Möt dagens utmaningar genom en robust integrationsplatform.
Läs mer om integration på länkarna: Informationsintegrering (http://www-03.ibm.com/software/products/sv/category/SWP00) respektive konnektivitet & integration (http://www-03.ibm.com/software/products/sv/category/SW666)
9. Great…but what about SOA?
A Service
Service Orientation
A repeatable
business task –
e.g., check customer
credit; open new
account
A way of thinking about
your business through
linked services and the
outcomes that they
bring
Service Oriented
Architecture (SOA)
An business-centric architectural
approach based on service
oriented principles
9
10. SOA mediates between consumers and providers (ESB pattern)
APIs
Cloud
Services
Partners
Suppliers
Apps
Patterns
2005: Connecting and mediating in an IT
transactional context
2010: Connecting and mediating e2e processes
10
Customers
2015: Connecting and mediating people,
devices, Cloud, ….
Developers
11. The World As We Knew It
WAS, CICS, IMS
Application platforms
provide containers for
application and
buisness logics
Messaging backbone in
the data center
MQ
12. Why is Messaging Important?
Synchronous
Asynchronous
Improvements in network reliability haven’t eliminated failures
Failure handling still more effective and simpler to implement by separating it out from
business and application logic
–
Connectivity interruptions handled seamlessly without needing expert application integration skills
Consistent interfaces, no matter the system, or the application programming language
– Removes complexity from application, reducing time and cost for development and
maintenance
Moves any type of data and any type of system, device or environment
Can provide variety of qualities of service
–
–
12
Persistence, non-persistence
Point-to-point, publish/subscribe, multicast
–
Move from batch and offline processing, to real-time event driven architectures
13. Build a universal messaging backbone
Managed File Transfers
Improve reliability and security
leveraging the internal
messaging backbone
Enhanced end-to-end
security
Securing your business data
and helping meet industry
regulations
Application Connectivity
Moving data between applications,
systems and services using MQI, JMS,
REST, HTTP, Web Services, etc.
Connect remote devices,
mobile enterprise and
sensors
Harness the power of data
outside your internal
network
Ultra low latency messaging
Highest message throughput and
lowest message latency over any
transport
Use WebSphere MQ to flexibly integrate the pieces of your business
13
14. 1
4
IBM WebSphere MQ 7.5 highlights
– Enhanced utilization of messaging through
use of Managed File Transfer solutions
over the messaging backbone
WMQ
V7.5
WMQ
Telemetry
– Access to end-to-end message encryption
capability with a single install
WMQ AMS
– Increased entitlement to integrated
Telemetry capabilities reducing TCO of
Mobile applications and smarter planet
technology
WMQ MFT
Agent + Service
– Client applications gain access to
transactional integrity and updates across
all environments
WebSphere MQ becomes a single offering with a
single install on distributed platforms, with the existing
WMQ FTE and WMQ AMS code integrated as a part of
the WMQ Server
14 14
A fully integrated messaging
solution with secure, reliable and
scalable data movement for today’s
development needs
15. Message Level Security
“Valuable” messages
– In flight on the network
– At rest, on disk
– Monitoring and control messages
Large networks, difficult to prove security of messages
– Injection
– Modification
– Unauthorized viewing
Data subject to standards compliance (PCI, HIPAA, etc)
– Credit card data protected by PCI
– Confidential & personal data (government / healthcare etc)
– Data at rest, administrative privileges, etc
16. Message Level Security - Requirements
Assurance that messages have not been altered in transit
– When issuing payment information messages, ensure the payment amount does not change before
reaching the receiver
Assurance that messages originated from the expected source
– When processing control messages, validate the sender
Assurance that messages can only be viewed by intended recipient(s)
– When sending confidential information
17. WebSphere MQ AMS – Signed Message Format (Integrity
Policy)
Original MQ Message
AMS Signed Message
Message Properties
Message Properties
PDMQ Header
PKCS #7 Envelope
Message Data
Message Data
Signature
18. WebSphere MQ AMS – Encrypted Message Format (Privacy
Policy)
Original MQ Message
Message Properties
AMS Encrypted Message
Message Properties
PDMQ Header
PKCS #7 Envelope
Message Data
Key encrypted with certificate
Data encrypted with key
Message Data
Signature
19. How to secure an existing MQ application – No protection
Alice
Sending
App
ORDERS
STOCK
Bob
Receiving
App
20. How to secure an existing MQ application SPLCAP(ENABLED)
Alice
Sending
App
ORDERS
STOCK
1.Install WebSphere MQ 7.5 AMS Component on server
