What s New in DataPower Appliances Hugh Everett IT Specialist IBM Manchester, UK

What s New in DataPower Appliances Hugh Everett IT Specialist IBM Manchester, UK 2013 IBM Corporation

Please Note IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. 2 2013 IBM Corporation

Agenda DataPower Quick Overview What s new in DataPower Virtual Edition What s new in DataPower v6.0 3 2013 IBM Corporation

Introduction to DataPower Gateway Appliances IBM DataPower Gateway Appliances are the industry-leading Security & Integration gateways that help provide security, control, integration and optimized access to a full range of Mobile, Web, API, SOA, B2B and Cloud workloads 4 2013 IBM Corporation

IBM Integration Bus and Integration Gateway IBM Integration Bus: IBM s Strategic Integration Technology Single engineered product for.net, Java and fully heterogeneous integration scenarios DataPower continues to evolve as IBM s integration gateway IBM DataPower: IBM s Strategic Integration Gateway Highly secure configurable appliance To integrate and optimise access to web, mobile, and API workloads beyond the enterprise Complements IBM Integration Bus Integration Gateway Integration Bus Edge 5 2013 IBM Corporation

IBM DataPower Gateway Appliances Security & Integration Gateway Appliances Internet DMZ Trusted Domain Consumer DataPower DataPower Application or Service Consumer Securely expose enterprise data to external consumers/partners, while optimizing delivery of the workload Securely connect apps/services within the enterprise, while optimizing delivery of the workload and providing integration including XML offload, message validation/filtering, message/transport protocol transformation, traffic control/quota enforcement, SOA governance & management, dynamic routing & intelligent load distribution Physical appliance that is purpose-built, tamper-evident with simplified deployment combining superior performance, hardened security, increased ROI and reduced TCO Provides high levels of certified Security assurance e.g. Transport Protocol Security (SSL/TLS), Message Level Security, and Authentication, Authorization, Audit Simplified maintenance model Drop-in appliance form-factor, Secures traffic in minutes, and Push-button flash upgrade process Over a decade of innovation. 2000 worldwide installations. 10,000+ physical units sold Virtual appliance provides deployment flexibility & reduced cost for development and test environments 6 2013 IBM Corporation

DataPower appliances used across a variety of scenarios Internet DMZ Trusted Domain Consumer Application or Service DataPower DataPower System z Consumer Trading partners 1 Security Gateway (Web Services/Apps/APIs) 2 Intelligent Content Routing & Load Distribution 3 B2B Partner Gateway 4 Internal Security Enforcement 5 Integration 6 Runtime SOA Governance 7 Web Service Management 8 Legacy Integration IBM Integration Bus Application Service File 7 2013 IBM Corporation

Use appliances to simplify & centralize critical functions Secure, control, integrate & optimize multiple applications without code changes Lower cost and complexity Enable new business with unmatched performance Before DataPower Appliances After DataPower Appliances Secure Control Integrate Route & Optimize Update application servers individually Secure, control, integrate, & optimize all applications instantly No changes to applications 8 2013 IBM Corporation

Service Providers IBM DataPower Gateway Appliance capabilities Security Resilience OAuth, SAML, XACML, WS- Security, LTPA, Kerberos, etc Authentication & authorization Security token translation Message & transport protection Integration Convert payloads (JSON, XML, CSV, Cobol, binary, etc) Bridge transports (HTTP, MQ, FTP, WAS JMS, TIBCO EMS, etc) Database connectivity (DB2, IMS, Oracle, MS SQL, Sybase) Mainframe integration (IMS Connect, IMS Callout, CICS, etc) B2B integration (AS1,AS2,AS3,etc) Operation admission control Failure re-routing XML threat protection JSON threat protection Schema validation Messages filtering Control Service-level agreements Traffic control Message accounting Content-based routing Governance & management Optimization SSL & TLS offload Hardware accelerated crypto ops XSLT & XQuery acceleration JSONiq acceleration Connection pooling, offload Intelligent load distribution Caching: Local & external (XC10) In-the-Clear Request Encrypted and Signed Request Clients Malicious Request 9 2013 IBM Corporation Cobol/MQ Cobol/ MQ Appl

