Click here to close now.

Welcome!

Websphere Authors: Mike Kavis, Elizabeth White, Liz McMillan, Pat Romanski, Carmen Gonzalez

Related Topics: Java, SOA & WOA, Websphere, AJAX & REA, Apache

Java: Article

Enterprise Framework Service for WebSphere Datapower

Minimize the exposure of ports and their configuration on firewall

Create Enterprise Framework Service:
Perform the following steps to create an Enterprise Framework Service, called EnterpriseFrameworkServiceMPGW, in Datapower.
1-    Create two loopback Services using XML Firewall:
1.a.    ServiceA
1.b.    serviceB

2-    Create the following 3 files
2.a.    Create EnvironmentConfig.xml. This file contains the environment value, so the incoming request is assign to right backend.

2.b.    Create EnvironmentConfig.xslt. This XSLT file read value from the EnvironmentConfig.xml and set the environment variable.

<?xml version="1.0" encoding="UTF-8"?>

<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"

version="1.0"

xmlns:dp="http://www.datapower.com/extensions"

extension-element-prefixes="dp"

exclude-result-prefixes="xalan dp"

xmlns:xalan="http://xml.apache.org/xslt">

<xsl:template match="/">

<xsl:variable name="masterConfig" select="document('local:///EnvironmentConfig.xml')"/>

<dp:set-variable name="'var://context/wp/environment'" value="normalize-space($masterConfig/config/environment/text())"/>

</xsl:template>

</xsl:stylesheet>

 

2.c.    Create EnterpriseFrameworkRouter.xslt. This XSLT file constructs the backend URL by preserving the incoming URI and reading the target host
information from the config.xml of that service.

<?xml version="1.0" encoding="ISO-8859-1"?>

<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"

xmlns:dp="http://www.datapower.com/extensions"

extension-element-prefixes="dp" exclude-result-prefixes="dp">

<xsl:template match="/">

<xsl:copy-of select="."/>

<xsl:variable name="incomingURI">

<xsl:value-of select="dp:variable('var://service/URI')"/>

</xsl:variable>

<xsl:variable name="tempVar">

<xsl:value-of select="substring-after($incomingURI,'/')"/>

</xsl:variable>

<xsl:variable name="serviceName">

<xsl:if test="contains($tempVar,'/')">

<xsl:value-of select="substring-before($tempVar,'/')"/>

</xsl:if>

<xsl:if test="not(contains($tempVar,'/'))">

<xsl:value-of select="$tempVar"/>

</xsl:if>

</xsl:variable>

<xsl:param name="hostAddr" select="'local:///'"/>

<xsl:variable name="remoteURL" select="concat($hostAddr,'/xml/',$serviceName,'/config.xml')"/>

<xsl:variable name="environment" select="dp:variable('var://context/wp/environment')"/>

<xsl:variable name="config" select="document($remoteURL)" />

<xsl:variable name="serviceDestination">

<xsl:copy-of select="$config/EnterpriseFrameworkDestinationList/serviceDestination[@environment=$environment]"/>

</xsl:variable>

<dp:set-variable name="'var://service/routing-url'" value="concat($serviceDestination,$incomingURI)"/>

</xsl:template>

</xsl:stylesheet>

 

 

3-    Upload these files to Datapower
3.a.    Create “xslt” folder and upload both xslt files there
3.b.    Upload “EnvironmentConfig.xml” to “local:///

 

4-    Create a Multi-Protocol Gateway (MPGW) named,  EnterpriseFrameworkMPGW with:
4.a.    Dynamic backend
4.b.    Request and Response type to Non-xml

 

5-    Create a front side handler, name it EnterpriseFrameworkFSH and assign port number to “81

 

6-    Create a new policy, EnterpriseFrameworkPolicy, and add following rules:
6.a.    Create a new rule for “Client to Server” and with two Transform actions
6.a.i.    Assign EnvironmentConfig.xslt to the first Transform action, make sure the Output set to NULL

 

6.a.ii.    Assign EnterpriseFrameworkRouter.xslt to the second Transform action, make sure Output set to NULL

 

6.b.    Create a new rule for “Server to Client” without any actions
6.c.    Overall EnterpriseFrameworkPolicy should look like this:

6.d.    Apply the Policy and close the window

7-    The EnterpriseFrameworkMPGW should look like this:  Save the configuration.

