WebSphere DataPower Enables Mobile Solutions on System z

A growing, flexible workforce is rapidly adopting the use of mobile devices for both personal and business activities. This shift presents many challenges as users seek access to the traditional enterprise IT resources with security, flexibility and ease-of-use. However, you can easily build a secure and scalable mobile solution that provides access to enterprise assets on System z, such as IMS, CICS, DB2 and WebSphere Application Server for z/OS—all by utilizing WebSphere DataPower gateway appliances.

DataPower as a Mobile Gateway

WebSphere DataPower is an appliance-based ubiquitous security and integration gateway. It provides the security, control, integration and optimization needed for mobile workloads, specifically:

  • SSL offload
  • Threat protection
  • Rate limiting
  • Validation and filtering
  • Native XML and JSON support
  • Authentication
  • z/OS identity propagation
  • Authorization
  • OAuth 2.0
  • Security token translation (e.g. Security Assertion Markup Language)
  • Content transformation
  • Content-based routing
  • Intelligent load distribution
  • Response caching locally or to DataPower XC10

DataPower can play different roles in mobile enablement, providing a representational state transfer (REST) service façade, DMZ proxy to secure a mobile network, and seamless enterprise integration for IBM Worklight. Worklight provides an open, comprehensive and advanced platform to build, run and manage mobile applications, addressing many integration needs for mobile enablement.

RESTful Service Facade

DataPower is positioned to bridge Web 2.0 and SOA. It can service Web 2.0 requests, including REST (JSON) invocation, acting as a bridge to enterprise protocols, such as IMS Connect. As a service facade, DataPower can expose enterprise systems RESTfully for mobile access with no changes to the back-end resources. For a simpler configuration, you can configure DataPower to directly access enterprise assets.

Figure 1 depicts a customer mobile demo that leverages DataPower XI52 to invoke an IMS application, which in turn performs an outbound callout to invoke a Web service.

DMZ Proxy to Secure a Mobile Network

DataPower provides the much-needed DMZ security for mobile traffic. When deployed in a DMZ, it can: ensure the connectivity to back-end components, such as the Worklight Server; use appropriate firewalls, proxies or virtual private networks (VPNs); provide load balancing; and enforce security policies.

As shown in Figure 2, DataPower, in the DMZ, acts as the secure gateway to terminate inbound connections and provide user authentication/authorization offloading. Once the request is trusted, DataPower can translate it and communicate with enterprise systems directly or through the Worklight Server. Although the figure depicts two separate DataPower appliances in the trusted zone, both deployment scenarios can be achieved with a single appliance instance.

Seamless Enterprise Integration for IBM Worklight

DataPower can also be the integration gateway for mobile traffic coming through IBM Worklight. It provides features such as message routing, caching, protocol mediation, security token/identity mapping and any-any data transformation to preprocess the message into data formats that are native to and can be processed by an enterprise system.

Figure 2 depicts the end-to-end flows of a mobile device securely accessing enterprise systems via DataPower, based on the various scenarios discussed. With the light footprint provided by DataPower appliances and IBM Worklight, support for mobile devices can be introduced while still using many existing assets and infrastructures.

Powerful Connection

In summary, DataPower allows IT organizations to keep pace with technology advances presented by next-generation mobile and Web applications to meet their integration and security needs. By taking advantage of DataPower, they can readily connect their System z environment to the mobile world.

Jason Keenaghan is a senior product manager for IBM DataPower with a primary focus on application optimization, edge-of-the-network security for Web and mobile, B2B integration and System z integration.

Jenny Hung is an advisory software engineer working on IBM IMS OnDemand to modernize IMS as the integration focal point in SOA environments.

Shyh-Mei Ho is an IBM Distinguished Engineer and the IMS service oriented architecture, modernization and integration chief architect.

Srinivasan Muralidharan is a senior software engineer, IBM DataPower. His role includes developer/technical lead and z/OS integration subject matter expert for DataPower.

comments powered by Disqus



2019 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
Mainframe News Sign Up Today! Past News Letters