TEC Workbook - IBM

More documents

Recommendations

Info

<strong>IBM</strong> Software 2.1.1 Client-Side (Front) Processing Phase During this phase, the received message will be directed to the service object that is configured for the IP address and port combination on which the message was received. Once the service object (such as a Multi-protocol Gateway or XML Firewall) receives the message, a significant amount of processing of the message occurs. For example: ● If SSL is configured for the service, SSL negotiation and decryption of the data stream will occur. ● SOAP envelope validation. ● Protocol-specific actions such as HTTP header suppression or injection. ● Inspection for known XML threats. This is not an exhaustive list, but gives an idea of some of the actions that occur upon receiving a message. The results of these pre-processing steps could result in the message being rejected before any message processing is even attempted. 2.1.2 Service Processing Phase Once the client-side processing phase has completed and accepted the message, the message will be passed to the service’s processing policy. This is often referred to as Multistep processing. A Processing Policy is a list of rules that contain actions that can be applied to a message. Actions are specific operations that are applied to a message such as encryption and decryption, message signing, authentication, etc. As the request message passes through the processing policy, the actions are applied to the message in a specified sequence, ultimately resulting in the message that will be passed to the server-side processing phase. 2.1.3 Server-Side (Back) Processing Phase If the message makes it to this phase, it has been accepted by the client-side phase and processed by the service phase. It’s now ready to be sent to the backend server. Before sending though, some additional steps may be required. Those steps may include: ● Establishing a new SSL connection to the back side server. ● Setting additional headers in the request. ● Mediating protocol versions (i.e. HTTP 1.1 to HTTP 1.0). ● Other protocol related tasks for WebSphere MQ, WebShere JMS, FTP, NFS, etc. Once all of the server-side processing is complete, the message is sent to the backend destination. 2.1.4 Response Processing When (and if) a response is received from the backend server, the three phases will occur again to verify the validity of the response, execute a processing policy, and then forward the response back to the original client. The processing phase can be configured to have separate rules for request and response processing. Page 30 WebSphere Lab Jam
2.1.5 WebSphere DataPower Configuration Architecture <strong>IBM</strong> Software A single WebSphere DataPower appliance has the ability to host numerous service configurations. The following diagram shows a top-level object hierarchy of a WebSphere DataPower service. = Object = Service Parameter = File Threat Protection and Protocol Parameters Front Side Handler Supporting Protocol Objects SSL Proxy Crypto Profile Key/Certificate Objects Key/Certificate Files DataPower Service Backend Server Address Processing Policy XML Manager Processing Rules Processing Actions AAA Policy XSL/XML Files Match Rule This diagram shows some of the objects associated with a given service. For example, the service could be a Multi-Protocol Gateway that you create for handling requests. The service will use a Front Side Handler object which identifies an IP address and port. It also includes an SSL Proxy object which includes the necessary objects for SSL encryption. The service has a Processing Policy (for the service processing phase), and that policy contains one or more Processing Rules, and each rule contains one or more Processing Actions. Some of the objects will be created for you as a by-product of configuration wizards, and others will be created by drag and drop actions within the WebGUI. 2.2 Creating the Multi-Protocol Gateway service In this section, you’ll be creating a service that will receive messages posted from your workstation, and perform a variety of actions against the message’s XML payload. There are several steps you’ll follow to create the service object: ● Specify the basic information about the Multi-Protocol Gateway Service. ● Create an HTTP Front Side protocol handler to handle HTTP requests. ● Create a Processing Policy and Processing Rule To get things started, you’ll create a service proxy that simply acts as a pass-thru. Whatever you post to the service proxy will get forwarded to an echo service running on the backend server. The response will pass back through your proxy and then be returned to your workstation. Lab 2 - Working with XML Page 31
Page 1 and 2: WebSphere Lab Jam Connectivity WebS
Page 3 and 4: Contents IBM Software CONNECTION PA
Page 5 and 6: Connection Parameters Spreadsheet I
Page 7 and 8: 1.4 Introduction to WebSphere DataP
Page 9 and 10: IBM Software You’re now ready to
Page 11 and 12: There are several areas in the WebG
Page 13 and 14: 1.10 WebSphere DataPower Services I
Page 15 and 16: IBM Software Gateway supports WebSp
Page 17 and 18: cert: Directory Usage IBM Software
Page 19 and 20: __7. Click on the small plus sign t
Page 21 and 22: 1.13 Logging IBM Software WebSphere
Page 23 and 24: ● Trigger a set of actions to occ
Page 25 and 26: 1.13.4 Appliance management IBM Sof
Page 27 and 28: 1.13.8 Configuration Comparison, Ch
Page 29: Lab 2 Working with XML Prerequisite
Page 33 and 34: IBM Software It’s also possible t
Page 35 and 36: Match Rule - evaluate statements us
Page 37 and 38: IBM Software __18. In the Configure
Page 39 and 40: IBM Software __2. Expand the policy
Page 41 and 42: IBM Software __12. In soapUI, click
Page 43 and 44: IBM Software __3. Click the green s
Page 45 and 46: The SQL statement would become: SEL
Page 47 and 48: __2. Click and drag a transform act
Page 49 and 50: 2.7 Stylesheet Caching IBM Software
Page 51 and 52: 2.8.3 Virus Scanning IBM Software V
Page 53 and 54: Lab 3 Securing XML Message Content
Page 55 and 56: 3.2.2 Create the Crypto Key and Cer
Page 57 and 58: 3.2.7 Verifying the request signatu
Page 59 and 60: __8. Click the Close Window link to
Page 61 and 62: __12. Click on the small [+] to sho
Page 63 and 64: IBM Software __3. Click on the last
Page 65 and 66: IBM Software __6. In the list of co
Page 67 and 68: __11. Click the Done button in the
Page 69 and 70: Lab 4 Access Control Framework Prer
Page 71 and 72: __3. Double click the yellow outlin
Page 73 and 74: Appendix A. Notices This informatio
Page 75 and 76: Appendix B. Trademarks and copyrigh
Page 77 and 78: NOTES

TEC Workbook - IBM

Create successful ePaper yourself

Delete template?

Save as template?