Atjaunināt sīkdatņu piekrišanu

IBM WebSphere DataPower SOA Appliance Handbook [Hardback]

4.26/5 (42 ratings by Goodreads)
, , , ,
  • Formāts: Hardback, 960 pages, height x width x depth: 184x243x56 mm, weight: 1597 g
  • Izdošanas datums: 05-Jan-2009
  • Izdevniecība: IBM Press
  • ISBN-10: 0137148194
  • ISBN-13: 9780137148196
Citas grāmatas par šo tēmu:
IBM WebSphere DataPower SOA Appliance HandbookPalielināt
  • Formāts: Hardback, 960 pages, height x width x depth: 184x243x56 mm, weight: 1597 g
  • Izdošanas datums: 05-Jan-2009
  • Izdevniecība: IBM Press
  • ISBN-10: 0137148194
  • ISBN-13: 9780137148196
Citas grāmatas par šo tēmu:
Permanent link: https://www.kriso.lv/db/9780137148196.html
Keywords:
Expert Guide to Deploying, Using, and Managing DataPower SOA Appliances

 

IBM® WebSphere® DataPower® appliances can simplify SOA deployment, strengthen SOA security, enhance SOA performance, and dramatically improve SOA return on investment. In this book, a team of IBMs leading experts show how to make the most of DataPower SOA appliances in any IT environment.

 

The authors present IBM DataPower information and insights that are available nowhere else. Writing for working architects, administrators, and security specialists, they draw extensively on their deep experience helping IBM customers use DataPower technologies to solve challenging system integration problems.

 

IBM WebSphere DataPower SOA Appliance Handbook begins by introducing the rationale for SOA appliances and explaining how DataPower appliances work from network, security, and Enterprise Service Bus perspectives. Next, the authors walk through DataPower installation and configuration; then they present deep detail on DataPowers role and use as a network device.

 

Using many real-world examples, the authors systematically introduce the services available on DataPower devices, especially the big three: XML Firewall, Web Service Proxy, and Multi-Protocol Gateway. They also present thorough and practical guidance on day-to-day DataPower management, including, monitoring, configuration build and deploy techniques.

 

Coverage includes

 Configuring DataPowers network interfaces for common scenarios

 Implementing DataPower deployment patterns for security gateway, ESB, and Web service management applications

 Proxying Web applications with DataPower

 Systematically addressing the security vulnerabilities associated with Web services and XML

