• contact@isoagroup.com
  • (707) 773-1198
Welcome to our Blog

Blog / News

CA World 2017: Sessions Recommendations

New to CA World?  Attempting to sift through all the available sessions can be overwhelming, and we know that it can be challenging to fit in the right content to make the most of your time at the conference.

Today’s guide is from our Sales and Marketing Leader.  You may note many of the sessions are focused on API Management and Gateway Solutions.  There are also a few on differing technology and CA client experiences focused on additional areas of interest in the future.

Pre-Conference Education: Monday, November 13, 2017
09:00 AM – 10:00 AM DO1X101E: CA API Gateway: What’s New in CA API Gateway 9.3? Lagoon E

This session introduces the new features and enhancements coming up in CA API Gateway 9.3.

10:00 AM – 11:00 AM DO1X102E: CA API Gateway: Developing Custom Policies to Secure Your Enterprise APIs Lagoon E

This session will address how to securely expose your organization’s APIs to the world, as well as discuss how to effectively apply custom security checks on specific API requests.

10:00 AM – 11:00 AM DO1X113E: CA Live API Creator: Integration with MQTT—Develop IoT Applications for a Multitude of Verticals (Smart Home, Healthcare and More) Lagoon L

MQTT makes an ideal choice to interface communication between devices and applications where network bandwidth is limited, and the code footprint is small. CA Live API Creator provides easy and intuitive ways to create interfaces between applications. The marriage of the two opens up a slew of possibilities to create IoT applications enabling exchange of data and messages between sensors, actuators, databases and value added services written on top—to harness the value of the collected data. In this session, we will discuss various market verticals that can benefit from the capabilities of CA Live API Creator combined with the power of MQTT as an IoT messaging protocol.

01:00 PM – 02:00 PM DO1X104E: CA API Gateway: Debugging and Troubleshooting Techniques Lagoon E

CA API Gateway’s policy language defines its purpose and behavior in a logical and highly configurable way. In this session, the speaker will address the general capabilities of CA API Gateway, exposing new services and showcasing fundamental policy functions. In the end, attendees will have an understanding of how to apply powerful but simple custom security patterns to their enterprise APIs.

02:00 PM – 03:00 PM DO1X105E: CA API Gateway: Demonstrated Lifecycle of Gateway Services and Policies Lagoon E

The CA API Gateway allows you to create very powerful and customized policies and services to manage your APIs. As you create more and more services and policies, managing their lifecycle can become difficult. This session covers information on: how to create policies and services that lend themselves to simpler lifecycle management, how to version control your services and policies and how to move services and policies between different environments. Lastly, for those who have attended the session on “New OAuth Toolkit Capabilities and Why They Matter to You,” we will cover how to manage the lifecycle of your OTK customizations.

03:00 PM – 04:00 PM DO1X106E: CA API Gateway: New OAuth Toolkit Capabilities and Why They Matter to You Lagoon E

OAuth Toolkit is now OpenID Certified and enables more use cases for authentication, authorization and federation. This session is dedicated to those who want to learn about new features and how they can be used in an enterprise organization. We will look at an example implementation that explains how all the bits and pieces come together.

04:00 PM – 05:00 PM DO1X114E: CA API Gateway: Securing Your API Portfolio with CA API Management Lagoon E

This session explores common Web services, Web APIs and Web application security considerations and how API management solutions from CA can be used to address them

Pre-Conference Tuesday, November 14, 2017
09:00 AM – 10:00 AM DO1X117E: CA Microgateway: How to Enable a Secure and Scalable Microservices Architecture Lagoon E

CA Microgateway is a new breed of API gateway that operates well with microservices and enables microservice developers with security and autonomy. In this session, you’ll learn about how to build a “service mesh” with CA Microgateway and the outlook of microservices infrastructure and enablement solutions.

10:00 AM – 10:45 AM MFX110E: SIEM Integrations, Insider Threat Prevention and More With CA Compliance Event Manager Breakers D

After you’ve discovered the location of sensitive and regulated data on your mainframe, the next step in a data-centric security strategy is to monitor who has access to it. That’s where CA Compliance Event Manager comes in. The solution alerts to abnormal user activity in real time, and inspects the source of incident with advanced reporting and forensics for deeper insights to proactively prevent insider threats. The discussion will include CA Compliance Event Manager’s SIEM integrations, advanced reporting and forensics and enhanced event reporting and enrichment.

