IBM DataPower API Gateway

Funkcionalnosti DataPower Gateway-a

Brz razvoj API integracija uz ugrađenu bezbednost i optimizaciju odziva za bilo koju vrstu aplikacija.

• Obezbedite i zaštitite vaše back-end sisteme of

Bezbednost malicioznih poziva i neautorizovanih korisnika i
aplikacija

• Transformišite poruke, povežite različite transportne

Integracija protokole i otvorite pristup postojećim internim
servisima spolja, u realnom vremenu

• Ograničite i filtirajte saobraćaj na bazi zadatih SLA

Kontrola politika, i rutirajte pozive u realnom vremenu u
zavisnosti od sadržaja poruka

Ubrzanje • Skratite vreme odziva, značajno smanjite

opterećenje back end servera, uz inteligentnu
distribuciju saobraćaja
Pojednostavite, centralizujte i automatizujte kritične funkcije integracije ka
spoljnim sistemima

Bez DataPower Gateway-a Uz DataPower Gateway

Consumer
Secure

Integrate
Consumer
Control
Consumer
Optimize
Consumer

Sami razvijate funkcije Sve ove funkcionalnosti su

bezbednosne zaštite, uključene Out-of-the-Box,
distribuciju saobraćaja, potrebno je samo definisati
autentikacije, enkripcije itd itd polise kroz grafički UI i primeniti
za svaku aplikaciju posebno ih na bilo koji postojeći ili
novi aplikativni API
Načini upotrebe DataPower Gateway-a
Internet De-Militarized Zone (DMZ) Trusted Domain

Cloud Apps
& Services
➢ Web
➢ API
➢ Cloud
Consumer
➢ Mobile System z
➢ B2B

IBM DataPower IBM DataPower

Gateway Mobile
Gateway Application
Server

• Authentication • Protocol Mediation Transformation

Application
• Identity Federation • IP-Based Load
• Traffic Shaping Balancing
• IP-Based Load Balancing • Message Security
• Message Security • Monitoring
• SSL Offloading • Caching
• Light weight Transformation • AAA API
• Access Control Server
Mobile • Monitoring Application
Consumer • Caching

4
IBM DATAPOWER GATEWAY X3
Purpose-built hardware

• No useable USB ports

• Intrusion detection
• Trusted Platform Module
• Encrypted flash drive New X3 Enhancements
• Hardware security module for secure storage of
private keys (optional) • 40GB Ethernet ports
• Increased Memory to 256GB
• Increased processing capacity
Hardened firmware provides platform • Larger and faster SSD Drives,
security 1.6TB RAID Array
• 33% increased processing capacity
• Single signed and encrypted firmware
• No arbitrary software
• Optimized, embedded operating system
• High assurance, ‘locked-down’ configuration

5
ŠIROK SPEKTAR PLATFORMSKIH OPCIJA
CLOUD READY

PHYSICAL VIRTUAL LINUX CONTAINER CLOUD

PAK

Gateway Gateway Gateway Gateway Gateway

Signed & encrypted Signed & encrypted Signed & encrypted Signed & encrypted Signed & encrypted
Gateway Stack Gateway Stack Gateway Stack Gateway Stack Gateway Stack

IBM Optimized IBM Optimized IBM Optimized IBM Optimized IBM Optimized
Embedded OS Embedded OS Application layer Application layer Application layer

