I have to admit that I was very impressed with DataPower Course WB552. The content of the course covered everything that on would need to know about how to use the box along with security. It also provided a lot of opportunity to go off the beaten path and try modifications on your own. I […]
WB552: Random DataPower Thoughts Part 12
Message set (traffic Pattern) Count monitors increment based on condition. Duration monitors occur when a configured amount of time passes during processing of messages for the condition. Message Count Monitors would be used to limit requests to a certain rate (100/second) Message duration monitors are clock-based. Measure things like average server response. Traffic Definitions are […]
WB552: Random DataPower Thoughts 11
Tivoli Directory Integration can integrate with multiple LDAP. LDAP Search Attribute is the attribute in the LDAP that you want to look up. Load Balancing Algorithms: First-Alive: Secondary servers are only called when the primary server is down. So the first alive entry is always used. Hash: Hashes the IP address of the client to […]
WB552: Random DataPower Thoughts Part 10
AAA: Authentication, Authorization and Auditing Authentication can occur without the use of external servers: AAA file, LTPA and a Validation credential object, SAML token (?). Can use the external Systems: LDAP, SAML, Tivoli, RADIUS When hitting a webpage, a browser artifact on a third party server can be pointed to embedded in the URL of […]
WB552: Random DataPower Thoughts Part 9
XML Virus scanning uses a filter action sheet: store://Virus-ScanAttachment.xsl. This transform needs to be modified to include the URL of your ICAP server Dictionary Attacks Protection uses count monitoring. SQL injection Protection uses the store://SQL-Injection-Filter.xsl transformation.
WB552: Random DataPower Thoughts Part 8
SSL: Message Confidentiality, Message Integrity and Non-Repudiation Server always authenticates to the client. Client optionally authenticates to the server. During an SSL handshake: Negotiate the level of SSL, decide on cipher suite, authenticate the server, build a secret key to be used for the session. SSL hello contains list of Cipher Suites. Server responds with […]
WB552: Random DataPower Thoughts Part 6
Always check the default system log when an error is first encountered. Audit log only occurs on the default domain. Captured IP packets are stored in pcap format. Need a tool to explore the data such as ethereal. The packet capture file is in the temporary directory. Probes and debug level logging will create a […]
WB552: Random DataPower Thoughts Part 5
Pass-thru: Traffic is passed without execution of the service policy. XML: Check for well-formed XML SOAP: Checked for SOAP Message validity. Non-XML: Treated as a binary and the service policy is executed. Service Level Monitors need a WSDL file to be defined. The validate action only accepts a single XSD definition or WSDL file. The […]
WB552: Random DataPower Thoughts Part 4
XML Firewall is a superset of the XSL Proxy. Web Service proxy understands more of the requirements to be a web service than the XML Firewall which only treats data as XML documents. Web Service Proxy and Multi-Protocol Gateway are supersets of the XML Firewall. Neither suppors the loopback proxy. Web Application Firewall: Customized XML […]
WB552: Random DataPower Thoughts Part 3
“Root Certificates” are implicitly trusted. The lookup chain of certificates ends at a root cert. These are stored in the pubcert directory. sharedCert is where certificates that we share with other clients are located. When creating a domain, you should always include default as a visible domain. This allows access to the store:// file system […]
WB552: Random DataPower Thoughts Part 2
DataPower XA35 (Green): XA = XML Accelerator DataPower XS40 (Yellow): XS = XML Security DataPower XI50 (Blue): XI = XML Integration “SSL Termination” refers to the destination system that recieves an SSL connection. DataPower can not participate in a two-phase commit transaction. Seems to me like this is a feature that needs to be incorporated […]
WB552: Random DataPower Thoughts Part 1
DataPower will not allow modified firmwares to be uploaded to the machine. They are required to be signed by IBM. By default, the device is ‘completely off’ with a locked down configuration. It’s up to the administrator to enable relevant services. When something is in encrypted storage, there is no UI to get the information […]
WB552: “Is there an IDE for DataPower?”
Q: “Is there an IDE for DataPower?” Answer: No. The web client is used to access most of the features” I think that there probably should be an investment (or direction) from IBM about how to go about doing the development work for DataPower. What I say this, I mean what is the recommended IDE […]
WB552: Introductions
Instructor: Greg Dinning, a 10 year educator on the IBM Suite of Integration software. The Attendees were a wide mix of developers wondering how to use the box, people who wanted to understand why they should buy it and people (like me) who are focused on getting the information to pass certification. I’m not going […]
DataPower Course WB552: Accelerate and Secure XML and Web Services with IBM DataPower SOA Appliances
This is the course that I am attending this week. This will be nice as I’ll have a hardcopy of the course contents. Also, being able to go through the content slowly over a week with hands-on usage of the datapower box will be a huge bonus. When I was trying to learn the machine […]