11:00 AM – 12:00 PM DO1X107E: CA Mobile API Gateway: Enhancing Your Mobile App Security Lagoon E

After you’ve discovered the location of sensitive and regulated data on your mainframe, the next step in a data-centric security strategy is to monitor who has access to it. That’s where CA Compliance Event Manager comes in. The solution alerts to abnormal user activity in real time, and inspects the source of incident with advanced reporting and forensics for deeper insights to proactively prevent insider threats. The discussion will include CA Compliance Event Manager’s SIEM integrations, advanced reporting and forensics and enhanced event reporting and enrichment.

02:00 PM – 03:00 PM DO1X110E: CA API Developer Portal: Setting Up a Private Cloud Portal Lagoon E

This session will cover how to deliver a private cloud or on-premises version of CA API Developer Portal, and how to provide migration guidance for CA API Developer Portal 2.x or 3.x “Classic” customers.

03:00 PM – 04:00 PM DO1X111E: CA API Developer Portal: Increase App Developer Velocity with the Portal Dev Console Lagoon E

CA API Developer Portal covers most API publisher use cases, with the publisher “telling” the developer what APIs they have access to via the account plan. This model works well when it comes to managing a set of external partners, but does not lend itself well to the most prevalent use case for portals today: empowering internal development teams. This capability is designed to provide app developers with a new way of finding learning about, requesting access to and consuming the internal or external APIs they require.

06:00 PM – 08:00 PM CAW1701: Global Welcome Reception

 

Wednesday, November 15, 2017
07:15 AM – 08:15 AM CAW1702: Continental Breakfast
08:30 AM – 09:45 AM CAW1703: Mike Gregoire Keynote
10:30 AM – 11:15 AM DO1T22S: Keynote: Announcing API and Microservice Innovations that Drive Business Agility and Improve Last-Mile Customer Experiences  DevOps: APIs and Microservices Theater 1

Success in today’s fast-moving digital environment requires the ability to shift quickly, in order to deliver the optimal last-mile experiences that customers, partners, employees and regulators expect. But this ability demands a new technology foundation – modern application architectures built on APIs and Microservices. Please join Rahim Bhatia, GM of CA API Management, in this content area keynote as he announces the latest additions to our API and Microservices portfolio: brand-new solutions that optimize business agility and support the delivery of delightful customer experiences. He will be joined onstage by innovators who have already seen business success through modernizing legacy architectures.

12:00 PM – 01:30 PM CAW1704: Lunch
12:45 PM – 01:30 PM DO1T25S: Analyst Keynote: Forrester’s Vision for Using Business Design, APIs, and Microservices to Increase Agility and Boost Business Value DevOps: APIs and Microservices Theater 1

Digital transformation drives disruption, and speed of change determines enterprise success. But the stream of tech change—including the Internet of Things (IoT), AI, SaaS, robotic automation and much more—makes it all the more difficult for IT to deliver change more quickly. While APIs, microservices, cloud platforms and containers are foundational, what really matters is the solution architecture one uses to put these piece parts together. In this must-attend session, join Forrester Vice President and Principal Analyst Randy Heffner as he shares insights and best practices for using digital business design to guide modern application architectures to deliver faster change more value, and better business outcomes.

01:45 PM – 02:15 PM DO1T52T: CA Microgateway: Secure Your Microservice Environments with CA Microgateway and OAuth DevOps: APIs and Microservices Tech Talk 2

Microservices architecture, widely adopted in the cloud space, has also gained popularity in enterprise IT to empower innovation and scalability. Unlike typical cloud vendors, enterprise IT faces a different set of challenges to microservices adoption, such as application security, organization and infrastructure. CA Microgateway is a new breed of API gateway that enables team autonomy for enterprise developers and provides end-to-end security solutions that are easy to integrate with modern microservices and DevOps infrastructure. In this session, you will learn about building a secure service mesh with optimized APIs using CA Microgateway, including demos of existing and future CA Microgateway capabilities.

