websphere Datapower XI 52 Development/Administration

websphere Datapower XI 52 Development/Administration

The IBM WebSphere DataPower SOA Appliances allow an enterprise to simplify, accelerate, and enhance the security capabilities of its Extensible Markup Language (XML) and Web services deployments, and extend the capabilities of its service-oriented architecture (SOA) infrastructure.

Through a combination of instructor-led lectures and hands-on lab exercises, students learn how to implement the key use cases for the DataPower appliances, including XML acceleration and threat protection, Web service virtualization, Web services security, integrating with IBM WebSphere MQ and Java Message Service (JMS), and authentication, authorization, and auditing (AAA).

Students also learn how to use various problem determination tools such as logs, monitors, and probes, as well as techniques for testing DataPower services and handling errors.

The hands-on exercises give students experience working directly with an IBM WebSphere DataPower SOA Appliance, focusing on skills such as creating XML firewalls, working with encryption and cryptographic objects, configuring service level monitoring, troubleshooting services, and handling errors.

This course is designed for integration developers who configure service policies on IBM WebSphere DataPower SOA Appliances.

Learning objectives: After completing this course, students should be able to:

• Describe the key use cases and architectural scenarios for the IBM WebSphere DataPower SOA Appliances • Describe how WebSphere DataPower Appliances are configured, including the role of XSL Transformations (XSLT) • Configure an XML firewall to protect against a new class of XML-based threats • Create a Web service proxy to virtualize Web service applications • Implement Web services security • Create and configure cryptographic objects • Configure Secure Sockets Layer (SSL) to and from WebSphere DataPower SOA Appliances • Configure a multi-protocol gateway (MPG) to handle multiple protocols for a single service • Configure a service level monitoring (SLM) policy to handle service processing violations • Enforce service level policies to manage traffic to and from WebSphere DataPower SOA Appliances • Configure support for IBM WebSphere MQ and Java Message Service (JMS) • Troubleshoot services using logs and probes • Handle errors in service policies

Course agenda

Course introduction Duration: 30 minutes Unit 1. Introduction to DataPower SOA Appliances Duration: 1 hour Learning objectives: After completing this unit, students should be able to: • Describe and define the role of an SOA appliance • Identify the products in the WebSphere DataPower SOA Appliance product line • Describe how to use WebSphere DataPower SOA Appliances in an enterprise architecture

Unit 2. DataPower administration overview

Duration: 1 hour Learning objectives: After completing this unit, students should be able to: • List the methods that can be used to administer WebSphere DataPower SOA Appliances • Manage user accounts and domains on the appliance • Work with files on the WebSphere DataPower SOA Appliance

Exercise 1. Exercises setup

Duration: 45 minutes Learning objectives: After completing this exercise, students should be able to: • Import the files used in the exercises • Install open source software such as cURL and OpenSSL • Populate the table containing all of the port numbers

Unit 3. Introduction to XSL transformations

Duration: 1 hour Learning objectives: After completing this unit, students should be able to: • Describe the Extensible Stylesheet Language (XSL) model • Construct XPath expressions • Create XSL stylesheets to apply XSL transformations • Use and apply XSL templates in XSLT • Describe the use of DataPower variables and extensions in XSL stylesheets

Exercise 2. Creating XSL transformations

Duration: 45 minutes Learning objectives: After completing this exercise, students should be able to: • Create an XSL stylesheet • Create an XML firewall service • Transform an XML file using the compiled XSL stylesheet • Describe the use of DataPower variables and extensions in XSL stylesheets

Unit 4. DataPower services overview

Duration: 1 hour Learning objectives: After completing this unit, students should be able to: • List the supported services on the WebSphere DataPower SOA Appliance • Compare and contrast the features supported by each WebSphere DataPower service

Exercise 3. Creating a simple XML firewall

Duration: 45 minutes Learning objectives: After completing this exercise, students should be able to: • Create an XML firewall • Create a document processing policy with message schema validation and transformation • Test the message flow using the command line tool cURL

Unit 5. XML firewall service

Duration: 1 hour 15 minutes Learning objectives: After completing this unit, students should be able to: • List the features and functions of an XML firewall service • Configure an XML firewall service on a WebSphere DataPower SOA Appliance

Unit 6. Problem determination tools

Duration: 45 minutes Learning objectives: After completing this unit, students should be able to: • Capture information using system logs from messages passing through the WebSphere DataPower SOA Appliance • Configure a multistep probe to examine detailed information about actions within rules • List the problem determination tools available on the WebSphere DataPower SOA Appliance

