• contact@isoagroup.com
  • (707) 773-1198
Welcome to our Blog

Blog / News

Replay Available NOW: The Value of DataPower Frameworks

CTO, Bryon Kataoka, again presented during IBM’s DataPower Weekly Webcast this past Friday, November 3, 2017. The topic for this week was The Value of DataPower Frameworks & their utilization. With great attendance, we look forward to presenting again in the near future.

Have an idea for a topic? Please email us at info@isoagroup.com. Would you like to be on the invite for these webcasts? See this post for contact details.

Want to know more? Contact iSOA Group at info@isoagroup.com.

Webcast: The Value of DataPower Frameworks

iSOA Group’s CTO, Bryon Kataoka, will again be the featured presenter at this Friday’s IBM DataPower Weekly Webcast, hosted by IBM.

Bryon’s presentation will be on the value of DataPower frameworks.  DataPower frameworks are a set of configurations that comprise a single gateway that supports security, threat protection, validation, transformation and routing, whether deployed in the DMZ or in the trusted zone.  DataPower frameworks can streamline development and ease administration, while limiting the number of ports exposed in deployment.

Bryon will share DataPower framework best practices learned across numerous client engagements including:

  • Describing common DataPower gateway frameworks.
  • Extending and reuse of frameworks.
  • Utilize frameworks to effectively leverage DataPower advanced capabilities.

iSOA Group presentation: November 3, 2017 at 11:00AM and 2:00PM ET


IBM DataPower Weekly Webcasts

Every Friday one of our experts provides a 20 minute overview on a particular topic related to the DataPower platform.  This webcast series is designed to provide brief, easily digestible content regarding DataPower functionality, emerging use cases, best practices, recent announcements, and client successes.  It is an opportunity to learn how you can better leverage DataPower in your organization and discover new areas of applicability.

When: Fridays at 11am and 2pm ET

Log in Information: https://stmeetings.na.collabserv.com/stmeetings/room/join/access?id=7634-2249
Meeting password: datapower
Conference Bridge: 1-888-426-6840, Passcode: 64534212#

Would you like to be added the weekly invite? Please contact IBM’s Jason Pacini at jspacini@us.ibm.com.

Want to know more? Contact iSOA Group at info@isoagroup.com.

CA World 2017: Session Recommendations Part 2

 

As promised, part 2 of our CA World session recommendations are below! Curated by iSOA Group’s Senior Solution Architect, Venkata Chintala, our CA Technology leader who will be attendance this year. We look forward to seeing you there.

Pre-Conference Education: Monday, November 13, 2017
11:00 AM – NOON DSX104E: The Hacker Mindset: How to Eliminate Injection Risk in Your Code Breakers L

A CA Technologies | Veracode report may contain dozens of distinct flaw types, which can feel daunting and even dishearten developers. Is remediation really as hard as it seems? In this presentation, application security consultant Matt Runkle demonstrates a clear approach to learning AppSec that cuts through the fog and emphasizes pattern recognition over rote memorization. By the end of this presentation, you will understand common security flaws and gain insight to make future fixes easier. This talk is appropriate for all skill levels.

1:30PM – 3:30PM SCX106E:  Pre-Con Ed Lab: Building Mobile Apps with Improved Security and Better User Experience Reef F

Learn how to build mobile applications with embedded security in hours with the use of CA Rapid App Security. Add frictionless access to your mobile applications and combine it with contextual authentication to provide higher security and improved user experience. Learn how to make it easier for your developers and more secure for your customers to do business with your organization through your mobile apps. You can provide the right level of security based on the risk associated with the transaction being performed. Advanced security capabilities include mobile single sign-on, touch ID, device certificates, contextual risk-based analysis, one-time password (OTP), social login, proximity login, integration with CA Single Sign-On for omni-channel support and more. Take advantage of an API-based framework to unlock efficiencies within your organization.

04:00 PM – 05:00 PM DO1X122E: CA Jarvis Leo Robot: Driven by CA Jarvis Deep Learning and Big Data Analytics Power Lagoon L

This session highlights CA Jarvis’ deep learning and big data analytical power, as the brain of Leo Robot. Learn how the advanced analytics capabilities of CA Jarvis can provide robots with the intelligence to solve complex business problems, and the ability to keep evolving to adjust to different working scenarios. Get insights on how CA Jarvis enables the next generation of real-time business solutions.