 

Integrate the Existing or New Services to the Enterprise Framework:

In order to incorporate the existing or new service in to the Enterprise Framework
1-    Create folder with the name of the service as a folder name under local:///xml/

 

2-    Create the following config.xml for serviceA
2.a.    The config.xml file for serviceA, which contains the IP address or hostname for each environment and  the port where serviceA is running

<?xml version="1.0" encoding="UTF-8"?>

<EnterpriseFrameworkDestinationList>

<serviceDestination environment="DEV">http://192.168.136.145:2048</serviceDestination>

<serviceDestination environment="QA">http://192.168.136.146:2048</serviceDestination>

<serviceDestination environment="PROD">http://192.168.136.147:2048</serviceDestination>

</EnterpriseFrameworkDestinationList>

 

 

3-    Upload the config.xml file at “local:///xml/serviceA” folder

 

4-    Create the similar config.xml for serviceB with serviceB’s hosts for each environment and assigned port

<?xml version="1.0" encoding="UTF-8"?>

<EnterpriseFrameworkDestinationList>

<serviceDestination environment="DEV">http://192.168.136.145:2049</serviceDestination>

<serviceDestination environment="QA">http://192.168.136.146:2049</serviceDestination>

<serviceDestination environment="PROD">http://192.168.136.147:2049</serviceDestination>

</EnterpriseFrameworkDestinationList>

 

5-    Upload the config.xml file at local:///xml/serviceB folder

6-    Every time a new service need to be integrated to Enterprise Framework, a config file need to be created for that service with values
of hostname/IP address and the port number where the service is installed. Nothing needs to be done on the EnterpriseFrameworkMPGW at all.

7-    For every incoming request EnterpriseFrameworkRouter.xslt (installed in the EnterpriseFrameworkMPGW) parse the URI and look for the
config.xml file for that service. If the service is not installed then there will be no xml/config file for that service.

Testing / Verification:

1-    Enabled the probes on serviceAFW and serviceBFW
2-    From the SOAP UI send the following test message for serviceA (http://<hostname>:81/serviceA)

3-    You should see the response back

4-    From the serviceA probe.  Notice the values of inbound-url and outbound-url.

5-    Now, send the request for serviceB  (http://<hostname>:81/serviceB)

6-    From the serviceB probe.  Notice the values of inbound-url and outbound-url.

7-    From the EnterpriseFrameworkMPGW Probe, you can see the requests are directed to their respective services. Notice the values of inbound-url and outbound-url.

Conclusion:
By implementing the Enterprise Framework Service to any WebSphere Datapower environment, it helps to streamline the development of
new services inside Datapower.  Datapower administrators do not need to deal with firewall and network configuration whenever a new
service is implemented on its appliances.  The framework also does not allow exposing any additional ports outside the network.

More Stories By Asim Saddal

Asim Saddal works in the Middleware (WebSphere Application Server, WebSphere Datapower, WebSphere Process Server, WebSphere VE) practice of IBM Software Services for WebSphere.

