DataPower SOA Appliance Administration, Deployment, and Best Practices

DataPower SOA Appliance Administration, Deployment, and Best Practices

by Gerry Kaplan, Jan Bechtold, Daniel Dickerson, Richard Kinard, Ronnie Mitra, Helio L. P. Mota, David Shute, John Walczyk
Released June 2011
Publisher(s): IBM Redbooks
ISBN: 9780738435701

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

This IBM® Redbooks® publication focuses on operational and managerial aspects for DataPower® appliance deployments.

DataPower appliances provide functionality that crosses both functional and organizational boundaries, which introduces unique management and operational challenges. For example, a DataPower appliance can provide network functionality, such as load balancing, and at the same time, provide enterprise service bus (ESB) capabilities, such as transformation and intelligent content-based routing.

This IBM Redbooks publication provides guidance at both a general and technical level for individuals who are responsible for planning, installation, development, and deployment. It is not intended to be a "how-to" guide, but rather to help educate you about the various options and methodologies that apply to DataPower appliances. In addition, many chapters provide a list of suggestions.

Table of contents

  1. Front cover
  2. Contact an IBM Software Services Sales Specialist
  3. Notices
    1. Trademarks
  4. Preface
    1. The team who wrote this book
    2. Now you can become a published author, too!
    3. Comments welcome
    4. Stay connected to IBM Redbooks
  5. Chapter 1. Securing user access
    1. 1.1 Overview
    2. 1.2 Benefits
    3. 1.3 Device initialization considerations
      1. 1.3.1 Setting up the master administrator password
      2. 1.3.2 Enabling Disaster Recovery Mode
    4. 1.4 Access control lists
    5. 1.5 Authentication and credential mapping
      1. 1.5.1 Locally managed users
      2. 1.5.2 Locally defined user groups
      3. 1.5.3 Using local user repository for contingency
      4. 1.5.4 Pros and cons of using the local user repository
      5. 1.5.5 RBM policy files
      6. 1.5.6 Remote authentication servers
      7. 1.5.7 Single sign-on
      8. 1.5.8 Login processing summary
    6. 1.6 Audit logs
      1. 1.6.1 Obtaining the audit log using CLI
      2. 1.6.2 Copying the audit log using SOMA
    7. 1.7 Preferred practices
    8. 1.8 Troubleshooting
  6. Chapter 2. Networking
    1. 2.1 Overview
    2. 2.2 Benefits
    3. 2.3 Usage
      1. 2.3.1 Network interface configuration and routing
      2. 2.3.2 VLAN sub-interfaces
      3. 2.3.3 Network settings
      4. 2.3.4 Host alias, static hosts, and domain name system
      5. 2.3.5 Routing
      6. 2.3.6 Load balancing a back-end destination
      7. 2.3.7 Intelligent Load Distribution
      8. 2.3.8 Self-Balancing services
      9. 2.3.9 Load balancer health checking
      10. 2.3.10 Standby Control and high availability
    4. 2.4 Preferred practices
      1. 2.4.1 Avoid using 0.0.0.0 as a listener
      2. 2.4.2 Separating management traffic
      3. 2.4.3 Specify port values less than 10,000
      4. 2.4.4 Persistent timeout consideration
      5. 2.4.5 Disable chained persistent connections
      6. 2.4.6 Configure network settings to be portable
      7. 2.4.7 Multiple default gateways will create multiple default routes
      8. 2.4.8 Standby Control preferred practices
      9. 2.4.9 Management interface and default route
      10. 2.4.10 Enabling “No Delay Ack†to avoid latency with other systems
      11. 2.4.11 Streaming large messages and flow control
    5. 2.5 Examples
      1. 2.5.1 Externalizing endpoints in a metadata document
      2. 2.5.2 Disabling chained persistent connections for points of a service
      3. 2.5.3 Port speed mismatch
      4. 2.5.4 Sample DNS workaround using static host
