You are on page 1of 4

Datapower appliances - A brief overview

What are they ?
Datapower SOA appliances are a suite of XML aware network appliances. Often termed as “hardware ESB”, these rack-mountable devices are an increasingly important part of the IBM ESB family. They are specialized, purpose-built, consumable SOA appliances that redefine the boundaries of middleware. There are 3 flavors of the appliance as of today with many more in the fray. XA 35 was the first of the three appliances which was custom designed to provide high performance XML processing. XS 40 was a purpose built security appliance which was aimed at suppressing the ubiquitous XML threats and issues associated with info security while exchanging messages over the network. It inherited the XML processing capabilities offered by XA 35. The latest in the array is XI 50, which apart from inheriting the above two capabilities is also an integration appliance providing a plethora of brokering functionalities.

What do they offer ?
XML Processing Datapower appliances can help speed up common types of XML processing by offloading this from servers and networks. It can perform XML parsing, XML schema validation, XPath routing, XSLT, XML compression, and other essential XML processing with wire­speed XML performance. • High performance, multi-step, wire-speed message processing, including XML, XSLT, XPath, and XML Schema Definition (XSD) In addition to wire­speed processing, Datapower appliances support XML routing, XML  pipeline   processing,   XML   compression,  XML/XSL   caching,   as  well  as   other   intelligent  processing capabilities to help manage XML traffic. The Datapower appliances provide real­time visibility into critical XML statistics such as  throughput, transaction counts, errors, and other processing statistics. Data network­level  analysis   is   provided   and   includes   server   health   information,   traffic   statistics,   and  management and configuration data.

Info Security and management The DataPower appliance provides a security-enforcement point for XML and Web service transactions. It offers encryption, firewall, filtering, digital signatures, schema validation, WS-

Security, XML access control, XPath and other features. Apart from that, it facilitates dealing with a wide range of XML threats and Denial of Service attacks (DOS attacks) • XML/SOAP firewall Filters traffic at wire speed, based on information from layers two through seven of the protocol stack. It filters traffic from field-level message content and SOAP envelopes to IP address, port or host name, payload size, and other metadata. Filters can be predefined with an easy point-and-click XPath filtering GUI and automatically uploaded to change security policies based on the time of day or other triggers. XML/SOAP data validation With its unique ability to perform XML schema validation as well as message validation, at wire speed, the appliance ensures that incoming and outgoing XML documents are legitimate and properly structured. It protects against threats such as XDoS attacks, buffer overflows, or vulnerabilities created by deliberately or inadvertently malformed XML documents. Field­level message security It offers granular and conditional security policies like, complete or field level encryption/decryption of data, digitally signing the message, verification of entire messages or individual fields. XML Web services access control Provides support to a variety of access control mechanisms, including WS-Security, WSTrust, X.509, SAML, SSL, Lightweight Directory Access Protocol (LDAP), RADIUS, and simple client/URL maps. It can control access rights by rejecting unsigned messages and verifying signatures within SAML assertions. Service virtualization XML Web services require companies to link partners to resources without leaking information about their location or configuration. With the combined power of URL rewriting, high-performance XSL transforms and XML/SOAP routing, the appliance can transparently map a rich set of services to protected back-end resources with high performance. Centralized policy management With the wire-speed performance, enterprises can centralize security functions in a single drop-in device that can enhance security and help reduce ongoing maintenance costs. Simple firewall functionality can be configured via a GUI and be running in minutes. By using the power of XSLT, sophisticated security and routing rules could be created. It works with leading policy managers, and hence an ideal policy execution engine for securing next generation applications. It supports Simple Network Management Protocol

(SNMP), script-based configuration, and remote logging to integrate seamlessly with leading management software. • Web services management/service level management It has extensive support for WSDM, UDDI, WSDL, Dynamic Discovery, and broad support for service-level management (SLM) configurations. With this support, it natively offers a robust Web services management framework for the efficient management of distributed Web service endpoints and proxies in heterogeneous SOA environments. SLM alerts and logging, as well as pull and enforce policies, help enable broad integration support for third-party management systems and unified dashboards, in addition to robust support and enforcement for governance frameworks and policies.

Brokering and Application integration Datapower Integration Appliances provide transport-independent transformations between binary, flat text files and XML message formats. Visual tools are used to describe data formats, create mappings between different formats, and define message choreography. The appliance can transform binary, flat text, and other non-XML messages to help offer an innovative solution for security-rich XML enablement, ESBs, and mainframe connectivity. • Any­to­any transformation engine It supports parsing and transforming arbitrary binary, flat text, and XML messages, including EDI, COBOL copybook, ISO 8583, CSV, ASN.1. The patented DataGlue technology of Datapower appliance uses a fully declarative, metadata-based approach for transformation. Transport bridging Provides transport layer flexibility with support for a wide array of transport protocols. It is capable of bridging request and response flows to and from protocols such as HTTP, HTTPS, MQ, SSL, IMS Connect and ftp. Integrated message­level security It offers mature message-level security and access control functionality. Messages can be filtered, validated, encrypted, and signed, helping to provide more secure enablement of high-value applications. Supported technologies include WS-Security, WS-Trust, SAML, and LDAP. Lightweight message brokering 1. Sophisticated multi-step message routing, filtering, and processing 2. Multiple synchronous and asynchronous transport protocols 3. Detailed logging and audit trail, including non-repudiation support

Where is it used ?
• Datapower SOA appliances provide a robust, secure platform for middleware integration  that   can   be   deployed   in   an   array   of   deployment   scenarios   to   perform   a   variety   of  middleware use cases. It could also be effectively deployed in the DMZ environment, built with security and policy  enforcements.   In   this   scenario,   Datapower   could   prominently   act   as   an   application  firewall,   with   all   the   security   related   aspects   offloaded   from   the   application   to   be  performed at wire speed by the Datapower appliance. This involves, message filtering,  validation,   encryption/decryption,   verification   of   digital   signatures,   certificate   validation,  authentication, authorization through a widely supported set of open standard protocols  and technologies.