Pre-Conference Tuesday, November 14, 2017
09:00 AM – 10:00 AM MFX109E: Data-Centric Security and Compliance: Enhancing Data Privacy With CA Data Content Discovery for z/OS Breakers F

The first step in any data-centric security strategy is identifying where your sensitive data resides. After all, you can’t protect your data if you don’t know where it is. This session will explore how you can find sensitive and regulated mainframe data that may be lost, hidden or abandoned as well as automatically classify discovered data based on sensitivity level for compliance with the industry-first innovation of CA Data Content Discovery for z/OS. Topics will include defining scan criteria to simplify the identification of sensitive data, best practices for creating classifiers and insights to enhance data privacy and simplify regulatory compliance.

10:00 AM – 11:00 AM DO1X118E: CA Microgateway: Microservice API Access Control Lagoon E

Using microservices has become a popular way to develop distributed software systems. Unfortunately, security is often an afterthought, including access controls for Web APIs. A number of security mechanisms—some borrowed from previous software architectures and some new—have been tried in order to address different pieces of the access control puzzle. This has resulted in a disjointed assortment of approaches. In this session, Rob Wilson will review the pros and cons of current approaches and discuss a proposed unified, multi-platform approach to API access control in a microservice architecture.

11:00 AM – 12:00 PM DO1X107E: CA Mobile API Gateway: Enhancing Your Mobile App Security Lagoon E

Learn about the latest features of CA Mobile API Gateway and the mobile SDK and how they can help increase the security of your mobile solution. We’ll dive deep into the core of the SDK and help you understand all the security mechanisms and standards it brings out of box to ensure your solution is protected.

02:00 PM – 03:00 PM DO1X110E: CA API Developer Portal: Setting Up a Private Cloud Portal Lagoon E

This session will cover how to deliver a private cloud or on-premises version of CA API Developer Portal, and how to provide migration guidance for CA API Developer Portal 2.x or 3.x “Classic” customers.

03:00 PM – 04:00 PM DO1X111E: CA API Developer Portal: Increase App Developer Velocity with the Portal Dev Console Lagoon E

CA API Developer Portal covers most API publisher use cases, with the publisher “telling” the developer what APIs they have access to via the account plan. This model works well when it comes to managing a set of external partners, but does not lend itself well to the most prevalent use case for portals today: empowering internal development teams. This capability is designed to provide app developers with a new way of finding learning about, requesting access to and consuming the internal or external APIs they require.

 

Wednesday, November 15, 2017
11:30 AM – Noon SCT31T:  Case Study: Risk-Based Authentication for Enterprise – How an Organization Protected Confidential Customer Information Security Tech Talk 10

Cyber Threats continue to evolve year after year and the hackers are getting sophisticated. Most of the breaches that occurred over the past few years involve compromised usernames and passwords. Therefore, it is important to use risk based authentication to analyze the user behavior and present stronger authentication as per transactional risk. We present a case study on how a government entity used risk based authentication as an enterprise solution to protect confidential information of citizens.

12:45 PM – 01:30 PM DO1T49T: CA Microgateway: Deploying, Configuring, and Extending CA Microgateway DevOps: APIs and Microservices Tech Talk 2

Businesses want smaller and faster deployments that use modern automated processes, but also want to satisfy their complex business cases with the things they deploy. CA Microgateway provides the ability to extend base functionality to build complicated workflows quickly and seamlessly, as well as incorporate those workflows into existing automated processes. In this session, we will demonstrate how easy it is to extend the functionality of the gateway and automatically incorporate it into your environment.

01:45 PM – 02:15 PM DO1T52T: CA Microgateway: Secure Your Microservice Environments with CA Microgateway and OAuth DevOps: APIs and Microservices Tech Talk 2

Microservices architecture, widely adopted in the cloud space, has also gained popularity in enterprise IT to empower innovation and scalability. Unlike typical cloud vendors, enterprise IT faces a different set of challenges to microservices adoption, such as application security, organization and infrastructure. CA Microgateway is a new breed of API gateway that enables team autonomy for enterprise developers and provides end-to-end security solutions that are easy to integrate with modern microservices and DevOps infrastructure. In this session, you will learn about building a secure service mesh with optimized APIs using CA Microgateway, including demos of existing and future CA Microgateway capabilities.

02:30 PM – 03:15 PM DO3T048T: Technology Primer: Are You Ready for GDPR? Get Your Survival Guide Here DevOps: Continuous Delivery Tech Talk 5

A little over three years ago, the EU Parliament approved the General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018. Any company that maintains personal information for EU citizens is subject to this regulation, regardless of location. Testing teams who use production data for quality assurance should pay close attention to this upcoming deadline. This session will provide a brief overview of GDPR, its implications when using personal data during testing and how your company can implement solutions to avoid getting fined for noncompliance. It will also provide you with a list of numerous resources to help you get started on the path to GDPR compliance. Get your questions answered and learn more about how this legislation can impact your business.