      5. 2.5.5 Sample CLI commands to capture DNS server responses
      6. 2.5.6 Verifying that Rapid Spanning Tree deployed properly for DataPower Standby Control
      7. 2.5.7 Example of deleting routes
      8. 2.5.8 Sample XSLT for adding DataPower transaction ID to an HTTP header for outgoing traffic
  7. Chapter 3. Domains
    1. 3.1 Application domains
      1. 3.1.1 The default domain
      2. 3.1.2 Domain use and benefits
      3. 3.1.3 Segregating projects and LOBs
      4. 3.1.4 Number of domains on an appliance
      5. 3.1.5 Domain resource consumption
    2. 3.2 Domain structure
      1. 3.2.1 Local flash-based file system
      2. 3.2.2 Domain configuration files
      3. 3.2.3 Domain logging
      4. 3.2.4 Domain monitoring
      5. 3.2.5 Shared resources
    3. 3.3 Domain persistence
      1. 3.3.1 Saving configuration changes
      2. 3.3.2 Imported domain configurations
    4. 3.4 Usage considerations
      1. 3.4.1 Cross-domain file visibility
      2. 3.4.2 Domain names
      3. 3.4.3 Restarting and resetting domains
      4. 3.4.4 Quiescing
      5. 3.4.5 Cleaning up orphaned objects
      6. 3.4.6 Isolating the domain network interface
      7. 3.4.7 Deleting domains
    5. 3.5 Preferred practices
    6. 3.6 Further reading
  8. Chapter 4. Simple Network Management Protocol monitoring
    1. 4.1 Appliance monitoring
    2. 4.2 DataPower monitoring fundamentals
    3. 4.3 Enabling statistics
    4. 4.4 SNMP monitoring
      1. 4.4.1 SNMP protocol messages
      2. 4.4.2 Management information base (MIB) structure
      3. 4.4.3 SNMP traps
      4. 4.4.4 DataPower status providers
      5. 4.4.5 SNMP security
      6. 4.4.6 Configuring SNMP using the WebGUI
      7. 4.4.7 Generating traps with SNMP log targets
    5. 4.5 Monitoring via the XML management interface
      1. 4.5.1 Requesting device status and metrics
    6. 4.6 Appliance monitoring values
      1. 4.6.1 General device health and activity monitors
      2. 4.6.2 Interface utilization statistics
      3. 4.6.3 Other network status providers
    7. 4.7 SNMP traps
    8. 4.8 Certificate monitoring considerations
    9. 4.9 Preferred practices and considerations
  9. Chapter 5. IBM Tivoli Monitoring
    1. 5.1 IBM Tivoli Monitoring environment architecture
      1. 5.1.1 Tivoli Management Services components
      2. 5.1.2 IBM Tivoli Composite Application Manager
      3. 5.1.3 IBM Tivoli Composite Application Manager for SOA
    2. 5.2 Monitoring DataPower appliances
      1. 5.2.1 Monitoring DataPower application-level traffic
      2. 5.2.2 Monitoring hardware metrics and resource use
      3. 5.2.3 IBM Tivoli Composite Application Manager for SOA DataPower agent comparisons
    3. 5.3 Tivoli Composite Application Manager for SOA architecture
      1. 5.3.1 IBM Tivoli Composite Application Manager for SOA agents
    4. 5.4 Monitoring DataPower service objects
      1. 5.4.1 Customizing for Multi-Protocol Gateway traffic monitoring
      2. 5.4.2 Using latency logs for transaction monitoring
    5. 5.5 Tivoli Composite Application Manager for SOA deployment scenarios
      1. 5.5.1 Minimal deployment
      2. 5.5.2 Multiple location, single agent deployment
      3. 5.5.3 Multiple location, multi-agent deployment
      4. 5.5.4 Large multiple location deployment with health monitoring
      5. 5.5.5 Complete IBM Tivoli Composite Application Manager for SOA enterprise architecture
    6. 5.6 IBM Tivoli Composite Application Manager for SOA and DataPower’s built-in SLM
  10. Chapter 6. Logging
    1. 6.1 Overview
      1. 6.1.1 Message process logging
      2. 6.1.2 Publish and subscribe system
      3. 6.1.3 Log targets and log categories
      4. 6.1.4 Storing log messages
      5. 6.1.5 Email pager
      6. 6.1.6 Audit logging
    2. 6.2 Benefits
    3. 6.3 Usage
    4. 6.4 Event logging
      1. 6.4.1 Create custom log categories
      2. 6.4.2 Create log targets