Exercise 4. Creating an advanced XML firewall

Duration: 2 hours Learning objectives: After completing this exercise, students should be able to: • Create an XML firewall from a WSDL definition • Configure a document processing policy with additional actions • Configure content-based routing using a Route action • Test the XML firewall policy using the command line tool cURL • Perform basic debugging using the system log and multistep probe

Unit 7. Handling errors in a service policy

Duration: 10 minutes Learning objectives: After completing this unit, students should be able to: • Configure an On Error action in a service policy • Configure an Error rule in a service policy • Describe how On Error actions and Error rules are selected during error handling

Exercise 5. Adding error handling to a service policy

Duration: 20 minutes Learning objectives: After completing this exercise, students should be able to: • Configure a service policy with an On Error action • Configure a service policy with an Error rule

Unit 8. DataPower cryptographic tools

Duration: 45 minutes Learning objectives: After completing this unit, students should be able to: • Generate cryptographic keys using the WebSphere DataPower tools • Create a crypto identification credential object containing a matching public and private key • Create a crypto validation credential to validate certificates • Set up certificate monitoring to ensure that certificates are up to date

Exercise 6. Creating cryptographic objects

Duration: 30 minutes Learning objectives: After completing this exercise, students should be able to: • Generate cryptographic keys using the WebSphere DataPower crypto tools • Upload key files to the WebSphere DataPower SOA Appliance • Create a crypto identification credential using a crypto key object • Validate certificates using a validation credential object

Unit 9. Securing connections using SSL

Duration: 45 minutes Learning objectives: After completing this unit, students should be able to: • Configure the WebSphere DataPower SOA Appliance to communicate using SSL • Associate an SSL proxy profile with keys and certificates • Configure a user agent to initiate requests

Exercise 7. Securing connections using SSL

Duration: 1 hour Learning objectives: After completing this exercise, students should be able to: • Create an SSL proxy profile to accept SSL connections from a client to the WebSphere DataPower SOA Appliance • Create an SSL proxy profile to initiate an SSL connection from the WebSphere DataPower SOA Appliance to a back-end service • Create a Hypertext Transfer Protocol (HTTP) service to handle HTTP requests

Unit 10. XML threat protection

Duration: 45 minutes Learning objectives: After completing this unit, students should be able to: • Explain possible attack scenarios involved in XML-based applications • Describe the various types of XML attacks • Use the WebSphere DataPower SOA Appliance to protect against XML attacks

Exercise 8. Protecting against XML threats

Duration: 30 minutes Learning objectives: After completing this exercise, students should be able to: • Run a recursive entity attack simulation • Perform a recursive entity threat protection test • Enable excessive attribute count threat protection • Enable SQL injection attack prevention

Unit 11. Web service proxy service

Duration: 1 hour Learning objectives: After completing this unit, students should be able to: • Describe the Web service proxy architecture • List and explain the configuration steps needed to create a Web service proxy • Create and configure a Web service proxy policy at various levels of the Web Services Description Language (WSDL) file

Exercise 9. Configuring a Web service proxy

Duration: 1 hour Learning objectives: After completing this exercise, students should be able to: • Configure a WS-Proxy to virtualize an existing set of Web services • Create a policy within the WS-Proxy

Unit 12. XML and Web services security overview

Duration: 45 minutes Learning objectives: After completing this unit, students should be able to: • Describe the features of the WS-Security specification • Enable message confidentiality using XML Encryption • Provide message integrity using XML Signature

Exercise 10. Web service encryption and digital signatures

Duration: 1 hour Learning objectives: After completing this exercise, students should be able to: • Create an XML firewall to generate a message with XML encryption • Create an XML firewall to generate a message with an XML digital signature • Perform field-level encryption and decryption on XML messages • Create a rule to decrypt messages and verify digital signatures contained in a message within a Web service proxy policy

Unit 13. Authentication, authorization, and auditing (AAA)

Duration: 1 hour Learning objectives: After completing this unit, students should be able to: • Describe the authentication, authorization, and auditing framework within the WebSphere DataPower SOA Appliance • Explain the purpose of each step in an access control policy • Authenticate and authorize Web service requests with: • WS-Security Username and binary security tokens • HTTP Authorization header claims • Security Assertion Markup Language (SAML) assertions

Exercise 11. Web service authentication and authorization

Duration: 1 hour Learning objectives: After completing this exercise, students should be able to: • Configure an action to enforce authentication and authorization policies • Configure an action to verify an SAML assertion token for authentication and authorization purposes