03:30 PM – 04:00 PM DO2T08S: Business Transformation: IBM® Delivers Agility through IT as a Service and the IBM Watson® Artificial Intelligence Platform DevOps: Agile Operations Theater 2

Learn how IT as a service (ITaaS) on the IBM Services Platform with Watson™ applies cognitive capabilities across your IT infrastructure, enabling your IT processes to run by themselves while you and your teams can focus on innovation—all powered by the insights of augmented intelligence. Agility is critical to success. Today’s complex IT environments demand that businesses embrace a new, services-focused mindset. Your infrastructure runs itself and continues to learn. Your IT is optimized. Your innovation is unleashed. Learn how ITaaS on the IBM Services Platform with Watson—both a business and technology solution—is an entirely new way to do business.

05:00 PM – 05:30 PM MFT54T: Blockchain: Journey to Becoming a Digital Enterprise Mainframe Tech Talk 13

Blockchain is a disruptive technology that will dramatically change the way enterprises interact with their ecosystem. Blockchain provides a system of trust that will revolutionize how assets are managed, operated and transferred, as well has how business policies will be applied to these interactions as enterprises look to innovate and differentiate themselves. The intent of this talk is to discuss the learnings from first Blockchain projects, how clients are using the technology, how consortiums are being formed, as well as how the technology works. This talk will focus on Hyperledger and its uses in forming business networks.

 

Thursday, November 16, 2017
11:30 AM – Noon ACT37T: Docker and Microservice Jeopardy! CA Accelerator Zone 16

The Yipee.io team will be hosting a game of Jeopardy on Docker and microservices. Everyone is encouraged to participate. Categories include: Fictional Capabilities; Future Capabilities; Flawed Capabilities; Advanced Patterns; Saving Money, Time or Resources; and Orchestration Tools. Come test your knowledge and understanding or watch and learn as others test theirs. Winners earn prizes and everyone will walk away knowing more about Docker and microservices.

12:45 PM – 01:30 PM DO1T19S: Panel: Creating the Smart City of the Future With APIs, Connected Devices and the Internet of Things DevOps: APIs and Microservices Theater 1

The most successful cities of the future will be smart—leveraging sensors, connected devices and the Internet of Things (IoT) to drastically streamline asset management, reduce costs and improve the quality of life for citizens. In this exclusive panel, CA is proud to host leading smart city thinkers and practitioners from across the globe in a lively discussion about their digital transformation and how they are using devices, digital services and APIs to reimagine their cities.

01:45 PM – 02:15 PM DO1T36T: Encore Capital Group: Architecting a PCI Zone in the Cloud With CA API Gateway DevOps: APIs and Microservices Tech Talk 1

In this session, we will cover multiple topics surrounding the architecture of a PCI zone in a cloud environment needed by a global debt purchasing company to meet federal and state regulations. Specifically, we will examine the use of CA API Gateway as a tokenization server/secure token vault as well as CA API Gateway as an enterprise payment gateway and API security gateway in both a trusted and untrusted zone.

02:30 PM – 03:15 PM SCT36T: Case Study: Technical Deep Dive—Securing Information to the Cloud and Back, With Meaningful, Near-Real-Time Security Visibility Security Tech Talk 10

Neovera will do a technical deep dive on how it is leveraging CA security solutions—CA Identity Service and CA Privileged Access Manager—to provide a unique set of services through Neovera’s Secure Cloud Connect (SCC) to connect and protect an enterprise’s information from the enterprise to the cloud and back, regardless of private, hybrid and public cloud providers used. The session will also cover Neovera’s Secure Visibility SaaS offering that provides organizations’ executives with the current security posture of their business applications and IT services so intelligent business decisions and priorities can be set by management based on dynamic, near-real-time information.

03:30 PM – 04:00 PM ACT40T: Containers, Reuse and Security: What’s in Your Wallet? CA Accelerator Zone 16

Using containers to accelerate application development, but have security concerns? Want to improve reuse ability and decrease your risks at the same time? Looking to improve production application security? In this session we’ll explore containers and their security concerns for both public and private registries. We’ll discuss DevSecOps, examine the different vulnerability techniques, where they fit into the development lifecycle and how binary scanning for containers can improve your security profile, allow you to shift from reactive to proactive detection and help increase your confidence level in production.