@ThingsExpo Stories
Cloud data governance was previously an avoided function when cloud deployments were relatively small. With the rapid adoption in public cloud – both rogue and sanctioned, it’s not uncommon to find regulated data dumped into public cloud and unprotected. This is why enterprises and cloud providers alike need to embrace a cloud data governance function and map policies, processes and technology controls accordingly. In her session at 15th Cloud Expo, Evelyn de Souza, Data Privacy and Compliance Strategy Leader at Cisco Systems, will focus on how to set up a cloud data governance program and s...
Every innovation or invention was originally a daydream. You like to imagine a “what-if” scenario. And with all the attention being paid to the so-called Internet of Things (IoT) you don’t have to stretch the imagination too much to see how this may impact commercial and homeowners insurance. We’re beyond the point of accepting this as a leap of faith. The groundwork is laid. Now it’s just a matter of time. We can thank the inventors of smart thermostats for developing a practical business application that everyone can relate to. Gone are the salad days of smart home apps, the early chalkb...
Roberto Medrano, Executive Vice President at SOA Software, had reached 30,000 page views on his home page - http://RobertoMedrano.SYS-CON.com/ - on the SYS-CON family of online magazines, which includes Cloud Computing Journal, Internet of Things Journal, Big Data Journal, and SOA World Magazine. He is a recognized executive in the information technology fields of SOA, internet security, governance, and compliance. He has extensive experience with both start-ups and large companies, having been involved at the beginning of four IT industries: EDA, Open Systems, Computer Security and now SOA.
The industrial software market has treated data with the mentality of “collect everything now, worry about how to use it later.” We now find ourselves buried in data, with the pervasive connectivity of the (Industrial) Internet of Things only piling on more numbers. There’s too much data and not enough information. In his session at @ThingsExpo, Bob Gates, Global Marketing Director, GE’s Intelligent Platforms business, to discuss how realizing the power of IoT, software developers are now focused on understanding how industrial data can create intelligence for industrial operations. Imagine ...
We certainly live in interesting technological times. And no more interesting than the current competing IoT standards for connectivity. Various standards bodies, approaches, and ecosystems are vying for mindshare and positioning for a competitive edge. It is clear that when the dust settles, we will have new protocols, evolved protocols, that will change the way we interact with devices and infrastructure. We will also have evolved web protocols, like HTTP/2, that will be changing the very core of our infrastructures. At the same time, we have old approaches made new again like micro-services...
Operational Hadoop and the Lambda Architecture for Streaming Data Apache Hadoop is emerging as a distributed platform for handling large and fast incoming streams of data. Predictive maintenance, supply chain optimization, and Internet-of-Things analysis are examples where Hadoop provides the scalable storage, processing, and analytics platform to gain meaningful insights from granular data that is typically only valuable from a large-scale, aggregate view. One architecture useful for capturing and analyzing streaming data is the Lambda Architecture, representing a model of how to analyze rea...
Today’s enterprise is being driven by disruptive competitive and human capital requirements to provide enterprise application access through not only desktops, but also mobile devices. To retrofit existing programs across all these devices using traditional programming methods is very costly and time consuming – often prohibitively so. In his session at @ThingsExpo, Jesse Shiah, CEO, President, and Co-Founder of AgilePoint Inc., discussed how you can create applications that run on all mobile devices as well as laptops and desktops using a visual drag-and-drop application – and eForms-buildi...
SYS-CON Events announced today that Vitria Technology, Inc. will exhibit at SYS-CON’s @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Vitria will showcase the company’s new IoT Analytics Platform through live demonstrations at booth #330. Vitria’s IoT Analytics Platform, fully integrated and powered by an operational intelligence engine, enables customers to rapidly build and operationalize advanced analytics to deliver timely business outcomes for use cases across the industrial, enterprise, and consumer segments.
Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 16th Cloud Expo at the Javits Center in New York June 9-11 will find fresh new content in a new track called PaaS | Containers & Microservices Containers are not being considered for the first time by the cloud community, but a current era of re-consideration has pushed them to the top of the cloud agenda. With the launch of Docker's initial release in March of 2013, interest was revved up several notches. Then late last...
SYS-CON Events announced today that Dyn, the worldwide leader in Internet Performance, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Dyn is a cloud-based Internet Performance company. Dyn helps companies monitor, control, and optimize online infrastructure for an exceptional end-user experience. Through a world-class network and unrivaled, objective intelligence into Internet conditions, Dyn ensures traffic gets delivered faster, safer, and more reliably than ever.