DataPower Family Service Gateway XG45 Entry-level device, slim footprint (1U) Security gateway (AAA, XML threat, etc) Service level management and monitoring Intelligent load distribution & dynamic routing Lightweight integration functions (optional) Available in Virtual Edition Integration Appliance XI52 High density 2U form, XG45 functionality plus Any-to-Any conversion at wire-speed Bridges multiple transport protocols Mainframe integration & enablement Available in Virtual Edition Integration Blade XI50B/XI50z Functionally equivalent to XI52 Form factor flexibility XI50B: BladeCenter form factor XI50z: zenterprise BladeCenter Extension (zbx) form factor B2B Appliance XB62 High density 2U form, XI52 functionality plus B2B Messaging (AS1/AS2/AS3/ebMS) Trading Partner Profile Management B2B Transaction Viewer 10 2013 IBM Corporation

DataPower Gateway Appliances Over a decade of innovation & over 2000 worldwide installations Government Agencies and ministries Defense and security organizations Crown corporations Banking Majority of the big US and European banks All of the big 5 Canadian banks Numerous regional banks and credit unions Insurance Used by 95% of top global insurances firms SaaS providers, ASPs, regulators, etc. Many, many, more Healthcare Retailers Utilities, Power, Oil and Gas Telecom Airlines etc. 11 2013 IBM Corporation

Agenda DataPower Quick Overview What s new in DataPower Virtual Edition What s new in DataPower v6.0 12 2013 IBM Corporation

IBM DataPower Virtual Edition Deployment flexibility & reduced cost for development and test environments Business Value: Industry-leading workload security, optimization, and integration functionality similar to the corresponding physical DataPower appliance models A flexible, cost effective Security & Integration Gateway for non-production environments A production solution for environments not suitable for physical appliance deployment Business Integration What s new: WebSphere DataPower XG45 & XI52 physical appliance functionality in a virtual appliance form-factor running on VMware hypervisor on x86 servers, IBM PureApplication System W1500, & IBM Workload Deployer platforms Ability to upgrade & downgrade firmware similar to physical appliances Seamless configuration migration between physical and virtual appliances Powered by a purpose-built platform including an embedded, optimized DataPower Operating System x86 Server DataPower Appliances extend its market leading Security & Integration Gateway functionality into Virtual Appliances providing deployment flexibility Available Now 13 2013 IBM Corporation

IBM DataPower Virtual Edition: Overview Product Name Functionality Version Pricing WebSphere DataPower Service Gateway XG45 Virtual Edition (Passport Advantage Product ID: 5725-J90) WebSphere DataPower Integration Appliance XI52 Virtual Edition (Passport Advantage Product ID: 5725-J91) Same workload security, optimization, & integration functionality as the corresponding physical appliance model. Exceptions, besides lack of physical security features (e.g. tamper-resistant hardware), include capability implemented or enhanced via hardware in physical appliances: No Hardware Security Module (HSM) support for FIPS 140-2 Level 3 compliance No hardware acceleration support for cryptographic operations Seamless configuration migration, through export/import feature, between physical and virtual appliances Full-appliance secure backup/restore only works within the same form factor, i.e. virtual to virtual & physical to physical Each virtual appliance is powered by a purpose-built platform and includes an embedded, optimized DataPower Operating System Uses signed/encrypted firmware images like physical appliances, doesn t allow installation of other software Uses scrypt4 format firmware image (scrypt2/3 used for physical appliances), does not run or support firmware prior to v5.0.0 Two functionally equivalent versions, Production & Non-Production, for each product. Each licensed and priced separately: XG45 Virtual Edition for Non-Production Environments: For non-production use. Includes following optional features at no additional cost: Application Optimization, Data Integration Module XG45 Virtual Edition: For production use. All optional features must be ordered separately, all are field upgradeable. ** Both XG45 Virtual Edition versions include Tivoli Access Manager feature in the base product like physical appliance models XI52 Virtual Edition for Non-Production Environments: For non-production use. Includes following optional features at no additional cost: Application Optimization, Database Connectivity, Tivoli Access Manager ** TIBCO EMS option must be ordered separately XI52 Virtual Edition: For production use. All optional features must be ordered separately, all are field upgradeable. Priced based on Processor Value Unit (PVU). Available through Passport Advantage. Hypervisor VMware ESX v4.0 Update 2, v4.1 OR ESXi v4.0 Update 2, v4.1, v5.0, v5.1 Platform x86 Servers, IBM PureApplication System W1500, IBM Workload Deployer utilizing x86 hardware Requirements Minimum virtual resources for each virtual edition appliance: 4 vcpu (i.e. virtual core) and 4GB RAM Package 14 Delivered as an Open Virtualization Archive (OVA) package 2013 IBM Corporation