04:15 PM – 04:45 PM SCT41T: Testing the Fences: Recent Attacks Are Harbingers of a More Serious Threat Security Tech Talk 11

The recent WannaCry and Petya ransomware attacks culminated in hundreds of hospitals, retail outlets and critical infrastructure being breached. They impacted commerce as well as patient care and innovation. On the surface, the attackers were looking to make a quick buck—asking for money in exchange for encryption keys and data. However, the fact that they did not collect contact information, or even provide encryption keys, suggests that money was not the primary objective. These attacks are a harbinger of what is possible and what we should expect. WannaCry and Petya foreshadow larger and more destructive attacks on our digital infrastructure, and on some of our most important institutions and capabilities. What we learned with Petya is that it wasn’t really ransomware at all—it was a destructive attack aimed at a sovereign nation, disguised as ransomware. Petya, and the use of digital means to attempt to influence our democratic processes, show that the contest of nations has already moved into the digital space and will be fought largely through software. Our adversaries are practicing these new techniques and getting better every day. The ability to create software that can resist these forms of attack and exploit will be crucial to our ability to protect not just applications but the social and political processes that depend on that software.

 

Want to know more? Contact iSOA Group at info@isoagroup.com.

CA World 2017: Sessions Recommendations

New to CA World?  Attempting to sift through all the available sessions can be overwhelming, and we know that it can be challenging to fit in the right content to make the most of your time at the conference.

Today’s guide is from our Sales and Marketing Leader.  You may note many of the sessions are focused on API Management and Gateway Solutions.  There are also a few on differing technology and CA client experiences focused on additional areas of interest in the future.

Pre-Conference Education: Monday, November 13, 2017
09:00 AM – 10:00 AM DO1X101E: CA API Gateway: What’s New in CA API Gateway 9.3? Lagoon E

This session introduces the new features and enhancements coming up in CA API Gateway 9.3.

10:00 AM – 11:00 AM DO1X102E: CA API Gateway: Developing Custom Policies to Secure Your Enterprise APIs Lagoon E

This session will address how to securely expose your organization’s APIs to the world, as well as discuss how to effectively apply custom security checks on specific API requests.

10:00 AM – 11:00 AM DO1X113E: CA Live API Creator: Integration with MQTT—Develop IoT Applications for a Multitude of Verticals (Smart Home, Healthcare and More) Lagoon L

MQTT makes an ideal choice to interface communication between devices and applications where network bandwidth is limited, and the code footprint is small. CA Live API Creator provides easy and intuitive ways to create interfaces between applications. The marriage of the two opens up a slew of possibilities to create IoT applications enabling exchange of data and messages between sensors, actuators, databases and value added services written on top—to harness the value of the collected data. In this session, we will discuss various market verticals that can benefit from the capabilities of CA Live API Creator combined with the power of MQTT as an IoT messaging protocol.

01:00 PM – 02:00 PM DO1X104E: CA API Gateway: Debugging and Troubleshooting Techniques Lagoon E

CA API Gateway’s policy language defines its purpose and behavior in a logical and highly configurable way. In this session, the speaker will address the general capabilities of CA API Gateway, exposing new services and showcasing fundamental policy functions. In the end, attendees will have an understanding of how to apply powerful but simple custom security patterns to their enterprise APIs.

02:00 PM – 03:00 PM DO1X105E: CA API Gateway: Demonstrated Lifecycle of Gateway Services and Policies Lagoon E

The CA API Gateway allows you to create very powerful and customized policies and services to manage your APIs. As you create more and more services and policies, managing their lifecycle can become difficult. This session covers information on: how to create policies and services that lend themselves to simpler lifecycle management, how to version control your services and policies and how to move services and policies between different environments. Lastly, for those who have attended the session on “New OAuth Toolkit Capabilities and Why They Matter to You,” we will cover how to manage the lifecycle of your OTK customizations.

03:00 PM – 04:00 PM DO1X106E: CA API Gateway: New OAuth Toolkit Capabilities and Why They Matter to You Lagoon E

OAuth Toolkit is now OpenID Certified and enables more use cases for authentication, authorization and federation. This session is dedicated to those who want to learn about new features and how they can be used in an enterprise organization. We will look at an example implementation that explains how all the bits and pieces come together.

04:00 PM – 05:00 PM DO1X114E: CA API Gateway: Securing Your API Portfolio with CA API Management Lagoon E

This session explores common Web services, Web APIs and Web application security considerations and how API management solutions from CA can be used to address them

Pre-Conference Tuesday, November 14, 2017
09:00 AM – 10:00 AM DO1X117E: CA Microgateway: How to Enable a Secure and Scalable Microservices Architecture Lagoon E

CA Microgateway is a new breed of API gateway that operates well with microservices and enables microservice developers with security and autonomy. In this session, you’ll learn about how to build a “service mesh” with CA Microgateway and the outlook of microservices infrastructure and enablement solutions.