Bob
Receiving
App
21. How to secure an existing MQ application – Assign Certificates
Alice
Sending
App
ORDERS
STOCK
Bob
Receiving
App
Keystore
Keystore
Alice Private
Alice Public
Bob Private
Bob Public
1.Install WebSphere MQ 7.5 AMS Component on server
2.Create certificates (public / private key pairs)
22. How to secure an existing MQ application – Exchange Public
Key
Alice
Sending
App
ORDERS
STOCK
Bob
Receiving
App
Keystore
Keystore
Alice Private
Alice Public
Bob Private
Bob Public
Bob Public
Alice Public
1.Install WebSphere MQ 7.5 AMS Component on server
2.Create certificates (public / private key pairs)
3.Exchange public keys
23. How to secure an existing MQ application – Set security policy
Policy
ORDERS
Privacy
Recipient : Bob
Signer : Alice
Alice
Sending
App
ORDERS
STOCK
Bob
Receiving
App
Keystore
Keystore
Alice Private
Alice Public
Bob Private
Bob Public
Bob Public
Alice Public
1.Install WebSphere MQ 7.5 AMS Component on server
2.Create certificates (public / private key pairs)
3.Exchange public keys
4.Define security policy for the queue
24. How to secure an existing MQ application – Privacy & Integrity
Policy
ORDERS
Privacy
Recipient : Bob
Signer : Alice
Alice
Sending
App
Keystore
Alice Private
Alice Public
Bob Public
ORDERS
STOCK
Bob
Receiving
App
Charlie
Keystore
Send/Rcv
App
Bob Private
Bob Public
Alice Public
1.Install WebSphere MQ 7.5 AMS Component on server
2.Create certificates (public / private key pairs)
3.Exchange public keys
4.Define security policy for the queue
5.Messages can only be viewed by Bob, Bob will only accept messages from Alice
25. WebSphere MQ Advanced Message Security
Provides additional security to that provided by base MQ
Non-invasive
– No code changes or re-linking of applications
End-to-end security, message level protection
– A security policy defines what protection should be applied to messages
Asymmetric cryptography used to protect each message
– Integrity Policies prove message origin, content not changed
– Privacy policies as per integrity plus each message encrypted with unique key
AMS Policies
–Integrity (End-to-end digital signing of messages)
–Privacy (End-to-end message content encryption)
26. How do most organizations move files today?
Most organizations rely on a mix of home-grown code,
several legacy products and different technologies …
and even people!
FTP
– Typically File Transfer Protocol (FTP) is combined with writing and maintaining homegrown
code to address its limitations
Why is FTP use so widespread?
– FTP is widely available – Lowest common denominator
– Promises a quick fix – repent at leisure
– Simple concepts – low technical skills needed to get started
– FTP products seem “free”, simple, intuitive and ubiquitous
Legacy File Transfer products
– A combination of products often used to provide silo solutions
– Often based on proprietary versions of FTP protocol
– Can’t transport other forms of data besides files
– Usually well integrated with B2B but rarely able to work with the rest of the IT infrastructure –
especially with SOA
People
– From IT Staff to Business staff and even Security Personnel
– Using a combination of email, fax, phone, mail, memory keys…
27. Shortcomings of Basic FTP
Limited
Reliability
Unreliable delivery – Lacking
checkpoint restart – Files can
be lost
Transfers can terminate
without notification or any
record – corrupt or partial
files can be accidentally used
File data can be unusable
after transfer – lack of
Character Set conversion
Limited
Flexibility
Changes to file transfers often require updates to many
ftp scripts that are typically scattered across machines
and require platform-specific skills to alter
All resources usually have to be available concurrently
Often only one ftp transfer can run at a time
Typically transfers cannot be prioritized
Limited
Security
Often usernames and
passwords are sent with file –
as plain text!
Privacy, authentication and
encryption often not be
available
Non-repudiation often lacking
Limited visibility
and traceability
Transfers cannot be monitored and managed
centrally or remotely
Logging capabilities may be limited and may only
record transfers between directly connected systems
Cannot track the entire journey of files – not just from
one machine to the next but from the start of its
journey to its final destination
36. The Changing World: Towards SOA
WAS, CICS, IMS
Integration Bus
Application platforms
provide containers for
application and
buisness logics
Enterprise Service Bus integrates
apps/data/services and partners,
appliance provides integration
gateway to heritage services
Messaging backbone in
the data center
MQ
58. Accelerating Integration with Built-in Patterns
Best practice, reusable solutions to common integration problems
• Can be quickly configured and deployed, and extended to create new patterns
• Patterns for SAP, mobile, BPM, Message-based integration and more!
