IBM DataPower Architecture and Features

The Datapower has an internal structure of components that can inherit or be reused, depending on their place in the inheritance chain. Here’s the secret internal architecture of the DataPower:

And here’s the Datapower’s capabilities in a nutshell:

Multi-Protocol Gateway: (superset of XML Firewall)

Transformations – Any-to-any transformation engine: MPGW can parse and transform arbitrary binary, flat text, and XML messages, including EDI, COBOL Copybook, ISO 8583, CSV, ASN.1, and ebXML.

Transport Bridging – protocols such as HTTP, HTTPS, MQ, SSL, IMS Connect, FTP, and more

Message-level Security - Messages can be filtered, validated, encrypted, and signed, helping to provide more secure enablement of high-value applications. Supported technologies include WS-Security, WS-Trust, SAML, and LDAP.

Logging - logging and audit trail, including non-repudiation support

Web Service Proxy:

Schema Validation

Policy Application

SLA Monitoring

Load-Balancing w/Peers based on SLA

UDDI Directing

Governance Tie-In

XML Firewall:

Protect Externally Exposed Services

XML Threat Protection

Heavy Authentication, Authorization, Validation

Dos, Virus, SQL Injection Prevention, XML Node Attack Prevention

Attachment transformation/conversion/interface with virus scanner

SLA Monitors

Web Application Firewall:

To protect an internet exposed web application in the DMZ.

XSL Accelerator:

Accelerate XML Parsing
Accelerate Schema Validation
Accelerate XSLT Processing
XML Compression/Decompression ***no one uses it anymore

A quick way to select the best service can be found by answering some questions:

_ Does the service use a WSDL? If so, then use WS-Proxy.

_ Does the service uses multiple transports? If so, then use MPGW.

_ Does the service use only XML over HTTP? If so, then use XML firewall.

_ Is there only non-XML and HTTP traffic? If so, then use Web application firewall.

…and that’s a wrap on our Datapower information at this time.

Integration Spaghetti™

I’ve been using the term Integration Spaghetti™ for the past 9 years or so to describe what happens as systems connectivity increases and increases to the point of … unmanageability, indeterminate impact, or just generally a big mess. A standard line of mine is “moving from spaghetti code to spaghetti connections is not an improvement”. (A standard “point to point connection mess” slide, by enterprise architect Jerry Foster from 2001.) In the past few days I’ve been meeting with a series of IT managers at a large customer and have come up with a revised definition for Integration Spaghetti™ : Integration Spaghetti™ is when the connectivity to/from an application is so complex that everyone is afraid of touching it. An application with such spaghetti becomes nearly impossible to replace. Estimates of change impact to the application are frequently wrong by orders of magnitude. Interruption in the integration functioning are always a major disaster – both in terms of th

Solving Integration Chaos - Past Approaches

A U.S. Fortune 50's systems interconnect map for 1 division, "core systems only". Integration patterns began changing 15 years ago. Several early attempts were made to solve the increasing problem of the widening need for integration… Enterprise Java Beans (J2EE / EJB's) attempted to make independent callable codelets. Coupling was too tight, the technology too platform specific. Remote Method Invocation (Java / RMI) attempted to make anything independently callable, but again was too platform specific and a very tightly coupled protocol. Similarly on the Microsoft side, DCOM & COM+ attempted to make anything independently and remotely callable. However, as with RMI the approach was extremely platform and vendor specific, and very tightly coupled. MQ created a reliable independent messaging paradigm, but the cost and complexity of operation made it prohibitive for most projects and all but the largest of Enterprise IT shops which could devote a focused technology

From Spaghetti Code to Spaghetti Connections

Twenty five years ago my boss handed me the primary billing program and described a series of new features needed. The program was about 4 years old and had been worked on by 5 different programmers. It had an original design model, but between all the modifications, bug fixes, patches and quick new features thrown in, the original design pattern was impossible to discern. Any pattern was impossible to discern. It had become, to quote what’s titled the most common architecture pattern of today, ‘a big ball of mud’. After studying the program for several days, I informed my boss the program was untouchable. The effort to make anything more than a minor adjustment carried such a risk, as the impact could only be guessed at, that it was easier and less risky to rewrite it from scratch. If they had considered the future impact, they never would have let a key program degenerate that way. They would have invested the extra effort to maintain it’s design, document it property, and consider

Making the Cloud, Microservices, and Enterprise IT work!

Search This Blog