 Integrating security with WebSphere Application Server

 Mastering DataPower XSLT custom programming

 Troubleshooting using both built-in and external tools

 
Part I DataPower Introduction
1(42)
An Introduction to DataPower SOA Appliances
3(18)
Meet the Family!
4(2)
DataPower XA35
4(1)
DataPower XS40
5(1)
DataPower XI50
5(1)
Typical Usages of Appliances
6(7)
Solving Security Problems
6(2)
To Lower Total Cost of Ownership (TCO)
8(2)
Enhancing Performance
10(1)
Integrating Platforms
11(2)
A Closer Look at the DataPower Products
13(5)
Physical Characteristics of Appliances
14(1)
Software Architecture of Appliances
14(1)
Administrative Model
15(2)
Programming Model
17(1)
DataPower as a Member of the Network Infrastructure
18(1)
Summary
19(2)
DataPower Quick Tour and Setup
21(22)
Getting Started with Your New Appliance
21(5)
Hey Bert, Got a Package for You...
21(3)
Important Resources Not in the Box
24(1)
Next Steps---The Planning Phase
25(1)
Next Steps---What You Will Need
25(1)
Connecting and Powering Up
26(5)
DataPower WebGUI Administrative Console Quick Tour
31(4)
Essential WebGUI Components
32(3)
Completing the Configuration
35(7)
Completing the Network Config
35(4)
Configuring Auxiliary Storage
39(1)
Backing Up the System
39(1)
Updating the Appliance Firmware
40(2)
Summary
42(1)
Part II DataPower Networking
43(66)
DataPower as a Network Device
45(14)
Interface Configuration
45(3)
Static Routes
48(2)
Other Network Settings
50(4)
General Network Settings
50(2)
DNS Settings
52(2)
Network Status Information
54(3)
Interface Status
54(1)
Routing Table
55(1)
TCP Port Status
55(1)
ARP Table
56(1)
Network Configuration Checklist
57(1)
Summary
57(2)
Advanced DataPower Networking
59(32)
First, Some Theory
59(8)
Terminology
60(4)
Abstractions
64(3)
TCP/IP Primer
67(10)
Packet Structure
67(3)
Address Resolution
70(1)
Subnetworks
70(4)
Routing
74(1)
Routing Table
74(1)
Virtual LANs
75(2)
DataPower Networking Scenarios
77(12)
Scenario: External and Internal
77(3)
Scenario: Management Network
80(2)
Scenario: IP Aliases
82(1)
Scenario: Multiple Interfaces on the Same Network
83(2)
Scenario: Different Network Zones
85(4)
Summary
89(2)
Common DataPower Deployment Patterns
91(18)
Deployment Topologies
91(17)
DataPower as Security Gateway
92(5)
DataPower as Enterprise Service Bus
97(7)
Web Services Management
104(2)
Web Services Enablement of Legacy Systems
106(1)
Dynamic Content Rendering
107(1)
Summary
108(1)
Part III DataPower Services
109(212)
Introduction to DataPower Services
111(14)
What Is a DataPower Service?
111(3)
Client-Side (Front) Processing
112(1)
Service Processing Policy
113(1)
Server-Side (Back) Processing
113(1)
Response Processing
114(1)
Anatomy of a DataPower Service
114(3)
DataPower Service Types
117(6)
XML Firewall
117(1)
Web Service Proxy
118(2)
Multi-Protocol Gateway
120(2)
Miscellaneous Services
122(1)
Summary
123(2)
Introduction to Services Configuration
125(34)
Backend Types
125(3)
Static Backends
126(1)
Dynamic Backends
126(2)
Loopback
128(1)
Supporting Objects
128(13)
URL Rewrite Policy
128(3)
XML Manager
131(8)
User Agent
139(2)
Protocol Handlers
141(2)
The DataPower Processing Policy
143(15)
Policy Editor
143(1)
Processing Policy Rules
144(1)
Processing Actions
145(2)
Matching Rules
147(3)
Creating an Example Processing Policy
150(2)
Processing Rule Priority
152(1)
Configuring a Policy Rule
152(3)
Contexts
155(1)
Error Handling
155(3)
Summary
158(1)
XML Firewall
159(34)
XML Firewall Overview
159(1)
Creating an XMLFW
160(32)
Testing the Service
165(4)
A Quick Tour of an XMLFW
169(4)
Processing Policy, Rules, and Actions
173(9)
Configuring the Backend
182(10)
Summary
192(1)
Multi-Protocol Gateway
193(50)
Enterprise Service Bus Introduction
193(1)
MPGW Basic Configuration
194(2)
Protocol Control Objects
194(1)
MPGW Front Side Handlers
194(2)
Backend URL
196(1)
Example Configurations
196(46)
Protocol Mediation: HTTPS and HTTP to HTTP
196(7)
FTP Use Cases
203(14)
WebSphere MQ Examples
217(14)
WebSphere JMS
231(7)
NFS Support Example
238(4)
Summary
242(1)
Web Service Proxy
243(56)
Web Services
243(1)
Web Services Description Language (WSDL)
244(4)
Creating a Web Service Proxy (WSP)
248(5)
The Processing Policy
253(4)
Processing Rules