Agenda DataPower Quick Overview What s new in DataPower Virtual Edition What s new in DataPower v6.0 15 2013 IBM Corporation

What s New Summary IBM DataPower Gateway Appliances extend industry-leading service-oriented architecture (SOA) and business-to-business (B2B) security, control, optimization, and integration capabilities to web, mobile, and API workloads 16 2013 IBM Corporation

6 DataPower Secure. Integrate. Optimize. Secure integration Securely integrate API, Web & Mobile workloads, in addition to SOA & B2B Pattern-based configuration Create & deploy common configuration patterns for reduced time to value, improved productivity & quality Mobile-ready security gateway Secure & optimize delivery of Mobile applications & integrate with IBM Worklight System z integration Easily consume external web services from IMS & expose IMS data as a service Faster consistent response time Reduce load on back-end systems and optimize delivery through local & external caching and intelligent load distribution Deployment flexibility Use physical or virtual appliance with seamless configuration migration 17 2013 IBM Corporation

Secure, integrate & optimize access to Web, Mobile & API workloads IBM DataPower Gateway Appliance v6.0 Business Value: Secure integration of Web, Mobile, API, SOA & B2B workloads in a single, highly secure, highly consumable, DMZ-ready appliance Operational agility for WAS Network Deployment environments Fast & consistent response time for enterprise applications including mobile & web apps with local & external caching reducing load on back-end systems Enhanced System z integration with IMS systems for reduced TCO Faster time to value & improved developer productivity with configuration pattern-authoring & deployment support Business Integration What s new: Provides the API gateway functionality for IBM API Management V2.0 Quick integration with IBM Worklight to secure mobile web traffic Improved REST services handling with native JSON support including schema validation & query, extract, filter & transform through JSONiq New XML data query, extraction & manipulation support with XQuery 1.0 Enhanced security with improved OAuth 2.0 and new support for Kerberos constrained delegation & TLS 1.1/1.2 Improved WS-MediationPolicy consumption from WSRR & SLAs for non- SOAP traffic Embedded On-Demand Router functionality for WAS ND environments Optimized application delivery with response caching on-the-box & seamless integration with elastic caching XC10 appliances New System z integration capabilities allowing IMS transactions to easily consume external web services & easy consumption of IMS data as a service Simple ability to create & deploy common DataPower configuration patterns DataPower Appliances extend its market leading Security & Integration Gateway for Web, Mobile & API workloads, in addition to SOA & B2B, reducing infrastructure complexity & lowering TCO 18 2013 IBM Corporation

IBM API Management V2.0 (On-Premise) Secure, control and optimize access to APIs through DataPower Create, Manage, Socialize APIs Dev Ops Dashboard for easy assembly of new APIs and to secure and manage APIs from an IT Ops perspective, API lifecycle mgmt Business Ops Dashboard with analytics and controls to publish APIs, document APIs, set quotas, manage communities and monitor service levels Application Developer Portal with Self-Service registration and with hooks into social communities On-Premise DMZ-ready API Gateway Rapid on-ramping of APIs API security; SSL termination, Threat protection, Authentication, Authorization with OAuth Quota enforcement / Traffic control; Enforce API consumption policies Monitors API use Caching support for both on-box local and remote caching using XC10 Intelligent routing and load distribution Enterprise Services App Developer Portal DataPower Dev Ops Dashboard Web Apps On Premise Business Ops Dashboard 19 2013 IBM Corporation Mobile