02:30 PM – 03:15 PM DO1T32T: Accenture: Accelerating Digital Transformation With DevOps for API Management DevOps: APIs and Microservices Tech Talk 1

Social media, mobility, analytics and cloud (SMAC) technologies are opening up new possibilities for businesses—ones that did not exist a couple of years ago. For instance, companies with the right mix of technologies are able to analyze customer data in real time and serve customers seamlessly across digital channels and devices. Sophisticated analytics technologies are able to predict customer behavior and help businesses launch highly relevant products and services at scale. Today, speed, scale and agility differentiate one company from another, and APIs form the foundation of such businesses. They help organizations to expose data, assets and services to customers and business partners that are outside the enterprise in a secure and scalable manner. Without APIs, a digital transformation is next to impossible.

04:15 PM – 04:45 PM MFT12S: Blockchain: Strategies for Moving From Hype to Realities of Deployment Mainframe Theater 6

The promise of blockchain, or specifically distributed ledger technology, has captured the attention of business and IT leaders across multiple industries. Now is the time to move from hype to reality. This session will examine use cases of pioneering companies that apply blockchain in a multi-party entity environment with immutable smart contracts. We’ll share how some DevSecOps requirements are fundamentally different for blockchain pilots and full deployment—from getting started with the right development environment to concerns of security, encryption and operational visibility. We will also discuss integration of blockchain with existing systems of record and the use of shadow blockchain as an evolutionary step towards adoption. Join this session to learn more about developing, deploying, and securing blockchain.

05:00 PM – 05:30 PM DO1T53T: CA API Management: APIs and DevOps in a Federated Deployment DevOps: APIs and Microservices Tech Talk 2

Managing APIs at scale can be a challenge – one that we have made easier. Whether your scale is the number of APIs you work with, the number of proxies in your infrastructure, or both, we can make administration of this easy. This session will show how lifecycle management and governance are only a click away across multiple use cases. See how easy it can be to administer lifecycle management through development, testing and production, or manage multiple APIs across different geographies.

05:30 PM – 07:30 PM CAW1705: Journey the World

 

Thursday, November 16, 2017
07:15 AM – 08:15 AM CAW1702: Continental Breakfast
08:30 AM – 09:45 AM CAW1706: Otto Berkes & Ayman Sayed Keynote
10:30 AM – 11:15 AM DO1T23S: Vision and Roadmap: Experience New Innovations and Solutions for Microservices and API Management DevOps: APIs and Microservices Theater 1

CA Technologies was named a leader with the highest ability to execute in the Gartner Magic Quadrant for Full Lifecycle API Management. Since then, we have expanded further to add robust capabilities for microservices design, development and management. No matter where you are in the modern application architecture journey, this roadmap session will show you the vision of how CA enables the entire lifecycle of APIs and microservices – from strategy and creation to security, management and monitoring. Join Rajesh Raheja, Vice President, Product Management, and Jaime Ryan, Senior Director, Product Management as they show off the latest innovations in CA Live API Creator, CA Microgateway, CA API Gateway, CA Mobile API Gateway and CA API Developer Portal, and reveal what’s on the horizon for our portfolio.

12:00 PM – 01:30 PM CAW1704: Lunch
12:45 PM – 01:30 PM DO1T50T: CA API Management: End-to-End Microservice Architecture DevOps: APIs and Microservices Tech Talk 2

Microservices adoption promises significant benefits to businesses, but adds complexity and uncertainty to the teams that have to secure and manage the resulting environments. Understanding and enabling the new patterns that arise from these architectures make the CA API Management portfolio uniquely suited to address these concerns. In this session we will demonstrate our end-to-end microservices product architecture, starting from scratch to create, deploy, secure, manage, expose and consume the microservices necessary to support a working mobile application.

01:45 PM – 02:15 PM DO1T17S: M&T Bank: Solving Real-World Banking Challenges with CA API Management DevOps: APIs and Microservices Theater 1

In this session, we will focus on real-world challenges at M&T Bank and how we are solving them with CA API Management and CA Single Sign-On. Find out why we chose CA over the competition and what specific use cases we are tackling for commercial banking and our overall digital strategy. The session will also cover the architecture patterns we have established for others across the enterprise to consume, how we integrate into our security ecosystem and why an API gateway is more than just exposing services.