253(3)
User Policy
256(1)
Front Side Handler Configuration (FSH)
257(6)
Reusable Rules
262(1)
Proxy Settings
263(4)
Defining the Backend
264(2)
Decrypt Key
266(1)
SOAP Action Policy
266(1)
WSDL Configuration and Management
267(18)
Adding Additional WSDLs
267(2)
WSDL Cache Policy
269(1)
UDDI
270(3)
WSRR
273(7)
WSRR Concepts
280(5)
Service Level Monitoring (SLM)
285(11)
Custom Service Level Monitors
290(5)
Service Priority
295(1)
Viewing the Status of the WSPs
296(1)
Summary
297(2)
Proxying Web Applications with DataPower
299(22)
Web Applications Are ``Different''
299(1)
Why Use DataPower?
300(1)
Threat Protection
300(1)
Perimeter Security
301(1)
Choosing a DataPower Service
301(3)
Web Application Firewall
302(2)
Another Option
304(1)
Service Configuration Parameters
304(4)
Methods and Versions
305(1)
Request and Response Type
305(1)
Follow Redirects
306(1)
Rewrite Hostnames When Gatewaying
307(1)
Request Processing
308(3)
Query Parameters and Form Data
308(2)
Request Headers
310(1)
Response Processing
311(2)
Response Codes
311(1)
Redirects
312(1)
Cookies
313(3)
Match Rules and Cookies
313(1)
Reading Cookies
314(1)
Setting Cookies
315(1)
Removing Cookies
315(1)
Form-Based Authentication
316(3)
Can DataPower Replace the WebSphere Application Server Plugin?
319(1)
Summary
320(1)
Part IV Managing DataPower
321(114)
Device Administration
323(22)
Application Domains
323(6)
Creating Domains
325(1)
Remote Domain Configuration
325(1)
Managing Domains
326(3)
Users
329(2)
Creating Users
329(1)
Defining a Password Policy
330(1)
User Groups
331(5)
Built-In User Groups
331(1)
Custom User Groups
332(1)
Access Profiles
333(3)
Role-Based Management
336(4)
Authenticating Users
336(2)
Mapping User Credentials
338(2)
Using Access Profiles
340(1)
User Authentication Caching
340(1)
Access to the Command Line Interface
341(2)
Command Groups
342(1)
Domain-Based CLI User Access
342(1)
Summary
343(2)
Alternate Management Interfaces
345(28)
Command Line Interface
345(18)
Accessing the CLI
346(1)
Navigating the CLI
347(1)
Help Is Your Friend
348(1)
``Show'' Me the Money
349(1)
Network Configuration Commands
349(2)
Network Troubleshooting Commands
351(2)
System Information Commands
353(2)
Appliance Load and Health Monitoring Commands
355(2)
Object Modification Commands
357(3)
File and Configuration Management Commands
360(2)
Aliases
362(1)
XML Management Interface
363(9)
Enabling the SOAP Management Interface
363(1)
Submitting SOAP Management Requests
364(1)
Defining the Management Service API
364(8)
Summary
372(1)
Logging and Monitoring
373(26)
Anatomy of a Log Message
373(4)
Domain
374(1)
Timestamp
374(1)
Type
374(1)
Class
374(1)
Object
375(1)
Priority
375(1)
Transaction Type
375(1)
Transaction
375(1)
Client IP
375(1)
Event Code
376(1)
Message
376(1)
Log Message Example
376(1)
Default Logs
377(2)
Log Targets
379(8)
Target Fields
379(1)
Target Types
380(4)
Event Subscriptions
384(1)
Object Filters
385(1)
Event Filters
386(1)
Special Log Objects
387(1)
Email Pager
387(1)
Failure Notification
387(1)
Custom Log Categories
388(1)
Custom Log Messages
389(1)
Separation of Concerns (Division of Log Traffic)
389(2)
Operations Targets
390(1)
Application Targets
390(1)
Security Targets
391(1)
Transaction Logging
391(2)
Log Action
392(1)
Results Action
392(1)
Custom Transaction Log
393(1)
Device Monitoring
393(4)
Where Are the MIBs?
394(1)
Configuring SNMP Polling of the Device
394(2)
Configuring Sending of SNMP Traps
396(1)
Service Monitoring
397(1)
Summary
397(2)
Build and Deploy Techniques
399(36)
Goals and Objectives of Configuration, Build, and Deployment
399(34)
DataPower Configuration Fundamentals
400(3)
Configuring for Migration
403(6)
Configuration Migration Tools
409(14)
XML Management Methods
423(1)
Configuration Structure for High Availability and Consistency
424(9)
Use of External Tools in Configuration Management
433(1)
Summary
433(2)
Part V DataPower Security
435(200)
AAA
437(40)
AAA: The American Automobile Association?
437(2)
Authentication
438(1)
Authorization
438(1)
Audit
438(1)
Post Processing
439(1)
AAA Policy Stages
439(11)
Extract Identity (EI)
440(1)
Authentication (AU)
441(1)
Map Credentials (MC)
442(1)
Extract Resource (ER)
443(3)
Map Resource (MR)