Service
Enablement
Service
Virtualization
Application
Integration
Encapsulating functionality and
presenting it through a serviceoriented interface
Loose coupling and mediation
between services
Enabling rapid integration of
applications across the enterprise
e.g. SAP
Message-based
Integration
File
Processing
Custom
Patterns
Providing routing, transformation
and logging services for
messages
Managed runtime environment for
processing files such as shredding
into individual transaction records
Create your own patterns to reuse across your organization
60. The Changing World: And Then There Was Mobile
Enterprises looking to
achieve “more with less”
by better managing IT
resources as collectives
IWD,
PureApp
Cast Iron, DP XH40
Connectivity to
applications in the
public cloud enables
Enterprises to leverage
a new cloud economy
Public
Cloud
WAS, CICS, IMS
Integration Bus
Application platforms
provide containers for
application and
buisness logics
Enterprise Service Bus integrates
apps/data/services and partners,
appliance provides integration
gateway to heritage services
WXS, DataPower XC10
Cache grids improve
scale and performance
of applications and
services
Private
Cloud
Internet
Mobile
Sensors
Scale and ubiquity of
mobile and sensor-rich
environments has
changed requirements of
the enterprise
IBM Mobile Foundation
(Worklight)
Secure
appliances
enable
controlled
access to
Enterprise
resources
DataPower XG45
Messaging backbone in
the data center has
extended to external
clients connected via
the Internet
Internet
MQ, MessageSight
61. Mobile … a new frontier in business growth
Mobile B2C
• Increase customer
satisfaction by enabling
banking, insurance, and
trading anywhere,
anytime
• Reach customers in new
ways through mobile
applications, SMS, email
Mobile B2E & B2B
• Enable field employees for
increased productivity
• Greater efficiency and
accuracy in supply chain
operations
• Exchange business
information with partners
securely
(Mobile) M2M
• Enable the exchange of
data and events between
businesses and machines
• Internet of Things - sensor
events feeding information
and driving a smarter
planet
62. Why messaging for mobile and machine-to-machine?
HTTP revolutionized how we consume data
– Simple request/response model
– Available on any tablet, laptop, phone, PC
– Not designed for wireless
– Slow and unreliable on mobile networks
Mobile and M2M applications have additional challenges
– Requires a real-time, event-driven model
– Publishing information one-to-many
– Listening for events as they happen
– Sending small packets of data in huge volumes
– Reliably pushing data over unreliable networks
75. The Basics of a web API
What is a Web API?
A web API is a public persona for an enterprise; exposing defined assets,
data or services for public consumption
A web API is simple for app developers to use, access and understand
A web API can be easily invoked via a browser, mobile device, etc.
What Value Does a Web API Provide?
Extends an enterprise and opens new markets by allowing external app
developers to easily leverage, publicize and/or aggregate a company’s
assets for broad-based consumption
What “assets, data or services”
are exposed via an Web API?:
Product catalogs
Phone listings
Insurance cases
Order status
Bank loan rates
External
App Developer
76. Apps, APIs and API Mgmt…
Benefits
New business opportunities
• New markets
• Increase customers
• Enhance branding
• Competitive advantage
Consumers
Challenges
Extend development team
•Increase innovation
•Increase scale
Developer
Business strategy
Infrastructure
• Security
• Creation
• Scalability
Partner/supplier
alignment
Business
Owner
IT
Operational control
• Publish
• Analyze
• Monitor
77. Easily Define APIs
• Define the API you wish to expose
• Then configure the API by proxying
an existing REST API or assemble
a new API
• Provide examples of the request
and response messages, headers
and parameters
78. Assemble New APIs Through Configuration
• Connect to one or more
datasource
‒
‒
‒
‒
‒
‒
‒
DB2
MySQL
SQL Server
Oracle
Salesforce.com
SOAP to REST
HTTP
• Drag and connect linking
the request and response
messages
• Transform the message
elements with a click
79. The Changing World: Emergence of Appliances
WAS, CICS, IMS
Integration Bus
Application platforms
provide containers for
application and
buisness logics
Enterprise Service Bus integrates
apps/data/services and partners,
appliance provides integration
gateway to heritage services
WXS, DataPower XC10
Cache grids improve
scale and performance
of applications and
services
Secure
appliances
enable
controlled
access to
Enterprise
resources
DataPower XG45
Messaging backbone in
the data center
MQ
80. DataPower 6.0
Secure. Integrate. Optimize.