REST & REST & REST & REST & REST &
SOAP SOAP SOAP SOAP SOAP

Hardware Docker Container OpenShift Container

Trusted Platform &

Hardware Security Operator Framework

Crypto Acceleration
Podržani standardi & protokoli (OOTB)
Data format & language Transport & connectivity Web services
▪ JavaScript ▪ HTTP, HTTPS, WebSocket Proxy ▪ WS-I Basic Profile 1.0, 1.1
▪ JSON ▪ FTP, FTPS, SFTP ▪ WS-I Simple SOAP Basic Profile
▪ JSON Schema ▪ WebSphere MQ ▪ WS-Policy Framework
▪ JSONiq ▪ WebSphere MQ File Transfer Edition ▪ WS-Policy 1.2, 1.5
▪ REST (MQFTE) ▪ WS-Trust 1.3
▪ SOAP 1.1, 1.2 ▪ TIBCO EMS ▪ WS-Addressing
▪ WSDL 1.1 ▪ WebSphere Java Message Service (JMS) ▪ WS-Enumeration
▪ XML 1.0 ▪ IBM IMS Connect, & IMS Callout ▪ WS-Eventing
▪ XML Schema 1.0 ▪ NFS ▪ WS-Notification
▪ XPath 1.0 ▪ AS1, AS2, AS3, ebMS 2.0, CPPA 2.0, ▪ Web Services Distributed Management
▪ XPath 2.0 (XQuery only) POP, SMTP (XB62) (WSDM)
▪ XSLT 1.0 ▪ DB2, Microsoft SQL Server, Oracle, ▪ WS-Management
▪ XQuery 1.0 Sybase, IMS ▪ WS-I Attachments Profile
▪ SOAP Attachment Feature 1.2
Transport Layer Security ▪ SOAP with Attachments (SwA)
Security policy enforcement
▪ OAuth 2.0 ▪ SSL versions 2 and 3 ▪ Direct Internet Message Encapsulation
▪ SAML 1.0, 1.1 and 2.0, SAML Token ▪ TLS versions 1.0, 1.1, and 1.2 (DIME)
Profile, SAML queries ▪ Multipurpose Internet Mail Extensions
▪ XACML 2.0 Public key infrastructure (PKI) (MIME)
▪ Kerberos, SPNEGO ▪ RSA, 3DES, DES, AES, SHA, X.509, ▪ XML-binary Optimized Packaging (XOP)
▪ RADIUS CRLs, OCSP ▪ Message Transmission Optimization
▪ LDAP versions 2 and 3 ▪ PKCS#1, PKCS#5, PKCS#7, PKCS#8, Mechanism (MTOM)
▪ Lightweight Third-Party Authentication
PKCS#10, PKCS#12 ▪ WS-MediationPolicy (IBM standard)
(LTPA) ▪ XKMS for integration with Tivoli Security ▪ Universal Description, Discovery, and
Policy Manager (TSPM) Integration (UDDI versions 2 and 3), UDDI
▪ Microsoft Active Directory
version 3 subscription
▪ FIPS 140-2 Level 3 (w/ optional HSM)
Management ▪ WebSphere Service Registry and
▪ SAF & IBM RACF® integration with z/OS
▪ Simple Network Management Protocol Repository (WSRR)
▪ Internet Content Adaptation Protocol (SNMP)
▪ W3C XML Encryption ▪ SYSLOG
▪ W3C XML Signature ▪ IPv4, IPv6
▪ S/MIME encryption and digital signature
▪ WS-Security 1.0, 1.1 Open File Formats Link to DataPower Information Center
▪ WS-I Basic Security Profile 1.0, 1.1 ▪ Distributed Management Task Force
▪ WS-SecurityPolicy (DMTF) Open Virtualization Format (OVF)
▪ WS-SecureConversation 1.3 ▪ VMware Virtual Machine Disk Format
(VMDK)
Grafički interfejsa za konfiguraciju polisa olakšava i ubrzava rad
▪ Mogućnost kreiranja polisa bez kodiranja
▪ Intuitivni message pipeline prikaz
▪ Import/export konfiguracija sa jedno na
drugo okruženje (ili u svrhu backup/restore)
▪ Monitoring toka poruke pokazuje detaljan
sadržaj poruke u svakoj tački toka
Konkretni benefiti korišćenja DataPower-a u digitalnoj transformaciji

Broj development sati bez Broj development sati

Zadatak Opis
DataPower-a uz DataPower

Uspostavljanje B2B
Integracija sa internim I eksternim B2B partnerima na bazi standardnih
konektivnosti I 200 20
industrijskih protokola i formata poruka
security-a

Upravljanje B2B Onboard-ing i upravljanje novim B2B partnerskim scenarijima/proizvodima i

10 5
Partner Profilima otvaranje integracionih tačaka

Upravljanje I End to and transparentnost i upravljanje B2B transakcijama i mogućnost kontrole,

kontrola B2B ponavljanja neuspešnih transakcija I bržeg rešavanja problema vezanih za 10 5
Transakcija neuspešne transakcije.

Identifikacija, autentikacija, autorizacija, I audit korisničkih zahteva/poziva uz

Security AAA 360 18
mogućnost integracije sa različitim sistemima za autentifikaciju

Security Threat Validacija pošiljaoca, integriteta poruke, end to end zaštita poruke, zaštita od
1080 51
Zaštita širokog spectra pretnji (DDOS, SQL injection, XML virusi itd)

Virtualizacija/proksiranje internih servisa prema spolja uz pomoć dinamičkog

Dinamičko Rutiranje 140 20
rutiranja na bazi sadržaja i/ili konteksta poruke

Spajanje
Virtuelizacija servisa/APIja uz premoščavanje raznorodnih protokola (npr REST
raznorodnih 140 20
od/do Kafke itd)
protokola

Transformacija
Wire-speed transformacija poruka iz/u proizvoljni format (npr XML <-> JSON) 120 40
poruka (real time)

Service Level Monitoring u odnosu na zadate SLA sa partnerima/korisnicima I preduzimanje

280 40
Management automatskih akcija u trenucima kada preti rizik probijanja SLA