Unit 14. Configuring LDAP using AAA

Duration: 30 minutes Learning objectives: After completing this unit, students should be able to: • Describe the fundamentals of configuring the Lightweight Directory Access Protocol (LDAP) and deploying directory services • Authenticate and authorize user credentials using LDAP by creating a AAA policy

Exercise 12. Creating a AAA policy using LDAP

Duration: 45 minutes Learning objectives: After completing this exercise, students should be able to: • Add entries to the IBM Tivoli Directory Server LDAP server • Authenticate users on an LDAP server by configuring a AAA policy

Unit 15. Multi-protocol gateway service

Duration: 1 hour Learning objectives: After completing this unit, students should be able to: • Configure a multi-protocol gateway to provide a service over a set of different protocols • Configure a connection to a static back-end service • Configure a processing rule to select a back-end service at run time

Exercise 13. Configuring a multi-protocol gateway service

Duration: 1 hour 15 minutes Learning objectives: After completing this exercise, students should be able to: • Configure a multi-protocol gateway to accept messages over HTTP and HTTPS • Forward messages from a multi-protocol gateway to a static back-end service

Unit 16. Monitoring objects

Duration: 30 minutes Learning objectives: After completing this unit, students should be able to: • Identify messages that will be monitored • Configure a message count monitor • Set up a message duration monitor

Unit 17. Service level monitoring

Duration: 30 minutes Learning objectives: After completing this unit, students should be able to: • Identify the service level monitoring (SLM) functionality provided by the WebSphere DataPower SOA Appliance • Implement a basic SLM policy using the Web service proxy WebGUI • Create an advanced SLM policy using the SLM Statement construct

Unit 18. Integration with WebSphere MQ

Duration: 45 minutes Learning objectives: After completing this unit, students should be able to: • Create a multi-protocol gateway with a WebSphere MQ front-side handler • Configure a WebSphere MQ back-end uniform resource locator (URL) • Manage transactionality between WebSphere MQ queue managers

Exercise 14. Configuring a multi-protocol gateway service with WebSphere MQ

Duration: 1 hour 15 minutes Learning objectives: After completing this exercise, students should be able to: • Create a WebSphere MQ front-side handler (FSH) that gets messages from a queue and puts responses on a queue • Send messages from a multi-protocol gateway service to a queue in WebSphere MQ in a fire-and-forget messaging pattern • Configure transactionality between WebSphere DataPower and WebSphere MQ when errors occur during message processing

Unit 19. DataPower and Java Message Service (JMS)

Duration : 45 minutes Learning objectives: After completing this unit, students should be able to: • Describe the components of the service integration bus on WebSphere Application Server V6 • Configure a JMS front-side handler to send JMS messages to the default messaging provider in WebSphere Application Server V6 • Configure a JMS front-side handler to send JMS messages to TIBCO EMS

Unit 20. DataPower architectural scenarios

Duration: 45 minutes Learning objectives: After completing this unit, students should be able to: • Identify the security scenarios involved when deploying a WebSphere DataPower SOA Appliance • Describe use cases that include the WebSphere DataPower SOA Appliance in enterprise architectures

Unit 21. Course summary

Duration: 15 minutes Learning objectives: After completing this unit, students should be able to: • Explain how the course met its learning objectives • Submit an evaluation of the class • Identify other WebSphere Education courses related to this topic • Access the WebSphere Education Web site • Locate appropriate resources for further study

Appendix Unit A. Web application firewall service

Duration: 45 minutes Learning objectives: After completing this unit, students should be able to: • Configure a Web application firewall to protect a back-end Web application • Use a AAA policy to protect access via the Web application firewall • Validate parameters from an HTTP request using Name-value profiles • Protect the Web application from phishing attacks using built-in threat protection

Appendix Exercise A. Creating a firewall and HTTP proxy for a Web application

Duration: 45 minutes Learning objectives: After completing this exercise, students should be able to: • Use the Web application firewall wizard to create a Web application firewall • Implement a security policy on a Web application firewall • Create a reverse-proxy to virtualize requests to Web applications

Appendix Exercise B. Configuring WebSphere JMS

Duration: 30 minutes Learning objectives: After completing this exercise, students should be able to: • Identify the fields in the service integration bus configuration on WebSphere Application Server V6.0 or V6.1 that are needed to configure the WebSphere DataPower JMS object • Create a multi-protocol gateway service that invokes the East Address Search Web service over the JMS transport