10:00 AM – 10:45 AM MFX110E: SIEM Integrations, Insider Threat Prevention and More With CA Compliance Event Manager Breakers D

After you’ve discovered the location of sensitive and regulated data on your mainframe, the next step in a data-centric security strategy is to monitor who has access to it. That’s where CA Compliance Event Manager comes in. The solution alerts to abnormal user activity in real time, and inspects the source of incident with advanced reporting and forensics for deeper insights to proactively prevent insider threats. The discussion will include CA Compliance Event Manager’s SIEM integrations, advanced reporting and forensics and enhanced event reporting and enrichment.

11:00 AM – 12:00 PM DO1X107E: CA Mobile API Gateway: Enhancing Your Mobile App Security Lagoon E

After you’ve discovered the location of sensitive and regulated data on your mainframe, the next step in a data-centric security strategy is to monitor who has access to it. That’s where CA Compliance Event Manager comes in. The solution alerts to abnormal user activity in real time, and inspects the source of incident with advanced reporting and forensics for deeper insights to proactively prevent insider threats. The discussion will include CA Compliance Event Manager’s SIEM integrations, advanced reporting and forensics and enhanced event reporting and enrichment.

02:00 PM – 03:00 PM DO1X110E: CA API Developer Portal: Setting Up a Private Cloud Portal Lagoon E

This session will cover how to deliver a private cloud or on-premises version of CA API Developer Portal, and how to provide migration guidance for CA API Developer Portal 2.x or 3.x “Classic” customers.

03:00 PM – 04:00 PM DO1X111E: CA API Developer Portal: Increase App Developer Velocity with the Portal Dev Console Lagoon E

CA API Developer Portal covers most API publisher use cases, with the publisher “telling” the developer what APIs they have access to via the account plan. This model works well when it comes to managing a set of external partners, but does not lend itself well to the most prevalent use case for portals today: empowering internal development teams. This capability is designed to provide app developers with a new way of finding learning about, requesting access to and consuming the internal or external APIs they require.

06:00 PM – 08:00 PM CAW1701: Global Welcome Reception

 

Wednesday, November 15, 2017
07:15 AM – 08:15 AM CAW1702: Continental Breakfast
08:30 AM – 09:45 AM CAW1703: Mike Gregoire Keynote
10:30 AM – 11:15 AM DO1T22S: Keynote: Announcing API and Microservice Innovations that Drive Business Agility and Improve Last-Mile Customer Experiences  DevOps: APIs and Microservices Theater 1

Success in today’s fast-moving digital environment requires the ability to shift quickly, in order to deliver the optimal last-mile experiences that customers, partners, employees and regulators expect. But this ability demands a new technology foundation – modern application architectures built on APIs and Microservices. Please join Rahim Bhatia, GM of CA API Management, in this content area keynote as he announces the latest additions to our API and Microservices portfolio: brand-new solutions that optimize business agility and support the delivery of delightful customer experiences. He will be joined onstage by innovators who have already seen business success through modernizing legacy architectures.

12:00 PM – 01:30 PM CAW1704: Lunch
12:45 PM – 01:30 PM DO1T25S: Analyst Keynote: Forrester’s Vision for Using Business Design, APIs, and Microservices to Increase Agility and Boost Business Value DevOps: APIs and Microservices Theater 1

Digital transformation drives disruption, and speed of change determines enterprise success. But the stream of tech change—including the Internet of Things (IoT), AI, SaaS, robotic automation and much more—makes it all the more difficult for IT to deliver change more quickly. While APIs, microservices, cloud platforms and containers are foundational, what really matters is the solution architecture one uses to put these piece parts together. In this must-attend session, join Forrester Vice President and Principal Analyst Randy Heffner as he shares insights and best practices for using digital business design to guide modern application architectures to deliver faster change more value, and better business outcomes.

01:45 PM – 02:15 PM DO1T52T: CA Microgateway: Secure Your Microservice Environments with CA Microgateway and OAuth DevOps: APIs and Microservices Tech Talk 2

Microservices architecture, widely adopted in the cloud space, has also gained popularity in enterprise IT to empower innovation and scalability. Unlike typical cloud vendors, enterprise IT faces a different set of challenges to microservices adoption, such as application security, organization and infrastructure. CA Microgateway is a new breed of API gateway that enables team autonomy for enterprise developers and provides end-to-end security solutions that are easy to integrate with modern microservices and DevOps infrastructure. In this session, you will learn about building a secure service mesh with optimized APIs using CA Microgateway, including demos of existing and future CA Microgateway capabilities.

