Presentation material used to discuss DataPower during the WI UG in IBM Hursley UK on 13 July 2015

1. © 2015 IBM Corporation
IBM DataPower Gateways
Overview and Roadmap
Hugh Everett
IBM Technical Sales
IBM Manchester, UK
+44-7711-059360
Hugh_Everett@uk.ibm.com

2. © 2015 IBM Corporation2
Agenda
 DataPower Gateway Overview
 Recent Releases
 Roadmap
 Q&A

3. © 2015 IBM Corporation33
DataPower Gateways …
3
IBM DataPower Gateways provide a low startup cost,
helping clients increase ROI and reduce TCO with
specialized, consumable, dedicated gateway appliances that
combine superior performance and hardened security in
physical and virtual form factors
INTEGRATE Systems of Engagement with Systems of Record
CONTROL & MANAGE Traffic and Service Level Agreements
SECURE Mobile, API, Web, SOA, B2B and Cloud Workloads
OPTIMIZE Data Delivery and User Experiences
CONSOLIDATE & Simplify Infrastructure Footprint

4. © 2015 IBM Corporation4
• Used by 95% of top global insurances
firms
• SaaS providers, ASPs, regulators, etc.
• Agencies and ministries
• Defense and security organizations
• Crown corporations
Insurance
Government
Banking
• Healthcare
• Retailers
• Utilities, Power, Oil and Gas
• Telecom
• Airlines
• Others
Many, many, more
• Majority of the big US and European
banks
• All of the big 5 Canadian banks
• Numerous regional banks and credit
unions
DataPower Gateways
Over 14 years of innovation & over 2,000 global installations

5. © 2015 IBM Corporation5
5
Business & IT Trends
• Enterprises are exposing new electronic channels, to serve:
• Customer (web and mobile apps)
• Employee (web and mobile apps)
• Partners (B2B)
• Developers (APIs)
• Focus on demands of Systems of Engagement for scale,
responsiveness, control & security for accessing System of Records
• Virtualized data centers & cloud deployments are the new norm
• Fragmented “edge” capabilities create operational complexity
• Threat protection, traffic management, protocol mapping,
transformation, caching, authentication & authorization (AAA), single
sign-on, metering and analytics, optimization

6. © 2015 IBM Corporation6
B2B Gateway
API Gateway
API Gateway
Single Policy-driven & Extensible Security & Integration Gateway
Connectivity Control &
Visibility
Advanced
Access Security
Advanced Threat
Protection
Performance
Optimization
Data Security
DataPower Gateway
(Physical or virtual)
DataPower Gateway
(Physical or virtual)
Runtime security enforcement | Traffic control & monitoring | Integration | Optimization
Web Access
Management
Web
Servers
On-demand Router
WebSphere VE
WAS ND
Load Balancer
ADC
Yesterday
Today
Internet
Internet
Mobile/API Gateway
Web Application
Firewall
Consolidate the Edges
Apps, Services,
Middleware,
z System
Apps, Services,
Middleware,
z System
SOA / ESB Gateway
B2B Gateway

7. © 2015 IBM Corporation7
Enterprise
Applications
and Systems
DEVELOPERSPARTNERS CONSUMERS
EMPLOYEES
WEBMOBILEB2B SOA APIS
PARTNERS
DEVELOPERS
Business
Channels
Users
Security &
Control
Solutions
CLOUD
ALL
CONSUMERS
EMPLOYEES
Converged, Multi-Channel Gateway for Edge Processing
Reduce cost + improve security & control
Gateway services in
Cloud
Virtual appliance in
Public & Private Cloud Physical appliance
z SystemMiddleware
ESBApplication Service

8. © 2015 IBM Corporation8
 Simple Architecture: Firmware + purpose built hardware
 Guiding philosophy is to centralize common security,
integration, control, and traffic management functions
and optimize them in a security-hardened appliance
Simple and Secure Platform Architecture
Display
Ports
database
config
App
Server
config
Apache
HTTPD
config
JVM
config
Proprietary
Software
config
Linux Daemons
config
JSP
Engine
glibclibxml
Full Linux OS
(including shells and user accounts)
config
Bootable
CDROM
Drive
Bootable
USB
Ports
Hardware
Commodity Gateways
config
Hardware
DataPower Gateway
Digitally Signed and Encrypted
Firmware
Flash
Memory
Crypto
Acceleration
IBM Optimized Embedded Operating Environment
Purpose-built Gateways