IBM API Management V2.0 IBM API Management (On-Premise) Secure, Control, Optimize API Gateway Create, Publish, Manage, Socialize Create (Assemble) DataPower XG45 w/ DIM & AO option, XI50, XI50B, XI52 w/ AO option REQUIRED component Physical or Virtual Purchase new or re-use existing appliances IBM API Management 2 Hypervisor Installs 1 Solution, 1 Pane of Glass Cast Iron Standard Edition OPTIONAL component Physical or HVE Purchase new or re-use existing appliances 20 2013 IBM Corporation Available in IBM API Management V2.0 & DataPower V6.0

Connect Mobile Apps with Enterprise Apps & Services Security, Control, Integration & Optimization of mobile workload Securely expose enterprise data to Mobile Apps while optimizing delivery of the workload Message Oriented, Legacy Apps IBM DataPower Gateway Appliance Worklight, WAS ND e.g. REST (JSON/XML) over HTTPS SSL Offload Threat Protection Rate Limiting Validation, Filtering now with Native JSON Support** Authentication Authorization Security Token Translation Transformation Content-Based Routing Intelligent Load Distribution now with On Demand Router for WAS ND** Response Caching Locally or to XC10 ** e.g. SOAP over HTTPS Web Apps, Services Enhanced form-based authentication support for quick integration with Worklight applications running on mobile devices ** Ready-to-use configuration pattern as reverse proxy & security policy enforcement point in front of Worklight Server** 21 2013 IBM Corporation ** Available in DataPower firmware version 6.0

XQuery 1.0 Flexible XML data manipulation Query, extract, filter, transform XML messages using XQuery 1.0 Efficient data query & manipulation of XML Simple scripting language syntax provides ease of use Built-in functions & FLWOR statements improve productivity & reduce LoC INPUT <orders> <order><first>john</first> <last>smith</last><sku>20223</sku><price>23.95</price> </order> <order><first>alice</first><last>brown</last><sku>54321</sku><price>199.95</price></order> <order><first>john</first> <last>smith</last><sku>23420</sku><price>104.95</price></order> <order><first>bob</first> <last>green</last><sku>90231</sku><price>300.00</price></order> <order><first>scott</first><last>jones</last><sku>54321</sku><price>199.95</price></order> <order><first>jim</first> <last>lee</last> <sku>89820</sku><price>46.50</price> </order> </orders> FLWOR: For Let Where Order by Return Query orders with purchase of at least $100 <gold-customers> { for $x in orders/order where $x/price >= 100.00 order by $x/last return <customer first="{$x/first}" last="{$x/last}" /> } </gold-customers> XQuery is not XML! <?xml version="1.0" encoding="utf-8"?> <gold-customers> <customer first="alice" last="brown"/> <customer first="bob" last="green"/> <customer first="scott" last="jones"/> <customer first="john" last="smith"/> </gold-customers> OUTPUT 22 2013 IBM Corporation