CommVault has announced that top industry technology visionaries have joined its leadership team. The addition of leaders from companies such as Oracle, SAP, Microsoft, Cisco, PwC and EMC signals the continuation of CommVault Next, the company's business transformation for sales, go-to-market strategies, pricing and packaging and technology innovation. The company also announced that it had realigned its structure to create business units to more directly match how customers evaluate, deploy, operate, and purchase technology.
In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect at GE, and Ibrahim Gokcen, who leads GE's advanced IoT analytics, focused on the Internet of Things / Industrial Internet and how to make it operational for business end-users. Learn about the challenges posed by machine and sensor data and how to marry it with enterprise data. They also discussed the tips and tricks to provide the Industrial Internet as an end-user consumable service using Big Data Analytics and Industrial Cloud.
Performance is the intersection of power, agility, control, and choice. If you value performance, and more specifically consistent performance, you need to look beyond simple virtualized compute. Many factors need to be considered to create a truly performant environment. In his General Session at 15th Cloud Expo, Harold Hannon, Sr. Software Architect at SoftLayer, discussed how to take advantage of a multitude of compute options and platform features to make cloud the cornerstone of your online presence.
The explosion of connected devices / sensors is creating an ever-expanding set of new and valuable data. In parallel the emerging capability of Big Data technologies to store, access, analyze, and react to this data is producing changes in business models under the umbrella of the Internet of Things (IoT). In particular within the Insurance industry, IoT appears positioned to enable deep changes by altering relationships between insurers, distributors, and the insured. In his session at @ThingsExpo, Michael Sick, a Senior Manager and Big Data Architect within Ernst and Young's Financial Servi...
Almost everyone sees the potential of Internet of Things but how can businesses truly unlock that potential. The key will be in the ability to discover business insight in the midst of an ocean of Big Data generated from billions of embedded devices via Systems of Discover. Businesses will also need to ensure that they can sustain that insight by leveraging the cloud for global reach, scale and elasticity.
IoT is still a vague buzzword for many people. In his session at @ThingsExpo, Mike Kavis, Vice President & Principal Cloud Architect at Cloud Technology Partners, discussed the business value of IoT that goes far beyond the general public's perception that IoT is all about wearables and home consumer services. He also discussed how IoT is perceived by investors and how venture capitalist access this space. Other topics discussed were barriers to success, what is new, what is old, and what the future may hold. Mike Kavis is Vice President & Principal Cloud Architect at Cloud Technology Pa...
Even as cloud and managed services grow increasingly central to business strategy and performance, challenges remain. The biggest sticking point for companies seeking to capitalize on the cloud is data security. Keeping data safe is an issue in any computing environment, and it has been a focus since the earliest days of the cloud revolution. Understandably so: a lot can go wrong when you allow valuable information to live outside the firewall. Recent revelations about government snooping, along with a steady stream of well-publicized data breaches, only add to the uncertainty
The explosion of connected devices / sensors is creating an ever-expanding set of new and valuable data. In parallel the emerging capability of Big Data technologies to store, access, analyze, and react to this data is producing changes in business models under the umbrella of the Internet of Things (IoT). In particular within the Insurance industry, IoT appears positioned to enable deep changes by altering relationships between insurers, distributors, and the insured. In his session at @ThingsExpo, Michael Sick, a Senior Manager and Big Data Architect within Ernst and Young's Financial Servi...
PubNub on Monday has announced that it is partnering with IBM to bring its sophisticated real-time data streaming and messaging capabilities to Bluemix, IBM’s cloud development platform. “Today’s app and connected devices require an always-on connection, but building a secure, scalable solution from the ground up is time consuming, resource intensive, and error-prone,” said Todd Greene, CEO of PubNub. “PubNub enables web, mobile and IoT developers building apps on IBM Bluemix to quickly add scalable realtime functionality with minimal effort and cost.”
The Internet of Things (IoT) is rapidly in the process of breaking from its heretofore relatively obscure enterprise applications (such as plant floor control and supply chain management) and going mainstream into the consumer space. More and more creative folks are interconnecting everyday products such as household items, mobile devices, appliances and cars, and unleashing new and imaginative scenarios. We are seeing a lot of excitement around applications in home automation, personal fitness, and in-car entertainment and this excitement will bleed into other areas. On the commercial side, m...