9. © 2015 IBM Corporation9
Purpose-Built API Gateway for Microservices Architecture
Trusted Platform Module
(TPM)
Hardware Accelerated
Crypto Card
No DVD/CD Drives &
Working USB Ports
Intrusion Detection
Switch
HSM Module for FIPS
140-2
Signed & Encrypted
Firmware
Secured & Optimized
XSLT & JavaScript
Compiler
Encrypted Flash
Storage

10. © 2015 IBM Corporation10
IBM DataPower Gateway Appliances are the industry-leading
Security & Integration gateways that help provide security, integration, control
and optimized access to a full range of
Mobile, Web, API, SOA, B2B, & Cloud workloads
Common Use Cases
Internet Trusted Domain
Consumer
Application or Service
DMZ
Trading partners
1 Mobile Gateway
2 API Gateway
3 Web Gateway
4 B2B Partner Gateway
5 SOA & API Gateway
6 ESB / Integration Gateway
7 Internal Security Enforcement
8 Web Services Governance & Management
9 Legacy Integration
Consumer
Middleware
z System
DataPower Gateway DataPower Gateway

11. © 2015 IBM Corporation11
Features
Before DataPower Gateway After DataPower Gateway
Control
Integrate
Optimize
Secure
Consumer
Consumer
Consumer
Consumer
Simplify, offload & centralize critical functions
Integrate
Any-to-any message
transformation
Transport protocol
bridging
Message enrichment
Database connectivity
Mainframe connectivity
B2B trading partner
connectivity
Control OptimizeSecure
SSL / TLS offload
Hardware accelerated
crypto operations
JSON, XML offload
JavaScript, JSONiq, XSLT,
XQuery acceleration
Response caching
Intelligent load
distribution
Service level management
Quota enforcement, rate
limiting
Message accounting
Content-based routing
Failure re-routing
Integration with
management & visibility
platforms
Authentication,
authorization, auditing
Security token translation
Threat protection
Schema validation
Message filtering &
semantics validation
Message digital signature
Message encryption

12. © 2015 IBM Corporation12
Modules
ISAM Proxy Module
 User access control, session
management, web SSO enforcement
 Advanced mobile security: mobile
SSO, context-based access, one-
time password, multi-factor authn
 Integration with ISAM for Mobile
Application Optimization
Module
 Frontend self-balancing
 Backend intelligent load distrib’n (ADC)
 Session affinity
 z Sysplex Distributor integration
Integration
Module
 Any-to-Any message transformation
 Database connectivity
 Mainframe IMS connectivity
B2B Module
 B2B DMZ gateway
 EDIINT AS1,AS2,AS3,ebXML
 Partner profile management
 B2B transaction viewer
 Any-to-Any message transformation
 Database connectivity
TIBCO EMS
Module
 Integrate with TIBCO EMS
messaging middleware
 Support for queues & topics
 Load balancing & fault-tolerance
IBM DataPower Gateway (Base)
Secure
 Authentication, authorization
 Security token translation
 Service / API virtualization
 Threat protection
 Message validation
 Message filtering
 Message digital signature
 Message encryption
 AV scanning integration
Integrate
 Transport protocol bridging
 Message enrichment
 Message transformation &
processing using JavaScript,
JSONiq, XQuery, XSLT
 Mainframe integration &
enablement
 Flexible pipeline message
processing engine
Control & Manage
 Service level management
 Quota & rate enforcement
 Content-based routing
 Message accounting
 Integration w/ management &
visibility platforms including
IBM API Management &
WSRR for policy enforcement
Optimize & Offload
 SSL / TLS offload
 Hardware accelerated crypto*
 JSON, XML offload
 JavaScript, JSONiq, XSLT,
XQuery acceleration
 Local response caching
 Distributed caching with WXS
or XC10
 Backend load balancing
2U Physical or Virtual Edition
Single, modular & extensible platform (2 of 2)

13. © 2015 IBM Corporation13
Deployment options
 Purpose-built, DMZ-ready appliances
provide physical security
 High density 2U rack-mount design
 8 x 1 and 2 x 10 GbE ports
 Cryptographic acceleration card
 Trusted platform module
 Customized intrusion detection
 Optional HSM (FIPS 140-2 Level 3 certified)
 Virtual appliances provide deployment
flexibility
 Support multiple hypervisors and
cloud environments
− VMware
− Citrix XenServer
− IBM PureApplication System (x86 nodes)
− IBM PureApplication Service on
SoftLayer (x86 nodes)
− IBM SoftLayer bare metal instances
using supported hypervisors
VirtualPhysical