Native JSON Support Enhanced security & control for REST services JSON is now a first class, native format on DataPower similar to XML High-speed parsing and tuned compilation with native execution JSON schema validation: Security & input validation Built-in validate action Support for draft 3 of IETF specification (http://tools.ietf.org/html/draft-zyp-json-schema-03) JSON Message { "name" : "John Smith", "sku" : "20223", "price" : "23.95", "shipto" : { "name" : "Jane Smith", "address" : "123 Maple Street", "city" : "Pretendville", "state" : "NY", "zip" : "12345" }, "billto" : { "name" : "John Smith", "address" : "123 Maple Street", "city" : "Pretendville", "state" : "NY", "zip" : "12345" } } { } "type": "object", "properties": { "name": { "type": "string" }, "sku": { "type": "string" }, "price": { "type": "number", "minimum": 0 }, "shipto": { "type": "object", "properties": { "name": { "type": "string" }, "address": { "type": "string" }, "city": { "type": "string" }, "state": { "type": "string" }, "zip": { "type": "string" } } }, "billto": { "type": "object", "properties": { "name": { "type": "string" }, "address": { "type": "string" }, "city": { "type": "string" }, "state": { "type": "string" }, "zip": { "type": "string" } } } } JSON Schema 23 2013 IBM Corporation

Native JSON Support Enhanced security & control for REST services JSON is now a first class, native format on DataPower similar to XML High-speed parsing and tuned compilation with native execution Query, extract, filter, transform JSON messages using JSONiq Extension to XQuery: Like SQL for JSON and XML Efficient data query and manipulation of JSON Support for JSONiq spec 0.4.42 (http://jsoniq.org/docs/spec/en-us/html-single/index.html) INPUT [{ "given" : "John", "surname" : "Smith", "sku" : "20223", "price" : 23.95}, { "given" : "Alice", "surname" : "Brown", "sku" : "54321", "price" : 199.95}, { "given" : "John", "surname" : "Smith", "sku" : "23420", "price" : 104.95}, { "given" : "Bob", "surname" : "Green", "sku" : "90231", "price" : 300.00}, { "given" : "Scott", "surname" : "Jones", "sku" : "54321", "price" : 199.95}, { "given" : "Jim", "surname" : "Lee", "sku" : "89820", "price" : 46.50}] { "name" : "John Smith", "sku" : "20223", "price" : "23.95", "shipto" : { "name" : "Jane Smith", "address" : "123 Maple Street", "city" : "Pretendville", "state" : "NY", "zip" : "12345" }, "billto" : { "name" : "John Smith", "address" : "123 Maple Street", "city" : "Pretendville", "state" : "NY", "zip" : "12345" } } Extract shipping address declare namespace output = "http://www.w3.org/2010/xslt-xquery-serialization"; declare option jsoniq-version "0.4.42"; declare option output:method "json";.("shipto") Filter shipment to Hawaii declare namespace output = "http://www.w3.org/2010/xslt-xquery-serialization"; declare option jsoniq-version "0.4.42"; declare option output:method "json"; if (.("shipto")("state") = "HI") then fn:error(fn:qname('http://example.org/mine', 'myerr:noshiphi'), 'Sorry, we do not ship to Hawaii.') Transform to XML declare option jsoniq-version "0.4.42"; <order> <name>{.("name")}</name> { "name" : "Jane Smith", "address" : "123 Maple Street", "city" : "Pretendville", "state" : "NY", "zip" : "12345" } *** ABORTED: Error noshiphi: Sorry, we do not ship to Hawaii. 24 <price>{.("price")}</price> 2013 IBM Corporation <state>{.("shipto")("state")}</state> </order> Query members with purchase of at least $100 declare option jsoniq-version "0.4.42"; for $x in jn:members(.) where $x("price") >= 100.00 order by $x("surname") return concat($x("given"), ' ', $x("surname"), ' ') Alice Brown Bob Green Scott Jones John Smith <?xml version="1.0" encoding="utf-8"?> <order><name>john Smith</name><price>23.95</price><state>NY</state></order> OUTPUT

Security Enhancements Enhanced OAuth 2.0 support & additional features enable new security use cases OAuth is an open standard for authorization. It provides a method for resource owners to grant limited access to their resources to third party client applications without sharing credentials. New OAuth 2.0 specification support Public Client & Implicit Grant Type Enables Clients that cannot keep their credentials confidential or can only support simple authorization flows Browser-based & native applications including mobile ones Refresh Token Allows Clients to obtain new access tokens upon expiration without going through initial login sequence Additional new features SSL Client Certificate Authentication Method Client can provide it s certificate for authentication rather than a secret (i.e. 2-way SSL aka SSL mutual authentication Revoke Token Provides better flexibility & control to Client & Resource Owner, either can revoke Client can revoke to logout Resource Owner can revoke in case of compromised password or lost mobile device 25 2013 IBM Corporation