03:30 PM – 04:00 PM DO1T56T: API Academy: Microservices – How to Safely Speed Up Your Digital Innovation DevOps: APIs and Microservices Tech Talk 2

Microservices are the next evolution in software architecture designed to help organizations embrace continual change and drive innovation in the digital economy. If you don’t approach them the right way, however, you can also fall into many traps. Join author and global technologist Mike Amundsen as he cuts through the hype and identifies the key trends, challenges and pitfalls facing companies of all sizes in the search for microservices at speed, safety and scale.

04:15 PM – 04:45 PM DO1T57T: API Academy: Microservices People Patterns – Designing Change-Friendly Teams DevOps: APIs and Microservices Tech Talk 2

If you’ve adopted microservices you’ve probably been adopting lots of innovative and interesting technology practices. But, the companies that really do well with microservices architectures also have organizations and practices that can turn the promise of better, faster and cheaper into a reality. In this session, Ronnie Mitra examines the people side of microservices architecture and describes some of the patterns that have helped organizations succeed.

06:30 PM – 09:30 PM CAW1707: No Barriers Bash – Live with the Counting Crows & Third Eye Blind

Next, look for session recommendations from our Senior Solutions Architect, Venkata Chintala.

Want to know more? Contact iSOA Group at info@isoagroup.com.

Celebrating 20 years in Business!

Friends, colleagues and valued customers,

Today, September 27, 2017, marks our 20th anniversary! We are thankful for all of your commitment to making this company successful and look forward to the exciting, new challenges of the future. But first, let’s put the future on hold for some little known iSOA fun-facts and a cartoon to liven up your day.

Enjoy.

Video: See the Benjamin Button-esque version of our transformation.

Want to know more? Contact iSOA Group at info@isoagroup.com.

Webcast Replay: Migrating DataPower to IBM’s API Connect

iSOA Group’s CTO, Bryon Kataoka, presented during IBM’s weekly DataPower Webcast on 9/15/17. The webcast was a great success, with suggestions for follow up topics that we will work to have incorporated into future presentations.

Please see below slide deck on migrating from Datapower to API Connect using custom policies:

Want to know more? Contact iSOA Group at info@isoagroup.com.

Webcast: Migrating DataPower to IBM’s API Connect

iSOA Group’s CTO, Bryon Kataoka, will be the featured presenter at this Friday’s IBM DataPower Weekly Webcast, hosted by IBM.

The focus of his presentation will be on the value to DataPower clients who migrate their DataPower deployment to IBM’s API Connect©.  Bryon will share the value, from a recent client migration, that enabled the client to realize more value from their DataPower deployment through improved analytics, broader use of DataPower services through API’s, and custom policies in API Connect that enable developers to access specific custom developed policies within DataPower.

This session will cover:

  • Scenarios and client motivations to migrate DataPower to API Connect.
  • How API Connect helps improve standardization of DataPower deployed services.
  • Lower cost of DataPower operational support while enabling agility of developers.

iSOA Group presentation: September 15, 2017 at 11:00AM and 2:00PM ET

IBM DataPower Weekly Webcasts

Every Friday one of our experts provides a 20 minute overview on a particular topic related to the DataPower platform. This webcast series is designed to provide brief, easily digestible content regarding DataPower functionality, emerging use cases, best practices, recent announcements, and client successes. It is an opportunity to learn how you can better leverage DataPower in your organization and discover new areas of applicability.

When: Fridays at 11am and 2pm ET

Log in Information:https://stmeetings.na.collabserv.com/stmeetings/room/join/access?id=7634-2249
Meeting password: datapower
Conference Bridge: 1-888-426-6840, Passcode: 64534212#

Want to know more? Contact iSOA Group at info@isoagroup.com.

Security: Should You Code in Applications or Delegate to Gateways?

When you have a security Gateway, such as DataPower, should you continue to code security into applications?

Consider if this scenario fits your organization:

  • You have DataPower implemented in your trusted zone.
  • Your application teams are creating business services.
  • Your application teams are building in authentication and authorization into their software.
  • Developers are managing certificates.
  • Occasionally, certificates expire and the developer is no longer with the company.

If yes, don’t worry! this is a pretty common situation.