14. © 2015 IBM Corporation14
Virtual Edition
 DataPower gateway functionality in virtual appliance form
factor to rapidly secure, integrate, control & optimize
access to Mobile, API, Web, SOA & B2B workloads in
hypervisor & clouds platforms
 Use for development, test or production
 Supports multiple hypervisor & cloud platforms
 VMware
 Citrix XenServer
 IBM PureApplication System W1500/W2500
 IBM PureApplication Service on SoftLayer (x86)
 IBM SoftLayer bare metal instances on x86 nodes
 Seamless configuration migration between physical
and virtual appliances
 Utilizes the same industry-proven & purpose-built
platform including an embedded, optimized DataPower
Operating System, that powers the physical appliances
x86
Server
Delivers purpose-built, highly
consumable Security &
Integration Gateway functionality
in virtual appliance form factor for
cloud deployments

15. © 2015 IBM Corporation15
DataPower’ing IBM Bluemix!!!
• Security
• Control
• Filtering
• Content-Based Routing
• Load balancing
• Monitoring and Logging
Mobile
client
Bluemix
Tooling
VM
Application
Manager
App
App
App
App
Service
Service
Service
Service
Open Stack
External
ServiceExternal
Services
Internet
Did you know?
DataPower is trusted as the
exclusive gateway for Bluemix,
IBM’s global Platform as a Service

16. © 2015 IBM Corporation16
Agenda
 DataPower Gateway Overview
 Recent Releases
 Roadmap
 Q&A

17. © 2015 IBM Corporation17
 GatewayScript: A JavaScript runtime that is
secured, optimized and tuned for the gateway
environment to simplify configuration for developers
and provide an easier development paradigm for
Mobile, Web, & API
 New Virtual Edition for Developers provides a low
cost, per user pricing, and easy to use gateway for
developers
 Support for Citrix XenServer hypervisor provides
additional deployment flexibility on-premise & cloud
deployments
 WebSocket Proxy support enables full-duplex, bi-
directional, & low-latency communication for Mobile
& Web applications, Internet of Things
 Improved security & traffic control functionality in
support of IBM API Management offering
Highlights of DataPower v7.0
GatewayScript
Released
June 2014

18. © 2015 IBM Corporation18
• Secure JavaScript Processing Policy Action for manipulating Mobile, Web, API traffic
• Focuses on the “Developer” experience, with familiar and friendly constructs and APIs
• Why JavaScript
– Popular scripting language
– Large ecosystem
– Fast moving community driven
– Client & Server-side, now Gateway too
• New GatewayScript Processing Policy Action
– Transformation style processing policy action
– Access to gateway functions through APIs
• Attributes of GatewayScript
– Secure: transaction isolation, code injection protection, short lived execution, small footprint
– Manipulate with ease JSON and binary data. Implement your own format handling
– Performant
• Compiler technology & native execution. Leverages common infrastructure with XSTL
• Ahead of time compilation with caching, not single threaded
– Flexible and Modular
• Fully CommonJS Module compliant
• Port community developed feature and function where beneficial
GatewayScript Action
GatewayScript™

19. © 2015 IBM Corporation19
Highlights of IBM DataPower Gateway & V7.1
 Single multi-channel gateway platform to secure & optimize
delivery of mobile, API, web, SOA, B2B, cloud apps, and
integrate with IBM MobileFirst & WebSphere platforms
 Integrates industry-proven access enforcement capabilities of
IBM Security Access Manager into the DataPower platform,
available as add-on ISAM Proxy Module
 IBM DataPower Gateway is the new name of a consolidated,
extensible & modular platform
 Converges three existing products, XG45 / XI52 / XB62, into a
single modular offering
 Physical appliance uses purpose-built latest generation
hardware platform to provide increased performance & capacity
 Virtual appliance runs on VMware & Citrix XenServer
hypervisors and cloud platforms that support them
 Easy-to-use & secure B2B integration capabilities, formerly on
XB62 appliances only, available as add-on B2B Module
 Enable authentication from internet consumers & Non-Microsoft
consumers to Microsoft systems with Kerberos S4U2Self
support