Security Enhancements Enhanced transport and message security Kerberos constrained delegation (S4U2Proxy) Preserve the client identity from the incoming Kerberos ticket for the backend service when DataPower is acting as a proxy Transport Layer Security (TLS) 1.1 & 1.2 Helps meet security guideline (e.g. NIST SP 800-131A) LDAP Connection Pooling: Configured per XML Mgr ldap-search(), ldap-simply-query(), AAA Improve performance & reduce load on LDAP server Read Timeout Extension functions, AAA, CRL, RBM Handle slow or unresponsive LDAP server 26 2013 IBM Corporation

Security Enhancements Enhanced transport and message security SSL Proxy Service enhancements Forward proprietary protocol traffic with SSL across DMZ and within the enterprise SSL offload & termination New features Transaction timeout (address long lived connections) Max client connection limit (configurable) Client-side idle timeout (address misbehaving client) Server-side idle timeout (address misbehaving/over loaded server) Additional logging & improved reliability Application Application Servers Servers WAS ND Cluster WAS ND Cluster ISAM (formerly TAM) integration enhancements Support for 6.1.1 and 7.0 Support co-existence of multiple registry type Ships four ISAM client library versions in the firmware and allows user to select the version 6.0, 6.1, 6.1.1, 7.0 (XG45, XI52, XB62, XI50B, VE) If ISAM server undergoes an upgrade, then appropriate DataPower ISAM client can be selected to match TLS 1.2 or NIST compliance option for ISAM 7.0 27 2013 IBM Corporation

MPGW SLA & WS-MediationPolicy Support Flexible traffic control policy consumption & enforcement for non-soap traffic Capability added to Multi-Protocol Gateway Service (MPGW) to enforce business requirements by consuming WS-MediationPolicy from WSRR Subscriptions and as locally attached policy for non-soap traffic Implement Service Level Agreements (SLA) enforcement on DataPower via declarative policy documents without manually creating DataPower configuration artifacts WSRR DataPower Visibility and Control Reduce costs and increase operational efficiency of enterprise boundaries Increase enterprise agility through rapid realization of policies and SLAs in response to business change Centrally manage and govern service and associated policies exposed at service gateway Subscribed to a collection of services defined by WSRR saved search WebBankingServicesQuery Can also subscribe directly to a Service Version Enable automatic deployment of operational policies and SLA to service gateways 28 2013 IBM Corporation

Traffic Control Policy Management & Enforcement WSRR Model Policy & SLAs Policy Admin / Operations Manage Policies & Services SLA Policy Consume & enforce DataPower App1 Enforce Policy & SLAs App2 Service 29 2013 IBM Corporation

Optimization: Intelligent Routing & Load Distribution Operational agility for WAS ND environments Embedded On Demand Router (ODR) to intelligently route HTTP traffic to WAS ND Intelligent routing & load distribution to backend WAS ND environments, including those running Worklight Server, based on dynamic, real-time topology, application and workload information ODR is central to providing the Intelligent Management features of WAS Automatic routing: discovers & recognizes all changes which affect routing Application edition routing: upgrade applications without incurring outages Multi-Cell routing: Automatically route to different application in multiple cells Weighted Least Outstanding Request (WLOR) load balancing: Quickly redirect traffic away from slow and hung backends Automatically populate custom headers needed by WAS to process traffic High available control connection to WAS: REST-based service automatically available on dmgr and nodeagent When to use ODR compared to current AO ILD support? Whenever you have a WAS backend More OOTB functionality: Multi-Cell routing, header population, does not require installation of application on WAS, etc Smaller configuration footprint: Requires much less configuration on DataPower, connect once and go Built-in high availability of control connection to retrieve dynamic information from WAS Consistent technology across DP and IBM HTTP Server (IHS) Requires Application Optimization software option Cell 1 ` Clients DataPower w/ ODR Cluster 1 Cell 2 Cluster 2 Cluster 3 DataPower performs dynamic routing and load distribution 30 leveraging dynamic information from back-ends 2013 IBM Corporation WAS ND Environment

