Jun 21, 2010

IBM DataPower Architecture and Features


The Datapower has an internal structure of components that can inherit or be reused, depending on their place in the inheritance chain.  Here’s the secret internal architecture of the DataPower:


And here’s the Datapower’s capabilities in a nutshell:


Multi-Protocol Gateway: (superset of XML Firewall)

Transformations – Any-to-any transformation engine: MPGW can parse and transform arbitrary binary, flat text, and XML messages, including EDI, COBOL Copybook, ISO 8583, CSV, ASN.1, and ebXML.

Transport Bridging – protocols such as HTTP, HTTPS, MQ, SSL, IMS Connect, FTP, and more

Message-level Security - Messages can be filtered, validated, encrypted, and signed, helping to provide more secure enablement of high-value applications. Supported technologies include WS-Security, WS-Trust, SAML, and LDAP.

Logging - logging and audit trail, including non-repudiation support

Web Service Proxy:

Schema Validation

Policy Application

SLA Monitoring

Load-Balancing w/Peers based on SLA

UDDI Directing

Governance Tie-In

XML Firewall:

Protect Externally Exposed Services

XML Threat Protection

Heavy Authentication, Authorization, Validation

Dos, Virus, SQL Injection Prevention, XML Node Attack Prevention

Attachment transformation/conversion/interface with virus scanner

SLA Monitors

Web Application Firewall:

To protect an internet exposed web application in the DMZ.

XSL Accelerator:

Accelerate XML Parsing
Accelerate Schema Validation
Accelerate XSLT Processing
XML Compression/Decompression ***no one uses it anymore

A quick way to select the best service can be found by answering some questions:

_ Does the service use a WSDL? If so, then use WS-Proxy.

_ Does the service uses multiple transports? If so, then use MPGW.

_ Does the service use only XML over HTTP? If so, then use XML firewall.

_ Is there only non-XML and HTTP traffic? If so, then use Web application firewall.

…and that’s a wrap on our Datapower information at this time.