So, let’s point out where you can achieve some DataPower ROI:

Move authentication and authorization to DataPower

This can be done by adding a AAA action to your DataPower proxy service (Multiprotocol Gateway or WS-Proxy).  With some configuration to identify the user credentials (possibly a basic-auth header) and pointing to your IDP (i.e.,  Active Directory) with a few clicks you can have your user verified.

If you also need to verify that the user has access to your service, again, with a few clicks and some configuration of the LDAP group the user must be a member of, you can have authorization verified.

Allow DataPower to validate TLS

By configuring DataPower to handle the SSL you accomplish 5 benefits:

  1. Your certificates are managed by DataPower and therefore you will get notification of expirations 30 days in advance
  2. Certificates live in one place.
  3. The application teams don’t need to make code updates for security. Instead they can focus on business logic
  4. DataPower has a crypto chip that will process the SSL negotiation faster, thereby reducing cycles on your application servers
  5. Changes in security practices won’t impact your applications.

Allow DataPower to address future security changes

Security is only going to get tighter and tighter.  DataPower has the capabilities to perform encryptions/decryptions, create digital signatures and perform verifications.  By allowing DataPower to support the security needs of the application you are in a much better position to react to changes.

 Takeaway/Action Item
  • There are many ways to get more ROI out of your DataPower.
  • Have DataPower handle the security of the service so developers can spend time on business logic instead of security coding.
  • Reduce downtime by getting warned of expiring certificates in DataPower.
  • Separate security from business logic using DataPower so that security updates don’t impact your applications.

Want to know more? Contact iSOA Group at info@isoagroup.com.

DataPower Gateway & Why You Want One!

Before we even get into what a DataPower Gateway is, let’s begin by discussing what a “gateway” is, how they differ and why you could potentially want another.

First, a “gateway” is simply a device that joins together two different networks. In the most common scenario, your enterprise networks with the Internet. A router is an example of a gateway device. It directs and decides where information packets are sent.

Another term to understand regards a firewall. A firewall is a filter that examines said packets, against a set of defined rules, in order to decide whether to allow the packets access.  Your security and infrastructure team go to great lengths to ensure firewalls are implemented to prevent unwanted access to your network(s).

Finally, a DataPower gateway is a hybrid implementation of the network components (the gateway + a firewall) just mentioned.  It is not meant to replace those components, but to supplement them with a specialized application layer (i.e., Layer 7) protocol.  The application layer allows your enterprise to implement specialized application services, and DataPower provides additional security that routers and firewalls do not.

So, what does a DataPower Gateway provide that the other network devices don’t do well (or at all) and why are they important to your company?

Here are a few features you can achieve through DataPower:

1.     Wire speed XML Parsing

Extensible Markup Language (XML) has been around for quite some time and is used to represent the data exchanged between multiple parties.  XML provides a tagged method to identify data elements so that you, your partners, and customers can exchange XML documents as a way to share data.

The problem with XML is not all information passed in an XML document is always needed.  To be as efficient as possible, it is a good practice to “starve” the data elements down to just that which you require.  The way of filtering these fields is called “parsing”.  Parsing in application servers is slow.  Load balancing the requests, in order to perform a task to meet a specified service level, becomes necessary when you encounter large volumes of parsing. This can lead to even larger server farms, more administration (backups, fix-packs, etc.) and increased hardware/software costs.

DataPower has a special, built-in XML parsing chipset designed to parse at the speed-of-the-wire, vastly outperforming server based parsing.  This specialized application feature is what makes DataPower stand out from the other previous mentioned devices.

If you are already using multiple servers to load balance parsing of XML traffic, you should consider routing those transaction through DataPower and apply your parsing on the “wire”. If you could reduce the effort spent on supporting the server farm, while simultaneously reducing your costs, what are you waiting for? It’s faster to ride in a car than ride a bicycle.

2.     Authentication/Authorization and token switching

Gateways primarily reside on the edge of the network.  That is an optimal location to perform authentication and authorization.  Not only does DataPower integrate with many authentication/authorization servers, but it can also switch the authentication tokens to another format (i.e., basic authentication to Kerberos).  Being that DataPower is standards-based, it works with pretty much any authentication mechanism.  If your authentication/authorization server is not available out-of-the-box, you can also accomplish the integration using a custom stylesheet.  This feature makes DataPower a powerful gateway addition.