446(1)
Authorization (AZ)
447(2)
Post Processing (PP)
449(1)
Configuring AAA in DataPower
450(11)
The AAA Policy Object Menu
451(1)
The AAA Policy Wizard
452(9)
Example Scenarios
461(15)
Simple On-Box Authentication/Authorization with AAA Info
461(4)
Integration with LDAP
465(6)
Real-World Policy
471(5)
Summary
476(1)
Advanced AAA
477(30)
Customizing the AAA Runtime Process
477(18)
XML in the AAA Flow
477(18)
Working with Tivoli Security
495(11)
Integration with TAM
496(10)
Summary
506(1)
DataPower and SSL
507(38)
The Secure Sockets Layer
507(9)
Cryptography
508(4)
The SSL Handshake
512(4)
Configuring SSL in DataPower
516(16)
Configuration Objects
516(9)
Creating Targeted Crypto Profiles
525(1)
SSL Usage Pattern in DataPower
526(1)
Using SSL---Inbound Configuration
526(2)
Using SSL---Outbound Configuration
528(2)
Certificate Revocation Lists
530(1)
Device Certificate
531(1)
Advanced SSL Usage
532(9)
Crypto Tools
532(1)
SSL and FTP
533(3)
SSL and MQ
536(1)
When Signing Isn't Enough
537(1)
The SSL Proxy Service
538(1)
The Mutually Authenticated Self-Signed SSL Tunnel
539(2)
Troubleshooting SSL
541(3)
What Can Go Wrong?
541(1)
Debugging SSL
542(2)
Summary
544(1)
Web Services Security
545(34)
Web Services Security
545(33)
Message Exchange and Vulnerabilities
546(1)
Integrity
546(1)
Confidentiality
546(1)
Nonrepudiation
547(1)
Authentication, Authorization, and Auditing
547(1)
Cryptographic Terminology, Basic Definitions
547(2)
Digital Signatures
549(1)
Encryption
550(1)
SSL/TLS (HTTPS) Use and Vulnerabilities
551(1)
Web Services Security
551(1)
WS-Security
552(1)
WS-Policy and Policy Governance
553(1)
Digital Signatures on DataPower
554(11)
Encryption and Decryption on DataPower
565(8)
Putting It All Together
573(5)
Summary
578(1)
XML Threats
579(32)
The New Frontier
579(3)
The Technology Adoption Curve
580(1)
But, I Thought XML Was Our Friend!
580(1)
Dirty Little Secrets
581(1)
Old Friends, Old Nemeses
581(1)
XML Threat Categories and Examples
582(12)
Four Categories of XML Threats
582(1)
Single-Message Denial of Service Attacks
583(4)
Multiple-Message Denial of Service Attacks
587(1)
Unauthorized Access Attacks
587(2)
Data Integrity and Confidentiality Attacks
589(4)
System Compromise Attacks
593(1)
Threat Protection with DataPower
594(15)
Characterizing Traffic
594(1)
XML Manager Protections
595(1)
Network/Protocol Protection
595(1)
The XML Threat Protection Tab
596(12)
Using the Filter Action for Replay Attack Protection
608(1)
SLM Policies
608(1)
Summary
609(2)
Security Integration with WebSphere Application Server
611(24)
WebSphere Application Server Introduction
611(22)
WAS and Stack Products
612(1)
WAS Security Model
612(3)
WAS Web Services Security Implementation
615(1)
Key Security Integration Points
616(17)
Summary
633(2)
Part VI DataPower Development
635(148)
Introduction to DataPower Development
637(18)
Why the Need for DataPower Development?
637(1)
Introduction to XML Technologies
638(9)
XPath Expressions
639(2)
Namespaces
641(1)
Regular Expressions
642(1)
XSL Stylesheets
643(1)
Introduction to Extension Functions and Elements
644(2)
Introduction to EXSLT Extension Function and Elements
646(1)
Introduction to DataPower Extension Functions and Elements
646(1)
Putting It All Together
647(6)
Summary
653(2)
Programming Within the DataPower Environment
655(30)
Variables and Context
655(7)
System, Service, and User-Defined Variables
657(3)
Variable Usage
660(1)
Predefined Contexts
661(1)
Writing Messages to the DataPower Log
662(5)
Using the Probe for Variable Display
667(3)
Writing Documents to the File System
670(2)
Accessing and Processing Message Context
672(5)
Modifying Documents
673(2)
Parsing and Serializing XML
675(2)
Accessing Protocol Headers
677(2)
The Filter Action
679(1)
Routing
680(1)
URL Open
681(2)
Summary
683(2)
Real-World Examples of XSLT Programming
685(42)
Real-World Examples
685(41)
Example 1: If It's Tuesday, This Must Be Belgium
686(5)
Example 2: Passing Variables to XSLT
691(4)
Example 3: Error Processing and Control
695(10)
Example 4: Dynamic Routing
705(7)
Example 5: Load Balancer Health Checker
712(14)
Summary
726(1)
Development Tools
727(26)
Integrated Development Environments
727(12)
Rational Application Developer