02:30 PM – 03:15 PM DO1T32T: Accenture: Accelerating Digital Transformation With DevOps for API Management DevOps: APIs and Microservices Tech Talk 1

Social media, mobility, analytics and cloud (SMAC) technologies are opening up new possibilities for businesses—ones that did not exist a couple of years ago. For instance, companies with the right mix of technologies are able to analyze customer data in real time and serve customers seamlessly across digital channels and devices. Sophisticated analytics technologies are able to predict customer behavior and help businesses launch highly relevant products and services at scale. Today, speed, scale and agility differentiate one company from another, and APIs form the foundation of such businesses. They help organizations to expose data, assets and services to customers and business partners that are outside the enterprise in a secure and scalable manner. Without APIs, a digital transformation is next to impossible.

04:15 PM – 04:45 PM MFT12S: Blockchain: Strategies for Moving From Hype to Realities of Deployment Mainframe Theater 6

The promise of blockchain, or specifically distributed ledger technology, has captured the attention of business and IT leaders across multiple industries. Now is the time to move from hype to reality. This session will examine use cases of pioneering companies that apply blockchain in a multi-party entity environment with immutable smart contracts. We’ll share how some DevSecOps requirements are fundamentally different for blockchain pilots and full deployment—from getting started with the right development environment to concerns of security, encryption and operational visibility. We will also discuss integration of blockchain with existing systems of record and the use of shadow blockchain as an evolutionary step towards adoption. Join this session to learn more about developing, deploying, and securing blockchain.

05:00 PM – 05:30 PM DO1T53T: CA API Management: APIs and DevOps in a Federated Deployment DevOps: APIs and Microservices Tech Talk 2

Managing APIs at scale can be a challenge – one that we have made easier. Whether your scale is the number of APIs you work with, the number of proxies in your infrastructure, or both, we can make administration of this easy. This session will show how lifecycle management and governance are only a click away across multiple use cases. See how easy it can be to administer lifecycle management through development, testing and production, or manage multiple APIs across different geographies.

05:30 PM – 07:30 PM CAW1705: Journey the World

 

Thursday, November 16, 2017
07:15 AM – 08:15 AM CAW1702: Continental Breakfast
08:30 AM – 09:45 AM CAW1706: Otto Berkes & Ayman Sayed Keynote
10:30 AM – 11:15 AM DO1T23S: Vision and Roadmap: Experience New Innovations and Solutions for Microservices and API Management DevOps: APIs and Microservices Theater 1

CA Technologies was named a leader with the highest ability to execute in the Gartner Magic Quadrant for Full Lifecycle API Management. Since then, we have expanded further to add robust capabilities for microservices design, development and management. No matter where you are in the modern application architecture journey, this roadmap session will show you the vision of how CA enables the entire lifecycle of APIs and microservices – from strategy and creation to security, management and monitoring. Join Rajesh Raheja, Vice President, Product Management, and Jaime Ryan, Senior Director, Product Management as they show off the latest innovations in CA Live API Creator, CA Microgateway, CA API Gateway, CA Mobile API Gateway and CA API Developer Portal, and reveal what’s on the horizon for our portfolio.

12:00 PM – 01:30 PM CAW1704: Lunch
12:45 PM – 01:30 PM DO1T50T: CA API Management: End-to-End Microservice Architecture DevOps: APIs and Microservices Tech Talk 2

Microservices adoption promises significant benefits to businesses, but adds complexity and uncertainty to the teams that have to secure and manage the resulting environments. Understanding and enabling the new patterns that arise from these architectures make the CA API Management portfolio uniquely suited to address these concerns. In this session we will demonstrate our end-to-end microservices product architecture, starting from scratch to create, deploy, secure, manage, expose and consume the microservices necessary to support a working mobile application.

01:45 PM – 02:15 PM DO1T17S: M&T Bank: Solving Real-World Banking Challenges with CA API Management DevOps: APIs and Microservices Theater 1

In this session, we will focus on real-world challenges at M&T Bank and how we are solving them with CA API Management and CA Single Sign-On. Find out why we chose CA over the competition and what specific use cases we are tackling for commercial banking and our overall digital strategy. The session will also cover the architecture patterns we have established for others across the enterprise to consume, how we integrate into our security ecosystem and why an API gateway is more than just exposing services.

03:30 PM – 04:00 PM DO1T56T: API Academy: Microservices – How to Safely Speed Up Your Digital Innovation DevOps: APIs and Microservices Tech Talk 2

Microservices are the next evolution in software architecture designed to help organizations embrace continual change and drive innovation in the digital economy. If you don’t approach them the right way, however, you can also fall into many traps. Join author and global technologist Mike Amundsen as he cuts through the hype and identifies the key trends, challenges and pitfalls facing companies of all sizes in the search for microservices at speed, safety and scale.