Reduced time to value with integrated Gateway & Caching appliances Off-box Caching integration with XC10 appliances already available Out-of-the-box one-click configuration options provide efficient and secure cache operations Encrypt/decrypt data stored in the XC10 Obfuscate the cache key used to identify a data item Sub-second timeout on cache requests Load balance requests across a collective of XC10 instances Remotely manage and monitor XC10 data grid directly from DataPower management interface Create data grid on XC10 Clear data grid on XC10 View high-level cache statistics to verify effectiveness of caching policies Greatly reduce the number of lines of XSLT required to interact with XC10 from a DataPower processing policy Define XC10 data grid to DataPower once and reuse in multiple policies Easy to use XC10-specific URL format for use with standard url-open extension function Automatically manage HTTP session cookies required by XC10 REST gateway interface 31 2013 IBM Corporation ** Available in DataPower firmware version 5.0.0.4

Low Load Low Load Optimization: Backend Response Caching Accelerate workload delivery & reduce load on backend systems Policy-driven local on-box HTTP(s) backend response caching & seamless integration with XC10 appliances for off-box, shared, elastic caching Built into base product Improve client observed response time Local on-box caching Utilizes appliance memory Unique to individual appliance Reduce backend server load Improve system throughput Client 1 3 Fast Response Time DataPower Slow Response Time 2 Provider External off-box caching Utilizes XC10 appliances Distributed, shared & elastic cache accessed across multiple appliances Client Features Cache HTTP(s) GET, PUT, POST requests Smart RESTful cache invalidation Return stale documents Supports cache validation requests Cache based on HTTP 1.1 cache control headers Supports user-defined cache key Little to no XSLT required Fast Response Time DataPower REST DataPower XC10 Provider 32 2013 IBM Corporation 1 5 2 4 Slow Response Time 3

Enhanced value for System z & IMS New integration capabilities between DataPower and IMS IMS Callout feature allows IMS transactions to easily consume external web services via DataPower, with minimal application updates required Requires one of the following models: XI52, XI52 VE, XI50B, XB62 IMS Callout Service Provider IMS DB feature supports DataPower integration with IMS database through SQL interface Enrich messages with database content Expose data as a service to remote applications Requires one of the following models: XG45 or XG45 VE (with Database Integration Module option) XI52, XI52 VE or XI50B (with Database Connectivity option) XB62 ` SOAP / REST DataPower TCP/IP IMS Connect IMS O T M A Service Consumer App1 App2 ` Client SOAP / REST DataPower DRDA 33 2013 IBM Corporation

Improved User Experience: Pattern-based Configuration Reduce time-to-value, increase productivity & quality of DataPower solutions Reduce time to value through accelerated user configuration & deployment for both new & experienced users Increase developer productivity by leveraging working examples of common use cases Improve quality & scale expertise through reuse of configuration created by skilled roles Patterns capture a tested solution to a common recurring use case Built-in, easy-to-use, new interface for creating & deploying common DataPower configuration patterns Create service pattern for reuse Browse patterns Deploy new service from pattern Ships with 10 Pre-built patterns for common web application & web services scenarios Supports user-defined patterns 34 2013 IBM Corporation