      3. 6.4.3 Create log message generators
    5. 6.5 Transaction logging
      1. 6.5.1 Log action
      2. 6.5.2 Results action
    6. 6.6 Usage considerations
    7. 6.7 Preferred practices
      1. 6.7.1 Set log priority levels higher in production environments
      2. 6.7.2 Use the default domain for device-wide logging
      3. 6.7.3 Suppress repeated log messages
      4. 6.7.4 Employ a load balancer for critical log targets
      5. 6.7.5 Select the appropriate syslog server
      6. 6.7.6 Test production logging capacity before deployment
      7. 6.7.7 Plan for confidentiality
      8. 6.7.8 Manage multiple-log target feedback loops
  11. Chapter 7. B2B configuration and administration
    1. 7.1 Introduction to B2B appliances
    2. 7.2 B2B appliance benefits
    3. 7.3 Preferred practices
      1. 7.3.1 Capacity planning
    4. 7.4 Use cases
      1. 7.4.1 Active/passive high availability use case
      2. 7.4.2 XB60 active/active high availability use case
  12. Chapter 8. Development life cycle
    1. 8.1 Organizational structure
    2. 8.2 Software development life cycle
      1. 8.2.1 Sequential life-cycle model
      2. 8.2.2 Iterative life-cycle model
      3. 8.2.3 Choosing a life-cycle model
    3. 8.3 DataPower life-cycle stages
      1. 8.3.1 Physical installation
      2. 8.3.2 Solution design
      3. 8.3.3 Operational design
      4. 8.3.4 Development
      5. 8.3.5 Testing
      6. 8.3.6 Deployment
  13. Chapter 9. Configuration management and deployment
    1. 9.1 Configuration management
      1. 9.1.1 Revision control
      2. 9.1.2 Parallel development
    2. 9.2 Deployment
      1. 9.2.1 Upgrading an existing implementation
      2. 9.2.2 Managing environment-specific values
      3. 9.2.3 Handling public key infrastructure material
      4. 9.2.4 Checkpointing configurations for backing out changes
      5. 9.2.5 Hot deployment
    3. 9.3 Preferred practices
  14. Chapter 10. Appliance management and automation
    1. 10.1 Task automation
      1. 10.1.1 The case for automation
      2. 10.1.2 The case against automation
    2. 10.2 Security considerations for automation
    3. 10.3 XML management interface
      1. 10.3.1 Authentication
      2. 10.3.2 Appliance Management Protocol (AMP)
      3. 10.3.3 SOAP Management Interface (SOMA)
      4. 10.3.4 WSDM and WS-Management
    4. 10.4 WebSphere Appliance Management Toolkit API
      1. 10.4.1 Usage
      2. 10.4.2 WebSphere Appliance Management Toolkit advantages
      3. 10.4.3 Disadvantages
    5. 10.5 Command-line interface automation
      1. 10.5.1 Authentication
      2. 10.5.2 Range of commands
      3. 10.5.3 Usage
      4. 10.5.4 Advantages of using the CLI
      5. 10.5.5 Disadvantages of using the CLI
    6. 10.6 WebSphere Application Server Network Deployment Appliance Manager Version 7
      1. 10.6.1 Advantages of using the WebSphere Application Server ND Appliance Manager
      2. 10.6.2 Disadvantages of the WebSphere Application Server ND Appliance Manager
    7. 10.7 IBM WebSphere Appliance Management Center
    8. 10.8 Summary
  15. Appendix A. Custom Role-Based Management authentication and credential mapping
    1. Authentication phase
    2. Credential mapping phase
    3. Example: Multiple LDAP group membership
    4. Development considerations
  16. Appendix B. Additional material
    1. Locating the Web material
    2. Using the Web material
  17. Related publications
    1. IBM Redbooks publications
    2. Other publications
    3. Online resources
    4. Help from IBM
  18. Back cover

Product information

  • Title: DataPower SOA Appliance Administration, Deployment, and Best Practices
  • Author(s): Gerry Kaplan, Jan Bechtold, Daniel Dickerson, Richard Kinard, Ronnie Mitra, Helio L. P. Mota, David Shute, John Walczyk
  • Release date: June 2011
  • Publisher(s): IBM Redbooks
  • ISBN: 9780738435701