20. © 2015 IBM Corporation20
New Cloud Offerings
Secure Gateway for Bluemix
Applications
Easier DevOps with new REST API
Secure. Integrate. Control. Optimize.
GatewayScript Enhancements
Robust Platform Security
7.2
Features
Deploy DataPower Gateways on Amazon
EC2 and SoftLayer CCI to provide
enhanced cloud elasticity for cloud
workloads.
Enhanced hybrid cloud integration to
securely connect between IBM Bluemix
applications and on-premise services
protected using DataPower Gateways
Protect mission-critical applications from
security vulnerabilities with enhanced TLS
protocol support using Elliptic Curve
Cryptography, Server Name Indication, and
Perfect Forward Secrecy
New REST-based management API to build
deployment and automation scripts, enabling
easier devops for continuous software
delivery and quicker problem resolution.
Enhanced Mobile and API security
Easily transform between XML and JSON
messages to quickly integrate System of
Records data sources with Systems of
Engagement interfaces
Increased mobile and API security for
protecting mission-critical transactions with
JSON Encryption, JSON Signature, JSON
Key, and JSON Token
Available
June 19th, 2015
Announce
May 26th, 2015

21. © 2015 IBM Corporation21
IBM API Management: One Integrated Platform
design, secure, control, publish, monitor & manage APIs
Explore API documentation
Provision application keys
Self-service experience
Developer Portal API Manager Management Console
Define and manage APIs
Explore API usage with analytics
Manage API user communities
Provision system resources
Monitor runtime health
Scale the environment
API Gateway
(IBM DataPower)
Enforce runtime policies to control API traffic

22. © 2015 IBM Corporation22
Integrated capabilities for Web and Mobile
Consolidated infrastructure with simpler topology & reduced TCO
Internet
Application
Server
Cluster
WAS ND,
MobileFirst,
Commerce,
Portal,
Process
Server
DataPower
Appliances
WebSphere
Extreme Scale
1
2
3
4
High availability
application gateway
Replacing existing
load balancers with
optional embedded
ADC module
Out-of-the-box WAS
proxy
•Intelligent load
balancing for WAS
ND clusters without
additional servers
•Application-specific
optimized routing &
session affinity
Enhanced caching capabilities
On-the-box cache with user-friendly
policy control and optional distributed
caching with seamless WXS integration
Gateway
Web Application Gateway
Application security capabilities for simplicity, improved performance
and scalability modules; Protection from zero day and OWASP Top 10
attacks with optional Web Application Firewall module and optional
ISAM module to provide Web Access Mgmt

23. © 2015 IBM Corporation24
What is ISAM for DataPower Module?
• ISAM for DataPower module provides the reverse proxy component that is
available on ISAM for Web and ISAM for Mobile appliances
ISAM
Module
DataPower
Base Appliance
• Reverse Proxy
IBM Security
Access Manager
for Mobile
• Context based Access
(CBA)
• One-time Password
(OTP) / Multi-factor
Authentication (MFA)
• Advanced Security
IBM Security
Access Manager
for Web
• Load Balancer
• Protocol Analysis
Module (PAM)
ISAM for Web was formerly known as Tivoli Access Manager for E-Business (TAMeb)

24. © 2015 IBM Corporation25
SSL Offload
Threat Protection
Rate Limiting / SLA Enforcement
Validation, Filtering
Authentication
Authorization
Context-based Access
Mobile SS0
Security Token Translation
Message Transformation
Content-Based Routing
IntelligentLoad Distribution
Response Caching
Middleware / ESB,
Legacy Apps
Apps, Services
Rapidly Connect Mobile Apps with Enterprise Services
Securely expose enterprise data & APIs to Mobile Apps while optimizing delivery
IBM DataPower Gateway
ISAM Module
/apimanagement
Native, Hybrid,
Mobile Web

25. © 2015 IBM Corporation28
REST
1
5
3
2 4
Client
Provider
Improve
Response
Time
ImprovedLoad
DataPower
Large Response Time
WebSphere Extreme Scale (WXS)
http://www-01.ibm.com/support/docview.wss?uid=swg21697033
1. Client submits application request.
2. DataPower parses request and
queries WXS. On a hit, skip to step
5.
3. On a miss, DataPower forwards
request to target Provider.
4. DataPower adds application
response to WXS.
5. Client receives response from
DataPower.
Response Caching Integration with WXS