727(9)
XML Spy
736(3)
DataPower Plugins
739(12)
Eclipse (RAD) XSLT Coproc Plugin
739(6)
Eclipse (RAD) Management Plugin
745(4)
XMLSpy Plugin
749(2)
Summary
751(2)
Transforming Non-XML Data
753(30)
Common Non-XML Data Formats and Scenarios
753(2)
Legacy Backend/Pseudo Web Service Frontend
754(1)
Multiple Non-XML Data Formats
754(1)
Tooling for Transforming Non-XML Data
755(5)
Good Old XSLT
755(1)
Third-Party Development Tools for Non-XML Transform Development
756(4)
Creating Non-XML Transformations with WebSphere TX Design Studio
760(19)
Configuring DataPower for WTX
762(1)
Building the Scenario Transformation
763(16)
Advanced Transform Binary Features
779(3)
Multiple Input and Output Cards
779(2)
Precompiling Maps for DataPower
781(1)
Detecting Non-XML Files
781(1)
Summary
782(1)
Part VII Problem Determination and Tools
783(78)
Problem Determination Using Built-In Tools
785(30)
Configuration Troubleshooting
785(14)
Object Status
786(2)
Domain-Level Service Status
788(2)
Domain-Level Object Status
790(1)
Reasons for Down Handlers
790(6)
Other Down Helper Objects
796(2)
Connectivity Issues
798(1)
Application Troubleshooting
799(11)
System Logs
799(3)
Transaction Probe
802(2)
Common Configuration Mistakes
804(5)
XML File Capture
809(1)
Operations Troubleshooting
810(3)
Log Target Troubleshooting
810(1)
Critical Events
811(1)
Last Resorts
812(1)
Summary
813(2)
Problem Determination Using External Tools
815(28)
Application Testing
816(18)
cURL
816(3)
SoapUI
819(2)
Browser Tools
821(2)
Non-HTTP Protocol Tools
823(3)
Authentication and Authorization Server Tools
826(3)
XSLT Debugging
829(1)
Backend Spoofing
829(5)
Remote Data Collection
834(1)
Connection and Networking Issues
834(6)
Packet Captures
835(5)
Testing Connections
840(2)
Connectivity Tools
840(1)
SSL Connection Issues
840(2)
Summary
842(1)
Multiple Device Management Tools
843(18)
Scripted Approaches
843(1)
ITCAM SE for DataPower
844(10)
WebSphere Application Server v7 Administration Console
854(5)
Summary
859(2)
Part VIII Appendixes
861(2)
Appendix A DataPower Naming Conventions
863(10)
General Guidelines
863(1)
Names
864(7)
Device
864(1)
Application Domain
865(1)
Service
865(1)
Processing Policy
866(1)
Processing Rule
866(1)
Match Rule
867(1)
Front Side Handlers
867(1)
XML Manager
867(1)
User Agent
868(1)
AAA Policy
868(1)
Certificate
868(1)
Key
869(1)
Identification Credential
869(1)
Validation Credential
869(1)
Crypto Profile
869(1)
SSL Proxy Profile
870(1)
Queuing Technologies
870(1)
Log Target
870(1)
Transforms (XSLT)
871(1)
Filters (XSLT)
871(1)
Configuration Files (XML)
871(1)
Summary
871(2)
Appendix B Deployment Checklist
873(4)
Testing
873(1)
Security
874(1)
Environment
874(1)
Deployment Process
875(1)
Administration
876(1)
Appendix C DataPower Evolution
877(4)
DataPower History
877(1)
Performance
877(1)
Security
878(1)
Integration
878(1)
DataPower Hardware
878(1)
DataPower Firmware
879(1)
Additional Appliances
879(1)
B2B Appliance
880(1)
Low Latency Messaging Appliance
880(1)
Other Appliances?
880(1)
Summary
880(1)
Appendix D Acronyms Glossary
881(4)
Index 885
Bill Hines is a Consulting I/T Specialist with IBMs Software Services for WebSphere organization in the Software Division, working as a mobile consultant out of Hershey, PA (Chocolatetown, USA). He has several years of DataPower experience in both customer engagements and developing and delivering internal DataPower training to the IBM consulting, engineering, support, QA, and technical sales teams. He also has WebSphere Application Server experience dating back to 1998 and across all versions from 2.x to 6.x in areas of specialty including installation, configuration, tuning, dynacache, security, troubleshooting, and design/architecture of enterprise J2EE applications using WebSphere family development tools. He is a co-author of the highly acclaimed IBM Press book IBM WebSphere: Deployment and Advanced Configuration as well as several articles published in WebSphere Technical Journal and developerWorks, and his background includes more than twenty years of information technology experience in many platforms and languages, as well as degrees from New York Institute of Technology and Tulsa Jr. College.