3.     Advanced Security Implementation

DataPower provides enhanced security to implementations, such as Layer 7.  For instance, DataPower has a built-in, specialized ability to encrypt and decrypt at the speed-of-the-wire, meaning you can apply encryption to the XML payload.  You have the ability to sign with digital certificates, as well as verify signatures from other partners’ payload.  Plus, DataPower can also perform 2-factor authentication using a variety of methods.

Another very common use of DataPower is to use it to manage SSL/TLS.  Since DataPower can live in a DMZ, on the edge of the network, it’s best to establish the security there, instead of letting it pass through to your backend servers.

Finally, DataPower provides XML threat protection and SQL injection filtering that other devices or applications are incapable of performing.

There are many more security features in DataPower, but these are just a few to highlight, but remember you are merely scratching the surface.

Takeaway/Action Item

  • Take the time to investigate your DataPower implementation to see if you are taking full advantage of the features.
  • DataPower is a secure appliance. Involve your architects and security teams to ensure you are maximizing your investment.
  • If you are considering publishing API’s, you will need a powerful gateway.

Want to know more? Contact iSOA Group at info@isoagroup.com.

Does your DataPower Implementation Support These 4 Key Features?

Is your DataPower implementation supporting your corporate security?

The right implementation will be agile, secure and efficient.  Depending on who, and how long ago, the DataPower Gateways were implemented, you might find these key features are missing.

And, don’t forget how agility in implementing your services through the Gateway allows your company to deliver products to customers quickly.  Winning business and protecting your assets will help you sleep at night.

So, does your DataPower Gateway have these key features?

Here is what you should look for:

1.     Logging information to your SIEM (eg. QRadar)

Security plays an important part in your DataPower configurations by identifying and protecting you against threats.  While DataPower finds these threats and acts appropriately to keep your company protected, it’s a best practice to configure a Log Target to output the messages to your company SIEM (Security Information and Event  Management).

2.     Repeatable Agile Framework to speed implementations

Configuring DataPower doesn’t require programming, which makes it very agile in providing capabilities in a short time.  To improve the agility even more, you can configure an Agile Framework that will allow you to build new services, faster, and adhere to standards with little fuss.   If you aren’t using a custom framework you are probably doing more work than necessary by replicating similar configurations that cause more ongoing maintenance.

3.     Utilizing DataPower’s threat protection

DataPower comes out of the box with built-in threat protection for your XML payloads.  There are additional configurable protection methods that guard against Denial of Service and SQL Injections, to name a few.  You can even add virus protection as part of your DataPower configuration.  Since these features are readily available out-of-the-box, ensure you turn them on.

4.     Wire speed transformations

Who doesn’t want the fastest processing of XML parsing?  DataPower has a built in XML Parser that will parse at “Wire speed”.  If you are using multiple servers to load balance parsing of XML traffic, you should consider routing those transactions through DataPower and apply your parser on the “Wire”.  You can reduce the effort to support the server farm, improve the speed for parsing XML messages, all while saving money (always a good thing!).

 

Takeaway & Action Items:

  • Take the time, regularly, to investigate your DataPower implementation to see if you are taking full advantage of the all features of DataPower, inlcuding new features in updates of the firmware from IBM.
  • DataPower is a secure appliance. Involve your architects and security teams to ensure you maximize  your return on you DataPower investment.
  • Consider a DataPower Advisor to review your implementation, share best practices, and assure you keep up-to-date on all of the latest DataPower features, including acting as an API Gateway.

 

Want to know more? Contact iSOA Group at info@isoagroup.com.

Expert’s Corner: When to Use DataPower XSLT vs. Gateway Script

In April 2014, IBM introduced a new Scripting Language to customize and configure DataPower for deployment based on Javascript.  This introduced a new approach, beyond XSLT, and also opened up the ability to leverage Javascript skills common in the marketplace.

Our trusted advisors did some research on when to use XSLT vs. Gateway Script:

IBM continues to upgrade GWS (GatewayScript) with each firmware release. Initially, it lacked some of the extension functions that are provided for in the XSL functions.