26. © 2015 IBM Corporation31
DataPower on GitHub
 Repository of DataPower related tools & collateral
 Open source
 Community driven: Use, collaborate, contribute
 http://ibm-datapower.github.io/
 DataPower Configuration Manager
 Tool for DataPower configuration management & migration
 Standalone command line or IBM UrbanCode Deploy plugin
 https://github.com/ibm-datapower/datapower-configuration-manager
 https://github.com/ibm-datapower/datapower-configuration-manager/wiki/Easy-On-Ramp
 DPXMLSH
 Bash script / shell library for working with DataPower’s XML Management interface
 Interactive & scripted use
 https://github.com/ibm-datapower/datapower-xml-shell

27. © 2015 IBM Corporation32
Agenda
 DataPower Gateway Overview
 Recent Releases
 Roadmap
Q&A

28. © 2015 IBM Corporation34
DataPower Roadmap
Security
OpenID Connect
Web Application Firewall
Advanced AU/AZ (ISAM)
Network HSM support
Integration
DFDL
Raw TCP/IP Socket
3rd Party JMS
Control
Enhanced SLA / rate limiting
Layer4 load balancing
Layer7 self balancing
OOTB Monitoring
Optimization
Distributed caching
GatewayScript streaming
Intelligent compression
Web performance optimization
API
Dynamic policy support
Advanced security enforcement
Advanced control, optimization
Robust analytics data handling
B2B
AS4
Connect:Direct
Translucent FTP Proxy
User Experience
NextGen UX
GatewayScript IDE Support
GatewayScript Debugging
Cloud / Platform
Multi-tenancy
Amazon EC2
DPaaS
KVM
Mobile
MobileFirst integration
Dynamic policy support
Advanced SICO* enforcement
MQTT
* Security, integration, control, optimization

29. © 2015 IBM Corporation35
Gateway
Services
Public/Private Cloud
1. Enable Virtual Gateways to run in public &
private clouds
– IBM & Non-IBM platforms
• SoftLayer, Bluemix, PureApplication System, z System
• Amazon EC2, VMware vCloud, Microsoft Azure
– Support relevant hypervisors including VMWare, Xen, KVM,
Hyper-V
– BYOL, PAYG licensing models
Gateway as
a Service
IBM Cloud
2. Enable Gateway as a Service in IBM Cloud
– Provided as a built-in & integrated component of the
platform
– Evaluation Center with pre-built Integrations for Try and Buy
– BYOL, PAYG licensing model
3. Enable Gateway Services in IBM Cloud and
in Containers
“DataPower Containers Everywhere” (Docker / LXC )
– Provided as a built-in & integrated component of the
platform & Catalog
– Granular gateway capabilities
– PAYG licensing models
Gateway
Services
IBM Cloud
SoftLayer, Bluemix, PureApplication
DataPower Cloud Gateway Edition

30. © 2015 IBM Corporation36
Hybrid cloud integration using Secure Gateway Service
• Enhanced hybrid cloud integration
using Secure Gateway service to
securely connect between IBM
Bluemix applications and on-premise
services protected using DataPower
Gateways
– Quickly setup connectivity without
making enterprise firewall changes
while still allowing controlled access
from cloud services
– Supports multiple gateways instances,
load balancing and fault tolerance
– Manage and monitor gateway
instances and usage
Bluemix
On Premise
Datacenter
ServicesRuntimes
New

31. © 2015 IBM Corporation37
• DataPower device is partitioned into multiple independent environments:
– Isolation of test environments
– Isolation of business concerns
– Improve utilization
• Full isolation achieved using a hardware optimized DataPower Hypervisor
– Maintains model of trust chain established down to the hardware
– Resources are capped within each partition
3
7
Multi-Tenant Appliances
DataPower Appliances
Appliance is partitioned into multiple segments, each is independent and isolated

32. © 2015 IBM Corporation39
Getting Social with IBM DataPower Gateways
DataPower on Slideshare LinkedIn
IBM DataPower Gateway Group
developerWorks BlogYouTube
IBM DataPower Gateway Channel
Twitter
@IBMGateways
Online User Forum
• YouTube Channel: IBM DataPower Gateways
• Slideshare: IBM DataPower Gateway
• Twitter: @IBMGateways
• LinkedIn Group: IBM DataPower Gateway
• developerWorks blog: IBM DataPower Gateway
• GitHub: IBM DataPower Gateway
• Online User Forum
• Product page on ibm.com
• Product documentation