04:15 PM – 04:45 PM DO1T57T: API Academy: Microservices People Patterns – Designing Change-Friendly Teams DevOps: APIs and Microservices Tech Talk 2

If you’ve adopted microservices you’ve probably been adopting lots of innovative and interesting technology practices. But, the companies that really do well with microservices architectures also have organizations and practices that can turn the promise of better, faster and cheaper into a reality. In this session, Ronnie Mitra examines the people side of microservices architecture and describes some of the patterns that have helped organizations succeed.

06:30 PM – 09:30 PM CAW1707: No Barriers Bash – Live with the Counting Crows & Third Eye Blind

Next, look for session recommendations from our Senior Solutions Architect, Venkata Chintala.

Want to know more? Contact iSOA Group at info@isoagroup.com.

Celebrating 20 years in Business!

Friends, colleagues and valued customers,

Today, September 27, 2017, marks our 20th anniversary! We are thankful for all of your commitment to making this company successful and look forward to the exciting, new challenges of the future. But first, let’s put the future on hold for some little known iSOA fun-facts and a cartoon to liven up your day.

Enjoy.

Video: See the Benjamin Button-esque version of our transformation.

Want to know more? Contact iSOA Group at info@isoagroup.com.

Webcast Replay: Migrating DataPower to IBM’s API Connect

iSOA Group’s CTO, Bryon Kataoka, presented during IBM’s weekly DataPower Webcast on 9/15/17. The webcast was a great success, with suggestions for follow up topics that we will work to have incorporated into future presentations.

Please see below slide deck on migrating from Datapower to API Connect using custom policies:

Want to know more? Contact iSOA Group at info@isoagroup.com.

Webcast: Migrating DataPower to IBM’s API Connect

iSOA Group’s CTO, Bryon Kataoka, will be the featured presenter at this Friday’s IBM DataPower Weekly Webcast, hosted by IBM.

The focus of his presentation will be on the value to DataPower clients who migrate their DataPower deployment to IBM’s API Connect©.  Bryon will share the value, from a recent client migration, that enabled the client to realize more value from their DataPower deployment through improved analytics, broader use of DataPower services through API’s, and custom policies in API Connect that enable developers to access specific custom developed policies within DataPower.

This session will cover:

  • Scenarios and client motivations to migrate DataPower to API Connect.
  • How API Connect helps improve standardization of DataPower deployed services.
  • Lower cost of DataPower operational support while enabling agility of developers.

iSOA Group presentation: September 15, 2017 at 11:00AM and 2:00PM ET

IBM DataPower Weekly Webcasts

Every Friday one of our experts provides a 20 minute overview on a particular topic related to the DataPower platform. This webcast series is designed to provide brief, easily digestible content regarding DataPower functionality, emerging use cases, best practices, recent announcements, and client successes. It is an opportunity to learn how you can better leverage DataPower in your organization and discover new areas of applicability.

When: Fridays at 11am and 2pm ET

Log in Information:https://stmeetings.na.collabserv.com/stmeetings/room/join/access?id=7634-2249
Meeting password: datapower
Conference Bridge: 1-888-426-6840, Passcode: 64534212#

Want to know more? Contact iSOA Group at info@isoagroup.com.

Security: Should You Code in Applications or Delegate to Gateways?

When you have a security Gateway, such as DataPower, should you continue to code security into applications?

Consider if this scenario fits your organization:

  • You have DataPower implemented in your trusted zone.
  • Your application teams are creating business services.
  • Your application teams are building in authentication and authorization into their software.
  • Developers are managing certificates.
  • Occasionally, certificates expire and the developer is no longer with the company.

If yes, don’t worry! this is a pretty common situation.

So, let’s point out where you can achieve some DataPower ROI:

Move authentication and authorization to DataPower

This can be done by adding a AAA action to your DataPower proxy service (Multiprotocol Gateway or WS-Proxy).  With some configuration to identify the user credentials (possibly a basic-auth header) and pointing to your IDP (i.e.,  Active Directory) with a few clicks you can have your user verified.

If you also need to verify that the user has access to your service, again, with a few clicks and some configuration of the LDAP group the user must be a member of, you can have authorization verified.

Allow DataPower to validate TLS

By configuring DataPower to handle the SSL you accomplish 5 benefits:

  1. Your certificates are managed by DataPower and therefore you will get notification of expirations 30 days in advance
  2. Certificates live in one place.
  3. The application teams don’t need to make code updates for security. Instead they can focus on business logic
  4. DataPower has a crypto chip that will process the SSL negotiation faster, thereby reducing cycles on your application servers
  5. Changes in security practices won’t impact your applications.