They are now pretty much have caught up, with a few exceptions, primarily in the various protocols that are supported in URL-open extensions. What they have done with GWS is add a lot of JSON capabilities and security updates for JSON (JWE, JWK, JWT). GWS is more traditional programming versus XSLT’s template model. It is much easier to handle things like setting up conditionals or loops. Output messages to the log are as simple as typing: console.debug (“accessCount = %i, accessCount); You can still use a combination of XSL and GWS in a service policy. Also, you have a debugger in GWS which means now you can step through your GWS code. You can build functions in GWS, which is much easier than writing call-template or apply-templates. E.G., Var PO = producePurchaseOrder (bookOrder, booksDB). You can also execute GWS from dynamic content and run it out of the temporary folder. From a performance standpoint, GWS is a secure and optimized Javascript. It is probably a shade slower since you cannot take advantage of the XML chip on physical DataPower appliances, but many folks on virtual appliances won’t have that option anyway.

Bottom line is as follows:

  1. If you are new to XSLT and have javascript skills, go with GWS.
  2. If you have existing XSLT written and need to perform specialized scripts that are easier to do in a traditional javascript, go right ahead. Example might be some calculations or date manipulation.
  3. If you want to use more of the latest JSON capabilities, using GWS makes it easier because JSON is just javascript notations.
  4. You can also check out the store:/// folder for examples of GWS.
  5. If you are dealing with XML transformation and are familiar with XPATH, then it’s OK to use XSLT.

Want to know more? Contact iSOA Group at info@isoagroup.com.

Expert’s Corner: Is DataPower a Firewall or a Layer 7 Protocol Proxy?

When discussing the capabilities of DataPower with colleagues, the topic of routing capabilities of the DataPower appliance often comes up.  It may seem convenient, at first, to compare it to a firewall, but it actually behaves much differently.   Keeping a clear understand of its behavior and how it handles routing of messages is important, as you determine the correct architecture and use cases for deployment.

DataPower operates almost exclusively as a non-transparent, Layer 7 protocol proxy, handling only an explicit number of protocols, such as HTTP (HTTPS) and FTP (FTPS). While it may appear that DataPower passes data, or messages, from one network segment to another, messages are actually terminated on the inbound TCP connection, introspecting message based data, and then a separate and distinct TCP connection is created from the device to a destination host.

 

Unlike Router/Firewalls, DataPower devices DO NOT route IP packets directly. They employ a high degree of interface isolation which is controlled by the configuration set in DataPower, but they will not connect two network segments for random protocols.

A protocol specific proxy service (XML Firewall, Multiprotocol Gateway, WS-Proxy, etc.) must be configured on the device in order to pass any data through said device, to a destination host.

For some supported protocol types – namely asynchronous messaging protocols such as IBM MQ Series™, IBMʼs WebSphere Messaging Engine™, or Tibcoʼs EMS™ protocol – the device does not act as a protocol proxy at all, but instead is responsible for establishing TCP level connections to support both the ingress and egress message path associated with an integration service.

Want to know more? Contact iSOA Group at info@isoagroup.com.

Expert’s Corner: When to Use an NFS Hard vs. Soft Mount

If you are connecting your gateway to an NFS file system, there are two options for how to mount it.

  1. A soft mount, which means that the application, or gateway, connection will attempt to mount the drive and once connected, will start to process the file. If for some reason the gateway cannot reach the file system after a period set by the nfstimeout parameter, then it will receive an error. However, if the file system goes down during the transaction, the transaction will stop and there may be some data corruption.  The advantage of a soft mount is that it has minimal impact on gateway performance; a disadvantage is the potential for data corruption.
  2. A hard mount; once the gateway is connected to the file system it is more of a “hard connection”, meaning that the gateway or server will continue to attempt to reconnect if the file system is unreachable. Once reached, it will continue the transaction, assuring the integrity of the system and data. The advantage is that data integrity and messaging is assured; the disadvantage is there is a performance impact with the constant connection.

We recommend a soft mount when the data integrity is not as critical and therefore your application, or gateway, will know there was an error in the connection.  As an example – a backup that was interrupted and not completed.   We recommend a hard mount when data integrity and the need to complete a transaction is of utmost importance.

If you would like to speak with an iSOA Trusted Advisor or engage our team for assistance please email us at info@isoagroup.com, or call us at 707-773-1198

Want to know more? Contact iSOA Group at info@isoagroup.com.