33. © 2015 IBM Corporation40
Available Now: DataPower Handbook, Second Edition, Volume 1
 Known as the ‘bible’ of
DataPower planning,
implementation, and
usage.
 New content to cover
previous six years of new
products/features,
including 9006/7.1!
 Volume 1 consists of
Chap 1 DataPower Intro,
Chap 2 Setup Guide, new
Preface and two
invaluable new
appendices for physical
and virtual appliances.
Available in softcover and e-book formats

34. © 2015 IBM Corporation41
Agenda
 DataPower Gateway Overview
 Recent Releases
 Roadmap
Q&A
Thank You

35. © 2015 IBM Corporation42
BACKUP

36. © 2015 IBM Corporation43
 Simple Architecture: Purpose-built firmware + hardware
 Complete gateway platform delivered as firmware
 Guiding philosophy is to centralize common security,
integration, control, traffic management, acceleration
functions and optimize them in a security-hardened
gateway appliance
Simple and Secure Architecture
Display
Ports
database
config
App
Server
config
Apache
HTTPD
config
JVM
config
Proprietary
Software
config
Linux Daemons
config
JSP
Engine
glibclibxml
Full Linux OS
(including shells and user accounts)
config
Bootable
CDROM
Drive
Bootable
USB
Ports
Hardware
Commodity Gateways
config
Hardware
DataPower Gateway Platform
Digitally Signed and Encrypted
Firmware
Flash
Memory
Crypto
Acceleration
IBM Optimized Embedded Operating Environment
Purpose-built Gateways

37. © 2015 IBM Corporation4444
Configuration-driven approach speeds time to market
• Enforce security standards with zero coding
• Uses intuitive pipeline message processing
• Import/export configurations between
environments
• Transaction probe shows message content
between actions for debugging
44

38. © 2015 IBM Corporation45
(2U Physical, Virtual Edition)
ISAM
Proxy
Module
Integration
Module
B2B
Module
AO
Module
TIBCO
EMS
Module
 IBM DataPower Gateway is the new name of a consolidated, extensible & modular platform
 Converges three existing products, XG45 / XI52 / XB62, into a single modular offering
 Available in physical and virtual form factor
 Physical Appliance
 2U rack mount appliance using latest generation hardware platform
 Two base editions: Non-HSM and HSM (FIPS 140-2 Level 3 certified)
 Each software module is licensed separately
 Virtual Edition
 Three editions: Developer, Non-Production, Production
 Developer includes all software modules at no additional cost, except TIBCO EMS
 Non-Production includes all software modules at no additional cost, except TIBCO EMS & ISAM Proxy
 Production: Each software module is licensed separately
Supports V7.1
& above
All software modules
are field upgradeable
Single, modular & extensible platform

39. © 2015 IBM Corporation46
Capabilities
Rapidly deliver secure integration & optimized access for a full range of workloads
• Secure & protect your back-end systems from
harmful workloads and unauthorized users & apps
• Convert payloads, bridge transports and connect
to existing services at wire-speed
• Limit & shape traffic based on service level
agreements, and route based on message content
• Improve response times, reduce load on
backend systems and intelligently distribute load
Secure
Control
Integrate
Optimize
Before DataPower Gateway After DataPower Gateway
Control
Integrate
Optimize
SecureConsumer
Consumer
Consumer
Consumer

40. © 2015 IBM Corporation47
SSL Offload
Threat Protection
Rate Limiting / SLA Enforcement
Validation,Filtering
Authentication,Authorization
Context-basedAccess,Mobile SS0
Security Token Translation
Message Transformation
Content-BasedRouting
IntelligentLoad Distribution
Response Caching
Connect Mobile Apps with Enterprise Services
Securely expose enterprise systems & APIs to Mobile Apps while optimizing delivery