Secure integration
Pattern-based configuration
Securely integrate API, Web & Mobile
workloads, in addition to SOA & B2B
Create & deploy common configuration
patterns for reduced time to value,
improved productivity & quality
Mobile-ready security gateway
System z integration
Secure & optimize delivery of Mobile
applications & integrate with
IBM Worklight
Easily consume external web services
from IMS & expose IMS data as a
service
Faster consistent response time
Deployment flexibility
Reduce load on back-end systems and
optimize delivery through local & external
caching and intelligent load distribution
Use physical or virtual appliance with
seamless configuration migration
81. DataPower in a Nutshell
Enable additional use-cases with a single, policy-driven converged gateway
Focus so far
Web Service
Gateway
•
•
•
•
DMZ-ready
Security
gateway (AAA,
XML threat)
Service level
management
and monitoring
Intelligent load
distribution &
dynamic routing
Expanded focus
Integration
Gateway
•
•
•
“Any-to-Any”
conversion at
wire-speed
Bridges multiple
transport
protocols
Mainframe
integration &
enablement
B2B Gateway
•
•
•
•
DMZ-ready
B2B Messaging
(AS1/AS2/AS3/
ebMS)
Trading Partner
Profile
Management
B2B
Transaction
Viewer
Web
Application
Gateway
•
•
•
•
•
DMZ-ready
First-class
integration with
WAS
Cache response
content
Web application
security
Traffic mgmt
On-premise
API
Management
•
•
•
•
DMZ-ready
Web API
security
Monitor API use
Enforce API
consumption
policies
Form factors
Physical Appliance for hardware performance & security
Virtual Appliance for deployment flexibility
Mobile
Application
Gateway
•
•
•
•
DMZ ready
Mobile
application
security
Support
Worklight
mobile platform
Monitor and
control mobile
app access
82. DataPower Classic Use Cases
• Monitoring and control
– Example: centralized ingress management for all Web Services using ITCAM SOA
• Deep-content routing and data aggregation
– Example: XPath (content) routing on Web Service parameters
• Functional acceleration
– Example: XSLT, WS Security
• Application-layer security and threat protection
– Example: XML Denial-of-Service protection, WS Security, AAA
In-the-clear
SOAP/HTTP
• Protocol and message bridging
– Example: Convert to WS to legacy Cobol/MQ
SOAP
In-the-clear
SOAP/HTTP
Encrypted and
Signed SOAP/HTTP
SOAP
SOAP
Clients
Cobol/
MQ
Appl
Malicious
SOAP/HTTP
Cobol/MQ
Service
Providers
83. Use Case: Security Gateway (Consumer or Employee)
AAA authenticates
user and ensures
they are authorized
to the resource
beings accessed
SLM shapes and
throttles traffic based
on seggregated
consumer types
DMZ
Trusted
Zone
Internet
XG45
Usually (REST)
JSON or XML over
HTTP from web or
mobile application
XML and JSON wellformedness, schema
valication and DoS
protection
Request are
transformed to
internal schema and
routed appropriately
Responses are cached
to improve response
time
84. Use Case: Security Gateway (B2B)
AAA authenticates
user and ensures
they are authorized
to the resource
beings accessed
SLM shapes and
throttles traffic based
on seggregated
consumer types
DMZ
Trusted
Zone
Internet
XG45
Usually Web Service
(SOAP) or AS*
(XB62) protocol
XML wellformedness, schema
valication and DoS
protection
Request are
transformed to
internal schema and
routed appropriately
Responses are cached
to improve response
time
85. Use Case: Security Gateway (Inter-LoB)
AAA authenticates
user and ensures
they are authorized
to the resource
beings accessed
SLM shapes and
throttles traffic based
on seggregated
consumer types
Security
Zone
Boundary
Trusted
Zone B
Trusted
Zone A
XG45
Usually Web Service
(SOAP) or AS*
(XB62) protocol
XML wellformedness, schema
valication and DoS
protection
Request are
transformed to
internal schema and
routed appropriately
Responses are cached
to improve response
time
86. Use Case: Integration Gateway (Edge of Service)
Trusted Zone
AAA authenticates
user and ensures
they are authorized
to the resource
beings accessed
SLM throttles all
inbound traffic to
perform overload
protection of backend
resource
XI52
Usually Web Service
(SOAP) or REST
Requests are
transfomed to local
format (eg. Cobol)
Request are
transmitted over local
transport and
intelligently
distributed (e.g. MQ)
Responses are cached
to improve response
time
87. IBM Messaging Focus Areas
Deliver Messaging Backbone for Enterprise
Focus on traditional MQ values, rock-solid enterprise-class
service, ease-of-operation, breadth of platform coverage,
availability, z/OS exploitation
Capture Big Data from Mobile and Internet of Things
Focus on Internet-scale events, m2m device enablement,
zero-admin, security and privacy, feed into real-time
analytics, location-based notifications
Enable Developers to build more scalable, responsive
applications
Focus on new app dev use cases, breadth of languages, ease-ofdeployment, lightweight services, integration with developer
frameworks