IBM API Gateway solution Overview for VaaP project

2016-03-31 HCL VaaP Middleware

Version 0.1
Vipps 1.x – Existing Setup
Proposed API Gateway Solution

1. IBM API Gateway Connect Enterprise (API Management)

• Create, Manage, deploy, scale, socialize & monitor APIs
• Integrate all API Connect editions with IBM DataPower Gateway Virtual Edition with a minimum firmware
level of Version 7.5. This enables DataPower to act as the API Gateway to provide API security, traffic
management, mediation, and optimization capabilities in a secure, highly consumable virtual appliance
• Support for the clustering of a large number of nodes within a single datacenter and also across multiple
datacenters..

2. IBM Datapower Gateway Virtual Edition (DataPower Software Appliance)

• IBM DataPower Gateway Virtual Edition provides a single, security-hardened and highly consumable virtual
gateway. It acts as a security and integration gateway for a range of mobile, web & application programming
interfaces (APIs)
Overall API Management activities
• HCL
• Create Design
• Topology, number of instances
• Sizing
• Test environments
• Infra design; Network, Storage, Servers, VMware
• Procurement if required
• Installation and setup (High-level activities in next slides)
• Configure monitoring
• Create Runbook
• Knowledge Transfer and Handover to BAU
IBM API Gateway Connect Enterprise (high level setup tasks)

• Install a Web browser (Mandatory)

• IE 11/Mozilla 38/Chrome 45/Safari 9
• Prep a Hosting Environment (Mandatory)
• VMWare ESXi 6.x hypervisor
• For SOAP Service discovery, WebSphere Service Registry and Repository V7.0, and later, is required
• node.js at a minimum version of v0.12.0 & Java to create the Microservices by using unified Java and Node
operations and management.
• Use of the API toolkit requires either of Windows 7/RHEL 7/SUSE Enterprise Linux Server (SLES) 12/Ubuntu
LTS 14.04/ OS X 10.10
IBM DataPower Gateway Virtual Edition (high level setup
tasks)
Infra Tasks
• Setup VMWare ESXi 6.x hypervisor with 16 virtual CPU cores, 96GB RAM
• Deploy OVA (Open Virtualization Archive) file on the above VMWare ESXi 6.x hypervisor which will install
DataPower.
• Start the VM (virtual machine) with the hypervisor product interface.
• Modify resource allocation (virtual CPU allocation on OVA to 16) in the hypervisor product interface.
• Security and threat protection configuration
• Configure Citrix NetScalar load balancers(inner & outer) to load balance the requests to IBM DataPower
Gateway. Note that the entire setup should ideally be in DMZ heavily guarded by firewalls.
• Setup and maintain certificate revocation and expiry date list
• Monitor QoS of services to adhere to SLA
• Manage environment specific values as server address (E.g. towards MQ, ISAM)
• Handling of public key infrastructure
Note : DataPower NICs need to be mapped to the VMware virtual network adapters.
IBM DataPower Gateway Virtual Edition (high level setup
tasks) continued…
Development Tasks:
• Analyse & move existing web service Integration web services/URIs from Intel SOAE to IBM DataPower
Gateway. Integrations involved can be but not limited to XSLT transformations, content renderings such as
XML to HTML transformation, encryption/decryption, digital signatures, filtering, schema validations, dynamic
routing.
• Example: SOAE Integration with SMS Gateway for DNB VIPPS solution (P2P-vipps (1404)
• IBM DataPower Gateway features an ”XML Firewall” component which supports a robust authentication and
authorization engine, with built-in integration for a wide variety of policy servers such as LDAP. It needs to be
evaluated how Intel SOAE performs this today for Vipps.
• IBM DataPower Gateway features an ”Multi-Protocol Gateway” component which provides support for several
protocols such as http, https, JMS & MQ to name a few.
• New MQ channels will need to be defined (HCL) between IBM DataPower Gateway and MQ proxy queue
managers to allow internet & intranet traffic to flow through.
• Setup new security certificates as per latest standards for the integrations on IBM DataPower Gateway.