41. © 2015 IBM Corporation48
• Data format & language
– JavaScript
‒ JSON
‒ JSON Schema
‒ JSONiq
‒ REST
‒ SOAP 1.1, 1.2
‒ WSDL 1.1
‒ XML 1.0
‒ XML Schema 1.0
‒ XPath 1.0
‒ XPath 2.0 (XQuery only)
‒ XSLT 1.0
‒ XQuery 1.0
• Security policy enforcement
‒ OAuth 2.0
‒ SAML 1.0, 1.1 and 2.0, SAML Token
Profile, SAML queries
‒ XACML 2.0
‒ Kerberos (including S4U2Self, S4U2Proxy)
‒ SPNEGO
‒ RADIUS
‒ RSA SecurID OTP using RADIUS
‒ LDAP versions 2 and 3
‒ Lightweight Third-Party Authentication
‒ Microsoft Active Directory
‒ FIPS 140-2 Level 3 (w/ optional HSM)
‒ FIPS 140-2 Level 1 (w/ certified crypto module)
‒ SAF & IBM RACF® integration with z/OS
‒ Internet Content Adaptation Protocol
‒ W3C XML Encryption
‒ W3C XML Signature
‒ S/MIME encryption and digital signature
‒ WS-Security 1.0, 1.1
‒ WS-I Basic Security Profile 1.0, 1.1
‒ WS-SecurityPolicy
‒ WS-SecureConversation 1.3
DataPower Gateway: Supported standards & protocols
• Transport & connectivity
– HTTP, HTTPS, WebSocket Proxy
– FTP, FTPS, SFTP
– WebSphere MQ
– WebSphere MQ File Transfer Edition
– TIBCO EMS
– WebSphere Java Message Service
– IBM IMS Connect, & IMS Callout
– NFS
– AS1, AS2, AS3, ebMS 2.0, CPPA 2.0,
POP, SMTP (XB62)
– DB2, Microsoft SQL Server, Oracle,
Sybase, IMS
• Transport Layer Security
‒ TLS versions 1.0, 1.1, and 1.2
‒ SSL versions 2 and 3
• Public key infrastructure (PKI)
‒ RSA, 3DES, DES, AES, SHA, X.509,
CRLs, OCSP
‒ PKCS#1, PKCS#5, PKCS#7, PKCS#8,
PKCS#10, PKCS#12
‒ XKMS for integration with Tivoli Security
Policy Manager (TSPM)
• Management
‒ Simple Network Management Protocol
‒ SYSLOG
‒ IPv4, IPv6
• Open File Formats
‒ Distributed Management Task Force
(DMTF) Open Virtualization Format
(OVF)
‒ Virtual Machine Disk Format (VMDK)
‒ Virtual Hard Disk (VHD)
Link to Product Documentation
• Web services
– WS-I Basic Profile 1.0, 1.1
– WS-I Simple SOAP Basic Profile
– WS-Policy Framework
– WS-Policy 1.2, 1.5
– WS-Trust 1.3
– WS-Addressing
– WS-Enumeration
– WS-Eventing
– WS-Notification
– Web Services Distributed Management
– WS-Management
– WS-I Attachments Profile
– SOAP Attachment Feature 1.2
– SOAP with Attachments (SwA)
– Direct Internet Message Encapsulation
– Multipurpose Internet Mail Extensions
– XML-binary Optimized Packaging (XOP)
– Message Transmission Optimization
Mechanism (MTOM)
– WS-MediationPolicy (IBM standard)
– Universal Description, Discovery, and
Integration (UDDI versions 2 and 3),
UDDI version 3 subscription
– WebSphere Service Registry and
Repository (WSRR)

42. © 2015 IBM Corporation4949
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
Gigabit/Sec
HW Solution
Acquisition
ITCAM for SOA
(Transaction Monitoring)
Model 9235
(aka 9004)
Model 7993
(aka 9003)
WebSphere
Transformation Extender
XA35
XS40
XI50
XB60
2012
XG45,
XI52 & XB62
XI50B Blade
WebSphere Appliance
Management Center
Optimized
Interpreter and
Compiler
Optimized
Hardware
Acceleration
2013
2014
Application Optimization
(Self-Balancing & Intelligent
Load Distribution)
XI50z Blade
Virtual Edition
(VMware)
Virtual Edition
(PureApplication System)
Virtual Edition
(for Developers + XenServer)
Optimized & secure JavaScript
Multi-channel Gateway
Consolidated Gateway Platform
ISAM Proxy Module
Over 14 years of innovation & 2000+ global installations
IBM DataPower
Gateway

43. © 2015 IBM Corporation50
The adoption of cloud, analytics, mobile, and social computing
is forcing organizations to open IT assets to new business
channels
…and challenging them to rethink the way
they have traditionally approached security & control
Between 2005
and 2020, the
amount of data
in the world will
grow 300X, from
130 to 40,000
exabytes.
81% of adults
use personally
owned mobile
devices for
conducting
business
70% of
employees are
engaged in
social
activities both
internally and
externally
73% of
organizations
discovered
cloud usage
outside of IT
or security
policies