Date post: | 18-Nov-2014 |
Category: |
Education |
Upload: | floridawusergroup |
View: | 372 times |
Download: | 0 times |
© 2014 IBM Corporation
What’s New in DataPower Appliances V7.0
Ravi Katikala
WebSphere ITS
1
• A JavaScript-based gateway runtime
GatewayScript
• For network redundancy & increased throughput
Link Aggregation
• Full-duplex, bi-directional, & low-latency communication
WebSockets
• Developer Edition
• Oauth 2.0 enhancements
• Support for Citrix XenServer
Misc
DataPower Firmware v7.0
• GatewayScript is a JavaScript-based runtime for processing Mobile,
Web, and API workloads ‒ Focuses on the “Developer” experience, with familiar and friendly
constructs and APIs
‒ Why JavaScript?
Popular scripting language, large ecosystem, fast moving community driven, used
on both client-side and server-side and now Gateway too
‒ Performance
Compiler technology & native execution
Ahead of time compilation with caching, not single threaded
Built on intellectual capital and expertise from 10+ years securing and optimizing
XSLT parsing/compiler technology
‒ Security
Transaction isolation
Code injection protection
Short lived execution
Small footprint
GatewayScript™ (1 of 2)
JavaScript-based gateway runtime which simplifies configuration for developers and
provides an easier development paradigm for Mobile, Web, & API
GatewayScript™ (2 of 2)
• Easily manipulate JSON and binary data to transform payloads or create
gateway functionality
• New Processing Policy Action ‒ Transformation style processing policy action
‒ Access to gateway functions through APIs
GatewayScript Modularity
• Gateway functions exposed
using modules ‒ CommonJS 1.0 Modules
‒ Develop custom modules
‒ DataPower Modules:
Metadata – headers and
variables
Console logging (automatic)
Utilities
Testing / assertions
URL Opener
• Developers can quickly
deliver gateway functionality
by creating and reusing
modules
GS Action
JavaScript Engine
Console (log)
‘output’ context
‘input’ context
‘INPUT’ context
‘named’ context
‘named’ context
readAs….()
error()
Meta data
Body
modules / libraries meta-
data
Utilities Logging
write()
Testing
Debugger
V 1
V 2
V n …
Context Variables
Example GatewayScript
• Use any JavaScript editor to
develop GatewayScript
• Pass input context and
GatewayScript action writes to
an output context
GatewayScript Action1
{“firstName”: “John”,
“lastName”: “Doe”}
input
{“firstName”: “John”,
“lastName”: “Doe”,
“processSteps”: “action1 >>
action2”}
output
Debugging GatewayScript
• Debug individual GatewayScript files conditionally ‒ GatewayScript action contains a Debug option (script file must contain
“debugger” statement)
• The flow of a transaction is paused indefinitely ‒ The GatewayScript processing will break at the “debugger;” line
Link Aggregation (1 of 3)
• Combines multiple Ethernet interfaces into a single logical network
interface
• Allows network administrators to improve the availability and/or
bandwidth characteristics of the interface
• DataPower supports 3 modes ‒ Link Aggregation Control Protocol, or lacp (industry standard)
Requires special switch configuration
‒ Active-backup uses only one port at a time
Does not require special switch configuration
‒ Transmit uses one port for receive and all available for transmit
Does not require special switch configuration
Most helpful where LACP is not possible
Network redundancy & increased throughput with support for Link Aggregation
Link Aggregation (2 of 3)
VM VM eth1
VM eth2 eth0
172.16.8.128 172.16.8.129 172.16.8.130
Link Agg Interface 172.16.8.1
• Expose a single IP
address from a set of
multiple Ethernet
interfaces
• VLANs can be used on
Link Aggregations
Link Aggregation (3 of 3)
• No need for separate front side and back side to increase potential
throughput
• No need to lengthen the execution chain
• Mitigates the problem of the “Deep Health Check”
• Provides Network Layer availability
Trusted Zone
• WebSocket is a full-dulex, bidirectional frame based protocol for
enabling real-time communication over supporting HTTP(s)
infrastructure ‒ Designed to enable real-time applications such as: Messaging over the
Web, Chat Applications, Video Applications, Notifications, …
• Use DataPower to Secure, Route, Shape and Load-balance initial
WebSocket connection establishment
WebSocket Proxy (1 of 2)
Full-duplex, bi-directional, & low-latency communication for Web & Mobile applications
Websocket server DataPower Gateway Appliance
Websocket client
DMZ
DataPower Gateway Appliance
DMZ
• Apply DataPower policy actions until and including WebSocket
upgrade request over HTTP(s) ‒ After upgrade request is accepted, DataPower simply proxies the client
and server communication.
