© 2014 IBM Corporation

What’s New in DataPower Appliances V7.0

Ravi Katikala

WebSphere ITS

1

• A JavaScript-based gateway runtime

GatewayScript

• For network redundancy & increased throughput

Link Aggregation

• Full-duplex, bi-directional, & low-latency communication

WebSockets

• Developer Edition

• Oauth 2.0 enhancements

• Support for Citrix XenServer

Misc

DataPower Firmware v7.0

• GatewayScript is a JavaScript-based runtime for processing Mobile,

Web, and API workloads ‒ Focuses on the “Developer” experience, with familiar and friendly

constructs and APIs

‒ Why JavaScript?

Popular scripting language, large ecosystem, fast moving community driven, used

on both client-side and server-side and now Gateway too

‒ Performance

Compiler technology & native execution

Ahead of time compilation with caching, not single threaded

Built on intellectual capital and expertise from 10+ years securing and optimizing

XSLT parsing/compiler technology

‒ Security

Transaction isolation

Code injection protection

Short lived execution

Small footprint

GatewayScript™ (1 of 2)

JavaScript-based gateway runtime which simplifies configuration for developers and

provides an easier development paradigm for Mobile, Web, & API

GatewayScript™ (2 of 2)

• Easily manipulate JSON and binary data to transform payloads or create

gateway functionality

• New Processing Policy Action ‒ Transformation style processing policy action

‒ Access to gateway functions through APIs

GatewayScript Modularity

• Gateway functions exposed

using modules ‒ CommonJS 1.0 Modules

‒ Develop custom modules

‒ DataPower Modules:

Metadata – headers and

variables

Console logging (automatic)

Utilities

Testing / assertions

URL Opener

• Developers can quickly

deliver gateway functionality

by creating and reusing

modules

GS Action

JavaScript Engine

Console (log)

‘output’ context

‘input’ context

‘INPUT’ context

‘named’ context

‘named’ context

readAs….()

error()

Meta data

Body

modules / libraries meta-

data

Utilities Logging

write()

Testing

Debugger

V 1

V 2

V n …

Context Variables

Example GatewayScript

• Use any JavaScript editor to

develop GatewayScript

• Pass input context and

GatewayScript action writes to

an output context

GatewayScript Action1

{“firstName”: “John”,

“lastName”: “Doe”}

input

{“firstName”: “John”,

“lastName”: “Doe”,

“processSteps”: “action1 >>

action2”}

output

Debugging GatewayScript

• Debug individual GatewayScript files conditionally ‒ GatewayScript action contains a Debug option (script file must contain

“debugger” statement)

• The flow of a transaction is paused indefinitely ‒ The GatewayScript processing will break at the “debugger;” line

Link Aggregation (1 of 3)

• Combines multiple Ethernet interfaces into a single logical network

interface

• Allows network administrators to improve the availability and/or

bandwidth characteristics of the interface

• DataPower supports 3 modes ‒ Link Aggregation Control Protocol, or lacp (industry standard)

Requires special switch configuration

‒ Active-backup uses only one port at a time

Does not require special switch configuration

‒ Transmit uses one port for receive and all available for transmit

Does not require special switch configuration

Most helpful where LACP is not possible

Network redundancy & increased throughput with support for Link Aggregation

Link Aggregation (2 of 3)

VM VM eth1

VM eth2 eth0

172.16.8.128 172.16.8.129 172.16.8.130

Link Agg Interface 172.16.8.1

• Expose a single IP

address from a set of

multiple Ethernet

interfaces

• VLANs can be used on

Link Aggregations

Link Aggregation (3 of 3)

• No need for separate front side and back side to increase potential

throughput

• No need to lengthen the execution chain

• Mitigates the problem of the “Deep Health Check”

• Provides Network Layer availability

Trusted Zone

• WebSocket is a full-dulex, bidirectional frame based protocol for

enabling real-time communication over supporting HTTP(s)

infrastructure ‒ Designed to enable real-time applications such as: Messaging over the

Web, Chat Applications, Video Applications, Notifications, …

• Use DataPower to Secure, Route, Shape and Load-balance initial

WebSocket connection establishment

WebSocket Proxy (1 of 2)

Full-duplex, bi-directional, & low-latency communication for Web & Mobile applications

Websocket server DataPower Gateway Appliance

Websocket client

DMZ

DataPower Gateway Appliance

DMZ

• Apply DataPower policy actions until and including WebSocket

upgrade request over HTTP(s) ‒ After upgrade request is accepted, DataPower simply proxies the client

and server communication.

• Example: Chat application using WebSockets require client

authentication and connection throttling ‒ Use DataPower AAA to authenticate and authorize client credentials and

SLM to enforce connection concurrency

MPGW

WebSocket Proxy (2 of 2)

Full-duplex, bi-directional, & low-latency communication for Web & Mobile applications

Network infrastructure

WebSocket

server

DataPower Gateway Appliance

HTTP(s) FSH

AAA, SLM, …

WebSocket proxy

(pass-thru)

HTTP(s)

HTTP

WebSockets

HTTP upgrade: websockets

WebSocket

HTTP(s) FSH

Oauth 2.0 (1 of 4)

Oauth 2.0 (2 of 4)

Oauth 2.0 (3 of 4)

• Allow miscellaneous information to be added to the token

• 512 (UTF-8) characters or less

• Information will be signed/encrypted as part of the token

• Information can be added at all stages of the OAuth protocol

• When dp-state is created, information will be carried to code, access_token &

refresh_token, unless it is over-written in a later stage

• When code is created, information will be carried to access_token & refresh_token,

unless it is over-written in a later stage

• When access_token is created, information will be carried to access_token &

refresh_token

Oauth 2.0 (4 of 4)

• Radius support recap

‒ Username: chris

‒ Password: password5364758 (password: password, pin: 5364758)

• Applies in cases when the authentication process requires additional verification

• Only applies to the application traffic

• No support for administrator access (cli, webgui, soma)

• Built in HTML Form based support

• store:///LoginPage.htm

• store://Form-Generate-HTML.xsl

• var://service/aaa-error-log o <aaa-error-logs>

o <aaa-error-log direction=”request”>

o <phase>AU</phase>

o <method>radius</method>

o <radius-challenge>

o <state>....</state>

o <message>...</message>

o </radius-challenge>

o </aaa-error-log>

o </aaa-error-logs>

DataPower Virtual Edition for Developers

VMWare Workstation

VMWare Player VMWare Fusion

Virtual Edition for Developers provides a low cost and easy to use gateway for developers

• Deployment support on VMware Type 2 hypervisors (desktop) such

as VMWare Workstation/Player/Fusion

Increased developer productivity

– Allows developers to have a dedicated copy of DataPower appliance for

development and unit testing on their workstations

– Be productive on your workstation anywhere without network connectivity

Cost-effective DataPower Virtual Edition for Developers

– Per user licensing

Available for XG45 and XI52

DataPower virtual Citrix XenServer hypervisor support

Ability to run DataPower virtual edition on

Citrix XenServer hypervisor and

management using Citrix XenCenter

platform – Support XenServer tools and hypervisor

management functions

Enables deployment of DataPower virtual

edition on-premise or SoftLayer bare-metal

and dedicated server deployment – Expand the usage of DataPower virtual edition

within on-premise data centers or usage on

infrastructure as a service (IAAS) public cloud

platforms

Data center

Public cloud

Public cloud Private cloud

Private cloud

Private cloud

Citrix XenServer provides deployment flexibility for deployment on-premise & in SoftLayer