1
AS2
AS3
50
Documentation and Additional Information• DataPower Home Page:
– http://www-01.ibm.com/software/integration/datapower/• DataPower Library (brochures, case studies, documentation, Red
books, etc)– http://www-01.ibm.com/software/integration/datapower/library/
• DataPower Education and Training– http://www-
01.ibm.com/software/websphere/education/curriculum/soa/datapower/index.html
• WebSphere Application Acceleration Solutions– http://www-01.ibm.com/software/websphere/products/application-
infrastructure/application-acceleration/index.html