• Example: Chat application using WebSockets require client
authentication and connection throttling ‒ Use DataPower AAA to authenticate and authorize client credentials and
SLM to enforce connection concurrency
MPGW
WebSocket Proxy (2 of 2)
Full-duplex, bi-directional, & low-latency communication for Web & Mobile applications
Network infrastructure
WebSocket
server
DataPower Gateway Appliance
HTTP(s) FSH
AAA, SLM, …
WebSocket proxy
(pass-thru)
HTTP(s)
HTTP
WebSockets
HTTP upgrade: websockets
WebSocket
HTTP(s) FSH
Oauth 2.0 (1 of 4)
Oauth 2.0 (2 of 4)
Oauth 2.0 (3 of 4)
• Allow miscellaneous information to be added to the token
• 512 (UTF-8) characters or less
• Information will be signed/encrypted as part of the token
• Information can be added at all stages of the OAuth protocol
• When dp-state is created, information will be carried to code, access_token &
refresh_token, unless it is over-written in a later stage
• When code is created, information will be carried to access_token & refresh_token,
unless it is over-written in a later stage
• When access_token is created, information will be carried to access_token &
refresh_token
Oauth 2.0 (4 of 4)
• Radius support recap
‒ Username: chris
‒ Password: password5364758 (password: password, pin: 5364758)
• Applies in cases when the authentication process requires additional verification
• Only applies to the application traffic
• No support for administrator access (cli, webgui, soma)
• Built in HTML Form based support
• store:///LoginPage.htm
• store://Form-Generate-HTML.xsl
• var://service/aaa-error-log o <aaa-error-logs>
o <aaa-error-log direction=”request”>
o <phase>AU</phase>
o <method>radius</method>
o <radius-challenge>
o <state>....</state>
o <message>...</message>
o </radius-challenge>
o </aaa-error-log>
o </aaa-error-logs>
DataPower Virtual Edition for Developers
VMWare Workstation
VMWare Player VMWare Fusion
Virtual Edition for Developers provides a low cost and easy to use gateway for developers
• Deployment support on VMware Type 2 hypervisors (desktop) such
as VMWare Workstation/Player/Fusion
Increased developer productivity
– Allows developers to have a dedicated copy of DataPower appliance for
development and unit testing on their workstations
– Be productive on your workstation anywhere without network connectivity
Cost-effective DataPower Virtual Edition for Developers
– Per user licensing
Available for XG45 and XI52
DataPower virtual Citrix XenServer hypervisor support
Ability to run DataPower virtual edition on
Citrix XenServer hypervisor and
management using Citrix XenCenter
platform – Support XenServer tools and hypervisor
management functions
Enables deployment of DataPower virtual
edition on-premise or SoftLayer bare-metal
and dedicated server deployment – Expand the usage of DataPower virtual edition
within on-premise data centers or usage on
infrastructure as a service (IAAS) public cloud
platforms
Data center
Public cloud
Public cloud Private cloud
Private cloud
Private cloud
Citrix XenServer provides deployment flexibility for deployment on-premise & in SoftLayer