Allow DataPower to address future security changes

Security is only going to get tighter and tighter.  DataPower has the capabilities to perform encryptions/decryptions, create digital signatures and perform verifications.  By allowing DataPower to support the security needs of the application you are in a much better position to react to changes.

 Takeaway/Action Item
  • There are many ways to get more ROI out of your DataPower.
  • Have DataPower handle the security of the service so developers can spend time on business logic instead of security coding.
  • Reduce downtime by getting warned of expiring certificates in DataPower.
  • Separate security from business logic using DataPower so that security updates don’t impact your applications.

Want to know more? Contact iSOA Group at info@isoagroup.com.

DataPower Gateway & Why You Want One!

Before we even get into what a DataPower Gateway is, let’s begin by discussing what a “gateway” is, how they differ and why you could potentially want another.

First, a “gateway” is simply a device that joins together two different networks. In the most common scenario, your enterprise networks with the Internet. A router is an example of a gateway device. It directs and decides where information packets are sent.

Another term to understand regards a firewall. A firewall is a filter that examines said packets, against a set of defined rules, in order to decide whether to allow the packets access.  Your security and infrastructure team go to great lengths to ensure firewalls are implemented to prevent unwanted access to your network(s).

Finally, a DataPower gateway is a hybrid implementation of the network components (the gateway + a firewall) just mentioned.  It is not meant to replace those components, but to supplement them with a specialized application layer (i.e., Layer 7) protocol.  The application layer allows your enterprise to implement specialized application services, and DataPower provides additional security that routers and firewalls do not.

So, what does a DataPower Gateway provide that the other network devices don’t do well (or at all) and why are they important to your company?

Here are a few features you can achieve through DataPower:

1.     Wire speed XML Parsing

Extensible Markup Language (XML) has been around for quite some time and is used to represent the data exchanged between multiple parties.  XML provides a tagged method to identify data elements so that you, your partners, and customers can exchange XML documents as a way to share data.

The problem with XML is not all information passed in an XML document is always needed.  To be as efficient as possible, it is a good practice to “starve” the data elements down to just that which you require.  The way of filtering these fields is called “parsing”.  Parsing in application servers is slow.  Load balancing the requests, in order to perform a task to meet a specified service level, becomes necessary when you encounter large volumes of parsing. This can lead to even larger server farms, more administration (backups, fix-packs, etc.) and increased hardware/software costs.

DataPower has a special, built-in XML parsing chipset designed to parse at the speed-of-the-wire, vastly outperforming server based parsing.  This specialized application feature is what makes DataPower stand out from the other previous mentioned devices.

If you are already using multiple servers to load balance parsing of XML traffic, you should consider routing those transaction through DataPower and apply your parsing on the “wire”. If you could reduce the effort spent on supporting the server farm, while simultaneously reducing your costs, what are you waiting for? It’s faster to ride in a car than ride a bicycle.

2.     Authentication/Authorization and token switching

Gateways primarily reside on the edge of the network.  That is an optimal location to perform authentication and authorization.  Not only does DataPower integrate with many authentication/authorization servers, but it can also switch the authentication tokens to another format (i.e., basic authentication to Kerberos).  Being that DataPower is standards-based, it works with pretty much any authentication mechanism.  If your authentication/authorization server is not available out-of-the-box, you can also accomplish the integration using a custom stylesheet.  This feature makes DataPower a powerful gateway addition.

3.     Advanced Security Implementation

DataPower provides enhanced security to implementations, such as Layer 7.  For instance, DataPower has a built-in, specialized ability to encrypt and decrypt at the speed-of-the-wire, meaning you can apply encryption to the XML payload.  You have the ability to sign with digital certificates, as well as verify signatures from other partners’ payload.  Plus, DataPower can also perform 2-factor authentication using a variety of methods.

Another very common use of DataPower is to use it to manage SSL/TLS.  Since DataPower can live in a DMZ, on the edge of the network, it’s best to establish the security there, instead of letting it pass through to your backend servers.

Finally, DataPower provides XML threat protection and SQL injection filtering that other devices or applications are incapable of performing.

There are many more security features in DataPower, but these are just a few to highlight, but remember you are merely scratching the surface.

Takeaway/Action Item

  • Take the time to investigate your DataPower implementation to see if you are taking full advantage of the features.
  • DataPower is a secure appliance. Involve your architects and security teams to ensure you are maximizing your investment.
  • If you are considering publishing API’s, you will need a powerful gateway.

Want to know more? Contact iSOA Group at info@isoagroup.com.