 

John Rasmussen is a Senior I/T Specialist with IBM Software Services for WebSphere organization, Software Division in Cambridge, MA. John was first introduced to DataPower devices in 2001 while working as an engineer with Fidelity Investments developing XML/XSLT/JAXP applications for Internet-enabled mobile devices. John has been with IBM/DataPower since that time, and has worked as a product development engineer (where he created and developed the original WebGUI Drag and Drop Policy Editor) and as a product specialist assisting many clients in the implementation of DataPower devices. John has an extensive career in software development, including work with McCormack & Dodge/D&B Software and as an independent consultant and independent developer of application software and security systems. John has a degree from the University of Massachusetts at Amherst, and lives in Gloucester, Massachusetts, with his sons Alex and Nick.

 

Jaime Ryan is a DataPower Specialist for the IBM WebSphere Software Group, currently in Technical Sales for the Western United States. He has worked with all aspects of customer-oriented Services, Sales, and Education for DataPower SOA Appliances at some of IBMs largest and most strategic accounts. He has more than eight years of experience in the creation of high performance Web Services registry, routing, acceleration, BPM, and EAI products. Jaimes background includes a strong focus on Service Oriented Architectures from multiple perspectives: software development, independent consulting, and technical documentation. He received Computer Science and Cognitive Science degrees from the University of California, San Diego, where he met his lovely wife, Danielle.

 

Simon Kapadia is the Security Lead for IBM Software Services for WebSphere (ISSW) in Europe. He works on designing and implementing large distributed computer systems for IBM customers. Simon holds a Bachelors degree in English and Drama and a Masters in Computing Science. He has owned a computer since six years of age and has turned a lifelong hobby into a career. Prior to joining IBM, Simon developed software for digital exchanges at Bell Laboratories, managed networks and Web applications at an ISP, and supported and consulted on DCE, DFS, and Encina for Transarc Corporation. You can reach Simon at simon.kapadia@uk.ibm.com or via his public Web site at http://www.kapadia.pl.

 

Jim Brennan is an IBM I/T Specialist with IBM Software Services for WebSphere. He is a mobile consultant out of Hackettstown, NJ specializing in DataPower administration and configuration. Jim has assisted in developing and delivering internal DataPower education material to IBM consultants and engineers. Jim has also been an application developer working with several different programming languages and platforms ranging from COBOL to Java. Jim has been a J2EE developer for several years specializing in J2EE development for WebSphere Application Server. He also has several years of experience with WebSphere Application Server installation, configuration, troubleshooting, and administration. Jim has more than ten years of I/T experience with a certificate from the Chubb Institute of Technology and also attended Felician College in Lodi, NJ.