Secure, integrate & optimize access to Web, Mobile & API workloads IBM DataPower Gateway Appliance v6.0 Business Value: Secure integration of Web, Mobile, API, SOA & B2B workloads in a single, highly secure, highly consumable, DMZ-ready appliance Operational agility for WAS Network Deployment environments Fast & consistent response time for enterprise applications including mobile & web apps with local & external caching reducing load on back-end systems Enhanced System z integration with IMS systems for reduced TCO Faster time to value & improved developer productivity with configuration pattern-authoring & deployment support Business Integration What s new: Provides the API gateway functionality for IBM API Management V2.0 Quick integration with IBM Worklight to secure mobile web traffic Improved REST services handling with native JSON support including schema validation & query, extract, filter & transform through JSONiq New XML data query, extraction & manipulation support with XQuery 1.0 Enhanced security with improved OAuth 2.0 and new support for Kerberos constrained delegation & TLS 1.1/1.2 Improved WS-MediationPolicy consumption from WSRR & SLAs for non- SOAP traffic Embedded On-Demand Router functionality for WAS ND environments Optimized application delivery with response caching on-the-box & seamless integration with elastic caching XC10 appliances New System z integration capabilities allowing IMS transactions to easily consume external web services & easy consumption of IMS data as a service Simple ability to create & deploy common DataPower configuration patterns DataPower Appliances extend its market leading Security & Integration Gateway for Web, Mobile & API workloads, in addition to SOA & B2B, reducing infrastructure complexity & lowering TCO 35 2013 IBM Corporation

DataPower resources IBM DataPower Web Page (support, technotes, doc) http://www-01.ibm.com/software/integration/datapower/ developerworks DataPower Discussion Area http://www.ibm.com/developerworks/forums/forum.jspa?forumid=1198 Vast library of published articles: http://www.ibm.com/developerworks/websphere/zones/businessintegration/dp.html (Also search for DataPower within WebSphere, SOA/Web Services and XML ) http://www.ibm.com/developerworks/views/websphere/libraryview.jsp (Search DataPower ) IBM Redbooks: http://www.redbooks.ibm.com/cgi-bin/searchsite.cgi?query=datapower IBM WebSphere DataPower SOA Appliance Handbook http://www.amazon.com/ibm-websphere-datapower-appliance-handbook/dp/0137148194 YouTube: http://www.youtube.com/watch?v=uwybdviv5ts&feature=channel DataPower Podcasts: http://www.ibm.com/podcasts/software/websphere/datapower/index.rss www.ibm.com/software/integration/datapower 36 2013 IBM Corporation

37 2013 IBM Corporation

Legal Disclaimer IBM Corporation 2013. All Rights Reserved. The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. If the text contains performance statistics or references to benchmarks, insert the following language; otherwise delete: Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. If the text includes any customer examples, please confirm we have prior written approval from such customer and insert the following language; otherwise delete: All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. Please review text for proper trademark attribution of IBM products. At first use, each product name must be the full name and include appropriate trademark symbols (e.g., IBM Lotus Sametime Unyte ). Subsequent references can drop IBM but should include the proper branding (e.g., Lotus Sametime Gateway, or WebSphere Application Server). Please refer to http://www.ibm.com/legal/copytrade.shtml for guidance on which trademarks require the or symbol. Do not use abbreviations for IBM product names in your presentation. All product names must be used as adjectives rather than nouns. Please list all of the trademarks that you use in your presentation as follows; delete any not included in your presentation. IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both. If you reference Adobe in the text, please mark the first use and include the following; otherwise delete: Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. If you reference Java in the text, please mark the first use and include the following; otherwise delete: Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. If you reference Microsoft and/or Windows in the text, please mark the first use and include the following, as applicable; otherwise delete: Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. If you reference Intel and/or any of the following Intel products in the text, please mark the first use and include those that you use as follows; otherwise delete: Intel, Intel Centrino, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. If you reference UNIX in the text, please mark the first use and include the following; otherwise delete: UNIX is a registered trademark of The Open Group in the United States and other countries. If you reference Linux in your presentation, please mark the first use and include the following; otherwise delete: Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others. If the text/graphics include screenshots, no actual IBM employee names may be used (even your own), if your screenshots include fictitious company names (e.g., Renovations, Zeta Bank, Acme) please update and insert the following; otherwise delete: All references to [insert fictitious company name] refer to a fictitious company and are used for illustration purposes only. 38 2013 IBM Corporation